Home

Avocent Cyclades-PR1000 User's Manual

image

Contents

1. Chapter 9 Routing Protocols 70 Cyclades PR1000 OSPF Menu Continued Parameter Description Retransmit Interval Time in seconds between link state advertisement retransmissions for adjacencies in Seconds belonging to this interface Hello Interval in Time in seconds between the hello packets on this interface Seconds Dead Interval in Inactivity time seconds before a neighbor router is considered down Seconds Poll Interval in Time in seconds between the hello packets sent to an inactive non broadcast multi Seconds access neighbor Password String of up to 8 characters used to authenticate OSPF packages The use of this password is enabled in CONFIG gt IP gt OSPF gt AREA gt AUTHENTICATION TYPE Metric Defines the cost for normal service For consistent routing this parameter should be determined in the same manner for all routers in the OSPF Area Normally metric cost is defined as an inverse function of interface throughput e g 1 for 100Mbps 10 for 10Mbps 65 for T1 1785 for 56kbps etc Advertise Secondary IP Address Causes the router to advertise additional addresses assigned to this interface These are configured in CONFIG gt INTERFACE gt lt LINK gt gt NETWORK PROTOCOL gt IP Inside a given area these 4 parameters should be the same for all routers Chapter 9 Routing Protocols 71 Cyclades PR1000 OSPF Global Configurations S
2. 49 Cyclades PR1000 Network Protocol IP Menu Continued Parameter Description IP MTU Assigns the size of the Maximum Transmission Unit for the interface This determines whether or not a given IP datagram is fragmented IP Fragmentation Ignore When this parameter is set to No the DF Do Not Fragment bit in the IP header Bit DF causes IP to reject a packet that is oversized the router sends an ICMP message back to the sender When this parameter is Yes the DF bit is ignored the packet is fragmented and no message is sent back to the sender NAT Does not apply to Expanded NAT Determines the type of IP address if NAT is being used Use Global otherwise See chapter 11 or the examples in chapter 4 for details on how to configure NAT ICMP Port Active causes the router to send ICMP Port Unreachable messages when it receives UDP or TCP messages for ports that are not recognized This type of message is used by some traceroute applications and if disabled the router might not be identified in the traceroute output However there are security and performance reasons to leave this option Inactive Incoming Rule List Filter rule list for incoming packets See chapter 12 for instructions on how this parameter should be set Detailed Incoming IP Applies when a list is selected in the previous parameter See explanation of IP Accounting Accounting later in this chapter IP Accounting for a rule requires that the
3. Chapter 10 CyROS the Operating System 77 Cyclades PR1000 Other users can be created and the user usr can be assigned a password The password of the super user should be changed as soon as possible The menu CONFIG gt SECURITY gt USERS allows addition deletion and modification of the list of users The parameters are e User Name e Password e User Type Super Usr Auto or PPPAuto User Status Disabled or Enabled e Hosts 1 through 4 the host names entered here must already exist in the host table e Automatic login name for hosts 1 through 4 only for user of type auto Then the main menu items for this user are determined Telnet e Ping Traceroute e PPP e SLIP Lastly any restrictions as to how the user may log in are defined e Console Terminal e PPP Terminal Telnet PAD Terminal Chapter 10 CyROS the Operating System 78 Cyclades PR1000 The superuser has access to all menus The usr user is shown a menu upon sucessful login with the items chosen in the user s profile The pppauto user is connected directly to the user via PPP No menu appears The auto user is connected via telnet directly to the host specified as host 1 in the user profile If an automatic login name is indicated when the auto user is configured the user is logged in to the remote host directly though a password may be necessary depending on the remote host configuration IP Accountin
4. 25 SMTP Port ial F D E mail Server Web Client FIGURE 12 8 TRAFFIC RULE EXAMPLE 2 Chapter 12 Filters and Rules 98 Cyclades PR1000 The configured rules will appear as shown in the following listing Rules Lists Rule List Rule Default List Linked Name Status Scope Type Rule List web access Enabled Traffic Filter list Name web access Rule 0 Rule 1 Status Enabled Status Enabled Flow priority 1 Flow Priority 2 Rule bandwidth 0 Rule bandwidth 0 Bandwidth priority 0 Bandwidth priority 0 Protocol TCP Protocol TCP Source IP Operator None Source IP Operator None Destination IP None Destination IP None Operator Operator Source Port Operator Equal Source Port Operator None Source Port Start 30 Destination Port Equal Operator Destination Port None Destination Port SMTP Operator Start Note that for this type of traffic control of the traffic specific parameters only Flow Priority is used The Reserved Bandwidth and Bandwidth Priority parameters are not important A system needing all three is conceivable but much too complicated to show in this manual Chapter 12 Filters and Rules 99 Cyclades PR1000 CHAPTER 13 IPX INTERNETWORK PACKET EXCHANGE IPX is an alternative to IP proprietary to Novell When IPX is activated many new menus appear to allow configuration of this type of network IP and IPX can both be active in the router simultaneously and an interface can have both IP and IPX traffic p
5. Filters and Rules 96 Cyclades PR1000 Rule 1 Status Enabled Flow Priority O Rule bandwidth 255 Bandwidth priority 2 Protocol 0 source IP Operator Equal Source IP start 22e eoe 20 Source IP Mask 20D 200 sos 0 Destination IP None Operator Source Port Operator None Destination Port None Operator Rule 2 Status Enabled Flow Priority O Rule bandwidth 255 Bandwidth priority 2 Protocol 0 Source IP Operator Equal Source IP start 33 33 330 Source IP Mask 25925925970 Destination IP None Operator Source Port Operator None Destination Port None Operator FIGURE 12 7 OUTPUT SHOWING PARAMETERS FOR TRAFFIC RULE EXAMPLE 1 Chapter 12 Filters and Rules Cyclades PR1000 An example showing the third type of traffic control is given in Figure 12 8 The network administrator wants to prioritize the access to his web server He also wants to prioritize e mail sent by his SMTP server but the priority should be lower All other traffic should have the lowest priority For web server access the important flow direction is not the user requests but rather the data requested The traffic control rule must be placed on link 2 In the case of e mail the important flow is the data leaving the e mail server and not the acknowledgements back This is also governed by link 2 Note flow control could be placed on the data request packets and the SMTP acknowledgements by associating rules to link 1 lt Port
6. IPX For the example and using only the static route created above the routing table appears as in Figure 13 2 Destination Interface Subinterface hops ticks Type 00000001 0 a PrimaryNet OOAOBOOO Ethernet 0 1 Connected 00010001 Slotl Node 00602E001100 1 1 Static 00B0OC000 SLlotI 0 1 Connected Remote address FIGURE 13 2 ROUTING TABLE FOR THE EXAMPLE The SAP Service Advertisement Protocol Table In Novell networks a given server can provide various services In order for the router to identify these servers their locations and services are entered into a SAP table in the router This is done using the menu CONFIG gt IPX gt SAP TABLE The parameters for each entry are shown in the table SAP Table Menu CONFIG gt IPX gt SAP TABLE Parameter Description Service Type Service this server offers provides a list of valid codes For the server Columbo in the example this code is 0166 Server Name In the example the name is Columbo Service Network 00000003 Number Server Node 00602e001111 Server Socket Number provides a list of valid codes Number of Hops Number of routers between this router and the server 0 in the example Chapter 13 IPX 103 Cyclades PR1000 CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATION The Virtual Private Network utility can be used on any link using IP routing It is used to provide greater security between two o
7. Local Port Applies only when Global Port provided The port to be translated on the LAN side When a request comes in on port 80 for IP 200 240 230 225 in the example it is sent to the server with IP 192 168 0 31 port 80 STEP FIVE After the NAT menu parameters have been set the NAT property in the Network Protocol Menu of each interface must be configured In the example the IP Address of the Ethernet interface is not assigned dynamically The parameter CONFIG gt INTERFACE gt ETHERNET gt NETWORK PROTOCOL sIP gt NAT DYNAMIC ADDRESS ASSIGNMENT should be set to nactive The IP address of the interface connecting the router to the Internet is also assigned by the super user in the example rather than dynamically The parameter CONFIG gt INTERFACE gt SWAN gt NETWORK PROTOCOL sIP gt NAT DYNAMIC ADDRESS ASSIGNMENT would also be set to Inactive After NAT has been configured and is running the menu option INFO gt SHOW STATISTICS gt NAT will show Network Address Translation Statistics Chapter 11 NAT 85 Cyclades PR1000 CHAPTER 12 RULES AND FILTERS There are four basic types of rules 1 IP filter rules 2 Radius rules actually a combination of previously defined IP filter rules 3 traffic control rules and 4 transparent bridge rules similar to IP filter rules but for applications that use a transparent bridge IP filter rules and traffic control rules will be covered in detail in
8. MENU PARAMETERS Chapter 4 Step by Step Instructions Cyclades PR1000 STEP FOUR The Encapsulation parameters for PPP are less straight forward Many of them are based on decisions that cannot be shown in a diagram Fortunately the choices made here will mostly affect the performance of the link rather than whether it works or not Fill in the parameters appropriate for your system consulting chapter 8 of the Installation Manual for more information if necessary Menu CONFIG sINTERFACE gt SWAN gt ENCAPSULATION gt PPP Parameter Example Your Application MLPPP No PPP Inactivity None so that the connection is never Timeout broken Enable Van Jacobson No IP Header Compression Disable LCP Echo No Requests Edit ACCM No Value This will depend on the modem used Time Interval to Send Config Requests Use the preset value one Enable Predictor No Compression Connection Type Dial Out FIGURE 4 5 PPP ENCAPSULATION MENU PARAMETERS Chapter 4 Step by Step Instructions 28 Cyclades PR1000 STEP FIVE Since a modem is used in the example the dial out table must be configured This is done as shown in Figure 4 6 Menu CONFIG gt SYSTEM gt MODEMS sDIAL OUT TABLE gt ADD Parameter Example Your Application IP Address Type in any valid IP address not on the local network Init String at Dial String atdt phone number of access rovider Authentication Meth
