IP•Express QE1 User Manual - Engage Communication, Inc.
Contents
1. Solution Normally the ethernet LED flashes each time a packet is transmitted on to the ethernet If no activity is observed router may be defective If LED is on solid the router may have difficulty completing a transmis sion In either case a good test is to remove the router to a stand alone network and retest Cause Can not connect to a hub at 100 Mbps with Autonegotiate turned On Connection drops to 10 Mbps at half duplex Solution Change interface to match what the hub is configured for Can t Communicate with Router TCP IP Cause Workstation not on the same subnet as the router Solution During an initial configuration of a router communication should come from within the same net sub net With no default router the IP Express router will not be able to reply to communication off its own net Cause IP stack on the workstation not configured Solution Ensure that other devices on the same LAN can be pinged or otherwise seen Can t communicate to the router Console Port Cause Baud Rate Stop Bits etc set wrong on communication application 49 Engage Communication IPsExpress User s Guide Solution Ensure the communication software is configured for a fixed asynchronous data rate of 9600 bps 1 stop bit no parity 8 bit fixed flow control none Cause Transmit and Receive Data swapped Solution The console port is configured as a DTE port For connection to other DTE such as a terminal a Nu2. MD5 is now external in the OpenSSL library RC4 support has been replaced with ARC4 support from OpenSSL Blowfish is now external in the OpenSSL library The licence continues Note that any information and cryptographic algorithms used in this software are publicly available on the Internet and at any major bookstore scientific library and patent office worldwide More information can be found e g at http www cs hut fi crypto The legal status of this program is some combination of all these 63 Appendices Engage Communication IPsExpress User s Guide permissions and restrictions Use only at your own responsibility You will be responsible for any legal consequences yourself am not making any claims whether possessing or using this is legal or not in your country and am not taking any responsibility on your behalf NO WARRANTY BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE PROGRAM AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FORA PARTICULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU SHOULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR
3. The two WAN interfaces T1 or E1 are not connected one for one with the remote site Solution Swap the WAN interfaces on one side to ensure Port 1 connects to Port 1 and Port 2 to Port 2 Drop amp Insert Mux Path not passing PBX data Cause PBX not configured to utilize only the T1 or E1 channels designated for the DS1 path Solution PBX must be configured to utilize only the T1 or E1 channels which are not being utilized by the IPsExpress for IP data For example if MLDI interface TEL1 is configured to utilize T1 channels 1 8 the PBX must be configured to use only the remaining channels 9 24 Cause IP Express MLDI serial port TEL2 DS1 port for PBX connection is configured for fractional T1 or E1 Solution Interface TEL2 the DS1 serial interface should be configured for CHANNELS FULL in all cases It is automatically assigned the channels not assigned to TEL1 Cause Improper connection between PBX and IPsExpress MLDI A crossover T1 cable is typically required to connect the PBX to the IPsExpress MLDI See Appendices for crossover T1 cable specifications Test Suggestion Local DTE Loop If using the IP Express with external DCE configure the external DCE for a Local or DTE Loop When con figured in Local Loop a data communication device will loop back the router s Transmit Data to its Receive Data port If connected to a device providing loop the router will show TxD and RxD packets incrementing at the same rate
4. 5dB DSX 1 NN This setting determines the transmitted data TxD waveform to compensate for attenuation on the T1 line Typically Line Build Out is set to the CSU mode where the Build Out is specified in dB In applications where the T1 cabling is short the ExpressRouter is within 20 feet of the network termination set for 0 dB T1 FRAMING ESF D4 Selects whether Extended Super Frame ESF or D4 framing is to be used Typically the T1 service pro 35 Chapter 5 Command Line Interface Engage Communication IPsExpress User s Guide vider specifies T1 CODING B8ZS AMI Selects whether B8ZS or Alternate Mark Inversion AMI line coding is used T1 SPACING ALTERNATE CONTIGUOUS Associated only with fractional T1 this parameter specifies whether the channels are Alternating every other channel or Contiguous adjacent T1 CHANNELS FULL FRACTIONAL NN XX Full will utilize all channels When Fractional is selected additional options are presented NN indicates the first channel to be included and XX is the number of channels used Enter the location of the start channel or DSO of the fractional service Minimum entry is 1 Then enter the total number of channels used seperated by a space E1 Port Configuration Commands E1 DATA NORMAL INVERTED Can be set for Normal or Inverted and must agree with the setting of the DSU CSU on the other end E1 CLOCKING NETWORK INTERNAL Determines
5. Initial Communication with the Router The following are methods of communicating with the Engage router for initial assignment of an IP address Use either method when configuring a new router or a router with an unknown IP address Console Port IPsExpress router and bridge models are equipped with a Console port permitting serial communication using the Command Line Interface CLI detailed in Chapter 6 Command Line Interface The Console port is an RJ45 to DB9 adapter The port is configured as a DTE data terminal equipment port The RJ45 to DB9 adapter is provided with the router which provides a physical interface permitting direct connection to DCE equipment such as a workstation or PC The terminal program for use with the Console port should be configured for serial communication at 9600 Baud 1 Stop Bit No Parity 8 bit fixed flow control none On first establishing the connection the user should login as root No password is configured initially Telnet This method is specifically for the ML DI Another method of assigning an IP address to the router employs telnet Power up the router and immediately attempt a telnet connection to the desired IP address If the Telnet session returns a timeout failure retry im mediately without restarting the router Repeat these retries for up to two minutes When the sequence is successful the login prompt will appear Enter the username root to open the Telnet session There is n
6. Interfaces 41 Inverse Multiplexor Option 41 Drop and Insert Mux Option 41 Drop and Insert Shift Option 42 BERT Test 42 Chapter 7 43 Network Security 43 IP Packet Filtering 43 4 Table of Contents Engage Communication IPsExpress User s Guide Basic Filtering Rules 43 WAN Router Filters 43 Default Packet Deny 43 Filter Rule Ordering 43 Ramifications of these rules 43 Clearing Filters 44 Command Format 44 Filter Entry Mode 44 Filter Command Format 44 Other Commands 46 Examples 46 Chapter 8 49 Troubleshooting 49 Unable to Communicate with the Local Router 49 Ethernet General 49 Can t Communicate with Router TCP IP 49 Can t communicate to the router Console Port 49 High Ethernet Error Count 50 Unable to Communicate with the Remote Site 50 No Serial Port Transmit Data 50 No Serial Port Receive Data 50 Inverse Mux Connection Down 51 Drop amp Insert Mux Path not passing PBX data 51 Test Suggestion Local DTE Loop 51 Port LED Green but Cannot Communicate across WAN 51 TCP IP Connection 51 Can t IP Ping Remote Router 52 Able to Ping Remote Router but not other devices on the Remote IP net 52 SSHD Not Working 52 Appendices 53 IPsExpress Router Specifications 53 Ethernet Port 53 LAN Protocol 53 WAN Protocols 53 Available WAN Interfaces 53 Power Supply 53 Physical 53 IPsExpress Router Specifications 53 Ethernet Port 53 Quality of Service Support 54 LAN Protocol 54 WAN Protocols 54 T1 Fractional T1 Specific
7. Sup 126 255 255 255 18 255 0 0 0 128 0 0 0 191 255 255 255 16 255 255 0 0 192 0 0 0 223 255 255 255 124 255 255 255 0 Table 1 10 100BaseT Port Specification For example the Class C network 192 168 1 0 must utilize a 255 255 255 0 subnet mask in order for RIP v1 to route properly while the Class A network 10 1 1 0 must utilize a 255 0 0 0 subnet mask TYPE T1 E1 RS530 RS232 V 35 Sets the port type Port types T1 and E1 are only available with models which have the internal DSU CSU installed PROTOCOL ENGAGE PPP FRAME RELAY Selects the Engage proprietary WAN protocol or one of two standards based WAN protocols POLL CD ON OFF Applicable only to serial interfaces including RS 530 and RS 232 This defines whether the carrier detect CD signal must be active to bring the WAN connection up WAIT CD ON OFF Applicable only to serial interfaces Set On to specify that the serial interface will operate in synchronous mode only when CD is asserted otherwise it is in asynchronous mode DTR ON OFF Applicable only to serial interfaces and used for dialup connections such as ISDN This asserts the DTR con trol signal for the external DCE TIMEOUT NN Used for dialup connections such as ISDN This permits setting a timeout after which the connection will be brought down in the absence of data Ethernet Interface AUTONEGOTIATION ON OFF Enable or disable IEEE 802 3 Au
8. a BSD licence or a licence more free than that OpenSSH contains no GPL code 1 Copyright c 1995 Tatu Ylonen lt ylo cs hut fi gt Espoo Finland 2 All rights reserved As far as am concerned the code have written for this software can be used freely for any purpose Any derived versions of this software must be clearly marked as such and if the derived work is incompatible with the protocol description in the RFC file it must be called by a name other than ssh or Secure Shell Tatu continues However am not implying to give any licenses to any patents or copyrights held by third parties and the software includes parts that are not under my direct control As far as know all included source code is used in accordance with the relevant license agreements and can be used freely for any purpose the GNU license being the most restrictive see below for details However none of that term is relevant at this point in time All of these restrictively licenced software components which he talks about have been removed from OpenSSH i e RSA is no longer included found in the OpenSSL library IDEA is no longer included its use is deprecated DES is now external in the OpenSSL library GMP is no longer used and instead we call BN code from OpenSSL Zlib is now external in a library The make ssh known hosts script is no longer included TSS has been removed
9. and TEL1StartDSO parameters so that they do not overlap on the TEL1 Channels A warning message is displayed when there is a conflict and behavior is unspecified Channels None Effectively turns off Serial Interface so no data will be sent to TEL1 Channels None is an addition to the exist ing Channels syntax which would make it T1 E1 Channels Full None Fractional NN XX NN Y Z MM Y Z Example If the TEL1 WAN channels are 1 5 the TEL2 channels are 1 16 and the TEL3 channels are 1 4 and you want TEL2 channels on 6 21 of TEL1 and TEL3 channels on 22 25 of TEL1 and turn off TEL4 data it would look like this Interface S1 E1 Channels 1 5 Interface S2 E1 Channels 1 16 E1 TEL1StartDSO 6 Interface S3 E1 Channels 1 4 E1 TEL1StartDSO 22 Interface S4 37 Chapter 5 Command Line Interface Engage Communication IPsExpress User s Guide E1 Channels None Config NAT Commands Network Address Translation provides commands to enable and disable the feature as well as for querying status An invalid response will be returned if the NAT option is not installed NAT ON OFF Used to enable NAT NAT GLOBAL ADDRESS addr Used to enter the Global Address to which the IP Express router is to respond SHOW NAT Responds with the NAT enable disable status and the configured NAT global address BERT Pattern Generation and Detection NOTE The BERT Patteren Generation and Detection was available on L
10. and save the response listing to a file Note All Static Routes require an explicit TCP IP Network Address including the route to the Default Router A route to IP Address 0 0 0 0 is not permitted instead the default router s IP network is specified Example Configurations Common IPsExpress configurations are detailed in this section The command line configuration listing is shown for each example and text file versions of the listings are provided on a disk which ships with each IPsExpress router Example 1 Basic IP Express Connection for Enterprise Scenario This basic IP Express router example illustrates the minimum configuration required to achieve a fully func tional network connection between two sites which are not connected to the global Internet IP addressing requirements are greatly simplified when the user can assign private or reserved IP addresses such as those shown here rather than work within the constraint of globally unique IP addresses For further informa tion on IP addressing see Chapter 3 Network Planning The IP networks must be unique at each site This differs from bridged networks which maintain a single IP network across the two sites For example site 1 uses an IP addresses within network 192 168 1 0 24 and site 2 utilizes the network ad dress 192 168 2 0 24 Note the following e Atypical convention is to assign the routers the first address in the block Here the first ethernet router is con
11. are the only parameters required for the Ethernet interface The subnet mask can be entered in long or short form Examples e IPADDRESS 192 168 1 1 255 255 255 0 e IPADDRESS 192 168 1 1 24 BROADCASTRCV OFF ON The Ethernet interface can be configured to disable the reception of Broadcast and Multicast packets The IP protocol uses broadcast packets to resolve the Ethernet MAC Address of the destination IP BROADCASTRCV OFF requires that the Destination IP Express or the Default Router and any local device that wants to communicate with the IPsExpress needs to be configured with the MAC address of the unit in its ARP table Due to the complexity involved in setting up the IP Address to Ethernet MAC addresses manually it is recommended that BroadcastRCV is set to On unless broadcast storms are expected on the network where the IP Express reside Typically if BroadcastRCV is set to Off the Tube Ether ARP and Tube Ethernet Address need to be config ured with the MAC address of the IP Express packet s Ethernet destination refer to Interface TEL1 Since the destination for the IPsExpress packet will have its broadcast receive turned Off also SSHD Configuration Commands SSHD On Off Enables or disables the SSH Server SSHD Port lt port number gt Specifies the TCP port number for incoming SSH sessions SSHD HostKey Enter lt OpenSSH DSA Key gt Configures the SSH Server host key The SSH Server must have a host key for an SSH
12. at 1 544 Mbps Note fracT1 running at 56Kbps is not interoperable with 56Kbps DDS service All configuration items including Line Coding Framing and TxData timing are configurable using the Com mand Line Interface Two Engage routers with internal T1 fracT1 DSU CSU interfaces can be connected back to back for bench testing A crossover cable is required see Appendices Additionally one of the two units should be set for Internal rather than Network timing Note Always configure the T1 DSU CSU before connecting to a T1 line as improperly configured T1 circuitry can result in excessive serial errors which can impair communication to the router even over Ethernet E1 fractional E1 DSU CSU Option The internal E1 fractional E1 DSU CSU permits direct connection to a E1 fracE1 interface as provided by the telecommunications service provider This connection uses an RJ45 jack E1 fracE1 circuits use pins 1 amp 2 for RxData and 4 amp 5 for TxData An RJ45 to DB15 adapter cable is available if the E1 line is terminated in a 15 pin D connector See Appendices for E1 pinout and cable specification The E1 fracE1 interface can be set to run at rates from 64Kbps up to full E1 speed of 2 048 Mbps All configurations items including Line Coding and Clock Source and Framing are configurable using the Command Line Interface Inverse Multiplexor Option The Inverse Multiplexor Option is available on dual port DLT1 DLE1 and GT1 GE1 IP
