IP Router User Manual
Contents
1. Description set 1 default Set Router to default settings disconnect a 1 Disconnect all connections to the T1 on the Controller slot a disconnect 1 set a 1 all type data connect a 1 all 1 1 1 Disconnect all connections to the router in slot 1 Set the T1 1 of the Controller Type to Data Connect all of T1 1 to the Router that is in slot 1 rename 1 LocalUnit Boulder Rename LocalUnit default to Boulder LAN rename 1 RemoteUnit wanl Rename WAN 1 from RemoteUnit default to wanl set 1 1 ip address 1 1 1 1 Set the Ethernet IP address in the conventional IP 255 255 255 0 address format Router LAN set 1 1 phy auto Set the Physical Specifications to auto negotiate set 1 wani rip ip updates never Set wanl to not send RIP updates add 1 wanl static ip network Adds a static IP network route to the WAN 2 2 2540 255 255 255 0 1 interface set 1 1 1 encapsulation ppp Set the encapsulation on trunk 1 to PPP Set 1 wanl trunk 1 Set the WAN interface named wanl to be mapped to trunk 1 reset 1 Reboot the router to enable all configurations set IP Router Release 2 97 11 9 Router Configuration Back to Back with PPP Denver Router in Slot 1 Command Description set 1 default Set Router to default settings disconnect a 1 Disconnect all connections to the T1 on the Controller slot a disconnect 1 Disc2. 00 ce eee 7 10 WAN Port Number lusus 6 11 DECI RR REDE RR RC PR 6 11 IP Router Release 2 97
3. 0000 cee eee 9 13 Port Name ss sees 9 13 Adit ESI s iyiteeeck soa rit entes 10 2 10 3 IP Address 0 0 0 cece cee eee ees 6 4 Name 5o tob etudes wedi eh PERE 4 6 4 Reinitializing 00005 10 4 Subnet Mask 0 0 00 cece eee 6 4 Adit Identification Adit Default Router 05 6 4 IP Address x eere ec eed 6 4 Name one E ERE 6 4 Subnet Mask 0 000 e eee 6 4 Admin Password i wicca eerte be 2 5 security level 00 0000 0c eee ee 2 4 Advertise Network Server 0 4 39 4 42 Selected Items 05 4 42 Setup Advertisement 4 42 Alarms 2 0 0 ccc eee eens A 5 Auto Update 20 0 0 000008 9 5 Count oc hee eke RARE Deeds 9 5 M SS896 eee extre epu gi ees 9 5 Time isda pido de bed det dedit d 9 5 Annex D s sels ss Glossary 1 Authenticate Events 00 0000 A 3 Authentication 2 0 0 0 0 00 c eee eee 5 18 by Remote 0 2 0 0 eee ee 3 9 of Remote 0 cc eee eee eee 3 10 Protocol PAP ee o AEN a inset ee 3 9 Auto Logout Timer 0 005 2 5 Negotiate isses Se be eta 4 63 Update 0 06 8 3 9 5 9 13 B BZS odiis oboe P peius oes Glossary 1 Back to Back with PPP 11 9 Basic Configuration Index Overview 0 eee eee ene 6 2 Remote Unit Profile 6 9 Router Identification 6 4
4. DLCI Enter the Data Link Connection Identifier Range is between 16 1022 Note This field is not available with a WAN that has PPP set as its connection type IP Router Release 2 97 6 11 Basic Configuration SNMP Configuration SNMP Configuration When you are finished adding additional Remote Profiles select elect NO and ENTER The guide will move onto the SNMP setup page Forcel Networks Router Tue Feb 5 2002 23 09 25 For help call Force1 Networks Technical Support Page 6 of 7 Specify the community name address and access privileges of devices needing to communicate with the local unit through SNMP SNMP Communities Name Access read gt read gt Specify the community name address and location of devices to which the Unit will report alarm information SNMP Trap Destinations Name Location Local LAN gt Local LAN gt ENTER to go to next field ESC to exit Basic Configuration Editable Please enter a value SNMP Communities Name Enter a 10 character name Address Enter an IP address first line Subnet Mask for second line Access Selection is read write both SNMP Trap Destinations Name Enter a 10 character name Address Enter an IP address first line Subnet Mask for second line Location Selection is Local LAN will have a selection for each existing Remote Unit profile 6 12 IP Router Release 2 97 Basic Configuratio
5. IP Address of this Router Enter the IP Address of the Router Subnet Mask of this Router Enter the Subnet Mask of the above IP Address Default Router of this Router Enter a default Router IP Address IP Router Release 2 97 Basic Configuration Routing Protocol Security Routing Protocol Security Current User ID LocalUnit Select the protocol LocalUnit will use to authenticate all remotes NONE o go to next field ESC to exit Basic Configuration lt Force1 Networks Router Tue Feb 5 2002 2 54 17 gt I I For help call Forcel Networks Technical Support Page 2 of 7 Select direction s for LAN Network Updates lt Neither gt Select RIP mode to be received from remotes RIP1 gt Select RIP mode to send to remotes RIP1 gt Select the protocol remotes will i use to authenticate local LocalUnit NONE i i i i i Select the authentication User ID lt Local Profile Name gt I i i i i i i i i i S t crollable Select method this system will use to authenticate remote units Select direction s for LAN Network Updates Both Set LAN Network updates in both directions Neither Disable LAN Network updates Default Send Set LAN Network updates in the send direction Receive Set LAN Network updates in the receive direction Select RIP mode to be received from remotes lt RIP1 gt Set to RIP version 1 Default lt RIP2 gt
6. Networks Setup IP Network Subnet Mask Metric Next Gateway 1 OCC CNN 0 0 0 0 0 0 0 0 CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page back Editable Enter a non zero IP Address Subnet Mask in Dotted Decimal Notation Forcel Networks Router Thu Jan 17 2002 6 09 11 gt LocalUnit has 1 Static IPX Network Static Setup Static IPM Networks Networks Network Hops Ticks Next IPX Router Setup IPX 1 OCU 1 1 00 00 00 00 00 00 CTRL A to add CTRL E to erase CTRL F to page forward CTRL B to page back Editable Please enter a value IP Router Release 2 97 4 15 Profile Directory Local Profile Static Networks 4 16 Static Network Menu Fields Network Enter the address of the destination network for the route that you are adding Static networks reached via a remote Unit must be configured through the corresponding Remote WAN Profile Setup screen Those configured through the Local LAN Profile Setup screen can be reached via the local LAN If this is an IP network enter the value in dotted decimal notation If this is an IPX network enter the appropriate value in hexadecimal notation Subnet Mask A subnet mask determines which bits in the IP address are used to identify the network number Itis also a method of extending the IP Network Address so that a site may use one network address for several different networks Metric A numeric value indicat
7. Password Change Request Valid Router passwords are from 5 to 15 alpha numeric characters NEW Password gt RETYPE Password gt After a successful login the system prompts the user to change the password from the default 1 Type in New Password and press ENTER 2 Retype in New Password and press ENTER 1 6 IP Router Release 2 97 CHAPTER Management Window In this Chapter m Management Overview m System Time Login Upload Download Load Defaults m Software Images Management Window Management Overview Management Overview The Management Menu contains the system components of the IP Router software This section is used to define security parameters factory default settings as well as providing software loading and configuration settings for the Router Management Menu options allow the user to e Establish the system security features e Install and backup system software e Backup and install configuration settings e Default system parameters to factory settings NOTE Two simultaneous sessions are allowed to access the Router software For example one local and one remote one must be accessing with the VIEW level 2 2 IP Router Release 2 97 Management Window System Time Login System Time Login 1 Select Management System Time Login gt from the Main Menu and select ENTER Forcel Networks Router Tue Jan 15 2002 22 02 05 gt RTR Main Menu Router Versio
8. 0 0 cece eet iii Limitation of Warranty amp Limitation of Remedies v Warranty Product Returns 0 0 0 0 eee cee ens vi Notices P vii Introduction OVervieWwz r pape See ONE REDAXVERFOS WE Ee ee eed DENEN S 1 2 Installation iss RES ARR T REX VERRCEPRUCOPPSS POUR ERIS 1 2 Installa Router Card 5i ue epe ER RR EEG 1 2 Maneuvering in the System essei Vu yr Y EX RU 1 2 lj rm 1 3 Scroll Field aeo oto eo e et e be boe a 1 3 Select Field utu he Ea de cine patte lpti dtes eed Cep 1 3 Git Field ereere oet tote pet ee eh Pe doba 1 3 Help Bar 2d RR SHEER RP d ERE eie oad ba 1 4 Connecting to the Router 0 02 0 eee 1 5 Establish a Telnet Session elles 1 5 Seta New Password 0 0 ccc n 1 6 Table of Contents 2 Management Window Management Overview seeleseeee en 2 2 System Time Login 00 0 cece eect nen eee 2 3 System Date and Time 0 c cece cee eee es 2 4 Daylight Savings Time Adjustment esses 2 5 Auto Logout Timer sss 2 5 View Password lesse 2 5 Config Passwords conetur eie P pe 4qe xe EE EEN O 2 5 Admin Password cesc sss 2 5 Enhanced Security i istur oro reiser Y 6X OERPG r4 X Teu 2 6 Upload Download 2 ice nb ache Ie t ete eee eet 2 8 Set up the Router for Uploads Downloads lusus 2 9 Upload Download Setup Menu Fields 0 5 2 12 Load Detaulisz ente tori ze Eaton E teur
9. 5 42 Remote IP Address Network 5 41 RUGH ziclourseetwse eder REA 5 39 SeryiGes Loo Los Ue ewe He 5 40 Firewall Local Profile Filters Rte 6 ee REESE 4 9 4 31 Local Device s 2 000 4 36 Local IP Address Network 4 37 Packets which Match this Rule 4 38 Remote IP Address Network 4 37 Rule zilssssee 983 eB eT WE 4 35 Services 22x bg PR CREDERE EEG 4 35 Firewall Remote Profile FW Allow Frags sess 5 13 Farewall Filters i 22 94 11 5 Forward 1 Coys Cee eb EUER EE 4 24 Forwarded to WAN 00000 e eee 8 5 Erame ics esate Ey REXSSa Bx wis Glossary 2 Type cd eb E RECR PERRA RS 9 10 8022 eese DRIN EE end 4 6 4 8 802 3 Lies o ELDER iei 4 6 4 8 Eth 2222559 RR VERA REX 4 6 Ethernet IT 0 0 0 2 0c eae 4 8 SNAR 1 estt deed Ead 4 6 Frame Relay 0005 3 6 11 4 Frame Relay Internet Connection 11 4 Index 3 Index G Gateway s ica stowaaedan aneed RET 4 16 9 9 GRE Tunnel 00 0000 eee eee 5 7 H Help tds evar vbet eee ey EEG 1 4 Hops essss 4 16 9 9 Glossary 2 l Installation 06 06000000 e n 1 1 IP ereet ee eR RR 6 10 Glossary 2 Addressa skorun X ep ee 5 35 Firewall Local Profile Significant Bits 04 4 37 IP Address 05 6 11 7 3 7 5 IP Firewall Significant Bits 05 5 41 IPX 3 40 55 a ge aang esa Rates bo 6 10 ROULET 25e tee Sod wees de 4 17 9 1
10. Description set clockl a 1 Set primary master transmit clock source set 1 default Set Router to default settings disconnect a 1 Disconnect all connections to the T1 on the Controller slot a disconnect 1 Disconnect all connections to the router in slot 1 Set a 1 all type data Set the T1 1 of the Controller Type to Data connect a 1 all 1 1 1 Connect all of T1 1 to the Router that is in slot 1 rename 1 LocalUnit Boulder Rename LocalUnit default to Boulder LAN rename 1 RemoteUnit wanl Rename WAN 1 from RemoteUnit default to wanl set 1 1 ip address 192 168 21 14 255 255 255 0 Set the Ethernet IP address in the conventional IP address format Router LAN set 1 wanl nat enable Set the WAN interface named wanl enable NAT mapping Set 1 wanl nat port dynamic Set the WAN interface named wanl to set NAT port mapping to be dynamic set 1 wani nat address 216 174 44 2 1 Set the WAN interface named wanl NAT address add 1 wanl static ip network 0 0 0 0 0 0 0 0 1 IP Router Release 2 97 Adds a static IP network route to the WAN interface 11 5 Router Configuration Internet Connection using PPP NAT PAT and Firewall Filters 11 6 Command Description add 1 wanl firewall 1 pass incoming log telnet 192 168 21 14 32 XXX XXX XXX XXX 32 Adds a Firewall rule to the WAN Where XXX XXX XXX X
11. Secondary IP Address Setup for local LocalUnit IP fiddress Subnet Mask 1 4 0 0 0 0 0 0 0 CTRL A to add CTRL E to erase Editable Enter a non zero IP Address Subnet Mask in Dotted Decimal Notation 4 60 IP Router Release 2 97 Profile Directory Local Profile Secondary IP Address Secondary IP Address Fields IP Address The secondary IP Address in the form xxx xxx xxx xxx where xxx 1s between 1 255 Subnet Mask The Subnet Mask to the corresponding Secondary IP address listed in the form XXX XXX XXX XXX where xxx is between 255 IP Router Release 2 97 4 61 Profile Directory Local Profile Link Speed Link Speed The Link Speed sets the Ethernet PHY mode and speed for the Router NOTE It is highly recommended that this setting be left at auto negotiation Connection Ethernet devices with incompatible settings can lead to severe performance degradation and errors on a network To Set the Link Speed 1 Select Configuration Profile Directory gt from the Main menu and press ENTER 2 Select LAN lt Setup gt and press ENTER Thu Jan 17 2002 60 45 01 gt Profile Directory 1 Configured and 2 Enabled Profile Name Profile Type Recv Send rotile State Directory 4 Remotelnit WAN NONE NONE lt Setup gt Enabled gt Window CTRL A to add CTRL E to erase CTRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for this prof
12. Total Entries on 0 Ports Flush learned entries lt Off gt Display AEEEETTSTS amp N Learned From lt All Ports gt Auto Update lt On gt gt Network Hops Type Name Port Name Frame Type CTRL F to s CIRL F to page forward CTRL B to page backward Scrollable Use the spacebar to change the selection 9 8 IP Router Release 2 97 System Reports Window Networks Servers Display Use this field to select whether you wish to view the table for IP Networks lt IPX Networks or lt IPX Servers Use the SPACEBAR to scroll though the options the screen will update accordingly Learned From Will select what to learn from the Local LAN or from any of the Remote sites listed in the Profile Directory Use the SPACEBAR to scroll though the options the screen will update accordingly Auto Update Use this field to have this screen automatically update with events while you are viewing the screen On will update the screen every 5 seconds Network This field displays the network IP address of each network known to the Router If this route was added using one of the Static Network screens Static will appear before the address of this entry If this route was learned by the local unit Direct will appear before the address Type This field displays the Hex value assigned to each known server This field applies only to IPX Servers Name This field displays the first 11 characters of the name of
13. HIE Learned From lt All Ports gt Auto Update 0n gt Port Name MAC Address MAC 1 Local LAN Direct 00E09701E533 Address lt Forcel Networks Router Tue Feb 5 2002 5 38 07_ gt LocalUnit has learned 2 IP Addresses from 1 Port Flush learned entries Off Display MMERAISERENo Learned From lt All Ports gt Auto Update On gt CIRL F to bii Port Name IP Address MAC Address 1 Local LAN Direct 10 0 0 1 00E09701E533 2 Local LAN 10 0 0 9 IP Address CTRL F to page forward CTRL B to page backward Scrollable Use the spacebar to change the selection 9 12 IP Router Release 2 97 System Reports Window Address Tables Flush Learned Entries This field will eliminate all the learned entries from either the MAC Address table or the IP Address table when the field is changed from Off to On Use the SPACEBAR to scroll to the selection Display Use this field to select to view the address table by MAC Address or IP Address Use the SPACEBAR to select the appropriate view The screen will update accordingly as you scroll between options When the view by IP Address is selected the table may also display the corresponding MAC Address for locally learned devices Corresponding MAC Addresses are only displayed if the Router has encountered an ARP RARP packet Learned From Will select to view devices learned from the LAN or from any remote units This field will display ei
14. Permanent Virtual Circuit A PVC is a permanent channel connection between two ATM devices PVC s allow network transmissions to be started without having to first establish a connection with the end point ATM device When a PVC is constructed the end points of the connection will agree upon a path in which data will travel and therefore agree upon the route that data will travel to reach its destination Remote Authentication Dial In Service RADIUS is a client server based authentication software system The software supports remote access applications allowing an organization to maintain user profiles in a centralized database residing on an authentication server which can be shared by multiple remote access servers Routing Information Protocol RIP is based on distance vector algorithms that measure the shortest path between two points on a network based on the addresses of the originating and destination devices The shortest path is determined by the number of hops between those points Each router maintains a routing table or routing database of known addresses and routes each router periodically broadcasts the contents of its table to neighboring routers in order that the entire network can maintain a synchronized database Simple Network Management Protocol SNMP is the most common method by which network managements applications can query a management agent using a supported MIB Management Information Base SNMP operates a
15. Tunnel all packets on this interface to the tunnel destination address By Network Tunnel packets based on their destination address by matching GRE network entries NOTE If the IP protocol is set to By Network gt establish the remote address in the Static Networks window Disabled Disable GRE tunneling IP Router Release 2 97 5 7 Profile Directory Remote Profile Remote WAN Profile Overview NAT Gateway Enable NAT Gateway for this Router to translate addresses from all of its local devices to a specific IP Address typically assigned by an Internet Service Provider This will allow the remote device to dynamically assign a single IP Address to the Router or to configure a specific IP Address which in turn will be used by all devices on that network Enabled with GRE Tunnel Disabled Thu Jan 31 2002 20 10 50 Forcel Networks Router Profile Setup for RemoteUnit WAN Network Protocol Mode Updates GRE Tunnel IP Route gt lt Never gt lt Disabled gt IPX lt Blocked gt Other lt Blocked gt NAT Gateway SE EIMERB NAT Port Numbers Dynamic gt NAT Address lt Assigned by Remote NAT Port Numbers Port numbers are associated with applications that run on the workstation The NAT Gateway may translate the socket or combination of IP Address and TCP port number lt Dynamic gt IP Address and the port number will be translated lt Preserved gt NAT Gatew
16. connect a 1 all 1 1 1 Connect all of T1 1 to the Router that is in slot 1 connect a 2 all 1 1 2 Connect all of T1 2 to the Router that is in slot 1 rename 1 LocalUnit Denver Rename LocalUnit default to Denver LAN Set 1 1 1 2 multilink group 1 Assign 1 1 1 2 to multilink group 1 rename 1 RemoteUnit wanl Rename WAN 1 from RemoteUnit default to wanl Set 1 1 ip address 2 2 2 1 255 255 255 0 Set the ethernet IP address in the conventional IP address format Router LAN add 1 wanl static ip network 1 1 1 0 255 255 255 0 1 Adds a static IP network route to the WAN interface set 1 wanl trunk multilink group 1 Set the WAN interface named wanl to be mapped to trunk multilink group 1 reset 1 Reboot the router to enable all configurations set IP Router Release 2 97 Router Configuration Back to Back with Frame Relay Back to Back with Frame Relay The following configuration will set up two Routers back to back with Frame Relay Denver 1 1 1 1 24 Boulder 1 1 1 1 24 24 DSOs wan1 PPP or Frame Relay Static Routes IP Boulder Router in Slot 1 Command Description set clockl internal Set primary master transmit clock source set 1 default Set Router to default settings disconnect a 1 Disconnect all connections to the T1 on the Controller slot a disconnect 1 Disconnect all conn
17. 0 0 cece eee B 1 PVG voi er PERYE e deed Glossary 3 R Reboot After Load Code 2 12 2 16 Reboot After Load Config 2 12 Index 6 Record Configurable 00 00 0000 4 4 Reinitialize 20 0 ee ee 10 3 Remote Connections 8 5 Nate eco RbrRr oe goa TES EN 8 5 Security eres ocre eri cii ris eese 5 14 Remote Adit Profile Profile Name nannan 6 10 Protocol vec s on Sad EONS Re ees 6 10 IP sid ei Ga ees RUE Cosa eed 6 10 IPX ttai mme a 3s As 6 10 Other REN cb eed P RES 6 10 Remote IP Address Network 4 37 5 41 Significant Bits 4 37 5 41 Remote Name 0 00000 e eee 7 10 Remote Profile 00 5 1 5 2 GRE Tunnel 2h jss 0 cceaenenas bep 5 7 Protocol 0 0 cece eee 5 6 Default Router 0005 5 12 Filter Network Server 5 15 5 43 Firewall Filters 5 15 5 36 FW Allow Frags 2 0000 5 13 Mode us enyan ot 0 Eu XY 5 6 NAT Bypass Subnets 5 30 NAT Gateway 0 ce eee eee ee 5 8 Numbered 00 00 c eee eee 5 11 Protocol l4 x 5 6 RemoteUnit 0 00 0 c eee eee 5 5 Security Options 204 5 14 Security SNMP 00005 5 16 SUP waive osSskd SY eas be Er XE 5 14 Spanning Tree 000 5 48 Static Addresses 5 14 5 15 5 32 Static NAT Addresses 5 27 Static VPN Networks 00 5 19
18. Communication Related Issues Communication Related Issues Excessive Triggered Update Events on the Events screen This generally is an indication that the network is changing due to the addition or deletion of hardware Once the information has been exchanged these events should subside If this continues it may indicate that the number of networks or servers on the LAN exceed the Router s table capacity Set the LAN NETWORK UPDATES field located on the Local Profile window to Send or Neither and then statically configure the appropriate networks Excessive triggered update events may also be the result of information advertised to the Router by a Remote Unit If this is the case restrict advertising on the remote unit see Chapter 5 Profile Directory Remote Profile LAN Related Issues Unable to add data filters advertise networks or create static route entries The Router software will accommodate a maximum of 150 filters Data filters such as address custom or protocol filters networks advertised to no remotes firewall filter rules and all static route entries are all considered filters If you have been able to add filters in the past but are no longer able to do so this is an indication that the maximum limit has been reached We suggest that you review all created data filters advertised networks and static route entries and eliminate those that are no longer applicable See Chapter 4 LAN Local Profile Setup
19. DHCP Mode Disabled Server Client or Relay Opens the DHCP Setup window for the following Forcel Networks Router Wed Jan 30 2002 4 32 54 DHCP Server Client Relay flgent Setup for local LocalUnit DHCP Mode MEER gt DHCP Mode Disabled Scrollable Select whether this feature should be enabled IP Router Release 2 97 4 47 Profile Directory Local Profile DHCP Server Client Relay DHCP Mode Server Forcel Networks Router DHCP Server Client Relay Agent Setup for local LocalUnit DHCP Mode FIRA Info flctive Leases gt Wed Jan 30 2002 4 38 50 gt Domain Name Start IP fiddress 0 0 0 0 Number Lease Duration 000 00 hr min Domain Name Servers DHCP 0 0 0 0 Mode 0 0 0 0 Server 0 0 0 0 0 0 0 0 tion Type Value 0 NetBIOS over TCP IP Node Type 0 Scope Name Servers NBNS 0 0 0 0 0 0 0 0 Scrollable Select whether this feature should be enabled Op 0 0 0 Info Active Leases gt Displays the Active Lease Information below Domain Name This option is used if the DHCP Server is enabled on the DHCP Server Client Relay screen On a LAN network where the Router is the DHCP Server the Domain Name will be assigned with IP addressing information to DHCP clients This value is a maximum of 41 characters Start IP Address If the Router is specified to act as a DHCP server enter the first valid IP Address the
20. Displays additional fields to setup No Disables tunnel Tunnel Name Enter Tunnel name up to 11 characters Remote IP Tunnel Address Enter the IP address of the far end of the tunnel in the form xxx xxx xxx xxx where xxx is between 0 255 5 26 IP Router Release 2 97 Profile Directory Remote Profile Static NAT Addresses Static NAT Addresses Use this window to configure Static Bi directional NAT mappings between local server addresses and public addresses NOTE Up to 16 Static NAT addresses can be configured Each Static NAT address filter will count toward the maximum number of 500 filters 1 Select Configuration Profile Directory gt from the Main Menu and press ENTER 2 Select WAN Setup gt on the RemoteUnit line and press ENTER lt Forcel Networks Router Thu Jan 31 2002 0 02 22 Profile Directory 1 Configured and 2 Enabled Name Profile Type Recv Send Profile State Profile Router CRRD Setup gt Directory LocalUnit LAN NONE NONE Setup gt Window 1 RemoteUnit WAN NONE NONE gt lt Enabled gt CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for the remote profile IP Router Release 2 97 5 27 Profile Directory Remote Profile Static NAT Addresses 3 Select Setup Static NAT Addresses scroll through the list of options with the SPACEBAR if Static NAT Addresses is no
21. IP Router Release 2 97 5 5 Profile Directory Remote Profile Remote WAN Profile Overview Transmission Options The following section is always displayed on the Remote Profile setup window By selecting options on this chart other fields are displayed or removed WAN Network Protocol Hode Updates GRE Tunnel IP lt Route gt lt Never Disabled gt IPX lt Blocked gt Other lt Blocked gt Protocol This field displays three protocol options IP IPX and Other Use the Mode WAN Network Updates and GRE Tunnel fields to determine how and if the listed protocols will be used This screen will change dramatically as different modes are selected Mode This field works in conjunction with the Protocol field above and defines which protocol s the Unit will use to send and receive data when communicating with this remote device Protocol Route Blocked Bridge Optimize IP x x X IPX X X X Other X X Route When used in conjunction with the LAN Network Updates Local Profile window and WAN Network Updates setting below the lt Route gt values enable the Unit to use its network optimization feature which ensures that only necessary data is transmitted over the WAN connection The Router will initiate IP and IPX learning mode With each of these selections the Router will initiate learning mode to gain knowledge of local and remote networks and services Once it knows of rem
22. Remote Profile 5 39 Run Time esou ec eek Py Re 8 2 Auto Update ecicscndsseaag eens eee 8 3 Clear Totals 2 0 000000000 8 3 IP Router Release 2 97 Index AL pcs beatin bette a ee 8 3 LAN phssg pee ogues opera era 8 3 WAN i vuekxtennERP ER ERR t 8 3 Comp Ratio to from WAN 8 5 EMots ci ei idx9 eked best bere PEE EA 8 4 Forwarded to WAN 0 05 8 5 LAN Packet Totals 8 4 Statistics 60545 oer biens box RES 8 4 Received Loos beste behead on 8 4 Remote Connections 8 5 Remote s Name 004 8 5 Throughput to from WAN 8 5 Transmitted 0 cirie eee eee 8 4 WAN Packet Totals 8 4 S Sample Interval 0 4 55 SAP geo VPEPUCURn D WES REO 4 6 Ne Jc 4 49 Secondary IP Address 4 59 Sec rlly ios eR reed 3 7 AXddEess sera exper EYES 3 10 Authentication by Remote 3 9 Authentication of Remote 3 10 Local Security Server 3 10 PasswoId ni hp y os ed a Sx VERENA 3 10 SERVET sepa e eb URP Seb ME 5 18 Types iunior tpe RENT rp uer 3 10 User TD i ncnbpeokRve b Stet 3 9 Security Level ISVMIeW sss eRl4ezbddeR ea an oie 2 4 2 s Gonflg cresce soe awe oe edie ante 2 4 Zs Admin essct iras ERIS REPRE 2 4 Security Options 0 5 5 14 Security SNMP 3 13 5 16 ACCESS cess ck ses soe eee ebb tle w
23. Technical Assistance Center Reboot After Load Code Use this option to automatically reboot the IP Router after software is successfully installed A software load verification verifies that the new software is good before the unit will accept it If it is determined to be bad or damaged the IP Router will reject it and continue to use the original software Reboot After Load Config Use this option to automatically reboot the IP Router after a configuration file is successfully installed IP Address The IP Address field is use to identify which device s will be allowed to perform config and or code uploads and downloads A in this field will allow all devices at the selected Client Site to perform Uploads Downloads Client Site This field identifies the profile the Router will use to reach the IP Address entered in the previous field If Local LAN is selected it indicates the device can be reached via the LAN If the device can be reached via a WAN connection you should select one of the Remote WAN profiles Mode Use this field option to enable uploads downloads of software and configuration files for specific IP addresses Code Authorizes the IP Address to perform software uploads and downloads When new software is installed on the Router a software load verification checks and verifies that the new software is good before the unit will accept it If it is IP Router Release 2 97 Management Window
24. This field is only available if the Setup Static field is set to lt MAC Address IP Address Enter the IP Address of the desired device If the static address is configured through the Local Profile Setup screen the device can be reached via the local LAN If the static address is configured on a specific Remote WAN Profile screen the device can be reached via that specific remote This field is only available if the Setup Static field is set to IP Address gt IP Router Release 2 97 5 35 Profile Directory Remote Profile Firewall Filters Remote Profile Firewall Filters Remote Profile A firewall is a method for keeping a network secure from intruders by using filters to block the transmission of certain types of service traffic Once created firewalls are a security feature that allows only certain types of services to pass in and or out of your LAN Firewalls can be created on a per remote basis Each filter consists of a set of drop pass rules which are applied in the order in which they appear on the list in other words rule 1 is applied before rule 2 and so on This set of rules constitutes a filter for a specific remote profile and will be applied to that profile s incoming or outgoing or both traffic types service flows Forcel Networks Router Tue Feb 5 2002 60 52 39 gt RemoteUnit has 3 IP Firewall Rules Service s LAN Device s WAN Device s Log 2 Tes E 5 x elnet gt gt Firewall
25. When a match is located the packet adheres to the Forward Mode field value To enable a filter return to the Enabled Filter Window ESC from this window and press CTRL A select filter type Custom Protocol or Address filter will be added to the Enabled Filters window NOTE Each filter even if it is not enabled will count toward the maximum number of 500 filters IP Router Release 2 97 Profile Directory Local Profile Filters Defining Protocol Filters Forcel Networks Router LocalUnit has 0 Enabled Filters Forward Mode lt ALL Frames NOT Matching Filters Define Filter UEa gt Wed Jan 30 2002 20 23 11 gt Filter Type Source Dest Filter Name Forcel Networks Router LocalUnit has 1 Protocol Filter Wed Jan 30 2002 0 24 36 gt Protocol Name Ethernet Value IEEE Value 1 END 0000 00 Protocol Filter Window CTRL A to add CTRL E to erase Editable Enter a name for the filter Use this screen to define filters that are based on specific protocols being used by LAN devices These filters when enabled provide security by restricting LAN WAN access based on a specific protocol Protocol Name Filter name can be up to 7 characters Ethernet Value Enter the assigned Ethernet value for this protocol see 4ddendum B Ethernet Protocol Types IEEE Value Enter assigned IEEE value for this protocol The IEEE value is the same as the DSAP and SSAP values
26. from X A 4 IP Router Release 2 97 User Events Alarms Alarms Data integrity fault detected and corrected This is logged when the unit detects and recovers from a loss of data synchronization Dedicated trunk connection on Port X lost Description Local LAN remote IPX SAP IPX RIP server name network exists at Local LAN remote MAC Address Table is full Triggered 802 3 IPX Eth II IP network update to remote fail Triggered 802 3 IPX server update to remote fail WAN data loss detected recovery action taken This is logged when the unit begins the recovery process from trunks with high error conditions Pass Drop dyn Any Protocol xx Type xx Port xx to from rem sys gt Firewall Rule lt rule num gt NOTE All alarms generate SNMP traps IP Router Release 2 97 A 5 User Events Alarms IP Router Release 2 97 APPENDIX Protocol Types In this Appendix m Protocol Number in Firewall Filters m Ethernet Protocol Types Protocol Types Protocol Number in Firewall Filters Protocol Number in Firewall Filters The Router cards can filter based on protocol numbers See Firewall Filters Local Profile on page 4 31 and Firewall Filters Remote Profile on page 5 36 for instructions The following table defines the protocol numbers Number Keyword Protocol Reference 0 HOP
27. lt Blocked gt Remote Profile NAT Gateway lt Disabled gt Window WAN IP Numbered lt NO gt FW Allow Frags lt Disabled gt Setup Security ptions gt gt Setup dm az M Scrollable Select the item to be set up and hit ENTER Forcel Networks Router Tue Feb 5 2002 1 58 27 gt WAN Port Setup for remote RemoteUnit WAN Port Connection WAN Connection Type LCI Setup Select WAN Port Number dWWib0 1 1 PPP Window Scrollable Use the spacebar to change the selection 5 52 IP Router Release 2 97 WAN Port Setup Window with MLPPP Profile Directory Remote Profile Trunk Port Wan Port Number Select the WAN Port Number by scrolling through the options in the lt gt brackets Note Only WANs that are set up will display here As the selections scroll through the WAN numbers the connection ID will be modified to reflect this selection WAN Connection Types MLPPP PPP PPP in Frame Relay or Frame Relay 1490 DLCI The Data Link Connection Identifier range is 16 1022 Note this field is not applicable with all connection types ML Fragment Threshold This field appears when the WAN selected is WAN Connection Type MLPPP The MultiLink Fragment Threshold is the size at which non prioritized packets will be inspected to determine if they should be fragmented Range 320 1600 with a default of 1600 Forcel Networks Router WAN Port Setup for remote RemoteUnit Wed Jan 2 2002 20 22 39 g
28. lt Trunk Port gt Configures the Router Remote trunks See Trunk Port on page 5 51 for more information IP Router Release 2 97 5 15 Profile Directory Remote Profile Security Options Security Options The purpose ofthis window is to define security information and miscellaneous options pertaining to this Router The security portion of this window allows the setup of password or secret depending on the chosen security protocol that this remote device will use during the authentication process Also the setup of authentication on the LAN of the Local Unit or a specified security server Authentication is a security process whereby the transmitting and receiving devices determine which security protocol to use during data transmission as well as establish confirmation identity This authentication process must match between the receiving and transmitting devices prior to actual data transmission if the process fails the link is terminated The protocol used by the remote unit to authenticate the local unit and vice versa is defined in the LAN Profile 1 Select Configuration lt Profile Directory gt from the Main Menu and press ENTER 2 Select WAN lt Setup gt on the RemoteUnit line and press ENTER Profile Directory Window 5 16 Forcel Networks Router Profile Directory 1 Configured and 2 Enabled Thu Jan 31 2002 02 22_ gt CTRL A to add CTRL E to erase CIRL F to page forward CTRL B
29. so that they may use the Router to reach the remote site LAN IPX These fields enable the Router to route IPX to Remote WAN networks even if an IPX server does not exist on the local LAN Typically the Router will learn its external network number However if the local LAN does not have a server or if the LAN NETWORK UPDATES field see above is set to Neither and you wish to route IPX to Remote WAN networks the external network number must be defined using these fields If you are not using IPX on your LAN these fields will not apply Please note that these are all hexadecimal entries For the following see you network administrator for the appropriate numbers If the frame type is unsupported leave the field set to Os 802 2 Ext Network Enter the corresponding IPX external network number Ethernet II Ext Network Enter the corresponding IPX external network number SNAP Enter the corresponding IPX external network number 802 3 Ext Network Enter the corresponding IPX external network number IP Router Release 2 97 Profile Directory Local Profile LAN Local Profile Setup Setup Additional setup screens for the Local LAN profile The screen that is accessed depends on the chosen option Listed below are the available field options Static Networks gt Used to configure static network routes that can be reached locally See Static Networks on page 4 11 for more information Static Addres
