Models 2603, 2621, and 2635 IPLink Series High
Contents
1. pad 6 9900000900000 y a 0000000000000 Ethernet V 35 Interface Figure 10 Rear view of the 2635 showing location of Ethernet and V 35 connectors Hardware installation 33 Models 2603 2621 and 2635 Getting Started Guide 3 Initial Configuration Note The IPLink comes with a V 35 cable configured as a tail circuit Use this cable to interconnect the IPLink s V 35 port to a device configured as a DCE Modem V 35 Use cable provided with 2635 IPLink DCE Figure 11 Connecting the 2635 to a DCE device The serial port on the IPLink Model 2635 is configured as a DCE it connects directly to a DTE using a stan dard straight through V 35 cable However in many applications the IPLink s V 35 interface will connect to a DCE modem or multiplexer in this situation use the special cable provided with your Model 2635 This DB 25 M35 cable presents the 2635 s V 35 interface as a DTE for direct connection to a DCE see figure 11 Installing the AC power cord The IPLink router comes with an internal or external power supply This section describes installing the power cord into the IPLink router Do the following and shall be rated for the proper application with respect to volt age current anticipated temperature flammability and CAUTION mechanical serviceability The interconnecting cables shall be acceptable for external use Note Do not connect the ot2. 120 tilo no e Ay H ee 121 NEY VMS TA STNG a poh ea scare TT 121 Power and Power Supply Specihcationg nio imas sees eee 121 L T A o E E NEST NE DNE ME 121 O SUD DIS aeiecesrareontotcnasaasiancnsetwaneuteasonenticee OA gs acione inha ds 121 C Cable Recommend ations a E 122 BPE Cable ir a eee SR RN A RR RR RR RR ee EE 123 L TT 123 D IPLink Physical Connectors mada ci is 124 RJ 45 shielded 10 100 Ethernet POr dieras 125 RJ 45 non shielded RS 232 console port ELA 56 1 sss 125 e o 126 V 35 M 34 and DB 25 Connector sss sss sss essen 126 EA R o o TTT 127 PAM OR S Comet arado 128 E Command Line Interface CLI Operation sicsasssvccvesszesssisacosssaassitacenivssewssvisenwaneasssenitversedesivebvscaseuncesssaeueness 129 ER rehire 1 o y ener ener etn Cree een ere ee rt een eer ne T ee E ee EM 130 STT R E ass ec E E A o A acest RR ePi UU M ner dE 130 Local ARAS eta AGI 0 TTT 130 E TTT 130 O OE to 00 DL 000 2 RR 130 JOmiistermip User 16 6 6 V1 6 meen eee ner ee ae odio 132 Adding new A 132 r A E A E E E E 132 Chano TIS FS IN saena a aE Ee RRE aea Ai 133 Boo llo o A NR RARE ee tne aa RR ieei tes 133 Son lia A TTE D Ds 133 List of Figures CO N GN M HA QDD e WS Be BR da da da BR oq GC CO CH Q GO Q GO OH GO MD NH NH NH NH NH NH LA LA LA Kad RR RRR RR ANO JOANA BR ODN KF OO ON WWM KR DW NH FH ONO ON WD WN BR WN KF ODO ON DAW KR WN YF O IPLink Senes Router Model 2
3. Mask 255 255 2550 Dhcp false MTU 1500 Name ppp O Enabled true Layerz Session Create Reset Figure 42 IP address of PPP routed WAN service The next step in configuring the router is to add the default gateway route The WAN IP address of the routed PPP WAN service at the CO site is 192 168 101 2 so this will be the gateway IP address on the IPLink 1 Click on IP routes under Services Configuration in the Configuration Menu 2 Click on the Create a new Ip route hyperlink Configuring the router 70 Models 2603 2621 and 2635 Getting Started Guide 7 Security Enter 192 168 101 2 in the box adjacent to Gateway Leave Destination and Netmask both as 0 0 0 0 because this is the gateway default route Click on the Update button Ee S aee OM Seeing the green check mark under Valid indicates the IP addresses of the WAN service and the gateway are properly configured See figure 43 Edit Routes Existing Routes Valid Destination Gateway Metmask Delete Y 0 0 0 0 192 168 101 2 0 0 0 0 R Update Reset Figure 43 Valid gateway route Configuring the security interfaces The interfaces and routes have been configured on the IPLink Router The Ethernet side of the IPLink router will be configured to be an internal interface and the WAN side is selected to be the external interface since it is on public side of the modem connection 1 Go to the Security Interface Configu
4. 111 Contacting Patton Tor assistance naci E 112 Tusrod d o eee nee RR RR A a ei RO DR N E ee 113 COE ACE T aa veta Lo a NERD RR RR RR RR RR RR err tre errr DIR AGER REDI errr ret 113 Matton support head quarter in the USA ono dae 113 Alternate Patton support for Europe Middle East and Africa EMEA sne 113 Warranty Service and Returned Merchandise Authorizations RMAs eese 113 Neira A A y ere 115 CERTEN acc a s lol omen Pere ener PER RR TRON rrr rere 114 Reus FOE lS IE rra 114 PP REEE EEEE EA NEE gia Apud ENENGENA 114 ANI E o o A ee ee 114 ap Dino nn 114 Compliance infonnationm A A N ri esenee a E TNE EN ENEE E a S 115 oE Ao PS E RR EL 116 I E D E 116 K e E T ar 116 PSEN Regulatory 2603 Model only T 116 Radio and I V Interietence FCC Part 15 sidad ai 116 CED taion o E eT a E E E E NEE ENE E een E E 116 FCC Part 68 ACTA Statement Model 2609 onl sees 116 Ind stty Canada Notice 2603 Model only lua A na E ANSKE NERENN 117 jo tete T 118 CBO T T 119 Ij OLA e eLo OEP POC o A 119 Models 2603 2621 and 2635 Getting Started Guide Contents Buc eH e co OE OPA e AAA 119 o o 119 Prora obs ap O o o q E codsas suas aR Seas End 120 PET UU OTE a RNP RE RIR RREO RR o RO E 120 T T dp NARRA RIO NE a
5. In Broadcast mode the synchronization is with an SNTP server on the local network Since routers do not for ward broadcast IP addresses the SNTP server and IPLink must be on the same subnet With Anycast mode the IPLink s SNTP client sends a request to a designated broadcast address One or more SNTP servers may reply with a unicast message to the IPLink The IPLink communicates with the server first responding After this point the IPLink operates in unicast mode When Anycast is enabled Unicast is auto matically enabled and the IP address of 255 255 255 255 is in the SNTP server s IP address field Anycast takes precedence over Broadcast mode The field Configured IP Address of SNTP Server is the IP address of the dedicated unicast server that the SNTP client will use for synchronization SNTP client SNTP Client Mode Configuration Parameters SNTP Synchronization mode s Unicast Mode Enabled Disabled Anycast Mode Enabled Disabled Broadcast Mode Enabled Disabled Set Mode Configured IP Address of SNTP Server 0 0 0 0 Update Figure 81 SNTP synchronization and server IP address configuration Introduction 105 Models 2603 2621 and 2635 Getting Started Guide 11 SNTP Client Configuration SNTP Client General Configuration Parameters The general configuration parameters for the SNTP client are for selecting your timezone and setting the poll ing parameters for the client s transmit packets
6. Max Activity Interval 3000 Enable Session Chaining Block Enable UDP Session Chaining Block Binary Address Replacement Block Address Translation Type none 3 Click on Create Security Triggers 76 Models 2603 2621 and 2635 Getting Started Guide Security Add Trigger Allow Max Enable Transport Port Port Type Number Number Multiple Activity Session Start End Hosts Interval Chaining fes E E E sono E Block Block Create You should now be able to use FTP commands to pass data between Remote and Local Security Triggers Binary Address Replacement Figure 52 Adding trigger for FTP data transfer Address Translation 7 Security Type 77 Models 2603 2621 and 2635 Getting Started Guide 7 Security Intrusion Detection System IDS The security feature in the IPLink Router provides protection from a number of attacks Some attacks cause a host to be blacklisted i e no traffic from that host is accepted under any circumstances for a period of time Other attacks are simply logged The subsequent table is a summary of the attacks detected Attacking Host Blacklisted Attack Name Protocol Ascend Kill UDP yes Echo Chargen no Echo Scan yes WinNuke TCP yes Xmas Tree Scan yes IMAP SYN FIN Scan yes Smurf ICMP If victim protection set SYN FIN RST Flood TCP If scanning threshold exceeded Net Bus Scan TCP yes Back Orifice Scan UDP ves
7. 2 The feature Routed column 4 usually is used with DHCP Relay row 2 column 1 Introduction 83 Models 2603 2621 and 2635 Getting Started Guide 8 DHCP and DNS Configuration Table 4 Features and services matrix The feature in this column with Column 1 feature Configured Cannot be Must be CO a el Usually used Can be used Rarely used DHCP DHCP Relay Routed Bridged Server NAT DHCP DHCP Server Routed NAT Bridged Relay DNS Relay Routed Bridged DHCP Server or DHCP Relay NAT Bridged Routed DHCP Server DHCP Relay DNS Relay DHCP Cli Routed ent WAN side OMNI WAN side Routed means a routed WAN service and Bridged means a bridged WAN service DHCP Server and DHCP Relay cannot be used simultaneously NAT can be used only if a Routed WAN service is configured Some comments on figure 4 lifa DHCP Server were used with a Bridged WAN service the DHCP server would respond to IP address requests from both interfaces that is the Ethernet and the WAN serial interfaces When NAT is used together with DHCP Relay the WAN service must be routed When DHCP Relay is used with a Bridged WAN service the DHCP server must be on the same subnet as the clients and the IPLink DHCP Server Go to the DHCP Server webpage from the Configuration Menu gt Services Configuration gt DHCP Server The DHCP server default is disabled Click on the Enable button to begin the configuratio
8. A reserved mapping is used so that NAT knows where to route packets on inbound sessions The reserved map ping will map a specific global address and port to an inside address and port Reserved mappings can also be used so that different inside hosts can share a global address by mapping different ports to different hosts For example Host A is an FTP server and Host B is a web server By mapping the FTP port to Host and the HTTP port to Host B both insides hosts can share the same global address Setting the protocol number to 255 OxFF means that the mapping will apply to all protocols Setting the port number to 65535 OxFFFF for TCP or UDP protocols means that the mapping will apply to all port numbers for that protocol Some applications embed address and or port information in the payload of the packet The most notorious of these is FTP For most applications it is sufficient to create a trigger with address replacement enabled However there are three applications for which a specific Application Level Gateway is provided FTP Net BIOS and DNS Enabling NAT The configuration of NAT in this example follows on the preceding configuration completed earlier in this chapter l Goto the Security Interface Configuration page by clicking on Security under Configuration in the menu 2 Click on Enable NAT to internal interfaces in the Security Interfaces table NAT is now enabled between the internal LAN and the external W
9. Add new DHCP server Lise this section to add a new DHCP server to the DHCP relay s list Mew DHCP server IP address Em Po Create Figure 62 DHCP Relay webpage In the third section of the DHCP Relay webpage enter the IP address ofa DHCP server and click on the Cre ate button See figure 63 The IP addresses will appear in the section section Edit DHCP server list In the second section you may update or delete the DHCP server IP addresses See figure 63 To update or change a DHCP server IP address enter the desired IP address over the IP address which is no longer valid Click on the Update button With this action you do not need to delete the IP address and sub sequently add a new IP address It is one action To delete a DHCP server IP address check the Delete box for the appropriate IP address and click on the Update button Introduction 90 Models 2603 2621 and 2635 Getting Started Guide 8 DHCP and DNS Configuration Edit DHCP server list Lise this section to edit existing DHCP server addresses present in the DHCP relay s list DHCP server IP address Delete ho fo ess fo Update Reset Add new DHCP server Lise this section to add a new DHCP server to the DHCP relay s list Mew DHCP server IP address Create Figure 63 DHCP Relay server list DNS Relay The DNS Relay webpage contains a configurable list of DNS server IP addresses The IPLink s DNS Rel
10. Deleting a security Policy To delete a security policy go to the table of Current Security Policies and click on the Delete button for the selected security policy Security Add Policy Between interfaces of types external internal alidatars will allow traffic Selecting allow will block traffic from all hosts except those hosts which have validators Apply Figure 49 Deleting a Security Policy Enabling the Firewall At this point both security and the firewall can be enabled and the network is secure All the interfaces which have been defined are protected that is all traffic has been blocked between the internal ip1 and external Cppp 0 interfaces Only traffic which has validators is allowed to pass through and at this moment there are no validators 1 Return to the Security page 2 Under Security State select Enabled for Security Click on Change State 3 Next select Enabled for Firewall Click on Change State The network is now secure All the interfaces which have been defined are protected and all traffic is blocked between different the different interface types That is all traffic is blocked between the external and internal interfaces The next section describes how to configure the Firewall for allowing certain types of data transfer to occur between the PC s on different networks Firewall Portfilters Next we configure the Firewall to permit certain types of da
11. Enable NAT on this interface In this example leave this option blank Click the Create button Go to System Configuration gt WAN gt Edit for Frame Relay Routed service gt Edit TP Interface Enter the WAN IP Address in this example 192 168 164 2 and click on the Create button E A From the IP Interface web page click on Edit Frame Relay then click on Edit Frame Relay Channel See figure 39 WAN Service Configuration 64 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services Edit Frame Relay Edit Frame Relay Channel Edit Frame Relay Channel Options Name Value Dilci 41 Encaps Type RoutedlP Rx Max Pau 8192 Tx Max Pdu 8192 Chnl Segment Size lo Port ltr Port Class framerelay Create Reset Figure 39 Frame Relay Channel Routed configuration Edit Frame Relay Channel Enter the appropriate information in the following fields e Dlci Consult with your service provider for the DLCI number required in this example use 45 e Encapsulation Method Defines the REC1490 encapsulation type that will be used by the channel Chose the encapsulation method best suited for your network In this example enter Routedlp e RX Max PDU Enter the number of receive side max PDU in this example it is the default 8192 TX Max PDU Enter the number of transmit side max PDU in this example it is the default 8192 Channel segment size The channel segment size is used to d
12. Protect the unit from moisture vapors and corrosive liquids Factory default parameters IPLink Series High Speed Routers have the following factory default parameters Ethernet IP address 192 168 200 10 24 WAN Connection PPP Bridged Ethernet and serial connections e MDI LAN connector Model 2621 X 21 DB 15 port DTE e Model 2635 V 35 DB 25 port DCE DTE when using special V 35 cable Models 2603 2621 and 2635 Getting Started Guide About this guide e Model 2603 T T1 configuration RJ 48C 100 ohm interface e Model 2603 K E1 configuration RJ 48C 120 ohm and dual BNC interface 75 ohm Typographical conventions used in this document This section describes the typographical conventions and terms used in this guide General conventions The procedures described in this manual use the following text conventions Convention Garamond blue type Futura bold type Futura bold italic type Italicized Futura type Futura type Garamond bold type Table 1 General conventions Meaning Indicates a cross reference hyperlink that points to a figure graphic table or sec tion heading Clicking on the hyperlink jumps you to the reference When you have finished reviewing the reference click on the Go to Previous View button in the Adobe Acrobat Reader toolbar to return to your starting point Commands and keywords are in boldface font Parts of commands which are related to elements al
13. In this example it is called PPP Routed e Description PPP Routed e Interface 1 e WAN IP address and Mask 192 168 164 3 255 255 255 255 e LLC Header Mode off e HDLC Header Mode ON e No authentication WAN Service Configuration 57 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services Username blank Password blank Click on the Create button 4 Go to Services Configuration gt WAN gt Edit for PPP routed gt Edit TP Interface gt Ipaddr enter the WAN IP Address and Mask in this example 192 168 164 3 and 255 255 255 255 Click on Create Go to Configuration Menu gt Configuration gt IP Routes gt Click on Create new Ip V Route 7 Create the gateway to the remote IPLink by entering the WAN IP address of the remote IPLink in this example enter 192 168 164 2 in the Gateway field 8 Click OK The other fields should be e Destination 0 0 0 0 e Gateway 192 168 164 2 e Mask 0 0 0 0 e Cost 1 e Interface blank You can see the status of the PPP link by going to the Edit PPP web page and paging down until you see the Summary description To get to the Edit PPP web page follow this path Services Configuration gt WAN gt Edit gt Edit PPP LMI Management Frame Relay links LMI Configuration Frame Relay Local Management Interface The Frame Relay Local Management Interface LMI is a mech anism that two separate frame relay systems can use to
14. Models 2603 2621 and 2635 Getting Started Guide B Specifications General Characteristics Compact low cost router bridge 10 100 Ethernet Unlimited host support Comprehensive hardware diagnostics works with any operating system easy maintenance and effortless installation e Built in web configuration Setup allows for standard IP address and unique method for entering an IP address and mask WITHOUT use of a console connection Default IP address of 192 168 200 10 24 e Simple software upgrade using FTP into FLASH memory Front panel LEDs indicate Power WAN Ethernet LAN speed and status e Field Factory Default Option e Standard 1 year warranty Ethernet e Auto sensing Full Duplex 10Base T 100Base TX Ethernet e Standard RJ 45 and built in MDI X cross over switch e EEE 8021 d transparent learning bridge up to 1 024 addresses e 8 IP address subnets on Ethernet interface Sync Serial Interface e ITU T X 21 or V 35 interface e Available with female DB 25 and DB 15 connectors User configurable DTE DCE for X 21 T1 E1 Interface Line Rate 1 544 Mbps T1 and 2 048 Mbps E1 e RJ 48C connector also includes dual BNC for El connections e DSX 1 levels for connection to local T1 E1 device PBX e Nx56 64 kbps with full DSO mapping e AMI B8ZS 11 AMI HDB3 El e ESF coding and framing T1 General Characteristics 119 Models 2603 2621 and 2635 Getting Started Guide B Specifications
15. Protocol Support Complete internetworking with IP RFC 741 TCP RFC 793 UDP RFC 768 ICMP RFC 950 ARP RFC 826 IP Router with RIP RFC 1058 RIPv2 RFC 2453 Up to 64 static routes with user selectable priority over RIP OSPF routes Built in ping and traceroute facilities Integrated DHCP Server RFC 2131 Selectable general IP leases and user specific MAC IP parings Selectable lease period DHCP relay agent RFC 2132 RFC 1542 with 8 individual address pools DNS Relay with primary and secondary Name Server selection NAT REC 3022 with Network Address Port Translation NAPT for cost effective sharing of a single DSL connection Integrated Application Level Gateway with support for over 80 applications NAT MultiNat with 1 1 mapping NAT Many 1 NAT Many Many mapping NAT Port IP redirection and mapping IGMPv2 Proxy support RFC 2236 Frame Relay with Annex A D LMI RFC 1490 and FRE 12 Fragmentation PPP Support Point to Point Protocol over HDLC PPPoE REC 2516 Client for autonomous network connection Eliminates the requirement of installing client software on a local PC and allows sharing of the connection across a LAN User configurable PPP PAP RFC 1661 or CHAP REC 1994 authentication PPP BCP RFC 1638 support for bridged networking support Management Web Based configuration via embedded web server CLI menu for configuration management and diagnostics Local Remote CLI VI 100 or Te
16. for Frame Relay Routed service gt Edit TP Interface 7 Enter the WAN IP Address in this example 192 168 164 3 and click on the Create button 8 From the IP Interface web page click on Edit Frame Relay then click on Edit Frame Relay Channel Edit Frame Relay Channel Enter the appropriate information in the following fields e Dlci Consult with your service provider for the DLCI number required in this example use 45 e Encapsulation Method Defines the REC1490 encapsulation type that will be used by the channel Chose the encapsulation method best suited for your network In this example enter Routedlp RX Max PDU Enter the number of receive side max PDU in this example it is the default 8192 TX Max PDU Enter the number of transmit side max PDU in this example it is the default 8192 Channel segment size The channel segment size is used to define fragmentation of the packets based on the Frame Relay Forum IA FRE 12 If this variable is set to 0 then FRE 12 Frame Relay Fragmentation will be disabled if set to any other value it will set the fragmentation size used e Port Defines the port that should be used to setup the Frame Relay Connection For routed applications the port should be set to frf For bridged applications the port should be set to fr 9 Click on the Create button 10 Click on System Configuration gt IP Routes gt Create new Ip V Route 11 Create the gateway t
17. interface ip1 for 192 168 100 2 24 via the command line CLI Once this is done you can complete the configuration using the web pages 1 Bring up the web page management system on your browser by entering the IP address of IPLink 2 On the Menu go to Services Configuration then to WAN Delete the factory default WAN services already defined 3 Click on Create a new service in the main window select PPP bridged and click on the Configure button WAN Service Configuration 52 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services WAN connection create service Please select the type of service you wish to create Ethernet PPPoE over Ethemet Bridge routed Frame Relay Frame Relay routed Frame Relay bridged leio C PPP routed C PPP bridged Figure 28 WAN services options 4 In the Description field enter the description you wish This is a mandatory field Without a description you cannot create the WAN service WAN connection PPP bridged Description gt Interface f LLC header mode dialout lt LLC header mode or HDLC header mode Jon Mo authentication C PAP C CHAP or PAP User name Password _ Create Verify the settings to be e Interface 1 LLC header mode dialout e LLC header mode off HDLC header mode on No authentication Leave User name and Password blank Click on Create Central Site Configuration If