13. control 21 File Transfer Control e telnet 23 Telnet smtp 25 Simple Mail Transfer email nicname 43 Who Is e domain 53 Domain Name Server gopher 70 Gopher e finger 79 Finger www http 80 World Wide Web HTTP tcp flags can be one or more of the following ACK URG PSH RST UDP expressions are identical to TCP expressions though the values of Protocol Ports differ UDP SRC lt op gt lt value gt DST lt op gt lt value gt Common UDP ports include nicname 43 Who Is e domain 53 Domain Name Server e tftp 69 Trivial File Transfer gopher 70 Gopher e finger 79 Finger ICMP expressions are used to filter on ICMP datagram types and have the format ICMP TYPE lt op gt lt value gt where Op is a relational operator of the following set 45 Chapter 7 Network Security Engage Communication IP Express User s Guide l gt gt lt lt Value is an integer ICMP type Examples include e 0 ICMP Echo Reply 8 ICMP Echo Reguest IP expressions are used to filter on IP fragments and options and include FRAGMENTS SOURCE ROUTE RECORD ROUTE Other Commands Delete interface LAN1 LAN2 TEL1 TEL2 TEL3 TEL4 in out src addr dest addr type op tions all This command is used to delete a packet filter The arguments are similar to the Permit Deny commands By default filters will only be deleted if they match the arguments exactly If All is used then
14. has turned up all of the necessary PVCs Cause Router on the other end not running IETF Frame Relay Ensure that no proprietary Frame Relay pro tocol is in use TCP IP Connection 51 Chapter 8 Troubleshooting Engage Communication IPsExpress User s Guide An IP Ping program is the best tool for troubleshooting TCP IP connectivity As a sanity check first ensure you can ping the local router If unsuccessful go back to Can t Communicate with the Local Router section Can t IP Ping Remote Router Cause Ping workstation does not have Default Gateway or Router set In the workstation s IP configura tion alongside workstation s own IP address and subnet mask you must provide the IP address of the device a router to which all packets destined off the local net should be sent If the Engage router is the only router on the IP network use its IP address for Default Gateway If there is another router on the net see next item Cause Another router on the net serving as Default Gateway for all net workstations does not know about the remote IP nets the new Engage router brings to the picture This device must be provided with static route s through the local Engage router to the remote IP nets subnets Cause Engage router improperly configured to use RIP Engage routers support one routing protocol RIP v1 which automates the exchange of routing information between routers and is suitable for simple IP network con
15. ones e g 24 In this way a typical IP address for a host on a network would be written 192 168 1 5 24 In this example the Net ID is the first three bytes 192 168 1 and the Host ID is the last byte 5 Possible val ues for the Host ID in a 24 subnet range from 1 to 254 The Net ID is a unique identifier for the network to which the Host is attached it must not conflict with any other Net ID on the internet The Host ID is a unique identifier for the device on that network it must not con flict with any other Host ID on that physical network An IP network is typically identified by the lowest order Host ID Thus the above network would be identified as 192 168 1 0 24 Not that this is not a valid IP address instead it specifies a valid IP network Global vs Private IP Addresses IP addresses on the global Internet must be unique For any connection to the Internet the user should obtain IP address space from their ISP or directly from ARIN the American Registry for Internet Numbers www arin net or other international registering bodies An autonomous network not connected to the Internet is not restricted to the use of globally unique address es For enterprise users not connecting to the Internet it is advised they utilize IP addresses from the follow ing three blocks of IP address space which are reserved for private internets 10 0 0 0 to 10 255 255 255 172 16 0 0 to 172 31 255 255 22 Engage Communication I
16. use of an Engage cable since there are multiple standards for implementing V 35 signaling through DB25 connectors Ensure the DCE does supply RxCk Solution Router is not getting Receive Data RxD from the DCE Same cabling issues as previous item on RxCk Solution Remote router is not transmitting data Have a user at remote site verify the router is transmitting data Solution Telco path is not complete Have the telephone company perform loop tests to ensure their connec tion to both end points is working On leased lines this simply involves breaking the link and performing Loop Tests to the DSU CSU or other customer equipment in each direction Frame Relay involves more parties but the local loop to the customer router equipment can be looped up and tested Solution All Receive Data RxD is arriving in error Receive Packet count is not moving but the Total Error Count is increasing and all are Receive Errors Quality of the line is very poor have the telco test it out Solution All Receive Data RxD is arriving in error Receive Packet count is not moving but the Total Error Count is increasing and all are Receive Errors DSU CSU is improperly configured for the line usually only the case in T1 fractional T1 lines Unplug from T1 line and confirm the line coding framing etc with the T1 Chapter 8 Troubleshooting Engage Communication IPsExpress User s Guide provider Inverse Mux Connection Down Cause
17. x 1 63 inches Non Hub model dimensions 8 75 x 5 50 x 1 63 inches e Weight approximately 2 Ibs excluding external power adapter IPsExpress Router Specifications Ethernet Port e 10 100 BaseT Full Half Duplex Ethernet e Autonegotialtion or configurable Speed and Duplex 53 Engage Communication IPsExpress User s Guide Quality of Service Support LAN Protocol WAN Protocols Interoperability with RFC 1717 TCP IP Engage Proprietary Point to Point Protocol PPP Frame Relay T1 Fractional T1 Specifications One to Four Port Models Connects directly to T1 Line or to a DS1 interface with a Crossover Cable Framing ESF or D4 Coding B8ZS or AMI Supports DSO assignments from 1 to 24 Up to four Available WAN Interaces Power Supply RS 530 RS 232 V 35 DB 25 female Internal T1 fracT1 DSU CSU Internal E1 fracE1 DSU CSU External 24 Volts AC 1Amp with standard AC plug International power supplies are available from Engage FTP Online Upgrade Capable FLASH ROMs Management Physical IP Express is fully operational during upgrade Telnet support with Edit and Paste Template Files Console Port for Out of Band Management SNMP support MIB MIB II Remote configuration amp monitoring Standard 19 inch rack mount kit available Dimensions 9 x 7 3 x 1 63 inches Weight approximately 3 Ibs excluding external power adapter 54 Appendices Engage Communication IPsExpress User
18. 1 Scenario This sample configuration details an IP Express connection over a leased E1 connection running PPP The hardware in this example is the IP Express XL E1 with internal E1 DSU CSU configured for full E1 Command Line Listing Router Name IPExpress GE1 Router Contact Francois Router Location HQ IP Default router 205 1 34 1 Static Routes Network Next Hop Cost Interface DLCI IP Route 209 23 44 0 24 10 223 10 17 1 s1 Router Ethernet Interface parameters Interface E1 IP Address 205 1 34 2 24 IP RIP On Router Serial Interface1 parameters Interface S1 Type E1 Protocol Engage DTR On E1 Data Normal E1 Clocking Network E1 Framing CRC4 E1 Coding HDB3 E1 Channels Full IP Address 10 223 10 18 30 IP RIP Off Example 7 Network and Port Address Translation Scenario This sample configuration shows an Engage IP Express router translating private network addresses to a global IP address The NAT function performs IP Port Address Translation PAT on a single Global IP ad dress The NAT also provides a type of firewall by only allowing communication to those connections that are established from the internal side of the network NAT enables users to create networks with large blocks of internal addresses without being restricted to a very limited supply of global addresses NAT simplifies net work administration by permitting more flexible internal addressing schemes Internal private address range
19. 1 dst gt 1023 ack permit 157 22 234 115 0 0 0 0 tcp src 20 dst gt 1023 configure so those on 157 22 234 112 can Telnet out filter in permit 0 0 0 0 157 22 234 112 28 tcp src 23 dst gt 1023 ack filter out permit 157 22 234 112 28 0 0 0 0 tcp src gt 1023 dst 23 47 Chapter 7 Network Security Engage Communication IPsExpress User s Guide Example 4 This filter applied to serial port input of a router on the 204 22 233 24 network permits HTTP DNS and SMTP By default all other services including FTP and Telnet are denied The standard anti spoofing filter is also present Note Since there are no filters on serial port Out all packets in that direction are allowed interface TEL1 filter in prevent spoofing deny 204 22 233 0 24 0 0 0 0 ip permit HTTP permit 0 0 0 0 204 22 233 0 24 tcp src gt 1023 dst 80 permit 0 0 0 0 204 22 233 0 24 tcp src 80 dst gt 1023 permit DNS permit 0 0 0 0 204 22 233 0 24 udp src gt 1023 dst 25 permit 0 0 0 0 204 22 233 0 24 udp src 25 dst gt 1023 permit 0 0 0 0 204 22 233 0 24 tcp src gt 1023 dst 25 permit 0 0 0 0 204 22 233 0 24 tcp src 25 dst gt 1023 permit SMTP permit 0 0 0 0 204 22 233 0 24 tcp src gt 1023 dst 25 permit 0 0 0 0 204 22 233 0 24 tcp src 25 dst gt 1023 48 Chapter 7 Network Security Chapter 8 Troubleshooting Wide Area Network system are subject to problems from a variety of sources Fortun
20. 10 10 2 24 IP Broadcast ONES address 255 255 255 255 IP RIP On Interface S1 Type T1 Protocol PPP DTR On T1 Data Normal IP Address 201 11 11 2 30 IP RIP Off Interface S2 Type T1 Protocol PPP DTR On T1 Data Normal IP Address 202 12 12 66 26 IP RIP Off Example 3 IPsExpress DLT1 IPM Inverse Multiplexing 2 T1 lines Scenario This sample configuration shows a connection between two dual port T1 IP Express routers utilizing Engage s Inverse Packet Multiplexing IPM By combining the bandwidth of two T1s the user obtains a throughput of 3 Mbps The configuration for one of the routers is provided below Note the following The RIP routing protocol is enabled over the WAN connections This ensures a level of redundancy Should one T1 link fail all traffic is automatically routed over the working link Additionally no static routes are required pointing to the opposite LAN Inverse Packet Multiplexing functions only with the PPP WAN protocol Inverse Packet Multiplexing requires that port 1 of the local router connect to port 1 of the remote unit and port 2 to port 2 Query the status of the IPM with the command Show Inverse Mux The default router resides on the same LAN as the IP Express Ethernet interface there fore no static route is required to point to the default router Command Line Listing config Router Name IPExpress DL 2T1 IPM Router Contact John Hill Router Location 6th Street IP
21. 192 168 1 0 24 e External globally routable address 200 100 50 1 32 18 Chapter 2 Installation QuickStart Engage Communication IPsExpress User s Guide Command Line Listing Router Name Corp Router Router Contact James Router Location Cook Rd IP Default router 10 10 10 2 NAT ON NAT GLOBAL ADDRESS 200 100 50 1 Static Routes Network Next Hop Cost Interface E1 IP Address 192 168 1 1 24 IP Broadcast ONES address 255 255 255 255 IP RIP On Interface S1 Type T1 Protocol PPP DTR On IP Address 10 10 10 1 30 IP RIP Off Example 8 IP Express GT1 GE1 Scenario Interface DLCI This sample configuration shows a four port IPsExpress QT1 QE1 which has one static route pointing to a single IP network All of the four WAN ports are active When the inverse multiplex option is on as in this ex ample and the WAN ports are configured to run PPP the IP Express QT1 QE1 will run multilink PPP Command Line Listing Router Name Receiver Router Contact No contact specified Router Location No location specified IP Default router Inverse Mux On Interface LAN1 IP Address 192 68 10 1 24 IP Broadcast ONES address 255 255 255 255 IP RIP On Interface TEL1 Type T1 Protocol PPP T1 Data Normal T1 Clocking Network T1 LBO CSU OdB T1 Framing ESF T1 Coding B8ZS T1 Channels Full 19 Chapter 2 Installation uickStart Engage Communication IPsExpress User s Guide IP Address IP R
22. A OR PROFITS WHETHER IN AN ACTION 68 Appendices Engage Communication IPsExpress User s Guide OF CONTRACT NEGLIGENCE OR OTHER TORTIOUS ACTION ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE Some code is licensed under a MIT style license to the following copyright holders Free Software Foundation Inc Permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish F distribute distribute with modifications sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
23. BX voice traffic is carried between the DS1 port interface s2 and the TELCO port interface s1 In this example the E1 bandwidth is divided evenly between data and voice traffic with E1 channels 1 15 utilized for data and E1 channels 16 30 utilized for voice Also note the following Bandwidth configuration is required for interface s1 only The remaining E1 bandwidth is automatically assigned to interface s2 If interface s2 is allocated partial bandwidth idle characters are transmitted out the unallocated channels disrupting the IP data routing path In contrast the PBX which connects to the DS1 interface s2 must be configured for just the channels of the E1 interface which it will utilize in this example E1 channels 15 30 14 Chapter 2 Installation QuickStart Engage Communication IP Express User s Guide The T1 or E1 clock source must be synchronous between the TELCO interface s1 and the DS1 interface s2 This is accomplished by setting the E1 Clocking to Network for interfaces s1 and s2 One potential issue for T1 applications involves the use of the 24th channel for D signal ing by some PBX systems This can result in the PBX mistakenly interpreting IP data on that channel as voice calls The PBX should be configured to not utilize this 24th channel as signalling Command Line Listing Router Name IPExpress MLDI E1 Router Contact Ted Arnold Router Location 1101 Broadway IP Default route
24. CORRECTION IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER OR ANY OTHER PARTY WHO MAY MODIFY AND OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE BE LIABLE TO YOU FOR DAMAGES INCLUDING ANY GENERAL SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES ORA FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES 2 The 32 bit CRC compensation attack detector in deattack c was contributed by CORE SDI S A under a BSD style license Cryptographic attack detector for ssh source code Copyright c 1998 CORE SDI S A Buenos Aires Argentina All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that this copyright notice is retained THIS SOFTWARE IS PROVIDED AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES ARE DISCLAIMED IN NO EVENT SHALL CORE SDI S A BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES RESULTING FROM THE USE OR MISUSE OF THIS SOFTWARE Ariel Futoransky lt futo core sdi com gt lt http www core sdi com gt 3 ssh keyscan was contributed by David Mazieres un
25. Client to accept a connection from the Server The lt OpenSSH DSA Key gt must be in OpenSSH format 34 Chapter 5 Command Line Interface Engage Communication IPsExpress User s Guide Units shipped with this base firmware or later versions have an SSH Server host key already configured Use this command to change the host key Units running base firmware that did not previously support SSH will need to run this command after an up grade to a version that supports SSH Most SSH Client software have the facility to generate an OpenSSH host key The text of a key generated by client software can be used as the lt OpenSSH DSA Key in the SSHD HostKey Enter command Note When creating a key do not enter a pass phrase Note There will be two keys generated when creating a key use the file without the pub extension Example OpenSSH provides the sys keygen program Run ssh keygen b 1024 t dsa f lt filename gt ssy keygen creates a private key in filename and a public key in filename pub Enter the text of the private key as the lt OpenSSH DSA Key in the SSHD HostKey Enter command SecureCRT can create an OpenSSH format private key In the tools menu select Create Public Key Exe cute the Key Generation wizard to create a client key the client key can be used as a host key Choose type DSA and 1024 bits Select OpenSSH format when it saves the private key in afile Used the saved file as the input to the SSHD HostKe
26. DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE This product includes cryptographic software written by Eric Young eay cryptsoft com This product includes software written by Tim Hudson tjh cryptsoft com i Original SSLeay License Copyright C 1995 1998 Eric Young eay cryptsoft com All rights reserved This package is an SSL implementation written by Eric Young eay cryptsoft com The implementation was written so as to conform with Netscapes SSL This library is free for commercial and non commercial use as long as the following conditions are aheared to The following conditions apply to all code found in this distribution be it the RC4 RSA Ihash DES etc code not just the SSL code The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson tjh cryptsoft com Copyright remains Eric Young s and as such any Copyright notices in the code are not to be removed If this package is used in a product Eric Young should be given attribution as the author of the parts of the library used This can be in the form of a textual message at program startup or in doc