30. 0 0 0 0 DNS Resolver Cache Contents lt Flush gt Static Host List View or Modify gt pPPE Sit DNS Resolver Setup Menu Fields DNS Resolver Disable Enable use of DNS resolver to convert domain names to IP addresses My Domain Name Set the default domain that the DNS resolver will add to any name queries that are not fully qualified Identifier of up to 43 characters My Node Name Set the router card s host name Identifier of up to 15 characters DNS Primary Server IP Address Configure IP address of DNS server 1 DNS Secondary Server IP Address Configure IP address of DNS server 2 DNS Resolver Cache Contents lt Flush gt will clear the cache contents lt Display gt will display the cache contents IP Router Release 2 97 3 27 Profile Directory Router Card Profile DNS Resolver Static Host List View or Modify gt Select Static Host List View or Modify gt and press ENTER The system will confirm that you want to save this configuration Scroll the No to Yes to save Forcel Networks Router Wed Jan 16 2002 22 16 23 gt DNS Resolver Setup for local LocalUnit DNS Resolver Enabled gt My Domain Name TestDomainName My Node name TestNodeName DNS Primary Server IP Address 192 168 1 2 DNS Secondary Server IP Address 192 168 2 2 DNS Resolver Cache Contents lt Flush gt Static Host List gt i Do you wish to sa
31. Address Subnet Mask and Metric value Note this window displays additional fields depending on the field setting for GRE Tunnel on the Remote Profile window lt Forcel Networks Router Mon Feb 4 2002 23 26 54_ RemoteUnit has 1 Static IP Network Setup Static lt IP Networks gt Static VPN Features VPN Network Subnet_Mask Metric GRE Tunnel Encrypt Networks 1 OMEA 0 0 0 0 1 VPN gt Window CTRL A to add CTRL E to erase CTRL F to page forward CTRL B to page back Editable Enter a non zero IP fiddress Subnet Mask in Dotted Decimal Notation Static VPN Networks Fields Setup Static lt IP Networks Enter the Subnet IP Address Note The host bits should all be zero Network Enter the Subnet IP Address Note The host bits should all be zero Subnet Mask Enter the Subnet Mask of the Network IP Address Metric Enter the distance in hops to the network Value must be between 1 15 IP Router Release 2 97 gt 5 25 Profile Directory Remote Profile Static VPN Networks VPN Features GRE Tunnel Displays the Tunnel Name defined on the VPN setup window Encrypt Not supported in this release VPN gt Opens the VPN Setup window Mon Feb 4 2002 23 40 02 gt YPN Setup for remote RemoteUnit Tunnel data mE Tunnel Name Remote IP Tunnel Address 0 0 0 0 Scrollable Use the spacebar to change the selection Tunnel Data Yes Enables tunnel
32. DNS resolver to convert domain names to IP addresses 1 Select DNS Resolver Configure gt and select ENTER Forcel Networks Router Wed Jan 16 2002 6 44 27_ ROUTER Slot 6 Configuration RIP Mode Receive RIP1 gt RIP Mode Send lt RIP1 gt Trunk Configure gt Security Configure gt SNMP Configure gt DNS Proxy Configure gt Spanning Tree Protocol Configure gt Network Time Protocol Configure gt SysLog Configure gt DNS Resolver Cont aira gt onfigure DNS Resolver IP Router Release 2 97 3 25 Profile Directory Router Card Profile DNS Resolver 2 To enable DNS Resolver scroll Disabled to Enable with the SPACEBAR select ENTER Forcel Networks Router Wed Jan 16 2002 6 46 44_ gt DNS Resolver Setup for local LocalUnit DNS Resolver RERIN i sab l edh My Domain Name 2 My Node name Sif DNS Primary Server IP Address 0 0 0 0 DNS Secondary Server IP Address 0 0 0 0 DNS Resolver Cache Contents lt Flush gt Static Host List View or Modify gt M 3 3 26 IP Router Release 2 97 Profile Directory Router Card Profile DNS Resolver 3 Enter the appropriate data in the following fields Forcel Networks Router Wed Jan 16 2002 6 48 11 gt DNS Resolver Setup for local LocalUnit DNS Resolver quM My Domain Name gt i My Node name DNS Primary Server IP Address 0 0 0 0 DNS Secondary Server IP Address
33. Enter the parameters of the rule select ESC to close the window and save the configuration See Firewall Filters Fields on page 4 35 for a description of all fields for the Firewall Setup window Forcel Networks Router gt IP Firewall Setup for remote Rule Number 10 Action Pass Wed Jan 30 2002 2 59 49 Service lt SHTP gt Service Establishment utgoing Local IP Address Network Remote IP flddress Network lt gt Packets which match this rule Editable Enter the position for this rule IP Router Release 2 97 Profile Directory Local Profile Firewall Filters Local Profile Firewall Filters Fields Rule Number The rule number defines the order in which the rules are applied Once there are two or more rules created the rule number can be changed to put them in the desired order The Last rule displayed is automatically set after the first rule is defined and states that the router should drop any service incoming or outgoing that has not been addressed in the proceeding rules Action Pass Drop This column indicates the service s that will Pass or Drop from the remote network to the local network and vice versa On the Firewall Filters window the following indicate Pass Drop in this column Drop Blank column Pass Typically rules are established with the Pass action since the last rule which is automatically defined by the software Drops all s
34. Last Any lt gt gt Rules Window CTRL A to add CTRL E to erase CTRL F to page forward CTRL B to page back Hit ENTER to modify this Firewall Filter Rule Symbol Description Rule Number Pass no blank indicates Drop Services s Lists current service defined LAN Device s Lists LAN defined for this rule indicates any gt Outgoing lt Incoming 5 36 IP Router Release 2 97 Profile Directory Remote Profile Firewall Filters Remote Profile lt gt Outgoing and incoming WAN Device s Lists WAN defined for this rule indicates any Log X Logged in the Event or Alarm log To Add a Firewall Filter WARNING THE ADDITION OF THE FIRST FIREWALL RULE WILL AUTOMATICALLY SECURE THE UNIT AGAINST ACCESS VIA TELNET UNLESS THE FIRST RULE EXPRESSLY PERMITS TELNET TO ENSURE THE ABILITY TO TELNET INTO THE UNIT BY AT LEAST ONE REMOTE DEVICE YOU MUST CREATE A RULE INDICATING WHICH DEVICE HAS TELNET ACCESS 1 On the Main Menu press TAB until Configuration Profile Directory gt is highlighted and press ENTER 2 Select WAN lt Setup gt on the RemoteUnit line and press ENTER gt Forcel Networks Router Profile Directory 1 Configured and 2 Enabled Thu Jan 31 2002 0 02 22 Name Profile Type Recv Send Profile State Profile Router CRRD Setup gt LocalUnit LAN NONE NONE Setup gt Directory 1 RemoteUnit
35. MAC Address of the LAN device that you are defining as a filter The system will use the defined MAC Address and the value in the Forward Mode to determine whether the packet should be passed or received IP Router Release 2 97 4 29 Profile Directory Local Profile Filters To enable a filter return to the Enabled Filter Window ESC from this window and press CTRL A select filter type Custom Protocol or Address filter will be added to the Enabled Filters window NOTE Each filter even if it is not enabled will count toward the maximum number of 500 filters 4 30 IP Router Release 2 97 Profile Directory Local Profile Firewall Filters Local Profile Firewall Filters Local Profile A firewall is a method for keeping a network secure from intruders by using filters to block the transmission of certain types of traffic services Once created firewalls are a security feature that allow only certain types of services to pass in and or out of your LAN Each filter consists of a set of drop pass rules that are applied in the order in which they appear on the list in other words rule 1 1s applied before rule 2 and so on This set of rules constitutes a filter for the local profile and will be applied to incoming traffic outgoing traffic or both traffic types service flows Forcel Networks Router LocalUnit has 2 IP Firewall Rules Wed Jan 30 2002 3 04 49 gt Service s LAN Device s WAN
36. Profile LocalUnit LAN NONE NONE lt gt Directory 1 RemoteUnit WAN NONE NONE Setup gt Enabled gt window CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for this profile IP Router Release 2 97 4 13 Profile Directory Local Profile Static Networks 3 Select Setup Static Networks gt If the Secondary IP Address option is not displayed scroll to the selection with the SPACEBAR and press ENTER Forcel Networks Router Profile Setup for LocalUnit LOCAL Thu Jan 17 2002 6 01 51 gt Frame Types LAN Network Protocol 802 2 Eth II SNAP 802 3 Updates IP K lt Neither gt IPX 41 X X X lt Neither gt Other X1 X X Local LAN IP LAN IPX Profile IP Address 10 0 0 1 802 2 Ext Network 00000000 Wind Subnet Mask 255 0 0 0 Eth II Ext Network 00000000 indow Default Router 0 0 0 0 SNAP Ext Network 00000000 802 3 Ext Network 00000000 he Setup lt Q Gin NEC Link Speed lt Auto Negotiate gt 4 14 Scrollable Select the item to be set up and hit ENTER IP Router Release 2 97 Profile Directory Local Profile Static Networks 4 Select IP Networks or Static IPX Networks Press CTRL A to add a Static Network Forcel Networks Router Thu Jan 17 2002 6 07 04 gt LocalUnit has 1 Static IP Network Static Setup Static IP Networks gt
37. Router Release 2 97 4 5 Profile Directory Local Profile LAN Local Profile Setup Local Profile Setup Menu Fields Profile Setup for LocalUnit The LocalUnit is the default name for this unit and will be used during the authentication process to ensure this unit s identity This name can easily by changed by simply typing over the LocalUnit and saving when closing this window This name can be up to 11 characters Protocol This column includes three protocol options IP IPX and Other These protocols are used to define Frame Types and LAN Network Updates to be used by this IP Router Frame Types Define the frame type of the packets that are sent and received by the IP Router If a packet is received formatted in a frame type that has not been enabled the IP Router will not accept the data Note that multiple frame types may be supported simultaneously for IPX and Other protocols 802 2 When selected X this IP router may send and receive packets that match the 802 2 format The 802 2 format complies with IEEE specifications Eth II When selected X this IP Router may send and receive packets that match the Ethernet II format Note that the IP protocol commonly uses this format SNAP When selected X this IP Router may send and receive packets that match the SNAP Subnet Network Address Protocol format 802 3 When selected X this IP Router may send and receive packets that match Novell s X802 3 format LAN Ne
38. Routing Protocol Security 6 5 Setup Complete 6 13 SNMP Configuration 6 12 WAN INterface Connections 6 7 Basic Setup zi xu b EDDA 11 2 Bipolar 8 Zero Substitution Glossary 1 Bit ssc se thea dewey acus quu Glossary 1 Do ye Lm Glossary 1 Bridge Forward Delay 3 19 3 22 Hello Time i222 gk RR iiss 3 19 Max Age cece eee eee 3 19 Priority ves 3 19 4 58 5 50 C Change Password 000005 2 6 CHAP iiss ixepnevertzveruus 3 9 Glossary 1 Clear Totals ANI zz 84 abe eF RE CSY OER ONS Vea SR 8 3 LAN Jes eave een baw es 8 3 WAN 2cideerekeerkxe EXP ERG p 8 3 CLI eroien GEPRPRIGE PS Glossary 1 Gode Load ies ER RRLRVS 2 12 2 16 Collision Hi Threshold essere REL 4 55 Lo Threshold 2 00005 4 55 Command Line Glossary 1 Community Name sslssss 3 13 Compression 00 0 cece eee 5 18 Ratio to from WAN 8 5 Config Load ergas e RR 2 12 Config Password 0 0000 eee 2 5 config security level 2 4 Configuration 0 00 ee eee 11 1 connecting to the router 1 5 connecting with Telnet 1 5 Index 2 Continuous Ping 000005 7 4 Continuous Ping Status Response Count 0000 0s 7 5 Timeout Count 02 0 0 00005 7 5 CSU em b IY eR ERE SERERE Glossary 1 D Daylight Savin
39. Scrollable Use the spacebar to change the selection IP Router Release 2 97 5 13 Profile Directory Remote Profile Remote WAN Profile Overview Setup lt gt bottom of the Remote main window Forcel Networks Router Profile Setup for RemoteUnit WAN Network Mon Feb 4 2002 22 34 34_ gt Protocol Mode Updates GRE Tunnel IP lt Route gt lt Never gt lt Disabled gt IPX lt Blocked gt Other lt Blocked gt Remote NAT Gateway lt Disabled gt Profile Window WAN IP Numbered lt NO gt FW Allow Frags lt Disabled gt Setup MST gt Setup lt Trunk Port gt gt Scrollable Select the item to be set up and hit ENTER The Setup field has the following options Use the SPACEBAR to scroll through the selections 5 14 lt Security Options gt Use this option to access the Remote WAN Security Options Setup window The fields on this window may be used to configure the remote security parameters and options such as compression See Security Options on page 5 16 for more information lt Static VPN Networks gt Use this option to access the Static VPN Networks window These windows can be used to configure static network routes for the remote device See Static VPN Networks on page 5 19 for more information lt Static NAT Addresses gt Use this option to access the Static NAT Addresses window which allows the operator to configure static bi directional NAT map
40. Select WAN lt Setup gt and press ENTER Forcel Networks Router Thu Jan 31 2002 0 02 22 gt Profile Directory 1 Configured and 2 Enabled M Name Profile Type Recv Send Profile State dap out CAN NONE NONE cotum 3 i ocalUnit lt Setup gt Directory 1 RemoteUnit WAN NONE NONE lt gt lt Enabled gt Window CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for the remote profile 5 48 IP Router Release 2 97 Profile Directory Remote Profile Spanning Tree 3 Select Setup lt Spanning Tree gt and press ENTER Forcel Networks Router Tue Feb 5 2002 1 34 04 Profile Setup for RemoteUnit WAN Network Protocol Updates GRE Tunnel ipi Cei Pro d Other lt Blocked gt WAN IP Default Router 0 0 0 0 FW Allow Frags lt Disabled gt Setup ON Min a gt gt Setup lt Trunk Port gt gt Scrollable Select the item to be set up and hit ENTER 4 To enable Spanning Tree scroll lt Disabled gt to lt Enabled gt with the SPACEBAR press ENTER Forcel Networks Router Spanning Tree Port Setup for remote RemoteUnit Tue Feb 5 2002 1 36 08 gt Spanning Tree MESES IP Router Release 2 97 5 49 Profile Directory Remote Profile Spanning Tree 5 Enter the appropriate data in the following fields Forcel Networks Router Tue Feb 5 2002 1 36 54 gt Spann
41. Set primary master transmit clock source set 1 default disconnect a 1 Set Router to default settings Disconnect all connections to the T1 on the Controller slot a disconnect 1 Disconnect all connections to the router in slot 1 set a 1 all type data Set the T1 1 of the Controller Type to Data connect a 1 all 1 1 1 Connect all of T1 1 to the Router that is in slot 1 rename 1 LocalUnit Boulder Rename LocalUnit default to Boulder LAN rename 1 RemoteUnit wanl Rename WAN 1 from RemoteUnit default to wanl Set 1 1 ip address 215 168 21 14 255 255 255 0 Set the Ethernet IP address in the conventional IP address format Router LAN add 1 wanl static ip network 0 0 0 0 0 0 0 0 1 Adds a static IP network route to the WAN interface Set 1 1 1 encapsulation fr Set the encapsulation on trunk 1 to Frame Relay set 1 lmi annexd Disable LMI to Annex D set 1 wani trunk 1 Set the WAN interface named wanl to be mapped to trunk 1 Set 1 wanl dlci 101 Set the DLCI number reset 1 Reboot the router to enable all configurations set IP Router Release 2 97 Router Configuration Internet Connection using PPP NAT PAT and Firewall Filters Internet Connection using PPP NAT PAT and Firewall Filters Router in Slot 1 ISP Router that provides the Internet connection Router with NAT PAT and Firewall Filters Command
42. Software Image Show Switch Menu for LocalUnit Choices MShow Current Images App Image Ver 2 97K Wed Jul 01 08 21 24 2009 ACTIVE App Image Ver 2 92C Mon Jun 30 03 10 50 2008 BACKUP Forcel Networks Router Wed Jan 16 2002 Software Image Show Switch Menu for LocalUnit Choices MSwitch Appl ImagesM App Image Ver 2 97K Wed Jul 01 08 21 24 2009 BACKUP App Image Ver 2 92C Mon Jun 30 03 10 50 2008 ACTIVE Scrollable Use th 2 16 IP Router Release 2 97 CHAPTER Profile Directory Router Card Profile In this Chapter Overview Configuration RIP Mode Receive RIP Mode Send Trunk Security SNMP DNS Proxy Spanning Tree Protocol Network Time Protocol SysLog DNS Resolver Profile Directory Router Card Profile Overview Overview The Router Card Profile of the Profile Directory is used to review configure base router features Configuration 1 Select Configuration Profile Directory gt from the Main Menu and select ENTER Forcel Networks Router Wed Jan 16 2002 3 24 46 gt RTR Main Menu Router Version 2 97 Slot 6 Category Selection Management lt System Time Login gt Configuration MProfile Directory Verification Ping Utility gt Statistics lt Run time gt System Reports lt Events gt Exit lt Logout gt Scrollable Use the spacebar to change the selection and hit ENTER Main Menu 3 2 IP Router Release 2 97 Profile Director
43. Subnet Mask 3 24 3 27 3 29 5 11 Trunk Pott 2 ore MET 5 51 WAN Network Updates 5 7 IP Router Release 2 97 Remote Unit Profile 6 9 RemoteUnit 0 000 c eee eee 5 5 Reports Alarm Log 7 8cccnb ee ash tee wine eee ae 9 5 Response Count 0 0 00 e eee 7 5 Result si o0e0ne entone sos acne easels 7 5 RIP eR 4 6 4 11 5 19 Glossary 3 Mode Send seuren s 3 4 RIP Mode Receive 0 00005 3 4 hop EET 11 1 Router Card Profile 0 3 1 Configuration llslelleles sss 3 2 DNS Proxy Re IRREPEEETS 3 16 DNS Resolver esses 3 25 Network Time Protocol 3 20 RIP Mode Receive lullsessss 3 4 Mode Send ssslusslesseess 3 4 Security eek RRRRRESVER E 3 7 SNMP ote heb E PRGIDEER ER 3 11 Spanning Tree Protocol 3 18 SYSLOG ove br X Xe EEG EN PPS 3 23 Trunk ceim ea e e IDEE eee ee 3 4 Router Configuration 11 1 Back to Back with PPP 11 9 Basic Set p certe 908009 bead Es 11 2 Internet Connection using NAT 11 7 Internet Connection using PPP NAT PAT 2 2 0 ccc eee eee 11 5 PPP Internet Connection 11 3 Router Configurations Frame Relay Internet Connection 11 4 Router Identification 6 4 Routing Protocol Security 6 5 Rule 1 Local Profile 4 35 Rule 1
44. Ticks gasaen RRCR RUE EUR 9 10 TYPE us sor RERO ERR UE ERE Ps 9 9 New Password 00 cece eee nes 1 6 Next Gateway cece eee ee ee 4 16 9 9 IPX Router 5225 2r xx 4 17 9 10 Next Gateway 0 0 cece eee eee 4 16 Node Type 0000 eee 4 49 4 50 Number Bytes to Display 7 10 7 11 Index 5 Index O Operation Single Ping sessi es 7 4 P Packet RIP 2xismedR Mid bee eaten ee 4 40 SAP sie ape deoe tae tesew Rete bbe 4 40 Packets which match this rule 4 38 5 42 PAP Stes suc seed as Baw os Bo 3 9 Glossary 2 Password eee eeeee 1 6 3 9 3 10 PING eis gee vale ame eee aces Glossary 3 Continuous 00 00 e ee eee eee 7 4 single eueexuRRE ER es Pea es 7 4 Single Status 02 00 0005 7 4 Ping Utility 22 sensenceeevewsteseaee en 7 2 Port INAme ius sober UAE ED RUE 9 13 Port Monitor 0 2 00 c eee eee eee 7 9 Port Name sn ccua ens oa se sale nes 9 13 Port Number 0000s eee 6 7 PPP uote enu 3 4 3 6 11 5 11 9 PPP in Frame Relay 3 6 PPP Internet Connection 11 3 Profile Directory c tecerPORE EUREN YE URS eA 4 4 Local iiis cane RREE oin uNa 4 4 REMO ou oe nee cease ses a EA anes 5 2 Profile Name 0 eee e eee 6 10 Protocol 4 6 5 6 6 10 Glossary 3 Network Time 0 000 3 20 Spanning Tree 3 18 4 56 5 48 Protocol Types
45. and save the configuration See below for a description of all fields for the Firewall Setup window lt Tue Feb 5 2002 0 46 49 gt IP Firewall Setup for remote RemoteUnit Rule Number 1D Action lt Pass gt Service lt SMTP gt Service Establishment lt Outgoing gt Local IP Address Network Remote IP flddress Network lt gt Packets which match this rule Editable Enter the position for this rule Firewall Filters Fields Rule Number The rule number defines the order in which the rules are applied Once there is two or more rules created the rule number can be changed to put them in the desired order The Last rule displayed is automatically set after the first rule is defined and states that the Router should drop any service incoming or outgoing which has not been addressed in the proceeding rules Action Pass Drop This column indicates the service s that will Pass or Drop from the local network to the remote network and vice versa On the Firewall Filters window the following indicated Pass Drop in this column Drop Blank column Pass Typically rules are established with the Pass action since the last rule which 1s automatically defined by the software Drops all services not expressly permitted by the previous rule s For IP Router Release 2 97 5 39 Profile Directory Remote Profile Firewall Filters Remote Profile 5 40 example if you wish to deny all tra
46. eek Wide a ERROR buchen 9 3 Triggered 22 correr eIETeR E A 4 SER pcm A 2 Excessive Triggered Update Events C 2 Exit esie bag he baw Ea eee 10 1 LOSOUl esee rR er eens Eh 10 2 Reinitialize 0 0 0 0 0 000s 10 3 F Facility acc00ne yer ethene hea ee eed So 3 24 Fields Edit ccce E ieee es nes tenes goes 1 3 Soroll scie ee heen eee ES 1 3 Select isse eh she hedee eed Tees 1 3 Filter Network Server 5 43 Filtei coverz eerzsuverbiubps uries 5 47 Learn oier Re rexit P CE 5 47 Nate sosiesesxwEREXYNERGU RES 5 47 Network eseseeseseses 5 46 Selected Items Filter 5Leam 0 000005 5 45 SEND mos Re ue ES Rue i 5 45 Type ues eR EREACD eR BIS PEERS 5 46 Filters vx 0040xcex er esee setae EERE 4 22 Define piccerrinrrerecierece creiss 4 24 Define Filter p oer EERr TU 4 24 Defining Custom 4 25 Filter Name jiwc senna ee eae owas ee 4 24 Filter Type 2 0 0 00 ee eee 4 24 Firewall Local Profile 4 9 4 31 Firewall Remote Profile 5 15 5 36 IP Router Release 2 97 Index Forward Mode 0 000000 ee 4 24 Network Server 000000 eee 5 15 SeluD eese Rb ana 4 9 Source Destination sus 4 24 Type 4 43 cae we taba ELE REA 4 24 Firewall 522i seu sepas Glossary 2 Falters i eR Skee teed 5 15 5 36 Local Device s 2 0005 5 41 Local IP Address Network 5 41 Packets which Match this Rule
47. for the WAN Connection WAN Connection The WAN Connection displays the current connection of this WAN in the form slot port channel IP Router Release 2 97 Profile Directory Router Card Profile Trunk WAN Connection Type Determines the type of protocol encapsulation that will be used for the selected WAN PPP Point to Point Protocol Provides a standard means of encapsulating data packets sent over a single channel WAN link PPP is the standard WAN encapsulation protocol for the inter operability of bridges and routers MLPPP MultiLink PPP When PPP is selected and a Multilink group is chosen the WAN Connection Type will display MLPPP PPP in Frame Relay Point to Point Protocol encapsulated in Frame Relay Frame Relay 1490 A packet switching protocol for connecting devices on a WAN Frame Relay networks in the U S support data transfer rates at T1 1 544 Mbps and T3 45 Mbps speeds Frame Relay service is provided for customers who want connections at 56 Kbps to T1 speeds Multilink Group Specifies a trunk as part of a multilink PPP group Selection is None or 1 through lt 24 gt Available only when PPP connection type is selected Data Speed The Data Speed will specify the data speed for each DSO in the given trunk Selection is 56K or 64K The default is 64K PVC Management Field Description Disabled Disables PVC Management AnnexD Frame Relay standard PollInterval Range is between 5 3
48. gt Window CTRL Ri to add 4 32 CIRL E to erase CTRL_F to page forward Hit ENTER to configure the communication information for this profile CIRL B to page back gt IP Router Release 2 97 Profile Directory Local Profile Firewall Filters Local Profile 3 Tab down to Setup Static Addresses gt and scroll with the SPACEBAR to Firewall Filters Press ENTER lt Forcel Networks Router Wed Jan 30 2002 2 52 52_ gt Profile Setup for LocalUnit LOCAL Frame Types LAN Network Protocol 802 2 Eth II SNAP 802 3 Updates IP K lt Neither gt IPX X X X X lt Neither gt Other 8 X 41 Local QN IP LAN IPX Profile IP Address 10 0 0 1 802 2 Ext Network 00000000 Subnet Mask 255 0 0 0 Eth II Ext Network 00000000 Window Default Router 0 0 0 0 SNAP Ext Network 00000000 802 3 Ext Network 00000000 Mde Setup BTE EISE EJ gt Link Speed lt Auto Negotiate gt Scrollable Select the item to be set up and hit ENTER IP Router Release 2 97 4 33 Profile Directory Local Profile Firewall Filters Local Profile Firewall Filters Window 4 34 4 Select CTRL A to add an IP Firewall Rule Forcel Networks Router Wed Jan 30 2002 2 55 13 gt LocalUnit has 0 IP Firewall Rules Service s LAN Device s WAN Device s Log CTRL A to add CTRL E to erase CTRL F to page forward CTRL B to page back There are no items configured
49. in a SNAP packet NOTE Only identify either an Ethernet or IEEE value but not both IP Router Release 2 97 4 27 Profile Directory Local Profile Filters To enable a filter return to the Enabled Filter Window ESC from this window and press CTRL A select filter type Custom Protocol or Address filter will be added to the Enabled Filters window NOTE Each filter even if it is not enabled will count toward the maximum number of 500 filters 4 28 IP Router Release 2 97 Profile Directory Local Profile Filters Defining Address Filters Forcel Networks Router LocalUnit has 0 Enabled Filters Forward Mode lt ALL Frames NOT Matching Filters Define Filter EE gt Filter Type Source Dest Filter Name Wed Jan 30 2002 20 27 04 gt lt Forcel Networks Router Wed Jan 30 2002 0 27 47 gt LocalUnit has 1 Address Filter Device Name MAC Address 1 Zi 00 00 00 00 00 00 72 O nj Address Filter Window CTRL A to add CTRL E to erase Editable Enter a name for the filter Use this window to define filters that are based on the Ethernet MAC Address of a specific device When enabled these filters provide security by restricting LAN WAN access based on a device s MAC Address Address filters are based on either source destination or both source and destination MAC Addresses Device Name Filter name can be up to 7 characters MAC Address Enter the
50. information from the WAN however will not be broadcast to the LAN LAN Local WAN Remote unit unit Receive network service information from the LAN and send to the remotes The Neither value will not allow the local Unit to send or receive information regarding networks and services on the LAN IP Router Release 2 97 4 7 Profile Directory Local Profile LAN Local Profile Setup LAN IP IP Address This is the IP Address of this IP Router used to uniquely identify the device on the internetwork The default for this IP Address is 10 0 0 1 Subnet Mask A subnet mask determines which bits in the IP address are used to identify the network number The default for the Subnet Mask is 255 0 0 0 Default Router This is an optional entry depending on your network configuration Use this field to identify a router that is physically connected to your LAN If the IP Router receives a packet which contains a network that is not known the packet will be sent to the router identified in this field If there are other routers and networks behind the Default Router add Static Network IP information with the Default Router as the Default Gateway If you are communicating with different network domains you will need to enter the IP Address of your Router as the default router on each workstation or make sure that the local router will redirect to the Router when appropriate
51. interface See Secondary IP Address on page 4 59 for more information IP Router Release 2 97 4 9 Profile Directory Local Profile LAN Local Profile Setup Link Speed Sets the Ethernet PHY mode and speed for the Router NOTE It is highly recommended that this setting be left at auto negotiation Connection of Ethernet devices with incompatible settings can lead to severe performance degradation and errors on a network See Link Speed on page 4 62 for more information 4 10 IP Router Release 2 97 Profile Directory Local Profile Static Networks Static Networks Static networks allow fixed or pre determined routes which increases the control over routing choices within your network Although the Router is able to dynamically learn routing information through RIP packets you may wish to disable this feature and manually enter fixed routes Disable Learning by choosing the Neither option in the LAN Network Updates field on the Local LAN Profile Setup screen Static routing may be preferred if e Routers within a network are not configured to advertise thereby escaping the automatic learning capabilities of the Router Advertising is disabled so that access to certain networks may be restricted for security purposes or to decrease traffic on the LAN and across the WAN e Youwish to keep routing tables small in order to increase LAN WAN performance Static routing may also be preferable when managing large net
52. is 30 Method lt ICMP gt Internet Control Message Protocol ICMP method of trace routing is the most widely used and has the best reliability Default lt UDP gt User Datagram Protocol UDP method requires that all devices in the chain of the trace route support probes on the particular UDP port This method is not recommended Size Define Packet Size Range 0 65500 IP Tos Sets the IP type of service Range 0x00 OxFF Hex Default is 0 Don t Frag Sets the Don t Fragment flag in the IP header This can be used along with the size setting to determine the maximum payload size that can be sent between the router and the destination without fragmentation occurring the path MTU UDP Port Sets the UDP port to send to Range is 1 65535 with a default of 33434 This setting only applies if the method is set to UDP Query Number Defines the number of probe packets sent to each hop along the route Range is 1 10 Default is 3 Wait Defines the wait time between queries Range is 0 250 ms Default is 1 ms Timeout Defines the query timeout Range is 1 60 seconds Default 1s 3 seconds IP Router Release 2 97 Verification Window Port Monitor Port Monitor The Port Monitor option is a diagnostic tool that can be used to review the actual data being transmitted to or received by the Local LAN unit This can be especially useful in determining where a transmission failure is occurring When m
53. packet destined to a network that is not known the packet will be sent to the router identified in this field This field is only displayed if the IP Mode field is set to lt Bridge gt Forcel Networks Router Profile Setup for RemoteUnit WAN Network Protocol Mode Updates GRE Tunnel IP Moridge i IPX lt Blocked gt Other lt Blocked gt Mon Feb 4 2002 22 29 26 WAN IP Default Router 0 0 0 0 FW Allow Frags lt Disabled gt Setup Security ptions gt Setup lt Trunk Port gt gt Scrollable Use the spacebar to change the selection gt 5 12 IP Router Release 2 97 Profile Directory Remote Profile Remote WAN Profile Overview FW Allow Frags Use this field to allow fragmented packets to pass though the firewall to accommodate devices that send reverse ordered or out of ordered packets It is recommended that this field be left at Disabled since this is a security risk Enabled Enables the passage of fragmented packets Disabled Disables the passage of fragmented packets Default Forcel Networks Router Mon Feb 4 2002 22 32 10 gt Profile Setup for RemoteUnit WAN Network Protocol Mode Updates GRE Tunnel IP Route gt lt Never gt lt Disabled gt IPX lt Blocked gt Other lt Blocked gt NAT Gateway lt Disabled gt WAN IP Numbered lt NO gt FW Allow Frags IHESU Setup Security ptions gt gt Setup Trunk Port gt
54. packet with the value entered into the Local IP Address Network Range is between 1 32 Remote IP Address Network Enter the IP Address of the remote device or network that this rule will affect If you enter the address of a remote device this rule will affect only the session establishments of the remote device and the device network address entered in the Local IP Address Network field above If this rule is to affect any remote devices networks leave this field at the default symbol Significant Bits Use this field to identify the number of bits from left to right that will be used to match the IP Address field within the data packet with the value entered into the Remote IP Address Network Range is between 1 to 32 IP Router Release 2 97 5 41 Profile Directory Remote Profile Firewall Filters Remote Profile 5 42 lt Packets which match this rule Use this field to indicate whether a rule match should trigger an Alarm or Log entry Blank A transmission match will not trigger an Alarm or Events log entry Alarm A transmission match will trigger an Alarm entry Log A transmission match will trigger an Events log entry Log or Alarm entries may also be useful when a specific security issue is at stake For example if your security policy does not permit Telnetting you may wish to keep track of all Telnet attempts As a general rule however we do not recommend keeping a log of all rule matches since this
55. set a 1 all type data connect a 1 all 3 1 1 Set the T1 1 of the Controller Type to Data Connect all of T1 1 to the Router that is in slot 1 rename 3 LocalUnit Denver Rename LocalUnit default to Denver LAN rename 3 RemoteUnit wanl Rename WAN 1 from RemoteUnit default to wanl Set 3 1 ip address 2 2 2 1 255 255 255 0 Set the Ethernet IP address in the conventional IP address format Router LAN set 3 1 phy auto Set the Physical Specifications to auto negotiate add 3 wanl static ip network l 1 1 0 255 255 255 0 1 Adds a static IP network route to the WAN interface Set 3 1 1 encapsulation fr Set the encapsulation on trunk 1 to Frame Relay set 3 Imi disable Disable LMI Local Management Interface set 3 wanl trunk 1 Set the WAN interface named wanl to be mapped to trunk 1 set 3 wani dlci 101 Set the DLCI number reset 3 Reboot the router to enable all configurations set IP Router Release 2 97 APPENDIX User Events In this Appendix m User Events m Authenticate Events m Triggered Events m Alarms User Events User Events User Events Description access login terminated Adit Initialized IP Address was dynamically assigned by remote Login accepted at access level Login rejected Password changed for access level Port X connected Port X down System Date Time Change recorde
56. the authentication protocol to be used by remote units when authenticating this unit lt CHAP gt Challenge Handshake Authentication Protocol lt CHAP gt Secret Select ENTER and a NEW Password dialog box will display Enter a 1 15 character password and select ENTER and a RETYPE Password dialog box will display Retype password and select ENTER Password is now set NEW Password xioooocoocodi RETYPE Password 22222222223 lt PAP gt Password Authentication Protocol lt PAP gt Password Same as above lt CHAP gt Secret lt NONE gt No authentication protocol lt NONE gt is the default User ID Use this field to define the local unit s User ID During the authentication process the local unit will send a name or User ID along with the authentication protocol s secret or password see above Use the SPACEBAR to scroll between lt Local Profile Name gt the default value and lt Local Custom Name gt If set at lt Local Profile Name gt the local unit will send the 11 character unit name which was defined on the Local LAN Profile screen If this field is set to Local Custom Name gt you may define a 32 character maximum alphanumeric value to represent the User ID which is sent during the authentication process Defining a custom User ID simply gives the end user more flexibility for this value To assign a custom User ID set the USER ID field to lt Local Custom Name gt and press TAB Up to ten 10 custo
57. this feature Time Displays the date and time that the alarm occurred Alarms are displayed in descending order with the most recent alarm first Message Displays the actual alarm that triggered the alarm on the Router Count Unlike the Event screen the value in the count column will not increment each time that the alarm occurs Note that the time stamp reflects the time that the alarm first occurred IP Router Release 2 97 9 5 System Reports Window Networks Servers Networks Servers Use this screen to review all of the networks and servers that your Local LAN Unit has learned on its Local LAN or from remote units as well as static entries By sending out IPX and IP RIP Routing Information Protocol and IPX SAP Service Advertising Protocol packets and monitoring RIP and SAP packets from other devices the Router will learn about other servers and networks The Router will constantly monitor RIP and SAP packets to ensure that the status of the network or server has changed Should a RIP or SAP packet indicate a change in status the Router would update the data in the table and send the information to all enabled remotes to exchange the updated data This screen will change depending on the values in the Display and Learned From fields 1 Onthe Main Menu TAB to the System Reports option 2 Press SPACEBAR to scroll to Networks Servers Forcel Networks Router RTR Main Menu Category Management Con