18. re TH Give DNSto Relay me 9 Give DNSto Client re TH Lcp Echo Every io Auto Connect liaise 9 Idle Timeout oo Ecp Tagged Frame Not Enforced Summary enabled up phase Establish Connect State connecting Uptime U Idletime U NCPRemote Addr fersion 1 04 If In Octets U If Out Octets 16536 Figure 33 PPP link status Central Site Configuration If the router at the ISP or Central site is another IPLink series follow the instruc tions below If not consult your third party router user manual for configuration See the web pages for the desktop above Some configurable parameters are different although the process is the same Configure the IP address of the Ethernet port interface ip1 to be 192 168 172 3 24 The PC connected to the Ethernet LAN directly must be on the same subnet in order to access the configuration web pages In this example the PC s IP address is 192 168 172 229 24 Notice that this subnet differs from the subnets of the WAN service link and also the Ethernet port of the remote IPLink which we just configured 1 Bring up the web page management system on your browser by entering the IP address of the IPlink 192 168 172 3 2 On the Menu go to Service Configuration then to WAN Delete the default WAN services already defined 3 Click on Create a new service in the main window select PPP routed and click on the Continue button In the Description field enter the description
19. while the El interface can use the RJ 48C 120 ohm or dual BNC 75 ohm connectors The 2603 T1 E1 serial port configuration page appears in figure 23 WAN Serial Port Configuration 46 Models 2603 2621 and 2635 Getting Started Guide 5 Serial Port Configuration Patton Home Page o Home o System Status amp System Configuration Services Configuration o Ethernet Y TLEI tatus o ation m A Ex E E o7 S Em A We lad f s Lama um e T1 E1 Configuration Configuration Options Time Slot Select 1 24 Payload Rate 153624 Line Options Fractional T1 ESF Code Sel Baa Line Build Cut 00m FDL Mode 00 iere s Clocking Mode Receve Clock s el Codes 00 Enabled s Power Down Normal y Configure and Activate Figure 23 Model 2603 T1 E1 WAN port configuration parameters Configuring the IPLink Series 2603 for T1 Operation Web Configuration Launch Netscape Internet Explorer or similar web browser type the IP address of the 2603 enter username superuser and password superuser From the main page click on the 71 E1 gt Configuration See figure 24 T1 E1 Configuration Configuration Options Time slot Select 1 24 Payload Rate 1535K 24 Line Options Fractional T1 ESF Code Sel Baa Line Build Cut 00m FDL Mode 000 Clocking Mode Receve Clock s le Codes Power Down Enabled Normal Configure and Activate Fig
20. 54 Mi as A H A a AE ATH doe E E 55 a R AN PON TTT 56 CI li MO M rn tT 56 DO DR oic Mm e p LR cn E IT a7 P EE CE MP DC ENERO TEE t eh oe ee et aa En q T 60 FID Feeley baie a Nee a hon coma Beate ae Mond ua en butter tet toe ee 61 are Riy STI B TT e M A Se 62 Pam o Ga a RO muc 63 Dee ie D Ore colo atico od aee Diet A E cedo ei em 64 Pame Relay Channel Romea contas asusta ls li ido eodd tee e es 65 I potion Pame Rear apple oles 66 PIP romed VAN service Tar esu Firewall SSSIHDIP lena da 70 al o E ee ots du I dA oo ara Sp ted bee Za 70 Tato ao D P DO T T I mmc e ae m F CELT O E 72 Donne T tana espessa E aa e E E ee E 72 L aT TET E il ap een ao T ad THE rE Ghee T H ai 23 Seur Policy Con ESO S DARENT Seo orba A Bd comu date dob Sa atop be sek 73 48 49 50 51 32 53 54 23 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 New Policy link to configuration webpage csspsss assis posse BE sda RN RRR RR PGS ASAS xd 72 Lo ecc dus MNT rias DIS TE GUS CR TR 74 Denne MOM porter for pie sesion E Oder RE RU PIS sees PRESSE es SGA 75 Saona EUR pate lie PR a E sexs 76 LST tok PUP daa an on ons ce ak E nee iran ers bt qe NAT Global Address Pool T sesion career rr ricos ai sta 81 NAT Reserved mapping CODDEBFADOB 69 22 0 N NA R ZTE R drenar eres 81 KIS LLE T R alada Sew Des bios d daa bid do de ld pus 85 DER sover conguna on Web Pape es es ud eu nascent essebeeea
21. Current Timezone select the appropriate time zone and click on the Set New Timezone button The next three parameters configure the polling and synchronization process e Timeout value The SNTP client will wait for the configured number of seconds of having no response from the server before retrying to send another time synchronization request The maximum timeout value is 30 seconds Default value is 5 seconds e Packet retries When no response after the timeout period is received from the SNTP server the IPLink will send another request for the number times configured in this parameter The maximum number of retries is 10 Default value is 2 e Polling value in minutes The SNTP client will automatically send a time synchronization request period ically If set to zero 0 the polling mechanism is disabled The maximum value is 30 minutes SNTP Client General Configuration Parameters Current Timezone UTC GMT time US Eastern Standard 5h M Set New Timezone Enter new SNTP transmit packet timeout value fin seconds Bo Enter new SNTP transmit packet retries value Po Enter new SMTP automatic resynchronization polling value in minutes po Set New values Figure 82 Timezone and Polling packet configuration System Clock Setting If you are not using a Stratum clock with the SNTP feature you can still configure the internal system clock for a calendar date and time This parameter is on the same web page as th
22. DTE device attached to the serial port is active binary 1 Ethernet ON indicates an active 10 100 Base T connec tion Green ON connected to a 100BaseT LAN Off connected to a 10BaseT LAN Green Flashing when transmitting data from the router to the Ethernet Green Flashing when transmitting data from the Ether net to the router e X O O lt Console port Located on the front panel the unshielded RJ 45 RS 232 console DCE port EIA 561 with the pin out listed in the following table Signal Signal Direction Name Pin No 2 Out CD oR 4 PS Signal Ground O E 7 cm i Rear panel connectors and switches On the rear panel from left to right are the following IPLink Series High Speed Routers overview 21 Models 2603 2621 and 2635 Getting Started Guide 1 General Information e Power input connector Ethernet connector e MDI X switch e WAN port V 35 X 21 T1 E1 Power connector AC universal power supply The IPLink Series router offers internal or external AC power supply options The internal power supply connects to an AC source via an IEC 320 connector 100 240 VAC 200 mA 50 60 Hz e The external power supply connects to an external source providing 5 VDC via a barrel type connector 48 VDC power supply The DC power supply connects to a DC source via a terminal block Rated voltage and current 36 60 VDC 400 mA cally isolated from the AC source The 36
23. Nok 200 rony cs 116 ias Canada ounce C0 Monel oni D 117 115 Models 2603 2621 and 2635 Getting Started Guide A Compliance information Compliance EMC e FCC Part 15 Class A e EN55022 Class A e EN55024 Safety e UL 60950 1 CSA C22 2 NO 60950 1 e EC EN60950 1 e AS NZS 60950 1 PSTN Regulatory 2603 Model only ACTA Dart 68 e C503 e AS ACIF S016 Radio and TV Interference FCC Part 15 This equipment generates and uses radio frequency energy and if not installed and used properly that is in strict accordance with the manufacturer s instructions may cause interference to radio and television recep tion This equipment has been tested and found to comply with the limits for a Class A computing device in accordance with the specifications in Subpart B of Part 15 of FCC rules which are designed to provide reason able protection from such interference in a commercial installation However there is no guarantee that inter ference will not occur in a particular installation If the equipment causes interference to radio or television reception which can be determined by disconnecting the cables try to correct the interference by one or more of the following measures moving the computing equipment away from the receiver re orienting the receiving antenna and or plugging the receiving equipment into a different AC outlet such that the computing equip ment and receiver are on different branches CE Declaration of
24. below otherwise refer to your third party router documentation for configu ration First configure the IP address of the IPLink s Ethernet port interface ip1 via the command line CLI for 192 168 172 3 24 The PC must be on the same subnet for configuring the PLink via the web pages 1 Bring up the web page management system on your browser by entering the IP address of the IPLink 2 On the Menu go to Services Configuration then to WAN Delete the factory default WAN services already defined 3 Click on Create a new service in the main window select Frame Relay routed and click on Continue Enter the description for the circuit in the Description field This is a mandatory field Without a descrip tion you cannot create a WAN service Description FR routed DLCI Enter DLCI number Consult with your service provider for the DLCI number required Encapsulation Method Defines the RFC1490 encapsulation type that will be used by the channel Choose the encapsulation method best suited for your network needs from the following options Routed IP default value Raw WAN IP address Enter the IP address assigned to the WAN port V 35 X 21 or T1 E1 WAN Service Configuration 66 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services Enable NAT on this interface In this example leave this option blank 5 Click the Create button 6 Goto System Configuration gt WAN gt Edit
25. binary O condition EE indicates a binary 1 or idle condition m s ON indicates the CTS signal from the router is active binary 1 off indicates CTS is binary O Green ON indicates the DTR signal from the DTE device attached to the serial port is active binary 1 Ethernet spy ON indicates an active 10 100 BaseT connec a lt Mum Green ON connected to a 1OOBaseT LAN Off connected to a 10BaseT LAN Tx Green Flashing when transmitting data from the router to the Ethernet Rx Green Flashing when transmitting data from the Ether net to the router Status LEDs 111 Chapter 13 Contacting Patton for assistance Chapter contents A A SEE n OREL nes 113 A q arse A I tt T 113 o A A her RR tera erry ery 113 Alternate Patron upper kor Europe Middle Estand Arica EMEA ocio aea 113 Warranty Service and Returned Merchandise Authorizanons RIMAS asis 113 A te dee RO RR e ME e T 113 RT pon DID CU excuset E E t 114 A A RR 114 OE a A ER 114 as 114 A AUN 114 112 Models 2603 2621 and 2635 Getting Started Guide 13 Contacting Patton for assistance Introduction This chapter contains the following information e Contact information describes how to contact PATTON technical support for assistance e Warranty Service and Returned Merchandise Authorizations RMAs contains information about the RAS warranty and obtaining a return merchandise authorization RMA Contact information Patton Elec
26. comment useful to the administrator Authentication create user Details for new user Username Password May Configure false May Dial in Comment false y _ Create Reset C C Cancel and return to Authentication Setup Page q Figure 69 Creating new user Alarm Access the configuration and status of the alarms Alarm Management This page shows the table of alarms reported by the device Modify Alarms Alarm Error Log Reporting Log Severity Level Major Log Alarm State Enabled Alarm Table 1 PP Over Threshold Major 2 NP Over Threshold Major 3 T1 E1 Loss of Signal Major 4 TI E1 Red Alarm Minor 5 T1 E1 Yellow Alarm Minor D Alarm Name Alarm Severity Time Count Generate Clear Active Reset Alarm Condition Alarm 00 00 00s 0 Generate Clear Reset 00 00 00s 0 Generate Clear Reset 00 00 00s 0 Generate Clear Reset 00 00 00s O Generate Clear Reset 00 00 00s U Generate Clear Reset ALL Alarms ALL Alarms Figure 70 Alarm Management web page All IPLinks have the PP over Threshold and NP over Threshold alarms The Model 2603 has additional alarms for the T1 E1 WAN port An alarm can be tested by clicking on the Generate button Similarly by clicking on the Clear button the alarm is cleared that is turned off however the Time and Count parameters Alarm 98 Models 2603 2621 and 2635 Getting S
27. communicate the status of the interface The LMI inter face allows dynamic updates on the status of the DLCI connections and the congestion state of the network The IPLink implements all three versions of LMI available within the frame relay network These are defined in table 3 Table 3 LMI Implementation on the IPLink Protocol Specification Options Available LMI Frame Relay Forum Implementation Agreement User Side IA FRF 1 superseded by FRF 1 1 Annex D ANSI T1 617 User Side Annex A ITU Q 933 referenced in FRF 1 1 User Side Note LMI uses DLCI 0 but ANSI CCITT has also reserved 1 15 Best practice per the recommendation is to use only DLCIs 16 991 for FR data PVCs and DLCIs 0 15 for LMI PVCs WAN Service Configuration 58 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services LMI Configuration Options The Frame Relay Local Management Interface is configurable through either the CLI or web interface on the IPLink Series The following variables are available for configuration e management Type Default Value no_maintanence the management Type variable defines the LMI proto col that will be used from the table above The following options are available no_maintenence No maintenance interface will be used for this frame relay connection ITU Network The ITU Q 933 protocol will be used The unit will operate as the Network side of the connection ITU User The ITU Q 933 protocol will be used The
28. default Note The Ethernet LAN port can be configured as a DHCP client to receive its IP address from a DHCP server on the Ethernet LAN If so configured you should not enable the IPLinks DHCP server on the Ethernet interface DHCP Relay functions transparently between a a DHCP client and a DHCP server The DHCP relay appears as a DHCP server to the DHCP clients point of view The relay operates by forwarding all broadcast client request to known DHCP servers The DHCP relay listens on all available interfaces All relay server communi cation is unicast It is important that valid routes are set up to the server and also to the client Services and features normally associated with each other The following table figure 4 is to give guidance on what services of PLink features to configure when you have decided to use DHCP Server DHCP Relay or DNS Relay If you are configuring a feature listed in the first column Configured Feature you can determine which other features either cannot be must be usually can be or are rarely used The Rarely used column is listed to be technically correct but it is ill advised to use The three most important columns other than the first are e Cannot be used e Must be used e Usually used Use the table like this The feature in this column with the Configured Feature in Column 1 For example 1 The feature DHCP Relay column 2 cannot be used with DHCP Server tow 1 column 1
29. device set unit to Vormal for regular operation WAN Services 51 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services Once all options have been selected click on the Configure and Activate button at the bottom of the screen Additionally save the configuration by going to the System Configuration gt Save menu This concludes the El interface configuration via the web browser go to section WAN Service Configuration on page 52 for instructions on router bridge and WAN service configuration WAN Service Configuration The IPLink Series Routers offer various WAN services for the proper transport encapsulation Ethernet Frame Relay and PPP options The Ethernet option is PPPoE bridged only Frame Relay and PPP can be used in either bridged or routed applications PPP Configuration PPP Bridged PPP Bridged Remote Site Configuration The IPlink series routers can be configured as bridges in this situ ation the IPlink typically is at the customer premise or branch office and connects to a router or bridge at a ser vice provider location this can be another IPLink router This application shows configuration for two IPLink units in bridged mode If using a third party router at the Central side review the router s configuration for connection to a remote bridge See figure 27 Remote Central Figure 27 PPP Bridged Application IPlink series Remote First configure the IP address on the Ethernet port
30. gt Edit Then click on Edit Frame Relay Channel See figure 36 The configurable parameters are e DLCI Consult with your service provider for the DLCI number required LMI uses DLCI 0 but ANSI CCITT has also reserved 1 15 Best practice per the recommendation is to use only DLCIs 16 991 for FR data PVCs and DLCIs 0 15 for LMI PVCs WAN Service Configuration 61 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services e Encapsulation type Bridged Ether Defines the RFC 1490 encapsulation type to be used by the channel In some instances you may need to choose another type Consult your service provider RX Max PDU 8192 Receive side max PDU default 8192 normally not changed from default TX Max PDU 8192 Transmit side max PDU default 8192 normally not changed from default Channel segment size The channel segment size is used to define fragmentation of the packets based on the Frame Relay Forum IA FRE12 If this variable is set to 0 then FRE12 Frame Relay Fragmentation will be disabled if set to any other value it will set the fragmentation size used e Port Defines the port that should be used to setup the Frame Relay Connection For routed applications the port should be set to frf for bridged applications the port should be set to fr Click on the Create button Edit Frame Relay Edit Frame Relay Channel Edit Frame Relay Channel Options Name Value Dici 21
31. included with router e PC computer with Hyper Terminal or equivalent VI 100 emulation program or an ASCII terminal also called a dumb terminal capable of emulating a V I 100 Interface cable installation An IPLink Series router comes with a T1 E1 WAN V 35 or X 21 interface Refer to the appropriate section to install an interface cable on your IPLink router and shall be rated for the proper application with respect to volt age current anticipated temperature flammability and CAUTION mechanical serviceability The interconnecting cables shall be acceptable for external use e Model 2603 router see Installing an interface cable on the IPLink 2603 s T1 E1 interface port on page 29 e Model 2621 router see Installing an interface cable on the IPLink 2621 s X 21 interface port on page 31 e Model 2635 router see Installing an interface cable on the IPLink 2635 s V 35 interface port on page 33 Hardware installation 28 Models 2603 2621 and 2635 Getting Started Guide 3 Initial Configuration Installing an interface cable on the IPLink 2603 s T1 E1 interface port The IPLink Models 2603 K and 2603 T come with a selectable T1 E1 WAN interface see figure 4 Located on the back of the IPLink the T1 and El interfaces are presented on an RJ 48C connector with selectable line impedances of 100 ohms for T1 and 120 ohms for El lines see figure 5 The 2603 K also comes with dual BNC for alternate connection to u
32. of DTE DCE board 3 The DTE DCE daughter board is installed at the factory with the DTE label and arrows pointing towards the X 21 connector DTE configuration To change to DCE configuration lift the daughter board from the connector turn it around so that the DCE label an arrows point to the X 21 connector and place it back on the connector The X 21 port is now configured as a DCE Note When the X 21 port is configured as a DTE the clocking mode for the port must be set for external clock Hardware installation 32 Models 2603 2621 and 2635 Getting Started Guide 3 Initial Configuration 4 Re assemble the case The interface cable has been installed go to section Installing the AC power cord on page 34 Installing an interface cable on the IPLink 2635 s V 35 interface port The IPLink Model 2635 comes with a V 35 interface presented on a DB 25 female connector see figure 10 and shall be rated for the proper application with respect to volt age current anticipated temperature flammability and CAUTION mechanical serviceability The interconnecting cables shall be acceptable for external use The Model 2635 V 35 DB 25 interface is configured internally as a DCE However when using the Patton cable with the 2635 the V 35 interface at the M 34 end of the cable is a DTE see figure 11 In other words the Patton DB 25 to M 34 cable is a sync null modem cable Ethernet connector V 35 Interface connector DB 25
33. sending all requests to the IPLink s IP address The IPLink forwards the request to the DNS servers using the IP address of the actual servers You still need to define the IP addresses of the primary and secondary DNS servers in the section because the IPLink needs to know in order to forward the DNS requests Introduction 88 Models 2603 2621 and 2635 Getting Started Guide 8 DHCP and DNS Configuration Default gateway option information The IPLink is the gateway all client traffic when Use local host as default gateway is checked see figure 61 Additional option information You may wish to provide additional information to the clients on the DHCP subnet Click on the hyperlink Create new DHCP option to access the configuration webpage The options can specify e A default gateway Domain name RC server e HTTP server e SMTP server e POP3 server e NNTP server e WINS server e Time servers Refer to figure 61 as an example of multiple options to be sent to the clients Default gateway option information Use local host as default gateway 1 Additional option information Add and remove items from this list to configure additional option Information you would like the DHCP server to give to cients on this subnet Hame Value Delete default qateway 10 11 12 13 D domain name idealnetdomain R nntp server 10 15 1 1 D netbios name servers 10 10 1 11 10 10 1 12 R Create new DACP option g Update Reset Figure 6