27. DTR Prepares the DCE to be connected to the phone line then the connection can be established by dialing En ables the DCE to answer an incoming call on a switched line 75 Glossary
28. Default router 10 1 1 1 Inverse Mux On Interface LAN1 Autonegotiation On IP Address 10 1 1 2 24 IP RIP On Arp Off 13 Chapter 2 Installation QuickStart Engage Communication IP Express User s Guide Interface TEL1 Type T1 Protocol PPP T1 Data Normal T1 Clocking Network T1 LBO CSU OdB T1 Framing ESF T1 Framing ESF T1 Coding B8ZS T1 IdleCharacter 0x7e T1 Channels Full IP Address 000 000 000 000 IP RIP On Interface TEL2 Type T1 Protocol PPP T1 Data Normal T1 Clocking Network T1 LBO CSU OdB T1 Framing ESF T1 Coding B8ZS T1 IdleCharacter Ox7e T1 Channels Full IP Address 000 000 000 00 IP RIP On Example 4 Drop and Insert Mux Application with IPsExpress ML DI E1 Scenario Engage IP Express MLDI models provide dual T1 or E1 ports plus the Drop and Insert Mux capability to per mit the utilization of a single T1 or E1 line for both IP data traffic and PBX voice traffic Additionally the unit has an integrated four port 10BaseT hub providing a one box networking solution in many applications The customer data network LAN connects to any of the ethernet ports and data traffic is routed between the IP Express ethernet interface designated interface e1 in the CLI and the TELCO interface designated interface s1 The customer voice network typically a connection to a PBX connects to the DS1 port This connection typi cally requires a T1 crossover cable see Appendices for pinout P
29. Express models A proprietary inverse multiplexing technology provides a highly efficient utilization of two T1 or E1 connections yielding an aggregate bandwidth of 3 Mbps for T1 4 Mbps for E1 Connection between the two IPsExpress routers must ensure that Port 1 on one unit connects to Port 1 on the other and Port 2 connects to Port 2 The Inverse Multiplexor Option must be enabled with the CLI command INVERSE MUX ON OFF See Chapter 6 Command Line Interface for details on the configuration and status query for Inverse Multi plexing Drop and Insert Mux Option Engage IP Express MLDI models provide a Drop and Insert Mux capability to permit the utilization of a single T1 or E1 line for both IP data traffic and PBX voice traffic The customer data network LAN connects to any of the Ethernet ports and data traffic is routed between 41 Chapter 6 Configuration and Operation Engage Communication IPsExpress User s Guide the IPsExpress Ethernet interface designated interface LAN1 in the CLI and the TELCO interface desig nated interface TEL1 The customer voice network typically a connection to a PBX connects to the DS1 port In most cases a Crossover T1 cable is required for this interconnection See Appendices for Crossover T1 specifications PBX voice traffic is carried between the DS1 interface and the TELCO interface Configuration of the Drop and Insert Mux option requires defining the T1 or E1 bandwidth divisio
30. HOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The licence and distribution terms for any publically available version or derivative of this code cannot be changed i e this code cannot simply be copied and put under another distribution licence including the GNU Public Licence 72 Appendices Glossary Terms and Concepts Before using the Engage Router you should be familiar with the terms and concepts that describe TCP IP If you are experienced with internet routers these terms may already be familiar to you General Networking Terms Network A network is a collection of computers server devices and communication devices connected together and capable of communication with one another through a transmission medium Internet An internet is any grouping of two or more networks connected by one or more internet routers Network Services Network services are the capabilities that the network system delivers to users such as print servers file servers an
31. IP Address Subnet Mask format which defines the subnet mask by its integer number of 1 s Examples IP Address Subnet Mask No of 1 s Addr Mask format 157 22 23 41 255 255 0 0 16 157 22 23 41 16 202 55 33 50 255 255 255 0 24 202 55 33 50 24 204 11 39 18 255 255 255 192 26 204 11 39 18 26 207 22 88 92 255 255 255 248 29 207 22 88 92 29 The long form of the subnet mask is also accepted 207 22 88 92 255 255 255 248 If no mask is entered the subnet mask for the address class is used Below is a list of standard Class C Sub nets 4 Byte Representation Number of 1 s 255 255 255 0 24 255 255 255 128 25 255 255 255 192 26 255 255 255 224 27 255 255 255 240 28 255 255 255 248 29 23 Chapter 3 IP Network Planning Engage Communication IPsExpress User s Guide 255 255 255 252 30 IP Network Representation The Engage command line interface identifies a Network or Subnet by using the first the zero address of the subnet Examples of this convention Address Range Mask Representation 202 55 33 0 to 202 55 33 255 255 255 255 0 202 55 33 0 24 204 99 13 64 to 204 99 13 127 255 255 255 192 204 99 13 64 26 207 22 88 8 to 207 22 88 15 255 255 255 248 207 22 88 8 29 Multicasting Using Engage Routers There are a few things needed to set up the IP Express for Multicasting Bridging must be set to OFF for both units The sending IP Express encoder side must have a static route to the receiving uni
32. IP Express please contact the Engage Communication Service Center If the equipment is causing harm to the telephone network the telecommunications service provider may request that you disconnect the equipment until the problem is resolved Engage Communication Service Center Phone U S 1 831 688 1021 Fax 1 831 688 1421 Email support engageinc com Web www engageinc com Table of Contents Chapter 1 Introduction About this Guide Organization Intended Audience The IP Express Router Family Special Features The Inverse Packet Multiplexer feature SNMP Support Chapter 2 Installation QuickStart Initial Communication with the Router Console Port Telnet This method is specifically for the ML DI Editing and Saving Configurations Example Configurations Example 1 Basic IP Express Connection for Enterprise Example 2 IPsExpress Multiple Routes to Multiple Sites Example 3 IP Express DLT1 IPM Inverse Multiplexing 2 T1 lines Example 4 Drop and Insert Mux Application with IPsExpress ML DI E1 Example 5 IP Express GT1 Leased Line to an ISP Example 6 IP Express DL E1 Example 7 Network and Port Address Translation Example 6 IP Express G E1 Example 7 Network and Port Address Translation Example 8 IPsExpress GT1 GE1 Example 9 IP Express E2 Chapter 3 IP Network Planning TCP IP and Wide Area Networks IP Addressing Global vs Private IP Addresses Routing between Networks Addressing conventions Multicasting Us
33. IP On Interface TEL2 Type T1 Protocol PPP T1 Data T1 Clocking T1 LBO T1 Framing T1 Coding T1 Channels IP Address IP RIP On Interface TEL3 Type T1 Protocol PPP T1 Data T1 Clocking T1 LBO T1 Framing T1 Coding T1 Channels IP Address IP RIP On Interface TEL4 Type T1 Protocol PPP T1 Data T1 Clocking T1 LBO T1 Framing T1 Coding T1 Channels IP Address IP RIP On Normal Network CSU OdB ESF B8ZS Full Normal Network CSU OdB ESF B8ZS Full Normal Network CSU OdB ESF B8ZS Full Example 9 IP Express E2 Scenario This sample configuration shows a IPsExpress E2 interconnecting two LANs and having a default router that is on the second LAN Command Line Listing Router Name IP Express E2 Router Contact Francisco Francisco Router Location Suite 200 IP Default router 192 168 2 15 20 Chapter 2 Installation QuickStart Engage Communication IPsExpress User s Guide Interface LAN1 AutoNegotiation On IP Address 192 168 3 1 24 IP Broadcast ONES address 255 255 255 255 IP RIP On Interface LAN2 AutoNegotiation On IP Address 192 168 2 2 24 IP Broadcast ONES address 255 255 255 255 IP RIP On IP Cost 1 IP Broadcast ONES address 255 255 255 255 IP RIP On 21 Chapter 2 Installation QuickStart Chapter 3 IP Network Planning This chapter provides basic information on network planning for IP internetworks Included are descriptions of IP a
34. L Config Inverse Multiplexor Commands Inverse Multiplexing provides commands to enable disable and to query the status If the Inverse Multiplexor option is not enabled on the IPsExpress router these commands will result in an invalid command response INVERSE MUX ON OFF Used to enable the Inverse Multiplexing mode SHOW INVERSE Provides the status of the Inverse Multiplexing operation on each of the two ports Inverse Mux On Serial Port 1 Inverse Mux Status ACTIVE Serial Port 2 Inverse Mux Status ACTIVE Note ACTIVE occurs when both ports have successfully Inverse Multiplexed Inverse Multiplexing requires the connection of Port 1 to Port 1 and Port 2 to Port 2 on the connected IPsExpress routers Config Drop and Insert Shift Commands ClockingMaster TEL1 TEL2 TEL3 TEL4 Internal Network This is configured at the system level This sets the Master Clock of the circuit None of the Serial Interfaces will have an T1 E1 Clocking parameter TEL1StartDSO NN TEL1StartDSO specifies how this ports DSOs are mapped onto TEL1 The position of this port s first specified channel is moved into the TEL1 DSO position specified by TEL1StartDSO For example if this port is using channels 5 8 and TEL1StartDS0 is 9 then this port s channels 5 8 are mapped onto TEL1 channels 9 12 If the TEL1StartDSO is 1 then this ports channels 5 8 are mapped onto TEL1 channels 1 4 Care must be taken to select each port s Channels
35. L RIP STATIC Lists IP routes If no argument is provided all IP route types are listed The IP Route type indicates the source from which the router learned the route Local routes are those routes to which the router is directly attached If RIP the Routing Information Protocol is enabled in the router configuration routes learned through the exchange of RIP packets will be listed Static routes are those defined explicitly in the router configuration SHOW FILTERS provides a listing of all Filters on all interfaces SHOW IP STATISTICS provides more detailed Statistics on IP packets only SHOW CONFIG ALL provides a list of all configuration parameters No argument is the same as All This list provides the methodology for storing a router configuration into a local text file The full configuration can be edited offline SHOW CONFIG INTERFACE LAN1 LAN2 TEL1 TEL2 TEL3 TEL4 If no interface is specified either the current interface per the Interface command will be used or all inter faces will be shown 30 Chapter 5 Command Line Interface Engage Communication IPsExpress User s Guide SHOW CONFIG IP ALL ROUTES Details the IP configuration No argument is the same as All which provides routes as well as IP configura tion items which don t pertain to a specific port i e default router routing cost etc SHOW CONFIG ROUTER Provides overall router configuration information including hardware c
36. ND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Some code is licensed under an ISC style license to the following copyright holders Internet Software Consortium Todd C Miller Reyk Floeter Chad Mynhier Permission to use copy modify and distribute this software for any purpose with or without fee is hereby granted provided that the above copyright notice and this permission notice appear in all copies THE SOFTWARE IS PROVIDED AS IS AND TODD C MILLER DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS IN NO EVENT SHALL TODD C MILLER BE LIABLE FORANY SPECIAL DIRECT INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DAT
37. NTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE 6 Remaining components of the software are provided under a standard 2 term BSD licence with the following names as copyright holders Markus Friedl Theo de Raadt Niels Provos Dug Song Aaron Campbell Damien Miller Kevin Steves Daniel Kouril Wesley Griffin Per Allansson Nils Nordman Simon Wilkinson Portable OpenSSH additionally includes code from the following copyright holders also under the 2 term BSD license Ben Lindstrom Tim Rice Andre Lucas Chris Adams Corinna Vinschen Cray Inc Denis Parker Gert Doering Jakob Schlyter Jason Downs Juha Yrj l Michael Stone Networks Associates Technology Inc Solar Designer Todd C Miller Wayne Schroeder William Jones Darren Tucker Sun Microsystems The SCO Group Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions Appendices Engage Communication IPsExpress User s Guide are m
38. PsExpress User s Guide 192 168 0 0 to 192 168 255 255 An enterprise that utilizes the reserved IP addresses above can do so without coordinating with an Internet registry Network Address Translation NAT permits conservation of public IP addresses For a simple enterprise ap plication connecting a network of users to the Internet a single public globally unigue IP address can serve a network of users who have been assigned private reserved IP addresses Routing between Networks The primary rules for creating internets are e The IP Net ID for every physical network must be unique The IP Host ID for all devices within a net subnet must be unique Routers provide interconnections between IP networks A simple LAN router with two ethernet ports could connect two different IP networks 192 168 1 0 24 192 168 2 0 24 The router would ensure that communication between workstation 192 168 1 45 and server 192 168 2 101 for example can occur Wide Area Network routers such as the IP Express route between their respective ethernet networks in the same way A connection between two IP Express units one with ethernet 192 168 1 1 and the other with eth ernet 192 68 2 1 provides connectivity between the networks Note The IP networks on the two ethernets must be different in compliance with the Net ID rule above Addressing conventions IP Address and Subnet Mask The Engage command line interface makes use of a compact
39. RT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE 5 One component of the ssh source code is under a 3 clause BSD license held by the University of California since we pulled these parts from original Berkeley code Copyright c 1983 1990 1992 1993 1995 The Regents of the University of California All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE 65 Appendices Engage Communication IPsExpress User s Guide IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE REGE
40. Successful Local Loop testing proves the router s TxD RxD TxC and RxC circuitry the cable to the external DCE and the DTE interface circuitry of the DCE Note Temporarily set WAN Configuration to Engage for DCE loop tests DCE must supply TxC and RxC dur ing Local Loop for the test to pass Port LED Green but Cannot Communicate across WAN Leased Dedicated Circuit If the Port LED on the local router is Green and the remote router indicates it also has a good connection Port LED Green if an Engage router you may assume data is flowing in both direc tions Cause A poor quality connection may provide sufficient data exchange to turn Port LEDs green but not per mit real traffic Check the errors on the serial port of each router Total Errors should not exceed 1 2 of either Receive or Transmit Packets If there are many errors actions include having line tested for quality and verify ing configuration of the DSU CSU or other DCE for items such as TxCk Source usually Network vs Internal Frame Relay A green Port LED in a Frame Relay environment only indicates the router is exchanging sta tus packets properly with the local Frame Relay switch It provides no indication of a connection across the Frame Cloud to another router Cause No router on the other end Ensure the router s which are part of your frame network are up and con nected Cause PVCs Permanent Virtual Circuits not in place Ensure that the telco really
41. THE USE OR OTHER DEALINGS IN THE SOFTWARE Except as contained in this notice the name s of the above copyright holders shall not be used in advertising or otherwise to promote the sale use or other dealings in this Software without prior written authorization kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk 69 Appendices Engage Communication IPsExpress User s Guide OpenBSD LICENCE v 1 19 2004 08 30 09 18 08 markus Exp OpenSSL Copyright notices LICENSE ISSUES The OpenSSL toolkit stays under a dual license i e both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit See below for the actual license texts Actually both licenses are BSD style Open Source licenses In case of any license issues related to OpenSSL please contact openssl core openssl org OpenSSL License Copyright c 1998 2007 The OpenSSL Project All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided
42. andwidth backup IPsExpress GT1 IPM is a high performance bandwidth scalable IP WAN router with 4 T1 ports offering a standards based inverse packet multiplexing N x T1 capability The 4 T1 ports are able to be N x T1 in verse packet multiplexed to remote locations from 3 Mbps to 6 Mbps IPsExpress GE1 IPM is a high performance bandwidth scalable IP WAN router with 4 E1 ports offering a standards based inverse multiplexing N x E1 capability The 4 E1 ports are able to connect to 4 remote locations or to be N x E1 inverse packet multiplexed to remote locations from 4 Mbps to 8 Mbps SNMP Support All Engage products support Simple Network Management Protocol SNMP version 1 SNMP support pro vides access via IP to groups of administrative configuration related and statistical information objects about the Engage device An Ethernet connection to the device and a PC with an application which provides an SNMP version 1 client are required 9 Chapter 1 Introduction Chapter 2 Installation QuickStart This QuickStart is intended for users familiar with the configuration of IP routers using a command line inter face who require only the specifics of Engage IPsExpress configuration Initial communication with the router including assignment of IP addresses is covered first Example configu rations follow The examples cover the most common applications for the IP Express DLT1 DLE1 GT1 GE1 RS530 232 V 35 and E2 series
43. at can act as an endpoint of communication if it has TCP IP ICMP Internet Control Message Protocol provides a means for intermediate gateways and hosts to communicate There are several types of ICMP messages and they are used for several purposes including IP flow control routing table correction and host availability IP Internet Protocol which routes the data IP Datagram The basic unit of the information passed across and IP Internet It contains address information and data PING Packet InterNet Groper is a program which uses ICMP echo request message to check if the specifies IP ad dress is accessible from the current host Port A Destination point used by transport level protocols to distinguish among multiple destinations within a given host computer RIP Routing Information Protocol provides a means for routers to exchange routing information RIP s messages are encapsulated in UDP datagrams SubNet Address An extension of the IP addressing scheme which enables an IP site to use a single IP address for multiple physical networks Subnetting is applicable when a network grows beyond the number of hosts allowed for the IP address class of the site TCP Transmission Control Protocol ensures reliable sequential delivery of data TCP at each end of the connec tion ensures that the data is delivered to the application accurately sequential completely and free of dupli cates The application passes a stream of bytes to TCP which b
44. ately an organized troubleshooting approach usually leads to the area of the problem in short order It is essential to distinguish between problems caused by the LAN network system the WAN equipment communication equipment the digital phone service or the Engage IP Express configuration This troubleshooting chapter is structured with symptoms in the order the user might encounter them Unable to Communicate with the Local Router Most installations first require communication with a local router usually from the same network as the router itself Proceed through the following symptoms if you are unable to communicate with the local router using the Console Port Telnet Ping etc Ethernet General Cause Network Cabling is faulty Solution Verify cabling is good by swapping router cabling with a known good connection Check the status LEDs on the 10 100BaseT hub to confirm a good connection If necessary create a stand alone LAN with just a workstation and the router Cause User has connected the Engage router model w internal T1 DSU CSU to the T1 line prior to configu ration Solution Improper T1 configuration or a large T1 error count can generate errors which so overload the pro cessor that communication to the router is slowed or stopped Unplug the router from the T1 line The router should immediately recover Configure the T1 DSU CSU properly for T1 line parameters Cause Router ethernet LED on solid or not flashing
45. ation IPsExpress User s Guide V 35 Interface Specifications V 35 Cable Specifications Cable pin 0891 3200 Mamie WAS db25 vors Connector 1 db25 Mala Connector 2 3d pin M block mala Length 3 fest Connector 1 Connector 2 Signal Cabling dbs 34 pin MY Hama nate 2 F TaD A lt baba 3 R Ra A paisto 16 T Rob por 17 Vv Paok ah i taista a X Fak E i air 15 Y Tak A lt taista E DSR 20 H OTR 4 GC RTS 5 Cc CTS 8 F RLED 18 K LT T E SG nc A FG Table 3 RS530 DTE Port Specification 57 Appendices Engage Communication IPsExpress User s Guide T1 and E1 Port Specification with Crossover Pinouts pihi a ba ping TWfrac TI DSIVCSU Pin numbering Raking ReTip Taking TaT ip mah For Ti Croasower allowing connection directly between bwo Tirati OSLCSU devis wire TsTipi Pings to Pin RxTipi Taking Pind to Pini Ring RxRingi Pint to Pind TxRing ReTip Pin to Pins Tsip Table 4 DSU CSU Port Specification E1 RJ45 to db15 Cable Signal RJ45 db15 Male TxD Tip 5 1 RxD Tip 2 3 TxD Ring 4 9 RxD Ring 1 11 Frame Ground 7 2 Table 5 DSU CSU RJ45 to DB15 Modular Adapter Pinout 58 Appendices Engage Communication IPsExpress User s Guide 10 100BaseT Port Specification w Crossover cable pin out AON pln ping 100 BaseT Plug pin numbering Pini TED Ping TED Pins Rab Ping RaO For 10BaseT Crossover jall owing connection directly between bwo 10Ba
46. ations 54 Up to four Available WAN Interaces 54 Power Supply 54 FTP Online Upgrade Capable FLASH ROMs 54 5 Table of Contents Engage Communication IPsExpress User s Guide Management 54 Physical 54 IPsExpress Switch Settings 55 Switch 1 55 Switch 2 55 Switch 3 55 Switch 4 55 Table 2 RS530 DTE Port Specification 56 Table 3 RS530 DTE Port Specification 57 Table 4 DSU CSU Port Specification 58 Table 5 DSU CSU RJ45 to DB15 Modular Adapter Pinout 58 Table 6 10 100BaseT Port Specification 59 Table 7 Console Port Pinout 59 Table 8 48 Power Connector 60 Table 9 Engage Flash Upgrade Instructions 61 Table 10 Engage CPLD Upgrade Instructions 62 Copyright Notices 63 Glossary 73 Terms and Concepts 73 General Networking Terms 73 Network 73 Internet 73 Network Services 73 Addresses 73 Routing Table 73 Hop 73 Node 73 TCP IP Networking Terms 73 FTP 74 Host 74 ICMP 74 IP 74 IP Datagram 74 PING 74 Port 74 RIP 74 SubNet Address 74 TCP 74 Telnet 74 UDP 75 Well Known Port 15 Communication Link Definitions 15 Data Communication Eguipment DCE 15 Data Terminal Eguipment DTE 15 Data Carrier Detect DCD 15 Data Terminal Ready DTR 15 6 Table of Contents Chapter 1 Introduction The IP Express User s Guide provides the information network administrators require to install and operate any of the IPsExpress WAN routers bridges offered by Engage Communication Inc The IP Express family of WAN router
47. cngag tion IPsExpress DLT1 DLE1 GT1 GE1 RS530 V 35 E User s Guide Engage Communication Inc 9565 Soquel Drive Suite 200 Aptos California 95003 TEL 831 688 1021 FAX 831 688 1421 www engageinc com support engageinc com Revision 6 Seller warrants to the Original Buyer that any unit shipped to the Original Buyer under normal and proper use be free from defects in material and workmanship for a period of 24 months from the date of shipment to the Original Buyer This warranty will not be extended to items repaired by anyone other than the Seller or its authorized agent The foregoing warranty is exclu sive and in lieu of all other warranties of merchantability fitness for purpose or any other type whether express or implied A All claims for breach of the foregoing warranty shall be deemed waived un less notice of such claim is received by Seller during the applicable warranty period and unless the items to be defective are returned to Seller within thirty 30 days after such claim Failure of Seller to receive written notice of any such claim within the applicable time period shall be deemed an absolute and unconditional waiver by buyer of such claim irrespec tive of whether the facts giving rise to such a claim shall have been discovered or whether processing further manufactur ing other use or resale of such items shall have then taken place B Buyer s exclusive remedy and Seller s total liability for any and al
48. d Line Interface follows The command set can be divided into four categories General Show Config Config Interface HELP Included in the General commands is the Help command providing information on the entire command set Configuration Modes For the Config and Config Interface commands Engage employs a modal approach The user enters the Configuration mode makes changes then Saves those changes On Saving the changes the user leaves the Configuration mode 28 Engage Communication IPsExpress User s Guide A further mode within the Configuration mode is used to set parameters for a specified interface Once in the Configuration mode the user enters the Interface command All subseguent commands apply to the speci fied Interface The Telnet prompt indicates the mode of operation as follows routername the single indicates standard Telnet mode routername double indicates Configuration mode routername TEL1 router is in Interface Config mode TEL Port 1 To move up one level from Interface Config mode to Config mode enter the Interface command with no argument To change between interfaces when in Interface Config mode specify the new interface For ex ample routername TEL1 Interface TEL2 Syntax for Command Parameters Arguments one of the parameters in set is required one of the parameters in set is allowed optional SHOW CONFIG ALL The Show Config All command out
49. d electronic mail Addresses Transmitting information in a network system is made possible by an addressing scheme that identifies the sender and destination of the transmission using network and node addresses Data is transmitted to and from these addresses in the form of packets Routing Table A routing table is maintained in each router This table lists all networks and routers in the internet and en ables routers to determine the most efficient route for each packet The routing table serves as a logical map of the internet specifying the address of the next router in the path to a given destination network and the distance in hops The router uses the routing table to determine where and whether to forward a packet Each router periodically broadcasts its routing table to other routers on each of its directly connected net works enabling them to compare and update their own tables with the most recent record of connected networks and routes In this way routing tables are kept current as changes are made on the internet Hop A hop is a unit count between networks on the internet A hop signifies one router away Node Device on the network TCP IP Networking Terms 73 Engage Communication IPsExpress User s Guide FTP File Transfer Protocol gives users the ability to transfer files between IP hosts It uses TCP to provide con nection initiation and reliable data transfer Host A computer with one or more uses th
50. ddressing conventions as well as rules for connnecting IP networks with IP Express routers to form internetworks TCP IP and Wide Area Networks TCP IP identifies a suite of protocols used in internetworks In addition to the TCP and IP protocols well known protocols in the suite include FTP a file transfer protocol ICMP a control message protocol which includes ping packets RIP a routing protocol and several others Wide Area Networking is primarily concerned with the IP protocol and the proper routing of IP packets be tween different physical locations IP the internet protocol is the lowest level protocol of the TCP IP suite It operates at layer 3 the Network Interface layer of the ISO 7 layer Reference Model IP Addressing Every device or host on an IP network must be assigned a unique IP address Hosts include workstations servers printers and routers An IP address is a 32 bit binary value When writing an IP address each byte of the address is converted into a decimal number and the numbers are separated by dots 192 168 1 5 The IP address contains both the network address Net ID and the local address Host ID To determine which portion of the IP address is the Net ID and which portion is the Host ID another 32 bit value the subnet mask is required The subnet mask is written in the same four byte fashion as the IP address 255 255 255 0 It may be represented in a shorthand fashion indicating the number of
51. der a BSD style license Copyright 1995 1996 by David Mazieres lt dm lcs mit edu gt 64 Appendices Engage Communication IPsExpress User s Guide Modification and redistribution in source and binary forms is permitted provided that due credit is given to the author and the OpenBSD project by leaving this copyright notice intact 4 The Rijndael implementation by Vincent Rijmen Antoon Bosselaers and Paulo Barreto is in the public domain and distributed with the following license version 3 0 December 2000 Optimised ANSI C code for the Rijndael cipher now AES author Vincent Rijmen lt vincent rijmen esat kuleuven ac be gt author Antoon Bosselaers lt antoon bosselaers esat kuleuven ac be gt author Paulo Barreto lt paulo barreto terra com br gt This code is hereby placed in the public domain THIS SOFTWARE IS PROVIDED BY THE AUTHORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TO
52. dministrator s own access to the router it is advisable to apply all filters to the serial WAN port rather than the ethernet LAN port Default Packet Deny Filters are applied to an interface and direction for example to TEL1 out If a single filter command is applied to an interface direction all packets not explicitly permitted will be denied If no filter is applied to an interface direction all packets are permitted Filter Rule Ordering Filter rules are applied in the order in which they were entered by the user A packet will be checked against the rules until a match either a permit or deny is en countered No further rules are checked e If possible place filters which will apply to the largest number of packets at the beginning of the list This increases efficiency Ramifications of these rules Generally the user will place Permit filters before Deny filters e One exception is a wild card Permit rule placed at the end of the rule list which will Permit all packets not explicitly denied 43 Engage Communication IP Express User s Guide Permit all or Permit 0 0 0 0 0 0 0 0 Clearing Filters Filters may be cleared through the use of the delete command outlined below Additionally power cycling the Engage router with DIP Switch 4 turned ON will delete all filters useful if users lock themselves out Command Format Filter Entry Mode Filter entry is accomplished through a Command L
53. dure 1 The xupgrade requires a local TFTP trivial file transfer protocol server Shareware TFTP servers are available online including http www klever net kin pumpkin html Obtain the xupgrade file and unzip password if required from Engage Communication Technical Support tel 1 831 688 1021 or support engageinc com Place the xsvf file in the appropriate directory on TFTP server Ensure IP connectivity between the Engage unit and the TFTP server by pinging from one to the other Firewall software on the TFTP server may need to be disabled to permit TFTP sessions initiated from the Engage Unit Upgrade by issuing the command xupgrade tftp server addr upgrade filename a Example xupgrade 192 168 1 1 IPTubeGX1 BigGlue Rev3 xsvf Note that when the xupgrade is complete the Engage unit will reboot causing a Telnet connection to drop If this does occur simply re establish the Telnet connection Engage Communication Inc Xupgrade Procedure page1of1 Table 10 Engage CPLD Upgrade Instructions 62 Appendices Engage Communication IPsExpress User s Guide Copyright Notices The Engage Communications Inc SSH incorporates components of OpenSSH and OpenSSL software Here are the necessary copyright notices OpenSSH Copyright notices This file is part of the OpenSSH software The licences which components of this software fall under are as follows First we will summarize and say that all components are under
54. egacy Equipment This feature is not available in the current IPsExpress DL and IPsExpress G product The built in Bit Error Rate Tester BERT allows the user to generate a variety of standard BERT test pat terns on the T1 or E1 transmit path Once a test pattern is configured for transmission out the interface the STATUS of the receive path signal can be gueried for the guality of the received test pattern The BERT function is assigned on a per channel basis for both the transmitter and receiver This allows con figuration of BERT tests on a single DSO or across multiple contiguous DSOs up to and including the full T1 or E1 Note BERT Test patterns are Framed BERT tests are configured on a per interface basis The user must first specify the interface on which the BERT test is to be configured INTERFACE TEL1 TEL2 There are nine BERT test arguments BERT OFF ON DIRECTION CHANNEL PATTERN RESYNC ERROR STATUS CLEAR BERT OFF Returns selected interface back to it s configured state BERT ON Turns On BERT for selected serial interface Note Any BERT test is turned Off after an IPsExpress RESET or power cycle BERT DIRECTION IN OUT Configured for OUT the BERT test pattern is transmitted out the selected Serial interface This is the typical test mode The IN configuration sends the BERT pattern into the system and is only valid for serial interface 2 TEL2 in Drop and Insert configurations on the Enga