58. to page back Hit ENTER to configure the communication information for the remote profile Name Profile Type Recv Send Profile State Router CARD Setup gt LocalUnit LAN NONE NONE Setup gt 1 RemoteUnit WAN NONE NONE lt Enabled gt IP Router Release 2 97 Profile Directory Remote Profile Security Options 3 Tab down to Setup lt Security Options gt Scroll through the list of options with the SPACEBAR and select ENTER Forcel Networks Router Profile Setup for RemoteUnit WAN Network Mon Feb 4 2002 22 34 94 gt Protocol Mode Updates GRE Tunnel IP Route gt Never gt lt Disabled gt IPX lt Blocked gt Other lt Blocked gt Remote Profile NAT Gateway Disabled Window WAN IP Numbered lt NO gt FW Allow Frags lt Disabled gt Setup lt gt gt Setup lt Trunk Port gt gt Scrollable Select the item to be set up and hit ENTER 4 The following Security Options setup window will display Forcel Networks Router Security ptions Setup for remote RemoteUnit Mon Feb 4 2002 22 48 32 gt Authentication by remote User ID Local Profile Name LocalUnit Authentication of remote Protocol NONE User ID MMSE RemoteUnit Security Server Local gt Compression lt Disabled gt Typical Data lt Easy to Compress gt Scrollable Select User ID received from this remote unit IP Router Release 2 97 5 17 P
59. transfer voids the above warranty and related licenses Forcel0 Networks offers expanded product care beyond what is covered by the warranty through different support plans The plans are designed to maximize network availability through advance replacement for defective equipment Please contact your Force10 Networks representative for support program details Warranty Procedure BUYER must promptly notify Forcel0 Networks of any defect in the Product or Software and comply with Force10 Networks return repair policy and procedures Force10 Networks or its agent will have the right to inspect the Product or workmanship on BUYER s premises With respect to a warranty defect in Product hardware reported to Force10 Networks by BUYER during the warranty period Force10 Networks as its sole obligation and BUYER s exclusive remedy for any breach of warranty will use commercially reasonable efforts at its option to a repair replace or service at its factory or on the BUYER s premises the Product or component therein or workmanship found to be defective so that the Product hardware operates substantially in accordance with Force10 Networks Documentation or b credit BUYER for the Product in accordance with Force10 Networks depreciation policy Preface iv With respect to a warranty defect in the Licensed Software reported to Force10 Networks by BUYER during the 90 day software warranty period Forcel0 Networks at its own expense and as its
60. used where only one packet is sent to the device being tested or a continuous ping to the device until you manually terminate the test Continual pinging may help identify intermittent communication problems Please note that when pinging a device on a remote LAN it is not unusual for the first ping to fail 7 2 NOTE In order to perform LAN port testing the selected frame type must be Ethernet II and the Router s IP Address must be configured 1 On the Main Menu press TAB until Ping Utility is highlighted on the Verification option Forcel Networks Router Tue Feb 5 2002 3 17 52 gt RTR Main Menu Router Version 2 97 Slot 6 Category Selection Management lt System Time Login gt gt Configuration lt Basic Config gt gt Verification MPing Utilit b gt Statistics Run time gt gt System Reports lt Events gt gt Exit lt Logout gt gt Scrollable Use the spacebar to change the selection and hit ENTER 2 Press ENTER The Ping Utility window will display IP Router Release 2 97 Verification Window Ping Utility 3 To initiate a Ping select START PING Single Ping gt scroll to lt Continuous Ping gt if desired and press ENTER The Ping process will begin lt Forcel Networks Router Tue Feb 5 2002 3 19 35_ gt LAN Port Verification for LocalUnit DestHost _ a Access Port Local LAN Src IP Address 10 0 0 1 Payload Size 64 START PING Si
61. used to enable the Router to assign an IP Address to the remote device that this remote profile is attached to Forcel Networks Router Profile Setup for RemoteUnit WAN Network Mon Feb 4 2002 22 26 39_ gt Protocol Mode Updates GRE Tunnel IP Route gt Never gt lt Disabled gt IPX lt Blocked gt Other lt Blocked gt NAT Gateway lt Disabled gt Numbered IP Address 0 0 Subnet Mask 0 0 FW Allow Frags lt Disabled gt Setup lt Trunk Port gt gt Scrollable Use the spacebar to change the selection Numbered Designate if the local unit will have an IP Address assigned to the WAN when communicating with this remote unit If the remote unit is an Adit it is recommended that the WAN remain unnumbered thus conserving IP Addresses This field displays if the IP Mode field is set to lt Route gt IP Address This address is used to uniquely identify the unit on the internetwork Use this field to assign an IP Address to the WAN Subnet Mask A subnet mask determines which bits in the IP address are used to identify the network number It is also a method of extending the IP Network Address so that a site may use one network address for several different networks IP Router Release 2 97 5 11 Profile Directory Remote Profile Remote WAN Profile Overview Default Router Use this field to identify a router that is physically connected to your LAN If the Router receives a
62. voee 9 10 HOpS 5 oo ised eens chao Woe Rus 9 9 M tri JelescedtpedGG e EXPRESS 9 9 Name neseeesrb CERE PEERS 9 9 IP Router Release 2 97 Index Network vise seta bee cies heen 9 9 Next Gateway 000s ee eee 9 9 TICKS sept ER eene aes 9 10 TYPE a4 Axes EEEE Or o peoe 9 9 System Time Login 2 3 2 4 Admin Password 00 005 2 5 Auto Logout Timer 4 2 5 Change Password sus 2 6 Config Password 000005 2 5 Daylight Savings Time Adjustment 2 5 Enhanced Security 00 2 6 System Date and Time 2 4 View Password 000 cece eee 2 5 T TD voa rer Bad Soe sR Ss Glossary 4 Tab Key ces iced aa ae eck dee ES 1 2 Telnet oe ER ua EYE Glossary 4 Telnet Session llulullssus 1 5 Throughput to from WAN 8 5 Ticks i RrRRRRHeRe heme 4 16 9 10 Time Login Setup 00 0000 eee 2 4 time SOUP cess E tw ds wee mT 2 3 Timeout Count 0 000 7 5 Trace ROG 4 5554N 505 EX VER UE 7 6 Trap Destinations 005 3 14 Triggered Events 0000s A 4 Troubleshooting 0 00005 C 1 Communication Related Issues C 2 LAN Related Issues C 2 Trunk sess steed sees RES RI 3 4 Glossary 4 Trunk Port 2 0 2 0 cee eee 5 51 WAN Connection 005 3 5 WAN Connection Type 3 6 TY PC ists 5 pads eor qa D
63. with or without power to the unit Install a Router Card 1 Slide the Router card into a service card slot of the chassis 2 Press firmly into slot to engage until card is seated completely 3 Cardhas completed bootup when a solid Red CRD light an LED is displayed Maneuvering in the System TAB moves from one field to the next Keyboard arrows move to the next field in the direction of the arrow Items in brackets are scrollable options With the Spacebar the operator can move through the selections ENTER displays the window for the selected feature or to enter a alphanumeric value Esc Exit and return to previous window or to the Main Menu Help Bar is displayed along the bottom of the window and lists options for the selected feature The Router software contains three different field types that may be used in entering information scroll select and edit IP Router Release 2 97 Introduction Fields Fields Scroll Field A field enclosed in angle brackets is a scrollable option field While the field is selected use the following keystrokes SPACEBAR will scroll forward through the options ENTER will open the option s window or accept the entered value Example Terminal generic Select Field A field followed by is a selectable field which causes an action to be performed highlight the field and press ENTER to perform the action for example to enter the Trunk Port Setup scree
64. 0 NOTE Each selected network will be counted as a filter A maximum of 500 filters can be defined on the Router Advertise Network Server Fields Setup Use this field to identify which networks or server types you wish to review Options are IP Networks IPX Servers and lt IPX Networks Selected Items Advertise With this option selected Networks will advertise to all remote units that are listed in your Profile Directory Do Not Advertise With this option selected Networks will not be advertised Network This field displays the network address of each network learned from the local LAN If this route was added using one of the Static Network windows Static Fltr will appear before the network address of this entry If this is not a static route and has been selected Config Fltr will appear before the network address of this entry Only static routes for the local unit will display on this window IP Router Release 2 97 Profile Directory Local Profile Advertise Network Server IPX Server Advertising Forcel Networks Router Wed Jan 30 2002 3 19 24 gt LocalUnit has 0 configured and learned IPM Networks Setup lt I gt lt Do not Advertise gt Selected Items Network Do not Advertise CIRL F to page forward CTRL B to page backward Scrollable Select the Network Server type to configure Servers are learned and maintained by the Router in the same way as network tables by send
65. 0 IPX Server Advertising 4 43 NAME isle um Bae eich Capes 4 44 Network secs arsucalsed EE Xx ES 4 44 Selected Items 04 4 44 Ty DG tere Sai ican ees 4 44 L LAN seco rini paa el be ean ok 4 55 Network Updates 4 6 Packet BEtO S x steer CON ee Wes UE rb due 8 4 Received 2 RI ERR RREIRIRT ER 8 4 Transmitted 00 0 00 08 8 4 Packet Totals 0 0 00005 8 4 LAN Collision Threshold 4 9 4 53 Alarm 2uckeRRpI RR ERR E d 4 55 Collision onere De CREER 4 55 Collision Hi Threshold 4 55 Collision Lo Threshold 4 55 LAN ieRev4GeR eigen ea ee 4 55 Sample Interval 4 55 Index 4 LAN IPS i neeepeURU E ERBEN EE 4 8 Default Router 0 0 0 0 0 cee 4 8 IP Address 0 0 cece eee eens 4 8 Subnet Mask 00 cece eee ee 4 8 LANJIPX i24 ety bocce beaded 4 8 802 2 Ext Network 005 4 8 802 3 Ext Network 000 4 8 Domain Name 0 000000 4 48 Ethernet II Ext Network 4 8 LAN Port Tests Continuous Ping Status Response Count 00 7 5 Timeout Count 00000 7 5 IP Address 2o toO E 7 3 Operation Single Ping 64 45 4750 54554 85 PES 7 4 Single Ping Status 7 4 IP Address gt 403 4 ore be os 7 5 MAC Address 0 0000 c eee 7 5 Result x2 eo PESE RUNS 7 5 Leatn im aeae pia a aii EA 5 4
66. 0 Poll Counter Range is between 1 255 LMI Local Management Interface PollInterval Range is between 5 30 Poll Counter Range is between 1 255 3 6 IP Router Release 2 97 Profile Directory Router Card Profile Security Security 1 Select Security lt Configure gt and select ENTER Forcel Networks Router Wed Jan 16 2002 4 49 29 ROUTER Slot 6 Configuration RIP Mode Receive RIP1 gt RIP Mode Send lt RIP1 gt Trunk Configure gt Security Configure gt DNS Proxy Configure gt Spanning Tree Protocol Configure gt Network Time Protocol Configure gt SysLog Configure gt DNS Resolver Configure gt onfigure SNMP Menu IP Router Release 2 97 3 7 Profile Directory Router Card Profile Security The fields on this screen may be used to define the authentication process for the Local Unit Security Setup Window Forcel Networks Router Security Setup for local LocalUnit Authentication by remote Protocol im User ID Local Profile Name gt LocalUnit Authentication of remote Protocol lt NONE gt Local Security Server Type Address Wed Jan 16 2002 4 56 59_ Password None gt Scrollable Select method remote units use to authenticate this system IP Router Release 2 97 Profile Directory Router Card Profile Security Security Setup Menu Fields Authentication by Remote Protocol CHAP PAP or NONE Use this first field to identify
67. 1 since that is the first gateway on the route to Network C This field 1s only used on IP Networks IP Router Release 2 97 Profile Directory Local Profile Static Networks Next IPX Router Enter the MAC Address of the next gateway router on the route that the data will use to reach the destination network Referring back to Example 1 Network B would enter the MAC Address of Router 1 since that is the next gateway on the route to Network C This field is only used on IPX networks IP Router Release 2 97 4 17 Profile Directory Local Profile Static Addresses Static Addresses Use this screen to define static addresses that are based on the Ethernet MAC or IP Address of a specific device on the local LAN Typically the Router would learn of these devices by monitoring LAN WAN packets By defining a static address you are telling the Router the location of the corresponding device before the Router learns where this device resides Static addresses are typically used in a bridging situation Use the Local LAN Profile to define static addresses for devices that are located on the LAN If you wish to establish static addresses for devices on remote LAN s access this screen using the corresponding Remote Profile NOTE Each static address filter will count toward the maximum number of 500 filters 1 Select Configuration Profile Directory gt on the Main menu and press ENTER 2 Select LAN Setup gt and press
68. 2 97 CHAPTER Statistics Window The Statistics window is used to review data transmission information between the Local LAN unit and Remote WAN devices This option allows you to review data transmission statistics to from remote units This data will help you to monitor the Router s connection performance capabilities such as throughput compression and errors In this Chapter mg Run Time Statistics Window Run Time Run Time Use this screen to review the statistics regarding data transmission to and from remote units All remote units that appear on the Profile Directory screen will be displayed here If no data is currently being transmitted to a specific unit the transmission fields will display 0 s 1 On the Main Menu press TAB until the Run time is highlighted on the Statistics option 8 2 Forcel Networks Router RTR Main Menu Router Version 2 97 Scrollable Category Selection Management lt System Time Login gt gt Configuration Profile Directory gt gt Verification Ping Utility gt gt Statistics ia System Reports lt Events gt gt Exit lt Logout gt gt Use the spacebar to change the selection and hit ENTER Tue Feb 5 2002 3 33 31_ Slot 6 gt IP Router Release 2 97 Statistics Window Run Time 2 Press ENTER The Run time Statistics window will display Forcel Networks Router Run time Statistics for LocalUnit Aut
69. 7 Lease Duration 0 0000 sneen 4 49 Level RR REED kee be ECKE 3 24 Link Speed osos irs 4 10 4 62 100T Full Duplex sesuees 4 63 Half Duplex e esses 4 63 10T Full Duplex 0 4 63 Half Duplex 0 4 63 AutoNegotiate 0000 4 63 DME 5 08256 doen eee pde Glossary 2 Load Defaults 0 0 00 02 ee eee 2 14 Local Device s eee 4 36 Security Server csse seri ux peux 3 10 Local Device s 0 000 cee eee 5 41 Local IP Address 0 000000 5 29 Local IP Address Network 4 37 5 41 Significant Bits 4 37 5 41 IP Router Release 2 97 Local Profile 0 4 1 4 4 4 6 Advertise Network Server 4 39 DHCP Server BOOTP Relay 4 45 Filteis i vete as keV PER UE 4 22 Firewall Filters 4 9 4 31 Frame Type is 2 aateewns ix Fee Ens 4 6 8022 ea ee 4 6 802 3 coh ci ur EERsr DUCERE DER EUN 4 6 Eth IL ob Rr UE EUER GU HERES 4 6 SNAP eccsereruepEXGc Weeds 4 6 LAN Collision Threshold 4 53 LAN Network Updates 4 6 Link Speed 0000000 4 62 LocalUnmit 1 escono ss eeasg ome pans 4 6 Secondary IP Address 4 59 SED ute vee va aeei seers ea EE 4 9 Filters eec eect bei RR hen 4 9 LAN Collision Threshold 4 9 Link Speed 0 0000 4 10 Spanning Tree sores 4 56 Static Addre
70. 97 Verification Window Trace Route 3 Press ENTER The Trace Route window will display lt Force10 Networks Router Tue Feb 5 2002 3 25 24_ gt Trace Route Utility lt START TRACERT gt gt DstHost SrcPort Local LAN gt gt SrcIP 10 0 0 1 InitialITL 1 MaxTIL 30 Method lt ICHP gt Size 0 IP Tos 00 Don t Frag NO gt Query Number 3 Wait 1 ms Timeout 3 seconds Hop Ave Host Enter Dotted Decimal IP or Domain Name Trace Route Utility lt START TRACERT gt gt After all parameters are entered select lt START TRACERT gt and ENTER to start the trace DstHost Destination Host Enter an IP Address or domain name to use for this query IP Address must be in the form of XXX XXX XXX XXX Where xxx is between 0 255 Sre Port Source Port Scroll through the available options Local LAN and Remote Units SrcIP Port Source IP Port The source IP address from any of the routers numbered IP addresses Default is the IP address of the router interface used to send the packets InitialTTL This optional parameter defines the beginning of the range of hops to query Range is 1 254 value Note must be less than MaxTTL Default is 1 IP Router Release 2 97 7 7 Verification Window Trace Route 7 8 MaxTTL This optional parameter defines the end or the maximum ofthe range of hops to query Range is 2 255 value Note must be more than InitialTTL Default
71. 97 5 29 Profile Directory Remote Profile NAT Bypass Subnets NAT Bypass Subnets Use this window to define NAT Bypass Subnets which will create a list of source addresses that will not be subject to NAT translation when passing through a NAT enabled WAN interface 1 Select Configuration Profile Directory gt from the Main Menu and press ENTER 2 Select WAN Setup gt on the RemoteUnit line and press ENTER Forcel Networks Router Thu Jan 31 2002 0 02 22 gt Profile Directory 1 Configured and 2 Enabled Name Profile Type Recv Send Profile State Router CRRD Setup gt LocalUnit LAN NONE NONE Setup gt Profile 1 RemoteUnit WAN NONE NONE gt lt Enabled gt Directory Window CTRL A to add CIRLE to erase CIRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for the remote profile 5 30 IP Router Release 2 97 Profile Directory Remote Profile NAT Bypass Subnets 3 Select Setup NAT Bypass Subnets gt scroll through the list of options with the SPACEBAR if this option is not displayed Press ENTER lt Forcel Networks Router Tue Feb 5 2002 02 28_ gt Profile Setup for RemoteUnit WAN Network NAT Bypass Protocol Mode Updates GRE Tunnel Subnets IP lt Route gt lt Never gt lt Disabled gt Window IPX lt Blocked gt Other lt Blocked gt NAT Gateway lt Disabled gt WAN IP Numbered lt NO gt FW Allo
72. AN Local Profile Setup The LAN Profile is the largest most detailed portion of the Router software The fields on this screen allow definition of how data transmission will occur on the Router LAN port This includes defining the protocol s that it will use to send and receive data defining security protocols specifying which LAN servers and networks will be advertised to WAN units and establishing specific data filtering options The LAN profile is used in conjunction with the WAN profiles The WAN profiles identify which remote units the local unit can communicate with as well as the data transmission requirements of each remote In addition to the fields on this screen there are several other areas that directly relate to the communication abilities of the Router You may use the fields at the bottom of this screen to access the following areas e Defining static addresses at the local unit e Establishing static networks e Establishing Remote WAN advertising e Establishing DHCP Server Client Relay agent parameters e Defining firewalls e Defining data filters The Router can accommodate a maximum of 500 filters such as those created when establishing static routes or data filters The following entries consume a filter e Configured address custom and protocol filters e Static IP networks and static IPX networks e Enabling any learned items listed on the Advertise Network Server screen or Filter Network Server screen
73. B Bridge Hello Time 2 seconds Bridge Max flge 20 seconds Bridge Forward Delay 15 seconds Bridge Priority 32768 Scrollable Use the spacebar to change the selection SPANNING TREE GLOBAL SETUP MENU FIELDS Bridge Hello Time The Bridge Hello Time specifies the time interval between transmissions of Topology Change Notification BPDUs towards the Root when the Bridge is attempting to notify the Designated Bridge on the LAN to which its Root Port is attached of a topology change The value can range from 1 to 10 seconds with a default of 2 seconds Bridge Max Age The Bridge Max Age value specifies the maximum age of received protocol information before it is discarded The value can range from 6 to 40 seconds with a default of 20 seconds Bridge Forward Delay The Bridge Forward Delay is the time spent by a Port in the Listening or Learning States before transitioning to the Learning or Forwarding State respectively The value can range from 4 to 30 seconds with a default of 15 seconds Bridge Priority The Bridge Priority is the priority part of the bridge identifier The value can range from 0 to 65535 with a default of 32768 IP Router Release 2 97 3 19 Profile Directory Router Card Profile Network Time Protocol Network Time Protocol The Network Time Protocol is a protocol which sets the network to a common time system for Internet hosts based off of GMT Greenwich Mean Time 1 Select Network Time P
74. C 2 IP Router Release 2 97 Troubleshooting LAN Related Issues Unable to connect to anything outside the LAN from LAN host Ping the Router LAN IP address Verify cabling is correct straight cable ls the Link LED if connected to a switch or hub crossover if connected to a NIC ls the ping successful Change IP Host amp LAN IP in the address andlor same subnet subnet mask Reboot host and reinitialize router Statistics Run Time Check Remote Conns JAN packets received and Repair T1 issue transmitted Remote Conns 1 Verifythatthe Verifychannels Check WAN profile encapsulation is correct match from end to StaticVPN Networks and that there isn 1 end Verify that authentication remote router portis mismatch enabled Add network to Static VPN Network field Correct network defined Verifythatremote router has route defined back to local router s newtorks IP Router Release 2 97 C 3 Troubleshooting LAN Related Issues Unable to access the Local LAN Router unit via Telnet First verify that the local Router was given an IP Address that is on the same network as the workstation Since Telnet uses the IP protocol establish that IP 1s functioning correctly by pinging the local unit from the workstation or by pinging the workstation from the local unit Pinging will verify that there is communication between the workstation and the Router Since you are unable to Telnet into th
75. Combat Radio Transport Protocol Sautter 127 CRUDP Combat Radio User Datagram Sautter 128 SSCOPMCE Waber 129 IPLT Hollbach 130 SPS Secure Packet Shield McIntosh 131 PIPE Private IP Encapsulation within IP Petri 132 SCTP Stream Control Transmission Protocol Stewart 133 FC Fibre Channel Rajagopal 134 RSVP E2E IGNORE RFC3175 135 254 Unassigned IANA 255 Reserved IANA IP Router Release 2 97 Protocol Types Ethernet Protocol Types Ethernet Protocol Types This table defines the protocol types that would used by the LAN Protocol filters The associated Hex number is entered into the Ethernet Value field see Defining Protocol Filters on page 4 27 HEX Description 0000 05DC IEEE 802 3 Length Field 0 1500 decimal 1010 01FF Experimental for development Conflicts with 802 3 length fields 0200 Xerox PUP Conflicts with 802 3 length fields 0201 PUP Address Translation Conflicts with 802 3 length fields 0600 Xeros XNS IDP 0800 DOD IP 0800 XJ7Slhltenmet 0802 NBS Internet 0803 ECMA Internet 0804 CHAOSnet 0805 X 25 Level 3 0806 ARP for IP and for CHAOS 0807 SNXCompadbiity 081C Symbolics Private 0888 088A Xyplex 0900 Ungermann Bass network debugger 0A00 Xerox 802 3 PUP 0A01 PUP 802 3 Address Translation OBAD Banyan Systems Inc 1000 Berkeley trailer negotiation si sts lt sSSS 1001 100F Berkeley Trailer encapsulat
76. Device s Log Firewall i 1 ate x ome Rules ast i Any sacs z Window CTRL E to erase CTRL F to page Hit ENTER to modify this Firewall Filter Rule Symbol Description Rule Number Pass no blank indicates Drop Services s Lists current service defined LAN Device s Lists LAN defined for this rule indicates any gt Outgoing lt Incoming IP Router Release 2 97 4 31 Profile Directory Local Profile Firewall Filters Local Profile lt gt Outgoing and incoming WAN Device s Lists WAN defined for this rule indicates any Log X Logged in the Event or Alarm log To Add a Firewall Filter WARNING THE ADDITION OF THE FIRST FIREWALL RULE WILL AUTOMATICALLY SECURE THE UNIT AGAINST ACCESS VIA TELNET UNLESS THE FIRST RULE EXPRESSLY PERMITS TELNET TO ENSURE THE ABILITY TO TELNET INTO THE UNIT BY AT LEAST ONE REMOTE DEVICE YOU MUST CREATE A RULE INDICATING WHICH DEVICE HAS TELNET ACCESS 1 On the Main Menu press TAB until Configuration Profile Directory gt is highlighted and press ENTER 2 Select lt Setup gt on the LocalUnit LAN line and press ENTER lt Forcel Networks Router Profile Directory 1 Configured and 2 Enabled Thu Jan 17 2002 20 45 01 Name Profile Type Recv Send Profile State 2 Router CARD lt Setup gt Profile LocalUnit LAN NONE NONE lt gt Directory 1 RemoteUnit WAN NONE NONE Setup gt Enabled
77. ENTER Forcel Networks Router Thu Jan 17 2002 60 45 01 gt Profile Directory 1 Configured and 2 Enabled Name Profile Type Recv Send Profile State Profile Router CARD lt Setup gt Di t LocalUnit LAN NONE NONE lt gt rectory 1 RemoteUnit WAN NONE NONE Setup gt lt Enabled gt Window CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for this profile 4 18 IP Router Release 2 97 Profile Directory Local Profile Static Addresses 3 Select Setup Static Addresses gt If the Static Addresses option is not displayed scroll to the selection with the SPACEBAR and press ENTER Forcel Networks Router Tue Jan 29 2002 23 39 08 gt Profile Setup for LocalUnit LOCAL Frame Types LAN Network Protocol 802 2 Eth II SNAP 802 3 Updates IP K lt Neither gt IPX X X 41 X lt Neither gt Other 8 X 41 Local Profile LRN IP LRN IPX Wind IP Address 10 0 0 1 802 2 Ext Network 00000000 indow Subnet Mask 255 0 0 0 Eth II Ext Network 00000000 Default Router 0 0 0 0 SNAP Ext Network 00000000 802 3 Ext Network 00000000 Setup IIBER E gt Link Speed lt Auto Negotiate gt Scrollable Select the item to be set up and hit ENTER 4 Press CTRL A to add static addresses as needed Forcel Networks Router Tue Jan 29 2002 23 41 21 LocalUnit has 1 Static MAC Address Recor
78. FORCEQCO IP Router MENU DRIVEN USER INTERFACE USER MANUAL Part Number 770 0015 BL Product Release 2 97 August 2009 Copyright 2009 Forcel0 Networks Inc All rights reserved Forcel0 Networks reserves the right to change modify revise this publication without notice The hardware and software described herein are furnished under a license or non disclosure agreement The hardware software and manual may be used or copied only in accordance with the terms of this agreement Itis against the law to reproduce transmit transcribe store in a retrieval system or translate into any medium electronic mechanical magnetic optical chemical manual or otherwise any part of this manual or software supplied with the product for any purpose other than the purchaser s personal use without the express written permission of Force10 Networks Inc Trademarks Adit and Force10 Networks are registered trademarks of Force10 Networks Inc Force10 and the Forcel0 logo are trademarks of Forcel0 Networks Inc or its affiliates in the United States and other countries and are protected by U S and international copyright laws All other brand and product names are trademarks or registered trademarks of their respective holders Statement of Conditions In the interest of improving internal design operational function and or reliability Forcel0 Networks reserves the right to make changes to products described in this document without noti
79. GREEMENT REPLACE ALL OTHER WARRANTIES EXPRESSED OR IMPLIED AND ALL OTHER OBLIGATIONS OR LIABILITIES OF FORCE10 NETWORKS INCLUDING ANY WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE NONINFRINGEMENT AND OR ANY IMPLIED WARRANTIES ARISING OUT OF COURSE OF PERFORMANCE OR COURSE OF DEALING ALL OTHER WARRANTIES ARE DISCLAIMED AND EXCLUDED BY FORCE10 NETWORKS THE REMEDIES CONTAINED IN THIS AGREEMENT WILL BE THE SOLE AND EXCLUSIVE REMEDIES WHETHER IN CONTRACT TORT OR OTHERWISE AND FORCE10 NETWORKS WILL NOT BE LIABLE FOR INJURIES OR DAMAGES TO PERSONS OR PROPERTY RESULTING FROM ANY CAUSE WHATSOEVER WITH THE EXCEPTION OF INJURIES OR DAMAGES CAUSED BY THE GROSS NEGLIGENCE OF FORCE10 NETWORKS THIS LIMITATION APPLIES TO ALL SERVICES SOFTWARE AND PRODUCTS DURING AND AFTER THE WARRANTY PERIOD IN NO EVENT WILL FORCE10 NETWORKS BE LIABLE FOR ANY SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES LOSS OF DATA OR COMMERCIAL LOSSES EVEN IF FORCE10 NETWORKS HAS BEEN ADVISED THEREOF IP Router Release 2 97 y Preface No agent BUYER or representative is authorized to make any warranties on behalf of Force10 Networks or to assume for Force10 Networks any other liability in connection with any of Forcel0 Networks Products software or services The foregoing summarizes Force10 Networks entire product and software warranties which are subject to change without notice Warranty Product Returns vi Before returning any equipmen
80. IP IP within IP Encapsulation Protocol J16 95 MICP Mobile Internetworking Control Pro J16 96 SCC SP Semaphore Communications Sec Pro HXH 97 ETHERIP Ethernet within IP Encapsulation RFC3378 98 ENCAP Encapsulation Header FRC1241 RXB3 99 any private encryption scheme IANA 100 GMTP GMTP RXB5 101 IFMP Ipsilon Flow Management Protocol Hinden 102 PNNI PNNI over IP Callon 103 PIM Protocol Independent Multicast Farinacci 104 ARIS ARIS Feldman 105 SCPS SCPS Durst 106 QNX QNX Hunter 107 A N Active Networks Braden 108 IPComp IP Payload Compression Protocol RFC2393 109 SNP Sitara Networks Protocol Sridhar 110 Compagq Peer Compaq Peer Protocol Volpe 111 IPX in IP IPX in IP Lee 112 VRRP Virtual Router Redundancy Protocol Hinden 113 PGM PBM Reliable Transport Protocol Speakman 114 any 0 hop protocol IANA 115 L2TP Layer Two Tunneling Protocol Aboba 116 DDX D II Data Exchange DDX Worley 117 IATP Interactive Agent Transfer Protocol Murphy 118 STP Schedule Transfer Protocol JMP IP Router Release 2 97 Protocol Types Protocol Number in Firewall Filters Number Keyword Protocol Reference 119 SRP SpectraLink Radio Protocol Hamilton 120 UTI UTI Lothberg 121 SMP SMP Ekblad 122 SM SM Crowcroft 123 PTP Performance Transparency Protocol Welzl 124 ISIS over IPv4 Przygienda 125 FIRE Partridge 126 CRTP
81. If a server has been selected using the X key Config Fltr will appear before the network address of this entry Type The TYPE field displays the Hex value assigned to each known server When a server is added using CTRL A a Hex value must be defined If you wish to learn certain services that match a particular server type manually add an entry specifying the desired Hex value This setting will enable the unit to learn all services that match the specified service type This field may be used in conjunction with the NAME field described below Name This field displays the first 11 characters of the name of each known server If the server is manually added and a server name is not defined all servers matching the added type will be learned and the first 11 characters of their names will be displayed If the server name is defined when the server is manually added then only servers matching both type and name will be learned Selected Items Use this field to determine whether your Router will advertise the information listed on this window to remote units Valid field options include Do Not Advertise gt and Advertise If Advertise is selected checked items with X will advertise to all remote units in the Profile Directory If Do Not Advertise is selected checked items will not be advertised Use the CTRL A keys to manually configure a service When manually configuring a service the following prompt is displa
82. MP Communities ACCESS x Mascne a Be REPE ERR 6 12 Address 0 0 0 00 0 cece eee eee 6 12 Name ensoclsexeceswe hee ar XR 6 12 Index 8 SNMP Configuration SNMP Communities 6 12 SNMP Trap Destinations 6 12 SNMP Trap Destinations Address iie tick bea eee RS 6 12 LOCaHOn psv es ey apesin seeds y 6 12 Names siete deg Sates Set REA 6 12 Software Images 0005 2 15 Source Destination 4 24 Spanning Tree Glossary 3 Spanning Tree Protocol 3 18 4 56 5 48 Bridge Forward Delay 3 19 3 22 Bridge Hello Time 3 19 Bridge Max Age 005 3 19 Bridge Priority 3 19 4 58 5 50 Start Basic Configuration 6 2 Start IP Address 000 4 48 Start Monitor 0200 eee 7 10 Static Address 4 18 4 34 5 14 5 15 5 29 5 31 5 34 5 38 5 45 5 52 5 53 NetworksRemote Profile Static Networks 005 5 14 SUP aus ema px aay eee pde 5 35 Static Addresses 0000 cee euee 5 32 Device Name ss 4 20 5 35 IP Address 0 000 e eee 4 21 5 35 MAC Address 00005 4 20 5 35 Setup Static 000 4 20 5 35 IP Addiess onec REOR neues 4 20 MAC Address 00 0000 4 20 Static NAT Addresses 5 27 11 7 Local IP Address 0 00 5 29 NAT IP Address 00 00005 5 29 Static Network
83. N level 1 Feb 5 2 48 17 7 Password changed for ADMIN level 1 Feb 5 2 47 56 1 Export complete in 0 0 secs 42480 bps 1 Feb 5 2 47 49 0 LAN Set to 10T Half Duplex 1 Feb 5 2 47 49 0 LAN Ability our PHY HW AN EN 100FD 100HD 10FD 10HD 1 Feb 5 2 47 49 0 LAN Ability Partner 10HD 1 Feb 5 2 47 49 0 LAN WARN Partner NOT in Auto Negotiate 1 Feb 5 2 47 49 0 Ethernet Link 6 1 Up 1 Feb 5 2 47 47 7 Export complete in 0 0 secs 42320 bps 1 v 9 2 47 47 6 Running in LM mode to RemoteUnit 1 ore CTRL F to page forward DOWN ARROW to scroll Auto Update On or lt Off gt Time The value in this column represents the date and time that the specific event occurred Events are displayed in descending order with the most recent event displayed at the top of the screen Message This column displays the actual event that occurred on the Router Use this field to trace the activities of your Router Count If the same event occurs consecutively the value in the count column will display the number of times that the event occurred although the message will display only once Note that the time stamp reflects the date and time that the event first occurred IP Router Release 2 97 9 3 System Reports Window Alarms Alarms This screen displays alarms that have occurred on your Router When an alarm is triggered the LED labeled CRD on the front ofthe Router will be RED and will remain until the alarm is cleared Unlike the System E
84. Name lt LAN gt START MONITOR gt Trap On lt ALL gt Number of bytes to display for each packet 0 Direction Both gt tWarning Monitoring WILL degrade Performance amp Throughput sii to continue Port Name Select the Port Name by scrolling through the list of LAN Port Remote Units with the SPACEBAR Start Monitor Use this prompt to initiate the packet trace Select START MONITOR gt and press ENTER to begin the trace As the transmission occurs the packet hex dump will be displayed on the screen If you wish you may end the trace at any point Press ESC to terminate 7 10 IP Router Release 2 97 Verification Window Port Monitor Trap On Use this field to define what traps to turn on lt All gt Enable all traps No LCP PVC gt No Link Control Protocol PVC keep alive packets ARP RARP Address Resolution Protocol Reverse Address Resolution Protocol lt ALL IP gt All IP addresses lt IP ADDR gt Enter IP address lt All UDP gt All UDP Protocol ports lt UDP Port gt User Datagram Protocol Port number range 0 65535 lt BootP DHCP gt Bootstrap Protocol Dynamic Host Configuration Protocol lt RIP gt Routing Information Protocol lt STP gt Spanning Tree Protocol lt IPX gt Internet Packet Exchange lt ICMP gt Internet Control Message Protocol lt MGCP gt Master Gateway Control Protocol lt RTP gt Realtime Transport Proto
85. OPT IPv6 Hop by Hop Option RFC1883 1 ICMP Internet Control Message RFC702 2 IGMP Internet Group Management RFC1112 3 GGP Gateway to Gateway RFC823 4 IP IP in PIP encapsulation RFC2003 5 ST Stream RFC1190 RFC1819 6 TCP Transmission Control RFC793 7 CBT CBT Ballardie 8 EGP Exterior Gateway Protocol RFC888 DLMI 9 IGP any private interior gateway IANA used by Cisco for their IGRP 10 BBN RCC MON BBN RCC Monitoring SGC 11 NVP II Network Voice Protocol RFC741 SC3 12 PUP PUP PUP XEROX 13 ARGUS ARGUS RWS4 14 EMCON EMCON BN7 15 XNET Cross Net Debugger IEN158 JFH2 16 CHAOS Chaos NC3 17 UDP User Datagram RFC768 JBP 18 MUX Multiplexing IEN90 JBP 19 DCN MEAS DCN Measurement Subsystems DLM1 20 HMP Host Monitoring RFC890 RH6 21 PRM Packet Radio Measurement ZSU 22 XNS IDP XEROX NS IDP ETHERNET XEROX 23 TRUNK 1 Trunk 1 BWB6 24 TRUNK 2 Trunk 2 BWB6 25 LEAF 1 Leaf 1 BWB6 B 2 IP Router Release 2 97 Protocol Types Protocol Number in Firewall Filters Number Keyword Protocol Reference 26 LEAF 2 Leaf 2 BWB6 27 RDP Reliable Data Protocol RFC908 RH6 28 IRTP Internet Reliable Transaction RFC938 TXM 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 RC77 30 NETBLT Bulk Data Transfer Protocol RFC969 DDC1 31 MFE NSP NFE Network Services Protocol MFENET BCH2 32 MERIT INP MERIT Internodal Proto