9. Note that this example assumes that the IP address to which the network IP addresses will be translated is assigned dynamically by the Internet Service Provider For configuration of a known IP address see the chapter on NAT configuration in the complete Installation Manual Spaces have been provided next to the parameters needed for the configuration where you can fill in the parameters for your system Do this now before continuing NY Network IP oa J 192 168 0 0 Speed 38 4k be Network Mask Sa PR1000 192 168 0 30 255 255 255 0 Host FIGURE 4 1 CONNECTION TO ACCESS PROVIDER USING A SWAN INTERFACE AND A MODEM Chapter 4 Step by Step Instructions 24 Cyclades PR1000 programmed to log the super user off after 10 minutes of inactivity All data not explicitly saved to memory is then lost Collecting the data while configuring the router will likely cause delays and frustration Vv Please read the entire example and follow the instructions before turning the router on The router is STEP ONE The first step is to determine the parameters needed to configure the Ethernet interface ETHO The parameters in the Network Protocol Menu IP are shown in Figure 4 2 Fill in the blanks for your application in the right most column These parameters will be entered into the router later after all parameters have been chosen Each parameter in this menu is explained in more detail in chapter 5 of the Installation
10. Transparent Bridge are not used in this example Interface Unnumbered Numbered Primary IP Address 100 130 130 1 Subnet Mask 255 255 255 0 Secondary IP Address 0 0 0 0 for none IP MTU Use the preset value 1500 This determines whether or not a given IP datagram is fragmented IP Fragmentation Ignore Yes Bit DF NAT Global because NAT is not being used in this example ICMP Port Inactive Incoming Rule List None filters are not included in this example Outgoing Rule List Name None filters are not included in this example Routing of Broadcast Inactive Messages Proxy ARP Inactive FIGURE 4 12 ETHERNET NETWORK PROTOCOL MENU PARAMETERS Chapter 4 Step by Step Instructions 34 Cyclades PR1000 STEP TWO No more parameters are necessary for the Ethernet interface The other interface to be configured is the SWAN in slot 1 The SWAN physical media parameters are shown in Figure 4 13 Fill in the values for your application The SWAN configuration is described in more detail in chapter 6 of the Installation Manual Menu CONFIG sINTERFACE gt SWAN gt PHYSICAL DSU CSU the Clock Source is External Parameter Example Your Application Mode synchronous Clock Source When the interface is connected to a Media for SWAN Cable V 35 in the example because the DSU CSU is V 35 The type of cable is detected by the router so if the correct cable is connected to the DSU CSU the router will choose th
11. in this case Imi type e Options Legal choices The letter in parentheses is the letter that selects the corresponding option e Current value The option in square brackets is the current value Pressing lt Enter gt without typing a new value leaves the item unchanged Chapter 3 Using CyROS Menus 20 Cyclades PR1000 Special Keys lt Enter gt or lt Ctrl M gt These keys are used to end the input of a value lt ESC gt or lt Ctrl l gt These keys are used to cancel a selection or return to the previous menu In some isolated cases this key forwards you to the next menu in a series of menus at the same level lt Backspace gt or lt Ctrl H gt These keys have the expected effect of erasing previously typed characters L When available this option displays the current configuration For example in the Ethernet Interface Menu L displays the Ethernet configurations On leaving a menu where a change in configuration was made CyROS will ask whether or not the change is to be saved D iscard save to F lash or save to R un configuration Selecting Discard will undo all changes made since the last time the question was asked Saving to Flash memory makes all changes permanent The changes are immediately effective and are saved to the configuration vector in flash memory In this case the configuration is maintained even after a router reboot Saving only to the Run configuration makes
12. or global IP address port pair is permanently associ ated with one local IP address or global IP address port pair In the example the web server is connected to one of the global IP addresses for services on port 80 reducing the IP address pool to 13 Static address translation is used when the connection with the external network is to be initiated from either side external or in ternal Translation may be done in two ways 1 Address translation only each global address is assigned to a single local address when necessary In the example there are only 13 global addresses available and more than 13 hosts With this type of translation only 13 servers can connect to the Internet at any given time 2 Port and address translation the UDP TCP port and local IP address are translated as a pair With this type of translation only ONE global address is needed All hosts can be mapped to the same global IP address This can be used in our example to allow all hosts in the 192 168 0 0 network access to the Internet at the same time Chapter 11 NAT 82 Cyclades PR1000 An overview of the NAT menu is shown in the table below NAT Menu CONFIG gt SECURITY gt NAT Menu Option Description General Global Address translation option Parameters for enabling NAT and choosing the NAT Mode Also includes port The first and last IP addresses in the range In the example these numbers are 200 240 230
13. 225 and 200 240 230 238 Local Address The local network IP address and network mask and whether or not the network should be translated In the example these numbers are 192 168 0 0 and 255 255 255 0 Static Translation Defines a static translation between a global IP address port pair and a local IP address port pair In the example three such pairs are defined Timeout Definition of inactivity timeouts for UDP DNS and TCP dynamic NAT translations STEP ONE The first step in the configuration of NAT is to enable NAT and choose the NAT Mode Normal or Expanded Only the expanded mode is discussed in this chapter The normal mode is a previous version of NAT maintained for backwards compatability See chapter 4 of the CyROS Reference Guide for information about the Normal Mode NAT Menu CONFIG gt SECURITY gt NAT gt GENERAL Menu Option Description NAT Status Enables NAT NAT Mode Provides a choice between the previous NAT version the Normal Mode and the new Expanded NAT version If this parameter is changed all NAT parameters are reset to the preset values Disable Port Disables enables NAT with port translation If this parameter is changed while the router Translation is in use all the active translations are destroyed and their entries are removed from the translation table Chapter 11 NAT 83 Cyclades PR1000 STEP TWO The parameters in the Timeout M
14. 5 Configuration of the Ethernet Interface 41 Cyclades PR1000 Network Protocol Menu Continued Parameter Description Secondary IP Applies to Numbered interfaces Indicates a second or third etc up to eight IP address Address that can be used to refer to this interface This parameter and the next are repeated until no value is entered Subnet Mask Applies to Numbered interfaces Subnet mask of Secondary IP Address IP MTU Assigns the size of the Maximum Transmission Unit for the interface This determines whether or not a given IP datagram is fragmented NAT Does not apply to Expanded NAT Determines the type of IP address if NAT is being used Use Global otherwise See chapter 11 or the examples in chapter 2 for details on how to configure NAT ICMP Port Active causes the router to send ICMP Port Unreachable messages when it receives UDP or TCP messages for ports that are not recognized This type of message is used by some traceroute applications and if disabled the router might not be identified in the traceroute output However there are security and performance reasons to leave this option Inactive Incoming Rule Filter rule list for incoming packets See chapter 12 for instructions on how this parameter List should be set Detailed Applies when a list is selected in the previous parameter See explanation of IP Accounting Incoming IP in chapter 10 IP Accounting for a rule requires that the parameter
15. 93 37 icmp seq 2 ttl 127 time 1 02 ms 32 bytes from 200 246 93 37 icmp_seg 3 ttl 127 time 0 99 ms 32 bytes from 200 246 93 37 icmp_seg 4 ttl 127 time 0 99 ms 32 bytes from 200 246 93 37 icmp_seg 5 ttl 127 time 0 98 ms 200 246293 38 7 PING statistics 5 packets transmitted 5 packets received 0 packet loss round trip min avg max 0 98 1 19 1 96 ms Pinging the router from a host on the network should give similar results If the test fails confirm that the link LED is lit and that the P Address and Subnet Mask parameters in the Network Protocol menu are correct for the network to which the router is attached The command CONFIG gt INTERFACE gt ETHERNET gt L will display the Appendix A Troubleshooting 111 Cyclades PR1000 current values of the interface parameters Testing the WAN Interface The WAN interface can be tested using ping as described in the previous section If the ping is not successful check the routing table to see if a route to the destination exists INFO gt SHOW ROUTING TABLE The menu items INFO gt SHOW STATISTICS gt SWAN and INFO gt SHOW STATUS gt SWAN may also provide useful information LEDs The LEDs on the PR1000 s case display the following information e Power Lit when the PR1000 is turned on e 100TB Lit when the Ethernet link is being used for a fast Ethernet connection e Link Lit when the Ethernet link is correctly terminated e Col Indicates colli
16. IP Address is 200 240 230 238 The local address ranges must also be entered into the router in the menu CONFIG gt SECURITY gt NAT gt LOCAL ADDRESSES gt ADD RANGE Here the Network IP Address 192 168 0 0 in the example and Network Mask 255 255 255 0 in the example are entered Since this range is to be translated the parameter Should This Range be Translated should be set to Yes In the example the network 200 200 200 0 is not to be translated This can be configured by adding a new range and setting the translation parameter to No or by simply not adding the range Chapter 11 NAT 84 Cyclades PR1000 STEP FOUR If static translations are to be performed as described in the example the parameters in the Static Translation Menu must be set A brief explanation of each parameter is given in the table Static Translation Menu CONFIG gt SECURITY gt NAT gt STATIC TRANSLATION gt ADD ENTRY Parameter Description Global IP Address One of the addresses assigned by the Internet access provider and included in one of the NAT global address ranges Protocol TCP UDP ICMP or any protocol Global Port Applies to TCP and UDP protocols The port to be translated on the WAN side When a request comes in on port 80 for IP 200 240 230 225 in the example it is sent to the server with IP 192 168 0 31 port 80 Local IP Address The IP address of the server on the LAN in the example which is translated to an Internet IP address