55. enning Kamp b snprintf replacement Copyright Patrick Powell 1995 This code is based on code written by Patrick Powell papowell astart com It may be used for any purpose as long as this notice remains intact on all source code distributions c Compatibility code openbsd compat Apart from the previously mentioned licenses various pieces of code in the openbsd compat subdirectory are licensed as follows Some code is licensed under a 3 term BSD license to the following copyright holders Todd C Miller Theo de Raadt Damien Miller Eric P Allman The Regents of the University of California Constantin S Svintsoff Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions 67 Appendices Engage Communication IPsExpress User s Guide are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE REGENTS A
56. er Location 5 Broad St IP Default router 192 168 1 254 IP Cost 1 Static Routes Network Next Hop Cost Interface DLCI IP Address 192 168 1 1 24 IP Broadcast ONES address 255 255 255 255 IP RIP On Interface TEL1 Type T1 Protocol PPP DTR On T1 Data Normal T1 Clocking Network T1 LBO CSU OdB T1 Framing ESF T1 Coding B8ZS IP RIP On Command Line Listing Router 2 Note The configuration for router 2 can be identical to that above with the exception of the ethernet IP ad dress and the optional router informational items Router 2 should be configured as IP Address 192 168 2 1 24 Example 2 IPsExpress Multiple Routes to Multiple Sites Scenario This sample configuration shows a dual port IP Express which has multiple static routes pointing to multiple IP networks subnetworks Routes are shown to remote networks and subnetworks via serial ports Other net works are accessed via other routers 200 10 10 1 and 200 10 10 3 on the same ethernet LAN segment Only the relevant configuration commands are included Command Line Listing IP Default router 200 10 10 1 Static Routes Network Next Hop Cost IP Route 157 22 234 0 23 200 10 10 1 1 IP Route 201 21 21 0 24 201 11 11 1 1 IP Route 202 12 12 64 26 202 12 12 65 1 IP Route 203 13 13 128 25 202 12 12 65 1 IP Route 204 14 14 0 24 200 10 10 3 1 DLCI 12 Chapter 2 Installation uickStart Engage Communication IP Express User s Guide IP Address 200
57. ervers are available online including http www klever net kin pumpkin html Obtain the upgrade file and unzip password if required from Engage Communication Technical Support tel 1 831 688 1021 or support engageinc com Place the upg file in the appropriate directory on TFTP server Ensure IP connectivity between the Engage unit and the TFTP server by pinging from one to the other Firewall software on the TFTP server may need to be disabled to permit TFTP sessions initiated from the Engage unit Upgrade by issuing the command upgrade tftp server addr upgrade filename a Example upgrade 192 168 1 1 26_72_82_upgrade upg Notes a When the upgrade is complete the Engage unit will reboot causing a Telnet connection to drop If this does occur simply re establish the Telnet connection b Upgrades which enable optional features additional Ports Compression Protector etc cause the Engage unit to revert to Base firmware Any system software upgrades must be re installed Engage Communication Inc Upgrade Procedure page 1 of 1 Table 9 Engage Flash Upgrade Instructions 61 Appendices Engage Communication IPsExpress User s Guide unga tion Xupgrade of Engage P Tube IPsExpress BlackBond and BlackDoor Systems General This document outlines the procedure for xupgrading Engage IP Tube IP Express BlackBond and BlackDoor system hardware This is to upgrade the system CPLD not the system software Proce
58. et 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution THIS SOFTWARE IS PROVIDED BY THE AUTHOR AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE 8 Portable OpenSSH contains the following additional licenses a md5crypt c md5crypt h THE BEER WARE LICENSE Revision 42 lt phk login dknet dk gt wrote this file As long as you retain this notice you can do whatever you want with this stuff If we meet some day and you think this stuff is worth it you can buy me a beer in return Poul H
59. figurations RIP v1 is not suitable for subnetted IP networks in which case Static Routes must be used Further information is available in the description of RIP provided in Chapter 6 Command Line Interface Cause Static Route s are not entered properly Each router vendor s approach to Static Route entry is dif ferent Ensure that each static route has its six components destination network the starting or 0 address subnet mask at that dest network address of next router in path to destination number of hops to dest net work port of local Engage router to go out to reach destination network and DLCI leave blank if not a Frame Relay network Cause Frame Relay DLCI in static route is improper telco provided wrong DLCI or user entered DLCI for other end of the PVC Connect via the command line interface and issue the command show interface tel1 frame relay dici will provide a list of all active DLCls into that telco port Cause Remote router does not have a route whether through RIP or static routes back to this network Verify that the remote router is configured with routing information for the local IP network Able to Ping Remote Router but not other devices on the Remote IP net Cause Devices on the remote net do not have their IP Gateway defined Use the IP address of the Engage router if it is the only router at that site If there are other routers they may be used as the Default Gateway but they must have a ro
60. figured to 192 168 1 1 and the remaining addresses 192 168 1 2 to 192 168 1 254 are available for devices on the site 1 network If the enterprise network contains more IP networks than the two created here the IP Express routers should be configured with a default gateway to enable them to route to other networks Consider another site 1 router 192 168 1 254 provides connectivity to other enterprise networks This will serve as the default gateway for both IP Express routers The use of numbered serial interfaces IP addresses assigned to the serial ports is op tional In this example the serial interfaces are unnumbered RIP a routing protocol is enabled on the serial interfaces Router 2 learns of the 192 168 1 0 network from router 1 and router 1 learns of the 192 168 2 0 network from router 2 eliminating the need to configure those static routes Further information is available in the description of RIP provided in Chapter 5 Command Line Interface e Although the complete router configuration is listed below the majority of the parameters 11 Chapter 2 Installation QuickStart Engage Communication IPsExpress User s Guide remain at their default setting In fact this configuration will function properly with the con figuration of a just the ethernet IP address and if required the default gateway for each router Command Line Listing Router 1 Config Router Name Router 1 Router Contact Admin Rout
61. ge Communi cation Restricted rights legend Use duplication or disclosure by the U S government is subject to restrictions set forth in subparagraph c 1 ii of the Rights in Technical Data and Computer Software clause in DFARS 52 227 7013 and in similar clauses in the FAR and NASA FAR Supplement Information in this document is subject to change without notice and does not represent a commitment on the part of Engage Communication Inc FCC Radio Frequency Interference Statement This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operat ed in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense NOTE Shielded Telecommunication T1 or E1 and ethernet cables must be used with the Engage IPsExpress to ensure com pliance with FCC Part 15 Class A limits CAUTION To reduce the risk of fire use only No 26 AWG or larger listed Telecommunication cables Equipment Malfunction If trouble is experienced with an
62. ge MLDI model BERT CHANNELS NN XX Configure the DSO s across which the BERT test pattern is transmitted and monitored NN is the first chan nel to put the BERT Pattern into and XX is the number of channels to be used T1 interfaces have DSOs numbered 1 24 while available DSOs for an E1 interface are 1 31 BERT PATTERN 2E07 2E11 2E15 QRSS Select the desired pseudorandom test patterns QRSS is the most common 38 Chapter 5 Command Line Interface Engage Communication IPsExpress User s Guide 2E07 2 1 2E11 2 1 2E15 21 e QRSS A 22 1 pattern with 14 consecutive zeros Note BERT parameter changes take effect immediately upon entering them BERT configurations must be saved if they are to be retained after a RESET or power cycle BERT RESYNC Forces the receive BERT synchronizer to resynchronize to the incoming data stream This command should be issued as needed to acquire synchronization on a new pattern BERT ERROR Injects a single bit error in the pattern Useful for confirming pattern detect BERT CLEAR Clears Bits Transmitted and Bit Error counters for the selected port BERT STATUS Queries the IPsExpress for information on BERT configuration and test results The BERT STATUS will report Sync when the incoming pattern matches for 32 consecutive bit positions The BERT STATUS will lose Sync after receiving six errored bits out of 64 bits Once synchronization is achieved this bit will remain
63. hould install the router in an environment providing e Awell ventilated indoor location Access within six feet of a power outlet e Two feet additional clearance around the unit to permit easy cabling connection As an option the IP Express router can be mounted in a standard 19 inch equipment rack rack mounts are available from Engage Powering the IP Express Engage IP Express routers utilize an external 110 220 power adapter with 15 24 VDC output Other configu rations for alternative sources of power are available Contact Engage Communications for details Ensure the power adapter is not connected to power Plug the AC adapter into the rear panel POWER con nector Power On Connect the power adapter to an appropriate AC power outlet and check the POWER LED on the front panel of the Engage router The POWER LED will be GREEN when the internal diagnostics have completed suc cessfully Ethernet Interface The IP Express DLT1 DLE1 GT1 and GE1 and E2 models provide specific information with TD and RD indi cators providing status on packet transmission and receipt respectively on the Ethernet interface In addition FDX and LNK indicators provide status on Duplex and connectivity respectively on the Ethernet interface When connected to an Ethernet Network LNK will show a steady GREEN When in Full Duplex mode FDX will show a steady GREEN No light indicates Half Duplex The RD and TD will flash Green on transmissi
64. ine session with the router The default login is root after which the router responds with the prompt RouterName To enter filters you must be in Configuration mode by typing config The prompt changes to RouterName An interface must be selected using the command Interface LAN1 LAN2 TEL1 TEL2 TEL3 TEL4 The next prompt indicates selected interface RouterName TEL2 The filter command is used to define the direction of filters Filter In Out Filter In Begin command entry for input filters Input filters apply to packets received In to the router through the specified port The Command Line prompt indicates a left arrow RouterName TEL2 lt Filter Out Begin command entry for output filters Output filters apply to packets transmitted Out of the router through the specified port Command Line prompt indicates a right arrow RouterName S2 gt Filter Command Format The format for the filter command Permit Deny interface LAN1 TEL1 TEL2 TEL3 TEL4 In Out src addr dest addr type op tions Permit or deny designates what action should be performed on the packet Interface LAN1 TEL1 TEL2 TEL3 is used to define the rule for a given port If an Interface is not ex plicitly defined the default will be the current Interface defined via the Interface command If no Interface is current an error is displayed In Out is used to define the direction of the filter If not u
65. ing Engage Routers Chapter 4 Installation of the IPsExpress Router Installation Requirements Router Installation Steps Planning for Network Configuration amp Security oo0O oOnwANN N zo oie tole DBD AA A A LS 0000 o O WA AA AA a EE CO o0oWN Do UB OON gt N N NNNNNNN AUO NNNN N ND NN AAGA Ol Engage Communication IPsExpress User s Guide Installing the Hardware 26 Locating the Engage router 26 Powering the IP Express 26 Ethernet Interface 26 Configuring the Engage Router for the LAN 26 Initial Communication with the Router in a TCP IP environment 27 Connecting and Configuring WAN Interfaces 27 Serial Interface Connections 27 WAN Interface Connections 27 Verifying the WAN Connection 27 Chapter 5 28 Command Line Interface 28 Console Port 28 Establishing a Telnet session 28 Overview of the Engage CLI 28 General Commands 29 SHOW Commands 30 SSHD Information 31 CONFIGURATION Commands 31 CONFIG INTERFACE Commands 32 Table 1 10 100BaseT Port Specification 33 Ethernet Interface 33 SSHD Configuration Commands 34 T1 Port Configuration Commands 35 E1 Port Configuration Commands 36 Frame Relay Configuration Commands 36 Config Filter Commands 36 Config Inverse Multiplexor Commands 37 Config Drop and Insert Shift Commands 37 Config NAT Commands 38 BERT Pattern Generation and Detection 38 Chapter 6 40 Configuration and Operation 40 Interfaces and Features 40 Console Port 40 LAN Interfaces 40 Serial Port
66. is pressed 29 Chapter 5 Command Line Interface Engage Communication IPsExpress User s Guide UPGRADE TFTP SERVER Filename TFTP trivial file transfer protocol provides a means for upgrading Engage router firmware in a TCP IP envi ronment A TFTP upgrade may be accomplished by configuring a TFTP server with the appropriate upgrade file and connecting to that server over the network Please see Table Engage Flash Upgrade Instructions Example UPGRADE 192 168 1 1 26 72 82 upgrade upg Ensure IP connectivity between the IPsExpress and the TFTP server by pinging from one to the other Then issue the upgrade command Note An IP Tube which is running an upgrade must go through a reset This may cause a Telnet connection to drop If this does occur simply re establish the Telnet connection SHOW Commands SHOW INTERFACE LAN1 LAN2 TEL1 TEL2 TEL3 TEL4 INFO STATISTICS FRAME RELAY DLCI Provides details on any LAN or serial interface If no interface is specified either the current interface per Interface command will be used or all interfaces will be shown INFO Details the port type port state etc STATISTICS Lists the packets transmitted received etc FRAME RELAY DLCI Lists all active DLCls on the specified port and their status SHOW ROUTER Provides general configuration and status information including the ethernet hardware address and the firm ware version SHOW IP ROUTES LOCA
67. l losses and damages arising out of any cause whatsoever whether such cause be based in contract negligence strict liability other tort or otherwise shall in no event exceed the repair price of the work to which such cause arises In no event shall Seller be liable for incidental consequential or punitive damages resulting from any such cause Seller may at its sole option either repair or replace defective goods or work and shall have no further obligations to Buyer Return of the defective items to Seller shall be at Buyer s risk and expense C Seller shall not be liable for failure to perform its obligations under the con tract if such failure results directly or indirectly from or is contributed to by any act of God or of Buyer riot fire explosion accident flood sabotage epidemics delays in transportation lack of or inability to obtain raw materials components labor fuel or supplies governmental laws regulations or orders other circumstances beyond Seller s reasonable control whether similar or dissimilar to the foregoing or labor trouble strike lockout or injunction whether or not such labor event is within the reasonable control of Seller Copyright 2000 2012 Engage Communication Inc All rights reserved This document may not in part or in entirety be copied photocopied reproduced translated or reduced to any electronic medium or machine readable form without first obtaining the express written consent of Enga
68. lined below provides the means to store and apply an complete configu ration Using a cut and paste operation configurations may be edited off line and stored and or pasted back into the interface General Commands PASSWD Allows setting or modifying the login password The router ships with no password set On entering the passwd command the user is prompted to enter and confirm the new password BYE QUIT LOGOUT Any of these commands will terminate the Telnet session If you have unsaved configuration changes you will be prompted to save or discard the new configuration RESET Resets the Engage router HELP HELP ALL CONFIG SHOW Provides Help information on a selected list of topics Typing help with no argument provides the Help sum mary screen which is the top level list of commands CLEAR LAN1 LAN2 TEL1 TEL2 TEL3 TEL4 ALL Clears the port statistics on the selected port Ethernet or Serial Ports TERM NN Allows the user to tailor the number of display lines to their terminal screen size PING dest address src address number spray Sends an ICMP ECHO message to the specified address Any source address from an interface on the router can be used This can be useful to test routes across a LAN or WAN interface By default only 1 message packet is sent Anumeric value can be entered to send more than one mes sage Also SPRAY can be used to continually send messages until the ESC key