86. R 2 Select LAN lt Setup gt and press ENTER lt Forcel Networks Router Thu Jan 17 2002 60 45 01 gt Profile Directory 1 Configured and 2 Enabled Name Profile Type Recv Send Profile State Router CARD lt Setup gt Profile LocalUnit LAN NONE NONE lt gt Directory 1 RemoteUnit WAN NONE NONE Setup gt Enabled gt Window CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for this profile IP Router Release 2 97 4 59 Profile Directory Local Profile Secondary IP Address 3 Select Setup Secondary IP Address gt by scrolling through the options with the SPACEBAR and select ENTER Forcel Networks Router Profile Setup for LocalUnit LOCAL Wed Jan 30 2002 5 13 01 gt Frame Types LAN Network Protocol 802 2 Eth II SNAP 802 3 Updates IP K lt Neither gt IPX X X X X lt Neither gt Other K X X Local i LAN IP LAN_IPX Profile IP Address 10 0 0 1 802 2 Ext Network 00000000 Window Subnet Mask 255 0 0 0 Eth II Ext Network 00000000 Default Router 0 0 0 0 SNAP Ext Network 00000000 802 3 Ext Network 00000000 Setup lt N E e ETHERNE Link Speed lt Auto Negotiate gt Scrollable Select the item to be set up and hit ENTER 4 Select CTRL A to enter an IP Address Forcel Networks Router Wed Jan 30 2002 5 14 03 gt
87. Router Profile Setup for RemoteUnit WAN Network Protocol Mode Updates IP lt Route gt lt Never gt IPX lt Blocked gt Other lt Blocked gt IP Protocol YPN Setup gt NAT Gateway lt Disabled gt Local IP Tunnel Address lt Assigned by Remote gt Mon Feb 4 2002 22 55 05_ GRE Tunnel lt All gt Remote Profile Window WAN IP Numbered lt NO gt FW Allow Frags lt Disabled gt Setup SERRATE gt gt Setup lt Trunk Port gt gt Scrollable Select the item to be set up and hit ENTER 5 Press CTRL A to add a Static IP Network Enter Network Address Subnet Mask and Metric value gt Forcel Networks Router RemoteUnit has 1 Static IP Network Mon Feb 4 2002 22 59 18 Setup Static IP Networks gt Static VPN Network Subnet Mask Metric Networks 1 CC 0 0 0 0 1 Window 5 22 IP Router Release 2 97 Profile Directory Remote Profile Static VPN Networks Static VPN Networks Fields Setup Static lt IP Networks Enter the Subnet IP Address Note The host bits should all be zero lt IPX Networks Enter the Hexidecimal Address Note The host bits should all be zero Network Enter the Subnet IP Address Note The host bits should all be zero Subnet Mask Enter the Subnet Mask of the Network IP Address Metric Enter the distance in hops to the network Value must be between 1 15 GRE Tunnel set to By Network 1 Select Con
88. Router may assign to a DHCP client This field acts in conjunction with the Number field Number Enter the number of IP Addresses that this Router may assign This field acts in conjunction with the Start IP Address field by using a contiguous block of IP Addresses Range is 1 254 4 48 IP Router Release 2 97 Profile Directory Local Profile DHCP Server Client Relay Lease Duration Enter the duration in hours and minutes that an IP Address assigned by the Router will remain valid If this field is left at 000 00 the IP Address will remain valid indefinitely Domain Name Servers The Domain Name Servers option specifies the IP address of DNS name servers to be used by DHCP clients Enter the IP address of up to 4 domain name servers Option Type Value These fields add the optional DHCP server attributes that will be advertised every time a DHCP client discovery is initiated This provisioning takes effect immediately and can only be performed when the DHCP server is enabled Once the option number is entered the other fields become active Option Range is 1 254 Options tags are unique duplicate numbers will be rejected 0 off Reserved numbers 6 15 44 46 47 50 51 53 54 and 61 The operator will be notified when exiting this window that a Reserved or Duplicate Option number has been used and will direct you to modify the option number Type lt Bool gt Boolean uses true false lt 1Byt gt lt 2B
89. SP Router that provides the Internet connection Command Description set clockl a 1 Set primary master transmit clock source set 1 default disconnect a 1 Set Router to default settings Disconnect all connections to the T1 on the Controller slot a disconnect 1 Disconnect all connections to the router in slot 1 set a 1 all type data Set the T1 1 of the Controller Type to Data connect a 1 all 1 1 1 Connect all of T1 1 to the Router that is in slot 1 rename 1 LocalUnit Boulder Rename LocalUnit default to Boulder LAN rename 1 RemoteUnit wanl Rename WAN 1 from RemoteUnit default to wanl set 1 1 ip address 215 168 21 14 455 255 255 0 Set the Ethernet IP address in the conventional IP address format Router LAN add 1 wanl static ip network 0 0 0 0 0 0 0 0 1 Adds a static IP network route to the WAN interface set 1 wanl trunk 1 Set the WAN interface named wan1 to be mapped to trunk 1 set 1 1 1 encapsulation ppp Set the encapsulation on trunk 1 to PPP reset 1 IP Router Release 2 97 Reboot the router to enable all configurations set 11 3 Router Configuration Frame Relay Internet Connection and Public IP Address Routing Frame Relay Internet Connection and Public IP Address Routing 11 4 Router in Slot 1 ISP Router that provides the Internet connection Command Description set clockl a 1
90. Set to RIP version 2 lt RIP1 RIP2 gt Set to Rip Version 1 or 2 Select RIP mode to send to remotes lt RIP1 gt Set to RIP version 1 Default lt RIP2 gt Set to RIP version 2 lt RIP1 RIP2 gt Set to Rip Version 1 or 2 IP Router Release 2 97 6 5 Basic Configuration Routing Protocol Security Select the protocol remotes will use to authenticate local LocalUnit CHAP Set authentication to CHAP Challenge Handshake Authentication Protocol lt PAP gt Set authentication to PAP Password Authentication Protocol lt NONE gt Disable authentication Default Change the CHAP Secret LocalUnit will send Note this field displays only with a selection on CHAP Selection is YES NO Below the current Secret Password is listed If YES is selected the operator will be requested to enter in a new password and retype this password to confirm Change the PAP Secret LocalUnit will send Note this field displays only with a selection on lt PAP gt Selection is YES lt NO gt Below the current Secret Password is listed If YES is selected the operator will be requested to enter in a new password and retype this password to confirm Select the authentication User ID Selection is Local Profile Name Local Custom Name gt Local Profile Name Displays the current Local Profile name Local Custom Name With this selection you will be prompted to enter a Custom name This na
91. Setup Static field is set to MAC Address gt IP Router Release 2 97 Profile Directory Local Profile Static Addresses IP Address Enter the IP Address of the desired device If the static address is configured through the Local LAN Profile Setup screen the device can be reached via the local LAN This field is only available if the Setup Static field is set to IP Address gt IP Router Release 2 97 4 21 Profile Directory Local Profile Filters Filters Use this screen to review currently enabled data filters or to enable new filters Data filters are used to determine whether data can be sent or received on the LAN WAN based on a specific device protocol type or defined data string Data filters must be defined using the Custom Protocol and Address Filter screens prior to being enabled on the current screen Filters will not be in effect until they are added to this screen Once enabled they will adhere to the value set in the Forward Mode field 1 Select Configuration Profile Directory gt on the Main menu and press ENTER 2 Select LAN lt Setup gt and press ENTER Thu Jan 17 2002 0 45 01 gt Profile Directory 1 Configured and 2 Enabled Name Profile Type Recv Send Profile State Profile Router CARD lt Setup gt LocalUnit LAN NONE NONE gt Directory 1 RemoteUnit WAN NONE NONE Setup gt Enabled gt Window CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page bac
92. T bi directional mapping to wanl 192 168 21 14 216 174 44 232 add 1 wanl static nat address Add static NAT bi directional mapping to wanl 192 168 21 15 216 174 44 233 add 1 wanl static nat address Add static NAT bi directional mapping to wanl 192 168 21 16 216 174 44 234 add 1 wanl static nat address Add static NAT bi directional mapping to wanl 192 168 21 17 216 174 44 235 Set 1 1 1 encapsulation fr Set the encapsulation on trunk 1 to Frame Relay Set 1 lmi annexd Disable LMI Annex D set 1 wani trunk 1 Set the WAN interface named wanl to be mapped to trunk 1 set 1 wanl dlci 101 Set the DLCI number reset 1 Reboot the router to enable all configurations set 216 174 44 232 is the static NAT address assigned to the router 216 174 44 233 1s the static NAT address assigned to the controller 216 174 44 234 is the static NAT address for a server 216 174 44 235 is the static NAT address for a host In the private network that can be reached from the outside world There can be up to 16 static NAT addresses therefore the actual range can be 216 174 44 232 to 216 174 44 247 Only 4 were used in this example 11 8 IP Router Release 2 97 Back to Back with PPP The following configuration will set up two Adit 600 Routers back to back with PPP E 24 DSOs Static Routes IP Boulder Router in Slot 1 Command wan1 PPP or Frame Relay Router Configuration Back to Back with PPP
93. Tree 0 eee ee Secondary IP Address 0 esee eee Link Speed ic ccs sese ome RS CR ERR 5 Profile Directory Remote Profile Remote WAN Profile Overview Transmission Options lsslslsslssss Security Options eee Static VPN Networks 0 000 cee eese GRE Tunnel set to lt All gt 0 eee GRE Tunnel set to By Network gt Static NAT Addresses cee eee eee eee NAT Bypass Subnets 0 0 0 c eee eee eee Static Addresses ors o ERR RUREXG RA IP Router Release 2 97 Table of Contents Table of Contents Firewall Filters Remote Profile 2 0 0 0 cee eee eee 5 36 Filter Network Server 6 00 ccc et tenes 5 43 Spanning Tree ici ee eee ea ae ee eee oe 5 48 Trunk Port eee RERO kee ee ER MERI E RES 5 51 6 Basic Configuration OVEIVIEW secre ceca oer PUDE De Pea p EV Re ac ER es 6 2 Start Basic Configuration iios aaa E p RD Page ER s 6 2 Local Unit Identification 0 2 0 0 ec eee 6 4 Routing Protocol Security 0 0 cece eee 6 5 WAN Interface Connections 0 0 e cece nen 6 7 Remote Unit Profile i21 tz Dub Id bie eed ede ee 6 9 SNMP Configuration 0 0 cect cents 6 12 Setup Complete 2 0 0 0 cece ttt 6 13 7 Verification Window Ping Uulit Jude tertie oe eee madness seca dre 7 2 Trace Route 2 0 0 ee er rh 7 6 Port Monitors ue sae Rae RR eed esate Sees 7 9 8 Statistics Window 9 Syste
94. Type the Enhanced Security Password here NOTE There will be no effect to the screen here until the correct password is typed in When the correct password is typed no return or other keystroke is needed the following will appear Password WARNING IF ENHANCED SECURITY IS ENABLED AND THE ADMINISTRATOR DOES NOT NOTE THE PASSWORD THERE IS NO WAY TO ACCESS THE ROUTER UNTIL YOU HAVE RESET THE ROUTER BACK TO IT S DEFAULT SETTINGS LOSING ALL CONFIGURATION SETTINGS SEE set rtr card addr default 2 Atthis point the Router is requesting your Level 1 2 or 3 User Password Enter your password and select ENTER and continue as you would Telnet into the Router normally Password Select a terminal type space or back space to toggle CR to accept Terminal generic IP Router Release 2 97 2 7 Management Window Upload Download Upload Download WARNING BEFORE LOADING A DOWN LEVEL OF ROUTER CODE SAVE THE CONFIGURATION TO A FILE CONFIGURATION MAY BE RESET TO THE DEFAULT SETTING AND CURRENT CONFIGURATION LOST This window allows the network administrator management of devices and users authorized to perform e Installation of software e Backup of software and configuration settings via tftp The IP Router management enables a network administrator to perform a Router Code Upload from a central location via the LAN or WAN connection using TFTP A Code Download can also be performed as a backup bin
95. Upload Download determined to be bad or damaged the Router will reject it and continue to use the original software Acceptable binary file extensions are mgm or MGM Config Authorizes the IP Address to perform configuration file uploads and downloads For uploads this selection allows the device s in the IP Address field to transfer or restore a previously backed up configuration file to the Router via TFTP For downloads this selection defines an IP Address to which a backup copy of the Router s configuration can be sent Acceptable file extensions are cfg or CFG Both Authorizes the IP Address to perform code and config file uploads downloads NOTE Code and Config uploads will require a reboot of the unit before the changes take effect IP Router Release 2 97 2 13 Management Window Load Defaults Load Defaults Use the Load Defaults option to reset the Router software to the factory defaults This option will delete all configuration settings including the passwords Use the SPACEBAR to choose lt Yes gt and press ENTER If you have a Telnet connection to the unit your session will be terminated 1 Select Management Load Defaults gt from the Main Menu and select ENTER Forcel Networks Router Wed Jan 16 2002 0 34 23 gt RTR Main Menu Router Version 2 97 Slot 6 Category Selection Management Ml oad Defaults W Configuration lt Profile Directory gt Verification Ping
96. Utility gt Statistics lt Run time gt System Reports lt Events gt Exit lt Logout gt Scrollable Use the spacebar to change the selection and hit ENTER 2 A dialog box will display confirming that you want to load factory defaults 3 Select YES with the SPACEBAR and select ENTER 4 Defaults will be loaded 2 14 IP Router Release 2 97 Management Window Software Images Software Images Use the Software Images option to switch the active with the backup application images stored in the Router 1 Select Management Software Images gt from the Main Menu and select Enter Forcel Networks Router Wed Jan 16 2002 0 35 14 gt RTR Main Menu Router Version 2 97 Slot 6 Category Selection Managenent MUE ELECE gt Configuration lt Profile Directory gt gt Verification Ping Utility gt Statistics lt Run time System Reports lt Events Exit lt Logout Scrollable Use the spacebar to change the selection and hit ENTER IP Router Release 2 97 2 15 Management Window Software Images Options Show Current Images will display the application images stored in the Router shown above Switch Appl Images Switch the active with the backup application images stored in the router Note More than one software image must be loaded 7 0 or later for an active and a backup image to display gt Wed Jan 16 2002 0 40 07_ Forcel Networks Router
97. WAN NONE NONE gt lt Enabled gt Window CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for the remote profile IP Router Release 2 97 5 37 Profile Directory Remote Profile Firewall Filters Remote Profile 3 Tab down to Setup Firewall Filters scroll through the list of options with the SPACEBAR if Firewall Filters is not displayed Press ENTER Forcel Networks Router Tue Feb 5 2002 0 43 06 Profile Setup for RemoteUnit WAN Network Protocol Mode Updates GRE Tunnel IP lt Route gt lt Never gt lt Disabled gt IPX lt Blocked gt Remote Other lt Blocked gt Profile Window NAT Gateway lt Disabled gt WAN IP Numbered lt NO gt FM Allow Frags lt Disabled gt Setup lt BR Esai E gt gt Setup lt Trunk Port gt gt Scrollable Select the item to be set up and hit ENTER 4 Press CTRL A to add an IP Firewall Rule Forcel Networks Router RemoteUnit has 0 IP Firewall Rules Service s LAN Device s WAN Device s Log Tue Feb 5 2002 0 44 51 gt Firewall Filters Window CTRL A to add CTRL E to erase CTRL F to page forward CTRL B to page back There are no items configured 5 38 IP Router Release 2 97 Profile Directory Remote Profile Firewall Filters Remote Profile 5 Enter the parameters of the rule press ESC to close the window
98. XX is the host s IP address at the far end that will be able to ping or Telnet to the router 0 0 0 0 0 will allow any other host at the far end to ping and or Telnet to the router add 1 wanl firewall 2 pass inout nolog ping 192 168 21 14 32 XXX XXX XXX XXXxX 32 Adds a Firewall rule to the WAN Where XXX XXX XXX xxx is the host s IP address at the far end that will be able to ping or Telnet to the router 0 0 0 0 0 will allow any other host at the far end to ping and or Telnet to the router add 1 wanl firewall 3 pass inout nolog ping 0 0 0 0 0 0 0 0 0 0 add 1 wanl firewall 4 pass inout nolog tcp 1 65535 0 0 0 0 0 0 0 0 0 0 Adds a Firewall rule to the WAN Adds a Firewall rule to the WAN add 1 wanl firewall 5 pass inout nolog udp 1 65535 0 0 0 0 0 0 0 0 0 0 set 1 wani trunk 1 Adds a Firewall rule to the WAN Set the WAN interface named wanl to be mapped to trunk 1 Set 1 1 1 encapsulation ppp Set the encapsulation on trunk 1 to PPP reset 1 Reboot the router to enable all configurations set IP Router Release 2 97 Router Configuration Internet Connection using NAT and Static NAT Addresses Internet Connection using NAT and Static NAT Addresses Router in Slot 1 ISP Router that provides the Internet connection Router with NAT and Static NAT addresses Command Description set clockl a 1 Set primary master transmit clock source set 1 default S
99. al Support Page 3 of 7 Select the Type of WAN Connection for each connected port Port Number WAN Connection WAN Connection Type 1 A 1 1 lt PPP gt 2 A 1 2 2 lt PPP gt 3 A 1 3 3 lt PPP gt 4 A 1 4 4 lt PPP gt 5 A 1 5 5 lt PPP gt 6 A 1 6 6 lt PPP gt 7 A 1 7 lt PPP in Frame Relay gt 8 A 1 8 8 lt Frame Relay 1490 gt 6 8 IP Router Release 2 97 Basic Configuration Remote Unit Profile Remote Unit Profile A screen will ask you if you would like to Edit a Remote Unit Profile Select lt YES gt and ENTER The guide will walk through each Remote Profile that has been setup Forcel Networks Router Tue Feb 5 2002 23 03 33 For help call Force1 Networks Technical Support Page 4 of 7 Would you like to edit the Remote Profile RemoteUnit qua ENTER to go to next field ESC to exit Basic Configuration Scrollable Use the spacebar to change the selection When exiting the last profile the guide will ask if you if you would like to add a Remote Profile Forcel Networks Router Tue Feb 5 2002 23 08 14 For help call Forceli0 Networks Technical Support Page 5 of 7 Would you like to add a new Remote Profile lt b IP Router Release 2 97 6 9 Basic Configuration Remote Unit Profile The following window configures the Remote Unit Forcel Networks Router Tue Feb 5 2002 23 05 03 For help call Force1 Networks Technical Support Page 4 of 7 Profile Name Remo
100. aller networks The Learn mode however may be best for larger networks since it allows you to restrict which types of services are learned 1 Select Configuration Profile Directory gt from the Main Menu and press ENTER 2 Select WAN Setup gt on the RemoteUnit line and press ENTER Forcel Networks Router Thu Jan 31 2002 0 02 22 gt Profile Directory 1 Configured and 2 Enabled Profile A s Name Profile Type Recv Send Profile State Directory Router CARD lt Setup gt Window LocalUnit LAN NONE NONE Setup gt 1 RemoteUnit WAN NONE NONE lt gt lt Enabled gt CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for the remote profile IP Router Release 2 97 5 43 Profile Directory Remote Profile Filter Network Server 3 Tab down to Setup lt Security Options gt and scroll with the SPACEBAR to Filter Network Server gt Press ENTER Forcel Networks Router Tue Feb 5 2002 1 17 34 gt Profile Setup for RemoteUnit WAN Network Protocol Mode Updates GRE Tunnel Route gt lt Never gt lt Disabled gt lt Blocked gt Other lt Blocked gt Remote Profile NAT Gateway lt Disabled gt Window WAN IP Numbered lt NO gt FW Allow Frags lt Disabled gt Setup lt MIASA gt Setup Trunk Port gt Scrollable Select the item to be set up and hit ENTER 4 Se
101. and SAP packets from other devices the Router will learn about other servers and networks The Router will constantly monitor RIP and SAP packets to ensure that the status of the network or server has changed Should a RIP or SAP packet indicate a change in status the Router would update the data in the table and send the information to all enabled remotes to exchange the updated data See Networks Servers on page 9 6 for more information regarding this feature Address Tables The MAC Address and IP Address Tables along with Network Tables are used to determine if and where the Router should send packets See Address Tables on page 9 11 for more information regarding this feature IP Router Release 2 97 C 7 Troubleshooting Alarms Alarms Identify Alarm Alarm indicators e Router LEDs When an Alarm is triggered the Router LED labeled CRD will display a red indicator light which will stay on until the Alarm is cleared The following chart describes each LED and it s state of the Router card LED State Description CRD Off Loss of power Green No current alarms Red Alarm state active See alarm log for cause Red Flashing Self test or Boot in process Yellow Flashing Card is saving data to flash RAM do not power down 10 100 Off 10 Mb Ethernet Green 100 Mb Ethernet LNK Off No Ethernet link Green Good Ethernet link COL Off No current ethernet transmit collisions Yellow Ethernet colli
102. ary image of the software Config Upload and Config Download can be performed remotely via TFTP to install and backup the IP Router s configuration to and from a binary file There is an additional option to upload code to the IP Router with the CLI command load slot number tftp ip addr file name IP Router Release 2 97 Management Window Upload Download Set up the Router for Uploads Downloads 1 Select Management lt Upload Download gt from the Main Menu and ENTER Forcel Networks Router Tue Jan 15 2002 23 10 05_ gt RTR Main Menu Router Version 2 97 lot 6 Category Selection Management MUpload Download W Configuration lt Profile Directory gt Verification lt Ping Utility gt Statistics lt Run time gt System Reports lt Events gt Exit lt Logout gt Scrollable Use the spacebar to change the selection and hit ENTER IP Router Release 2 97 2 9 Management Window Upload Download 2 Select CTRL A to add a TFTP Upload Download User NOTE The IP Address 1 will display The denotes any IP Address on the defined Client Site The user may define a specific IP Address for Uploads Downloads by replacing the or by Adding another Upload Download User lt Force10 Networks Router Tue Jan 15 2002 23 18 33_ gt Feature and Release Key Options lt Current Features gt No Features Activated Set RIR has 1 TFTP Upload Download User Reboot after load cod
103. ation 8046 AT amp T 8047 AT amp T 8049 ExperData France 805B VMTP Versatile Message Transaction Protocol RFC 1045 Stanford IP Router Release 2 97 Protocol Types Ethernet Protocol Types HEX Description 805C Stanford V Kernel production Version 6 0 805D Evans amp Sutherland 8060 Little Machines 8062 Counterpoint Computers 8065 University of Massachusetts Amherst 8066 University of Massachusetts Amherst 8067 Vecco Integrated Automation 8068 General Dynamics 8069 AT amp T 806A Autophon Switzerland 806C ComDesign 806D Compugraphic Corporation 806E 8077 Landmark Graphics Corporation 807A Matra France 807B Dansk Data Elektronic A S Denmark 807C Merit Internodal 807D VitaLink Communications 807E VitaLink Communications 807F VitaLink Communications 8080 VitaLink Communications bridge 8081 Counterpoint Computers 8082 Counterpoint Computers 8083 Counterpoint Computers 8088 Xyplex 8089 Xyplex 808A Xyplex B 10 IP Router Release 2 97 Protocol Types Ethernet Protocol Types HEX Description 809B Kinetics Ethertalk Appletalk over Ethernet 809C Datability 809D Datability 809E Datability 809F Spider Systems Ltd England 80A3 Nixdorf Computer West Germany 80A4 80B3 Siemens Gammasonics Inc 80C0 Digital Communication Associates 80C1 Digital Com
104. ay will only translate the IP Address This should only be set to lt Preserved gt if an application you are using requires a specific port number NAT Address Use this field to define the IP Address for the Local LAN tunneling or NAT Gateway device lt Assigned by Remote gt lt Configured gt with Configured selected the following fields are displayed Address Enter the Local IP Tunnel Address Subnet Mask If you are only GRE Tunneling this will probably be your local IP Address in the Local Profile If the address is dynamically assigned the Router will receive an IP Address from this remote device Number of NAT Addresses With a setting of NAT addresses to greater than 1 you a pool of public addresses is created from which the NAT translation will draw Range is between 1 255 IP Router Release 2 97 Profile Directory Remote Profile Remote WAN Profile Overview Enabled with GRE Tunnel By Network Forcel Networks Router Thu Jan 31 2002 20 26 11 gt Profile Setup for RemoteUnit WAN Network Protocol Mode Updates GRE Tunnel IP lt Route gt lt Never gt lt By Network gt IPX lt Blocked gt Other lt Blocked gt NAT Gateway lt M MENE NAT Port Numbers lt Dynamic gt NAT and Local IP Tunnel Address lt Assigned by Remote gt WAN IP Numbered lt NO gt FW Allow Frags lt Disabled gt Setup Security ptions gt Setup lt Trunk Port gt Scrollable Select whether thi
105. be prompted at each login to enter new passwords at the CONFIG and ADMIN levels IP Router Release 2 97 2 5 Management Window System Time Login Enhanced Security The Enhanced Security option provides another level of password security that restricts access to the Main Menu via Telnet or the Async port It can be used by a Network Administrator to only allow those with the Enhanced Security password to make configuration changes When enabled this option hides the system login prompt until the appropriate password is entered 1 Use the SPACEBAR to select Enable and TAB to enter this selection Forcel Networks Router Tue Jan 15 2002 22 59 57 gt System Time Login Setup for LocalUnit System Date and Time Jan 15 2002 22 59 36 Daylight Savings Time fldjustment Disabled fluto Logout Timer 30 Change Login VIEW Password gt Change Login CONFIG Password gt Change Login ADMIN Password gt Enhanced Security lt iGRIRRID Change Enhanced Security Password gt Scrollable Use the spacebar to change the selection 2 The Change Enhanced Security Password gt field will display Select ENTER to change password You will be requested to enter the password twice to confirm 2 6 IP Router Release 2 97 Management Window System Time Login When Telneting into the Router with Enhanced Security enabled the following will appear telnet 6 Connected Escape character is 1
106. ccess SNMP public 0 0 0 0 read gt Setup Window SNMP Trap Destinations gt Editable Please enter a value SNMP Setup Menu Fields SYS Name Set the value of sysName Value has a maximum of 64 ASCII characters SYS Contact Set the value of sysContact Value has a maximum of 64 ASCII characters SYS Location Set the value of sysLocation Value has a maximum of 64 ASCII characters 3 12 IP Router Release 2 97 Profile Directory Router Card Profile SNMP SNMP Community Name s Use these fields to specify the community name address and access privileges of devices needing to communicate with the Local LAN Unit through SNMP If no IP Addresses is defined on this screen any device may access the local unit using the IP Address assigned on the Local LAN Profile Setup screen regardless of the specified community name The values entered in these fields will be used by the SNMP program as verification of entry into the IP Router Name Enter the community name s of the device to access the Local LAN Unit through SNMP Community names entered into the SNMP program MUST match the values entered here or access for remote management will not be allowed The default community name is public new community names can have a maximum of 10 characters Address Enter the corresponding IP Address of the device s that were entered in the Name field Access lt Read gt device is allowed to view the settings but cann
107. ce Forcel0 Networks does not assume any liability that may occur due to the use or application of the product s described herein Corporate Contact Information Technical Assistance Center Force10 Networks Inc E mail access support a Forcel 0Networks com 350 Holger Way Phone US 866 887 4638 San Jose CA 95134 1362 Phone International Direct 1 707 665 4355 Phone 1 866 571 2600 or 1 408 571 3500 www ForcelONetworks com Supporting Software Versions IP Router Release 2 97 Adit 600 Controller Release 10 1 1 PREFACE Warranty Force10 Networks Inc warrants to BUYER that Product Hardware will be free from substantial defect in material and workmanship under normal use in accordance with its Documentation and given proper installation and maintenance for period of five years from the date of shipment by Force10 Networks Force10 Networks warrants that the Licensed Software when used as permitted under its License Terms and in accordance with the instructions and configurations described in the Documentation including use on Force10 Networks product or a computer hardware and operating system platform supported by Forcel0 Networks will operate substantially as described in the Documentation for a period of ninety 90 days after date of shipment of the Licensed Software to BUYER This warranty shall not apply to Products or Software that have been either resold or transferred from BUYER to any other party Any such
108. col BLOCK TCP gt Block the Transmission Control Protocol Number of bytes to display for each packet Use this field to enter the number of bytes to display for each packet The range is 0 512 Direction Use this field to define the direction to trace Both lt Transmit gt or lt Receive gt IP Router Release 2 97 7 11 Verification Window Port Monitor The following an example of a Port Monitor trace gt gt gt Sending gt gt gt Time 2 55 31 msg 0001 WAN WAN 2 14 octets ESC to stop 00 00 01 03 08 00 75 95 01 01 00 03 02 67 66 FR DLCI 0 Bridged Eth lt lt lt Receiving lt lt lt Time 2 55 31 msg 0002 WAN WAN 2 19 octets ESC to stop 00 00 01 03 08 00 7D 95 01 01 00 03 02 67 67 07 03 10 06 A0 82 FR DLCI 0 Bridged Eth lt lt lt Receiving lt lt lt Time 2 55 38 msg 0003 WAN WAN 2 100 octets ESC to stop 00 18 41 03 CC 45 00 00 60 E5 IF 0000 7F 11 81 AA 10 14 14 00 03 CO A8 00 04 00 89 00 89 00 4C 48 OF FR DLCI 100 IP IP4 HDR src 20 20 0 3 dst 192 168 0 4 ttl 127 len 20 UDP HDR Ports src 137 dst 137 len 76 cksum is 480F cacl 0 gt gt gt Sending gt gt gt Time 2 55 38 msg 0004 WAN WAN 2 100 octets ESC to stop 00 18 41 03 CC 45 00 00 60 ES IF 00 00 7E 11 82 AA 10 14 14 00 03 CO A8 00 04 00 89 00 89 00 4C 48 OF FR DLCI 100 IP IP4 HDR src 20 20 0 3 dst 192 168 0 4 ttl 126 len 20 UDP HDR Ports src 137 dst 137 len 76 cksum is 480F cacl 0 7 12 IP Router Release
109. col HWB 33 SEP Sequential Exchange Protocol JC120 34 3PC Third Party Connect Protocol SAF3 35 IDPR Inter Domain Policy Routing Protocol MXS1 36 XTP XTP GXC 37 DDP Datagram Delivery Protocol WXC 38 IDPR CMTP IDPR Control Message Transport MXS1 Protocol 39 TP TP Transport Protocol DXF 40 IL IL Transport Protocol Presotto 41 IPv6 IPv6 Deering 42 SDRP Source Demand Routing Protocol DXE1 43 IPv6 Route Routing Header for IPv6 Deering 44 IPv6 Frag Fragment Header for IPv6 Deering 45 IDRP Inter Domain Routing Protocol Sue Hares 46 RSVP Reservation Protocol Bob Braden 47 GRE General Routing Encapsulation Tony Li 48 MHRP Mobile Host Routing Protocol David Johnson 49 BNA BNA Gary Salamon 50 ESP Encap Security Payload for IPv6 RFC2406 51 AH Authentication Header for IPv6 RFC2402 52 I NLSP Integrated Net Layer Security TUBA GLENN 53 SWIPE IP with Encryption J16 54 NARP NBMA Address Resolution Protocol RFC1735 55 MOBILE IP Mobility Perkins IP Router Release 2 97 Protocol Types Protocol Number in Firewall Filters Number Keyword Protocol Reference 56 TLSP Transport Layer Security Protocol Oberg using Kryptonet key management 57 SKIP SKIP Markson 58 IPv6 ICMP ICMP for IPv6 RFC1883 59 IPv6 NoNxt No Next Header for IPv6 RFC1883 60 IPv6 Opts Destination Options
110. crollable Select the item to be set up and hit ENTER 4 To enable Spanning Tree scroll lt Disabled gt to Enabled with the SPACEBAR press ENTER Forcel Networks Router Spanning Tree Port Setup for local LocalUnit Wed Jan 30 2002 25 08 43 gt Spanning Tree MESES Scrollable Use the spacebar to change the selection IP Router Release 2 97 4 57 Profile Directory Local Profile Spanning Tree 5 Enter the appropriate data in the following fields Forcel Networks Router Wed Jan 30 2002 5 10 07 gt Spanning Tree Port Setup for local LocalUnit Spanning Tree lt i gt Port Priority 128 Port Cost 100 Scrollable Use the spacebar to change the selection Spanning Tree Fields Port Priority The Port Priority value can range from 0 to 255 with a default of 128 Port Cost The Port Priority value can range from 0 to 65535 with a default of 651 4 58 IP Router Release 2 97 Profile Directory Local Profile Secondary IP Address Secondary IP Address This option will add a secondary IP address and subnet to the specified LAN interface The router will then be capable of routing between the various subnets on the LAN interface or between any of the LAN subnets and any WAN subnet A maximum of 8 secondary IP addresses can be added to the LAN interface To Add a Secondary IP Address 1 Select Configuration Profile Directory gt from the Main menu and press ENTE
111. curred during the defined sample interval 1 Select Configuration Profile Directory gt from the Main menu press ENTER 2 Select LAN lt Setup gt and press ENTER Forcel Networks Router Thu Jan 17 2002 0 45 01 gt Profile Directory 1 Configured and 2 Enabled Name Profile Type Recv Send Profile State Router CARD lt Setup gt Profile LocalUnit LAN NONE NONE lt gt i 1 RemoteUnit WAN NONE NONE Setup gt Enabled gt Directory Window CTRL A to add CTRL E to erase CTRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for this profile IP Router Release 2 97 4 53 Profile Directory Local Profile LAN Collision Threshold 3 Select Setup LAN Collision Threshold gt If this option is not displayed scroll to the selection with the SPACEBAR and press ENTER Forcel Networks Router Wed Jan 30 2002 5 01 47 gt Profile Setup for LocalUnit LOCAL Frame Types LAN Network Protocol 802 2 Eth II SNAP 802 3 Updates IP K lt Neither gt IPX X X X X lt Neither gt Other 41 X 41 ood LRN IP LAN IPX Profile IP Address 10 0 0 1 802 2 Ext Network 00000000 Window Subnet Mask 255 0 0 0 Eth II Ext Network 00000000 Default Router 0 0 0 0 SNAP Ext Network 00000000 802 3 Ext Network 00000000 Setup lt MIENIE N gt Link Speed lt Auto Negotiate gt Scrollable Select the item to be set u
112. d Terminal inactivity login terminated A 2 IP Router Release 2 97 User Events Authenticate Events Authenticate Events Description sysname failed to authenticate us using CHAP sysname failed to authenticate us using PAP Authentication successful to remote using CHAP Authentication successful to remote using PAP Authentication failure to remote using CHAP Authentication failure to remote using CHAP CHAP secret mismatch Authentication failure to remote using CHAP system name mismatch Authentication failure to remote using CHAP Retry timeout occurred WAN protocol is active inactive to remote on port X LCP negotiation was successful to remote IPCP negotiation was successful to remote CCP negotiation failed to IP Router Release 2 97 A 3 User Events Triggered Events Triggered Events Description Triggered IPX Network request from X Triggered IPX Server request to from X Triggered 802 3 IPX Server update to from X Triggered 802 3 IPX Network update to from X Triggered 802 2 IPX Server update to from X Triggered 802 2 IPX Network update to from X Triggered ETH II IPX Network update to from X Triggered ETH II IPX Server update to from X Triggered SNAP IPX Network update to from X Triggered SNAP IPX Server update to from X Triggered IP Network request to from X Triggered ETH II IP Network update to
113. d Setup Static lt MAC Address gt Static MAC Device Name MAC Address Address NEED 00 00 00 00 00 00 Setup CTRL A to add CTRL E to erase CTRL F to page forward CTRL B to page back Editable Enter a name for the filter IP Router Release 2 97 4 19 Profile Directory Local Profile Static Addresses Static Forcel Networks Router Tue Jan 29 2002 23 43 17_ gt LocalUnit has 1 Static IP Address Record Setup Static IP Address gt Device Name IP Address IP Address NEED 0 0 0 0 Setup 4 20 CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page back Editable Enter a name for the filter Static IP Address Menu Fields Setup Static Use the SPACEBAR to scroll between IP Address gt and MAC Address gt The fields on this screen will vary depending on your choice IP Address A unique 32 bit identifier for a specific TCP IP device on a network The address is in dotted decimal form xxx xxx xxx xxx where xxx 1 255 MAC Address The address for a device as it is identified at the Media Access Control layer in the network structure Device Name Use this field to identify the user defined name of the LAN device that is associated with this static address The maximum number of alphanumeric characters for this field is 7 MAC Address Enter the MAC Address of the desired device that can be reached via the local LAN This field is only available if the