34. the central site also has an IPLink you may configure as described in this sec tion Refer to the web page images for the Remote IPLink configuration above In this example the IP address of interface zp is changed to 192 168 100 3 24 WAN Service Configuration 53 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services 1 Bring up the web page management system on your browser by entering the IP address of the IPLink 2 On the Menu go to Services Configuration then to WAN Delete the factory default WAN services already defined 3 Click on Create a new service in the main window select PPP bridged and click on the Continue button 4 In the Description field enter the description you wish for example PPP Bridged Verify the settings to be e Interface 1 e LLC header mode dialout e LLC header mode off e HDLC header mode on No authentication Leave User name and Password blank Click on Create PPP Routed This application shows configuration for two IPLink units in PPP routed mode An IPLink may be used as the router at the Central site but it is not necessary You can use a third party router as long as it supports PPP routed operation If using a third party router at the Central site review the routers configuration See figure 29 Remote site configuration First configure the IP address on the Ethernet port interface ip1 for 192 168 200 2 24 via the command line CLD The PC will
35. unit will operate as the User side of the connection ITU Both NND The ITU Q 933 protocol will be used The unit will operate as both the Network and User side of the connection ANSI Network The ANSI T1 617 protocol will be used The unit will operate as the Network side of the connection ANSI User The ANSI T1 617 protocol will be used The unit will operate as the User side of the connection ANSI Both NNI The ANSI T1 617 protocol will be used The unit will operate as both the Network and User side of the connection Management State Defines the current state of the DTE side LMI Possible options are as follows Mgt Port DOWN Currently the LMI on the DTE side is DOWN Mgt Port UP Currently the LMI on the DTE side is UP Management Auto Start Default Value FALSE The management Auto Start variable allows the user to start the LMI session before any DLCI connections are created within the unit If this variable is set to FALSE the LMI session will begin when the first DLCI channel is created If this variable is set to TRUE the LMI session will begin immediately e Full Report Cycle Default Value 6 This variable represents the N391 protocol value User Max Errors Default Value 3 Network side N392 protocol value e Net Max Errors Default Value 3 Network side N392 protocol value User Error Window Size Default Value 4 User side N393 protocol value Net Error Window Size Defau
36. 0 22 45 write Update NEW 0 0 0 0 write Create Trap Table Index Password Management IP Del NEW EE Create Save SNMP Configuration save Figure 79 SNMP Daemon configuration The Trap Table identifies the IP address of the SNMP trap along with its password System Tools The System Tools webpage provides two utilities for testing network connectivity The two utilities are ping and traceroute Enter the IP address of the device to ping or traceroute and click on the appropriate button The example in shows a successful ping of a PC System Tools This page gives the user access to system tools Ping and Traceroute Controls This allows the box to initiate a Ping or Traceroute request Note that input must be an IP address in the form XXX XXX XXX XXX 1010 22 45 Ping Trace Route PING 10 10 22 45 32 data bytes 40 bytes from 10 10 22 45 seg 0 ttl2128 rtt 10ms Figure 80 Ping and Traceroute utilities System Tools 103 Chapter 11 SNTP Client Configuration Chapter contents SSK S a AT A noe nee er 105 A T a M ET 105 TOR R A RR O a A tas RR ton IoS ese 105 OMR E TL E RR TETE T sda rs a SD AE Gedanum aes 106 es nan R je a ini rt 106 104 Models 2603 2621 and 2635 Getting Started Guide 11 SNTP Client Configuration Introduction The Simple Network Time Protocol SNTP Client webpage contains the configurable parameters for either setting up the SNTP client or in the abscen
37. 1 DHCP server optional information example DHCP Relay With this webpage you can enter a list of IP addresses for DHCP servers When a client requests an IP address it uses one of the DHCP addresses listed in the DHCP relay webpage The IPLink forwards or relays the request to the DHCP server Note Do not use the IPLinks DHCP server if the DHCP Relay is enabled Configuration of the DHCP Relay The DHCP Relay webpage has three sections See figure 62 e Enable disable The button in the first section enables or disables the DHCP relay on the IPLink router Introduction 89 Models 2603 2621 and 2635 Getting Started Guide 8 DHCP and DNS Configuration e Edit DHCP server list The IP addresses of DHCP servers can be updated reset or deleted from the list e Add new DHCP server the IP addresses of the DHCP servers are added to the DHCP relay list in this sec tion In the first section of the DHCP Relay webpage click on the Enable button on the DHCP Relay webpage DHCP Relay This page allows you to enter a list of DHCP server IP addresses that the relay will forward DHCP packets to You may also enable and disable the DHCP relay from here The DHCP relay is currently disabled Enable Edit DHCP server list Lise this section to edit existing DHCP server addresses present in the DHCP relay s list There are currently no DHCP servers in the list Use the section at the bottom of the page to add a new DHCP server
38. 1 To enable IDS click on Enabled for Intrusion Detection Enabled on the Security Interface Configura tion page Then click on Change State 2 Click on Configure Intrusion Detection 3 You may choose which of the parameters to configure and for which value Use Blacklist Default 10 minutes when enabled If IDS has detected an intrusion an external host access to the network is denied for ten minutes Use Victim Protection Default Disabled Victim Protection When enabled Victim Protection protects the victim from an attempted spoofing attack Web spoofing allows an attacker to create a shadow copy of the world wide web WWW All access to the shadow Web goes through the attackers machine so the attacker can monitor all of the victims activities and send false data to or from the victim s machine When enabled packets destined for the victim host of a spook ing style attack are blocked Victim Protection Block Duration Default 600 seconds DOS Attack Block Duration Default 1800 seconds 30 minutes A Denial of Service DOS attack is an attempt by an attacker to prevent legitimate users from using a service Ifa DOS attack is detected all suspicious hosts are blocked by the firewall for a set time limit Scan Attack Block Duration Default 86400 seconds Sets the duration for blocking all suspicious hosts The firewall detects when the system is being scanned by a suspicious host at
39. 5 shielded 10 100 Ethernet port Assuming the MDI X switch is in the out position D e IPLink Physical Connectors Table 7 Ethernet Port MDI X switch in out position Pin No Signal Name Direction CO NI Os Gn AI GOI Kal 7J TX TX RX from IPLink from IPLink to IPLink to IPLink RJ 45 non shielded RS 232 console port EIA 561 The RS 232 serial control port of the IPLink is configured to operate as a DCE Pin No Signal Name RJ 45 shielded 10 100 Ethernet port CO N Gl Gn By Gy N Table 8 RS 232 Control Port DSR U DTR Signal Ground U CTS RTS Direction from IPLink from IPLink to IPLink from IPLink to IPLink from IPLink to IPLink 125 Models 2603 2621 and 2635 Getting Started Guide D e IPLink Physical Connectors Serial port V 35 M 34 and DB 25 Connector The Model 2635 has a DB 25 connector for the V 35 interface table 9 provides the pinouts for the M 34 and DB 25 Connectors Table 9 V 35 pinout for M 34 amp DB 25 connectors M 34 DB 25 Pin No Pin No A IT lal daela E x wmojo x Z EN C Serial port Signal Name 1 Frame Chassis Ground 8 c 9 Rb of XICb E ID l6 RDb RC a 18 ocal Loopback Doo OTR 2m 3 Direction n a from DTE to DIE from DTE to DIE to DIE n a to DIE to DIE from DTE to DTE from DTE to DIE to DTE to DIE to D
40. 60 VDC source is to be reliably connected to earth Connect the equipment to a 36 60 VDC source that is electri CAUTION Ethernet port outlined in green Shielded RJ 45 10Base T 100Base TX Ethernet port using pins 1 2 3 amp 6 See MDI X switch for hub or trans ceiver configuration The following table defines conditions that occur when the MDI X switch is in the out position Signal Signal Direction Name Output TX Output TX Input RX Pin No Input RX CO NJ O Gn AIOI Kal MDI X The MDI X push switch operates as follows e When in the default out position the Ethernet circuitry takes on a straight through MDI configuration and functions as a transceiver It will connect directly to a hub e When in the in position the Ethernet circuitry is configured in cross over MDI X mode so that a straight through cable can connect The IPLink Series router s Ethernet port directly to a PC s NIC card IPLink Series High Speed Routers overview 22 eral Information IPLink Series High Speed Routers overview 23 Chapter 2 Product Overview Chapter contents o a TE Mum e E ECON 25 Pede eu d calc do T T 26 24 Models 2603 2621 and 2635 Getting Started Guide 2 Product Overview Introduction The IPLink Series Router operates as a bridge or a router and has two ports for communication e The Ethernet port Connects to the LAN side of the connection The Serial port Connects to local DT
41. A The DC power supply connects to a DC source via a terminal block Connect the equipment to a 36 60 VDC source that is electri A cally isolated from the AC source The 36 60 VDC source is to be reliably connected to earth CAUTION Security 121 Appendix C Cable Recommendations Chapter contents o E CORRO 123 O 123 122 Models 2603 2621 and 2635 Getting Started Guide C Cable Recommendations Ethernet Cable Ethernet cable P N 10 2500 refer to RJ 45 shielded 10 100 Ethernet port on page 125 and shall be rated for the proper application with respect to volt age current anticipated temperature flammability and CAUTION mechanical serviceability The interconnecting cables shall be acceptable for external use Adapter EIA 561 to DB 9 P N 16F 561 refer to RJ 45 non shielded RS 232 console port EIA 561 on page 125 The interconnecting cables shall be acceptable for external use MA and shall be rated for the proper application with respect to volt age current anticipated temperature flammability and CAUTION mechanical serviceability Ethernet Cable 123 Appendix D IPLink Physical Connectors Chapter contents P ale T UIS O q OR ET Pr 125 R aS ns B3 2 console LO RITOS 125 S E PE T m A E A E re er 126 Ma TET Ao NT TU cum M 126 T E eC Utm NEA 127 ET ITO GM ice 0 one Ro e E nana SARRO A E AR Leti RAN E A RARO Lace pcr nd 128 124 Models 2603 2621 and 2635 Getting Started Guide RJ 4
42. A ri P T meri O RM na P 48 44 Models 2603 2621 and 2635 Getting Started Guide 5 Serial Port Configuration WAN Serial Port Configuration The IPLink Series routers use a sync serial interface X 21 V 35 or a T1 E1 interface for connection to stan dard WAN services Below are the configuration options for the WAN interface Serial Interface The serial interface configuration menus allow the user to configure the serial interface for HDLC based con nections Variables The following table lists variables that are configurable on the IPLink s software Variable Options Function Clock Mode The clock setting for the serial interface will determine the source of timing for the serial interface only RX Clock Invert Inverted The clock invert functions could be used to invert the clocks TX Clock Invert that are used on the serial interface It is not recommended to Kormadl change this parameter unless requested by Patton Electron ics technical support Keep at default Any n x 64 kbps speed Defines the generated speed for internal clock mode opera Speed should be enter tion or the clock that will be received in external clock mode ed as the rate i e 512 operation for 512 kbps or 2048 Serial Speed for 2 048 Mbps TX Data Sample Ext Clk When the unit is running in internal clock mode the setting of Point TX Data SamplePoint will indicate to the system which clock Dock to use to sample the in comi
43. AN interfaces of the firewall Global address pool and reserved map 1 Click on Advanced NAT Configuration on the web page Security Interface Configuration 2 Click on the hyperlink Add Global Address Pool The global IP addresses need to be created and put into the Global Address Pool 3 Set the parameters to the following values See figure 53 Interface Type internal Use Subnet Configuration Use IP Address Range IP Address 100 100 100 101 Subnet Mask IP Address 2 100 100 100 102 Introduction to NAT 80 Models 2603 2621 and 2635 Getting Started Guide 7 Security Click on Add Global Address Pool button NAT Add Global Address Pool ppp 0 Add Global Address Pool Interface Type Use Subnet Configuration IP Address Subnet Mask IP Address 2 internal Use IP Address Range 100 100 100 101 100 100 100 102 Add Global Address Pool Figure 53 NAT Global Address Pool configuration 4 Next create a reserved mapping between a global IP address from the global pool and a PC on the side of the internal interface ipl In this example 10 10 19 11 5 Click on the hyperlink Add Reserved Mapping 6 Set the parameters to the following values See figure 54 Global IP Address 100 100 100 101 Internal IP address 10 10 19 11 Transport Type all Port Number 65535 This port number means all port numbers for TCP or UDP protocols will be mapped 7 Click on Add R
44. Conformity This equipment conforms to the requirements of Council Directive 1999 5 EC on the approximation of the laws of the member states relating to Radio and Telecommunication Terminal Equipment and the mutual rec ognition of their conformity The safety advice in the documentation accompanying this product shall be obeyed The conformity to the above directive 1s indicated by the CE sign on the device The signed Declaration of Conformity can be downloaded at www patton com certifications FCC Part 68 ACTA Statement Model 2603 only This equipment complies with Part 68 of FCC rules and the requirements adopted by ACTA On the bottom side of this equipment is a label that contains among other information a product identifier in the format US AAAEQ TXXXX If requested this number must be provided to the telephone company Compliance 116 Models 2603 2621 and 2635 Getting Started Guide A Compliance information The method used to connect this equipment to the premises wiring and telephone network must comply with the applicable FCC Part 68 rules and requirements adopted by the ACTA If this equipment causes harm to the telephone network the telephone company will notify you in advance that temporary discontinuance of service may be required But if advance notice isnt practical the telephone company will notify the customer as soon as possible Also you will be advised of your right to file a complaint with the FCC if y
45. D don 4a ne ES A uh sb a del ee eee aes 20 oy arene l cre Meri ON TM O e 26 PUEL PEU tac santos Ae ee ere c sce TT 26 Rear View of the 2603 1 showing location of Ethernet and WAN connectors ati 29 Ms a soto EU VEM a uU E EE ore 29 Rear view of the 2603 K showing location of Ethernet and WAN connectors sees Re qeu EE danado 30 Rear view of the 2621 showing location of Ethernet and XJ connectors sed 31 Case T E wil acide dd due sta eese E ua ies 32 Poona A ar a eee See 32 Rear view or the 2075 showing locion of Ethemer and V 35 T as nra ou ek ecw wae 33 ET hed roa OCE T T EN mmm 34 Power connector bocinon on rear panel Model 26057 T shown a T RN S A T R T RER a dacs 35 IPLink front panel LEDs and Console port locations Model 2005 shown a ati 36 E oa H ato E LEH hM A E ol bis ane 38 hann A i e a Ir 38 l Macer i iu KCN MN ru EI TM 29 Urea LAN por 1P addis T ee ei aa 4 DEUET DES Pesci bene bt CE o qc q epee ee eee ee 42 LES ET RO E T DM T 42 Con ouai einer T ouest du tut ase Nasa et edi E md Lex LL Le Saad 43 Model 2021 X21 serial port coniiguration parametern sores oos uda e aeo basi EURO UI dig 46 Model 2635 30 seral port aitor paroles S d uie ais o auem P ad edu Cu S 46 Moda 2005 TULI SAM por conteumiuon Pareto cce dao ee bine diu Robson ast deiude 47 o P D t C NM Ere D A UC EM 47 EDI T ens qb ce ione ated du rid ai S tus 48 LIO T D PUB eden nsu SESS eL dd Hi hada Serb 31 Pe eee em DS A AA Tct T 2d A M TUM MN TT 53 EC o a cid M O a a
46. DE PATTUN e E E Ea ElectronicsTo Models 2603 2621 and 2635 IPLink Series High Speed Routers Getting Started Guide 10 100 Crossover MDI X Power Ethernet Model 2603 ipLink Gateway High Speed WAN Access Router Console L wan L Ethernet Model 2635 IP Link DE PATTON WAN Gateway Router BE Tlecinoicsco 1 1 1 1 Model 2624 IP Link Console WAN Gateway Router FS Test Modes Console SS ag LER o e x Test Modes cal SS S Local 511E o e a L Normal SW L Normal s e A A S X X x S e S Local 511E Sync Serial Ethernet Status Remote 511 E E o HT H d E e L L Normal amp Nomal Sync Serial Ethernet ie Status Remote 511 10 100 10 100 Crossover L 90900966 S 9992226 O Crossover 3 3 x TTT L A 99000000 990900000 e Interface Port Ethernet Ethernet 9 X 21 Interface Document Number 03328U1 001 Rev A Part Number O7M2600Ser GS Revised March 24 2006 Patton Electronics Company Inc 7622 Rickenbacker Drive Gaithersburg MD 20879 USA Tel 1 301 975 1000 Fax 1 301 869 9293 Support 1 301 975 1007 Web www patton com E mail support patton com Copyright O 2003 2006 Patton Electronics Company All rights reserved The information in this document is subject to change without notice Patton Elec tronics assumes no liability for errors that may appe
47. DER ostiis AE SD PRE RP urere 27 A In e Ce E H 40 Seral Pon Connie ur Oes A AAA AAA AA A A AA 44 A e 50 A A O 68 DACP ind DNS Contrato palillo lcd si dei isa etre Ebo danS 82 MR T A 93 oystem COI T 96 KTR NR LR R T T 104 apice Clip eed MT 108 Cnet Pastor ASA ARM ainda adia 112 Compliance BIIOPHBAHON diee oiii Dein n Sb pus AI sda aeaa Lilia 115 o e bifes qa fio pi OMR OR DEN RSI RENA M 118 Cable Ceinture 122 gr Physical curn sd Xw He 124 Command Line Interlace CLI Operatii 5223 5 2 0 002 dans 129 Contents Summary Table of Contents unidad lata 3 Con e MS m OO ORAR E E T 4 E PPP 10 Listor Tables crana rr 12 About this eulde nina E iae E ORAR RR enn 13 PUIG E E E N EE AE a TE A A 13 Sr S LS a E H I dc 13 E E E E RR SR Seer ee en 14 eT a A E Sane RAP RR MP RAR p E RCA POE MEAS SiN E or en 14 Gener lobsen AIG faso ant seio Sn o A O Deique ime is 15 Pactor derult paranoia a a E o E a facius 15 Typosrapiical conventions used tn Miido TE 16 E E E E T E A E A E ETT A E E E N A ed Dep EDI 16 l General Ini orma T no eni td a e ea E TT 17 IPLink Series S T Speed Routers overview aos 18 E Ea ET ER COD E TOO USUS 18 E Ie TTT TTT 19 T EET TT 19 NN RT TT TH AE 19 BM NM EUIS MET S TOO Te 19 Ideia e Too M on Re RR A RR a nal eaa
48. DNS Configuration The third parameter is Get subnet from IP interface If you use this option then you will not enter any values in the first two parameters Should you define another subnet and also select Get subnet from IP interface the IPLink uses the Get subnet from IP interface as the ruling parameter and sets Subnet value and Subnet mask appropriately overriding your initial selection The ip1 Ethernet interface is always one option However there may be a WAN interface also as an additional option The interface is the DHCP server listening interface It listens for client requests on this interface The two remaining parameters are e Maximum lease time the default value is 86 400 seconds e Default lease time the default value is 43 200 seconds IP Addresses to be available on this subnet The next section see figure 58 has three parameters IP addresses to be available on this subnet You need to make sure that the start and end addresses offered in this range are within the subnet you defined above Alternatively you may check the Use a default range box to assign a suitable defaut IP address pool on this subnet start of address range l End of address range Use a default range C Figure 58 DHCP IP address pool Start of address range Enter the first IP address to be available in the DHCP IP address pool e End of address range Enter the last I
49. E devices Model 2621 and 2635 The T1 E1 port Connects directly to T1 E1 lines Model 2603 The fouter provides all layer and layer 3 protocols required for end to end link communication When configuring the IPLink router questions must be answered so the IPLink router functions as desired For example when a router or bridge module needs to be activated some questions would be e Isa default gateway required e Which encapsulation technique is best for this application Frame Relay PPP or another These decisions can be made and implemented more easily if The IPLink Series router s fundamental architecture is understood Also while configuring The IPLink Series router via a browser using the built in HTTP server is very intuitive an understanding of the architecture is essential when using the command line interface CLI commands The fundamental building blocks comprise a router or bridge interfaces and transports the router and bridge each have interfaces A transport provides the path between an interface and an external connection For exam ple the Ethernet transport attaches to an Internet Protocol IP interface A transport consists of layer 2 and everything below it Creating a transport and attaching it to a bridge or router s interface enables data to be bridged or routed The supported transports are PPPoE Frame Relay PPPoH and Ethernet Configuring an interface and transport for the router or bridge requires