17. IPX activated Chapter 14 Virtual Private Network describes CyROS VPN implementation Appendix A Troubleshooting provides solutions and tests for typical problems Appendix B Hardware Specifications Appendix C Configuration Without a Console Installation Assumptions This Installation Manual assumes that the reader understands networking basics and is familiar with the terms and concepts used in Local Area and Wide Area Networking Text Conventions Common text conventions are used A summary is presented below Convention Description CONFIG gt INTERFACE gt L A combination of menu items with the last being either a menu item a parameter or a command In this example L lists the interface configuration lt INTERFACE gt A variable menu item that depends on hardware options or a choice of hardware or software options IP Address A parameter or menu item referenced in text without path prepended Screen Text Screen Text lt ESC gt lt Enter gt Simbols representing special keyboard keys Chapter 1 How To Use This Manual 8 Cyclades PR1000 Icons Icons are used to draw attention to important text Icon Meanin Wh When an error is common text with this icon will mention the symptoms and how to resolve the problem Where Can Find More Information What is Wrong vp CyROS contains many features and sometimes related material must be broken
18. Relative humidity 5 to 95 non condensing Operating Altitude 12 000 feet max 8660 m FIGURE B 1 GENERAL SPECIFICATIONS Appendix B Hardware Specifications 114 Cyclades PR1000 External Interfaces The WAN Interface The WAN interface is provided on a DB 25 female connector The pinout diagram is not shown here as it depends on which protocol RS 232 V 25 or X 21 is configured Please see the pinout diagrams for the cables used for each protocol to determine the signals on the interface FIGURE B 2 SERIAL WAN INTERFACE DB 25 FEMALE The LAN Interface ETHERNET PORT Pin Ethernet Signal TPTX FIGURE B 3 10 100 BASE T ETHERNET INTERFACE RJ 45 FEMALE Appendix B Hardware Specifications 115 Cyclades PR1000 The Console Interface CONSOLE PORT i RS 232 Signal RTS e a SN RTS TX FIGURE B 4 CONSOLE INTERFACE RJ 45 FEMALE Appendix B Hardware Specifications 116 Cyclades PR1000 Cables The Straight Through Cable DB 25 Male Cyclades Router Signal Pin TxD 2 RxD 3 RTS 4 CTS 5 DSR 6 Gnd 7 DCD 8 TxClk_DTE 15 RxClk 17 DTR 20 RI 22 TxClk_DCE 24 Straight Through Cable DB 25 Male DCE DTE Pin Signal 2 TxD 3 RxD 4 RTS 5 Cis 6 DSR 7 Gnd 8 DCD 15 TxClk_DTE 17 RxClk 20 DTR 22 Ri 24 TxClk_DCE FIGURE B 5 STRAIGHT THROUGH CABLE DB 25 MALE TO DB 25 MALE Appendix B Hardware Specifications
19. TROUBLESHOOTING What to Do if the Login Screen Does Not Appear When Using a Console 1 Check the configuration of the terminal The correct values are given in chapter 2 Is the PC s COM port enabled Is the Console cable being used See Chapter 2 for instructions on which cables go where 2 Check to see if the router booted correctly Before the login screen appears boot messages should appear on the screen If the system halts while booting the last message on the screen should give an indication of what went wrong 3 While the router is booting the LEDs labeled CPU Tx Rx and GP indicate the stage of the boot process as shown in Figure A 1 When the router has started up properly the CPU LED blinks consistently one second on one second off Test CPU Tx Rx GP BootCodestep 1 Off Off Off On Boot Code CRC check 2 3 4 5 6 Interface cards detection 7 8 9 10 11 Control is being passed to the operating code FIGURE A 1 ILLUMINATION OF LEDS WHILE ROUTER IS BOOTING Appendix A Troubleshooting 109 Cyclades PR1000 What to Do if the Router Does Not Work or Stops Working 1 Check that the cables are connected correctly and firmly see chapter 2 What is in the Box for correct cable connection information 2 Confirm that the Link LED is lit indicating proper Ethernet cable termination If it is not lit check both ends of the Ethernet cable and the hub connection 3 Confirm that the CPU LED is blinkin
20. considered to be the user and the other end of the connection performs the authentication Username Applies when Authentication Type is Remote The username the remote device expects to receive Password Applies when Authentication Type is Remote The password the remote device expects to receive Authentication Server Applies when Authentication Type is Server Indicates that either a Radius or Tacacs server is used for validation The location and other parameters of the server must be configured in CONFIG gt SECURITY See section 4 3 of the CyROS Reference Guide Authentication Applies when Authentication Type is Local or Server Either PAP or CHAP or both can Protocol be used for authentication STEP FIVE The parameters defined in the Routing Protocol and Traffic Control Menus should be set after reading chapters 9 and 12 respectively It is probably best to complete the basic configuration of all router interfaces then return to the routing protocol and traffic control menus after general routing and traffic control strategies have been defined Chapter 6 Configuration of the SWAN Interface 47 Cyclades PR1000 CHAPTER 7 NETWORK PROTOCOLS The second step in most interface configurations is to choose which network protocol to use and assign values to the relevant parameters At least one of IP Transparent Bridge or IPX optional and discussed in chapter 13 must be activated Use the information p
21. eee 14 Ho rnzontal S rlacESmsss ereere RRA AEREE EEEE EEES ASSER EREEREER EEE HOO UDE EEVEE EEEE EEEE ES 15 Vertical S rntacE S aanse e EEEE A O 16 CHAPTER USING GYROS MENUS orraa aa E E E E A A A E EREE 19 Connection Using the Console Cable and a Computer or Terminal cceeeecceeeeeeeeeeeeeeeeeeeeeeenneneeees 19 Spe dla KE S ee em eee EN Se TTT TE PETS ERODE DEE ES SPEER RESET EASA RE RRRERR EMER ERE ns SORRY eer Te te ae 21 The CyROS Management Utility sssnsssssssssssnnsserrrrrssssrssrrsnnnrrrnrrrr rna rann n rn nn RR RAKA ARKA RR RR KKR KRK RR KRKA RR RAR RAR KKR KRK KARA ARR RAR Rn na 22 CHAPTER 4 STEP BY STEP INSTRUCTIONS FOR COMMON APPLICATIONS s ntessssrssrssssssnenrssssnenesnesnran 24 Example 1 Connection to an Internet Access Provider via MOC M cccccccccececeeececeeeeeeeeeeeeeeeeeeeeauaaaaaaaaaas 24 Example 2 A LAN to LAN Example Using Frame Relay mumnnmssssssssssssererrrrrsssresasrsnnnnrnnrrrrsnrr annan rann n rr rr rna nen 33 CHAPTER 5 CONFIGURATION OF THE ETHERNET INTERFACE to osnrrrssssreerssssneerssssnnenessssnenrnesnesnrrnrnnnnn ann 41 TRIP NEWOFKP F TOG Ol nner PP EP EEE RERE EEE ttt tert E E E 41 IP OOO eer A AAA aa aaaaansesena sia ena anal emer 43 Table of Contents Cyclades PR1000 Other Parameters i gedoen Cee ene 44 CHAPTER 6 THE SWAN INTERFACE a a aeaa a aaaeeeaa earar 45 CHAPTER 7 NETWORK PROTOCOLS wtececereeeeerrecererenroenennslselisenabunnethbRRRRA EE E tilts 48 TAe lP PrOtocol
22. increased to allow the reply to return to the sender If not the sender will assume it was lost and send another Edit ACCM Applies to asynchronous connections only Permits control character mapping negotiation on asynchronous links This is useful when you need to send a control character as data e g XON XOFF Crtl A etc over an asynchronous link and do not want it interpreted by the modem or other device in the middle The map is built up with the following commands Clear Resets the ACCM table toggle Toggle XON XOFF Add XON XOFF control characters to the ACCM table Toggle Char Add other control characters to the ACCM table using their ASCII value Typing the option once for example X includes it in the table Typing it again excludes it from the table More details are given in the CyROS Reference Guide Enable Predictor Compression Enables data compression using the Predictor algorithm This feature should be enabled only if Cyclades equipment is being used on both ends of the connection because there is no established standard for data compression interoperability Data compression is very CPU intensive making this feature effective only for links running at speeds under 1Mbps At higher speeds the time necessary to compress data offsets the gains in throughput achieved by data compression Number of Bits for Compression Applies when Predictor Compression Enabled Sixteen is fastest but 10 mus
23. menu CONFIG gt SECURITY gt VPN gt LOCAL IP NETWORKS gt ADD NETWORK Enter the Network IP address and mask for all devices to be included in the local network for VPN purposes In the example the networks 10 0 0 0 and 172 16 0 0 must be added Traffic from other networks attached to the router will still be routed The only difference is that the messages will be forwarded without processing and encryption by the VPN software STEP FIVE The Gateways represented by RSG1 and RSG2 in the example must be defined The Router IP address for each gateway is requested along with asecret This secret is not global but rather applies to each pair of RSGs If RSG3 defines the secret for RSG1 as rumpelstiltskin then RSG1 s secret for RSG3 must also be rumpelstiltskin It is critical that the Router IP Address as described in step two be used and not the IP address of the link connected to the IP network unless the two IP addresses happen to be the same Chapter 14 Virtual Private Network Configuration 107 Cyclades PR1000 STEP SIX Now the Remote Security Networks must be defined This is done in the CONFIG gt SECURITY gt VPN gt REMOTE IP NETWORKS gt ADD NETWORK menu The IP address and network mask must be defined for all remote devices to be included in the remote network for VPN communication The Remote Security Gateway IP address set in step five must also be given for each network In the example th