114. domain name of the NTP server IP Address IP address of the NTP server Setting the NTP server value to 0 0 0 0 will cause the router to listen to and process NTP broadcasts Domain Name gt Domain name of the NTP server Maximum of 43 characters Poll Interval The Poll Interval specifies the polling of the NTP server to a defined number of seconds The range in seconds is from 16 to1024 seconds with a default of 16 IP Router Release 2 97 3 21 Profile Directory Router Card Profile Network Time Protocol Time Zone Offset HOURS The hours Time Zone Offset is used to calculate gateway time from GMT Greenwich Mean Time Range is 12 to 12 Time Zone Offset MINUTES The minutes Time Zone Offset is used to calculate gateway time from GMT Greenwich Mean Time Range is 0 to 60 3 22 IP Router Release 2 97 Profile Directory Router Card Profile SysLog SysLog The Syslog client capability enables or disables sending alarm and event messages to an external Syslog server from the Router 1 Select SysLog Configure gt and select ENTER Forcel Networks Router Wed Jan 16 2002 6 32 19 gt ROUTER Slot 6 Configuration RIP Mode Receive RIP1 RIP Mode Send lt RIP1 Trunk Configure Security Configure SNMP Configure DNS Proxy Configure Spanning Tree Protocol Configure Network Time Protocol Configure SysLog DNS Resolver Configure onfigure SysLog 2 To enable SysLog System Log Message Service scrol
115. e VES Reboot after load config VES IP fiddress Client Site Mode JAEN lt Local LAN gt lt both gt 1 CTRL A to add CTRL E to erase Editable Enter a non zero IP Address Subnet Mask in Dotted Decimal Notation 3 Select the Client Site Selections are Local LAN default or RemoteUnits that have been set up 2 10 IP Router Release 2 97 Management Window Upload Download 4 For Mode specify whether the IP Address can perform code uploads downloads config file uploads downloads or both lt Force10 Networks Router Wed Jan 2 2002 0 05 50 gt Feature and Release Key Options uet Features gt No Features Activated lt Set gt RIR has 2 TFTP Upload Download User Reboot after load code VES Reboot after load config VES IP fiddress Client Site Mode 1 Local LAN gt both gt 2 192 168 1 1 RemoteUnit gt MWREND CTRL A to add CTRL E to erase Scrollable Use the spacebar to change the selection 5 Press ESC to save your changes and return to the Main Menu These changes will go into effect immediately IP Router Release 2 97 2 11 Management Window Upload Download 2 12 Upload Download Setup Menu Fields Feature and Release Key Options Options may be available to purchase to upgrade the IP Router Once this option 1s purchased a key code will be given to enable the feature on this product For more information please call Force10 Networks
116. e Static IP and MAC Addresses e Firewall filters IP Router Release 2 97 Profile Directory Local Profile LAN Local Profile Setup In a large network it is necessary to selectively use of each of these options so that the number of configured filters is within the maximum allowed The Local Profile is used to define the Local LAN port parameters for the unit at the present location To Set Up a Local Profile 1 Select Configuration Profile Directory gt from the Main Menu and press ENTER Forcel Networks Router Profile Directory 1 Configured and 2 Enabled Thu Jan 17 2002 0 45 01 gt Name Profile Type Recv Send Profile State Local Router CARD Setup gt i LocalUnit LAN NONE NONE gt Profile 1 RemoteUnit WAN NONE NONE Setup gt Enabled gt window 2 Select LAN lt Setup gt and press ENTER Forcel Networks Router Thu Jan 17 2002 0 46 32 gt Profile Setup for LEREMENENND LOCAL Frame Types LAN Network Protocol 802 2 Eth II SNAP 802 3 Updates IP K lt Neither gt IPX 41 X X X lt Neither gt Other X X X LAN Profile LAN IP LAN IPX window IP Address 10 0 0 1 802 2 Ext Network 00000000 Subnet Mask 255 0 0 0 Eth II Ext Network 00000000 Default Router 0 0 0 0 SNAP Ext Network 00000000 802 3 Ext Network 00000000 Setup Static Networks gt Link Speed lt Auto Negotiate gt Editable Please enter a value IP
117. e ds Dp 2 14 Softwarelmages llle 2 15 OPUONS ses ois een Sue Soe ISS ee er CREE EXE IESU 2 16 3 Profile Directory Router Card Profile OVET VIC C Lr e 3 2 Configuration 6 1 o acero doeet ao ba ee ee a doge S 3 2 RIP Mode Receive 3 4 RIP Mode Send cree reece ccc eee eect nen ens 3 4 Fi Gn beer eb RCDUeR EVEN EAE REP ES 3 4 Security ek brc erige ue bay Ba ane bee ER ES e E 3 7 SNMP AMTMMEC 3 11 DNS Proxy etei se E t stor Eee eate boe Fade de edo pecias 3 16 Spanning Tree Protocol 0 cece cece ete 3 18 Network Time Protocol 0 0 0 cc cece cc cence eens 3 20 SYSLOB oc ta nob oaths fe SR eG Quer u votes edes ew Sheets fpe 3 23 DNS Resolver os reeniro or e tee oe a eeu P EDEN GNE Td d E 3 25 iv IP Router Release 2 97 4 Profile Directory Local Profile OVETVIEW m SOUP Ceo pod tad PU guru dpi ot aeparfs Link Speed 1 0 0 ce sen Static Networks 0 0 esee To Set Up Static Networks 05 Static Addresses 10 0 cece eee eee ee lglir DP n Ok Defining Custom Filters 0 Defining Protocol Filters 2 05 Defining Address Filters 0 Firewall Filters Local Profile Advertise Network Server 0 00 cece eee IPX Server Advertising 00000 DHCP Server Client Relay 0 0005 LAN Collision Threshold 00000 Spanning
118. e local unit you will need to connect the local unit to a workstation using the Async port Once you are connected to the local unit refer to Chapter 7 Ping Utility The inability to ping from one device to the other indicates a problem with IP or possibly the Telnet software Refer to your Telnet documentation for more information Unable to access a remote unit via Telnet Refer to the instructions given above in Unable to access the local unit via Telnet In addition make sure that the workstation trying to Telnet as well as the IP and ARP packets are authorized to communicate across the WAN Review the FORWARD MODE field setting as well as the enabled filters on both the local and remote units to verify that they are set up to communicate refer to Chapter 3 Configuration Profile Directory Chapter 4 LAN Local Profile Setup and Chapter 5 Remote WAN Profile Overview Also if the remote network is different define the local unit s IP Address as the default route for the workstation and make sure that there 1s a remote route to the remote s network in the Network Server table Be aware that if you establish a firewall filter and do not expressly permit Telnetting into this unit you will be denied access C 4 IP Router Release 2 97 Troubleshooting Diagnostics and Performance Tools Diagnostics and Performance Tools The Verification Statistics and System Reports features are instrumental in diagnosing and troubleshooting t
119. e next field will appear 2 Atthe at lt gt field select the remote unit scroll through the list and select ENTER or TAB A second IP address can be entered in the same manner on the second line 4 Press ESC to save changes and return to the Local LAN Profile Setup window 4 50 IP Router Release 2 97 Profile Directory Local Profile DHCP Server Client Relay DHCP Mode lt Client gt Forcel Networks Router Wed Jan 30 2002 4 53 54 gt DHCP Server Client Relay Agent Setup for local LocalUnit DHCP Mode lt RMMM gt lt Renew gt Automatic DNS lt Enabled gt Set Tx Packets Broadcast Bit X Request Description ase Value K IP Address Mask 0 0 0 0 0 mu i ost Name DHCP X DNS Domain Name Mode X DNS Primary Server i X DNS Secondary Server Client Client ID Lease Time hr min sec Server ID Server IP Relay Agent Current Status Quarantined Scrollable Select whether this feature should be enabled lt Renew Release gt This option will force a lease to be renewed or released lt Renew gt The card will perform a typical lease renewal sequence based on its current DHCP configurables lt Release gt If valid IP based leases exist and the DHCP Client interface is up a release message will be sent to the server Then the Lease Contents will be cleared and all configurable settings will be left at their last value The DHCP Client will acquire a new lease when the user send
120. each known server This field applies only to IPX Servers Metric This field displays the numeric value of hops indicating the distance from your Local LAN network to the destination network This field applies only to IP Networks Next Gateway This field displays the MAC Address ofthe first gateway Router that the data will use to reach the destination network This field is only used on IP Networks Hops See Metric above This field is only used on IPX Networks IP Router Release 2 97 9 9 System Reports Window Networks Servers Ticks This field displays the distance between two networks as measured in time increments 1 18th of a second This information is only used by IPX Networks Like hops ticks may be used to designate primary and secondary routes to the same network Although both the hops and ticks values are considered when determining routing priority for Novell networks the tick value is considered first Next IPX Router This field displays the MAC Address ofthe next gateway Router that the data will use to reach the destination network This applies only to IPX Networks Frame Type This field will display the chosen frame type of the packets that are sent and received by the Router If a packet is received that is formatted in a frame type that has not been enabled the Router will not accept the data Note that multiple frame types may be supported simultaneously This field applies only to IPX Network
121. ections to the router in slot 1 set a 1 all type data Set the T1 1 of the Controller Type to Data connect a 1 all 1 1 1 Connect all of T1 1 to the Router that is in slot 1 rename 1 LocalUnit Boulder Rename LocalUnit default to Boulder LAN rename 1 RemoteUnit wanl Rename WAN 1 from RemoteUnit default to wanl set 1 1 ip address 1 1 1 1 Set the Ethernet IP address in the conventional IP 255 255 255 0 address format Router LAN Set 1 1 phy auto Set the Physical Specifications to auto negotiate add 1 2 2 2 0 255 255 255 0 1 wanl static ip network Adds a static IP network route to the WAN interface Set 1 1 1 encapsulation fr Set the encapsulation on trunk 1 to Frame Relay set 1 Imi disable Disable LMI Local Management Interface set 1 wani trunk 1 Set the WAN interface named wanl to be mapped to trunk 1 IP Router Release 2 97 11 13 Router Configuration Back to Back with Frame Relay 11 14 Command Description set 1 wani dlci 101 Set the DLCI number reset 1 Denver Router in Slot 3 Command set 3 default Reboot the router to enable all configurations set Description Set Router to default settings disconnect a 1 Disconnect all connections to the T1 on the Controller slot a disconnect 3 Disconnect all connections to the router in slot 1 set clockl a 1 Set primary master transmit clock source
122. ectory Local Profile Link Speed 4 64 IP Router Release 2 97 CHAPTER Profile Directory Remote Profile In this Chapter Remote WAN Profile Overview Security Options Static VPN Networks Static NAT Addresses NAT Bypass Subnets Static Addresses Firewall Filters Remote Profile Filter Network Server Spanning Tree Trunk Port Profile Directory Remote Profile Remote WAN Profile Overview Remote WAN Profile Overview The fields on the Remote WAN Profile Setup window allow you to define how and when data transmission will occur with a specific remote device This includes defining the protocol s that it will use to send and receive data defining security information static networks and WAN lines The Local Unit will depend on this information to determine communication guidelines with remote sites The Remote WAN profile can support up to 24 remote profiles The Remote WAN profile complements the Local LAN profile The remote profiles identify which remote devices the local unit can communicate with by defining the data transmission requirements of each remote device The local profile defines the local unit s transmission requirements and may appear as a remote profile in each remote unit s profile directory It is important to understand that the information contained in the remote profile determines how the local and remote units establish communication 1 Select Configuration Profile Directory gt from
123. ed 5 46 Typical Data 0 eee eee eee 5 18 Index 9 Index U Unable to Access a Remote Unit via Telnet C 4 Access the Local Adit Unit via Telnet C 4 Add Data Filters 0 C 2 Advertise Networks C 2 Create Static Route Entries C 2 Upload Download 00005 2 8 User Events RT ER ERES A 1 A2 Alanms 2 2 eteeg ese leew se ERG RR A 5 UserID eee 3 9 5 18 V Verification Ping Utility 0 0 000000008 7 2 Port Monitor 0 0 0 cee eee 7 9 Trace Route 0 0 0 e eee eee 7 6 Verification Window 0005 7 1 View Password 00 0 e eee eee 2 5 view security level 000 2 4 WwW WAN Connection cle WES Iri urp 3 5 Connection Type 000005 3 6 Frame Relay suus 3 6 PPP p 3 6 PPP in Frame Relay 3 6 Network Updates 5 7 Packet EtrOTS cds ive creii tee enek 8 4 Received ve ERE EXRCRPXSCERE i 8 4 Total scce cereri etina te RR 8 4 Transmitted 0 0 0 0 000 esa 8 4 WAN Connection 000000 6 7 WAN Connection Type 04 6 7 WAN Interface Connections 6 7 Port Number 20000000 6 7 WAN Connection 004 6 7 Index 10 WAN Connection Type 6 7 WAN Monitor Number of Bytes to Display 7 10 7 11 Remote Name 000005 7 10 Start Monitor
124. ee 3 13 Address 12s e reete Sees s 3 13 Authentication by Remote 5 18 Community Name 3 13 Index 7 Index Compression 0 000 ee eee 5 18 Password er eR er ERES 3 9 Security Server 0 00000 5 18 Typical Data 55er b ERRORES 5 18 Selected Items 0 00005 5 45 Server IP Address 3 24 3 27 Services Local Profile 4 35 Services Remote Profile 5 40 Set Poll Counter 2000 6 8 Set Poll Interval 005 6 8 Setup Advertisement 2 000 4 42 Local Profile 0 005 4 9 Setup Complete 000 6 13 Significant Bits 4 37 5 41 Single Ping wi cz ntu vex eR EEG 7 4 Single Ping Status 05 7 4 Continuous Ping 5 7 4 IP Address 2 0 00 00 ce eee eee 7 5 MAC Address 0 00000 eee ee 7 5 Result ces ost EeRPTERRRRERORRES 7 5 SIle s ced EE a pEN EDEN dE ERE 3 17 SNAP ilolciessu e uve RYE Y 4 6 SNMP 3 11 Glossary 3 Glossary 4 Community Name 3 13 Configuration 000000 6 12 SYS Contact e ceii 02 eee eee 3 12 SYS Location esses s 3 12 SYS Name cee eee eee 3 12 Trap Destination Address 000 e eee eee 3 15 Location sn ps X Nise ke 3 15 Name dd crear ea Ge 3 15 Trap Destinations 3 14 SN
125. ernet Connection and Public IP Address Routing Frame Relay Internet Connection and Public IP Address Routing Internet Connection using PPP NAT PAT and Firewall Filters Internet Connection using NAT and Static NAT Addresses Back to Back with PPP Back to Back with Multi Link PPP Back to Back with Frame Relay Router Configuration Basic Setup Basic Setup Command Description set ds0 addr type data Confirm DSO is set to type data ds0 addr slot port channel of DSO Example set a 1 1 24 type data connect slot port trunk slot port channe1 Cross connect T1 to router card Example connect a 1 1 24 6 1 1 router in slot 6 set router addr proxy Disable enable router proxy router addr slot port of router card Example set 6 1 disable set slot port up Set Router LAN as In Service Example set 6 1 up telnet router card addr Telnet to Router card router card addr slot location of router card Example telnet 6 if earlier than 3 0 release slot port must be used Local and Remote Profile Setup reset 11 2 For most router configuration changes to go into effect the router must be reset Best practice is to always reset the router after making configuration changes IP Router Release 2 97 Router Configuration PPP Internet Connection and Public IP Address Routing Router in Slot 1 PPP Internet Connection and Public IP Address Routing I
126. ervices not expressly permitted by the previous rule s For example if you wish to deny all transmissions except Telnet you would create a rule indicating that Telnet has the Pass action The router software would create the last rule that states the unit should Drop all other services Since any service that is not expressly permitted to pass will be prohibited it is important that you thoroughly understand the security policies of your LAN before attempting to create a firewall We suggest that only experienced Network Administrators create and maintain firewall filters Incorrectly defined filters may compromise the security and functionality of your LAN Service This field displays the service that this particular rule affects While the most common services have been pre defined there are a few options where you may further define the service to be filtered Name Description Finger Display information about users FTP File Transfer Protocol Gopher Document search and retrieval HTTP World Wide Web IP Router Release 2 97 4 35 Profile Directory Local Profile Firewall Filters Local Profile 4 36 ICMP Internet Control Message Type Equal or Range Specify a number or range Number 0 65535 Start Number 0 65535 End Number 0 65535 NUM IP protocol number to be specified see Protocol Number in Firewall Filters on page B 2 for a list of these Protocols and the assig
127. et Router to default settings disconnect a 1 Disconnect all connections to the T1 on the Controller slot a disconnect 1 Disconnect all connections to the router in slot 1 set a 1 all type data Set the T1 1 of the Controller Type to Data connect a 1 all 1 1 1 Connect all of T1 1 to the Router that is in slot 1 rename 1 LocalUnit Boulder Rename LocalUnit default to Boulder LAN rename 1 RemoteUnit wanl Rename WAN 1 from RemoteUnit default to wanl set ethernet ip address 192 168 21 15 255 255 255 0 Set the Ethernet IP address and Subnet Mask for the Unit set ip gateway 192 168 21 14 Set the IP gateway default route for the Unit set 1 1 ip address 192 168 21 14 255 255 255 0 Set the Ethernet IP address in the conventional IP address format Router LAN set 1 wanl nat enable Set the WAN interface named wanl enable NAT mapping Set 1 wanl nat port dynamic Set the WAN interface named wanl to set NAT port mapping to be dynamic set 1 wani nat address 216 174 44 2 1 IP Router Release 2 97 Set the WAN interface named wanl NAT address 11 7 Router Configuration Internet Connection using NAT and Static NAT Addresses Command Description add 1 wanl static ip network Adds a static IP network route to the WAN 0 0 0 0 0 0 0 0 1 interface add 1 wanl static nat address Add static NA
128. figuration Profile Directory gt from the Main Menu and press ENTER 2 Select WAN Setup gt on the RemoteUnit line and press ENTER lt Thu Jan 31 2002 0 02 22 gt Profile Directory 1 Configured and 2 Enabled id Note Profile Type Recv Send Euer State Window 1 RemoteUnit WAN NONE NONE ERR gt Enabled gt CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for the remote profile IP Router Release 2 97 5 23 Profile Directory Remote Profile Static VPN Networks 3 Set GRE Tunnel to By Network gt 4 Select Setup Static VPN Networks gt scroll with the SPACEBAR through the options and select ENTER Forcel Networks Router gt Profile Setup for RemoteUnit WAN Network Mon Feb 4 2002 23 24 16 Protocol Mode Updates GRE Tunnel IP Route gt lt Never gt lt By Network gt IPX lt Blocked gt Other lt Blocked gt NAT Gateway lt Disabled gt Remote Local IP Tunnel Address lt Assigned by Remote gt Profile Window WAN IP Numbered lt NO gt FW Allow Frags lt Disabled gt Pb Setup IEIeteA du M CTI 4s gt gt Setup lt Trunk Port gt gt Scrollable Select the item to be set up and hit ENTER 5 24 IP Router Release 2 97 Profile Directory Remote Profile Static VPN Networks 5 Press CTRL A to add a Static IP Network Enter Network
129. figuration Verification Statistics System Reports Exit Router Version 2 97 Selection lt System Time Login gt gt lt Profile Directory gt gt lt Ping Utility gt gt lt Run time gt gt ESI gt Logout gt gt Scrollable Use the spacebar to change the selection and hit ENTER Tue Feb 5 2002 23 45 37 gt Slot 6 IP Router Release 2 97 System Reports Window Networks Servers 3 Press ENTER The Networks Servers listing will display lt Forcel Networks Router Total Entries 2 on 2 Ports Flush learned entries Off Display IMAAN S gt Learned From lt All Ports gt Auto Update lt On gt Tue Feb 5 2002 3 47 48_ gt Network Subnet Mask Metric Next Gateway Port Name 1 Static 192 168 1 0 255 255 255 0 1 RemoteUnit 2 Direct 10 0 0 0 255 0 0 0 1 10 0 0 1 Local LAN CIRL F to page forward CTRL B to page backward Scrollable Use the spacebar to change the selection IP Router Release 2 97 9 7 System Reports Window Networks Servers 4 To view the other display options scroll through the Display IP Networks field lt Force1 Networks Router Tue Feb 5 2002 5 32 39 gt Total Entries on Ports Flush learned entries Off Display MMEAMIECMERS Learned From lt All Ports gt Auto Update lt On gt Network Hops Ticks Next IPX Router Port Name Frame Type lt Forcel Networks Router Tue Feb 5 2002 5 33 44_
130. for IPv6 RFC1883 61 any host internal protocol IANA 62 CFTP CFTP CFTP HCF2 63 any local network IANA 64 SAT EXPAK SATNET and Backroom EXPAK SHB 65 KRYPOTOLAN Kryptolan PXL1 66 RVD MIT Remote Virtual Disk Protocol MBG 67 IPPC Internet Pluribus Packet Core SHB 68 any distributed file system IANA 69 SAT MON SATNET Monitoring SHB 70 VISA VISA Protocol GXT1 71 IPCV Internet Packet Core Utility SHB 72 CPNX Computer Protocol Network Executive DXM2 73 CPHB Computer Protocol Heart Beat DXM2 74 WSN Wang Span Network VXD 75 PVP Packet Video Protocol SC3 76 BR SAT MON Backroom SATNET Monitoring SHB 77 SUN ND SUN ND PROTOCOL Temporary WM3 78 WB MON WIDEBAND Monitoring SHB 79 WB EXPAK WIDEBAND EXPAK SHB 80 ISO IP ISO Internet Protocol MTR 81 VMTP VMTP DRC3 82 SECURE VMTP SECURE VMTP DRC3 83 VINES VINES BXH 84 TTP TTP JXS 85 NSFNET IGP NSFNET IGP HWB 86 DGP Dissimilar Gateway Protocol DGP ML109 B 4 IP Router Release 2 97 Protocol Types Protocol Number in Firewall Filters Number Keyword Protocol Reference 87 TCF TCF GALS 88 EIGRP EIGRP CISCO GXS 89 OSPFIGP OSPFIGP RFC1583 JTM4 90 Sprite RPC Sprite RPC Protocol SPRITE BXW 91 LARP Locus Address Resolution Protocol BXH 92 MTP Multicast Transport Protocol SXA 93 AX 25 AZ 25 Frames BK29 94 IP
131. gs Time Adjustment 2 5 Default Router 00000 5 12 Defining Address Filters 0000 4 29 Custom Filters 000 4 25 Protocol Filters 004 4 27 Device Name dues dw DYuxd bx vx 5 35 Devices Local lesus 4 36 5 41 DHCP si access eag wie ek geben Re Glossary 1 DHCP Server ssus 4 48 4 51 DHCP Server BOOTP Relay 4 45 DHCP Server 4 48 4 51 Domain Name Servers 4 49 Lease Duration 05 4 49 Name Server NBNS 4 49 NetBIOS Name Server 4 49 NetBIOS Node Type 4 49 Node Type 0 000 4 49 4 50 Numbers cedes xu EGENT 4 48 SCOPE ice PERDRE UE CE 4 49 Diagnostics and Performance Tools C 5 Display RRRRRSRREERRESRRUDe REED 9 13 DECT gerr vuota Bo ur rs 6 11 DNS Proxy 0 ce eee eee eee 3 16 DNS SetVer io osuut ix e Eo 3 17 Domain Name 0 05 3 17 Site M MP 3 17 DNS Resolver 000 eee eee 3 25 DNS Server 0 cee eee eee eee 3 17 Domain Name 0000 00 eee 3 17 IP Router Release 2 97 E Enhanced Security 000005 2 6 Esc Key secte bebROERERP eben eo 1 2 EAH iue n necks eee c CREE TUER ES 4 6 Events iso eere ERR RE ea 9 2 Authenticate 52s ero eae esate RES A 3 CoU nt eo eeescreereb E ER RUECEERPEERPTS 9 3 Message osos dace ete ERA ER E 9 3 Time hosp edna
132. he Licensed Software to comply with the Forcel0 Networks software specifications but that do not significantly impair the function or service of the Force10 Networks Product or the system Determination of Severity 1 2 or 3 shall be made solely by Force10 Networks following receipt of the reported problem Refurbished material may be used to repair or replace the Product BUYER shall bear the risk of loss for Products or Software returned to Forcel0 Networks for repair replacement or service and the same must be shipped pre paid by BUYER Requests for warranty services and troubleshooting must be made to and will be provided by the Force10 Networks Customer Support Center via telephone during the warranty period and during normal business hours Normal business hours for Force10 Networks Customer Support Center are 7 00 a m to 6 00 p m Mountain Standard Time Monday through Friday excluding weekends and standard Forcel0 Networks recognized holidays IP Router Release 2 97 Preface Limitation of Warranty amp Limitation of Remedies Correction of defects by repair replacement or service will be at Force10 Networks option and constitute Force10 Networks sole obligation and BUYER s sole and exclusive remedy under the limited warranty Any such error correction or replacement provided to BUYER does not extend the original warranty period for hardware or software respectively Force10 Networks assumes no warranty or other liability wi
133. he Router card Forcel Networks Router RTR Main Menu Category Tue Jan 15 2002 22 02 05 Router Version 2 97 lot 6 Selection Managenent Configuration Verification Statistics System Reports BATERE gt lt Profile Directory gt gt lt Ping Utility lt Run time lt Events lt Logout Scrollable Use the spacebar to change the selection and hit ENTER IP Router Release 2 97 C 5 Troubleshooting Diagnostics and Performance Tools C 6 Verification The Verification section may be used to identify suspected communication problems between the local and remote devices Verification options are Ping Utility Verifies the ability of the local unit to communicate by pinging remote or local devices See Ping Utility on page 7 2 for more information on this feature Trace Route The Trace Route option is used to verify timely and reliable connections The Trace Route utility determines the path a packet follows from source to destination See Trace Route on page 7 6 for more information on this feature Port Monitor The Port Monitor is a diagnostic tool that is used to review the actual data being transmitted from or received by the local Router When the monitoring is started a hexadecimal display of each transmission as it occurs 1s shown See Port Monitor on page 7 9 for more information on this feature NOTE The Port Monitor decreases the throughput of the Router It should
134. ic VPN Networks Static networks allow you to establish fixed or pre determined routes which increases the control that you have over routing choices within your network Although the Router is able to dynamically learn routing information through RIP packets you may wish to disable this feature and manually enter fixed routes Disable Learning by selecting the lt Never gt option in the WAN Network Updates field on the Remote WAN Profile Setup window Static routing may be preferred if e Routers that are not configured to advertise cannot utilize the automatic learning capabilities of the Router e Advertising is disabled for security purposes e Keeping routing tables small in order to increase LAN WAN performance Advertising is disabled to decrease traffic on the LAN and across the WAN Static routing may also be preferable when managing large networks Often times it is easier to disable the learning mode and manually enter routes rather than review each routing table entry and determine its advertising status As a static routing example let s assume that we have three networks A B and C Network B is connected to Network C via a router and to Network A via a Remote Unit Network B may not learn of Network A s existence if advertising was disabled on Router 1 Therefore if you wish to establish an entry in the routing table indicating aroute between Network B and Network C you can define a static route on Network B IP Rou
135. ile 4 62 IP Router Release 2 97 Local Profile Window Profile Directory Local Profile Link Speed 3 Select Link Speed Auto Negotiate gt All options are available by scrolling with the SPACEBAR Once the selection has been made select ENTER to set the configuration Forcel Networks Router Wed Jan 30 2002 5 21 19 gt Profile Setup for LocalUnit LOCAL Frame Types LAN Network Protocol 802 2 Eth II SNAP 802 3 Updates lt Neither gt IPX X X X X lt Neither gt Other X X X LAN IP LAN IPH IP Address 10 0 0 1 802 2 Ext Network 00000000 Subnet Mask 255 0 0 0 Eth II Ext Network 00000000 Default Router 0 0 0 0 SNAP Ext Network 00000000 802 3 Ext Network 00000000 Setup Secondary IP Addresses gt Link Speed KNuto Negotiate Me mamm Link Speed Fields Auto Negotiate This selection is the default and is highly recommended to be left at this setting The router and the device will negotiate common features and functions 100T Full Duplex The selection will force the Ethernet PHY to 100 MHz full duplex on the Router 100T Half Duplex The selection will force the Ethernet PHY to 100 MHz half duplex on the Router 10T Full Duplex The selection will force the Ethernet PHY to 10 MHz full duplex on the Router 10T Half Duplex The selection will force the Ethernet PHY to 10 MHz half duplex on the Router IP Router Release 2 97 4 63 Profile Dir
136. ing Tree Port Setup for remote RemoteUnit Spanning Tree REIS Port Priority 128 Port Cost 651 Scrollable Use the spacebar to change the selection Port Priority The Port Priority value can range from 0 to 255 with a default of 128 Port Cost The Port Priority value can range from 0 to 65535 with a default of 651 5 50 IP Router Release 2 97 Profile Directory Remote Profile Trunk Port Trunk Port Use this screen to define the Router Interface 1 Onthe Main Menu press TAB until Configuration Profile Directory gt is highlighted 2 Select WAN Setup gt on the RemoteUnit line and press ENTER Forcel Networks Router Thu Jan 31 2002 20 02 22 gt Profile Directory 1 Configured and 2 Enabled Name Profile Type Recv Send Profile State Router CARD Setup gt n LocalUnit LAN NONE NONE Setup gt Profile 1 RemoteUnit WAN NONE NONE lt gt lt Enabled gt Directory Window CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for the remote profile IP Router Release 2 97 5 51 Profile Directory Remote Profile Trunk Port 3 Select Setup Trunk Port and press ENTER Forcel Networks Router Tue Feb 5 2002 1 39 05 gt Profile Setup for RemoteUnit WAN Network Protocol Mode Updates GRE Tunnel IP lt Route gt lt Never gt lt Disabled gt IPX lt Blocked gt Other
137. ing out IPX SAP Service Advertising Protocol packets and monitoring SAP packets from other devices the unit learns about other servers Once a server has been discovered the information is displayed on this window This window may be used in two ways depending on which Selected Items mode is chosen Do Not Advertise gt Selected Items or lt Advertise gt Selected Items The Do Not Advertise mode causes the unit to not advertise the learned services To advertise under this mode remove the X next to the server to advertise The Advertise mode causes the unit to advertise all learned services to all remotes If a specific server under this mode is not to be advertised the X must be removed next to the listed server Since each server that contains an X next to it consumes a filter you should choose the approach that consumes the least number of filters For example if a Router has learned 15 services of which you want to advertise only 5 It would consume fewer filters to set the Selected Items field to lt Advertise gt and place an X next to the 5 servers to than to choose Do Not Advertise gt and place an X next to the 10 servers IP Router Release 2 97 4 43 Profile Directory Local Profile Advertise Network Server 4 44 NOTE Each selected server will be counted as a filter A maximum of 500 filters can be defined on the Router Network This field displays the network address of each learned or configured server
138. ing the distance from your local network to the destination network Originally this measured by the number of gateways between the two networks the number may be modified either higher or lower to indicate a desired priority To ensure a route is considered primary the value in this Metric field must be less than that of a secondary route This field is only used on IP networks Valid entries range from 1 to 15 Please note that a value of 1 usually indicates a direct network Hops See Metric above When defining the number of hops in a given route remember to increment the actual number by 1 since your locally attached unit is counted as 1 This field is only used on IPX networks Valid entries range from 1 to 15 Ticks Indicates the distance between two networks as measured in time increments 1 18th of a second Only IPX Networks use this information Like hops ticks may be used to designate primary and secondary routes to the same network Although both the hops and ticks values are considered when determining routing priority for Novell networks the tick value is considered first To designate routing priority between two routes manipulate the tick value so that the preferred route 1s given the lower value Range is 1 to 15 Next Gateway Enter the IP Address of the first gateway router that the data will use to reach the destination network Referring back to Example 1 Network B would enter the IP Address of Router
139. ion 1600 VALID IP Router Release 2 97 B 7 Protocol Types Ethernet Protocol Types HEX Description 4242 BXS Basic Block Protocol 5208 BBN Simnet Private 6000 DEC Unassigned 6001 DEC MOP Dump Load Assistance 6002 DEC MOP Remote Console 6003 DEC DECnet Phase IV 6004 DEC LAT 6005 DEC DECnet Diagnostics 6006 DEC DECnet Customer Use 6007 DEC DECnet SCA 6008 DEC unassigned 6009 DEC unassigned 6010 6014 3Com Corporation 7000 Ungermann Bass download 7001 Ungermann Bass NIU 7002 Ungermann Bass NIU 7007 OS 9 Microware 7020 7029 LRT England 7030 Proteon 7034 Cabletron 8003 Cronus VLN 8004 Cronus Direct 8005 HP Probe protocol 8006 Nestar 8008 AT amp T 8010 Excelan IP Router Release 2 97 Protocol Types Ethernet Protocol Types HEX Description 8013 SGI diagnostic type obsolete 8014 SGI network games obsolete 8015 SGI reserved type obsolete 8016 SGI bounce server obsolete 8019 Apollo 802E Tymshare 802F Tigan Inc 8035 Reverse ARP 8036 Aeonic Systems 8038 DEC LANBridge 8039 DEC Unassigned 803A DEC Unassigned 803B DEC Unassigned 803C DEC Unassigned 803D DEC Ethernet CSMA CD Encryption Protocol 803E DEC Unassigned 803F DEC LAN Traffic Monitor 8040 DEC Unassigned 8041 DEC Unassigned 8042 DEC Unassigned 8044 Planning Research Corpor
140. k Hit ENTER to configure the communication information for this profile NOTE Each filter even if it is not enabled will count toward the maximum number of 500 filters 4 22 IP Router Release 2 97 Profile Directory Local Profile Filters 3 Select Setup Filters gt If the Filters option is not displayed scroll to the selection with the SPACEBAR and press ENTER Forcel Networks Router Wed Jan 30 2002 20 08 28 gt Profile Setup for LocalUnit LOCAL Frame Types LAN Network Protocol 802 2 Eth II SNAP 802 3 Updates IP K lt Neither gt IPX X X X X lt Neither gt Other 8 X 41 Local Profile LAN IP LRN IPX Wind IP fiddress 10 0 0 1 802 2 Ext Network 00000000 indow Subnet Mask 255 0 0 0 Eth II Ext Network 00000000 Default Router 0 0 0 0 SNAP Ext Network 00000000 802 3 Ext Network 00000000 Setup MMS Link Speed lt Auto Negotiate gt Scrollable Select the item to be set up and hit ENTER 4 Press CTRL A to add filters See the following sections on defining custom protocol and address filters Forcel Networks Router Wed Jan 30 2002 20 10 57 gt LocalUnit has 0 Enabled Filters Forward Mode NEST S gt Define Filter Custom gt gt Enabled Window Filter Type Source Dest Filter Name Filter CTRL A to add CTRL E to erase CTRL F to page forward CTRL B to page back Scrollable Select the port forwarding mode based upon the enab
141. l lt Disabled gt to lt Enable gt with the SPACEBAR select ENTER Forcel Networks Router Wed Jan 16 2002 6 38 41_ SYSTEM LOG MESSAGE SERVICE SETUP Setup for local LocalUnit gt Note Level 3 is Alarms Level 5 is Events Sys Log lt DD gt IP Router Release 2 97 3 23 Profile Directory Router Card Profile SysLog 3 Enter the appropriate data in the following fields Forcel Networks Router Wed Jan 16 2002 6 40 15 gt SYSTEM LOG MESSAGE SERVICE SETUP Setup for local LocalUnit Note Level 3 is fllarms Level 5 is Events Sys Log MFnabled 9 Facility 16 Level 3 Server IP fiddress 0 0 0 0 Scrollable Use the spacebar to change the selection SysLog Setup Menu Fields SysLog To enable the SysLog use the SPACEBAR to scroll Disabled to Enabled and select TAB or ENTER The window will now display the optional settings for Sys Log Facility The value can range from 0 to 23 with a default of 16 Level The value can range from 0 to 7 with a default of 3 Level 3 is Alarms and level 5 is Events Server IP Address The server IP Address is a unique dotted decimal notation entry that is used for data routing purposes This IP address ofthe SysLog Server or the Host that has the SysLog Server software running 3 24 IP Router Release 2 97 Profile Directory Router Card Profile DNS Resolver DNS Resolver The DNS Resolver enables the use of the Domain Name Service