50. EE ES ODER TEE OU pe et RR O PRA RO RR Ne RR IS t enUE S imer rre E A TE AAE CE eal te RR E JUR d D OCR RE a Rm 37 BUNC SEM S UU tT 37 27 Models 2603 2621 and 2635 Getting Started Guide 3 Initial Configuration Hardware installation If you are already familiar with IPLink Series Router installation and configuration this chapter will enable you to finish the job quickly Installation consists of the following e Preparing for the installation see section What you will need e Installing the T1 E1 WAN X 21 or V 35 interface cable see section Interface cable installation e Hooking up network cables verifying that the unit will power up and running a Hyper Terminal session see section Installing the Ethernet cable on page 36 and shall be rated for the proper application with respect to volt age current anticipated temperature flammability and CAUTION mechanical serviceability The interconnecting cables shall be acceptable for external use e Changing the IP address from the factory default setting see section IP address modification on page 37 e Launching a web browser in preparation for configuring the modem see Web Operation and Configura tion on page 37 What you will need e IPLink Series High Speed Router Ethernet cable with RJ45 plugs on each end included with router e DB9 RJ45 adapter included with router e RJ45 RJ45 straight through cable for connecting to control port
51. Encaps Type BridgedEther Rx Max Pau 9192 Tx Max Pdu 8192 Chnl Segment Size Do Port fr Port Class framerelay Create Reset Figure 36 Frame Relay Channel configuration Central site configuration Note If you are using a IPLink at the Central location follow the instructions below otherwise refer to your third party router documentation for configu ration See the web pages for the IPLink above Some parametric values will differ but the process remains the same First configure the IP address of the Ethernet port interface ip1 via the command line CLI for 192 168 172 3 24 The PC IP address 192 168 172 229 must be on the same subnet for configuring the IPLink via the web pages 1 Bring up the web page management system on your browser by entering the IP address of the IPLink 2 On the Menu go to Services Configuration then to WAN Delete the factory default WAN services already defined 3 Click on Create a new service in the main window select Frame Relay bridged and click on Continue WAN Service Configuration 62 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services 4 Enter the description for the circuit in the Description field This is a mandatory field Without a descrip tion you cannot create a WAN service 5 Click on Create a new service in the main window select Frame relay bridged and click on the Configure button 6 Click along the following path Se
52. FC 1994 authentication WAN Interfaces e T1 E1 V 35 or X 21 interfaces e Available with female RJ 48C dual BNC DB 25 and DB 15 connectors e User configurable DTE DCE for X 21 Management e User selectable HDLC or Frame Relay WAN datalink connection e Web Based configuration via embedded web server e CLI menu for configuration management and diagnostics e Local Remote CLI VT 100 or Telnet e SNMPvl RFC 1157 MIB II RFC 1213 IPLink Series High Speed Routers overview 19 Models 2603 2621 and 2635 Getting Started Guide 1 General Information e Logging via SYSLOG and VT 100 console Console port set at 9600 bps 8 N 1 settings no flow control Security e Packet filtering firewall for controlled access to and from LAN WAN Support for 255 rules in 32 filter sets 16 individual connection profiles e DoS Detection protection Intrusion detection Logging of session blocking and intrusion events and Real Time alerts Logging or SMTP on event e Password protected system management with a username password for console and virtual terminal Sepa rate user selectable passwords for SNMP RO RW strings Access list determining up to 5 hosts networks which are allowed to access management system SNMP HTTP TELNET Logging or SMTP on events POST POST errors PPP DHCP IP Front Panel Status LEDs and Console Port The IPLink routers have all status LEDs and console port on the front panel of the unit and all ot
53. N c d ao 91 Bora the DNS Fr HR 91 IP asale c 93 UA T do P o one Oe E o o RR 94 WED I 94 L T pare NG RR RR EUER 94 Associated Ports for the different System IP Services sese 95 System ni A T 96 aio PP A SR RR RD PR re rT 97 e o Er O O RR RR eet ener ant rrr terry RR RR err OE 97 A E EE E E uM E COMER E E IUE A TEE E 98 ae Ea A E O In e O A E AT 99 foja Era PAPA A 100 SAO E 100 BeNOR Syste cos o vse En oO 100 iro d 101 Contents Models 2603 2621 and 2635 Getting Started Guide 11 12 13 a ES oye ARRE EOD C oo 101 MO I PA e o o In 102 IO io AAA rere ter CRE RR e Terr RR NE E RR re rrr 102 VSEE K ES RE 103 SN EP Client Conk pura Oi unsers EEE EEE EEE 104 Viel Lea HDi O E T O a E 105 E T Eq A a R E E E E E E E E e 105 SNIP Client Mode Configuration Parameters esencias 105 SN EP Client General Configuration Parameters supposed 106 System Clock Sedo EE T 106 KA R ET a I K A dial 108 OS ooo Io o E E E 109 a PP E E E E A E T E 109 BA a E E E E oidos 110 NS DS a e a E A E E E E oe rr 110 IS a RR N RR RR E E A RR 110 e B AAA o e ee TE 110 O A E E o T E PU
54. O OR DR 61 Remote Site Con figuratiOn pelos dolo iio 61 T e du T MARRONE RR RR RR T e 62 A Ea E AI Sana dn ed uai 63 Models 2603 2621 and 2635 Getting Started Guide Contents 10 tac AAA rr rr EOEOEO OO ESE 63 Centralsstie Con HEO aso ope Gp eMe UM 66 a A e OO on PEO O O I I O P 68 A e O e ee ee o OE 69 Cono Che Monica e PP A E 69 Conbo rine e TT T 71 Content Security Ponce epi poto iia 73 PCIA N A E A 74 sn E on P 74 real Porter edilicio ario DRE RR RR ER eee E 74 reus a dl egos eo POE o E o PU PEO o O A 75 FST Detecci n ten LS as 78 PP ECN H RO 80 Puablino NAE a ooo oboe 80 Global address pool and reserved Map rio oia iia pensada nas dese quae 80 DHCP and DNS Contrato ED 82 e E RR RR ARDER CR RN E STR RO Tere E 83 Services and features normally associated with each other sss 83 ipud d 84 Parameters for the DHCP Server SUDHBE seq cosenonceatotimotesettsausdeanacescduassanastanecseesensecenaseciaweieeeeth nuts osados 86 IP Addresses to be available on this subnet 2551 sese eee 87 UNS SC i Oa sac e TE E ON A EEE 88 Default gateway option information sese 2 5 9 20 ee eee eee 89 Additonalopion miormat eddie US peer f tuned 89 Bie 89 Configuration ofthe DHCP taste Eus ME Pu tap ictus 89 Ip E
55. P address to be available in the DHCP IP address pool e Use a default range Checking this box will give you an IP address pool of 20 contiguous addresses This set ting when checked overrides anything entered in the Start and End of address range If you have selected Get subnet from IP interface and have checked the Use a default range the first of the twenty IP addresses will be the next sequential address following the IP address of the IP interface For exam ple assume that the IP address of ipl is 10 10 19 10 16 figure 59 shows that the IP address pool ranges from 10 10 19 11 to 10 10 19 30 Introduction 87 Models 2603 2621 and 2635 Getting Started Guide 8 DHCP and DNS Configuration Parameters for this subnet Edit the definition of the DACP subnet here If you do not wish to specify the subnet value and subr instead select an IP interface using the Get subnet from IP interface field The subnet will track the mask belonging to the chosen IP interface Subnet value 0 gi 0 o o Subnet mask e55 255 Jo o Get subnet fram IP interface ES Maximum lease time 86400 seconds Default lease time 43200 seconds IP addresses to be available on this subnet You need to make sure that the start and end addresses offered in this range are within the subnet Alternatively you may check the Use a default range box to assign a suitable default IP address pi start of address range fio fio 13 hr End o
56. TE from DTE to DTE from DTE to DTE 126 Models 2603 2621 and 2635 Getting Started Guide D lt IPLink Physical Connectors X 21 DB 15 Connector The X 21 interface in the Model 2621 may be configured for either DTE or DCE Default is DCE Table 10 X 21 Interface Model 2621 Pin No Circuit Signal Name Direction Signal Ground or Common Return S a Fon DT Control a from DTE ci aia DI 1 o T S Signal Tings DIE Ga EE E rom DTE O C Conolb hombre H R Receive Dooe DIE I2 iaie DIE Ij S SignolTimingb DIE Mas TO CO NI Oj Gn A OIN 1 Frame Ground Transmit B 9 2 Transmit Control p 10 3 Control Receive D 4 Receive EN Indication B 12 5 Indication A Signal Timng B 6 Signal Timing A 7 l5 8 Signal Ground Figure 85 X 21 DB 15 connector Serial port 127 Models 2603 2621 and 2635 Getting Started Guide D e IPLink Physical Connectors E1 TI RJ 48C Connector The T1 E1 transmit signals are not polarity sensitive even though they have the traditional designation of Tip and Ring Table 11 T1 E1 Port Pin No Signal Receive Ring Receive Tip Shield Receive Transmit Ring Transmit Tip Shield Transmit CO N Os Gn By Gy N RX RX TX IX 12345678 Figure 86 T1 E1 RJ 48C connector Serial port 128 Appendix E Command Line Interface CLI Operation Chapter contents e e
57. a FTP Front panel LEDs indicate Power WAN and Ethernet LAN speed and status Convenient and standard RJ connectors for Ethernet Line and Console e Standard one year parts and labor warranty IPLink Series High Speed Routers overview 18 Models 2603 2621 and 2635 Getting Started Guide 1 General Information Ethernet e Auto sensing full duplex 10Base T 100Base TX Ethernet e Standard RJ 45 connector e Built in MDI X cross over switch e IEEE 802 1d transparent learning bridge e 2 IP address subnets on Ethernet interface Protocol support Complete internetworking with IP RFC 741 TCP RFC 793 UDP RFC 768 ICMP RFC 950 ARP RFC 826 e P router with RIP RFC 1058 RIPv2 RFC 2453 e Up to 64 static routes Built in ping and traceroute facilities e Integrated DHCP server RFC 2131 DHCP relay agent REC 2132 RFC 1542 with 8 individual address pools e DNS relay with primary and secondary name server selection e NAT RFC 3022 with network address port translation NAPT MultiNat with 1 1 Many 1 Many Many mapping Port IP redirection and mapping e Frame Relay with Annex A D LMI RFC 1490 and FRE 12 Fragmentation PPP Support Point to point protocol over HDLC e PPPoE RFC 2516 Client for autonomous network connection Eliminates the requirement of installing client software on a local PC and allows sharing of the connection across a LAN User configurable PPP PAP RFC 1661 or CHAP R
58. a RU sand 44 WAN Serial Port Conor copies ne irao spa asas dated eodnt sape a REE e ENEN Ea aa Roe 45 cT RE Arrieta 45 Poi 0 c e 45 Web Interface Configuration ooo iio RR ndoaei 46 TUET Inerce Coni Tarao seen RD E cn N pao 46 Configuring the IPLink Series 2603 for T1 Operation sees ee eee eee 47 MAG TEE E E A E ee E ee 47 Configuring the IPLink Series 2603 for El Operation stes scccs davescnesedesssanasansecosuneuacenessnjaoedereesasnsdeseceuavinen 48 D Do T a A o UA 48 6 WAN Services custodia 50 b D uuo MEL 51 Configuring the IPLink Series 2603 for El Operation eese nennen 51 RV lag Gro cin iie desired 51 WAN Service TT siii O E RR RR RR anin 2d DPI CODD OD oce picco eas M ib iE cee DR Me UEM la RUE 52 PEP PI E E A A RAP RR AR PR A 22 PPP Bridged Remote Site Configuration ten added nia 52 Central Site R T oer cet aca medien sx netic ence R aaa Ea Eaa tus 53 PPRT O e a E oo e oo E E ETE 54 R mote site conli NE ssiri n pineda 54 Central Site C OBIISUEAUIO in RR RR RR RR RR RR RR RO aiai 27 LMI Management Frame Relay links shoes viani Tee anon Tiao ovate saraa teu hb D ee rad na beu DEUM SOUS 58 Ao A en e 58 Frame Relay Local Manasenment T TT 58 EMC anim utarroti T 59 Web Confipuration Methods RR RR Re tree or ree RR RR RR treet errr tr ery 59 Frame Relay Concursal Rad aa 60 Pame La a ls o E COPA e O UU Go EE
59. add a new user username use the command system add user lt username gt lt coment gt system add login user lt username gt lt Comment gt The first command creates a user who can access the system via a dialin connection using PPP for example The second command creates a user who can login to the system For example the commands system add user fred user with dialin access system add login joe user with login access creates two new users called fred and joe The accounts are created with no passwords To view details about the new users enter system list users The following information is returned Users May May Access ID Name Conf Dialin Level Comment fred disabled ENABLED default user with dialin access 2 joe ENABLED disabled default user with login access 3 admin ENABLED disabled superuser Default admin user Setting user passwords To change the password for the user you are currently logged in as use the command user password Enter the new password twice as prompted Enter new password Again to verify gt Administering user accounts 132 Models 2603 2621 and 2635 Getting Started Guide E Command Line Interface CLI Operation Note No check is made for any current password which may have been set for the user Ifyou wish to change the password for another user enter the command user change lt username gt This command logs you into the sys
60. all be easily accessible and pro tected by a circuit breaker Mains Voltage Do not open the case when the power cord is attached Dis 14 Models 2603 2621 and 2635 Getting Started Guide About this guide For AC powered units ensure that the power cable used with the device meets all applicable standards for the country in which it is to be installed and that it is connected to a wall outlet which has earth ground For units with an external power adapter the adapter shall be a listed Lim ited Power Source eo power to the unit is ON or OFF To avoid electric shock use caution when near WAN ports When detaching the cables detach the end away from the WARNING device first j Hazardous network voltages are present in WAN ports regardless of whether returned to Patton Electronics for repairs or repaired by qualified service personnel This device contains no user serviceable parts The equipment shall be In accordance with the requirements of council directive 2002 96 EC on Waste of Electrical and Electronic Equipment WEEE ensure that at end of life you separate this product from other waste and scrap and deliver to the WEEE collection system in your country for recycling id General observations Clean the case with a soft slightly moist anti static cloth Place the unit on a flat surface and ensure free air circulation Avoid exposing the unit to direct sunlight and other heat sources
61. ar in this document Warranty Information The software described in this document is furnished under a license and may be used or copied only in accordance with the terms of such license Patton Electronics warrants all IPLink Series router components to be free from defects and will at our option repair or replace the product should it fail within one year from the first date of the shipment This warranty is limited to defects in workmanship or materials and does not cover customer damage abuse or unauthorized modification If the product fails to perform as warranted your sole recourse shall be repair or replacement as described above Under no condition shall Patton Electronics be liable for any damages incurred by the use of this product These damages include but are not limited to the following lost profits lost savings and incidental or consequential damages arising from the use of or inability to use this product Patton Electronics specifically disclaims all other warran ties expressed or implied and the installation or use of this product shall be deemed an acceptance of these terms by the user Note Conformity documents of all Patton products can be viewed online at www patton com under the appropriate product page Summary Table of Contents ND AN WB UL ER QU N 10 11 12 ao O H General o A DR SR DR RNP PR O 17 Palae EE ns a De US DP Da ca oa 24 E os oito ii eta to AA i ie orit deca a ERE Eco Pte PRA PRE
62. associated port is not active which means it is not available to abuse with the intent of unauthorized access IP Services This allows the user to e System Services DNS Relay Enabled y FTP Enabled E TTP Enabled 9 SNMP Enabled E WEB Server _Update Figure 67 System Services configuration web page WEB Server The System Service which must be wisely disabled is the WEB Server After you disable the WEB Server from the web page you can no longer access the any of the IPLink s web pages The only way to enable it is through the Command Line Interface CLI CLI Configuration After configuring a terminal emulator to access the IPLink s serial port there are two commands for the enabling or disabling the WEB Server The following command enables the WEB Server so you can access the management web pages via a browser Remember that by only doing this command the change is saved only in volatile memory Be sure to execute the next command to save it in non volatile memory webserver enable gt system config save The next command disables the WEB server webserver disable IP Services 94 Models 2603 2621 and 2635 Getting Started Guide 9 e IP Services Associated Ports for the different System IP Services This section is for information purposes only Consult the table to identify which ports are associated with the different System IP Services Table 5 Stan
63. ation 49 Chapter 6 WAN Services Chapter contents A T 51 Conan the TET Gene 2600 toe PE CO a Detail calado celo ee do cea 51 KES T TTT MT T 51 E A RR O GU s 52 E A cir ER E m 32 EI T TL T T a RA E 22 NN Picaza Romo ie an Ip MF m 57 are pesca o oito Ti jo TITTEN UU T RAR 53 ST e MER E M M 54 Bore alte por DUE DET OTI e oido RR RR bod RR a qe coled ores 54 Ae Deseo e ire io RN cie cre ari D RARE RIC UD T ee 37 LATU Mon mne Prane Rela EIE 1 t 58 EE T T E A a E yea tie A ae E frauen E T 58 Pame Keby Dora apare Belt a E T O E E A O E 58 I MES dit s EI E PT MM RR EE 59 KS TET a E E E E meer rer T 59 O a RR E RO RR RR Cre eee eee 60 O RAE 61 A TTT 61 ETT T 62 A A HUM n b Ma Mi 63 T pss ET op RARO NEM A 63 A cn emt ces rE OO RR A rere 66 50 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services WAN Services Configuring the IPLink Series 2603 for El Operation Web Configuration Launch nternet Explorer or similar web browser type the IP address of the 2603 enter username superuser and password superuser From the main page click on the 71 E1 gt Configuration See figure 26 T1 E1 Configuration Configuration Options Time Slot Select 1 31 Payload Rate 1904K131 Line Options Channelized El G 703 G 704 Code Sel HDB3 Line Build Cut 120 Ohm FDL Mode Fa none Clocking Mode Receive Clock Idle Codes Power Down Normal Enab
64. ay for wards DNS queries from a client to a pre defined DNS server and DNS server responses to the client You can configure the DNS Relay for two IP addresses These are for access to primary and secondary DNS Servers Configuring the DNS Relay Go to the DNS Relay webpage by following the hyperlink path Configuration Menu gt Services Configura tion gt DNS Relay See figure 64 Patton Home Page o Home o System Status amp System Configuration V Services Configuration ONFIGURATION MENU LAN WAN LMI Management IP routes DHCP server DHCP relay DNS relay C 2603 Figure 64 Hyperlink path to the DNS Relay webpage Enter the IP address of the primary DNS server see figure 65 and click on the Create button Similarly enter the IP address of the secondary DNS server Introduction 91 Models 2603 2621 and 2635 Getting Started Guide 8 DHCP and DNS Configuration DNS Relay This page allows you to enter a list of DNS server IP addresses that the DNS relay can forward DNS queries to Edit DNS server list Lise this section to edit existing DNS server addresses present in the DNS relay s list The first address should be the Primary DNS server and the second address should be the Secondary DNS server You cannot have more than two addresses at a time There are currently no DNS servers in the list Use the section below to add a new DNS server Add new DNS server Lise this
65. be on the same subnet as the IPLink Ethernet port Once this is done you can complete the configuration using the web pages Figure 29 PPP Routed Application 1 Bring up the web page management system on your browser by entering the IP address of the IPLink 2 On the Menu go to Services Configuration then to WAN Delete the factory default WAN services already defined WANI Service Configuration 54 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services 3 Click on Create a new service in the main window select PPP routed and click on the Continue button In the Description field enter the description you wish In this example it is called PPP Routed e Description PPP Routed e Interface 1 e WAN IP address 192 168 164 2 255 255 255 255 e LLC Header Mode off HDLC Header Mode ON e No authentication Username blank e Password blank WAN connection PPP routed Description PPP routed Interface itis WAN IP address 19216811642 255 255 255 255 LLC header mode of lt HOLE header mode on y No authentication O PAP CHAP or PAP User name Password Create Figure 30 PPP Routed Configuration menu 4 Click on Create 5 Goto Services Configuration gt WAN gt Edit for PPP routed gt Edit TP Interface gt Ipaddr enter the WAN IP Address and Mask in this example 192 168 164 2 and 255 255 255 255 See figure 31 WAN Service Config
66. be seen by entering the command followed by a space and a question mark gt ethernet The following parameters appear add delete set show list clear IP address modification The first parameter to change is the IP address from the default IP address of 192 168 200 10 to your selected IP address Do the following comments are in brackets gt ip list interfaces lt enter gt lists the characteristics of the different interfaces IP Interfaces gt ip set interface ipl ipaddress 10 10 19 10 255 255 0 0 lt enter gt Sets the new IP address which you have selected The IP address in this example is for illustrative purposes only gt ip list interfaces lt enter gt To see if the change in IP address is correct gt system config save lt enter gt To save the new IP address in flash memory gt The IP address has now been successfully changed Web Operation and Configuration Now that the IP address has been configured for your application you can complete the configuration using any standard web browser PC Configuration In order to connect the PC to the Ethernet LAN to communicate with The IPLink Series router the PC s IP address should be on the same subnet as the router Connect a straight through Ethernet cable between the PC s NIC or PCMCIA Ethernet card and an Ethernet hub or switch Web Browser Do the following 1 Launch a standard web browser such as Netscape Communicator or Internet Expl