24. network MAC address etc If the login prompt does not appear see the first section of the troubleshooting appendix for help Next login The preset super user user ID is super and the corresponding preset password is surt The password should be changed as soon as possible as described in chapter 10 of the installation manual and at the end of every example in chapter 4 The login prompts and main menu are shown in Figure 3 1 All menus have the following elements e Title In the example in Figure 3 1 Main Menu e Prompt The text Select Option gt e Options The menu options which are selected by number e Router Name The default is the name of the product Each router can be renamed by the super user for easier identification Menus can also be navigated using a short cut method This method must be activated first by choosing a shortcut character in the example that follows in the CONFIG gt SYSTEM gt ROUTER DESCRIPTION menu Typing 4 1 1 at the main menu prompt for example is equivalent to choosing option 4 in the main menu Debug then choosing option 1 in the debug menu Trace then choosing option 1 in the trace menu Driver Trace In addition to menus some screens have questions with letter choices In the line below several elements may be identified lmi type A NSI G roup of four N one A e Parameter description The name of the parameter to be configured
25. parameter CONFIG gt RULES LIST gt IP gt CONFIGURE RULES gt ADD RULE gt ALLOW ACCOUNT PROCESS also be Yes Outgoing Rule List Name Filter rule list for outgoing packets See chapter 12 for instructions on how this parameter should be set Detailed Outgoing IP Applies when a list is selected in the previous parameter See explanation of Accounting Detailed Incoming IP Accounting Routing of Broadcast Activating this parameter causes the router to route broadcast messages from the Messages LAN to the WAN and vice versa An individual interface can be excluded by setting this parameter to nactive without affecting the broadcast of messages on the other interfaces Chapter 7 Network Protocols 50 Cyclades PR1000 The Transparent Bridge Protocol The Transparent Bridge Protocol can be used in conjunction with either IP or IPX A detailed explanation of its use appears in section 4 6 of the CyROS Reference Guide Transparent Bridge Menu BRIDGE CONFIG gt INTERFACE gt SWAN gt NETWORK PROTOCOL gt TRANSPARENT Parameter Description Status Activates the Transparent Bridge on this interface Port Priority For the Spanning Tree Algorithm a priority is given to each link in the router and to each router in the network See CONFIG gt TRANSPARENT BRIDGE gt SPANNING TREE in the CyROS Reference Guide for more information Incoming Rule List Name Transparent Bridge rule list name for inc
26. send e mail out two more rules would be needed If all the router needs to do is receive e mail the configuration is done If not other holes must be created in the deny ball The configuration for Let e mail in is shown in the following figure obtained by selecting CONFIG gt RULES LIST gt IP gt L in the menus Chapter 12 Filters and Rules 90 Cyclades PR1000 Rules Lists Rule List Name Rule Default List Linked Status Scope Type Rule List exterior_in Enabled Deny Filter exterior out Enabled Deny Filter FILTER LIST NAME exterior in PROT OP Source IP Address OP SRC PORT CNX ACC LOG SC STA Destination IP Address DST PORT 0 TOP Y N AP EN 192 168 0 3 255 255 255 255 SMTP FILTER LIST NAME exterior out PROT OP Source IP Address OP SRC PORT CNX ACC LOG SC STA Destination IP Address DST PORT 0 PCRS 1924 16520453 20 DIAO SMTP Y N P EN FIGURE 12 4 OUTPUT FOR IP FILTERING EXAMPLE Chapter 12 Filters and Rules 91 Cyclades PR1000 Interior Router If an interior router exists in the network the administrator may decide to use a Default Scope of Permit In this case all undesired traffic must be excluded by a rule in the rule list In Figure 12 5 a conceptual equivalent of the interface is shown All packets except those which fall into the holes in the ball will be allowed entry in to or out of the network Worty OF Stop Forg
27. 0355 E mail support cyclades com Outside North America please contact us through e mail or contact your local Cyclades distributor or representative Chapter 1 How to Use This Manual 10 Cyclades PR1000 The mailing address and general phone numbers for Cyclades Corporation are Cyclades Corporation Phone 01 510 770 9727 Fax 01 510 770 0355 41829 Albrae Street Fremont CA 94538 USA Chapter 1 How to Use This Manual 11 Cyclades PR1000 CHAPTER 2 WHAT IS IN THE BOX The Cyclades PR1000 comes in two varieties described below Both models are accompanied by the following accessories e Quick Installation Manual e Documentation CD containing the complete Installation Manual and the CyROS Reference Guide e Console Cable and Power Source e Mounting Kit containing Velcro Strips and screws The Documentation CD also contains a back up copy of the op Code in case the preinstalled copy is corrupted in some way Chapter 2 What is in the Box 12 Cyclades PR1000 The V 35 RS 232 Model Back Panel of PR1000 5 O A To COM Port of Computer Straight Through To Wall Outlet E RS 232 Modem V 35 DSU CSU with DB 25 with M 34 Interface Interface FIGURE 2 1 V 35 RS 232 MODEL Figure 2 1 shows which cables purchased separately should be used for each type of modem and how everything should be connected The pinout diagrams of these cables are provided in Appendix B of the Installa
28. 1000 1 Traffic Shaping the division of bandwidth is strictly adhered to 2 Bandwidth Reservation the division with the larger priority can steal bandwidth from the others An example showing the first two types is given in figure 12 6 Network of aie alll 50 or more of total bandwidth lt gt wo 25 or less of total bandwidth S 25 or less of total bandwidth Client C Client B FIGURE 12 6 TRAFFIC RULE EXAMPLE 1 The third determines which services have priority flowing through the router 3 Service Prioritization Chapter 12 Filters and Rules 94 Cyclades PR1000 An Internet provider has three clients connected to the same router Client A is larger and without traffic control would overwhelm the router to the exclusion of Clients B and C The administrator decides to divide the flow out of the router to the Internet into three portions 50 guaranteed for Client A and the rest divided equally between Clients B and C Since he does not want to limit Client A needlessly the bandwidth Client A uses can be increased on demand if the total bandwidth is not being used up by the other two clients This is Bandwidth Reservation The two clients with 25 bandwidth each are given lesser but equal priorities They can not share bandwidth or steal it from Client A However each has the right to 25 of the total bandwidth on link 3 if itis needed This is Traffic Shaping Note that this rule list is applied to lin
29. 117 Cyclades PR1000 The DB 25 to M 34 Adapter Female Retention ee Screw Male Retention Screw Female Retention Screw DB 25 Female Signal TxClk_DCE V 35 A RxClk V 35 A RxClk V 35 B Pin 1 4 5 6 T 8 11 12 13 14 16 18 19 20 21 23 25 I 3 x lt cCrs lt FaAvH Tm HMVON gt M 34 Male Signal B RxD A TxClk_DTE B TxClk_DTE A TxClk_DCE B DTR TxClk_DCE A RxClk A RxClk B FIGURE B 6 DB 25 TO M 34 ADAPTER DB 25 FEMALE TO M 34 MALE Appendix B Hardware Specifications 118 Cyclades PR1000 The X 21 Modem Cable Cyclades PR1000 X 21 Equipament DB25 DB15 Pin Signal Signal Pin 1 CGND lt gt CGND 1 2 CLK lt gt CLK 6 4 IND lt gt IND 5 6 RxD lt gt RxD 4 7 GND lt gt GND 8 9 CTL lt gt CTL 3 11 TxD lt gt TxD 2 15 CLK gt CLK 13 17 IND lt gt IND 12 19 RxD lt gt RxD 11 22 CTL lt gt CTL 10 24 TxD gt TxD 9 FIGURE B 6 X 21 MODEM CABLE DB 25 MALE TO DB 15 MALE Appendix B Hardware Specifications Cyclades PR1000 The Loop Back Connector The pin out diagram for this connector is provided for reference This connector would only be used for testing the WAN interface LU LUUUU UL FIGURE B 8 LOOP BACK CONNECTOR DB 25 MALE Appendix B Hardware Specifications 120 Cyclades PR1000 APPEN
30. CLADES VIRTUAL PRIVATE NETWORK UTILITY Chapter 14 Virtual Private Network Configuration 104 Cyclades PR1000 An example showing a local security network and two remote security networks is shown in Figure 14 2 The PR1000 in the local security network will be configured step by step Which network is considered local and which network is considered remote depends on the router being configured STEP ONE The Virtual Private Network Utility must be Enabled in the ADMIN gt ENABLE FEATURES gt VPN menu before it can be used Navigate to this menu and enter the password supplied by Cyclades to activate VPN STEP TWO Link 1 of the PR1000 RSG3 should be fully configured and operational before beginning the VPN configuration Each router has an IP address with optional secondary IP addresses for each numbered interface In addition each router has a Router IP Address which is one of the interface IP addresses This router IP address is used whenever a single IP address is needed to identify the router It is critical that each router being used as a remote security gateway have this parameter defined It is NOT defined automatically Navigate to CONFIG gt IP gt ROUTER IP and confirm that this parameter has been defined and is set to the value desired An address that can be routed on the internet is generally used Important The Router IP Addresses for the other Remote Security Gateways RSG1 and RSG2 in the example must also be kno
31. CONFIG gt RULES Accounting LIST gt IP gt CONFIGURE RULES gt ADD RULE gt ALLOW ACCOUNT PROCESS also be Yes Outgoing Rule _ Filter rule list for outgoing packets See chapter 12 for instructions on how this parameter List Name should be set Detailed Applies when a list is selected in the previous parameter See explanation of Detailed Outgoing IP Incoming IP Accounting Accounting Routing of Activating this parameter causes the router to route broadcast messages from the LAN to Broadcast the WAN and vice versa An individual interface can be excluded by setting this parameter Messages to Inactive without affecting the broadcast of messages on the other interfaces Proxy ARP Causes the router to answer ARP requests with its own MAC address for IP addresses reachable on another interface Chapter 5 Configuration of the Ethernet Interface 42 Cyclades PR1000 IP Bridge An IP Bridge is used to divide a network without subnetting Whenever a subnetwork is created two IP numbers are lost one describing the network and the other reserved for broadcast This does not occur with an IP Bridge 200 240 240 9 200 240 240 3 200 240 240 2 itp 200 240 240 1 A ES NW PR1000 200 240 240 4 FIGURE 5 1 IP BRIDGE EXAMPLE Chapter 5 Configuration of the Ethernet Interface 43 Cyclades PR1000 In Figure 5 1 an example of the use of an IP Bridge is given From the available IP addresses th