69. ll Modem adapter is reguired High Ethernet Error Count Cause Bad cabling Solution Check all cabling Swap ports on 10 100BaseT hub to troubleshoot Solution Use alternate ethernet type on the router to prove its ethernet interface Unable to Communicate with the Remote Site No Serial Port Transmit Data Check whether the Serial Port Transmit Packet count is increasing by repeatedly issuing the command SHOW INTERFACE TEL1 TEL2 TEL3 TEL4 STATISTICS Solution Router is configured to transmit data only when the Carrier Detect signal is active Ensure that the DCE does supply CD or DCD or turn off the Engage router s sensitivity to Carrier Detect Note CD is an important control signal and should be monitored for dial up connections Solution Router is not receiving a Transmit Clock TxCk signal from the DCE Verify the cabling between the router and DCE If using V 35 ensure the use of an Engage cable since there are multiple standards for implementing V 35 signaling through DB25 connectors Ensure the DCE does supply TxCk No Serial Port Receive Data 50 Check whether the Serial Port Receive Packet count is increasing by selecting the Serial Port and monitoring Packets Received or by repeatedly issuing the command SHOW INTERFACE TEL1 TEL2 TEL3 TEL4 STATISTICS Solution Router is not getting a Receive Clock RxCk signal from the DCE Verify the cabling between the router and DCE If using V 35 ensure the
70. locking Network E1 Framing CRC4 E1 Coding HDB3 E1 Channels Full IP Address 10 223 10 18 30 IP RIP Off Example 7 Network and Port Address Translation Scenario Next Hop Cost Interface DLCI s1 This sample configuration shows an Engage IP Express router translating private network addresses to a global IP address The NAT function performs IP Port Address Translation PAT on a single Global IP ad dress The NAT also provides a type of firewall by only allowing communication to those connections that are established from the internal side of the network NAT enables users to create networks with large blocks of internal addresses without being restricted to a very limited supply of global addresses NAT simplifies net work administration by permitting more flexible internal addressing schemes Internal private address range 192 168 1 0 24 External globally routable address Command Line Listing Router Name Corp Router Router Contact James Router Location Cook Rd IP Default router 10 10 10 2 NAT ON NAT GLOBAL ADDRESS 200 100 50 1 Static Routes Network Next Hop Interface E1 IP Address 192 168 1 1 24 IP Broadcast ONES address 255 255 255 255 IP RIP On Interface S1 200 100 50 1 32 Cost Interface DLCI 17 Chapter 2 Installation QuickStart Engage Communication IP Express User s Guide Type T1 Protocol PPP DTR On IP Address 10 10 10 1 30 IP RIP Off Example 6 IP Express G E
71. lter to your WAN port which denies incoming pack ets whose source address matches your own internal IP network If you have a Class C IP network 156 22 235 0 24 apply the following filter 46 Chapter 7 Network Security Engage Communication IP Express User s Guide interface TEL1 filter in deny 156 22 235 0 24 0 0 0 0 ip permit 0 0 0 0 0 0 0 0 ip Example 2 This example shows how a user can set up input filters on the ethernet port to allow only incoming FTP and Telnet packets but reject incoming FTP packets from network 128 14 0 0 interface LAN1 filter in permit tcp dst 21 permit tcp dst 23 src gt 1024 deny 128 14 0 0 16 tcp dst 21 Example 3 This example shows a complex filter permitting only e One host to FTP Out 157 22 234 114 Only FTP server 157 22 234 115 is accessible from the Internet All users on subnet 157 22 234 112 28 can Telnet Out but no outside user may Telnet In interface S1 or TEL1 for QT1 QE1 Models configure to permit 114 to ftp out filter out permit 157 22 234 114 0 0 0 0 tcp dst 21 permit 157 22 234 114 0 0 0 0 tcp src gt 1023 dst 20 ack filter in permit 0 0 0 0 157 22 234 114 tcp src 21 ack permit 0 0 0 0 157 22 234 114 tcp src 20 dst gt 1023 configure to permit Internet access to 115 filter in permit 0 0 0 0 157 22 234 115 tcp src gt 1023 dst 21 permit 0 0 0 0 157 22 234 115 tcp src gt 1023 dst 20 ack filter out permit 157 22 234 115 0 0 0 0 tcp src 2
72. n between data and voice traffic with selected TELCO channels utilized for data and the remainder of the channels utilized for voice Note the following configuration highlights Bandwidth configuration is required for interface TEL1 only The remaining bandwidth is automatically assigned to interface TEL2 If interface TEL2 is allocated partial bandwidth idle characters are transmitted out the unallocated channels disrupting the IP data routing path In contrast the PBX which connects to the DS1 interface must be configured for just the channels of the E1 interface which it will utilize e The T1 or E1 clock source must be synchronous between the TELCO interface and the DS1 interface This is accomplished by setting the T1 Clocking to Network for interfaces TEL1 and TEL2 One potential issue for T1 applications involves the use by some PBX systems of the 24th channel for D signalling This can result in the PBX mistakenly interpreting IP data on that channel as voice calls The PBX should be configured so as to not designate this 24th channel as signalling Drop and Insert Shift Option Similar to the Drop and Insert Mux Option See Above the Shift Option will allow utilization of a single T1 or E1 line for both IP data and PBX voice traffic With this added feature it will be possible to add separate blocks of PBX voice traffic from up to three differ ent sources Once the bandwidth configuration for TEL1 is set for data t
73. network A route to 0 0 0 0 is not permitted instead the default router s IP address is specified IP DELETE addr Delete a static route CONFIG INTERFACE Commands INTERFACE LAN1 LAN2 TEL1 TEL2 TEL3 TEL4 Places router in the Interface Configuration mode for a specific Interface or Port IP ADDRESS addr mask Used to configure the IP address and subnet mask for the selected Interface whether ethernet or serial IP RIP OFF ON LISTEN SEND Sets the Routing Information Protocol configuration for the selected port IPsExpress routers support RIP v1 OFF RIP not enabled ON NOTE The current RIP version doesn t communicate subnet information therefore it may be necessary to add a static route depending upon the IP scheme LISTEN Router will process incoming RIP packets but will not Transmit RIP SEND 32 Chapter 5 Command Line Interface Engage Communication IPsExpress User s Guide Router will transmit RIP information but ignore received RIP packets Note RIP v1 has limitations relating to subnetting and variable length subnet masks Because subnet mask information is not included in RIP v1 updates it will not route properly to networks which have been sub netted Therefore it is only useful when using full classful IP networks The following table defines IP ad dress classes A B and C and the subnet mask that must be applied for RIP v1 to work properly Lower Addr Upper Addr Required
74. o password set initially Set the password with the command Passwd The user will be asked to confirm that the router should adopt the new IP address If the method does not work the first time the router should be restarted and the procedure retried as tim ing constraints may not have been met See Chapter 5 Configuration and Operation for further detail on this method of IP address assignment Note Connection of an improperly configured WAN interface to a digital telephone service can adversely affect communication with the router It is suggested that the serial or WAN connection not be made until con figuration of that serial interface is complete Editing and Saving Configurations Users of the Command Line Interface have the option of editing standard Engage configuration examples and pasting them to the router Edit the desired configuration listing example using a simple text editor Connect 10 Engage Communication IP Express User s Guide to the router through Telnet or the console port then enter the configuration mode with the command config Paste the edited text comments and all to the router then issue the command save The router will reset and come up with the new configuration Existing static routes configured in the router may not necessarily be altered resulting in bad routes To obtain a router configuration for offline editing from a confgured router issue the command show configuration all
75. ogy Intended Audience This manual is intended for administrators of network systems The technical content is written for a reader who has basic computer and networking experience It is important that any administrator responsible for the installation and operation of Engage IPsExpress rout ers be familiar with network concepts and terms such as network addressing and internets This knowledge is central to an understanding of router services Many terms are covered in the Glossary section Engage Communication IPsExpress User s Guide The IP Express Router Family The IP Express router family is made up of the DL and G models for connectivity to T1 s and E1 s RS530 and V 35 routers and the IP Express E2 The following sections provide a breakdown of the different models and describe the wide range of features available DLT1 MUX WAN Router and Bridge with two intergrated T1 DSU CSU s The IPsExpress DLT1 interconnects remote LANs and addresses the connectivity in the multi megabit band width range such as high quality MPEG Video delivery The Integration of the T1 CSU provides for a complete solution with a straight forward configuration GT1 WAN Router and Bridge with four intergrated T1 DSU CSU s The IPsExpress GT1 interconnects remote LANs and addresses connectivity in the multi megabit bandwidth range such as high quality MPEG Video delivery The Integration of the T1 CSUs provide for a complete solu tion with a
76. ols A standard IP Express Router package includes One Engage IPsExpress router One or more installed WAN interfaces T1 E1 DSU CSU RS530 RS232 V 35 Console port adapter RJ45 or other cables for optionally installed WAN interfaces An appropriate power converter 110 or 220 VAC input Engage documentation disk Owner registration card Router Installation Steps The process of installing an IPsExpress router on the network involves the following steps Planning for network configuration and security Installing the router hardware Configuring the router for the local area network Connecting and configuring any external data comm eguipment Connecting and verifying the WAN connection Planning for Network Configuration amp Security To avoid conflicts with network addressing as well as unauthorized access to sensitive areas of the private network it is advisable to have complete network address information available to verify that the new network addresses are unique Determine in advance which networks subnetworks need to be filtered and determine which networks subnetworks should be blocked from access by remote network users 25 Engage Communication IPsExpress User s Guide For more information on network security please see Chapter 6 Network Security Installing the Hardware Locating the Engage router Site consideration is important for proper operation of the IPsExpress router The user s
77. on or reception of packets through the router s Ethernet interface Configuring the Engage Router for the LAN The Engage router needs to be configured with a number of parameters which determine the router s opera tion on the network including IP address and subnet mask e Default router IP address e Security options passwords and or packet filtering The configuration procedure depends on the network environment in which the Engage router is to be in stalled Note Itis strongly suggested that you configure your router with its unique network identity before making 26 Chapter 4 Installation Engage Communication IPsExpress User s Guide any Wide Area Connections Initial Communication with the Router in a TCP IP environment The recommended approach for safely configuring the IP address of an unknown router for use on an IP network relys on communication through the router s Console port The console port utilizes the same com mand line interface as Telnet and an IP address can be directly assigned When the connection is made and Return is entered a Login prompt will appear Enter the username Root to open the session No password is set initially Use the command PASSWD to set a new password Once an IP address and an address for the Default Router has been assigned you can Telnet into the router from anywhere on the Local Area Network and continue configuration of the unit or complete the configuration via the console p
78. on which would be used by SNMP net work management applications IP DEFAULT ROUTER address Enter the IP address of the default router or gateway IP COST NN 31 Chapter 5 Command Line Interface Engage Communication IPsExpress User s Guide Enter the routing cost in hops to the default gateway Typically set to 1 IP ROUTE addr mask next hop cost port dlci Static Routes are entered using the IP Route command The address convention used provides the first the zero address of the subnet The Subnet mask convention uses the integer number of 1 s in the subnet mask Examples of this addr mask convention IP Address Range Subnet Mask addr mask value 202 55 33 0 through 255 255 255 255 0 202 55 33 0 24 204 99 13 64 through 127 255 255 255 192 204 99 13 64 26 207 22 88 8 through 15 255 255 255 248 207 22 88 8 29 The next hop entry is the IP address of the next hop router gateway Routing cost is an integer value Valid port entries include LAN1 LAN2 TEL1 TEL2 TEL3 and TEL4 DLCI is left blank if the route is not a Frame Relay connection Examples of valid static route entries e ip route 202 55 33 0 24 202 55 33 50 1 LAN1 19 e ip route 204 99 13 64 26 204 99 13 65 1 LAN1 103 e ip route 207 22 88 8 29 207 22 88 9 1 LAN1 Note All Static Routes require an explicit IP Network Address User should configure a route to the IP network on which the Default Router resides if not on a directly connected
79. onfiguration ethernet MAC address uptime etc SHOW SSHD INFO Use the Show Info or Show SSHD Info to determine the state of the SSHD Server SSHD Information SSHD Off The SSHD server is configured off No connections are accepted If configured On on unit start up the SSHD server will be in this state for a very short time until the SSHD server is started SSHD No Host Key Run SSHD HostKey Enter A connection was attempted but the SSHD server does not have a valid host key Use the SSHD HostKey Enter command to configure a valid host key Do not enter a pass phrase SSHD Stopped A brief transient state when SSHD is stopped during a configuration save operation SSHD Running No active session The SSHD Server is running and ready to accept incoming connections but no session is currently active SSHD Running Session active An SSH session is currently active CONFIGURATION Commands CONFIG Enter the Configuration mode at which point the following commands may be used SAVE Save the changes and exit Configuration mode END SAVE Exit Configuration mode The optional Save instructs the router to save configuration changes RESTORE Restores the current router configuration ignoring any changes which have been made during the current Telnet Config session ROUTER NAME namestring ROUTER CONTACT contactstring ROUTER LOCATION locationstring These three text fields allow the user to assign site specific informati
80. ort Connecting and Configuring WAN Interfaces Engage IP Express models are available with a variety of WAN and Serial interfaces Some models integrate digital telecommunication interfaces into the router such as units with T1 or E1 fracT1 E1 DSU CSU s Other models provide synchronous serial interfaces for use with external Data Communication Equipment DCE Serial Interface Connections For those IPsExpress models providing alternative serial interfaces such as RS 530 RS 232 or V 35 the connection to external equipment is made using standard synchronous male to male one to one cables Synchronous means that the cable has a connection for the transmit data clocking signal s external transmit data clocking signal s and receive data clocking signal s Asynchronous cables do not utilize the clocking signals Male to male refers to the connectors at each end of the cable One to one means that each of the signals of the interface used by the Engage router is connected directly from its pin number at one end of the cable to the same pin number at the other end of the cable WAN Interface Connections The WAN connection of an IP Express with integrated DSU CSU is made utilizing a straight thru RJ45 cable The cable terminates in the SmartJack or other interface installed by the telecommunication service provider For bench testing a connection between two IPsExpress units can be made using a crossover cable See the Appendice