142. le Setup for REMAINS WAN Network Protocol Mode Updates GRE Tunnel IP Route gt Never gt lt Disabled gt IPX lt Blocked gt Other lt Blocked gt Remote NAT Gateway lt Disabled gt Profile Window WAN IP Numbered lt NO gt FW Allow Frags lt Disabled gt Setup Security ptions gt gt Setup lt Trunk Port gt Editable Please enter a value The graphic below displays how the window changes with the NAT Gateway enabled Forcel Networks Router Profile Setup for RemoteUnit WAN Network Protocol Mode Updates GRE Tunnel IP Route gt lt Never gt lt Disabled gt IPX lt Blocked gt Other lt Blocked gt Thu Jan 31 2002 20 10 50 gt NAT Gateway MENEE NAT Port Numbers Dynamic gt NAT Address lt Assigned by Remote WAN IP Numbered lt NO gt 5 4 IP Router Release 2 97 Profile Directory Remote Profile Remote WAN Profile Overview Profile Setup for RemoteUnit This is an 11 character maximum field to uniquely identify this remote device This value identifies the remote system s name on the remote unit s Local LAN Profile Setup window All remote devices will initially have the default name RemoteUnit To change the name of the remote device simply type over the existing name This name will be used during the authentication process to ensure this unit s identity Please note that the system is case and spacing sensitive
143. lect with the SPACEBAR lt IP Networks gt lt IPX Networks gt or lt IPX Servers gt TAB to the Selected Items field lt Tue Feb 5 2002 1 18 34_ gt RemoteUnit has 1 configured and learned IP Network Setup MARS lt Filter gt Selected Items Filter Network Filter Network 1 Static Fltr 0 0 0 0 1 Server 5 44 IP Router Release 2 97 Profile Directory Remote Profile Filter Network Server 5 Select Learn or lt Filter gt and press ENTER Tue Feb 5 2002 1 20 22 gt RemoteUnit has 1 configured and learned IP Network Setup IP Networks gt qm Selected Items Network Learn 1 Static Fltr 0 0 0 0 X CIRL F to page forward CTRL B to page backward Scrollable Use the spacebar to change the selection 6 To manually configure a service see Static VPN Networks on page 5 19 Filter Network Server Fields Setup Use this field to identify which networks or server types you wish to review and filter IP Networks IPX Networks or IPX Servers Selected Items Filter Learn lt Filter gt default The Router will learn all networks servers and advertise them to the LAN This mode is particularly useful for small networks with few items to be learned advertised Customize the advertised networks servers in one of two ways Learn or CTRL A lt Learn gt Under this mode learning and advertising are disabled until a specific server type is selected from the displayed servers or is manua
144. led filters IP Router Release 2 97 4 23 Profile Directory Local Profile Filters 4 24 Filters Menu Fields Forward Mode This field determines what data to pass not to pass based on this field value and the filters listed on the current window There are two available values which determine how the Router will handle data to from the LAN lt All Frames NOT Matching Filters any packets matching the filters listed will not be passed i e pass all frames except those matching the enabled filters ONLY Frames Matching Filters enabled filters will have the PASS action All packets matching the filters listed will be passed to from the LAN Any packets that do not match will be dropped i e will not pass through the Router Define Filter Use this field to choose the appropriate filter type The filter screens are used to define the actual filter prior to enabling adding it on the current window Custom see Defining Custom Filters on page 4 25 lt Protocol gt see Defining Protocol Filters on page 4 27 Address see Defining Address Filters on page 4 29 Once the filter type is defined select Enter and the Define Filter window will appear See the following sections on defining filters Filter Type This field value represents the type of filter Custom Protocol or lt Address gt Source Destination This field is active only with an Address Filter Source Filters by Source only Desti
145. lly added The Learn mode is much better suited for larger networks as specifying which networks servers you wish the Router to learn may consume less filters than specifying which networks servers you Do Not want learned IP Router Release 2 97 5 45 Profile Directory Remote Profile Filter Network Server Tue Feb 5 2002 1 30 24 gt RemoteUnit has 2 configured and learned IP Networks Setup IP Networks gt XE Selected Items Network Learn 1 Static Fltr 0 0 0 0 X 2 Static Fltr 192 168 1 0 X CIRL F to page forward CTRL B to page backward Scrollable Use the spacebar to change the selection If the server type and name are specified only servers that match both values will be learned or filtered Be aware that the Name value is case and spacing sensitive Network This field displays the network address of each service network learned from the remote unit If this route was added using the Static Network screen Static Fltr will appear before the network address of this entry Type This field is only available when the Setup field is set to lt IPX Servers The Type field displays the Hex value assigned to each known server When a service is added using CTRL A a Hex value must be defined If you wish to learn or filter certain services that match a particular server type manually add an entry specifying the desired Hex value This setting will enable the unit to learn or filter all services that match
146. local LAN the network is located in terms of metric measurement or hops depending on the protocol e Whether the network can be reached on the local LAN via the LAN port or through a remote unit If you are using the local LAN you will also need to define the address either IP or MAC depending on the protocol of the first gateway 1 e router you will use to reach the network you are defining It is important to note that if the static network 1s reached via a remote unit it must be defined by choosing the SETUP Static Networks option on the corresponding Remote WAN Profile Setup screen Static networks that are reached via the local LAN must be defined by choosing the SETUP Static Networks option on the Local LAN Profile Setup screen NOTE All static routes are considered filters and will be applied toward the maximum allowable number of 500 filters IP Networks An Internet Protocol Network IPX Networks Internet Packet Exchange Network A Novell NetWare s native LAN communications protocol 4 12 IP Router Release 2 97 Profile Directory Local Profile Static Networks To Set Up Static Networks 1 Select Configuration Profile Directory gt from the Main menu and press ENTER 2 Select LAN Setup gt and press ENTER Forcel Networks Router Thu Jan 17 2002 60 45 01 gt Profile Directory 1 Configured and 2 Enabled Name Profile Type Recv Send Profile State Router CARD lt Setup gt
147. lt Ping Utility lt Run time gt gt lt Events gt gt lt Logout gt gt Slot 6 IP Router Release 2 97 Basic Configuration Start Basic Configuration 2 Select Yes to enter the setup program and press ENTER Forcel Networks Router Tue Feb 5 2002 2 49 36 gt Scrollable Use the spacebar to change the selection IP Router Release 2 97 6 3 Basic Configuration Local Unit Identification Local Unit Identification NOTE When this window is opened the items below in the box are not displayed As you fill in information or accept the current default information by hitting ENTER the next line will display This is the same process that you will find on all of the windows in the Guide Forcel Networks Router Tue Feb 5 2002 2 51 32 For help call Force1 Networks Technical Support Page 1 of 7 Welcome to the Router Basic Configuration Please enter a name which will uniquely identify this Router in your network It is suggested that the name of your location be used Router Name LocalUnit Please enter the IP flddress of this Router Please enter the Subnet Mask of this Router Please enter the Default Router of this Router go to next field ESC to exit Basic Configuration ditable Enter a non zero IP flddress Subnet Mask in Dotted Decimal Notation Router Name LocalUnit Enter a unique name for the Local Unit Name can be up to 11 characters
148. m Reports Window lou EETUREUIUTTTST 9 2 PUE MN 9 4 Networks Servers lesse 9 6 Address Tables liliis 9 11 10 Exit Window LEOBgOoUL 4 or RRRLELRERE IRI ERE end vor P Poe E a des 10 2 ReinitialiZe eb TUNER bbe eve be eo 10 3 vi IP Router Release 2 97 Table of Contents 1 1 Router Configuration Basic Setup isseusdesssas s re Rr ha Rr RELE ee 11 2 PPP Internet Connection and Public IP Address Routing eese 11 3 Frame Relay Internet Connection and Public IP Address Routing llis lees 11 4 Internet Connection using PPP NAT PAT and Firewall Filters 11 5 Internet Connection using NAT and Static NAT Addresses 11 7 Back to Back with PPP 0 0 cece eect eens 11 9 Back to Back with Multi Link PPP 0000s 11 11 Boulder Router in Slot 1 leise eee 11 11 Denver Router in Slot lo 2 ee eee ee 11 12 Back to Back with Frame Relay 0 00 cece eee eee 11 13 A User Events User Events eere i oda bone a OL eR ee ERE A Pes A 2 Authenticate Events llis A 3 Triggered Events 0 eect nett eens A 4 Alarms 03 Se secs wer E REVERRENGGO RE ae oh RUE eo Ras a dv A 5 B Protocol Types Protocol Number in Firewall Filters 0 0 0 0 00 ee eee B 2 Ethernet Protocol Types 2 050 6a405 erep be cee E RE ERE B 7 C Troubleshooting Communication Related Issues nonnina 00 c ee eee C 2 Excessive Triggered Update Eve
149. m names may be configured IP Router Release 2 97 3 9 Profile Directory Router Card Profile Security 3 10 Authentication of Remote Protocol CHAP PAP or NONE Use this field to identify the authentication protocol to be used by this IP Router when authenticating remote devices Local Security Server Use these fields to identify the local server that is used to authenticate remote devices This field is only necessary if you are using either the lt RADIUS gt or lt TACACS gt security authentication method If you are not using either of these security methods the unit will respond to the authentication requests of remote devices and will accept or reject them based on their validity Type Use the SPACEBAR to choose the security authentication method that you are using lt None gt Use this setting if the Local unit will be used to authenticate remote devices Please note that you may not use the lt None gt setting if the Security Server field for a remote device has been set to External Server lt RADIUS gt Will set the server to use the RADIUS Remote Authentication Dial In Service protocol RADIUS is a client server based authentication software system lt TACACS gt Will set the server to use the TACACS Terminal Access Controller Access Control System protocol TACACS provides services of authentication authorization and accounting independently Address Enter the IP Address of the local server
150. may impact system performance and may cause an Event or Alarm screen overflow NOTE When enabled a single event alarm will be logged for all TCP session initiations An event alarm will be logged for each packet for all UDP transfers UDP traffic should typically not be allowed across a firewall NOTE All firewall rules are considered filters and will be applied toward the maximum allowable number of 500 filters IP Router Release 2 97 Profile Directory Remote Profile Filter Network Server Filter Network Server This screen allows you to filter the Remote WAN networks servers in two ways depending on which mode is selected The Filter mode causes the unit to learn all networks services on known networks and then advertise these services to the LAN In the Learn mode the unit will disable or restrict learning of networks services Under this mode services will only be learned if they are selected or added For example when you enter the current screen all known networks services will be displayed since the lt Filter gt mode is the default mode If you wish to restrict which services are learned you may change the Selected Items field to Learn and then enable only selected services displayed on the screen Once you exit this screen and save the changes only those services that you enabled and or added will be learned and displayed Since the lt Filter gt mode learns all services it may be most appropriate for sm
151. me can be up to 32 characters long Select the authentication User ID Local Custom Name gt Current User ID Select the protocol LocalUnit will use to authenticate all remotes CHAP Set authentication to CHAP Challenge Handshake Authentication Protocol lt PAP gt Set authentication to PAP Password Authentication Protocol NONE Disable authentication Default IP Router Release 2 97 Basic Configuration WAN Interface Connections WAN Interface Connections This screen will display the Port Number and connection information of existing WANSs Whe window displays one WAN initially as you set the connection type and then hit ENTER the next WAN will display Note You are not allowed to back up to the previous WAN on the list This screen will only hold 8 WANs on a page additional pages are added as needed Forcel Networks Router Tue Feb 5 2002 2 58 36 gt For help call Forcel1 Networks Technical Support Page 3 of 7 Select the Type of WAN Connection for each connected port Port Number WAN Connection WAN Connection Type 1 1 15 PPP gt 2 A 1 2 2 lt PPP gt 3 A 1 3 3 lt PPP gt 4 A 1 4 4 lt PPP gt 5 8 1 5 5 PPP gt 6 A 1 6 6 lt PPP gt 7 A 1 7 7 lt PPP in Frame Relay gt 8 A 1 8 8 lt Frame Relay 1490 gt For Frame Relay Set Option for PVC Management lt TR gt ENTER to go to next field ESC to exit Basic Configuration Scrollable Select the PVC Managemen
152. mes and bad frames as well as aborted TX frames It is used to identify WAN communication problems prior to contacting the telephone company for further diagnosis For this total to update Auto Update must be lt On gt IP Router Release 2 97 Statistics Window Run Time Remote s Name This field reflects the names of all the Remote WAN profiles listed in the Profile Directory Forwarded to WAN This field represents the number of data packets per second pps that are being forwarded from the LAN to the respective remote units Each screen update is a current snapshot oftransmission activity Throughput to from WAN This field value displays two numbers which represent the current bandwidth utilization in bits per second bps for each remote site listed The TO number represents transmission utilization going from the LAN to the listed remote unit The FROM number represents transmission utilization received from the listed remote unit Comp Ratio to from WAN Using advanced data compression algorithms the Router constantly seeks to determine the best way to compress the data to be transmitted across the WAN The values in this field represent how much the Router was able to compress the data Since some data is more compressible than others the compression ratio will reflect this Remote Conns The numeric value in this field represents the number of connections currently active per Remote WAN site IP Router Relea
153. munication Associates 80C2 Digital Communication Associates 80C3 Digital Communication Associates 80C6 Pacer Software 80C7 Applitek Corporation 80C8 80CC Integraph Corporation 80CD Harris Corporation 80CE Harris Corporation 80CF 80D2 Taylor Inst 80D3 Rosemount Corporation 80D4 Rosemount Corporation 80D5 IBM SNA Services over Ethernet 80DD Varian Associates 80DE Integrated Solutions TRFS Transparent Remote File System 80DF Integrated Solutions 80E0 80E3 Allen Bradley 80E4 80F0 Datability 80F2 Retix IP Router Release 2 97 B 11 Protocol Types Ethernet Protocol Types HEX Description 80F3 Kinetics AppleTalk ARP AARP 80F4 Kinetics 80F5 Kinetics 80F7 Apollo Computer 80FF 8 103 Wellfleet Communications 8107 Symbolics Private 8108 Symbolics Private 8109 Symbolics Private 8130 Waterloo Microsystems 8131 VG Laboratory Systems 8137 Novell old NetWare IPX ECONFIG E Option 8138 Novell 8139 813D KTI 9000 Loopback Configuration Test Protocol 9001 Bridge Communications XNS Systems Management 9002 Bridge Communications TCP IP Systems Management 9003 Bridge Communications FF00 BBN BITAL LANBridge cache wakeup B 12 IP Router Release 2 97 APPENDIX Troubleshooting In this Appendix Communication Related Issues m LAN Related Issues Diagnostics and Performance Tools Verification Statistics System Reports Troubleshooting
154. n Example SETUP Trunk gt Some selectable fields such as Main Menu options are also a scrollable option field For example lt Events gt gt Press the SPACEBAR to select the desired option and then press ENTER to perform the action Edit Field A field value enclosed in parentheses may be modified by entering an alphanumeric character Example SYSTEM NAME Adit 600 You will note that many editable fields are displayed with a default value To change this value highlight the field and type over the existing entry or press DELETE and then enter new value Note these fields are case sensitive To enter this value press ENTER IP Router Release 2 97 1 3 Introduction Help Bar Help Bar 1 4 The IP Router provides field specific help that is displayed at the bottom of the window The help text will indicate if the field is scrollable or editable and provide a brief description of the field If it is a selectable field it will state what to do to invoke the action to be performed Forcel Networks Router Tue Jan 15 2002 22 02 05 RTR Main Menu Router Version 2 97 Slot 6 Category Selection Management KSystem lTime Login Configuration lt Profile Directory gt Verification Ping Utility gt Statistics lt Run time gt System Reports lt Events gt Exit lt Logout Scrollable Use the spacebar_to change the selection and hit ENTER IP Router Release 2 97 In
155. n Setup Complete Setup Complete You have now completed the Basic Configuration You may re enter the Basic Configuration to make changes now or at any time Force10 Networks Router Tue Feb 5 2002 3 11 55 gt 4 For help call Force1 Networks Technical Support Page 7 of 7 Basic Configuration Finished Do you want to re enter Basic Configuration lt NO gt Do you want to save your configuration changes qui LocalUnit will reinitialize to implement changes ENTER to go to next field ESC to exit Basic Configuration Scrollable Use the spacebar to change the selection IP Router Release 2 97 6 13 Basic Configuration Setup Complete 6 14 IP Router Release 2 97 CHAPTER Verification Window The Verification window is used to identify suspected communication problems between the Local LAN and Remote WAN devices In this Chapter m Ping Utility m Trace Route m Port Monitor Verification Window Ping Utility Ping Utility Use this option to verify any communication problems between the Router and various devices connected to your LAN or at a Remote location Problems are detected when a ping is sent to a device If the device echoes back to the Router then communications are operating normally Ifno echo returns then further investigation is needed Devices must be running TCP IP software in order for the ping to be successful A single ping may be
156. n 2 97 Slot 6 Category Selection Management qISCOBEUTAETHD Configuration Profile Directory Verification Ping Utility gt Statistics lt Run time gt System Reports lt Events gt Exit lt Logout gt Scrollable Use the spacebar to change the selection and hit ENTER IP Router Release 2 97 2 3 Management Window System Time Login This screen provides the basic system and security options for the Router card Forcel Networks Router Tue Jan 15 2002 22 44 07 gt System Time Login Setup for LocalUnit System Date and Time JERAT AER Daylight Savings Time Adjustment lt Disabled gt Auto Logout Timer 30 Change Login VIEW Password gt Change Login CONFIG Password gt Change Login ADMIN Password gt Enhanced Security lt Disabled gt Editable System Date and Time in the form Mmm DD YYYY HH MM SS The IP Router is equipped with three password levels and an enhanced security password Level1 VIEW allows the user to view only no changes are allowed Level 2 CONFIG allows the user to view and change all screens Level 3 ADMIN allows the user to view and change all screens terminate users as well as change all three passwords The Enhanced Security option provides an additional level of security for the network administrator System Date and Time The time and date values are used for reporting purposes Enter the date in the following format Mmm DD Y Y YY Immediatel
157. n begin e Silence Alarm if necessary Alarm Cut Off CLI command aco Check Connection Check Cable replace if necessary Check hardware and replace if necessary Call Customer Service C 10 IP Router Release 2 97 Annex D B8ZS Bit bps CHAP CLI Command Line CSU DHCP GLOSSARY A frame relay standard extension dealing with the communication and signaling between customer premises and equipment and frame relay network equipment for the purpose of querying network status information Bipolar 8 Zero Substitution a coding scheme that maintains ones density Contraction of the words binary and digit Bits per second Challenge Handshake Authentication Protocol Command Line Interface The command line is where you enter MS DOS commands Channel Service Unit the interface to the T1 line that terminates the local loop Dynamic Host Configuration Protocol DHCP is a network configuration that allows maintenance to be performed from a central site rather than by end users Glossary DNS Filter Firewall Frame Hops IP LMI Loopback Mbps NTP PAP Glossary 2 Domain Name Servers also known as resolvers are a system of computer which convert domain names into IP addresses which consist of a string of four numbers up to three digits each An operating parameter used with routers that can be set to block the transfer of packets from one LAN to another Any of a number of securi
158. n the result of each ping sent Press Successful Single Ping Unsuccessful Single Ping Status IP Dst Address 100 1 0 26 IP Src Address 100 1 0 10 MAC Address 00 00 86 62 72 17 Response Time lt 1ms Status IP Dst Address 100 1 0 26 IP Src Address 100 1 0 10 MAC Address Last Result Destination Unreachable Last Result Host Responding Successful Single Ping Unsuccessful Single Ping Status IP Dst Address 100 1 0 26 IP Src Address 100 1 0 10 MAC Address 00 00 86 62 72 17 lt 1ms Host Responding Response Time Last Result Status IP Dst Address 100 1 0 26 IP Src Address 100 1 0 10 MAC Address Last Result Destination Unreachable Response Count 19 Timeout Count O Response Count 19 Timeout Count 0 IP Router Release 2 97 Verification Window Ping Utility Response Window Fields IP Address Displays the IP Address entered on the setup window MAC Address When a Single Ping is successful the MAC Address is displayed When the test has failed the MAC Address field does not display and a timeout result is displayed Result or Last Result Will indicate if the host is responding to the test Result notices will be one of the following Host Responding This is a successful test with a ping responding Destination Unreachable This is an unsuccessful test The Router is not able to talk to the IP Address Timeout Thi
159. nation Filters by Destination only lt Both gt Filter by Source and Destination Filter Name This field displays the name the filter has been given IP Router Release 2 97 Profile Directory Local Profile Filters Defining Custom Filters Forcel Networks Router LocalUnit has 0 Enabled Filters Forward Mode lt ALL Frames NOT Matching Filters Define Filter METTE gt gt Wed Jan 30 2002 20 16 54 Filter Type Source Dest Filter Name LocalUnit has 1 Custom Filter Custom Name Packet Offset 32 Bit Mask 32 Bit Match 1 E 0 00000000 00000000 Wed Jan 30 2002 0 17 57 gt Custom Filter Window CTRL A to add CTRL E to erase Editable Enter a name for the filter This screen defines filters that search for a matching string of characters within a packet The defined character string can consist of up to 32 bits The user must specify Custom Name Filter name can be up to 7 characters Packet Offset designates where in the packet to begin looking for a matching character string Range is 0 to 60 bytes 32 Bit Mask indicates which bits are to be searched for a possible match Within the mask a 1 turns a bit ON 0 is OFF Only the bits that are turned on set to 1 will be searched for the match IP Router Release 2 97 4 25 Profile Directory Local Profile Filters 4 26 32 Bit Match specifies the character string that the system is searching for
160. ned number Protocol Number number between 1 255 NNTP Network News Transfer Ping ICMP echo request reply POP3 Post Office Protocol Version 3 SMTP Simple Mail Transfer SNMP Simple Network Management Protocol TCP Transmission Control Protocol Port Equal or Range Specify a number or range Number 0 65535 Start Number 0 65535 End Number 0 65535 Telnet User interface to local unit UDP User Datagram Protocol WAIS Wide Area Information Services Service Establishment Use this field to establish the transmission direction that will be affected by this rule Name Description Incoming All session establishments coming from the local unit that match the value in the Service field will adhere to the value in the Action field Outgoing All transmissions outbound from the LAN toward the local unit that match the value in the Service field will adhere to the value in the Action field In Out Will affect both incoming and outgoing transmissions IP Router Release 2 97 Profile Directory Local Profile Firewall Filters Local Profile Local IP Address Network IP Address of the local device or network that this rule will affect If you enter the address of a local device this rule will affect only the session establishments of the local device and the destination address entered in the Remote IP Address Network field below If this rule is to affect any local devices networks leave this field with the default as
161. nfiguration Profile Directory gt from the Main Menu and press ENTER 2 Select WAN Setup gt on the RemoteUnit line and press ENTER Forcel Networks Router Thu Jan 31 2002 0 02 22 gt Profile Directory 1 Configured and 2 Enabled Name Profile Type Recv Send Profile State Profile Router CRRD Setup gt Directory LocalUnit LAN NONE NONE Setup gt Window 1 RemoteUnit WAN NONE NONE gt lt Enabled gt CIRL A to add CTRL E to erase CIRL F to page forward CTRL B to a Hit ENTER to configure the communication information for the remote profile 5 32 IP Router Release 2 97 Profile Directory Remote Profile Static Addresses 3 Select Setup Static Addresses gt scroll through the list of options with the SPACEBAR if Static Addresses is not displayed Press ENTER Forcel Networks Router Profile Setup for RemoteUnit WAN Network Protocol Mode Updates IP lt Route gt lt Never gt IPX lt Blocked gt Remote Other lt Blocked gt prone NAT G Disabled Window ateway lt Disabled gt WAN IP Numbered lt NO gt Setup IIBER ES gt gt IP Router Release 2 97 Scrollable Select the item to be set up and hit ENTER Tue Feb 5 2002 20 09 03 gt GRE Tunnel Disabled FM Allow Frags lt Disabled gt Setup lt Trunk Port gt gt 5 33 Profile Directory Remote Profile Static Addresses 4 Scroll through the list of options with
162. ngle Ping gt gt Enter Dotted Decimal IP or Domain Name LAN Port Verification Fields Dst Host Destination Host Enter an IP Address or domain name to use for this query IP Address must be in the form of XXX XXX XXX XXX Where xxx is between 0 255 Access Port This is the local or remote profile of the network used during the test The operator can scroll with the SPACEBAR through the selections of the Access Port Local LAN gt to select the Local LAN or any of the defined Remote Unit s All defined Remote Profiles will be in this selection Src IP Address Source IP Address This is one of the multiple IP addresses assigned to the Ethernet LAN port and will override the IP address that will be used as the source IP address Default is to use the IP address of the interface from which the ping is sent IP Router Release 2 97 7 3 Verification Window Ping Utility Payload Size This optional parameter sets the number of bytes to send in the ICMP echo request payload Range is 0 to 8000 default is 64 START PING gt lt Single Ping gt Test for device failure The single ping test will send one ping lt Continuous Ping gt and display the results of the test Test for intermittent communication problems A continuous ping will send a ping until the test is manually terminated Results of the continuous ping test are constantly upd ESC to terminate the test at any time ated based o
163. not permit Telnetting you may wish to keep track of all Telnet attempts As a general rule however we do not recommend keeping a log of all rule matches since this may impact system performance and may cause an Event or Alarm screen overflow NOTE When enabled a single event alarm will be logged for all TCP session initiations An event alarm will be logged for each packet for all UDP transfers UDP traffic should typically not be allowed across a firewall NOTE All firewall rules are considered filters and will be applied toward the maximum allowable number of 500 filters 4 38 IP Router Release 2 97 Profile Directory Local Profile Advertise Network Server Advertise Network Server 1 Select Configuration Profile Directory gt from the Main menu press ENTER 2 Select LAN Setup gt and press ENTER Forcel Networks Router Thu Jan 17 2002 60 45 01 gt Profile Directory 1 Configured and 2 Enabled Name Profile Type Recv Send Profile State Router CARD lt Setup gt LocalUnit LAN NONE NONE gt Profile 1 RemoteUnit WAN NONE NONE Setup gt Enabled gt Directory Window CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for this profile IP Router Release 2 97 4 39 Profile Directory Local Profile Advertise Network Server 3 Select Setup Advertise Network Server gt If the Advertise Network Server op
164. nsmissions except Telnet you would create a rule indicating that Telnet has the Pass action The Router software would create the last rule that states the unit should Drop all other services Since any service that is not expressly permitted to pass will be prohibited it is important that you thoroughly understand the security policies of your WAN before attempting to create a firewall We suggest that only experienced Network Administrators create and maintain firewall filters Incorrectly defined filters may compromise the security and functionality of your WAN Service This field displays the service that this particular rule affects The most common services have been pre defined however there are a select few options where you may further define the service to be filtered Name Description Finger Display information about users FTP File Transfer Protocol Gopher Document search and retrieval HTTP World Wide Web ICMP Internet Control Message Type lt Equal gt or Range Specify a number or range Number 0 65535 Start Number 0 65535 End Number 0 65535 NUM IP protocol number to be specified see Protocol Number in Firewall Filters on page B 2 for a list of these Protocols and the assigned number Protocol Number number between 1 255 NNTP Network News Transfer Ping ICMP echo request reply POP3 Post Office Protocol Version 3 SMTP Simple Mail Transfer SNMP Simple Ne
165. nter the IP Address for the DNS Server Site This field lists the Local LAN and all the RemoteUnit that have a profile created for them Use the SPACEBAR to scroll through the list IP Router Release 2 97 3 17 Profile Directory Router Card Profile Spanning Tree Protocol Spanning Tree Protocol The Spanning Tree Protocol configures the global setup for using the Spanning Tree Algorithm as specified in the IEEE 802 1D specification 1 Select Spanning Tree Protocol Configure gt and select ENTER Forcel Networks Router Wed Jan 16 2002 6 01 03_ ROUTER Slot 6 Configuration RIP Mode Receive lt RIP1 gt RIP Mode Send lt RIP1 gt Trunk Configure gt Security Configure gt Configure gt DNS Proxy Configure gt Spanning Tree Protocol Configure gt Network Time Protocol Configure gt SysLog Configure gt DNS Resolver Configure gt Configure Spanning Tree Protocol 2 To enable Spanning Tree scroll Disabled to Enabled with the SPACEBAR select ENTER Forcel Networks Router Spanning Tree Global Setup for local LocalUnit gt Wed Jan 16 2002 6 02 55_ Spanning Tree lt E 3 18 IP Router Release 2 97 Profile Directory Router Card Profile Spanning Tree Protocol 3 Enter the appropriate data in the following fields Forcel Networks Router Wed Jan 16 2002 6 04 16 gt Spanning Tree Global Setup for local LocalUnit Spanning Tree EEIMES
166. nts on the Events screen C 2 LAN Related Issues 0 0 cence teen eee C 2 Unable to add data filters advertise networks or create static TOULC CNUTIES aoo oe r wee els oe RU eR e eee Eee en C 2 Unable to access the Local LAN Router unit via Telnet C 4 Unable to access a remote unit via Telnet 0 0 0 0 0000 C 4 IP Router Release 2 97 vii Table of Contents Diagnostics and Performance Tools 2 00 0 esses C 5 Verification iis 60646 peta be dca o Gok bI ee ee eee C 6 Statistics 2 if veges Gan oY aua ua eX eu EXE PUT aw shew RU C 6 System Reports 0 eee ehh C 7 AlI S ss estet Eso iue arbo eI bs tt cet C 8 Identify Alarm 1 nunnan nnna C 8 Clear Alaf oaeee e Geis Re RECUPERA NEL eben C 10 Glossary Index viii IP Router Release 2 97 CHAPTER Introduction In this Chapter Overview Installation Maneuvering in the System Fields Help Bar Connecting to the Router Introduction Overview Overview The IP Router can be configured using CLI via telnet or through the Router Menu driven Software This manual covers the Router menu driven user interface only All other information for the Router can be found in the Adit 600 User Manual Installation The IP Router card can be installed into any of the service card slots 1 6 of the Adit 600 chassis This card is hot swappable therefore the card can be removed and replaced without bringing down the system or
167. o 24 IP Router Release 2 97 3 15 Profile Directory Router Card Profile DNS Proxy DNS Proxy The DNS Domain Name Server Proxy specifies the IP address of DNS name servers to be used by the DHCP Dynamic Host Configuration Protocol clients 1 Select DNS Proxy Configure gt and select ENTER Forcel Networks Router Wed Jan 16 2002 5 39 52 gt ROUTER Slot 6 Configuration RIP Mode Receive lt RIP1 gt RIP Mode Send lt RIP1 gt Trunk Configure gt Security Configure gt SN Configure gt DNS Proxy gt Spanning Tree Protocol Configure gt Network Time Protocol Configure gt SysLog Configure gt DNS Resolver Configure gt Configure DNS Proxy Menu 2 Type CTRL A to Add a DNS Proxy Forcel Networks Router LocalUnit has 0 DNS Proxys Wed Jan 16 2002 5 43 13 gt Domain Name DNS Server Site 3 16 IP Router Release 2 97 Profile Directory Router Card Profile DNS Proxy 3 Enter the appropriate data in the following fields Forcel Networks Router Wed Jan 16 2002 5 45 29 LocalUnit has 1 DNS Proxy Domain Name DNS Server Site lv es 0 0 0 0 Local LAN gt CTRL A to add CTRL E to erase CTRL F to page forward CTRL B to page back Editable Please enter a value 4 Select ESC and YES to exit the window and save changes DNS Proxy Setup Menu Fields Domain Name Define a name for the Domain with up to 41 characters DNS Server E
168. o Update mW Clear lt All gt Totals gt LAN Packet Totals Received 32 Transmitted 4 Errors 0 WAN Packet Totals Received 0 Transmitted 680 Errors 0 Tue Feb 5 2002 3 34 34_ gt Remote s Forwarded Throughput Comp Ratio Remote Name to WAN to from WAN to from WAN conns RemoteUnit pps 0 0 bps 0 CIRL F to page forward CTRL B to page backward Scrollable Use the spacebar to change the selection Auto Update Use this field to select whether you wish to have this screen automatically updated with new transmission statistics while you are viewing the screen On will update the screen every 2 seconds lt Off gt will disable this feature Clear lt gt Totals Use this field to reset clear the total packets displayed in the following fields lt All gt Will clear both the LAN and WAN Packet Totals lt LAN gt Will clear only the LAN Packet Totals lt WAN gt Will clear only the WAN Packet Totals IP Router Release 2 97 8 3 Statistics Window Run Time LAN Packet Totals Use this field to review the number of LAN packets that the local unit has Received Transmitted and contained Errors If Auto Update is set to No the LAN packet totals will not increment while the screen is displayed Received This field will increment as packets are received from the LAN For this total to update Auto Update must be lt On gt Transmitted This field will increment as packets are transmitted b