67. ccessed by clicking on the Ethernet menu item in the Configuration Menu Connected indicates whether the Ethernet port sees a received signal System Status 109 Models 2603 2621 and 2635 Getting Started Guide 12 System Status LAN Status There are two hyperlinks LAN Settings and DHCP Server Settings which go to the LAN Connections and DHCP Server webpages respectively The other parameters shown in LAN Status are as follows e Local IP address the IP address of the Ethernet port e LAN subnet mask the subnet mask of the Local IP address e Actas Local DHCP Server indicates Yes or No as to whether the DHCP server is enabled or disabled An enabled DHCP server provides IP addresses to DHCP clients attached to the Ethernet port MAC address the MAC address of the Ethernet port WAN Status Displays the basic parameters and status of the WAN port service and a link to the WAN Services configura tion web page e IP Address Type indicates whether the IP address of the WAN service is statically assigned or as a DHCP client Default gateway the gateway defined by the IP Routes submenu item under Services Configuration in the Configuration Menu e Primary DNS DNS client is currently not available Hardware Status The definitions of the parameters are as follows e Up Time this is the time since the IPLink was last rebooted either soft or hard power cycle e Current Ti
68. ce 1008 1022 Reserved 1023 Used for in channel layer management WAN Service Configuration 60 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services Frame Relay bridged This application shows configuration for two IPLink units in bridged mode If using a third party router at the Central site review the router s configuration for connection to a remote bridge Remote Site Configuration First configure the IP address of the Ethernet port interface ip1 via the command line CLI for 192 168 200 2 24 The PC must be on the same subnet for configuring the IPLink via the web pages 1 Bring up the web page management system on your browser by entering the IP address of the IPLink 2 On the Menu go to Services Configuration then to WAN Delete the factory default WAN services already defined 3 Click on Create a new service in the main window select Frame Relay bridged and click on Continue Enter the description for the circuit in the Description field This is a mandatory field Without a descrip tion you cannot create a WAN service 5 Click on Create a new service in the main window select Frame relay bridged and click on the Configure button See figure 35 WAN connection Frame Relay bridged Description FA bridge OLEI fi Encapsulation method Bridged Ethernet Create Figure 35 Frame Relay bridged creation 6 Click along the following path Services Configuration gt WAN
69. ce of an SNTP server setting the internal clock If you plan the use of an SNTP server you will configure the SNTP Client Mode Configuration Parameters and SN TP Client General Configuration Parameters If you are not accessing an SNTP server you can con figure the system clock for a calendar clock setting Configuring the SNTP Client The SNTP Client Mode Configuration Parameters section is for selecting the synchronization mode and entering the IP address of the SNTP Server With the SNTP Client General Configuration Parameters sec tion you will select the time zone and set the transmit packet timeout period retries and polling period SNTP Client Mode Configuration Parameters In this section you configure the synchronization mode and enter the IP address of the SNTP server The IPLink supports three synchronization modes unicast mode anycast mode and broadcast mode Unicast is a point to point mode Anycast is a multipoint to point mode Broadcast mode is for use when the SNTP server is on the local network that is the same subnet as the IPLink When Unicast mode is enabled the IPLink sends a request to the server designated in the field containing the SNTP servers IP address See figure 81 This is a point to point communication link The IPLink requests from one server The server sends the timing information directly to the IPLink When disabled the IPLink does not send any requests to any SNTP Server
70. could be of interest They are for controlling auto negotiation 100BaseT mode and Full duplex mode LAN Connections The default LAN port s IP address and netmask can be changed on this webpage Go to gt Services Configura tion in the Configuration Menu gt LAN gt Change default LAN port IP address button on the main window See figure 17 The primary IP address and mask can be modified here but if you do you will no longer be able to access the IPLink s webpages with the previous IP address The interface associated with the Ethernet is named ip1 You can also configure a secondary IP address to the Ethernet LAN port LAN connections This page allows you to change the IP address for the default LAN port The name of the IP interface is Ipl Default LAN Port The Secondary IP Address should be on the same subnet as the Primary IP Address and uses the same Subnet Mask Addresses on other subnets can be added using Virtual Interfaces Primary IP Address IP Address fio ro Ya 1 ho T Subnet Mask 265 ss Tn 7 Secondary IP Address IP Address n fo lo fo _Update Note there may be a short pause between clicking Update and receiving a response Advanced Figure 17 Ethernet LAN port IP address configuration The secondary IP address must be in the same subnet as the primary IP address With primary and secondary IP addresses you can reach the IPLink s webpages via either IP address However you
71. dard port numbers for the System Services System IP Service TCP UDP FTP 21 control con nection 20 data con nection Tr RR SNMP m WEB Server 80 80 95 IP Services Chapter 10 System Configuration Chapter contents e o T TC E A AA EE E A E A GR SRC D 97 RES L A 97 A een OP e EE onc so I CUP O Og a RS ea at E 98 PE a A satya het 99 BrE wee a dd T 100 KTT 100 E TT C M E T t 100 a teneret d RN Meo A Ne RU 101 K crc o 101 A 102 E dies 102 vcrc A m 103 96 Models 2603 2621 and 2635 Getting Started Guide 10 System Configuration Introduction The System Configuration item on the Configuration Menu opens to provide access to twelve 12 different items They are e Authentication allows you to control access to the IPLink s console and web configuration pages e Alarm shows the Alarm Table and CPU Usage Settings You can configure the alarm severity for each of the alarms and enable disable the Alarm Error Log e Remote Access enable and set the time limit for a remote user to have access to the IPLink Update update the IPLink software from here e Save to save the IPLink configuration in non volatile memory e Backup Restore used to save the IPLink s configuration on a PC or to load a configuration already saved on a PC Restart to do a soft start of the IPLink or to restore the IPLink to factory defaults e Key the key version is used to identify which features are install
72. de the Name pull down menu and select external beside the Interface Type pull down menu Click on Create See figure 46 Configuring the security interfaces 72 Models 2603 2621 and 2635 Getting Started Guide 7 Security Security Add Interface Return to Interface Listo Figure 46 Define ppp O interface as External Configuring Security Policies Continue the previous example by defining security policies We will add only one Firewall policy called etoz signifying an external to internal policy between the external and internal interfaces l Go to the last section on the Security Interface Configuration webpage called Policies Triggers and Intru sion Detection Click on the hyperlink Security Policy Configuration See figure 47 Policies Triggers and Intrusion Detection security Policy Configuration y security Trigger Configuration gy Configure Intrusion Detection gy Figure 47 Security Policy Configuration hyperlink 2 Click on the hyperlink New Policy See figure 48 Security Policy Configuration Current Security Policies Mo Policies Defined New Policy q Figure 48 New Policy link to configuration webpage 3 Select the parameters so the policy is defined as follows Between interfaces of types external internal Validators will allow traffic Click on Apply Configuring the security interfaces 73 Models 2603 2621 and 2635 Getting Started Guide 7 Security
73. dresses of the primary and secondary DNS servers which are provided to the DHCP clients e Default gateway option information You may use the local host as the default gateway figure 56 shows the entire configuration web page for the DHCP server Introduction 85 Models 2603 2621 and 2635 Getting Started Guide 8 DHCP and DNS Configuration Create new DHCP server subnet This page allows vou to set up a new DHCP server subnet so that the system can assign IP address subnet mask and option configuration parameters to DHCP clients Parameters for this subnet Define your new DACP subnet here TT you do not wish to specify the subnet value and subnet mask by hand you may Instead select an IP interface using the Get subnet from IP interface field A suitable subnet will be created based on the IP address and subnet mask belonging to the chosen IP Interface Subnet value Subnet mask Get subnet fram IP interfacB none T d d Maximum lease time 186400 seconds Default lease time 143200 seconds IP addresses to be available on this subnet You need to make sure that the start and end addresses offered in this range are within the subnet you defined above Alternatively you may check the Use a default range box to assign a suitable default IP address pool on this subnet start of address range End of address range sul d d d Use a default range DNS server option information Enter the addresses of Pr
74. e SNTP Client configuration The format is lt Year 4 digits gt lt Month 2 digits gt lt Day 2 digits gt lt Hour 2 digits gt lt Minutes 2 digits gt lt Seconds 2 digits gt The example in figure 83 is set for January 26 2006 at 1 57 50 pm System Clock Setting 106 Models 2603 2621 and 2635 Getting Started Guide 11 SNTP Client Configuration Clock Setting cet the system clock yy y mm dd hh mm ss format 2006 01 26 13 57 50 set Clock Figure 83 Configuration of the internal system calendar clock After entering the system clock values click on the Set Clock button to save in volatile memory If the IPLink is rebooted either soft or by power cycling the Clock Setting returns to its default value System Clock Setting 107 Chapter 12 System Status Chapter contents A TIU 109 a o O 109 lE A O a o ad M RU ERE MEN 110 KS ee Mun Ret A ra RA EE A E a MT 110 SER CS EI EN T T RE RAN RR RR RR DD PR RE RN 110 CD O oum ARS SDS a A e a A Sd 110 A dA II 108 Models 2603 2621 and 2635 Getting Started Guide 12 System Status System Status A quick but thorough summary of the IPLink status is provided on this webpage but it also has links to the detailed webpages for the key subsystems of the IPLink The webpage is divided into six 6 sections e Port Connection Status connection status of the Ethernet port and a link to the Ethernet Port Configura tion webpage e LAN Status displays the loca
75. e aware of potential problems Warnings are intended to prevent safety hazards that could result in per sonal injury Cautions are intended to prevent situations that could result in property damage or impaired functioning Note A note presents additional information or interesting sidelights important information The alert symbol and IMPORTANT heading calls attention to IMPORTANT ard Strictly follow the instructions to avoid property damage The alert symbol and CAUTION heading indicate a potential haz potential electric shock hazard Strictly follow the instructions to avoid property damage caused by electric shock The shock hazard symbol and CAUTION heading indicate a The alert symbol and WARNING heading indicate a potential safety hazard AN Strictly follow the warning instructions to avoid personal injury The shock hazard symbol and WARNING heading indicate a potential electric shock hazard Strictly follow the warning instructions to avoid injury caused by electric shock gt WARNING Safety when working with electricity Do not work on the system or connect or disconnect cables during periods of A lightning activity WARNING connect the power supply cord before servicing For systems without a power switch line voltages are present within the power supply when the power WARNING cords are connected The mains outlet that is utilized to power the device shall be within 10 feet 3 meters of the device sh
76. e the IP address of the IPLink s Ethernet port interface ip1 via the command line CLI for 192 168 100 2 24 The PC must be on the same subnet for configuring the IPLink via the web pages 1 Bring up the web page management system on your browser by entering the IP address of the IPLink WAN Service Configuration 63 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services 2 On the Menu go to Services Configuration then to WAN Delete the factory default WAN services already defined 3 Click on Create a new service in the main window select Frame Relay routed and click on Continue Enter the description for the circuit in the Description field This is a mandatory field Without a descrip tion you cannot create a WAN service See figure 38 WAN connection Frame Relay routed Description FR routed DLCI a Encapsulation method Routed IP y Use DHCP WAN IP address 182 168 1642 Enable NAT on this interface Figure 38 Frame Relay routed configuration Description FR routed DLCI Enter DLCI number Consult with your service provider for the DLCI number required Encapsulation Method Defines the RFC1490 encapsulation type that will be used by the channel Choose the encapsulation method best suited for your network needs from the following options Routed IP default value Raw WAN IP address Enter the IP address assigned to the WAN port V 35 X 21 or T1 E1
77. ed entries in a list For example if you have created more than one ethernet trans port the following command ethernet list transports produces a list of numbered transport objects ID Name Port 1 eth2 ethernet 2 ethl ethernet Local VT 100 emulation A connection is made with the DB9 RJ45 adapter and an RJ45 RJ45 straight through cable Set the data rate to 9 600 baud 8 data bits one stop bits and no parity You may use a dumb terminal or a VI 100 emulation such as HyperTerminal Remote Telnet Establishing a Telnet session displays the same CLI configuration and status parameters on the display Using the Console The console commands needed for the various modes of operation are described in later sections In this sub section are the most basic commands needed for console operation ud By entering 2 all the high level commands the keywords are seen Introduction 130 Models 2603 2621 and 2635 Getting Started Guide E Command Line Interface CLI Operation By entering a keyword followed by a space and the options available will print immediately without press ing enter The previously entered commands are reprinted on the next lines For example gt ethernet After typing the you will not see the 2 add delete set show list clear gt ethernet Then you may enter one of the keywords on the displayed list followed by a space and To continue our example gt ethernet
78. ed in the IPLink e Website Settings configures the refresh rate of the web pages e Error Log displays the Syslog Settings and shows recent configuration errors from the IPLink SNMP Daemon to modify the SNMP parameters for the IPLink e Tools provides ping and traceroute commands from the IPLink Also used to clear the interface table counters Authentication The IPLink manager controls access to the IPLink s console and web pages The default defined user is supe ruser See figure 68 Authentication This page allows you to control access to your router s console and these configuration Wweb pages Currently Defined Users User May Configure Authenticate Remote End Comment superuser true false Default admin user Edit user q Create a new usar q Figure 68 Authentication web page showing default superuser The superuser is the default administrative user and is given authority to configure the IPLink but the default settings have disabled the ability to authenticate through a remote connection To enable remote access authen tication click on Edit user To add another user account click on Create a new user See figure 69 You will define the new user by Introduction 97 Models 2603 2621 and 2635 Getting Started Guide e creating a Username defining the Password 10 System Configuration give the user ability to configure the IPLink or read only authority e add a
79. eeeri ne ei ae Garda 86 PEC o Ann nea 86 Paria R torcer rare isos Sa SE dou xni RO E e E 87 Example based on dela lt range of IP address pool 52a 2239320 Qoa eios rss R 88 Cn Tato ofthe DNS server IP address sic uice deed sx nde s pota Ron R bordes e E gi bad ian oou dea a 88 DER server optional ota don SDS desgracias aa a 89 MAA A R aR NLR ds R S L d RA N EP AE 90 POPE d do ts PS da Di Did 91 Hyperlink path to the DNS Relay webpage socorprrcin eens bes ae ee dest ir R wads 91 DNS Relay conte tacon Wenn coc cosa Scho d iced a bass Td CATE REA ARS ease 92 DNS Relay configuration Completo IT 22 Sy series con oro WED PARE RHET 94 Authentication web page showing default SUDBEUSEE x R e ordin R R R KN RRR ER be RRR RRR RN ERAS aed 97 EUA ee ee ee ee AAA EA NAAA CE DS GDA 98 Alarm Manapemen tweb PARO 42 s c08ude8obecbansad cusedstsespetewhestweddesedsbsnese ia 98 Alan dc Alano Poor Lar T besarse ended rad dn ees es p Remote Access Telnet access limit oooooooooooonoooonorrrrr aora gu e a ho PPP 100 Save Conn cutation changes in non volatile Memory ioudesssosaesib34 Ren ER ee sae DE See KRN K YES 100 Saving or feloading previously saved configuration Tiles 2225292 RR TR Es ER rip R R R T Era ure da 101 i ranae M 101 pu iuh RO MT TL OT 101 is S e ode doe dta b bue ud S sawed hone ehebawtestucedeasdst Seas ae 102 SP REDIGO CDD ORAE ha ok ey Se ed S bare Ge hn deis eee 103 ice o i ce oot eect ge
80. efine fragmentation of the packets based on the Frame Relay Forum IA FRE 12 If this variable is set to 0 then FRE12 Frame Relay Fragmentation will be disabled if set to any other value it will set the fragmentation size used Port Defines the port that should be used to setup the Frame Relay Connection For routed applications the port should be set to frf For bridged applications the port should be set to fr 9 Click on the Create button 10 Click on System Configuration gt IP Routes gt Create new Ip V4 Route 11 Create the gateway to the remote IPLink by entering the WAN IP address of the remote IPLink in this example enter 192 168 164 3 in the Gateway field The other fields should be Destination 0 0 0 0 Gateway 192 168 164 3 e Mask 0 0 0 0 WAN Service Configuration 65 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services e Cost 1 e Interface frame 0 Create Ip V4Route Name Value Destination 0 0 0 0 Gateway 1921681643 Metmask 0 0 0 0 Cost Interface Update Reset Figure 40 IP route for Frame Relay routed application 12 Click on the Update button This concludes the configuration of the remote site Be sure to save the configuration in non volatile memory by System Configuration gt Save gt Click on Save in the main window Central site configuration Note Ifyou are using an IPLink at the central location follow the instructions
81. el 2603 ipLink Gateway High Speed WAN Access Router js WAN Link WAN TD Ethernet Ethernet Tx Ethernet Rx Console LED LED Link LED LED port WAN Frame WAN RD ED Ethernet LED LED N Figure 13 IPLink front panel LEDs and Console port locations Model 2603 shown Installing the Ethernet cable Do the following and shall be rated for the proper application with respect to volt age current anticipated temperature flammability and CAUTION mechanical serviceability The interconnecting cables shall be acceptable for external use 1 Connect the DB9 RJ45 adapter to the DB 9 serial port on the PC or dumb terminal Use the RJ45 RJ45 straight through cable between the adapter and the red marked RJ45 port on the IPLink Router 2 Do not connect the router to the Ethernet LAN at this time On the PC start a terminal emulation session such as Tera Term or Hyper Terminal at 9600 bps 8 data bits 1 stop bit and no parity 4 Plug the AC power cord into The IPLink Series router to power up the router Type superuser for Login and press Enter 6 Then type superuser for the password press Enter Hardware installation 36 Models 2603 2621 and 2635 Getting Started Guide 3 Initial Configuration sexy 7 A message will display Login Successful By typing the character 2 all the commands will be displayed Login superuser Login successful nds 8 Any commands parameters may
82. esaes 19 SS UU sy etait cd sa T SAR RENO 20 Front Panel Sracus LED and Console POr oanien 20 OMe ile malt TTT 21 Rear PAE connector andes IC T 21 TOV CO IMUM ELON TET RR E A A he cele 22 Cer DOES OPD y atiendo 29 an NDC power PPI sts rater bet std Ropas dee disi esent nd i pucr LM eI MEE MIS 22 E E o 29 hui arc E A t T m T TT 27 2 Produc OEI Wc otia idesdt tete E Eo acid 24 IES S TT 25 Applications I M En A 26 Su e AAA nn aea aaa eaaa iai adia 27 LE aro a ea lona a me hu Led a ubl M b teet eic e NOME 28 Ninar TUR HIM oM P M 28 interaccion la poca MR chr acce Di A a cce PAUL eene 28 Installing an interface cable on the IPLink 2603 s T1 El interface port eene 29 Installing an interface cable on the IPLink 2621 s X 21 interface port T 31 Contents Models 2603 2621 and 2635 Getting Started Guide Installing an interface cable on the IPLink 2635 s V 35 interface port sene 33 Mstalhne ehe AC 010s cord severo RR RR RR RR ar 34 Installing the thier niet T 36 address mod catolico dead H ee eee eee 37 Web Operation and CODI UEAEIOEL oecscoose st osedtes ue nese deevetenaraaeeesaceancorsnedetpetqseasycpadencashasnsselarasnoatansecbuesaneteascestoers 37 PO Content non octal 37 K OO NGC SD 37 A Ethernet LAN Por ii 40 Bia io od fe a NR ot np o E E 41 LAN OD TI RR E RR PR RR RIA RE RR MdB CI E 41 PA E 41 5 Serial Port Configiitatiofi ai das aladirndie T F
83. eserved Mapping NAT Add Reserved Mapping ppp 0 Add Reserved Mapping Global IP Address Internal IP Address Transport Port Type Number 0 100 100 101 Set to 0 0 0 0 to use the primary IP address of the 0101911 all 165535 interface ppp 0 4dd Reserved Mapping Figure 54 NAT Reserved mapping configuration The PC on the Ethernet side of the IPLink can now communicate with the public or global side through NAT Introduction to NAT 81 Chapter 8 DHCP and DNS Configuration Chapter contents EK je aa TT e Um v c mee qst Mt ONE MU IET 83 Beruces and canes normaly asocieca ni Oo tod eo LoS UU 83 Riz cR E T 84 arta cor cla DACE T T 86 LE Addresser be ABR omahe iris lll 87 Ion ce SPEI E POLES e eee eit RO a ne e RE RR em 88 LS HE RE TET E T a A A o A 88 A TL 89 o o a A A A gered one rere en er 89 IBN H E EE ere 91 A A 91 82 Models 2603 2621 and 2635 Getting Started Guide 8 DHCP and DNS Configuration Introduction The routers offer a DHCP Server DHCP Relay capability and DNS Relay incorporated into the IPLink Of the two DHCP features only one can be enabled at a time either DHCP server or DHCP relay DNS relay can hold two DNS server IP addresses in memory so the DNS relay can forward DNS queries and responses between the host user and the DNS server The DHCP Server will listen for DHCP client requests on a suitable IP interface Typically this is the Ethernet interface named ip1 by