81. oute is included to the default router Access to default router is through serial port 1 DLCI is blank since connection is not frame relay Static Routes Network Next Hop Cost Interface DLCI IP Route 10 223 10 16 30 10 223 10 17 1 S1 Router Ethernet Interface parameters IP Address 205 1 1 1 24 IP RIP On Router Serial Interface 1 parameters Interface S1 Type T1 Protocol PPP DTR On T1 Data Normal T1 Clocking Network T1 LBO CSU 0dB T1 Framing ESF T1 Coding B8ZS START CHANNEL NUMBER OF CHANNELS T1 Channels Fractional 1 8 If using full T1 that command reads T1 Channels Full IP Address 10 223 10 18 30 IP RIP Off ISP will not be running RIP over the serial interface Example 6 IPsExpress DL E1 Scenario This sample configuration details an IP Express connection over a leased E1 connection running PPP The hardware in this example is the IP Express XL E1 with internal E1 DSU CSU configured for full E1 Command Line Listing Router Name IPExpress DLE1 Router Contact Francois Router Location HQ IP Default router 205 1 34 1 16 Chapter 2 Installation QuickStart Engage Communication IPsExpress User s Guide Static Routes Network IP Route 209 23 44 0 24 10 223 10 17 1 Router Ethernet Interface parameters Interface E1 IP Address 205 1 34 2 24 IP RIP On Router Serial Interface1 parameters Interface S1 Type E1 Protocol Engage DTR On E1 Data Normal E1 C
82. proven interoperability LAN to LAN IP Express E2 The IP Tube E2 is used to interconnect Ethernet LANs through an IP network Ethernet frames that are des tined for a device located on the remote network are encapsulated into IP packets The IP packets with the encapsulated Ethernet frames are sent to the IP address of the destination network s IP Tube E2 where the IP envelope is removed and the original Ethernet Frames are delivered to the destination network s Ethernet device Special Features The Inverse Packet Multiplexer feature Engage s Inverse Mux technology truly doubles triples or quadruples the bandwidth between two locations by splitting each packet in half thirds quarters and sending the fragments on line 1 2 3 4 for reassembly at the receiving side Fault tolerance is built in so that if one line goes down the packet traffic is sent over the work ing connections Internet Protocol T1 Inverse Packet Multiplexor Inverse Multiplexing is an optional feature of the IPsExpress DLT1 IPM The T1 Inverse Mux delivers 3 Megabits of interconnectivity over Dedicated and Frame Relay WANs Built in T1 line fault detection provides for automatic bandwidth backup Internet Protocol E1 Inverse Packet Multiplexor Inverse Multiplexing is an optional feature of the IP Express DLE1 IPM The E1 Inverse Mux delivers 4 Megabits of interconnectivity over Dedicated and Frame Relay WANs Built in E1 line fault detection provides for automatic b
83. r 10 1 1 1 Static Routes Network Next Hop Cost Interface DLCI IP Route 201 34 22 0 24 10 5 1 1 1 1 IP Address 10 1 1 2 24 IP RIP On Interface S1 Type E1 Protocol Engage DTR On E1 Data Normal E1 Clocking Network E1 Framing CRC4 E1 Coding HDB3 E1 Channels Fractional 1 15 IP RIP On Interface S2 Type E1 Protocol Engage DTR On E1 Data Normal E1 Clocking Network E1 Framing CRC4 E1 Coding HDB3 E1 Channels Full Note that TEL2 configuration is set to FULL Interface TEL2 is automatically assigned the bandwidth not utilized by TEL1 IP RIP Off Example 5 IPsExpress GT1 Leased Line to an ISP Scenario This sample configuration details an IPsExpress connection to an Internet Service Provider ISP with a leased fractional T1 fT1 connection running PPP The hardware in this example is the IP Express XL with internal T1 DSU CSU configured for fractional T1 at 512 Kbps The TCP IP configuration in this example has the following addressing ISP assigns User a full Class C for LAN 205 1 1 0 24 15 Chapter 2 Installation QuickStart Engage Communication IP Express User s Guide ISP assigns User serial port IP addr 10 223 10 18 30 ISP has as its serial port IP addr 10 223 10 17 30 Command Line Listing Router Name Anders Corp Router Contact Bob Smith Router Location 1st St Specify the default router here the ISP serial port IP addr IP Default router 10 223 10 17 One static r
84. raffic the remaining bandwidth of the circuit is available to transmit blocks of voice traffic This is accomplished by allowing a SHIFT of the block of DSOs being added to TEL1 This gives flexibility to stack the blocks of traffic to use the available channels on TEL1 Configuration highlights e Ability to fill the remaining bandwidth of TEL1 with DSO blocks from TEL2 TEL3 and TEL4 Care must be taken to ensure that there is no overlapping of DSO channels on TEL1 When overlapping occurs the data on TEL1 is unspecified for the overlapped channels A WARNING message appears if there are overlapping DSOs BERT Test NOTE The BERT Patteren Generation and Detection was available on Legacy Equipment This feature is not available in the current IPsExpress DL and IPsExpress G product IPsExpress models provide a powerful E1 and T1 troubleshooting feature This is a built in Bit Error Rate Tester BERT This test feature enables the user to verify the functionality of the IPsExpress and to pinpoint external problems with their E1 or T1 services BERT Pattern Generation Detection The built in Bit Error Rate Tester BERT allows the user to generate a variety of standard BERT test patterns on the T1 or E1 transmit path and to monitor and measure errors on those patterns in the receive path The BERT patterns can be transmitted on a single DSO or across multiple contiguous DSOs including the full T1 or E1 42 Chapter 6 Configu
85. ration and Operation Chapter 7 Network Security Engage routers provide a number of network security options For TCP IP networks Engage s IP Packet Filtering allows creation of highly selective filters to permit or deny access in any direction through any router port IP Packet Filtering Engage IP packet filtering allows the creation of rule sets which selectively block TCP IP packets on a speci fied interface Filters are applied independently to all interfaces ethernet and serial as well as independently to interface direction input packets coming in to the router or output packets transmitted out of the router Packet filtering is used to prevent unauthorized access to your internal network as well as to limit internal user access to services across the WAN Complex filters can be constructed One example would be a filter which prevents external users from establishing Telnet sessions to any internal hosts while permitting selected inter nal users to establish Telnet sessions to external hosts Improperly constructed filters can yield unexpected results Example filters are provided but it is recom mended that users completely familiarize themselves with the filtering rules in the next section before applying filters to their own routers Basic Filtering Rules WAN Router Filters Filters are often applied to WAN routers by a network administrator via the internal LAN To avoid inadvertant ly restricting the a
86. reaks it into pieces adds a header forming a segment and then passes each segment to IP for transmission Telnet The TCP IP standard protocol for remote terminal connection service A user can telnet from the local host to a host at a remote site 74 Glossary Engage Communication IPsExpress User s Guide UDP User Datagram Protocol provides simple efficient protocol which is connectionless and thus unreliable The IP address contained in the UDP header is used to direct the datagram to a specific destination host Well Known Port Any set of port numbers reserved for specific uses by transport level protocols TCP amp UDP Well known ports exist for echo servers time servers telnet and FTP servers Communication Link Definitions Data Communication Equipment DCE This interfaces to the communication service s transmission reception medium and includes T1 Voice Data Multiplexors 64 56 Kilobit DSU CSUs and Fiber Optic Modems The DCE provides the transmit and receive data pathways along with their synchronous clocking signals that are used by the Engage Router s DTE interface for full duplex communication between the remotely interconnected networks Data Terminal Equipment DTE This equipment such as an Engage Router attaches to the terminal side of Data Communication Equipment Data Carrier Detect DCD A signal that indicates to the DTE that the DCE is receiving a signal from a remote DCE Data Terminal Ready
87. s Guide IPsExpress Switch Settings IP Express models have a four position DIP switch accessible by removing the router rear panel and sliding out the motherboard The default setting for all DIP switches is Off Switch 1 Powering the router up when DIP Switch 1 is On forces the router to revert to certain default settings includ ing operation from Base Flash deleting any download upgrades Switch 2 DIP Switch 2 should always be Off Switch 3 When DIP Switch 3 is Off the router uses DIX Ethernet for IP broadcasts When On the router uses IEEE 802 3 Ethernet Switch 4 DIP Switch 4 is used to clear IP filters When the unit is powered on with DIP Switch 4 set On all configured TCP IP filters will be deleted a good method for recovering from filter configuration errors Return the switch to Off to ensure subsequent filter configurations are retained 55 Appendices Engage Communication IPsExpress User s Guide RS 530 Port Specification The IPsExpress RS 530 Interface is a DTE Data Terminal Equipment interface provided via a DB25 female connector DB25 Pin Signal Name Shield TD A RD A RTS A CTS A DSR A Gnd CD A RC B CD B ETC B TC B CTS B TD B TC A RD B RC A N C RTS B DTR A N C DSR B DTR B ETC A N C OS NO A AR OIN Sa O O Table 2 RS530 DTE Port Specification 56 Appendices Engage Communic
88. s bridges supports Internet Protocol IP and is ideally suited for con nections to the Internet as well as for Enterprise IP interconnectivity IPsExpress routers are available with a wide variety of WAN and LAN interface options offering flexibility and exceptional value for a wide range of routing environments About this Guide Organization Chapter 1 Introduction provides a description of the User s Guide as well as a feature description for the DL G RS530 V 35 and E router bridge series which make up the IP Express family Chapter 2 QuickStart provides concise installation configuration to get the experienced user up and running in a minimum of time Chapter 3 The Network Planning chapter offers a broad overview of IP addressing and routing Chapter 4 Installation covers the physical environment and connections required when installing the routers Chapter 5 Configuration and Operation discusses the initial configuration and ongoing operation utilizing the Command Line Interface CLI Chapter 6 Command Line Reference provides a command by command description of the Engage CLI Chapter 7 Network Security discusses IP filtering and other security concerns with specific filter examples Chapter 8 Troubleshooting common problems occurring during installation and normal operation Appendices Router specifications connector pinouts and crossover wiring details Glossary Routing Telecommunication and TCP IP terminol
89. s for DSU CSU cabling pinouts and crossover cables Note Connection of an unconfigured router to a T1 line can overload the router with framing errors making communication with the router over the LAN difficult Always configure the router s T1 interface prior to con nection to the live T1 line To reduce the risk of fire use only No 26 AWG or larger listed telecommunication line cord Verifying the WAN Connection The Engage router s connection to a remote router can be verified by the active port interface LED s Although the port LEDs are specific to the Engage router model used they do share common characteristics e When the IPsExpress negotiates a layer two protocol with the remote router the port LNK LED turns GREEN and remains GREEN as long as communication with the remote router continues The FDX LED when GREEN is an indication of a Full Duplex connection No light indi cates Half Duplex When the Engage router detects transmission or reception of packets the TD and RD LEDs will blink GREEN 27 Chapter 4 Installation Chapter 5 Command Line Interface Configuration of IP Express routers is accomplished using the Engage Command Line Interface CLI Com mand Line access to the router can be made through the Ethernet port across a LAN connection or via the Console port For communication through the Ethernet port Telnet is used Telnet is part of the TCP IP Protocol Suite and provides a general comm
90. seT devices wire iTo Pind to Pind RD ITD Pin to Ping RD RD Ping to Pint TOA RD Ping to Pin TD Table 6 10 100BaseT Port Specification Console Port Information RJ45 Console Fort Finout R45 pin Signal Mame 3 Ts Data 5 RxData RTS 9 CTS 4 Gnd 2 DTR RJ45 db9F Null Modem Adapter RJ45 pin db9pin yO RA Dw oO oOo w hd Table 7 Console Port Pinout 59 Appendices Engage Communication IPsExpress User s Guide 48V Interface Specifications 48y FRM RET GND 48V 48 Voltage FRM GND Frame Ground RET Return Table 8 48 Power Connector 60 Appendices Engage Communication IPsExpress User s Guide GilEngage Communication Upgrade of Engage IPsTube IPsExpress BlackBond and BlackDoor Systems General This document outlines the procedure for upgrading Engage IP Tube IP Express BlackBond and BlackDoor system software Procedure 1 To determine the current system software and if running from Base or Upgrade Flash issue the command show router If currently running from the Upgrade Flash the unit must be downgraded back to Base Flash before installing a new Upgrade Flash image a Issue the command upgrade 1 1 b The unit will reboot and revert to Base Flash c This will cause a Telnet connection to drop If this does occur simply re establish the Telnet connection The upgrade requires a local TFTP trivial file transfer protocol server Shareware TFTP s
91. sed the direction defined in the Filter command will be used If no Interface is current an error is displayed src addr dest addr src addr and dest addr define the source and destination IP address es to be filtered 44 Chapter 7 Network Security Engage Communication IP Express User s Guide These addresses can be either discrete host IP addresses or network addresses in the format a b c d x where x is the number of bits for the network mask Source and destination addresses are optional If neither is specified the rule applies to all source and des tination addresses same as the wild card IP address 0 0 0 0 If only one address is specified it is interpreted as the source address Type is the protocol to be acted upon Valid choices are TCP UDP ICMP and IP If no protocol type is speci fied the filter applies to all protocols Options allows more specific filtering on protocols If no expression is specified all ports and protocol flags are filtered Valid expressions depend on the protocol selected TCP expressions are used to filter on TCP source destination ports as well as control flags and have the format TCP SRC lt op gt lt value gt DST lt op gt lt value gt lt tcp flags gt where Op is a relational operator of the following set l gt gt lt lt Value indicates the protocol port to be filtered Common TCP ports include e ftp data 20 File Transfer Default Data e ftp
92. set until read An example of the results displayed with the BERT STATUS command Bert TEL1 Status Start End Turned On Direction Out Channels 1 12 Pattern QRSS Pattern Synch Yes Pattern Synch Lost No eo l Receive All Ones No Receive All Zeros No Bits Transmitted 3735398 Bit Errors 0 In the above example note that e A BERT test is enabled on interface Serial 1 TEL1 The BERT pattern is applied in the outbound direction of TEL1 The BERT pattern is applied only on DSOs 1 through 12 not the entire T1 QRSS is the BERT pattern in use e The Receive circuitry has Synched locked on to the incoming BERT pattern e The Receive circuitry has no Lost Sync since BERT statistics were last cleared 3 735 398 bits transmitted since BERT statistics last cleared There have been 0 Errors received since BERT statistics were last cleared 39 Chapter 5 Command Line Interface Chapter 6 Configuration and Operation Engage IP Express routers are available with a variety of WAN and LAN interface options This chapter de scribes the specific interfaces and features and outlines their configuration and operation Numerous examples include Command Line Interface CLI commands Consult the Command Line Inter face chapter for a complete listing of available configuration and query commands Interfaces and Features The IPsExpress family of WAN routers and bridges provide a wide variety of configura