169. onitoring is started a hex display of each transmission may be viewed as it occurs The number of packets that are displayed is determined by the value given at the Number of bytes to display for each packet prompt When attempting to determine a transmission problem it may be useful to print the hex displays for further analysis NOTE The Port Monitor should only be used for installation verification and PPP negotiation verification Under normal operation the Port Monitor should not be used as it will decrease performance and if used for an extended period of time it may cause service interruption 1 Onthe Main Menu press TAB until the Ping Utility is highlighted on the Verification option 2 Press SPACEBAR to scroll to Port Monitor Forcel Networks Router Tue Feb 5 2002 23 28 12 RTR Main Menu Router Version 2 97 Slot 6 Category Selection Managenent System Time Login gt gt Configuration lt Basic Config gt gt Verification Port Monitor gt gt Statistics lt Run time gt gt System Reports lt Events gt gt Exit lt Logout gt gt Scrollable Use the spacebar to change the selection and hit ENTER IP Router Release 2 97 7 9 Verification Window Port Monitor 3 Press ENTER The Port Monitor window will display along with a warning that using the Port Monitor will degrade performance lt Tue Feb 5 2002 23 29 08 gt PORT Monitor Setup for local LocalUnit Port
170. only during installation and troubleshooting procedures not during normal operation Statistics Run Time The Run Time is used to review data transmission information between the Local LAN unit and Remote WAN devices This option allows you to review data transmission statistics to from remote units This data will help you to monitor the Router s connection performance capabilities such as throughput compression and errors See Chapter 8 Statistics Window for more information regarding this feature IP Router Release 2 97 Troubleshooting Diagnostics and Performance Tools System Reports The System Reports menu presents data that may be useful in identifying WAN communication problems Events The Events listing offers on going historical activity for the Router while the Alarm listing indicates events that suggest further investigation See Events on page 9 2 for more information regarding this feature Alarms This screen provides a listing of any Alarms that have occurred on the Router When an Alarm is triggered the Router LED labeled CRD will display a red indicator light which will stay on until the Alarm is cleared Each Alarm is listed separately and the Count field will display a value of 1 See Alarms on page 9 4 for more information regarding this feature Network Servers By sending out IPX and IP RIP Routing Information Protocol and IPX SAP Service Advertising Protocol packets and monitoring RIP
171. onnect all connections to the router in slot 1 Set a 1 all type data Set the T1 1 of the Controller Type to Data connect a 1 all 1 1 1 Connect all of T1 1 to the Router that is in slot 1 connect a 2 all 1 1 2 rename 1 LocalUnit Boulder Connect all of T1 2 to the Router that is in slot 1 Rename LocalUnit default to Boulder LAN Set 1 1 1 2 multilink group 1 Assign 1 1 1 2 to multilink group 1 rename 1 RemoteUnit wanl Rename WAN 1 from RemoteUnit default to wanl set 1 1 ip address 1 1 1 1 255 255 255 0 Set the Ethernet IP address in the conventional IP address format Router LAN add 1 wanl static ip network 2 2 2 0 255 255 255 0 1 Adds a static IP network route to the WAN interface set 1 wanl trunk multilink group 1 Set the WAN interface named wanl to be mapped to trunk multilink group 1 reset 1 IP Router Release 2 97 Reboot the router to enable all configurations set 11 11 Router Configuration Back to Back with Multi Link PPP Denver Router in Slot 1 Command Description set 1 default Set Router to default settings disconnect a 1 Disconnect all connections to the T1 on the Controller slot a disconnect 1 Disconnect all connections to the router in slot 1 set clockl a 1 Set primary master transmit clock source set a 1 all type data Set the T1 1 of the Controller Type to Data
172. onnect all connections to the router in slot 1 set clockl a 1 Set primary master transmit clock source set a 1 all type data Set the T1 1 of the Controller Type to Data connect a 1 all 1 1 1 Connect all of T1 1 to the Router that is in slot 1 rename 1 LocalUnit Denver Rename LocalUnit default to Denver LAN rename 1 RemoteUnit wanl Rename WAN 1 from RemoteUnit default to wanl Set 1 1 ip address 2 2 2 1 Set the Ethernet IP address in the conventional IP 255 255 255 0 address format Router LAN Set 1 1 phy auto Set the Physical Specifications to auto negotiate set 1 wani rip ip updates never Set wanl to not send RIP updates add 1 wanl static ip network Adds a static IP network route to the WAN 1 1 1 0 255 255 255 0 1 interface Set 1 1 1 encapsulation ppp Set the encapsulation on trunk 1 to PPP Set 1 wanl trunk 1 Set the WAN interface named wanl to be mapped to trunk 1 reset 1 Reboot the router to enable all configurations set IP Router Release 2 97 Router Configuration Back to Back with Multi Link PPP Back to Back with Multi Link PPP The following configuration will set up two Adit 600 Routers back to back with Multi Link PPP Boulder Router in Slot 1 Command Description set 1 default disconnect a 1 Set Router to default settings Disconnect all connections to the T1 on the Controller slot a disconnect 1 Disc
173. oreign host gt 10 2 IP Router Release 2 97 Exit Window Reinitialize Reinitialize Some changes that you make to the Management software will not take effect until the Router 1s reinitialized Since this procedure is common to all functions within the software the reinitialization procedure appears on the Main Menu 1 Onthe Main Menu press TAB until the Logout is highlighted on the Exit option 2 Press SPACEBAR to scroll to Reinitialize Forcel Networks Router Tue Feb 5 2002 5 43 39 gt RTR Main Menu Router Version 2 97 Slot 6 Category Selection Management lt System Time Login gt gt Configuration Profile Directory gt gt Verification lt Ping Utility gt gt Statistics lt Run time gt gt System Reports lt Events gt gt Exit S gt Scrollable Use the spacebar to change the selection and hit ENTER 3 Press ENTER The following message is displayed Exit lt Reinitialize gt gt Scrollable Select Yes to reinitialize the unit IP Router Release 2 97 10 3 Exit Window Reinitialize 10 4 Press SPACEBAR to scroll NO to YES and press ENTER The system will close the session and reboot Session released on Tue Feb 5 2002 25 41 53 Terminating Forcel Networks Router connection Connection closed by foreign host gt IP Router Release 2 97 CHAPTER Router Configuration In this Chapter Basic Setup PPP Int
174. ot make any changes lt Write gt device is allowed to make changes but not view settings lt Both gt device is allowed to both read and write privileges IP Router Release 2 97 3 13 Profile Directory Router Card Profile SNMP SNMP Trap Destinations Select SNMP Trap Destination gt and select ENTER lt Forcel Networks Router Wed Jan 16 2002 5 18 38_ gt SYS Name unknown SVS Contact unknown SYS Location unknown SNMP SNMP Community Name s Name Address Access Setup puta 0 0 0 0 read gt Window SNMP Trap Destinationslisbj Configure SNMP Traps This window defines the SNMP Trap Destinations to which the Router will report alarm information Forcel Networks Router Wed Jan 16 2002 5 36 17 gt SNMP SNMP Trap Destination s Name fiddress Location oM 0 0 0 0 Local LAN gt Setup Window 3 14 IP Router Release 2 97 Profile Directory Router Card Profile SNMP Name Enter the community name s of the devices to which the Router will report The default community name is public To enter a new community name highlight the field and type the desired value with a maximum of 10 characters Address Enter the corresponding IP Address of the device that was entered in the Name field Location Local LAN lt RemoteUnit gt Available options are the Local LAN and all defined Remote WAN Units defined in the Profile Directory there can be up t
175. ote networks and services it can advertise the information on the local LAN on behalf of the remote networks and servers Bridge will not prompt the Router to initiate WAN bandwidth optimization Note that the unit will not advertise servers and networks lt Blocked gt if you do not wish to use the corresponding protocol lt Optimize gt See lt Route gt above IP Router Release 2 97 Profile Directory Remote Profile Remote WAN Profile Overview WAN Network Updates Routing information updates across the WAN will occur based on this selection This field is only available when IP Protocol is set to Route or when IPX Protocol is set to Optimize This field should be set to lt Never gt if the NAT Gateway field below is set to lt Enabled gt lt Never gt To prohibit all routing information updates When this is selected static routes between the Router and the remote units must be configured lt Periodic gt Periodic updates across the WAN occur every 30 seconds for the IP protocol and every 60 seconds for IPX lt Triggered gt Triggered updates occur only when changes within the network are detected This is the recommended setting GRE Tunnel Use this field to define IP Tunneling for GRE Generic Route Encapsulation If enabled define the local and remote IP Tunnel Addresses as well as the Secured GRE Tunneled Data This field is only available if the IP protocol is set to Route All
176. p gt and press ENTER lt Forcel Networks Router Profile Directory 1 Configured and 2 Enabled Thu Jan 17 2002 60 45 01 gt Name Profile Type Recv Send Profile State Profile Router i ARD MORE Abie Setup gt ocalUni lt gt Directory 1 RemoteUnit NONE NONE Setup gt Enabled gt Window CTRL_A_to add Hit ENTER to configure the communication information for this profile IP Router Release 2 97 CIRL E to erase CTRL F to page forward CTRL B to page back 4 45 Profile Directory Local Profile DHCP Server Client Relay 3 Local Profile Window 4 46 Select Setup lt DHCP Server Client Relay gt If not displayed scroll to the selection with the SPACEBAR and press ENTER Forcel Networks Router Profile Setup for LocalUnit gt Wed Jan 30 2002 3 27 29_ LOCRL Frame Types LAN Network Protocol 802 2 Eth II SNAP 802 3 Updates IP K lt Neither gt IPX X X KX X lt Neither gt Other X X X BN IP LAN IPH IP fiddress 10 0 0 1 802 2 Ext Network 00000000 Subnet Mask 255 0 0 0 Eth II Ext Network 00000000 Default Router 0 0 0 8 SNAP Ext Network 00000000 802 3 Ext Network 00000000 Setup lt MAI Link Speed Select the item to be set up and hit ENTER lt Auto Negotiate gt Scrollable IP Router Release 2 97 Profile Directory Local Profile DHCP Server Client Relay 4
177. p and hit ENTER Force10 Networks Router Wed Jan 30 2002 LAN Collision Threshold Provisioning Setup for local LocalUnit Lan UP Collisions 0 Alarm NO Sample Interval NND Collision Hi Threshold 5000 LAN Collision Lo Threshold 10 Collision Threshold Provisioning Collision Sample Interval 1 69535 seconds is Disable Default is 10 4 54 IP Router Release 2 97 Profile Directory Local Profile LAN Collision Threshold LAN Collision Threshold Fields LAN Will indicate if the LAN is UP or Down DWN Collisions The number of collisions that have occurred during the defined sample interval Alarm This field indicates if there is is not an active collision alarm There is an alarm indicator on the front of the IP Router Card labeled COL Ifa collision alarm is active this LED will flash yellow Sample Interval Use the Collision Sample Interval in seconds Range is 0 65536 seconds default is 10 and 0 disable Collision Hi Threshold Use this field to set the number of collisions in Interval to raise an alarm When the number of collisions rises above the defined number per interval the alarm will be activated The default is 500 Collision Lo Threshold Use this field to set the number of collisions in Interval to Clear Alarm If the number of collisions drops below the defined number per interval the alarm will clear Default is 10 IP Router Release 2 97 4 55 Profile Directory Local Profile S
178. panning Tree Spanning Tree NOTE This option does not display on the Local LAN Profile Setup until Spanning Tree is enabled on the Router CARD Profile The Spanning Tree configures the setup for the Spanning Tree Algorithm To Configure Spanning Tree 1 Select Configuration Profile Directory gt from the Main menu and press ENTER 2 Select LAN lt Setup gt and press ENTER lt Forcel Networks Router Thu Jan 17 2002 0 45 01 gt Profile Directory 1 Configured and 2 Enabled Name Profile Type Recv Send Profile State Profil Router CARD Setup gt rotile LocalUnit LAN NONE NONE lt gt Directory 1 RemoteUnit WAN NONE NONE Setup gt Enabled gt Window CTRL A to add CTRL E to erase CIRLF to page forward CTRL B to page back Hit ENTER to configure the communication information for this profile 4 56 IP Router Release 2 97 Profile Directory Local Profile Spanning Tree 3 Select Setup Spanning Tree gt and press ENTER Forcel Networks Router Wed Jan 30 2002 5 07 46 gt Profile Setup for LocalUnit LOCAL Frame Types LAN Network Protocol 802 2 Eth II SNAP 802 3 Updates IP K lt Neither gt X lt Neither gt L LAN IPH IP Address 0 0 802 2 Ext Network 00000000 Subnet Mask 0 0 Eth II Ext Network 00000000 Default Router SNAP Ext Network 00000000 802 3 Ext Network 00000000 Setup lt Q Min NEC Link Speed lt Auto Negotiate gt S
179. pings between local server addresses and public addresses See Static NAT Addresses on page 5 27 for more information lt NAT Bypass Subnets gt Use this option to access the Static NAT Addresses window which allows the operator to configure static bi directional NAT mappings between local server addresses and public addresses See Static NAT Addresses on page 5 27 for more information IP Router Release 2 97 Profile Directory Remote Profile Remote WAN Profile Overview Static Addresses gt This option is used to access the Static Addresses window which allows the operator to configure static addresses for the remote unit See Static Addresses on page 5 32 for more information Firewall Filters gt This option is used to access the Firewall Rules screen which allows the operator to establish firewall filters for this remote unit See Firewall Filters Remote Profile on page 5 36 for more information Filter Network Server gt This option is used to access the Filter Network Server screen which allows the operator to establish network and server filtering for this remote unit See Filter Network Server on page 5 43 for more information lt Spanning Tree gt Configures the global setup for using the Spanning Tree Algorithm as specified in the IEEE 802 1D specification See Spanning Tree on page 5 48 for more information Note IP Mode must be set to lt Bridged gt for this option to display in the scrolled list
180. rofile Directory Remote Profile Security Options Security Options Fields Authentication By Remote User ID Local Profile Name This field displays the User ID of the Local Unit Authentication of Remote This fields defines the parameters the remote unit expects to receive from this local unit Protocol This field displays the authentication protocol if any to be used by remote units when authenticating the local unit The authentication protocol is defined on the Local LAN Security SNMP window User ID Remote Profile Name Displays the current Remote Profile name Remote Custom Name User defined name up to 32 characters This user ID is sent during the authentication process Security Server Displays the defined method as to where the remote device will be authenticated This option is set in the Router CARD Setup gt Security SNMP window Compression Enabled Will negotiate compression with a remote device Disabled If the remote device will not negotiate compression leave this field as Disabled Typical Data This allows the data compression to be customized to the type of data on a given network Easy to Compress gt If typical compression ratios are greater than 2 1 then this setting should achieve the best compression This is the default Hard to Compress gt If compression ratios are less than 2 1 5 18 IP Router Release 2 97 Profile Directory Remote Profile Static VPN Networks Stat
181. rotocol Configure and select ENTER Forcel Networks Router Wed Jan 16 2002 6 11 14 gt ROUTER Slot 6 Configuration RIP Mode Receive RIP1 gt RIP Mode Send lt RIP1 gt Trunk Configure gt Security Configure gt SNMP Configure gt DNS Proxy Configure gt Spanning Tree Protocol Configure gt Network Time Protocol Configure gt SysLog Configure gt DNS Resolver Configure gt Configure Network Time Protocol 2 To enable Network Time Protocol scroll Disabled to lt Enabled gt with the SPACEBAR select ENTER gt Forcel Networks Router Network Time Protocol Setup for local LocalUnit Wed Jan 16 2002 6 15 09_ Network Time Protocol WM ERMEN 3 20 IP Router Release 2 97 Profile Directory Router Card Profile Network Time Protocol 3 Enter the appropriate data in the following fields Forcel Networks Router Wed Jan 16 2002 6 17 01 gt Network Time Protocol Setup for local LocalUnit Network Time Protocol MEF nabled M NTP Server Address XIP Address gt 0 0 0 0 Poll Interval 16 Time Zone Offset HOURS 0 Time Zone Offset MINUTES 0 Scrollable Use the spacebar to change the selection Network Time Protocol Setup Menu Fields Network Time Protocol Disabled to disable Network Processing Enabled to enable Network Processing The following items appear once enabled NTP Server Address Set the IP address or
182. s 00005 4 11 4 17 HOPS cese ER Rx Sechs ARR 4 16 Metrite oreina aeaoe beach beds ED 4 16 Network oves PERDERE 4 16 Next Gateway 0 00 4 16 IP Router Release 2 97 Subnet Mask s sese 4 16 TICKS coc tewse dae eae setae e he ae ee 4 16 Static VPN Networks 00005 5 19 Metri iy ree VETE 5 23 5 25 Network 0 0 0 0 ce eee 5 23 5 25 Subnet Mask Ls 5 23 5 25 Statistics Rune Time 43 Sch8 GR dhs Berens TU 8 2 Auto Update 0 200000 8 3 Clear Totals vk RSS 8 3 Statistics Window 0 0 eee eee 8 1 Subnet Mask 4 16 5 23 5 25 6 11 SYS Contact 2 0 0 eee eee 3 12 SY S LOocattofi 2 2 ccs eee aes eo 3 12 SYS Name 0 cece eee 3 12 SYSLOR 2 3 gm p RES 3 24 3 25 3 27 System Log Message Service 3 23 System Date and Time 2 4 System Log Message Service 3 25 System Reports Address Tables Auto Update 005 9 13 Display 00 00 cee eee eee 9 13 Learned From 9 13 Port Name 00000 eee 9 13 Alarms Auto Update 0 200000 9 5 COURE 2 osse VER A ERES X 9 5 Message saeed E e Ree EUR bee 9 5 TAM i den tomas eae ERN UIN 9 5 Events areitan de ace bee es 9 2 COUN slate et tex ae eae 9 3 MeSSag6 iik ats ace pe ey vcra 9 3 Tie i ese kb re UE rS see uta 9 3 Networks Servers 00000 ce cee 9 10 Frame Type 22s 25
183. s 9 10 IP Router Release 2 97 Address Tables Use this screen to review the MAC Address and IP Address of the devices that are known by the Router The Router will monitor traffic on the LAN WAN and dynamically learn the MAC Address and or IP Address of each device This learning is a continuous process that occurs automatically as communication takes place on the LAN or across the WAN The MAC Address and IP Address Tables along with Network Tables are used to determine if and where the Router should send packets System Reports Window 1 Onthe Main Menu TAB to the System Reports option 2 Press SPACEBAR to scroll to Address Tables Scrollable IP Router Release 2 97 Forcel Networks Router RTR Main Menu Category Management Configuration Verification Statistics System Reports Exit Use the spacebar to change the selection and hit ENTER Router Version 2 97 Selection System Time Login gt gt Profile Directory gt gt Ping Utility lt Run time See gt lt Logout gt gt Tue Feb 5 2002 5 35 58_ Slot 6 Address Tables gt 9 11 System Reports Window Address Tables 3 Press ENTER The Address Tables window will display These windows will change as different options are selected lt Forcel Networks Router Tue Feb 5 2002 5 36 58 gt LocalUnit has learned 1 MAC Address from 1 Port Flush learned entries Off Display
184. s a renew command Automatic DNS lt Disabled gt No automatic enabling disabling of the DNS Resolver will occur and the enable disable setting of the DNS Resolver will be under manual configuration control lt Enabled gt The DNS Resolver management will be managed automatically by the Client based on completeness of DNS configurables to operate the DNS Resolver Set Tx Packets Broadcast Bit Use this parameter to indicate if the broadcast bit is to be set checked box or clear in the bootp flags header value for all transmitted DHCP BOOTP packets for the DHCP Client IP Router Release 2 97 4 51 Profile Directory Local Profile DHCP Server Client Relay 4 52 Request The following DHCP Client configurables can be requested check box from a DHCP Server IP Address Mask DNS Host Name DNS Primary Server Gateway DNS Domain Name DNS Secondary Server Description This column will display the current Client information items Current Lease Value This column will display the current Lease information for the items under the Client Description list IP Router Release 2 97 Profile Directory Local Profile LAN Collision Threshold LAN Collision Threshold Use the options on this window to define the sample interval for data collection of collisions the Hi and Lo thresholds for raising and clearing Collision alarms It will also display if there 1s a current alarm active and the number of collisions that have oc
185. s feature should be enabled NAT Port Numbers See previous page NAT and Local IP Tunnel Address Use this field to define the IP Address for the Local LAN tunneling or NAT Gateway device lt Configured gt See previous page lt Assigned by Remote gt IP Router Release 2 97 5 9 Profile Directory Remote Profile Remote WAN Profile Overview Enabled with GRE Tunnel lt All gt IP Protocol VPN Setup gt window will display This field displays only when GRE Tunnel is set to lt All gt To open the setup window select IP Protocol VPN Setup gt and select ENTER Forcel Networks Router Profile Setup for RemoteUnit WAN Network Thu Jan 31 2002 0 33 48_ gt Protocol Mode Updates GRE_Tunnel IP Route gt Never gt QAI X IPX lt Blocked gt Other lt Blocked gt IP Protocol VPN Setup gt NAT Gateway lt Enabled gt NAT Port Numbers lt Dynamic gt NAT and Local IP Tunnel Address lt Assigned by Remote WAN IP Numbered lt NO gt Forcel Networks Router VPN Setup for remote RemoteUnit Setup Seci Scrollable Tunnel Name Enter Tunnel name up to 11 characters Remote IP Tunnel Address Enter IP Tunnel Address Thu Jan 31 2002 20 35 05 Tunnel Name MEE Remote IP Tunnel Address 0 0 0 0 gt 5 10 IP Router Release 2 97 Profile Directory Remote Profile Remote WAN Profile Overview WAN IP This field is
186. s is an unsuccessful test There is no response within a reasonable amount of time Response Count During successful testing the Response Count field will display the number of times that the Router received an echo back from the device Timeout Count The Timeout Count will increment with each unsuccessful ping During successful testing the Timeout Count field will display a 0 which means that no communications errors have been encountered NOTE A continuous ping test may be intermittently unsuccessful This is an indication that a transmission error may occur with this device during actual data transmission IP Router Release 2 97 7 5 Verification Window Trace Route Trace Route The Trace Route option is used to verify timely and reliable connections The Trace Route utility determines the path a packet follows from source to destination 1 On the Main Menu press TAB until the Ping Utility is highlighted on the Verification option 2 Press SPACEBAR to scroll to Trace Route Forcel Networks Router Tue Feb 5 2002 3 23 54 gt RTR Main Menu Router Version 2 97 Slot 6 Category Selection Management lt System Time Login gt gt Configuration lt Basic Config gt gt Verification ERS gt Statistics lt Run time gt gt System Reports lt Events gt gt Exit lt Logout gt gt Scrollable Use the spacebar to change the selection and hit ENTER 7 6 IP Router Release 2
187. se 2 97 8 5 Statistics Window Run Time IP Router Release 2 97 CHAPTER System Reports Window In this Chapter m Events m Alarms m Networks Servers m Address Tables System Reports Window Displays the log of events for the IP Router To View the Event Log 1 Events Events 9 2 On the Main Menu press TAB until Events is highlighted on the System Reports option lt Forcel Networks Router RTR Main Menu Scrollable Category Management Configuration Verification Statistics System Reports Exit Use the spacebar to change the selection and hit ENTER Tue Feb 5 2002 3 42 07 Router Version 2 97 Selection System Time Login gt gt Profile Directory gt gt Ping Utility gt lt Run time iit gt lt Logout gt gt Slot 6 IP Router Release 2 97 System Reports Window Events 2 Press ENTER The Event Log will display lt Forcel Networks Router Tue Feb 5 2002 3 43 06 gt Event Log for LocalUnit Auto Update lt gt Time Message Count Feb 5 3 33 08 5 Export complete in 0 0 secs 43040 bps 1 Feb 5 3 33 03 4 Login accepted at ADMIN level 1 Feb 5 3 33 03 4 Password changed for ADMIN level 1 Feb 5 3 32 50 5 ADMIN login terminated 1 Feb 5 2 48 51 3 Export complete in 0 0 secs 43040 bps 1 Feb 5 2 48 22 8 Export complete in 0 0 secs 42960 bps 1 Feb 5 2 48 18 4 WAN Link 6 1 1 Down 1 Feb 5 2 48 17 7 Login accepted at ADMI
188. ses gt Configure static addresses for the local devices See Static Addresses on page 4 18 for more information Filters gt Define data filters for this Router See Filters on page 4 22 for more information Firewall Filters gt This option is used to access the Firewall Rules screen which allows the operator to establish firewall filters for this local unit See Firewall Filters Local Profile on page 4 31 for more information Advertise Networks Server gt Enables the unit to advertise all networks and services to all remote units or to advertise to no remotes See Advertise Network Server on page 4 39 for more information lt DHCP Server Client Relay gt Establish the Router as a DHCP Server Client or Relay Agent See DHCP Server Client Relay on page 4 45 for more information lt LAN Collision Threshold gt Adjust the threshold at which excessive LAN collisions trigger an alarm See LAN Collision Threshold on page 4 53 for more information lt Spanning Tree gt Configures the global setup for using the Spanning Tree Algorithm as specified in the IEEE 802 1D specification See Spanning Tree on page 4 56 for more information lt Secondary IP Address gt Add a secondary IP address and subnet to the specified LAN interface The router will then be capable of routing between subnets on the LAN interface or between the LAN subnets and any WAN subnet A maximum of 8 secondary IP addresses can be added to the LAN
189. sions have occurred and have not dropped to minimum level Yellow Flashing Ethernet collision occurring TX Off No Ethernet transmit activity Green Ethernet transmit activity RX Off No current Ethernet receive activity Green Current Ethernet receive activity C 6 IP Router Release 2 97 Troubleshooting Alarms Display Alarms To display Router alarms On the Main Menu System Reports option select Alarms gt or use the SPACEBAR to scroll to Alarms if it not displayed Forcel Networks Router Tue Feb 5 2002 3 43 58 gt RTR Main Menu Router Version 2 97 Slot 6 Category Selection Management lt System Time Login gt gt Configuration Profile Directory gt gt Verification Ping Utility gt gt Statistics lt Run time gt gt System Reports quu NEN Exit Logout gt gt Scrollable Use the spacebar to change the selection and hit ENTER IP Router Release 2 97 C 9 Troubleshooting Alarms This Window provides a listing of any Alarms that have occurred on the Router Each Alarm is listed separately and the Count field will display a value of 1 See Alarms on page 9 4 for more information regarding this feature Forcel Networks Router Tue Feb 5 2002 3 44 34_ gt fllarm Log for LocalUnit Auto Update lt i gt Time Message Count Feb 5 2 48 18 4 WAN Link 6 1 1 Down 1 Press ESC to continue Clear Alarm Once an alarm is identified then the process of clearing it ca
190. sole obligation and BUYER s exclusive remedy for any breach of the software warranty will use commercially reasonable efforts to at its option a correct any reproducible error in the Licensed Software or b replace the defective Licensed Software as follows Should a Severity 1 or 2 warranty defect with the Software occur during the 90 day warranty period Forcel0 Networks will provide in its sole determination either 1 software to resolve the defect to be downloaded into the affected units by the BUYER or 2 a documented workaround to address the issue Severity 1 issues are failures of the Licensed Software to comply with the Force10 Networks software specifications and that completely or severely affect the Force10 Networks Product and its traffic or service capacity or maintenance or monitoring capabilities Severity 2 issues are failures of the Licensed Software to comply with the Force10 Networks software specifications and that result in a major degradation of the Force10 Networks Product so as to impact its system or service performance or significant impairments to network operator control or effectiveness Should a Severity 3 warranty defect with the Licensed Software occur during the 90 day warranty period Force10 Networks will provide assistance to Buyer to determine if a solution or workaround will be provided in a subsequent software release following the reported issue Severity 3 issues are defined as failures of t
191. sponding Remote WAN Profile Setup window Static networks that are reached via the local LAN must be defined by choosing the SETUP Static Networks option on the Local LAN Profile Setup window IP Router Release 2 97 Profile Directory Remote Profile Static VPN Networks NOTE All static routes are considered filters and will be applied toward the maximum allowable number of 500 filters Depending on the GRE Tunnel field setting the Static VPN Networks window display fields are modified The following displays two options GRE Tunnel set to All 1 Select Configuration Profile Directory gt from the Main Menu and press ENTER 2 Select WAN Setup gt on the RemoteUnit line and press ENTER lt Forcel Networks Router Thu Jan 31 2002 20 02 22 gt Profile Directory 1 Configured and 2 Enabled Profile Name Profile Type Recv Send Profile State Directory Router CARD lt Setup gt Wind LocalUnit LAN NONE NONE Setup gt indow 1 RemoteUnit WAN NONE NONE lt gt lt Enabled gt CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for the remote profile IP Router Release 2 97 5 21 Profile Directory Remote Profile Static VPN Networks 3 Set GRE Tunnel to lt All gt Select Setup Static VPN Networks scroll with the SPACEBAR through the options and select ENTER gt Forcel Networks
192. sses 2 0005 4 18 Static Networks 0005 4 11 Local Security Server 0 3 10 Location 2 5593 Soh ERGO URP 6 12 login setup ssseeee nee 2 3 Logout soos nes os baw een TRE 10 2 Loopback 0 00000 00 Glossary 2 M MAC Address 4 29 5 35 7 5 Management Overview 4 2 2 Management Window 2 1 Mask Subnet sve eienh ere lee EP 4 16 MDDS sasaa cerned Ya ee eh Glossary 2 Metric 4 rone rur 22 4 16 5 23 5 25 9 9 Mode Forward 22oivsepRRy PERS PERS 4 24 IP Router Release 2 97 Index N Name xou 3 13 5 47 6 12 Device etane au eee eee ee 4 20 4 29 Remote ovusz ep PLEX WESS 8 5 Name Server NBNS ss 4 49 Names ve sverPpUDRep Ren preme ers 9 9 NAT Gateway svc Sense P Xu Rx REPE EN 5 8 IP Address 0 0 00 c cece ee eee 5 29 NAT Addresses 0 000 cee eee 11 7 NAT Bypass Subnets 5 30 NAT IP Address 00 000 c eee 5 29 NAT PAT 2 ccc cece eee eee 11 5 NetBIOS Name Server 0 00 00 ce eee 4 49 Node Type tase eee EXER 4 49 Network 4 16 4 42 5 23 5 25 5 46 Network Time Protocol 3 20 Networks Servers Frame Type c r9 RR ERES E 9 10 HOPS ecient beth ED ees 9 9 Me tri icm 9 9 Nam escasses ne eR CR eg 9 9 Nebtwotk vosioxsc t EM Eus 9 9 Next Gateway eeeeeees 9 9 Next IPX Router 9 10
193. t Connection WAN Connection Type LCI Select WAN Port Number NW MLPPP ML Fragment Threshold 1600 Scrollable Use the spacebar to change the selection IP Router Release 2 97 5 53 Profile Directory Remote Profile Trunk Port 5 54 IP Router Release 2 97 CHAPTER Basic Configuration In this Chapter Overview Start Basic Configuration Local Unit Identification Routing Protocol Security WAN Interface Connections Remote Unit Profile SNMP Configuration Setup Complete Basic Configuration Overview Overview The Basic Configuration is designed to walk the user through all the Basic Setup to operate the Router effectively This feature can be used at any time to initially setup the Router or to change the configuration of the Router As setup information is entered and the Enter button is selected the next setup item will appear ESC will exit this setup program at any time ENTER will move to the next page or enter the information into the system Start Basic Configuration 1 Select Configuration Basic Config gt gt from the Router Main menu and press ENTER lt Forcel Networks Router RTR Main Menu Scrollable Category Management Configuration Verification Statistics System Reports Exit Use the spacebar to change the selection and hit ENTER Tue Feb 5 2002 2 48 58 gt Router Version 2 97 Selection System Time Login gt gt ait gt
194. t 6 Category Selection Managenent System Time Login gt gt Configuration lt a CN iat gt Verification Ping Utility gt gt Statistics lt Run time gt gt System Reports lt Events gt gt Exit lt Logout gt gt Forcel Networks Router Thu Jan 17 2002 0 45 01 gt Scrollable Profile Directory 1 Configured and 2 Enabled Name Profile Type Recv Send Profile State Router CRRD Setup gt LocalUnit LAN NONE NONE lt gt 1 RemoteUnit WAN NONE NONE Setup gt Enabled gt CTRL A to add CTRL E to erase CTRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for this profile 4 2 IP Router Release 2 97 Forcel Networks Router Profile Setup for LEREMINENND LOCAL Profile Directory Local Profile LAN Network Updates Frame Types Protocol 802 2 Eth II SNAP 802 3 IPX X X X X Other X X X lt Neither gt lt Neither gt LAN IPX Thu Jan 17 2002 20 46 32 LAN IP IP Address Subnet Mask 255 0 0 Default Router 0 0 0 0 802 2 Ext Eth II Ext SNAP Ext 802 93 Ext Setup Static Networks gt Link Speed Editable Please enter a value Local Profile window IP Router Release 2 97 Network Network Network Network 00000000 00000000 00000000 00000000 lt Auto Negotiate gt Overview 4 3 Profile Directory Local Profile LAN Local Profile Setup L
195. t displayed Press ENTER Forcel Networks Router Mon Feb 4 2002 23 43 48 gt Profile Setup for RemoteUnit WAN Network Protocol Mode Updates GRE Tunnel IP lt Route gt lt Never gt lt Disabled gt IPX lt Blocked gt Remote Other lt Blocked gt Profile Window NAT Gateway lt Disabled gt WAN IP Numbered lt NO gt FW Allow Frags lt Disabled gt Setup lt SURVETSRTS Ethie gt gt Setup lt Trunk Port gt gt Scrollable Select the item to be set up and hit ENTER 5 28 IP Router Release 2 97 Profile Directory Remote Profile Static NAT Addresses 4 Press CTRL A to add a Static NAT Address Forcel Networks Router Mon Feb 4 2002 23 45 24 gt RemoteUnit has 1 Static NRT fiddress List Local IP Address NAT IP Address TypePort Local Port NAT Port Static 1 CO 0 0 0 0 lt ALL gt Addresses Window CTRL A to add CTRL E to erase Editable Enter a non zero IP Address Subnet Mask in Dotted Decimal Notation Local IP Address Enter the IP Address of the local device NAT IP Address Enter the NAT IP Address of the desired device TypePort lt ALL gt Selects all port types lt UDP gt Selects UDP port types Local Port Enter a local port Range 1 65535 NAT Port Enter a NAT port Range 1 65535 lt TCP gt Selects TCP port types Local Port Enter a local port Range 1 65535 NAT Port Enter a NAT port Range 1 65535 IP Router Release 2
196. t the OSI application layer Spanning Tree Protocol is a link management protocol that provides path redundancy while preventing undesirable loops in the network For an Ethernet network to function properly only one active path can exist between two stations Glossary 3 Glossary SNMP Simple Network Management Protocol SNMP is the most common method by which network managements applications can query a management agent using a supported MIB Management Information Base SNMP operates at the OSI application layer T1 Trunk Level 1 A digital transmission link with a total signaling speed of 1 544 Mbps T 1 is a standard for the digital transmission in North America Telnet An Internet standard protocol that enables a computer to function as a terminal working from a remote computer Trunk A communication line between two switching systems Glossary 4 IP Router Release 2 97 Numerics 100T Full Duplex 31 bebe eres 4 63 Half Duplex 0000 4 63 10T Full Duplex esses 4 63 Half Duplex 0000 4 63 8022 tun orks ete eeu eee 4 6 802 3 knee Obes hae eR 4 6 A Pc mE 6 12 Add a Firewall Filter Local Profile 4 32 Add a Firewall Filter Remote Profile 5 37 Address Filter Device Name 0 000 cece eee 4 29 MAC Address 0000 cee euee 4 29 Address Tables Auto Update 00000 9 13 Display 4e eye dra as 9 13 Learned From