84. et eyecare eens DRI DAI edid uio ud pb RUE 103 SNIP synchronization and server IP address GonneuranOn 2ic000510ceserew sa AR a 105 Timezone and Polling packet CONDON 2 xS 6 0 das S d dc N R erre si bi de 106 Configuration ot the internal system calendar clock iosiutisr ries TERE ZN ladrar da 107 AE OS SU tes SU e e o de ie pisa ad 109 e POOL a ee ee ee ACA AA GAI ee aa 127 RPR DIO Con DA ans rre noria estab dd 128 List of Tables ND ON GN UL KR QQ MD e fd mA m Q O ET n UI E ag me Wate goa o a rcu 16 A idein dm c e rc p ctc EMT 20 Rial pleno tie ll ih sene siad Us ls cee ee eel e 58 Ln end A Da DEST A a Cada md es 84 Sita port numbers ar R T 12 96 ee eae Ed SA b La Edd 95 ERE R EE T 111 Eine Pear IU BOSIUDB A A A 125 DO A d anu ad an cR Tr rmn 125 E Pao or N E RR ae ida adas 126 o a ea A E o Ra A EE LR I2 TEILS Ls dit utei e isdem dc dc rti dta 128 12 About this guide This guide describes installing and configuring Patton Electronics IPLink Series High Speed Routers The instructions in this guide are based on the following assumptions e The router may connect to a serial DTE device or T1 E1 line e There is a LAN connected to the Ethernet port of the router Audience This guide is intended for the following users e Operators e Installers e Maintenance technicians Structure This guide contains the following chapters and appendices e Chapter 1 on page 17 provides information about router features and ca
85. ete eo li o e ld er ra 130 A A E UE 130 BT A DE SIEUT HELD nO Nee a t s PH imde A en e tatu A AM RP OD A R 130 CR De M EMT NN 130 Urin gg t BHO Roe ary en iter ou iM AN ecd a O A EE DI S MEDIE Aie 130 ftev cadi c e liri Perder MIR E M DM e Up RE 152 LS HT A gue e RR E atenadeaenniaataedc 152 Leng NEAT Ui Teg act oii e P H H ere 152 Cia ES UII Qu FM UE 133 ETRE is ire o c NETTO cp c 133 e 133 129 Models 2603 2621 and 2635 Getting Started Guide E Command Line Interface CLI Operation Introduction The modem configuration and status can also be view and modified through the console which is accessible through the RS 232 serial port or through a Telnet session over Ethernet CLI Terminology In order to use the CLI commands you need to understand the following CLI terms e Transport A transport is a layer 2 session and everything below it You can create a transport and attach it to a bridge or router so that data can be bridged or routed via the attached transport The CLI supports the following transports e PPPoE Point to Point Protocol over Ethernet Frame Relay e PPP Point to Point Protocol over HDLC e Ethernet e Interface bridges and routers both have interfaces A single transport is attached to a bridge or router via an interface Object an object is anything that you can create and manipulate as a single entity for example interfaces transports static routes and NAT rules e List Objects are number
86. f address range 10 fio l E 30 Use a default range he Figure 59 Example based on default range of IP address pool DNS server option information When a client requests an IP address from a DHCP server the server can also send the IP addresses of the pri mary and secondary DNS servers IP addresses The IPLink can accomplish this in one of two ways neither really having an advantage over the other This section of the configuration page is one method the other is DNS Relay to be described later in this chapter Refer to figure 60 DNS server option information Enter the addresses of Priman and Secondan ONS servers to be provided to DACP clients on this subnet You may Instead allow DACP server to specify its own IP address by clicking on the Use focal host address as DNS server checkbox Primary ONS server address fo o fi o secondary DNS server address 10 o f 11 Use local host address as DNS server E Figure 60 Configuration of the DNS server IP addresses Enter the IP addresses of the primary and secondary DNS servers Subsequently the client will receive these addresses when assigned an IP address When the client makes a DNS inquiry it sends the request directly to the appropriate DNS server The IPLink router merely forwards the packet The third parameter is Use local host address as DNS server which is the IP address of the IPLink In this sce nario the client considers the IPLink as a DNS server by
87. g this equipment users should ensure that it is permissible to be con nected to the facilities of the local telecommunications company The equipment must also be installed using an acceptable method of connection In some cases the company s inside wiring associated with a single line individual service may be extended by means of a certified connector assembly telephone extension cord The customer should be aware that compliance with the above condition may not prevent degradation of service in some situations Repairs to some certified equipment should be made by an authorized maintenance facility designated by the supplier Any repairs or alterations made by the user to this equipment or equipment mal functions may give the telecommunications company cause to request the user to disconnect the equipment Users should ensure for their own protection that the ground connections of the power utility telephone lines and internal metallic water pipe system are connected together This protection may be particularly important in rural areas Industry Canada Notice 2603 Model only 117 Appendix B Specifications Chapter contents a a IB Gl ge elas e AO 119 E RISE coreana c HM CE 119 LT K T tr I 119 D E T Mm vmm PM 119 eor O a E T 120 DEL HD DE E E ET A AA 120 RT E T a E a EE 120 A 121 RY rc Re en RR RR RR RR E 121 a RA ern ae PR RIED I TAE ae RR RR otra ey 121 PROD TLE T s iet Rc T n er nee RR or cre scree 121 mdp A cii qc ON 12
88. her electrical connections are located on the rear panel Model 2600 ipLink Gateway High Speed WAN Access Router Console 10 100 Crossover ess sss sss ses AAI Ethernet MDI X V 35 Interface Figure 1 IPLink Series Router Model 2635 shown The status LEDs from left to right are see table 2 for LED descriptions e Power e Sync Serial TD RD CTS and DTR e Ethernet Link 100M Tx and Rx Table 2 Status LED descriptions ON indicates that power is applied Off indi cates that no power is applied Power IPLink Series High Speed Routers overview 20 Models 2603 2621 and 2635 Getting Started Guide 1 General Information Table 2 Status LED descriptions Continued T1 E1 Link Green Solid green connected Off disconnected On indicates a T1 E1 loss of frame condition It also indicates that no T1 E1 signal is detected D Green Green indicates a binary O condition off indicates a binary l or idle condition Green Green indicates a binary O condition off indicates a binary 1 or idle condition Sync Serial TD Green Green indicates a binary O condition off indicates a binary l or idle condition Green Green indicates a binary O condition off indicates a binary 1 or idle condition CTS Green ON indicates the CTS signal from the router is active binary 1 off indicates CTS is binary O DTR Green ON indicates the DTR signal from the
89. her end of the power cord to the power outlet at this time 1 If your unit is equipped with an internal power supply go to step 2 Otherwise insert the barrel type con nector end of the AC power cord into the external power supply connector see figure 12 2 Insert the female end of the AC power cord into the internal power supply connector see figure 12 Hardware installation 34 Models 2603 2621 and 2635 Getting Started Guide 3 Initial Configuration Internal power supply connector External power supply connector Figure 12 Power connector location on rear panel Model 2603 T shown an input voltage from 100 to 240 VAC 50 60 Hz Verify that the proper voltage is present before plugging the power cord into the receptacle Failure to do so could result in equipment damage The IPLink router power supply automatically adjusts to accept CAUTION 3 Verify that the AC power cord included with your IPLink router is compatible with local standards If it is not refer to chapter 13 Contacting Patton for assistance on page 112 to find out how to replace it with a compatible power cord 4 Connect the male end of the power cord to an appropriate power outlet Verify that the green Power LED is lit see figure 13 Unplug the AC power cord from the IPLink Series router to power down the unit Hardware installation 35 Models 2603 2621 and 2635 Getting Started Guide 3 Initial Configuration Mod
90. his page you may temporarily permit remote administration of this network device Enable Remote Access Allow access for 30 minutes _Enable Figure 72 Remote Access Telnet access limit Remote Access 99 Models 2603 2621 and 2635 Getting Started Guide 10 System Configuration Update To upgrade the IPLink to another software version select the software image by clicking on the Browse button The software is a tar file See figure 73 After selected the software is downloaded to the IPLink Wait until the upload has completed The best way to monitor when the IPLink reboots is to view the process from the RS 232 console port Firmware Update From this page vou may update the system software O Select Update File Updates where available may be obtained from Patton Electronics Company Mew Firmware Image c1260 3 24 3tar Braws EPS _ Update Options Figure 73 Updating software Clicking on Options provides for selecting Firmware Update Configuration If enabled the IPLink will pre vent updating with incorrect software Save To save configuration changes to non volatile memory it is essential to click on the Save button on this webpage See figure 74 If you do not do this all configuration changes are stored only in volatile memory meaning that if the IPLink is restarted all configuration changes are lost Click on the Save button and wait until seeing the message Sa
91. ho Storm is detected Echo Storm is a DOS attack An attacker sends oversized ICMP datagrams to the system using the ping command This can cause the system to crash freeze or reboot resulting in denial of service to legiti mate users Maximum ICMP Count Default 100 Sets the maximum number of ICMP packets per second that are allowed by the firewall before an ICMP Flood is detected An ICMP Flood is a DOS attack The attacker tries to flood the network with ICMP packets in order to prevent transmission of legitimate network traffic 4 After selecting the chosen parameters click on Update Intrusion Detection System IDS 79 Models 2603 2621 and 2635 Getting Started Guide 7 Security Introduction to NAT The basic steps for configuring NAT are 1 Enable NAT between the internal and external interfaces of the firewall 2 Create global addresses which will be added to the global pool of IP addresses on the WAN interface 3 Create a reserved mapping between a global IP address and the IP address of an internal PC A Global Address Pool is a pool of addresses seen from the outside network Each external interface creates a Global Address Pool with a single address the address assigned to that interface For outbound sessions an address is picked from a pool by hashing the source IP address for a pool index and then hashing again for an address index For inbound sessions it is necessary to create a reserved mapping
92. iceability The interconnecting cables shall be acceptable for external use Ethernet connector X 21 Interface connector RJ 45 DB 15 0000000 9 00000000 MD Ethernet X 21 Interface Figure 7 Rear view of the 2621 showing location of Ethernet and X 21 connectors Hardware installation 31 Models 2603 2621 and 2635 Getting Started Guide 3 Initial Configuration When the local third party equipment is configured as DTE the Model 3086 X 21 serial port can be config ured as DCE and a regular straight through cable can then be used Do the following to configure the X 21 port as a DCE 1 Open the IPLink s case by inserting a screwdriver into the slots and twist the screwdriver head slightly The top half of the case will separate from the lower half of the case see figure 8 Take caution not to damage any of the PC board mounted components po Figure 8 Case being opened with a screwdriver 2 Locate the small daughter board on the Model 2621 board to the right of the DB 9 connector figure 9 shows location of DTE DCE daughter board 4 DCE 4 i 310 Y In this example the DCE DTE strap is Y 2 connector configured for DCE because the DCE label on the strap is pointed toward the X 21 connector Figure 9 Location
93. iguration in non volatile memory by going to the System Configuration Save menu This concludes the T1 interface configuration via the web browser go to section WAN Service Configura tion on page 52 for instructions on router bridge and WAN service configuration Configuring the IPLink Series 2603 for El Operation Web Configuration Launch nternet Explorer or similar web browser type the IP address of the 2603 enter username superuser and password superuser From the main page click on the 71 E1 gt Configuration See figure 25 T1 E1 Configuration Configuration Options ea har Payload Rate 1984K 31 Lime Options Channelized El G 703 G 704 lt Code Sel HDE3 lt Line Build Out 1200hm y FDL Mode Fdbnone v Clocking Mode Receive Clock y Idle Codes Enabled gt Power Down Marmal _ Configure and Activate Figure 25 El port configuration WAN Serial Port Configuration 48 Models 2603 2621 and 2635 Getting Started Guide 5 Serial Port Configuration Time Slot Select For unframed El service Clear Channel go to the Line Option parameter and select Clear Channel E1 G 703 For a full framed El enter 1 31 for partially filled El enter the range of timeslots using the format for example 1 2 3 5 or 1 5 10 31 Any entry for timeslots above 31 will return and invalid selection message Line Options Choose f
94. iman and Secondan ONS servers to be provided to DACP clients on this subnet You may Instead allow DACP server to specify its own IP address by clicking on the Use focal host address as DNS server checkbox Primary DNS server address l l secondary DNS server address l l l Use local host address as DNS server Default gateway option information Use local host as default gateway Iw Create Reset Figure 56 DHCP server configuration web page Parameters for the DHCP Server subnet Four parameters are in the section for defining the DHCP subnet See figure 57 Parameters for this subnet Edit the definition of the DHCP subnet here If you do not wish to specify the subnet value and subnet mask by hand you may instead select an IP interface using the Get subnet from IP interface field The subnet will track the IP address and subnet mask belonging to the chosen IP interface subnet value lo o o lo subnet mask o o o o Get subnet from IF interface ipl Maximum lease time 86400 seconds Default lease time 43200 seconds Figure 57 DHCP Server subnet parameters The first two parameters are applicable when you will define the subnet e Subnet value It is necessary to enter the selected value here and the Subnet mask if you do not Get subnet from IP interface See description for the 3rd parameter e Subnet mask Introduction 86 Models 2603 2621 and 2635 Getting Started Guide 8 DHCP and
95. inning the reboot process You will need to configure the IP address of the Ethernet port again as described in Chapter 3 Initial Configuration Restart Router From this page vou may restart your router Restart After restarting please wait for several seconds to let the system come up If you would like to reset all configuration to factory default settings please check the following box Ivi Reset to factory default settings Restart Figure 76 Restoring to factory defaults Website Settings The refresh rate of the webpages is a configurable parameter Enter the desired refresh rate in seconds and click on the Update button Default value is 4 seconds See figure 77 Website Settings Refresh Rates Refresh Rate 4 seconds Update Figure 77 Webpage refresh rates Restart 101 Models 2603 2621 and 2635 Getting Started Guide 10 System Configuration Error Log The Error Log webpage shows recent configuration errors and provides for the configuration of the Syslog See figure 78 Two parameters are configurable for the Syslog e Syslog Host enter the IP address of the Syslog Default 0 0 0 0 e Syslog Facility select the type of syslog facility Default disabled s Click on the Update button to activate the selected parameters Default value is a disabled Syslog Error log This page shows recent configuration errors from your router Syslog Settings Syslog Host looo syslog Facility disab
96. ion of security assumes that the IPLink router has been configured with a valid IP address for the Ethernet port so that the user may access the modem via the web page If the IP address is still the factory default go to the section in Chapter 3 entitled IP Address Modification In this example the WAN transport between the two IPLink router Routers will be PPP routed 1 Click on WAN under Services Configuration in the IPLink routers Configuration Menu 2 Click on Create a new service 3 Select PPP routed and click on the Continue gt button 4 For this example enter PPP Security Firewall in the Description field See figure 41 5 Click on Create Introduction 69 Models 2603 2621 and 2635 Getting Started Guide 7 Security WAN connection PPP routed Description PPP Security Firewall Interface WAN IP address 0 0 0 0 255 255 255 255 LLC header mode otf HOLE header mode on No authentication C PAP C CHAP or PAP User name Password Create Figure 41 PPP routed WAN service for Security Firewall example 6 Click on Edit in the WAN Connections webpage and then click on the Edit Ip Interface hyperlink 7 In the Edit Ip Interface webpage enter the fields as follows and click on the Create button See figure 42 Ipaddr 192 168 101 1 Mask 255 255 255 0 Edit Ip Interface Edit Tcp Mss Clamp Edit Ip Interface Options Name Value Ipaddr hseieB1011
97. issued upon receipt and inspection of the equipment e 30 to 60 days We will add a 20 restocking charge crediting your account with 80 of the purchase price e Over 60 days Products will be accepted for repairs only RMA numbers RMA numbers are required for all product returns You can obtain an RMA by doing one of the following Completing a request on the RMA Request page in the Support section at www patton com e By calling 1 301 975 1000 and speaking to a Technical Support Engineer e By sending an e mail to returns patton com All returned units must have the RMA number clearly visible on the outside of the shipping container Please use the original packing material that the device came in or pack the unit securely to avoid damage during shipping Shipping instructions The RMA number should be clearly visible on the address label Our shipping address is as follows Patton Electronics Company RMAJ xxxx 7622 Rickenbacker Dr Gaithersburg MD 20879 4773 USA Patton will ship the equipment back to you in the same manner you ship it to us Patton will pay the return shipping costs Warranty Service and Returned Merchandise Authorizations RMAs 114 Appendix A Compliance information Chapter contents e 116 E o d M t e 116 z 1 M pc umm ac eee aaa 116 STAN Recio OO Ma E U ocio coectetuer aesti tuae Sette seeded docens p 116 ee Pelee ints T Guts mes vo ola PEL TAE oras OR eaten 116 A 116 REC Paros Se
98. l IP address on the Ethernet port the MAC address and links to the LAN con nections and DHCP Server web pages e WAN Status parameters and links to the WAN services defined on the serial port e PPPoE Status the connection authentication status is available when the PPPoE WAN service is configured and activated e Hardware Status shows the time that the IPLink has been operating the current time software version and a link to configure the time including the SNTP client Defined Interfaces provides links to statistics for the defined interfaces Status Port Connection Status Port Type Connected Line State Ethernet ethernet T d NA LAN Status Local IP Address 10 10 19 10 LAM Settings q LAN Subnet Mask 255 255 0 0 Act as Local DHCP Server No DHCP server Settings q MAC Address 00 40 BA 00 50 59 WAN Status IP Address Type Static IP Address Settings y WAH Subnet Mask Mone Default Gateway 192 1 1 4 Primary DNS None DNS Client Settings y PPPoE Status Connection Authentication None Hardware Status Up Time 00 44 46s Current Time Wed 31 Dec 2003 18 44 37 set Time o Version OP Image Software Revision 2 5 3 Kernal 8 2 0 37 Jan 13 2006 Defined Interfaces fr rtd Show Statistics o ethD Show Statistics o Figure 84 System Status subsystems summary Port Connection Status The Ethernet link goes to the Ethernet Port Configuration webpage This is the same webpage a
99. le lt Update Error log most recent errors last times are in seconds since last reboot When Process Error 1072915200 im im Invalid argument failed to set the SMTP host to 1072915201 alarm alarm Box State Change to Minor Figure 78 Error Log and Syslog Settings SNMP Daemon For remote management from an SNMP capable management station the IPLinks SNMP Daemon must be configured To identify a specific IPLink configure the Static Variables which the system administrator may use for link identification The Community Table has three configurable parameters e Password this is the password which the remote management station must use to access the IPLink for reading writing the SNMP variables Management IP the IP address of the management station e Access select either Write or Read The management station can be authorized to configure the IPLink by writing to the SNMP variables or limited to a read only function To delete an entry click on the Del box and click on the Update button Error Log 102 Models 2603 2621 and 2635 Getting Started Guide 10 System Configuration SNMP Daemon Settings This allows the user to modify the SNMP settings for this unit Static Variables system Description 2603 Single Port Router system Location hs 4 system Contact hotset 0 sts S system Mame ET Update Community Table Index Password Management IP Access Del 1 secret 101