93. straight forward configuration GT1 DI IP T1 WAN Router and Bridge with T1 Drop and Insert Mux IP Express MLT DI Hub is a Wide Area Network router that routes the Internet Protocol through an T1 Inter face that is Multiplexed with a built in Drop and Insert Mux Wide Area Networking Point to Point and Frame Relay Protocols with 24 7 proven interoperability are fully supported on the T1 channels allocated to the internal WAN Router MLT DI H IP T1 WAN Router with T1 Drop and Insert Mux and four port 10 100BaseT Hub IP Express MLT DI Hub is a Wide Area Network router that routes the Internet Protocol through an T1 Inter face that is Multiplexed with a built in Drop and Insert Mux Wide Area Networking Point to Point and Frame Relay Protocols with 24 7 proven interoperability are fully supported on the T1 channels allocated to the internal WAN Router An integrated Four Port 10 100BaseT Ethernet Hub provides a complete branch office T1 Mux solution DLE1 MUX WAN Router and Bridge with two intergrated E1 DSU CSU s The IPsExpress DLE1 interconnects remote LANs and addresses the large market for connectivity in the multi megabit bandwidth range such as high quality MPEG Video delivery The Integration of the E1 CSUs provide for a complete solution with a straight forward configuration GE1 WAN Router and Bridge with four integrated E1 DSU CSU s The IPsExpress GE1 interconnects remote LANs and addresses the large market for connectivi
94. t for the multicast address The receiving IPsExpress decoder side must have ARP turned on so it can correctly formulate the MAC Address for the multicast packets For Example Encoder Side Bridging Off Static Routes Network Next Hop Cost Interface DLCI IP Route 209 23 44 0 24 10 223 10 17 1 s1 Decoder Side Bridging Off Interface LAN1 Arp On Arp Address 224 0 1 2 01 00 5E 00 01 02 NOTE The MAC Address prefix is always 01 00 5E for multicast The lower 23 bits of the multicast IP Ad dress are mapped onto the lower 24 bits of the MAC Address 24 Chapter 3 IP Network Planning Chapter 4 Installation of the IP Express Router This chapter provides details on the physical connections required to form WAN networks using Engage IPsExpress routers Also covered is the initial communication with the router References are made to the configuration and operation of the routers as well as to the Command Line Interface CLI These topics are covered in detail in their respective chapters Installation Requirements The use of Engage IP Express routers bridges to enable functionality on a wide area network requires one router at each side of a synchronous connection Any Engage router can be connected to any other Engage router Engage routers with support for the Point to Point Protocol PPP and Frame Relay interoperability standards can also connect to any other manufacturer s routers that support these WAN protoc
95. the arguments are used as a wildcard and filters will be deleted if they match the arguments as entered For example Delete IP All would delete the filters permit In IP and deny Out IP fragments Show Filter all interface lt interface gt in out This will show the packet filters for the router The format of the display will match the syntax of the configura tion command For example Interface TEL1 Direction In Source Destination Protocol Protocol Action Address Address Type Options Permit 0 0 0 0 0 0 0 0 ICMP Type 1 Deny 0 0 0 0 0 0 0 0 ICMP Type 8 Permit 0 0 0 0 0 0 0 0 TCP Src gt 1024Dst Deny 128 14 0 0 16 0 0 0 0 TCP Dst 21 If an interface and filter direction is defined then filters will only be shown for that interface and direction Otherwise filters for all directions and interfaces will be shown All or an explicit interface direction can also be entered to show filters from an interface direction other than what s current Examples Included are examples of common filters which might be created for Wide Area routers Note Filter examples are provided for sample purposes only The design of IP packet filters is a complex process and requires a solid familiarity with the TCP IP protocol It is strongly suggested that the user fully test the security of any filters applied to Engage routers prior to placing them into secured locations Example 1 IP Spoofing is best prevented by applying an input fi
96. the source of Transmit Clock TxCk When set to Network the DSU CSU derives its transmit timing from the received data RxD When set to Internal the DSU CSU transmits data at a rate set by an internal clock This mode is often used when testing E1 connections on the bench E1 FRAMING CRC4 FAS Selects whether CRC4 Framing is enabled E1 CODING HDB3 AMI Selects whether HDB3 or Alternate Mark Inversion AMI line coding is used E1 CHANNELS FULL FRACTIONAL NN XX Select Full or Fractional E1 and configure for Fractional where NN is the first E1 channel 1 31 XX is the number of channels to be used Frame Relay Configuration Commands FRAME RELAY T391 NN FRAME RELAY N391 NN FRAME RELAY MANAGEMENT ANNEX D LMI Frame Relay configuration commands The T391 timer specifies the time between Status Enquiries sent to the Frame Relay switch i e a status enquiry is sent every T391 seconds The default value is 10 seconds The N391 counter sets the frequency of Full Status Enquiries i e every N391 Status Enquiries a Full Status Enquiry is sent Default N391 is 6 Management interface should be set to that used by the Frame Relay service provider Config Filter Commands Filter commands are detailed in Chapter 8 Network Security FILTER IN OUT PERMIT DENY INTERFACE LAN1 LAN2 TEL1 TEL2 TEL3 TEL4 36 Chapter 5 Command Line Interface Engage Communication IPsExpress User s Guide DELETE AL
97. tions to suit specific user requirements Models range from the IP Express DL with dual Ethernet interfaces and a two WAN interfaces to the IPsExpress MLDI Hub with Drop and Insert Multiplexing 4 Ethernet hub ports and two serial interfaces Engage routers are fully interoperable with other vendors routers through the use of the Point to Point PPP and Frame Relay WAN protocols Contact Engage Communication Sales for specific model numbers and configuration options Console Port IPsExpress routers provide a Console port for configuring the router The Console port may be used to com municate with the router locally through a terminal IP Express router models utilize an RJ45 jack for the Console port The Console port is configured as a DTE data terminal equipment port This allows for direct connection to a DCE data communication equipment device An RJ45 to DB9 adapter is provided with each router Pinouts for the Console port as well as Engage supplied adapters are provided in the Appendices Terminal communication to the console port should be set as 9600 baud 1 stop bit no parity 8 bit fixed flow control none When a connection is made to the router the Login prompt will appear Enter the default username root to open the CLI session LAN Interfaces IPsExpress routers provide 10 100BaseT Ethernet LAN connections Basic IPsExpress models include 10 100BaseT ports while IPsExpress Hub versions have an integrated fo
98. tonegotiation on the Ethernet interface DUPLEX HALF FULL Sets the duplex mode for the Ethernet interface This command only takes effect when Autonegotiation is configured to Off Note If the device connected to LAN1 or LAN2 uses Autonegotiation and LAN1 or LAN2 is configured to 33 Chapter 5 Command Line Interface Engage Communication IPsExpress User s Guide use full duplex without Autonegotiation the other device may operate in half duplex mode by default and successful operation cannot be guaranteed SPEED 10 100 Sets the line rate in Mbps for the Ethernet interface This command only takes effect when Autonegotiation is configured to Off IP ADDRESS address mask The interface IP address and subnet mask are required for configuration with telnet or connectivity tests with ping The subnet mask can be entered in long or short form Examples IP ADDRESS 192 168 1 1 255 255 255 0 IP ADDRESS 192 168 1 1 24 IP BROADCAST ONES ZEROS DIRECTED Assigns IP broadcast address for the Ethernet port ONES assigns a broadcast address of 255 255 255 255 which is the default on most networks ZEROS assigns a broadcast address of 0 0 0 0 DIRECTED assigns a broadcast address which is a multicast of the network address for the Ethernet port For example if the network address is 10 x x x a directed broadcast address would be 10 255 255 255 Example IP BROADCAST ONES The interface IP address and subnet mask
99. ty in the multi megabit bandwidth range such as high quality MPEG Video delivery The Integration of the E1 CSUs provide for a complete solution with a straight forward configuration GE1 DI IP E1 WAN Router and Bridge with E1 Drop and Insert Mux IP Express MLE DI H is a Wide Area Network router that routes the Internet Protocol through an E1 Interface that is Multiplexed with a built in Drop and Insert Mux Wide Area Networking Point to Point and Frame Relay Protocols with 24 7 proven interoperability are fully supported on the E1 channels allocated to the internal WAN Router 8 Chapter 1 Introduction Engage Communication IPsExpress User s Guide MLE DI H IP E1 WAN Router with E1 Drop and Insert Mux and four port 10 100BaseT Hub IP Express MLE DI H is a Wide Area Network router that routes the Internet Protocol through an E1 Interface that is Multiplexed with a built in Drop and Insert Mux Wide Area Networking Point to Point and Frame Relay Protocols with 24 7 proven interoperability are fully supported on the E1 channels allocated to the internal WAN Router An integrated Four Port 10Baset Ethernet Hub provides a complete branch office E1 Mux solu tion Routers RS530 RS232 V 35 IP Express RS530 RS232 and V 35 are Wide Area Network routers that route the Internet Protocol through a synchronous serial WAN port The RS530 RS232 V 35 WAN ports support Point to Point and Frame Relay Wide Area Networking Protocols with 24 7
100. umentation online or textual provided with the package Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgement This product includes cryptographic software written by Eric Young eay cryptsoft com The word cryptographic can be left out if the rouines from the library being used are not cryptographic related 4 If you include any Windows specific code or a derivative thereof from the apps directory application code you must include an acknowledgement This product includes software written by Tim Hudson tin cryptsoft com 71 Appendices Engage Communication IPsExpress User s Guide THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUT
101. unications facility defining a standard method of interfacing terminal devices to each other Any standard Telnet application can be used to communicate to an Engage router provided there is IP connectivity between the User Host and the router For communication through the Console port standard serial communication software is used The console port can be used to communicate with the router locally through a terminal Communication with the console port should be set as 9600 baud 1 stop bit no parity 8 bit fixed flow control none The RJ45 console port is configured as a DTE data terminal equipment port as are all the router WAN ports This allows direct connection to a DCE data communication equipment device For connection to other DTE such as a terminal a Null Modem adapter is required An appropriate cable and adapter are pro vided with the IP Express for use with standard 9 pin COM ports Console Port On first establishing the connection the user should login as root No password is configured initially Establishing a Telnet session A Telnet session is opened by providing the IP address of the router On opening a Telnet session with an Engage router the login prompt requires entry of a User ID The default User ID is root Engage routers are shipped with no password set Passwords are set or modified with the passwd command detailed below Overview of the Engage CLI A full description of the Engage Comman
102. ur port Ethernet hub All the IP Express models include dual 10 100BaseT Ethernet LAN connections The 10 100BaseT inter faces introduce new configuration parameters for interface LAN1 Autonegotiate On Interface determines speed and duplex mode Autonegotiate Off Speed and duplex are set manually Speed 10 or 100 10Mbps or 100Mbps Duplex half or full The 10 100BaseT interface connects via an Ethernet patch cable to an external Ethernet switch or hub Con figuration of the port involves setting the IP address and subnet mask as well as broadcast address and other 40 Engage Communication IPsExpress User s Guide parameters The integrated four port hub model eliminates the need for an external Ethernet switch or hub in a basic in stallation Up to four workstations or other network devices can be connected to the hub The Ethernet physical MAC address can be obtained by issuing the command Show Router Serial Port Interfaces Engage IP Express routers may be configured with up to four ports for Wide Area Network WAN connec tions T1 fractional T1 DSU CSU Option The internal T1 fracT1 DSU CSU permits direct connection to a T1 fracT1 interface provided by the telecom munications service provider This connection uses an RJ45 jack T1 fracT1 circuits use pins 1 amp 2 for RxData and 4 amp 5 for TxData See Appendices for T1 pinout The T1 fracT1 interface can be set to run at rates from 56Kbps up to full T1
103. ute through the remote Engage router back to this network SSHD Not Working 52 If an SSH client cannot make a connection to the IP Express check the following items Do not enter a pass phrase to create the host key Be sure to use the host key without the pub extension Make sure the SSHD is configured ON Check that the SSHD Port number is the same as the Client attempting the connection Look at the Show SSHD Info status Check if SSHD is On or there is already a session active only one allowed or the host key is not valid Use the Client logging facilities to gather information about the failed connection attempt For the OpenSSH client use the vvv option For the SecureCRT client select the Raw Log Options from the File menu Chapter 8 Troubleshooting Appendices IP Express Router Specifications Ethernet Port 10 100 Mbps fixed transmission speed LAN Protocol e TCP IP WAN Protocols Engage Proprietary Point to Point Protocol PPP e Frame Relay Available WAN Interfaces RS 530 RS 232 V 35 DB 25 female Internal T1 fracT1 DSU CSU Internal E1 fracE1 DSU CSU Power Supply Non Hub Models External 24 Volts AC 1Amp with standard AC plug International power supplies available e Hub Models External 15 26 Volts DC 1Amp terminal block connection International power supplies available Physical Standard 19 inch rack mount kit available Hub model dimensions 9 45 x 7 2
104. with the distribution 3 All advertising materials mentioning features or use of this software must display the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org 4 The names OpenSSL Toolkit and OpenSSL Project must not be used to endorse or promote products derived from this software without prior written permission For written permission please contact openssi core openssl org 5 Products derived from this software may not be called OpenSSL nor may OpenSSL appear in their names without prior written permission of the OpenSSL Project 6 Redistributions of any form whatsoever must retain the following acknowledgment This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit http www openssl org THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL 70 Appendices Engage Communication IPsExpress User s Guide SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE
105. y Enter command Changing a host key can have repercussions amongst clients The next time they connect to the server they may prompt the user if they want to continue even though the Server key has changed or refuse the connec tion entirely Troubleshooting SSHD If an SSH client cannot make a connection to the IP Express check the following items Make sure the SSHD is configured on Check the SSHD Port number is the same as the Client attempting the connection Look at the Show SSHD Info status Check if SSHD is On or there is already a session active only one allowed or the host key is not valid Use the Client logging facilities to gather information about the failed connection attempt For the OpenSSH client use the vvv option For the SecureCRT client select the Raw Log Options from the File menu T1 Port Configuration Commands T1 DATA NORMAL INVERTED Can be set for Normal or Inverted and must match the setting of the DSU CSU on the other end T1 CLOCKING NETWORK INTERNAL Determines the source of Transmit Clock TxCk When set to Network the DSU CSU derives its transmit timing from the received data RxD and is therefore synchronized with the telco the phone network This is generally used when connecting through commercial carriers When set to Internal the DSU CSU transmits data at a rate set by an internal clock This mode is used when testing on the bench T1 LBO CSU 0dB 7 5dB 15 dB 22
Download Pdf Manuals
Related Search