197. t to Force10 Networks Inc first contact the distributor or dealer from which you purchased the product A Return Material Authorization RM A number is required for all equipment returned to Force10 Networks Inc Call Force10 Networks Customer Support at 1 866 887 4638 US or 1 707 665 4355 International Direct for RMA number repair warranty information and shipping instructions Be prepared to provide the following information Forcel0 Networks serial number s from the system chassis or circuit card s Name of distributor or dealer from which you purchased the product Description of defect IP Router Release 2 97 Preface Notices This manual contains important information and warnings that must be followed to ensure safe operation of the equipment DANGER A DANGER NOTICE INDICATES THE PRESENCE OF A HAZARD THAT CAN OR WILL CAUSE DEATH OR SEVERE PERSONAL INJURY IF THE HAZARD IS NOT AVOIDED CAUTION A CAUTION NOTICE INDICATES THE POSSIBILITY OF INTERRUPTING NETWORK SERVICE IF THE HAZARD IS NOT AVOIDED WARNING A WARNING NOTICE INDICATES THE POSSIBILITY OF EQUIPMENT DAMAGE IF THE HAZARD IS NOT AVOIDED NOTE A Note indicates information to help you understand how to perform a procedure or how the system works Notes should be read before performing the required action IP Router Release 2 97 vii Preface viii IP Router Release 2 97 TABLE OF CONTENTS Preface MEI iii Warranty Procedure
198. t type to be used Port Number Displays the Port Number of the WAN 1 24 WAN Connection Displays the connection slot port channel of each existing WAN WAN Connection Type lt PPP gt Set the connection type to Point to Point Protocol Frame Relay 1490 Set the connection type to Frame Relay per RFC 1490 PPP in Frame Relay Set the connection type to PPP over Frame Relay per RFC 1973 IP Router Release 2 97 6 7 Basic Configuration WAN Interface Connections For Frame Relay Set Option for PVC Management Disabled Disables Frame Relay Annex D gt Set to Annex D which is a Frame Relay standard extension lt LMI gt Set to Local Management Interface LMI rev DLCI 1023 Set Poll Interval Range is between 5 30 Set Poll Counter Range is between 1 255 Forcel Networks Router Tue Feb 5 2002 23 00 39 gt For help call Force1 Networks Technical Support Page 3 of 7 Select the Type of WAN Connection for each connected port Port Number WAN Connection WAN Connection Type 1 A 1 1 1 lt PPP 2 A 1 2 2 lt PPP 3 A 1 3 3 lt PPP 4 A 1 4 4 lt PPP 5 A 1 5 5 lt PPP 6 A 1 6 6 lt PPP 7 A 1 7 7 lt PPP in Frame Relay 8 A 1 8 8 lt Frame Relay 1490 For Frame Relay Set Option for PYC Management LMI Set the Poll Interval 19 Set the Poll Counter 6 MENA NE UNE NE NE Forcel Networks Router Tue Feb 5 2002 For help call Force1 Networks Technic
199. teUni t WAN Network Protocol Mode Updates IP lt Route gt lt Never gt IPM Blocked gt Other lt Blocked gt Does this unit have a numbered IP address assigned on the WAN lt NO gt Connection WAN Connection Type Select WAN Port Number lt gt n 1 1 1 PPP ENTER to go to next field ESC to exit Basic Configuration Scrollable Use the spacebar to change the selection Profile Name Enter a unique name for this Remote Unit Name can be up to 11 characters Protocol IP Mode Route Blocked and Bridge WAN Network Updates Never Periodic and lt Triggered gt IPX Mode Blocked Bridge and Optimized WAN Network Updates Never Periodic lt Triggered gt Other Mode Blocked Bridge and Optimized 6 10 IP Router Release 2 97 Basic Configuration Remote Unit Profile Does this unit have a numbered IP address assigned on the WAN Selection is Yes No If Yes is selected IP Address and Subnet Mask below are listed IP Address Enter the IP Address of the Remote Unit Subnet Mask Enter the Subnet Mask of the above IP Address Select WAN Port Number Selection is None lt 1 gt through lt 24 gt all existing WAN ports are listed Connection Displays the connection information for the selected WAN in the form slot port channel WAN Connection Type Displays the WAN connection type PPP Frame Relay 1490 or PPP in Frame Relay
200. ter Release 2 97 5 19 Profile Directory Remote Profile Static VPN Networks 5 20 Network A Network B Network C Unit E Y 4 Router Enter a static route which Enter a static route which indicates that Network C indicates that Network C may be reached through may be reached through remote Unit B Router 1 To continue with this example if Network B is not configured to advertise Network C to Network A then Network A will not dynamically learn of Network C s existence If you wish to establish a route on Network A to Network C you must define a static route on Network A that indicates that Network C may be accessed through remote Router B To set up a static route you must define the following routing information e The address of the network you wish to reach e How far away from the local LAN the network is located in terms of metric measurement or hops depending on the protocol e Whether the network can be reached on the local LAN via the LAN port or through a remote unit If you are using the local LAN you will also need to define the address either IP or MAC depending on the protocol of the first gateway i e router you will use to reach the network you are defining It is important to note that if the static network 1s reached via a Remote WAN Unit it must be defined by choosing the SETUP Static Networks option on the corre
201. terisk symbol Significant Bits Use this field to identify the number of bits from left to right that will be used to match the IP Address field within the data packet with the value entered into the Local IP Address Network Range is between 1 32 Remote IP Address Network Enter the IP Address of the remote device or network that this rule will affect If you enter the address of a remote device this rule will affect only the session establishments of the remote device and the device network address entered in the Local IP Address Network field above If this rule is to affect any remote devices networks leave this field with the default asterisk symbol Significant Bits Use this field to identify the number of bits from left to right that will be used to match the IP Address field within the data packet with the value entered into the Remote IP Address Network Range is between 1 to 32 IP Router Release 2 97 4 37 Profile Directory Local Profile Firewall Filters Local Profile lt gt Packets which match this rule Use this field to indicate whether a rule match should trigger an Alarm or Log entry Blank A transmission match will not trigger an Alarm or Events log entry Alarm A transmission match will trigger an Alarm entry Log A transmission match will trigger an Events log entry Log or Alarm entries may also be useful when a specific security issue is at stake For example if your security policy does
202. th respect to defects in the Product or Software caused by a modification repair storage installation operation or maintenance ofthe Product or Software by anyone other than Force10 Networks or its agent or as authorized and in accordance with the Force10 Networks Documentation or b the negligent unlawful or other improper use or storage of the Product or Software including its use with incompatible equipment or software or c fire explosion power failures acts of God or any other cause beyond Force10 Networks reasonable control or d handling or transportation after title of the Product passes to BUYER Other manufacturer s equipment or software purchased by Force10 Networks and resold to BUYER will be limited to that manufacturer s warranty Force10 Networks assumes no warranty liability for other manufacturer s equipment or software furnished by BUYER BUYER UNDERSTANDS AND AGREES AS FOLLOWS Except for the limited warranty set forth above the Product License Software and all services performed by Force10 Networks hereunder are provided as is without representations or warranties of any kind Force10 Networks does not warrant that the Product License Software any hardware or software or any update upgrade fix or workaround furnished to BUYER will meet BUYER s requirements that the operation thereof including any maintenance or major releases thereto will be uninterrupted or error free THE WARRANTIES IN THIS A
203. that will be used during the authentication process If lt None gt was selected in the lt Type gt field this field will be disabled Password Enter the password of the local server that will be used during the authentication process You must make sure that the password entered into the server is the same as the value entered here or the authentication process will fail If lt None gt was selected in the lt Type gt field this field will be disabled IP Router Release 2 97 Profile Directory Router Card Profile SNMP SNMP By defining specific IP Addresses devices may be specified to manage the Local Unit via SNMP NOTE The IP Router is compatible with the Standard MIB and MIB II 1 Select SNMP lt Configure gt and select ENTER Forcel Networks Router Wed Jan 16 2002 25 06 12 gt ROUTER Slot 6 Configuration RIP Mode Receive RIP1 gt RIP Mode Send lt RIP1 gt Trunk Configure gt Security Configure gt SNMP gt DNS Proxy Configure gt Spanning Tree Protocol Configure gt Network Time Protocol Configure gt SysLog Configure gt DNS Resolver Configure gt onfigure SNMP Menu IP Router Release 2 97 3 11 Profile Directory Router Card Profile SNMP 2 Usethe SNMP setup window to setup SNMP configurations Forcel Networks Router Wed Jan 16 2002 25 09 33 gt SYS Name a SYS Contact unknown SYS Location unknown SNMP Community Name s Name Address A
204. the SPACEBAR to select Setup Static lt MAC Address or Setup Static IP Address Press CTRL A to add a Static Address Forcel Networks Router RemoteUnit has 1 Static MAC Address Record Setup Static lt MAC Address gt MAC Address 00 00 00 00 00 00 Device Name 1 NEED Forcel Networks Router RemoteUnit has 1 Static IP Address Record Tue Feb 5 2002 60 11 45 gt Static Addresses Window MAC Address Tue Feb 5 2002 20 14 36 gt CTRL_A to add Editable Entd Setup Static lt IP Address gt Device Name IP Address 1 END 0 0 0 0 Static Addresses Window IP Address 5 34 CTRL A to add CTRL E to erase CTRL F to page forward CTRL B to page back Editable Enter a name for the filter IP Router Release 2 97 Profile Directory Remote Profile Static Addresses Static Addresses Fields Setup Static IP Address gt To setup a static IP address MAC Address gt To setup a static MAC address Device Name A user defined name of the LAN device that is associated with this static address Up to 7 characters is allowed for this field MAC Address Enter the MAC Address of the desired device If the static address 1s configured through the Local LAN Profile Setup screen the device can be reached via the local LAN If the static address is configured on a specific Remote WAN Profile screen the device can be reached via that specific remote
205. the Main Menu press ENTER Forcel Networks Router Wed Jan 16 2002 3 24 46 gt RTR Main Menu Router Version 2 97 lot 6 Category Selection Managenent System Time Login gt gt Configuration disaBRC NEMUS gt Verification Ping Utility gt gt Statistics lt Run time System Reports Events Exit Logout Scrollable Use the spacebar to change the selection and hit ENTER 5 2 IP Router Release 2 97 Profile Directory Remote Profile Remote WAN Profile Overview 2 Select WAN Setup gt on the RemoteUnit line and press ENTER Forcel Networks Router Thu Jan 31 2002 20 02 22 gt Profile Directory 1 Configured and 2 Enabled Name Profile Type Recv Send Profile State Profile Router CARD lt Setup gt LocalUnit LAN NONEZNONE Setup gt Directory 1 RemoteUnit WAN NONEZNONE lt gt lt Enabled gt Window CTRL A to add CTRL E to erase CIRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for the remote profile IP Router Release 2 97 5 3 Profile Directory Remote Profile Remote WAN Profile Overview 3 Configure the WAN on this Main window There are additional windows for specific features see the following sections Note The Remote Profile Window will change as options are selected The graphic below displays the window at its default settings Forcel Networks Router Thu Jan 31 2002 20 06 59 Profi
206. the specified service type This field may be used in conjunction with the Name field described below Range 1 FFFF 5 46 IP Router Release 2 97 Profile Directory Remote Profile Filter Network Server Name This field displays the first 11 characters of the name of each known network server If a server is manually added and a server name is not defined all servers matching the added type will be learned and the first 11 characters of their names will be displayed If both the server name and type are defined when the server is manually added then only servers matching both criteria will be learned Filter This field will change depending on the value set in the Selected Items field Use the SPACEBAR to place and X in this field to choose that the Router will Filter the chosen network or server Learn This field will change depending on the value set in the Selected Items field Use the SPACEBAR to place and X in this field to choose that the Router will Learn the chosen network or server IP Router Release 2 97 5 47 Profile Directory Remote Profile Spanning Tree Spanning Tree NOTE This option displays only when Spanning Tree is Enabled on the Router CARD Profile AND the Remote Profile Mode is set to Bridge The Spanning Tree configures the setup for the Spanning Tree Algorithm To Configure Spanning Tree 1 Select Configuration Profile Directory gt from the Main Menu and press ENTER 2
207. ther lt All Ports Local LAN or each of the individual Remotes listed in the Profile Directory The screen will update accordingly as you scroll between options Auto Update Use this field to have this screen automatically update with events while you are viewing the screen On will update the screen every 5 seconds Port Name Displays the information listing by Port IP Address Displays the IP Address of the learned address MAC Address Displays the MAC Address of the learned address IP Router Release 2 97 9 13 System Reports Window Address Tables 9 14 IP Router Release 2 97 cuarrer Exit Window In this Chapter m Logout m Reinitialize Exit Window Logout Logout 1 On the Main Menu press TAB until the Logout is highlighted on the Exit option Forcel Networks Router Tue Feb 5 2002 5 43 14_ gt RTR Main Menu Router Version 2 97 lot 6 Category Selection Management lt System Time Login gt gt Configuration Profile Directory gt gt Verification lt Ping Utility gt gt Statistics lt Run time gt gt System Reports lt Events gt gt Exit E gt gt Scrollable Use the spacebar to change the selection and hit ENTER 2 Press ENTER The system will exit out of the Router Menu Drive software and the following message is displayed Session released on Tue Feb 5 2002 5 41 53 Terminating Forcel Networks Router connection Connection closed by f
208. tion is not displayed scroll to the selection with the SPACEBAR and press ENTER Forcel Networks Router Wed Jan 30 2002 3 12 13 gt Profile Setup for LocalUnit LOCAL Frame Types LAN Network Protocol 802 2 Eth II SNAP 802 3 Updates IP K lt Neither gt IPX lt Neither gt Other Local LA LAN IPX Profile IP Address 0 0 802 2 Ext Network 00000000 Subnet Mask 0 0 Eth II Ext Network 00000000 Window Default Router B SNAP Ext Network 00000000 802 3 Ext Network 00000000 Setup lt I gt Link Speed Ruto Negotiate gt Scrollable Select the item to be set up and hit ENTER Use these windows to review networks that your unit has discovered through the LAN By sending out IPX and IP RIP Routing Information Protocol and IPX SAP Service Advertising Protocol packets and monitoring RIP and SAP packets from other devices your unit can learn about other networks The system constantly monitors RIP packets to ensure that the status of the network has remained unchanged Should a RIP packet indicate a change in status the unit will update the data in the table and exchange the updated data with all remotes 4 40 IP Router Release 2 97 Profile Directory Local Profile Advertise Network Server Forcel Networks Router LocalUnit has 1 configured and learned IP Network Setup dT NP lt Do not Advertise gt Selected Items Wed Jan 30 2002 Advertise Network Do not Ad
209. tocols simultaneously including Frame Relay and PPP The Router provides the flexibility to allow the user to define which slots will be used for the selected WAN protocol 1 Select Trunk lt Configure gt and select ENTER Forcel Networks Router Wed Jan 16 2002 3 34 33 gt ROUTER Slot 6 Configuration RIP Mode Receive lt RIP1 gt RIP Mode Send RIP1 gt Trunk gt Security Configure gt Configure gt DNS Proxy Configure gt Spanning Tree Protocol Configure gt Network Time Protocol Configure gt SysLog Configure gt DNS Resolver Configure gt Provisioned Trunk Protocol Configuration 3 4 IP Router Release 2 97 Profile Directory Router Card Profile Trunk 2 All WAN connections will display in this window To select the WAN Connection Type TAB to the Type on the specific WAN Link use the SPACEBAR to select the Type PPP MLPPP PPP in Frame Relay or Frame Relay 1490 and select ENTER For more information on this window see the following field definitions Forcel Networks Router Wed Jan 2 2002 12 19_ gt Trunk Setup for local LocalUnit 2 of 24 Trunks Provisioned Data WAN Link 8 WAN Connection WAN Connection Type Multilink Group Speed A 1 1 24 lt gt lt None gt lt 64K gt A 2 1 24 lt PPP gt lt None gt lt 64K gt Scrollable Use the spacebar to change the selection Trunk Setup Menu Fields WAN Link This field displays the WAN Link Number 1 24
210. troduction Connecting to the Router Connecting to the Router Establish a Telnet Session 1 Usethe telnet rtr card addr CLI command to connect to the Router card The following example is when the router is located in slot 6 telnet 6 Connected Escape character is Attempting Forcel0 Networks Router connection Router Sat Apr 10 2004 10 51 23 CR to login US 2 Select ENTER or lt CR gt to log in Password 3 Enter default password admin and press ENTER Password gt Select a terminal type space or back space to toggle CR to accept Terminal lt VT100 gt 4 Select Terminal Type scroll through options with the SPACEBAR and then ENTER to select Recommended lt generic gt Terminal generic IP Router Release 2 97 1 5 Introduction Connecting to the Router Set a New Password If you have logged in with a default password for security reasons the password should be changed the system directs the user to do so telnet 3 Connected Escape character is Attempting Forcel0 Networks Router connection Router Wed Apr 10 2004 5 51 21 CR to login Password Select a terminal type space or back space to toggle CR to accept Terminal generic You have logged in with a default password For security reasons the password should be changed Complete the change request and record your new password for future use
211. twork Management Protocol TCP Transmission Control Protocol Port Equal or Range Specify a number or range Number 0 65535 Start Number 0 65535 End Number 0 65535 IP Router Release 2 97 Profile Directory Remote Profile Firewall Filters Remote Profile Telnet User interface to remote unit UDP User Datagram Protocol WAIS Wide Area Information Services Service Establishment Use this field to establish the transmission direction that will be affected by this rule Incoming All session establishments coming from the remote which match the value in the Service field will adhere to the value in the Action field Outgoing All transmissions outbound from the LAN toward this remote which match the value in the Service field will adhere to the value in the Action field In Out Will affect both incoming and outgoing transmissions Local IP Address Network Enter the IP Address of the local device or network that this rule will affect If you enter the address of a local device this rule will affect only the session establishments of the local device and the destination address entered in the Remote IP Address Network field below If this rule is to affect any local devices networks leave this field with an asterisk default symbol Significant Bits Use this field to identify the number of bits from left to right that will be used to match the IP Address field within the data
212. twork Updates Use the LAN Network Updates field to determine whether the Local LAN unit will learn via RIP and SAP packets which networks and services are attached to the local LAN and whether Remote WAN networks and services will be advertised to the LAN If this information is learned it may be advertised to remote devices if advertising is established Use the SPACEBAR to select from the following options lt Both gt lt Neither gt lt Send gt and lt Receive gt IP Router Release 2 97 Profile Directory Local Profile LAN Local Profile Setup When set to Both the local Unit will accept the RIPs and SAPs from the LAN and the networks and services learned from the WAN will be broadcast to the LAN LAN Local WAN Remote unit unit Both send and receive network service information to from LAN The lt Send gt value will enable the local Unit to send to the LAN information regarding the networks and services that it has learned from remote devices on the WAN However the unit will not accept RIPs and SAPs from the LAN Remote unit Send network service information from remote to LAN When this field value is set to Receive the local Unit will monitor the RIPs and SAPs on the LAN learn the available networks and services and then pass this information on to the appropriate remote units on the WAN Network
213. ty schemes that prevent unauthorized users from gaining access to a computer network and or may monitor the transfer of information to and from the network A fragment of data that is packaged into a frame format which comprises a header payload and trailer Each individual short trip that packets make from router to router as they are routed to their destination Internet Protocol Local Management Interface A specification for the use of frame relay products that define a method of exchanging status information between devices such as routers A diagnostic test in which a signal is transmitted across a medium while the sending device waits for its return Million Bits Per Second Network Time Protocol developed to maintain a common sense of time among Internet hosts around the world Many systems on the Internet run NTP and have the same time relative to Greenwich Mean Time Password Authentication Protocol IP Router Release 2 97 Ping Protocol PVC RADIUS RIP SNMP Spanning Tree IP Router Release 2 97 Glossary Packet InterNet Grouper PING is a program used to test whether a particular network destination on the Internet is online i e working by repeatedly bouncing a signal off a specified address and seeing how long that signal takes to complete the round trip No return signal site is down or unreachable Portion is returned trouble with the connection Procedure or set of rules
214. ve these configuration changes qu M i Note Changes will not go into effect until the card is reinitialized 3 28 IP Router Release 2 97 Profile Directory Router Card Profile DNS Resolver After the configuration is saved the DNS Static Host window displays and a Static Host can be added or modifed Wed Jan 16 2002 22 32 14 gt DNS STRTIC HOSTS 1 entries of 33 max Setup for local LocalUnit IP Address Host Name i ONAE CTRL A to add CTRL E to erase Editable Enter a non zero IP Address Subnet Mask in Dotted Decimal Notation Number of Static Hosts set up A maximum of 33 can be entered IP Address IP address of the static host Host Name Enter the filter name with a maximum of 42 characters no spaces or numbers IP Router Release 2 97 3 29 Profile Directory Router Card Profile DNS Resolver 3 30 IP Router Release 2 97 CHAPTER Profile Directory Local Profile In this Chapter Overview LAN Local Profile Setup Static Networks Static Addresses Filters Firewall Filters Local Profile Advertise Network Server DHCP Server Client Relay LAN Collision Threshold Spanning Tree Secondary IP Address Link Speed Profile Directory Local Profile Overview Overview The Local LAN Profile Setup is found in Configuration Profile Directory gt LocalUnit LAN Setup gt Forcel Networks Router Wed Jan 16 2002 3 24 46 gt RTR Main Menu Router Version 2 97 lo
215. vents alarms will not increment the Count field each time they occur Each alarm will be listed separately and the Count field will display a value of 1 Alarm listings will also appear as flashing or bold text entries in the User Event Log Please note that all alarms will generate SNMP traps The Alarm Log is cleared when the Router is reinitialized 1 On the Main Menu press TAB until the Alarms is highlighted on the System Reports option Use the SPACEBAR to scroll to Alarms if it not displayed lt Forcel Networks Router RTR Main Menu Scrollable Category Management Configuration Verification Statistics System Reports Exit Use the spacebar to change the selection and hit ENTER Tue Feb 5 2002 23 43 58 gt Router Version 2 97 Selection System Time Login gt gt Profile Directory gt gt lt Ping Utility gt gt lt Run time ET NENNEN gt Logout gt gt Slot 6 IP Router Release 2 97 System Reports Window Alarms 2 Press ENTER The Alarm Log will display lt Forcel Networks Router Tue Feb 5 2002 3 44 34_ gt Alarm Log for LocalUnit Auto Update mW Time Message Count Feb 5 2 48 18 4 WAN Link 6 1 1 Down 1 Press ESC to continue Auto Update Use this field to have this screen automatically update with events while you are viewing the screen lt On gt will update the screen every 5 seconds lt Off gt will disable
216. vertise Network aM Server 1 10 0 0 0 Window Once the Local Unit has learned of a network you may choose to have the Router advertise broadcast RIP packets on behalf of the actual network Selecting which networks you wish your Local Unit to advertise provides added security by restricting what information is passed on to the remote For added control in network advertising automatic learning may be turned off and using the Static Network windows manually enter the network routes to be advertised Disable Learning On the LAN Profile setup window set LAN Network Updates to Neither On the WAN Profile setup window set WAN Network Updates to Never IP Router Release 2 97 4 41 Profile Directory Local Profile Advertise Network Server 4 42 The Advertise Network Server Window can be used in two ways depending on which Selected Items mode is chosen Do Not Advertise gt Selected Items mode causes the unit to not advertise the learned network to all remotes if you place an X next to the selected item Advertise Selected Items mode causes the unit to advertise the learned network to all remotes if you place an X next to the selected item NOTE Since each network that contains an X next to it consumes a filter choose an approach that consumes the least number of filters With 15 learned networks of which 5 need to be advertised it uses less filters to Advertise 5 networks than to select Do Not Advertise 1
217. w Frags lt Disabled gt Setup ESS gt gt Setup lt Trunk Port gt gt Scrollable Select the item to be set up and hit ENTER 4 Press CTRL A to add a NAT Bypass Forcel Networks Router RemoteUnit has 1 NAT ByPass Record Tue Feb 5 2002 0 03 59 gt NAT Bypass Setup Network Subnet Mask Window 1 CO 0 0 0 0 Network An IP address or host to bypass the NAT Translation in the form of xxx xxx xxx xxx where xxx 1s between 0 255 Subnet Mask Subnet mask of the Network IP address above in the form of xxx xxx xxx xxx where xxx is between 0 255 IP Router Release 2 97 5 31 Profile Directory Remote Profile Static Addresses Static Addresses Use this screen to define static addresses that are based on the Ethernet MAC or IP Address of a specific device on the local LAN Typically the Router would learn of these devices by monitoring LAN WAN packets By defining a static address you are telling the Router the location of the corresponding device before the Router learns where this device resides Static addresses are typically used in a bridging situation Use the Local LAN Profile to define static addresses for devices that are located on the LAN If you wish to establish static addresses for devices on remote LAN s access this screen using the corresponding Remote WAN Profile NOTE Each static address filter will count toward the maximum number of 500 filters 1 Select Co
218. works Often times it is easier to disable the learning mode and manually enter routes rather than review each routing table entry and determine its advertising status As a static routing example let s assume that we have three networks A B and C Network B is connected to Network C via a router and to Network A via a remote Unit Network B may not learn of Network A s existence if advertising was disabled on Router 1 Therefore if you wish to establish an entry in the routing table indicating aroute between Network B and Network C you can define a static route on Network B Network A Network B Network C A B NE Router 1 Enter a static route which Enter a static route which indicates that Network C indicates that Network C may be reached through may be reached through remote Unit B Router 1 IP Router Release 2 97 4 11 Profile Directory Local Profile Static Networks To continue with this example 1f Network B is not configured to advertise Network C to Network A then Network A will not dynamically learn of Network C s existence If you wish to establish a route on Network A to Network C you must define a static route on Network A that indicates that Network C may be accessed through remote Unit B To set up a static route you must define the following routing information The address of the network you wish to reach e How far away from the
219. y Router Card Profile Configuration 2 Select Router CARD Setup gt and select ENTER Forcel Networks Router Wed Jan 16 2002 3 26 16 gt Profile Directory 1 Configured and 2 Enabled Name Profile Type Recv Send Profile State Router CARD MAE gt LocalUnit LAN NONE NONE Setup gt 1 RemoteUnit WAN NONE NONE Setup gt Enabled gt Profile Directory Window CTRL A to add CTRL E to erase CTRL F to page forward CTRL B to page back Hit ENTER to configure the communication information for this profile Forcel Networks Router Wed Jan 16 2002 3 31 95 gt ROUTER Slot 6 Configuration RIP Mode Receive quil b Router RIP pede Send qu gt runi onfigure gt Card Security Configure gt Configuration SNMP Configure gt Window DNS Proxy Configure gt Spanning Tree Protocol Configure gt Network Time Protocol Configure gt SysLog Configure gt DNS Resolver Configure gt Scrollable Use the spacebar to change the selection IP Router Release 2 97 3 3 Profile Directory Router Card Profile RIP Mode Receive RIP Mode Receive Selection is lt RIP1 gt lt RIP2 gt or lt RIP1 RIP2 gt RIP Mode Send Selection is lt RIP1 gt lt RIP2 gt or lt RIP1 RIP2 gt Trunk This window is used to configure the Trunk setup for the Router Although the Router is designed to connect remote sites over dedicated connections the unit supports a number of different encapsulation pro
220. y follow the date with the desired time entry The appropriate time format is HH MM SS hour minute second Press TAB to proceed to the next field IP Router Release 2 97 Management Window System Time Login Daylight Savings Time Adjustment Use this field to enable or disable automatic adjustment of the system clock for Daylight Savings Time Auto Logout Timer This field defines the minutes of inactivity before the current session is terminated The default time is 30 minutes Type the desired auto logout time between 1 255 NOTE Any changes that have not been saved will be lost when the timer is activated View Password Users assigned to this level may view only no changes are allowed The default VIEW password is public This field must be unique from the CONFIG and ADMIN passwords The field may be a 5 15 characters alphanumeric value Config Password Users assigned to this level may view and change all screens The default CONFIG password is config This entry must be unique from the VIEW and ADMIN passwords The field may be a 5 15 character alphanumeric value Admin Password Users assigned to this level may view and change all screens as well as change all three password levels The default ADMIN password is admin This entry must be unique from the VIEW and CONFIG passwords The field value may bea 5 15 character alphanumeric value NOTE If the default login passwords are not changed the user will
221. y the Router to the LAN These include packets received from the WAN as well as internally generated packets For this total to update Auto Update must be lt On gt Errors This field increments as packets are transmitted to or received from the LAN in error This includes RX CRC errors partial frames aborted frames and bad frames and TX retry failures and RX carrier loss errors This does not include bad packets that result from collisions For this total to update Auto Update must be lt On gt NOTE There are WAN protocol packets sent to the telephone company switch even when there are no active calls WAN Packet Totals Use this field to review the number of WAN packets that the local unit has Received Transmitted and contained Errors If Auto Update is set to lt No gt the WAN packet totals will not increment while the screen is displayed Received This field increments as packets are received from the WAN This includes packets from all remote sites For this total to update Auto Update must be lt On gt Transmitted This field increments as packets are received from the LAN and internally generated packets such as network optimization packets which have been transmitted to the WAN For this total to update Auto Update must be lt On gt Errors This field identifies packets that have been transmitted to or received from the WAN in error This includes RX CRC errors partial frames aborted frames long fra
222. yed You must define a server type see TYPE field above however the corresponding server name may be left blank If a server name is not defined all services of the specified type will be learned regardless of the name If the server type and name are specified only server types that match both values will be learned Be aware that the NAME value is case and spacing sensitive Press ESC to save changes and return to the Local LAN Profile Setup window IP Router Release 2 97 Profile Directory Local Profile DHCP Server Client Relay DHCP Server Client Relay Use the options on this window to enable the Router to act as a DHCP server client or relay agent Workstations with DHCP Dynamic Host Configuration Protocol client software will generate a broadcast message requesting an IP Address from a DHCP server As a relay agent the Router will forward these requests to the appropriate server When the server assigns the workstation an IP Address the Router will then send this address back to the appropriate workstation Using this method the DHCP server can reside at a Remote WAN location and the Router can serve as an agent between requesting workstations and the server As a DHCP server the Router can assign up to 254 IP Addresses to DHCP clients on the local LAN It will not assign to clients across the WAN 1 Select Configuration Profile Directory gt from the Main menu select ENTER 2 Select LAN lt Setu
223. yte gt lt 3Byte gt lt 4Byte gt sends a value in 1 2 3 or 4 bytes lt IP gt IP Address in the form xxx xxx xxx xxx where xxx is a number from 0 to 255 lt TEXT gt String with a maximum of 50 characters enclosed in quotes NetBIOS over TCP IP Node Type This option allows NetBIOS over TCP IP clients which are configurable to be configured as described in RFC 1001 1002 The value is specified as a single octet that identifies the client type 1 B node 2 P node 4 M node 8 H node Scope The Scope is a DHCP option that represents a grouping of computers on a subnet using the same NetBIOS name This name has a maximum of 41 characters Name Server NBNS This option specifies a list of RFC 1001 1002 NBNS name servers listed in order of preference Enter the IP address of the NBNS servers IP Router Release 2 97 4 49 Profile Directory Local Profile DHCP Server Client Relay DHCP Mode lt Relay gt The DHCP Relay will forward the DHCP BOOTP requests to the defined address of the remote unit selected gt Forcel Networks Router Wed Jan 30 2002 4 50 59 DHCP Server Client Relay Agent Setup for local LocalUnit DHCP Mode Relay gt Forward DHCP BOOTP Requests to tees at MAMANE DHCP Mode Relay Scrollable Select the remote on which the DHCP Server resides Forward DHCP BOOTP Requests to 1 Atthe 0 0 0 0 field enter the IP address of the remote unit and select ENTER or TAB Th
Download Pdf Manuals
Related Search