100. led lt _ Configure and Activate Figure 26 El port configuration Time Slot Select For unframed El service Clear Channel go to the Line Option parameter and select Clear Channel E1 G 703 For a full framed El enter 1 31 for partially filled El enter the range of timeslots using the format for example 1 2 3 5 or 1 5 10 31 Any entry for timeslots above 31 will return and invalid selection message Line Options Choose from Clear Channel E1 G 703 or Channelized E1 G 703 G 704 Consult with your service provider which option is required Line Code Choose from AMI or HDB3 Most El applications use HDB3 Line Build Out Select 120 Ohms if the El connection is made via the RJ 48C connector select 75 Ohm if the El connection is made via the dual BNC Connectors FDL Mode FDL is a T1 application therefore select Fdl none for El applications Clocking Mode Options are Internal or Receive Recover Clock network In most applications clocking for the 2603 will be derived from the El network set the unit for Receive Recover unless instructed otherwise by your service provider Idle code Options are Enabled or Disabled When idle code is Enabled the 2603 inserts idle codes 7E hex on unused timeslots Set this option to Disabled unless instructed otherwise Power Down Options are Normal and Powerdown When powered down the E1 will put high impedance on the input and output lines to protect the
101. list ports transports ethernet list Then gt ethernet list transports gt ethernet list transports lt enter gt Ethernet transports ID Name Port eae A ASA AAA A 1 ethl ethernet Another example shows when the user must provide a parameter gt ip 7 list clear add delete set attach attachbridge detach show interface ping gt ip interface lt name gt The lt name gt of the interface In this instance the interface name is ip1 It is important that you do the inquiry to determine whether additional parameters follow gt ip interface ipl add delete clear list gt ip interface ipl list secondaryipaddresses gt ip interface ip1 list secondaryipaddresses CLI Terminology 131 Models 2603 2621 and 2635 Getting Started Guide E Command Line Interface CLI Operation ip interface ipl list secondaryipaddresses lt enter gt Secondary IP addresses for interface ipl ID IP Address In this example there was not a secondary IP address Now save the entire configuration in nonvolatile FLASH mem ory with the following command gt system config save Wait for the message that says Configuration Saved then reboot the modem with this command system restart Administering user accounts As admin user you can administer user accounts This section summarizes the CLI commands which can be used to administer user accounts Adding new users To
102. lnet SNMPvl RFC 1157 MIB II RFC 1213 Logging via SYSLOG and VT 100 console Console port set at 9600 bps 8 bits no parity 1 stop bit no flow control Protocol Support 120 Models 2603 2621 and 2635 Getting Started Guide B Specifications Security Packet filtering firewall for controlled access to and from LAN WAN Support for 255 rules in 32 filter sets 16 individual connection profiles e DoS Detection protection Intrusion detection Logging of session blocking and intrusion events and Real Time alerts Logging or SMTP on event e Password protected system management with a username password for console and virtual terminal Sepa rate user selectable passwords for SNMP RO RW strings e Access list determining up to 5 hosts networks which are allowed to access management system SNMP HTTP TELNET Logging or SMTP on events POST POST errors PPP DHCD IP Dimensions 1 58H x 4 16W x 3 75D in 10 6H x 4 1W x 8 8D cm Power and Power Supply Specifications The IPLink router may come with either an AC or DC power supply AC universal power supply The IPLink Series router offers internal or external AC power supply options e The internal power supply connects to an AC source via an IEC 320 connector 100 240 VAC 200 mA 50 60 Hz e The external power supply connects to an external source providing 5 VDC via a barrel type connector 48 VDC power supply e Rated voltage and current 36 60 VDC 400 m
103. lt or disabled In some instances autonegotia tion may be problematic if another device on the LAN does not work properly with autonegotiation e 100Base Mode the default is for 100BaseT true To configure it for 10BaseT operation at all times set to false Introduction 42 Models 2603 2621 and 2635 Getting Started Guide 4 Ethernet LAN Port e Full Duplex Mode the default value is true for Full Duplex operation Setting it to false configures the Ethernet port to operate only in half duplex mode Rarely do these parameters require a change from their default operation Introduction Auto Negotiation Auto Negotiate Restart Connected Dis Reconnect Count Enable Duplex Check Full Duplex Jabber Jabber Count Link Speed 100Base Mode Full Duplex Mode Remote UUBTEU RemotelD00BTHO Remotel0BTFO Remote UB THU Remote Fault Remote Fault Count Update Reset Clear ifEntry true false true 14 true false false O 100000 true false false false false true false D Figure 20 Configurable Ethernet parameters 43 Chapter 5 Serial Port Configuration Chapter contents o COBRAR Ce COR 45 crt M T ment en E E T 45 a T 45 A AE ER ey nc eg wen ener 46 MIRA B T SE T m rere tin O 46 Conhipuring the IPLink sens IE for DE O TTT 47 Sep Go sale Oye ta a me eee ee de dixi Rd art etre eee Uu uto IA me nn ee 47 Coin CER UY ie Series 2605 Tor R H 48 por B
104. lt Value 4 Network side N393 protocol value T391 Value Default Value 10 This variable sets the T391 timers in seconds e T392 Value Default Value 16 This variable sets the T392 timers in seconds Web Configuration Methods The following documentation defines how to configure the Frame Relay Local Management Interface using the Web Interface on the IPLink Series WAN Service Configuration 59 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services All LMI configuration variables are contained under the LMI Management window found through the Ser vices Configuration gt LMI Management link The following screen shows the configuration variables available LMI Management LMI Configuration Management Type no maintenance Management state N A Fu Repot Cycle E user max Eras R Net Max Err Poo Update Figure 34 LMI Configuration webpage Frame Relay Configuration The Frame Relay service can be configured for either bridged or routed applications The use of DLCI values since the original publication of the Frame Relay specifications has been modified as to their use For the two octet address format they are as follows DLCI Number Use O Used for in channel signaling 1 15 Reserved DLCI s 16 99 Assigned using Frame Relay connection procedures Verify that none of these values have been assigned to permanent frame relay cells 992 1007 Layer 2 management of FR bearer servi
105. me the time is derived from one of two sources If the IPLink is configured as an SNTP client the time is from an SNTP server If the SNTP client is not configured the time derives from the Clock Set ting as set by the user The Clock Setting is found in the SN TP Client configuration page e Version lists the version of the operating software in the IPLink The version information is more detailed than is listed on the Home webpage of the IPLink e Set Time a link to the SNTP Client configuration page Defined Interfaces Provides links to operating statistics of the defined interfaces System Status 110 Models 2603 2621 and 2635 Getting Started Guide 12 System Status Status LEDs The LEDs indicate the status of the Power the WAN Sync Serial port and the Ethernet connection All LED indicators will present the same looking profile e g clear when unlit due to being single color water clear high efficiency LEDs Table 6 Status LED descriptions Power Green ON indicates that power is applied Off indi cates that no power is applied T1 E1 Link Green Solid green connected Off disconnected Green Green indicates a binary O condition off indicates a binary l or idle condition Green Green indicates a binary O condition off indicates a binary 1 or idle condition Sync Serial TD Green Green indicates a binary O condition off indicates a binary l or idle condition o mm Green indicates a
106. n process Introduction 84 Models 2603 2621 and 2635 Getting Started Guide 8 DHCP and DNS Configuration Patton Home Page o Home o System Status System Configuration V Services Configuration LAN WAN LM Management IP routes DHCP server DHCP relay DNS relay IP Services Security SINTP client A Ex EA lt S es A C f s Lama um ed DHCP Server This page allows creation of DHCP server subnets and DHCP server fixed host IP MAC mappings You may also enable and disable the DHCP server from here The DHCP server is currently disabled Enable server Status There are currently no DHCP server subnets defined Create new Subnet O Help o There are currently no DHCP server fixed IP MAC mappings defined Create new Fixed Host O Help o Figure 55 DHCP Server web page The server needs to have a subnet of IP addresses which will be allocated when a DHCP client makes a request Define the subnet by clicking on the hyperlink Create new Subnet The next webpage Create new DHCP Server subnet has four sections e Parameters for this subnet defines the subnet and netmask the origin of the subnet maximum lease time and default lease time e IP addresses to be available on this subnet either define the IP address range for the DHCP server IP pool or use the default range which is a set of 20 IP addresses e DNS server option information enter the IP ad
107. naming the interface and transport before attaching them When using the built in HTTP server web browser this is done automatically But when config uring The IPLink Series router via CLI commands through the RS 232 control port it must be done manually Introduction 25 Models 2603 2621 and 2635 Getting Started Guide 2 Product Overview Applications Overview Patton s IPLink Gateway routers deliver all the advanced features for secure reliable and high speed Internet data connections They combine ease of use with powerful data routing to make shared Internet connectivity simple and easy With NAT support the IPLink routers offer convenient and economical operation by using a single IP address while the integrated DHCP server automates IP address assignment for connected LAN computers Security is standard with built in firewall and violation alerting features that protect the network from would be intruders 2603 IPLink Figure 3 T1 E1 Application Applications Overview 26 Chapter 3 Initial Configuration Chapter contents od A A e 28 KM TIE TT 28 e TET A e E BIO 28 Installing ad interes cable on the IPLink 2007s TIET FRIGEEIGE por oe 29 Installing an nieres cable on the IPLink 262 s X 21 interlace poli out ett t tacna tasas tetas 31 lostaling andntetiace cable os the IPLink 2017s Y 35 ena ce DOM cuate cello 33 A as E E SR errr 34 A eco Ngai anta ea ga accede E E a a 36 LEE To lob getiomi A E TE Oe 37 A eH
108. nbalanced 75 ohm El lines see figure 6 on page 30 and shall be rated for the proper application with respect to volt age current anticipated temperature flammability and CAUTION mechanical serviceability The interconnecting cables shall be acceptable for external use 10 100 Figure 4 Rear View of the 2603 T showing location of Ethernet and WAN connectors RX RX TX IX 12345678 Figure 5 RJ 48C pinout diagram Hardware installation 29 Models 2603 2621 and 2635 Getting Started Guide 3 Initial Configuration RX connector TX connector BNC BNC 10 100 Crossover Ethernet connector RJ 45 lt x Figure 6 Rear view of the 2603 K showing location of Ethernet and WAN connectors The interface cable has been installed go to section Installing the AC power cord on page 34 Hardware installation 30 Models 2603 2621 and 2635 Getting Started Guide 3 Initial Configuration Installing an interface cable on the IPLink 2621 s X 21 interface port The IPLink Model 2621 comes with an X 21 interface presented on a female DB 15 connector see figure 7 This interface can be configured as a DTE factory default or as a DCE via internal configuration jumper and shall be rated for the proper application with respect to volt age current anticipated temperature flammability and CAUTION mechanical serv
109. ng data Some systems require that the data be sampled on one clock or another This is also useful when tail circuits are being created When running in the external clock mode this should be set to Ext Clk WAN Serial Port Configuration 45 Models 2603 2621 and 2635 Getting Started Guide 5 Serial Port Configuration Web Interface Configuration The following screen capture shows the variables available to configure the X 21 serial interface Serial Configuration Configuration Options Seria speed sik y Clock Made enema z m Clock Invert norma E m Clock Invert romei E Enabled true gt Configure Figure 21 Model 2621 X 21 serial port configuration parameters The next figure shows the Model 2635 V 35 serial port configuration parameters Serial Configuration Configuration Options Seria speed 512K y Clock Made extemal y E Data Sample Point Ea do E T Clock Invert normal gt m Clock Invert normal gt Enabled me gt Configure Figure 22 Model 2635 V 35 serial port configuration parameters After the serial port has been configured go to WAN Service Configuration on page 52 section WAN Ser vice Configuration on page 52 for router bridge and WAN service configuration T1 E1 Interface Configuration The IPLink Series Model 2603 is equipped with a user selectable T1 E1 interface The T1 interface is pre sented on an RJ 48C 100 ohm connector
110. o the remote IPLink by entering the WAN IP address of the remote IPLink in this example enter 192 168 164 3 in the Gateway field The other fields should be Destination 0 0 0 0 e Gateway 192 168 164 2 e Mask 0 0 0 0 e Cost 1 e Interface frame 0 12 Click on the Update button This concludes the configuration of the remote site Be sure to save the configuration in non volatile memory by System Configuration gt Save gt Click on Save in the main window WAN Service Configuration 67 Chapter 7 Security Chapter contents ei a eto 8 aloo ATT a NIE 69 A O eee E re ene mao a are 69 AT pT oie cre 10m TG ta Gio or a oP RR ort eve leet sors teni et RO ne Boer errr a eee re rr ert 71 A A DE DSR EREET ot H EE 9 IRR a E T 74 A THT 74 ET TT a Da 74 A 75 e a A d A DR 78 uere T BIDEN DONT T A RR 80 NUE OL ET 80 Haba ad dress T ind teses K roots 80 68 Models 2603 2621 and 2635 Getting Started Guide 7 Security Introduction Security provides the ability to setup and enforce security policies The policies define the types of traffic per mitted to pass through a gateway either inbound outbound or both and from which origins the traffic may be allowed to enter Within the security configuration is a stateful firewall A stateful firewall utilizes a security mechanism to main tain information concerning the packets it receives This information is used for deciding dynamically whether or not a packet ma
111. ollowing the path given in step 1 for the ping portfilter in the previous section click on Add TCP Filter 3 The Port Range is entered as 21 for both Start and End Security Triggers 75 Models 2603 2621 and 2635 Getting Started Guide 7 Security 4 Set Inbound as Block but Outbound as Allow See figure 51 5 Click on Create Firewall Add TCP Port Filter external internal Transport Port Range Direction Type Start End Inbound Outbound TE 21 ei l lock aio 9 Figure 51 Configuring TCP port filter for FTP After configuring the FTP portfilter you can open an ftp session from Remote to Local however you can issue ftp commands e g login cd etc Because the trigger to permit transfer of data via FTP has not been defined no data can be transferred Data transfer occurs with the commands ls dir get put commands The portfilter allows an ftp control channel but does not allow the use of a secondary data channel for passing data by ftp To enable the FTP data channel add a trigger to open a secondary channel only when data is being passed This minimizes the number of open ports Each open port is a security risk 1 From the Configuration Menu gt Configuration gt Security gt Security Trigger Configuration gt New Trig ger 2 Set the parameters as follows See figure 52 Transport Type tcp Port Number Start 21 Port Number End 21 Allow Multiple Hosts Block
112. orer IE Hardware installation 37 Models 2603 2621 and 2635 Getting Started Guide 3 Initial Configuration 2 Enter the IPLink router s IP address into the URL or Address field of the browser To see the IPLink Series router home page refer to the following Figures Model 2603 is shown in figure 14 Model 2621 in figure 15 Model 2635 in figure 16 Patton Electronics Company 2603 Single Port Router Software Revision 2 6 3 Jan 13 2006 Status of 2603 Single Port Router Local IP Address 10 10 18 10 PP CPU Usage 1 NP CPU Usage 1 Up Time 01 58 50 Current Time Wed 3 Dec 2003 20 58 41 Alarm State NoMams 00000 Figure 14 Model 2603 home page Patton Home Page o Home Patton Electronics Company 2621 Single Port Router Software Revision o System Status 2 6 3 Jan 13 2006 gt System Configuration Status of 2621 Si Port Rout gt Services Configuration atus o ingle Po outer zZ n e Z z Em Z z e eu o e o Ethernet Local IP Address 10 10 19 20 V Serial PP CPU Usage 1 Configuration NP CPU Usage 0 Status Up Time 2 days 23 hours Current Time Sat 03 Jan 1970 23 32 13 Figure 15 Model 2621 home page Hardware installation 38 Models 2603 2621 and 2635 Getting Started Guide Patton Home Page o Home o System Status gt System Configuration V Services Configuration LAN WAN LMI Management TP routes DHCP
113. ou believe it is necessary The telephone company may make changes in its facilities equipment operations or procedures that could affect the operation of the equipment If this happens the telephone company will provide advance notice in order for you to make necessary modifications to maintain uninterrupted service If trouble is experienced with this equipment for repair or warranty information please contact our company If the equipment is causing harm to the telephone network the telephone company may request that you dis connect the equipment until the problem is resolved Connection to party line service is subject to state tariffs Contact the state public utility commission public service commission or corporation commission for information Industry Canada Notice 2603 Model only This equipment meets the applicable Industry Canada Terminal Equipment Technical Specifications This is confirmed by the registration number The abbreviation C before the registration number signifies that regis tration was performed based on a Declaration of Conformity indicating that Industry Canada technical speci fications were met It does not imply that Industry Canada approved the equipment This Declaration of Conformity means that the equipment meets certain telecommunications network protec tive operational and safety requirements The Department does not guarantee the equipment will operate to the user s satisfaction Before installin
114. pabilities e Chapter 2 on page 24 contains an overview describing router operation e Chapter 3 on page 27 provides initial configuration procedures e Chapter 4 on page 40 describes configuring the Ethernet LAN interface e Chapter 5 on page 44 describes configuring the serial WAN interfaces e Chapter 6 on page 50 describes configuring WAN services Chapter 7 on page 68 describes configuring security for the router Chapter 8 on page 82 describes DHCP and DNS configuration e Chapter 9 on page 93 describes configuring IP services Chapter 10 on page 96 describes system configuration e Chapter 11 on page 104 describes SNTP client configuration e Chapter 12 on page 108 provides a summary of the IPLink s status webpage and status LEDs e Chapter 13 on page 112contains information on contacting Patton technical support for assistance e Appendix A on page 115 contains compliance information for the IPLink routers e Appendix B on page 118 contains specifications for the routers Appendix C on page 122 provides cable recommendations Appendix D on page 124 describes the router s ports Appendix E on page 129 describes how to use the command line interface CLI For best results read the contents of this guide before you install the router 13 Models 2603 2621 and 2635 Getting Started Guide About this guide Precautions Notes cautions and warnings which have the following meanings are used throughout this guide to help you becom
115. ration webpage as follows Configuration Menu gt Services Configu ration gt Security See figure 44 Configuring the security interfaces 71 Models 2603 2621 and 2635 Getting Started Guide 7 Security Security Interface Configuration Security State Security Enabled Y Disabled Firewall Disabled Intrusion Detection Enabled Disabled Change State Security Level Security Level n a Enable Firewall to set level Security Interfaces There are currently no Interfaces defined Interfaces must be defined and Secunty enabled to configure MAT Add Interface gy Policies Triggers and Intrusion Detection security Policy Configuration 6 Dai atian gy L VRG cant i configure this Configure Intrusion Detactian y VAY cant configure this Figure 44 Security configuration home page 2 Goto the third section Security Interfaces on the Security Interface Configuration webpage Click on the hyperlink Add interface 3 Select ipl beside the Name pull down menu and select internal beside the Interface Type pull down menu Click on Create See figure 45 Security Add Interface New Interface Setup Name ipt Interface Type Faxternal Create dmz Return to Interface Listo external Figure 45 Define ipl interface as Internal 4 Again click on the hyperlink Add interface to define the WAN interface as external 5 Select ppp 0 besi