32. Cyclades PR1000 Installation Manual Access Router Cyclades Corporation Cyclades PR1000 Installation Manual Version 1 2 May 2002 Copyright C Cyclades Corporation 1998 2002 We believe the information in this manual is accurate and reliable However we assume no responsibility financial or otherwise for any consequences of the use of this product or Installation Manual This manual is published by Cyclades Corporation which reserves the right to make improvements or changes in the products described in this manual as well as to revise this publication at any time and without notice to any person of such revision or change The menu options described in this manual correspond to version 1 9 4 of the CyROS operating system This manual is printed horizontally in order to match the electronic PDF format of the Installation Manual page per page All brand and product names mentioned in this publication are trademarks or registered trademarks of their respective holders FCC Warning Statement The Cyclades PR1000 has been tested and found to comply with the limits for Class A digital devices pursuant to Part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the Installation Manual may cause har
33. DIX C CONFIGURATION WITHOUT A CONSOLE When a terminal or PC is not available for use as a console the router has a special feature that allows configuration of the Ethernet interface from any PC on the LAN The router adopts the destination IP address of the first non UDP packet received from the LAN and accepts the connection After configuration of the Ethernet interface with or without a console the remaining configuration can be done via telnet hardware and software diagnostic messages given on the console screen If a console is not available follow the instructions in this appendix to configure the Ethernet interface It is recommended that a console be used for the initial configuration of the router due to the Requirements The router must be set to the factory default If the router is being moved from one location to another the configuration should be reset using the menu option ADMIN gt LOAD CONFIGURATION gt FACTORY DEFAULTS before the router is moved Procedure 1 Edit the ARP table of the PC in the LAN and associate the MAC address of the router affixed to the underside of the router to the IP address for the interface In Unix and Microsoft Windows systems the command to manipulate the ARP table is something similar to arp s lt IP address gt lt MAC address gt In Unix type man arp for help In Microsoft Windows type arp for information about this command 2 Telnet to the IP addres
34. EEEE E E 49 The Transparent Bridge PIOtOCOl sssssssssssererrrrrrrrrssssrsnnnrrerrrrrsrersrrrrrnnr rar rrr snar ran ARR R RR KKR KKR ARR R RAR RR RR RR RR KKR KRKA ARR Rana 51 CHAPTER 8 DATA LINK PROTOCOLS ENCAPSULATION yslerssserssnrrsssssesanerrrrsnsrsnnnnrnrrrrrsnrrrnnnnrr rr rr rr nn n rna anna 52 PPP The Polnt to P OINt PrOTOCON tats MAKER Rn s a ad E EEEE 52 ADEG Yre ge ANAR STEN NNE RAINER rr RA AN NN SR RR ANNANS 54 FEI eA TEA SAY cea ae tee EEEE EEEE AEREE EEEE E Ne N EE SANN RNE 54 7 One chaseassessadaaagaacsnasnnnnmnnnanpeaassesd et s5 S666 Tr ETERN E 60 X 25 with PAD Packet Assembler DisaSSembler sseesseeeeeeeeseeeeceeceeeeeeeeeeeeeeeeeeeeeeeeeeeseeeeeeeeeneneness 62 GRAPTER 9 ROUTINGHPROTOGOEL S aecctciceerevintiis te norcconppreccinescnnannavencnaacessnaanaaaaataduceeeeeeeceeeaeeessaacesivaeuiiddes 63 FROUMIMG UAL GOS inn ce casas acces ccs tee tee ce NN ssd EEE tal dre 63 Statie ROUINO coraraccentapseenenenasaaaan zag nas dutta aa ea icra elated ADA AAA i i eE 63 Dynami ROUN e 88440 iia hepa ae SR NA MANA ee oA E E 63 Stale ROUTE Saien EE EERE ELLE REEE rrr rr re rr arent nner ertrreRen SRS reser ttnntertr nt rrrrtrrr snore rent Tanna ny 63 RIP GOMMOULATIOMN a eeen ce oat eeesgannnesgssccSeennst ee SANN SNRA ARRANGERA 67 De sce ce Locher AAEE EEEE 68 OSPF Configuration on the Interface mossssssssessrrrrrrrrrrrrrrrrssrnrrrrrrrrrr rss ena yc R RR RR KAR R RR RRD RR Kr annan 70 Table of Contents Cyc
35. ELCRO STRIPS Chapter 2 What is in the Box 15 Cyclades PR1000 Next place the PR1000 on the horizontal surface aligning the fuzzy and prickly Velcros as shown in Figure 2 4 Cyclades PR1000 Horizontal Surface Where the PR1000 Will be Secured FIGURE 2 4 HOW TO ATTACH THE PR1000 TO A HORIZONTAL SURFACE Vertical Surfaces There are two slots in the base of the PR1000 to allow it to be affixed to a vertical surface Screws and nylon fixings for cement walls are provided for this purpose Make holes 184 8mm 7 27 in apart on the vertical surface If using a drill a 5mm bit should be used Four millimeters or a little more than 1 8 in of the screw should be exposed not counting the head Chapter 2 What is in the Box 16 Cyclades PR1000 IO gt po 2 Two 5mm Screws with Nylon Fixings Cyclades PR1000 lt Screw Slot 184 8 mm or 7 27 in gt Vertical Surface Where the PR1000 Will be Secured FIGURE 2 5 POSITIONING OF SCREWS Chapter 2 What is in the Box 17 Cyclades PR1000 Place the center of the screw slots over the screws and slide the router down so the screws hold the router in place as shown in Figure 2 6 Cyclades PR1000 Vertical Surface Where the PR1000 Will be Secured FIGURE 2 6 HOW TO ATTACH THE PR1000 TOA VERTICAL SURFACE Note that the PR1000 can be hung with the LEDs facing up or facing d
36. ETSY oe ei AAA ane ener ror nrnnnrrre 101 Configuring the Ethernet Interface osmsssssssrrsssrssssrraserrerrrrrsrrrrn resans annes rr rr rr an kr RAR R KR RKA ARR R RAR RR RR RAR RK KRK KKR RR RAR ARR Rn na 101 COntigUuring Other Interface Ssss e E EE T eaaa inne Mann N N ANS SNN OO NAR 101 PPP Eee E EREE EE E EEEE E EEE ES 101 Hame Peay a nnn aa aaa E a E raia 102 D EIEE LEET EAA A aaa aaa aaNet TKR 102 ROUNO erana E E oe er aA A eaat 102 The SAP Service Advertisement Protocol Table cccccccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeseseeeeeeeeeeneas 103 Table of Contents Cyclades PR1000 CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATION cccceeeeeeeeeeeeseeeneeeeeeeeseseneeeeeeseees 104 APFENDIX A THOUBLE SHOOTING ee d tid E EEEE S NK redd Nr E EEEE rg RO ARR 109 What to Do if the Login Screen Does Not Appear When Using a Console musesmseersrerrrrrrsssrrssnnrrerrrrrnnrr annan 109 What to Do if the Router Does Not Work or Stops Working ssterssssssssssererrrrssssssssrrsnnnrnnrnrrrrrnrrrnn nr rar nr nr nr rr annan 110 Testing the Ethernet Interface unsmmnsserssssrsssssassererrrrrsssrranrrsnnnrrrrrrr rr rerna ann rar RKA SARK RAR RR ARR KRK RR RK ARR R RR RR RR KKR KKR RR KRA 111 Testing the WAN TC MACEs siete ii2215355hhhi st ceeteecenereennnereveeent te aeceeereseeeereecaeasanaaaeabbbhoebbtesbaas saab emnrrrrrrrrnn ur 112 APPENDIX B HARDWARE SPECIFICATIONS sidsecccceccccccccnecccatad aii iii iii i ilnReaana
37. LCI menu A DLCI entry must be created for every remote Frame Relay network to be contacted In the example only one is shown Menu CONFIG sINTERFACE gt SWAN gt ENCAPSULATION gt FRAME RELAY gt lt ESC gt gt ADD DLCI Parameter Example Your Application DLCI Number Sixteen This number is supplied by the Public Frame Relay network provider Frame Relay Address Map Static which maps one IP address to this DLCI IP Address 200 240 230 1 CIR 90 percent 100 minus this number is the percentage of total bandwidth that may be discarded if the network is congested Enable Predictor Yes if Cyclades routers are used on both Compression ends of the link and Predictor Compression is enabled on both routers This feature is effective only for links running at speeds under 2 Mbps Number of Bits for Sixteen when both routers are of the PR Compression line Ten must be used if the other router is a PathRouter FIGURE 4 16 DLC CONFIGURATION MENU PARAMETERS Chapter 4 Step by Step Instructions 38 Cyclades PR1000 STEP FIVE Now that the central office s LAN has been defined a route must be added to tell the router that the remote site s LAN is at the other end of the line Creating a static route is the simplest way to do this Chapter 9 of the Installation Manual explains static routes and other routing methods available in CyROS Fill in the spaces in Figure 4 17 with the values for your applicati
38. Manual Menu CONFIG sINTERFACE gt ETHERNET gt NETWORK PROTOCOL sIP Parameter Example Your Application Active or Inactive Active enables IP communication IPX and Transparent Bridge are not used in this example Interface Numbered Numbered Unnumbered Primary IP Address 192 168 0 1 Subnet Mask 255 255 255 0 Secondary IP 0 0 0 0 for none Address IP MTU Use the preset value 1500 This determines whether or not a given IP datagram is fragmented this table continued FIGURE 4 2 ETHERNET NETWORK PROTOCOL MENU PARAMETERS Chapter 4 Step by Step Instructions 25 Cyclades PR1000 Parameter Example Your Application IP fragmentation Yes Ignore Bit DF NAT Local ICMP Port Inactive Incoming Rule List None filters are not included in this example Outgoing Rule List None filters are not included in this Name example Proxy ARP Inactive IP Bridge Inactive FIGURE 4 2 ETHERNET NETWORK PROTOCOL MENU PARAMETERS CONTINUED STEP TWO No more parameters are necessary for the Ethernet interface The other interface to be configured is the SWAN The SWAN physical media parameters are shown in Figure 4 3 Fill in the values for your application The SWAN configuration is described in more detail in chapter 6 of the Installation Manual Menu CONFIG gt INTERFACE gt SWAN gt PHYSICAL Parameter Example Your Application Mo
39. PPP on this interface MLPPP is described in the CyROS Reference Guide for each interface that supports it Connection Type Applies for MLPPP Yes Type of line used on this link Identification for This Bundle Applies for MLPPP Yes and Dial out or Leased An integer value Total Number of lines for Applies for MLPPP Yes Maximum number of links allowed in the bundle This Bundle PPP Inactivity Timeout Applies to asynchronous connections only The connection is closed when data does not pass through the line for this period of time Enable Van Jacobson IP Allows the link to receive compressed packets This type of compression is Header Compression useful for low speed links and or small packets It is not recommended for fast links as it requires CPU time Transmit Compressed Applies when Enable Van Jacobson IP Header Compression is Yes This Packets parameter causes the link to send compressed packets Chapter 8 Data Link Protocols Encapsulation 52 Cyclades PR1000 PPP Menu Continued Parameter Description Disable LCP Echo LCP Link Control Protocol messages are normally exchanged to monitor the status Requests of the link Disabling these messages reduces traffic but the link then has no way of knowing if the other end is still connected Time Interval to Send Config Requests Config Request messages are used to negotiate the parameters at the start of a PPP connection For a slow line this time should be