116. ready named by the user are in boldface italic font Variables for which you supply values are in italic font Indicates the names of fields or windows Indicates the names of command buttons that execute an action 16 Chapter 1 General Information Chapter contents ui ALT 18 Car UNS e da ide teo T 18 IS T 19 B ET ET 19 O 19 A 19 E MI ahd see teases RREO OPOR RO stare E 19 I E EE E E E E E EA E E E E 20 Ponc and e LBDS and COR POT ea T ET T E E ES 20 R A TT 21 Kear pon R uie HT 22 leer aos qi uri MP E m T T 22 aR T EU a Ea TUE 22 im dp deis T e ee 22 IU merpat ER 28018 20 71 iaae a e E 22 LR ee o 23 17 Models 2603 2621 and 2635 Getting Started Guide 1 General Information IPLink Series High Speed Routers overview The IPLink Series of gateway routers bridges combine full set of high speed IP routing features and WAN access via PPP IP FR protocols All IPLink routers come with an auto sensing full duplex 10 100Base T Ethernet port MDI X cross over switch console port and internal or external power supply There are three versions in the IPLink series corresponding to a choice of WAN interface The Model 2603 is equipped with an integrated T1 E1 CSU DSU for connection to full and fractional T1 El services e The Model 2621 is equipped with DTE DCE user configurable X 21 interface e The Model 2635 equipped with a V 35 interface presented on a female DB 25 connector and a cable to convert
117. rom Clear Channel E1 G 703 or Channelized E1 G 703 G 704 Consult with your service provider which option is required Line Code Choose from AMI or HDB3 Most El applications use HDB3 Line Build Out Select 120 Ohms if the El connection is made via the RJ 48C connector select 75 Ohm if the El connection is made via the dual BNC Connectors FDL Mode FDL is a T1 application therefore select Fdl none for El applications Clocking Mode Options are Internal or Receive Recover Clock network In most applications clocking for the 2603 will be derived from the El network set the unit for Receive Recover unless instructed otherwise by your service provider Idle code Options are Enabled or Disabled When idle code is Enabled the 2603 inserts idle codes 7E hex on unused timeslots Set this option to Disabled unless instructed otherwise Power Down Options are Normal and Powerdown When powered down the E1 will put high impedance on the input and output lines to protect the device set unit to Vormal for regular operation Once all options have been selected click on the Configure and Activate button at the bottom of the screen Additionally save the configuration by going to the System Configuration gt Save menu This concludes the El interface configuration via the web browser go to section WAN Service Configuration on page 52 for instructions on router bridge and WAN service configuration WAN Serial Port Configur
118. rvices Configuration gt WAN gt Edit Then click on Edit Frame Relay Channel The configurable parameters are e DLCI Consult with your service provider for the DLCI number required e Encapsulation type Bridged Ether Defines the RFC 1490 encapsulation type to be used by the channel In some instances you may need to choose another type Consult your service provider RX Max PDU 8192 Receive side max PDU default 8192 normally not changed from default TX Max PDU 8192 Transmit side max PDU default 8192 normally not changed from default Channel segment size The channel segment size is used to define fragmentation of the packets based on the Frame Relay Forum IA FRE 12 If this variable is set to 0 then FRE 12 Frame Relay Fragmentation will be disabled if set to any other value it will set the fragmentation size used e Port Defines the port that should be used to setup the Frame Relay Connection For routed applications the port should be set to frf for bridged applications the port should be set to fr Click on the Create button This conclude the central site configuration Frame Relay Routed This application shows the configuration for two IPLink units in routed mode If using a third party router at the Central site review the routers configuration for connection to a remote bridge Remote Central Figure 37 Frame Relay routed application Remote Site Configuration First configur
119. section to add a new DNS server to the DNS relay s list Mew DNS server IP address fio f fio l 10 Figure 65 DNS Relay configuration webpage You can change the IP address of the DNS servers on the DNS Relay webpage see figure 66 by modifying the IP address requiring the change and clicking on the Update button To delete the IP address of a DNS server check the Delete box then click on the Update button DNS Relay This page allows you to enter a list of DNS server IP addresses that the DNS relay can forward DNS queries to Edit DNS server list Lise this section to edit existing DNS server addresses present in the DNS relay s list The first address should be the Primary DNS server and the second address should be the Secondary DNS server You cannot have more than two addresses at a time DNS server IP address Delete ho Lho fi e po lho jp jm Update Reset Figure 66 DNS Relay configuration completed 92 Introduction Chapter 9 IP Services Chapter contents Qm n A o a 94 A pm EN 94 SEE SCOTI m m 94 Associated Ports tere dle te LP 27 cc 95 93 Models 2603 2621 and 2635 Getting Started Guide 9 e IP Services IP Services Certain System Services can be enabled or disabled They are DNS Relay FTP TFTP SNMP and the WEB Server The importance of disabling any of these services is an issue of security If you are not using a particular service it is best to disable it By disabling it the
120. server DHCP relay DNS relay IP Services Security SNTP client z n e Z z S Z e 9 E e o a o Ethernet gt Serial Hardware installation 3 Initial Configuration Patton Electronics Company 2635 Single Port Router Software Revision 2 6 3 Jan 13 2006 Status of 2635 Single Port Router Local IP Address 10 10 19 30 PP CPU Usage 1 NP CPU Usage 1 l Up Time 2 days 23 hours Current Time Sat 03 Jan 1970 23 30 18 Copyright c 2005 Patton Electronics Co Terms and conditions Figure 16 Model 2635 home page 39 Chapter 4 Ethernet LAN Port Chapter contents ie A RN TTT 41 DE O deis al a o ote Ra E 41 T RIDE Ta A A REN NON EEEE AE A A IM a EE N 41 40 Models 2603 2621 and 2635 Getting Started Guide 4 Ethernet LAN Port Introduction The Ethernet LAN interface port can be configured with two IP addresses a primary and a secondary IP address The configuration web page is found by following the path gt Services Configuration in the Configu ration Menu gt LAN gt Change default LAN port IP address button on the main window The Basic and Advanced Port Attributes of the Ethernet LAN port is found by clicking on the Ethernet hyper link in the IPLink s Configuration Menu the narrow window on the left hand side of the web page Clicking on the View advanced attributes hyperlink leads to a webpage with only a few parameters that
121. ta transfer between the PCs in general hosts on the different networks This is done by the implementation of Firewall portfilters Portfilters are individual rules that determine what kind of traffic can pass between two interface types For the Protocol Number below the different types are defined as Protocol Number Abbreviation Enabling the Firewall 74 Models 2603 2621 and 2635 Getting Started Guide 7 Security Protocol Number Abbreviation 6 TCP 8 EGP 9 IGP 17 UDP 46 RSVP 47 GRE 89 OSPFIGP 92 MTP 9A IPIP This example continues to allow pings over the firewall 1 From the Configuration Menu gt Configuration gt Security gt Security Policy Configuration gt Port Filters gt Add Raw IP Filter 2 Enter J for ICMP in the Protocol Number field 3 Set both Inbound and Outbound for Allow See figure 50 4 Click on Create Firewall Add Raw IP Filter external internal Direction Protocol Number Outbound Ii Allow Create Figure 50 Defining ICMP port filter for ping You can now ping between the two networks Security Triggers Security triggers are used to allow an application to open a secondary port in order to transport data The most common example is FTP This procedure sets up a trigger on the Firewall to permit an FTP session from PC A to PC B but not the reverse 1 First create an outbound only portfilter for FTP and add it to the item0 policy 2 F
122. tarted Guide 10 System Configuration remain Only by clicking on the Reset button can you clear the alarm and reset the Time and Count parame ters The parameter definitions are Alarm Severity there are five categories of severity Critical Major Minor Informational and Ignore e Time the time that the last alarm occurred e Count the number of instances the alarm has occurred To configure the severity of each alarm and to configure the Alarm Error Log click on Modify Alarms to reach the webpage See figure 71 Alarm Error Log Reporting Log Severity Level Major Log Alarm State Alarm Table ID Alarm Name Alarm Severity Update Alarm 1 PP Over Threshold Update 2 NP Over Threshold Update 3 T1 E1 Loss of Signal Update 4 THE Red Alarm Update 5 TVE1 Yellow Alarm Update Figure 71 Alarm amp Alarm Error Log configuration The Alarm Error Log can be enabled or disabled The severity level of the Alarm Log can also be configured Similarly each alarm can be set for its own severity level Remote Access The IPLink can be accessed via Telnet known as Remote Access The length of access over a remote connec tion is set on this webpage If set for zero 0 no user can access the IPLink remotely However if a user is authorized for access then the time is the limit before the remote access session is closed Remote Access From t
123. tem as another user You can then use the user password command to change the password for this user Note Changing to another user means that you lose all superuser privileges Note Only superusers can use the user change command Changing user settings To change any of the default settings for a user use the following commands For example to change the set tings for user fred system set user fred access default engineer superuser system set user fred maydialin enabled disabled system set user fred mayconfigure enabled disabled For example to change the security level for fred enter system set user fred access engineer Note Only superusers can use the user change command Controlling login access To set user login access for user username use the command all on one line system set login lt username gt access default engineer superuser Controlling user access To set user access for user username use the command all on one line system set user lt username gt access default engineer superuser Administering user accounts 133
124. tempting to identify any open ports Intrusion Detection System IDS 78 Models 2603 2621 and 2635 Getting Started Guide 7 Security Victim Protection Block Duration Default 600 seconds 10 minutes Sets the duration of the block in seconds Maximum TCP Open Handshaking Count Default 100 Sets the maximum number of unfinished TCP handshaking sessions per second that are allowed by a firewall before a SYN Flood is detected SYN Flood is a DOS attack When establishing normal TCP connections three packets are exchanged 1 A SYN synchronize packet is sent from the host to the network server 2 A SYN ACK packet is sent from the network server to the host 3 An Ack acknowledge packet is sent from the host to the network server If the host sends unreachable source addresses in the SYN packet the server sends the SYN ACK packets to the unreachable addresses and keeps resending them This creates a backlog queue of unacknowledged SYN ACK packets Once the queue is full the system will ignore all incoming SYN request and no legitimate TCP connections can be established Once the maximum number of unfinished TCP handshaking sessions is reached an attempted DOS attack is detected The firewall blocks the suspected attacker for the time limit specified in the DOS Attack Block Duration parameter Maximum Ping Count Default 15 Sets the maximum number of pings per second that are allowed by the firewall before an Ec
125. to an M34 F The IPLink routers provide selectable bridging or routing functionality along with advanced IP features such as NAT NAPT Firewall and DHCP A complete set of configurable PPP IP FR WAN protocols allow a wide range of choices when connecting branches via common WAN services The IPLink routers boast easy installa tion offering Console VT 100 Telnet HTTP and SNMP management options The following sections describes the IPLink series features and capabilities e General attributes see section General attributes Ethernet see section Ethernet on page 19 e Protocol support see section Protocol support on page 19 PPP support see section PPP Support on page 19 Management see section Management on page 19 e WAN interface see section WAN Interfaces on page 19 e Security see section Security on page 20 e Front panel status LED see section Front Panel Status LEDs and Console Port on page 20 General attributes Compact low cost router bridge 10 100 Ethernet Comprehensive hardware diagnostics Easy maintenance and effortless installation e Plug and Play operation for fast and seamless turn up with pre configured WAN and LAN options Built in web configuration e Setup allows for standard IP address and unique method for entering an IP address and mask without requiring a console connection Default IP address of 192 168 1 1 24 e Simple software upgrades obtained vi
126. tronics offers a wide array of free technical services If you have questions about any of our other products we recommend you begin your search for answers by using our technical knowledge base Here we have gathered together many of the more commonly asked questions and compiled them into a searchable database to help you quickly solve your problems Patton support headquarters in the USA Online support available at http www patton com e E mail support e mail sent to support patton com will be answered within 1 business day Telephone support standard telephone support is available 5 days a week from 8 00am to 5 00pm EST 1300 to 2200 UTC GMT by calling 1 301 975 1007 e Fax 41 253 663 5693 Alternate Patton support for Europe Middle East and Africa EMEA e Online support available at http www patton inalp com e E mail support email sent to support patton inalp com will be answered within 1 day e Telephone support standard telephone support is available five days a week from 8 00 am to 5 00 pm CET 0900 to 1800 UTC GM TD by calling 41 0 31 985 25 55 e Fax 441 0 31 985 25 26 Warranty Service and Returned Merchandise Authorizations RMAs Patton Electronics is an ISO 9001 certified manufacturer and our products are carefully tested before ship ment All of our products are backed by a comprehensive warranty program Note Ifyou purchased your equipment from a Patton Electronics reseller ask
127. uration 55 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services 6 Click on Create Edit Ip Interface Options Name Value Ipadd 9215815642 Mask 255 255 255 255 Dhep false MTU 1500 Name ppp O Enabled true 9 Layer2Session Create Reset Figure 31 Edit IP address of WAN port 7 Click on Services Configuration gt IP Routes gt Create new Ip V4 Route Create the gateway to the remote router by entering the WAN IP address of the remote router in this example enter 192 168 164 3 in the Gateway field See figure 32 8 Click the Update button Create Ip V4Route Hame Value Destination 0 0 0 0 Gateway 192 168 1643 Netmask 0 0 0 0 Cost li Interface Update Reset _Cancel Figure 32 Configuring the gateway The other fields should be Destination 0 0 0 0 Gateway 192 168 164 3 Mask 0 0 0 0 e Cost 1 e Interface blank You can see the status of the PPP link by going to the Edit PPP web page and paging down until you see the Summary description In figure 33 the PPP link is in the Establishment phase To get to the Edit PPP web page follow this path Services Configuration gt WAN gt Edit gt Edit PPP WAN Service Configuration 56 Models 2603 2621 and 2635 Getting Started Guide 6 WAN Services MRI ENT Ip Addr From IPCP re B Use Ip Addr From IPC re Hi Discover Primary DNS re Hi Discover Secondary DNS
128. ure 24 T1 configuration WAN Serial Port Configuration 47 Models 2603 2621 and 2635 Getting Started Guide 5 Serial Port Configuration Time Slot Select For a T1 using all 24 time slots enter 1 24 for fractional T1 enter in any format for example 1 2 3 5 or 1 5 10 24 Any entry for timeslots above 24 will return an invalid selection message Line Options Fractional T1 Line Code The 2603 uses B8Zs and AMI B8Zs is the most widely used Line Build Out Select from 100 OdB 100 Ohm 7 5dB 100 Ohm 15dB and 22 5dB For CSU DSU application use 100 OdB option consult your T1 service provider for more information FDL Mode Options are ANSI T1 403 and Fdl none Consult your T1 service provider if FDL is active on your T1 link Clocking Mode Internal Receive Clock network In most applications clocking for the 2603 will be derived from the T1 network set the unit for Receive Recover unless instructed otherwise by your service provider Idle code Enabled Disabled When enabled the 2603 inserts idle codes 7E hex on unused timeslots Set this option to Disabled unless instructed otherwise Power Down Normal Powered Down When powered down T1 E1 transceiver input and output lines will be set to high impedance to protect the device set unit to Normal for regular operation After all options have been selected click on the Configure and Activate button at the bottom of the screen Additionally save the conf
129. ved information model to im conf Save configuration Confirm Save Please confirm that you wish to save the configuration There wil be a delay while saving as configuration Information is written to flash Save Figure 74 Save configuration changes in non volatile memory Backup Restore You may save or use previously saved configurations from this webpage Should you want to save a specific application configuration from the IPLink click on Backup configuration to your computer To reload a previously saved configuration file icf browse and select the file from your computer Click on the Restore button to load into the IPLink See figure 75 Update 100 Models 2603 2621 and 2635 Getting Started Guide 10 System Configuration Configuration Backup Restore This page allows you to backup the configuration settings to your computer or restore configuration fram your computer Backup Configuration Backup configuration to your computer Restore Configuration Restore configuration frorn a previously saved file Configuration File Browse Restore Figure 75 Saving or reloading previously saved configuration files Restart From this webpage you can do a soft reboot of the IPLink or restore the IPLink to factory defaults To restore to factory defaults click on the box for Reset to factory default settings see figure 76 Then click on the Restart button No warning is given before beg
130. will have to login for each separate IP address Ethernet Port The Ethernet Port Configuration webpage provides a summary of the Ethernet port s performance You reach it by clicking on the hyperlink Ethernet in the IPLink s Configuration Menu window The Basic Port Attributes webpage displays the most commonly used Ethernet parameters for determining the performance of the Ethernet port see figure 18 on page 42 Introduction 41 Models 2603 2621 and 2635 Getting Started Guide 4 Ethernet LAN Port Ethernet Port Configuration View advanced attributes o Basic Port Attributes Name Value MAC UU al ba UU 20 at Rx Ok 1224338 Rx Broadcast Packets 654397 Rx Error Packets 1305 Tx Ok ES Tx Collisions 41 Tx Error Packets U 100Base false Connected true Full Duplex false Link Speed 100000 Update Reset Clear iEntry Figure 18 Basic Ethernet port attributes For additional statistical parameters and a few configurable parameters click on the hyperlink Vzew advanced attributes See figure 19 Advanced Ethernet Port Configuration 3eturn ta basic attribute list y Advanced Port Attributes Name Value Rx No Buffer O Rx Error Align U Max Multicast Listsize Ed Max Queue 32 Disable false Promiscuous Enable false Figure 19 Advanced Ethernet port attributes The three configurable parameters are all either true or false e Auto Negotiation the autonegotiation can be enabled defau
131. y pass through Port filters are rules that determine how a packet should be handled The rules define the protocol type the range of source and destination port numbers and an indication whether the packet is allowed or not Security triggers are used with applications that require and create separate sessions The most common exam ple is FTP An FTP client establishes a connection to a server using port 21 but data transfers are done on a separate connection or port The port number and who makes the connection can vary depending on the FTP client To allow FTP to work without triggers you would need to set up port filters allowing the correct port numbers through This is a significant security risk This risk can be avoided by using security triggers Triggers tell the security mechanism to expect these second ary sessions and how to handle them Rather than allowing a range of port numbers triggers handle the situa tion dynamically opening the secondary sessions only when appropriate The triggers work without needing to understand the application protocol or reading the payload of the packet although this does happen when using NAT Triggering allows you to set up a trigger for different application protocols that use multiple sessions The tim eout between sessions and whether or not session chaining are allowed are configurable Session chaining is not needed for FTP but is for NetMeeting Configuring the router The configurat
132. your reseller how you should proceed with warranty service It is often more con venient for you to work with your local reseller to obtain a replacement Pat ton services our products no matter how you acquired them Warranty coverage Our products are under warranty to be free from defects and we will at our option repair or replace the prod uct should it fail within one year from the first date of shipment Our warranty is limited to defects in work manship or materials and does not cover customer damage lightning or power surge damage abuse or unauthorized modification Introduction 113 Models 2603 2621 and 2635 Getting Started Guide 13 Contacting Patton for assistance Out ofwarranty service Patton services what we sell no matter how you acquired it including malfunctioning products that are no longer under warranty Our products have a flat fee for repairs Units damaged by lightning or other catastro phes may require replacement Returns for credit Customer satisfaction is important to us therefore any product may be returned with authorization within 30 days from the shipment date for a full credit of the purchase price If you have ordered the wrong equipment or you are dissatisfied in any way please contact us to request an RMA number to accept your return Patton is not responsible for equipment returned without a Return Authorization Return for credit policy e Less than 30 days No Charge Your credit will be
Download Pdf Manuals
Related Search