40. TEP THREE After completing the OSPF interface configuration for all interfaces even those that will not use OSPF navigate to the OSPF Menu CONFIG gt IP gt OSPF Enter into the OSPF Global Commands menu and set the parameters as indicated in the table below OSPF Global Commands Menu CONFIG gt IP gt OSPF gt GLOBAL Parameter Description OSPF Protocol Enables OSPF on all interfaces Router ID Assigns a unique ID to the router for use by the OSPF protocol It must be one of the router s IP addresses AS Boundary Router An Autonomous System Boundary Router ASBR can convert external routes into OSPF routes Which external routes is determined through the following parameters In the figure only Router 5 is an ASBR The following parameters apply only to Autonomous System Boundary Routers Originate Default Gateway Advertisement Router will advertise itself as the Default Gateway DG Default Gateway External Metric Applies when Originate Default Gateway Advertisement is set to Yes Defines the metric that will be advertised by OSPF Default Gateway External Metric Type Applies when Originate Default Gateway Advertisement is set to Yes For Type 1 the total metric of this route is composed of the internal metric inside the autonomous system and the external metric provided in the previous parameter For Type 2 the total metric of this route is the value provided in the previous paramet
41. acknowledgement must be received This number may be negotiated if the Window Size Facility is utilized see last parameter in this table Layer 2 Window Size The layer 2 frame level window represents the number of sequentially numbered frames that can be sent before an acknowledgement must be received The frame numbers are independent of the packet numbers Packet Size The packet size to be sent across the interface This number may be negotiated if the Packet Size Facility is utilized see last parameter in this table Number of Retries N2 Number of times an information frame can be resent without response before the link is considered down TL Time the frame level waits for an acknowledgement for a given frame before re sending it T2 Time that can elapse after receiving a frame until the router must send an acknowledgement T21 Call Request response Timer After this time has elapsed the DTE sends a Clear message T23 Clear Request response Timer After this time has elapsed the DTE retransmits the Clear message Negotiable Facilities Initiates facility negotiation during virtual circuit creation Send Facility Determines which facilities are negotiated during virtual circuit creation Packet size is part of the flow control parameters negotiation Throughput is part of the throughput class negotiation and N3 Window Level 3 Window Size above is part of the flow control p
42. all changes effective immediately but nothing is saved permanently until explicitly saved to flash which can be done with the option ADMIN gt WRITE CONFIGURATION gt TO FLASH The menus and parameter lists are represented in this manual by tables The first column contains the menu item or the parameter and the second column contains its description This menu interface is also available via Telnet if one of the interfaces has been connected and configured The menu interface is the same as that described earlier in this section Using Telnet instead of a console for the initial Ethernet configuration is discussed in Appendix C of the Installation Manual Chapter 3 Using CyROS Menus 21 Cyclades PR1000 The CyROS Management Utility After one of the interfaces has been connected and configured there is another way to interact with CyROS Type the IP address in the location field in an HTML browser of a PC connected locally or remotely through the configured interface A super user ID and password will be requested these are the same ID and password used with the line terminal interface A clickable image of the router back panel will apear as shown in Figure 3 2 4 Cyclades PR1000 Main Page Netscape File Edit View Go Communicator Help z I AI a a s A I F Back Forward Reload Home Search Netscape Print Security Shop Stop af Bookmarks A Locatonfmp 2024693102prenynm OOOO TETA Cyros Management Utility Fir
43. alue as for Destination IP Address in the previous table Metric 1 Is This a Backup Route No OSPF Advertises This No Static Route FIGURE 4 8 STATIC ROUTE MENU PARAMETERS FOR GATEWAY ROUTE STEP SEVEN NAT must now be activated There are two varieties of NAT Normal and Expanded This example uses the Normal NAT Mode The other mode is explained in the chapter on NAT in the Installation Manual Menu CONFIG gt SECURITY gt NAT gt GENERAL Parameter Example Your Application Nat Status Enabled Nat Mode Normal Disable Port Translation No FIGURE 4 9 NAT GENERAL PARAMETERS STEP EIGHT NAT parameters will now be determined for routing outside of the local LAN Network Address Translation maps the local IP addresses registered in the local address range menu below to the one global IP address assigned by the access provider Local IP addresses not indicated in this menu will be discarded Chapter 4 Step by Step Instructions 31 Cyclades PR1000 Menu CONFIG gt SECURITY gt NAT gt LOCAL ADDRESS gt ADD RANGE Parameter Example Your Application First IP Address 192 168 0 10 Last IP Address 192 168 0 30 FIGURE 4 10 NAT LOCAL ADDRESS RANGE MENU PARAMETERS The factory preset values for all other NAT parameters are appropriate for this example STEP NINE Now that the parameters have been defined enter into each menu described above in the ord
44. apter 6 Configuration of the SWAN Interface 45 Cyclades PR1000 STEP TWO The second step is to choose a data link protocol in the Encapsulation menu There are many encapsulation options on this interface For synchronous communication Frame Relay the Frame Relay Protocol is based on frame switching and constructs a permanent virtual circuit PVC between two or more points e X 25 The X 25 Protocol is generally used to connect to a public network The router can act either as a DTE or a DCE e HDLC A proprietary alternative to PPP For synchronous or asynchronous communication PPP The PPP Point to Point protocol is used for leased dial up and ISDN lines Multilink PPP is also provided Information on how to determine the values of the parameters for each data link protocol is provided in chapter 8 STEP THREE The third step is to set the Network Protocol parameters Information for this step is provided in chapter 7 Chapter 6 Configuration of the SWAN Interface 46 Cyclades PR1000 STEP FOUR If PPP Encapsulation is being used a type of authentication should be chosen This is done in the authentication menu Authentication Menu CONFIG gt INTERFACE gt SWAN gt AUTHENTICATION Parameter Description Authentication Type Local uses the list of users defined in CONFIG gt SECURIT Y gt USERS gt ADD Server uses either Radius or Tacacs to authenticate the user Remote is when this interface is
45. arameters negotiation Chapter 8 Data Link Protocols Encapsulation 61 Cyclades PR1000 STEP TWO The next step is to create a static routing table associating each remote X 121 address with an IP address or a TCP Socket location This is done in the Add DTE menu which appears at the end of the X 25 parameter list It can be reached by passing through all X 25 parameters or by using the lt ESC gt key at any point in the parameter list X 25 Add DTE Menu CONFIG gt INTERFACE gt lt LINK gt gt ENCAPSULATION gt X 25 gt lt ESC gt gt Add DTE Parameter Description Type of Logical Address IP Address or TCP Socket Users that intend to use the TCP Socket option should see the CyROS Reference Guide IP Address Applies for IP Address Type IP Address of remote DTE device X 121 DTE Address Address of remote DTE device VC Number Number assigned to this circuit if itis a PVC For SVCs the value should be zero Enable Predictor Applies for IP Address Type Enables data compression using the Predictor Compression algorithm This feature should be enabled only if Cyclades equipment is being used on both ends of the connection because there is no established standard for data compression interoperability Data compression is very CPU intensive making this feature effective only for links running at speeds under 1Mbps At higher speeds the time necessary to compress data offsets the gains in throughput achieved
46. assing through it IPX is not discussed in the other chapters of this manual to avoid confusion for those who are using IP Server Named Colombo Novell Network Management Station Mac Address 00 60 2E 00 11 11 IPX Network Internal Network Number 00000003 Number OOAOBO00 oS Static Route Internal Network gt Number 00000001 IPXWAN Network Number OOBOCO00 a Windows Network with Internal Network Network Number 00010001 Number 00000002 Mac Address 00 60 2E 00 11 00 FIGURE 13 1 IPX NETWORK EXAMPLE Chapter 13 IPX 100 Cyclades PR1000 Enabling IPX The first step is to activate the IPX feature in the router This is accomplished using the menu option ADMIN gt ENABLE FEATURES gt IPX The IPX protocol must also be activated in the menu CONFIG gt IPX gt GENERAL In this menu the nternal Network Number the unique number assigned to the router and the Maximum Number of Hops must be defined The maximum number of hops defines how many routers can be on the path from this router to the destination of any packet sent through this interface Configuring the Ethernet Interface The example in Figure 13 1 will be used to explain the remaining parameters that must be configured The Ethernet interface for the PR2000 is examined first In the menu CONFIG gt INTERFACE gt ETHERNET gt ENCAPSULATION the Ethernet interface must be activated The MAC address should be correct as it is pres
47. at are stable links do not go down often OSPF is more complicated to configure requires much more CPU and is not necessarily available in all equipment in a network A mixture of RIP OSPF and static routes is often used Static Routes Routers used in very small or simple networks may use static routes as the primary routing method When RIP or OSPF are used some static routes may still be needed Configuration of static routes will be explained using two examples Chapter 9 Routing Protocols 63 Cyclades PR1000 Network 2 142 10 0 0 Mask 255 255 0 0 192 168 100 0 Mask 255 255 255 0 D 192 168 100 3 192 168 100 2 Network 3 Network 1 FIGURE 9 1 STATIC ROUTING EXAMPLE 1 In the first example three networks are connected by 2 routers The routing table for router 1 will automatically include servers A B C and D as they are direct links A static route must be created for access to Network 3 This type of route a Gateway route tells the router that any message not intended for hosts A B C or D should be sent to Router 2 Details are given in the parameter table that follows Chapter 9 Routing Protocols 64 Cyclades PR1000 Router 2 Unnumbered r TSL 192 168 100 1 Interfaces Network 3 A Network 1 FIGURE 9 2 STATIC ROUTING EXAMPLE 2 Figure 9 2 shows another static routing example to explain the Gateway or nterface parameter Between the two routers is a point to poin
48. by ITU T and None used for a dedicated FR connection without a network T391 Interval between the LMI Status Enquiry messages N391 Full Status Polling Counter Full Status Enquiry messages are sent every N391 th LMI Status Enquiry message N392 Error Threshold The network counts how many events occur within a given period and considers an interface inactive when the number of events exceeds a threshold N393 is the number of events to be considered and N392 the number of errors within this period If N392 of the last N393 events are errors the interface is deemed inactive A successful event is the receipt of a valid Status Enquiry message N393 Monitored Events Count See the description of N392 This value must be larger than N392 Bandwidth Enables traffic control per DLCI Traffic control options appear in the Add DLCI Menu Reservation Voice Over Enables the Voice over Frame Relay application This Link Chapter 8 Data Link Protocols Encapsulation 55 Cyclades PR1000 STEP TWO After configuring the general parameters each DLC must be defined An example will be used to demonstrate the procedure A public Frame Relay network connecting offices in Sao Paulo Rio de Janeiro Salvador and Recife is shown in Figure 11 1 Each router will have a routing table pairing destination network with router interface and gateway A Frame Relay Address Map is also created either statically or dynamically to associate each DLCI with th
49. by data compression Number of Bits for Applies when Predictor Compression Enabled Sixteen is fastest but 10 must be Compression used if the router on the other end is a Cyclades PathRouter for compatibility X 25 with PAD Packet Assembler Disassembler PAD acts as a protocol converter allowing a user to access the packet switched network via a serial terminal This asynchronous connection is then converted into synchronous communication with the router and the network beyond using the telnet application available in the router Please see the CyROS Reference Guide for information about this Encapsulation option Chapter 8 Data Link Protocols Encapsulation 62 Cyclades PR1000 CHAPTER 9 ROUTING PROTOCOLS Routing Strategies Routing can be done either statically or dynamically Static Routing Static routing is recommended when the network contains a small number of routers and other equipment When a system is simple and without redundant links static routing is the simplest option Even with some redundant links a multilink circuit can be created for semi dynamic routing behavior Multilink circuits are described in section 4 4 of the CyROS Reference Guide Dynamic Routing Dynamic routing is recommended when the network contains a large number or routers with redundant links between them RIP and OSPF are currently available in the Power Router line RIP is simpler to configure and is appropriate for systems th
50. c control in chapter 12 Bandwidth Priority Level This is the equivalent of CONFIG gt RULES LIST gt IP gt CONFIGURE RULES gt ADD RULE gt BANDWIDTH PRIORITY LEVEL See the section on traffic control in chapter 12 Chapter 8 Data Link Protocols Encapsulation 58 Cyclades PR1000 To edit the DLCI table use the list command CONFIG gt INTERFACE gt lt LINK gt gt ENCAPSULATION gt FRAME RELAY gt L to discover the number CyROS has assigned to each table entry It will not be the same as the DLCI Switch DCE Switch DCE FIGURE 8 2 PUBLIC X 25 NETWORK EXAMPLE Chapter 8 Data Link Protocols Encapsulation 59 Cyclades PR1000 X 25 A Cyclades Router can act either as a DTE Data terminal Equipment connected to a public X 25 network or as a DTE or DCE Data circuit terminating Equipment as part of a private X 25 network The first case is discussed in this chapter The second case is described in the CyROS Reference Guide Both Permanent Virtual Circuits PVCs and Switched Virtual Circuits SVCs can be defined A PVC requires that two DTEs be permanently connected STEP ONE First the general X 25 protocol parameters are set in the X 25 Menu A detailed description of the X 25 parameters and their values for the example is provided in the table below X 25 Menu CONFIG gt INTERFACE gt lt LINK gt gt ENCAPSULATION gt X 25 Parameter Description X 121 Local DTE Address Addr
51. ction without them Parameters that apply only when OSPF on This Interface is Disabled Advertise This Non Causes the router to include this interface in its advertisements through other interfaces OSPF Interface as an external route External Metric Defines the metric that will be advertised by OSPF External Metric Type For Type 7 the total metric of this route is composed of the internal metric inside the autonomous system and the external metric provided in the previous parameter For Type 2 the total metric of this route is the value provided in the previous parameter Parameters that apply only when OSPF on This Interface is Enable or Enable Inactive Area ID Identifies the area to which the interface belongs Areas are created here then later defined in CONFIG gt IP gt OSPF gt AREA Has the format of an IP address but is not linked to any IP address in the system Small OSPF networks will typically have only one area the backbone area represented by 0 0 0 0 Router Priority Priority used by OSPF in multicast networks to elect the designated router A priority of 1 will make this router the most likely to be chosen A priority of 2 will make it second most likely Set it to O zero if this router should never be the designated router Transit Delay in Estimated transit time in seconds to route a packet through this interface Use the Seconds preset value 1 or increase the number for slow links
52. de Asynchronous Speed 38 4k FIGURE 4 3 SWAN PHYSICAL MENU PARAMETERS Chapter 4 Step by Step Instructions 26 Cyclades PR1000 STEP THREE The network protocol parameters shown in Figure 4 4 are similar to those for the Ethernet interface Fill in the parameters for your network in the right most column Menu CONFIG gt INTERFACE gt SWAN gt NETWORK PROTOCOL gt IP Parameter Example Your Application Active or Inactive Interface Unnumbered Numbered Active enables IP communication IPX and Transparent Bridge are not used in this Numbered example Primary IP Address 0 0 0 0 This number will be assigned by the Access Provider dynamically Subnet Mask 255 0 0 0 Secondary IP Address 0 0 0 0 for none IP MTU Use the preset value 1500 This determines whether or not a given IP datagram is fragmented NAT Global Assigned because the IP address of the SWAN interface will be assigned dynamically Enable Dynamic Local IP Address Yes because the IP address of the SWAN interface will be assigned dynamically Remote IP Address Type Any Remote IP Address 0 0 0 0 ICMP Port Inactive Incoming Rule List Name None filters are not included in this example Outgoing Rule List Name None filters are not included in this example Routing of Broadcast Messages Inactive FIGURE 4 4 SWAN NETWORK PROTOCOL IP
53. e RSG IP address for the network 10 255 255 0 is 9 9 9 1 and the RSG IP address for the network 192 168 0 0 is 20 20 20 1 STEP SEVEN The last step is to activate VPN and configure the VPN options Be aware that after activating VPN on the local network data sent to the remote network will not be forwarded until VPN is configured and activated on that network too The VPN Options Menu parameters should be set using the guidelines given below The options should be defined identically for all Remote Security Gateways in a VPN VPN Options Menu CONFIG gt SECURITY gt VPN gt OPTIONS Parameter Description Cyclades VPN Status Activates the Virtual Private Network Warning until VPN is activated on both ends of a given tunnel all traffic will halt Tunnel Keepalive Keepalive messages are sent across each tunnel with this frequency to make sure Timeout that the router on the other end of the connection is operating Tunnel Keepalive If a keepalive message reply is not received the router sends the request again this Retries number of times Tunnel Inactivity If no messages are passed for this time period keepalive messages not included the Timeout tunnel will be disconnected Time Interval for VPN This is the time between retries for either tunnel creation or kKeepalive requests that Retries are not acknowledged Chapter 14 Virtual Private Network Configuration 108 Cyclades PR1000 APPENDIX A
54. e Unnumbered Unnumbered interfaces can be used for point to point connections Assign IP From Interface Applies to Unnumbered interfaces Applies the IP address of another router interface to this one Primary IP Address Applies to Numbered interfaces Address assigned to this interface Subnet Mask Applies to Numbered interfaces Subnet mask of the network Secondary IP Address Applies to Numbered interfaces Indicates a second or third etc up to eight IP address that can be used to refer to this interface This parameter and the next are repeated until no value is entered Subnet Mask Applies to Numbered interfaces Subnet mask of Secondary IP Address Enable Dynamic Local IP Address The terminal connected through PAD assigns an IP address to the router for purposes of their connection Remote IP Address Type The computer connected through PAD or PPP sends its IP address in the negotiation package Fixed The IP address sent must match the number set in the next parameter Same Net The IP address sent must be an address in the network set in the next parameter Any The IP address can be any number that does not conflict with any local IP address None Any IP address is accepted This is not recommended Remote IP Address If Remote IP Address Type not None Used in conjunction with the previous parameter this table is continued Chapter 7 Network Protocols
55. e destination router IP For the router in Salvador the Frame Relay address map will look like this DLCI IP 11 200 1 1 1 21 200 1 1 4 81 200 1 1 3 Chapter 8 Data Link Protocols Encapsulation 56 Cyclades PR1000 Data link connections are defined in the Add DLC menu which appears at the end of the Frame Relay parameter list It can be reached by passing through all parameters or by using the lt ESC gt key at any point in the parameter list Sao Paulo Rio de Janeiro Network 192 168 200 0 Network 192 168 201 0 Router Router 200 1 1 4 200 1 1 2 200 1 1 3 Router Router Salvador Recife Network 192 168 203 0 Network 192 168 202 0 FIGURE 8 1 PERMANENT VIRTUAL CIRCUITS BETWEEN OFFICES Chapter 8 Data Link Protocols Encapsulation 57 Cyclades PR1000 Add DLCI Menu CONFIG gt INTERFACE gt lt LINK gt gt ENCAPS gt FRAME RELAY gt lt ESC gt gt ADD DLCI Parameter Description DLCI Number Used to identify the DLC This number is supplied by the Public Frame Relay network provider The DLCls are stored in a table which can be seen with the L command Frame Relay Determines the method used for mapping the remote IP address to the Permanent Address Map Virtual Circuit Static maps one IP address to this DLCI nverse ARP maps the IP address dynamically in a manner similar to the ARP table IP Address Applies whe
56. e range 200 240 240 4 to 200 240 240 8 is bridged to another physical location The following parameters apply only for IP Bridge Network Protocol Menu Continued IP Bridge Parameter Description IP Bridge Activates the IP Bridge functionality The following parameters apply only if IP Bridge is Active Initial IP Address to Indicates the start of the range of IP addresses to be transferred to another physical be Bridged location This and the next three parameters are repeated in case the bridge is to be broken up into various sections Up to 8 sections can be defined In the example this value is 200 240 240 4 Ending IP Address to Indicates the end of the range of IP addresses to be transferred to another physical be Bridged location In the example this value is 200 240 240 8 Broadcast Over the _ Allows propagation of broadcast IP packets over this bridge Link Bridge Over Link Indicates which link forms the other half of the bridge In the example link 1 is used Other Parameters Transparent Bridge is covered in chapter 7 and IPX is covered in chapter 13 The parameters defined in the Routing Protocol and Traffic Control Menus should be set after reading chapters 9 and 12 respectively Itis probably best to complete the basic configuration of all router interfaces then return to the routing protocol and traffic control menus after general routing and traffic control strategies have been defin
57. ed Chapter 5 Configuration of the Ethernet Interface 44 Cyclades PR1000 CHAPTER 6 THE SWAN INTERFACE This chapter describes how to configure a SWAN interface The physical link should be set up as shown in chapter 2 according to the type of modem or device at the other end of the connection and the type of SWAN port STEP ONE The first step in the SWAN interface configuration is to define its physical characteristics These parameters are presented in the Physical Menu Table Physical Menu CONFIG gt INTERFACE gt SWAN gt PHYSICAL Parameter Description Mode Asynchronous or Synchronous This parameter is determined by the mode of the device at the other end of the connection Clock Source Applies for Synchronous Mode Whether this interface provides clock for the device at the other end of the cable or vice versa When the interface is connected to a modem the Clock Source is always External Receive Clock Applies for Internal Clock Source When this interface provides clock it can either compare incoming messages with the clock it is generating nterna or with the clock it receives from the sender along with the message External External is recommended Speed Applies for Internal Clock Source Determines at which speed the data will be sent across the line Media for SWAN Type of cable RS 232 V 35 or X 21 Usually the type is cable is detected by the Cable router Ch
58. ed Packets PERMIT Don t Allow PE Access to News RMI r Stop Telnets From the Outside Except Bastion Host PERMIT FIGURE 12 5 PERMIT DEFAULT SCOPE Chapter 12 Filters and Rules 92 Cyclades PR1000 The configuration for Stop forged packets is shown in the following listing Rules Lists Rule List Name Rule Default Bist Linked Status Scope Type Rule List Slotl_in Enabled Permit Filter FILTER LIST NAME Slotl in PROT OP Source IP Address OP SRC PORT CNX ACC LOG SC STA Destination IP Address DST PORT O 192 168 0 0 239a 2900 ae x N gt D EN Slotl in rule 0 prohibits any incoming packets with source IP addresses of the internal network Since the addresses used for internal networks cannot be routed on the Internet they cannot be valid unless there is a leak of traffic through another router to the perimeter network Imagine that as shown in the figure the network is expanded and another range of IP addresses is used not a sub network Rule 0 inthe list Slot 1_in will not protect this network Either another rule can be added to this list or the new router can filter packets into its area or both Traffic Rule Lists There are three kinds of traffic rules that can be configured in CyROS The first two determine a division of bandwidth for traffic flowing out of the router Chapter 12 Filters and Rules 93 Cyclades PR
59. enu are explained in more detail below The preset values should be appropriate for most applications Timeout and Options Menu CONFIG gt SECURITY gt NAT gt TIMEOUT AND OPTIONS Parameter Description UDP Timeout Inactivity time required before a UDP translation is removed from the translation table An entry is created in the translation table the first time a UDP packet passes through the interface Five minutes is a reasonable time DNS Timeout Inactivity time required before a DNS translation is removed from the translation table TCP Timeout Inactivity time required before a TCP translation is removed from the translation table This time should be relatively long because under normal conditions TCP connections are formally disconnected with FIN No more data from sender or RST Reset Connection flags TCP Flags Timeout Inactivity time required after the receipt of a FIN RST or SYN Synchronize sequence numbers flag before a TCP translation is removed from the translation table This time can be relatively short because after the TCP connection has been closed there is no further need for its address translation STEP THREE The next step is to define the global address range to which the local addresses will be translated This is done in the menu CONFIG gt SECURITY gt NAT gt GLOBAL ADDRESSES gt ADD RANGE The First IP Address in the example in Figure 11 1 is 200 240 230 225 while the Last
60. er Advertise RIP Routes Routes learned through the RIP protocol will be converted to OSPF as external routes RIP External Metric Applies when Advertise RIP routes is set to Yes Defines the metric that will be advertised by OSPF this table continued Chapter 9 Routing Protocols 72 Cyclades PR1000 OSPF Global Commands Continued Parameter Description Transit Area ID ID of the OSPF Area sandwiched between this router and the backbone In the figure area 2 is the area used to link Router 8 with the Backbone This ID has the form of an IP address Neighbor s ID Router ID of router at end of virtual link In the example this will be Router 6 Virtual Link Status Activates the virtual link Parameters available only when Virtual Link Status is Active Transit Delay in Seconds Estimated transit time in seconds to route a packet from Router 8 to Router 6 Use the preset value 1 or increase the number for slow links Retransmit Interval in Seconds Time in seconds between link state advertisement retransmissions for adjacencies belonging to this interface Hello Interval in Time in seconds between the hello packets on this interface Seconds Dead interval in Inactivity time seconds before a neighbor router is considered down Seconds Password String of up to 8 characters used to authenticate OSPF packages The use of this
61. er presented read chapter 3 Using Menus if you have not done so already Set the parameters in each menu according to the values you wrote in the figures above Save the configuration to flash memory at each step when requested configurations saved in run memory are erased when the router is turned off If you saved part of the configuration to run memory for some reason save to flash memory now using the menu option ADMIN gt WRITE CONFIGURATION gt TO FLASH STEP TEN The Ethernet interface can be tested as described in the troubleshooting appendix The SWAN interface can be tested in a similar manner At this point you should create a backup of the configuration file in binary and print out a listing of the configuration Instructions for creating a backup of the configuration file Use the menu option ADMIN gt WRITE CONFIGURATION gt TO FTP SERVER Fill in the IP address of the computer where the configuration file should be saved the file name the directory name and the user account information This configuration file can later be downloaded with the ADMIN gt LOAD CONFIGURATION gt FTP SERVER option Instructions for listing the configuration The menu option INFO gt SHOW CONFIGURATION gt ALL will list to the terminal screen the configuration of the router This can be saved in a text file and or printed on a printer Chapter 4 Step by Step Instructions 32 Cyclades PR1000 Example 2 A LAN to LAN Example Usi
62. ernet pinout is provided in appendix B Note While Cyclades Power Routers work with most standard RJ 45 cable connectors shielded Ethernet cables should be used to avoid interference with other equipment The parameters in the encapsulation menu are preset at the factory and it is usually not necessary to change them The first step in the Ethernet configuration is to choose which network protocol to use and assign values to the relevant parameters Either IP Transparent Bridge or IPX optional must be activated In this chapter IP Bridges are also described Use the information provided below to set the parameters for the Ethernet interface The IP Network Protocol Some parameters are explained in detail in later chapters At this point the preset values provided by the operating system can be accepted and the interface will work at a basic level Network Protocol Menu CONFIG gt INTERFACE gt ETHERNET gt NETWORK PROTOCOL gt IP Parameter Description Active or Inactive Activates this interface Interface Unnumbered Unnumbered interfaces are used for point to point connections Assign IP From Applies to Unnumbered interfaces Applies the IP address of another router Interface interface to this one Primary IP Address Applies to Numbered interfaces Address assigned to this interface Subnet Mask Applies to Numbered interfaces Subnet mask of the network This table is continued Chapter
63. ese numbers are scarce Certain ranges of IP addresses are reserved for internal use only they may not have a direct connection to the Internet for reference they are 10 0 0 0 10 255 255 255 172 16 0 0 172 16 255 255 and 192 168 0 0 192 168 255 255 These are used as local IP addresses Figure 11 1 shows an example of the utility of NAT R Global Address Range ftp Networks Network 200 240 230 224 Server 192 168 0 0 amp s le Mask 255 255 255 240 lt I gt 192 168 0 30 200 200 200 0 Host 200 240 230 2 PR1000 With WWW Expanded NAT Server 192 168 0 31 192 168 0 5 Router Ethernet Port Primary IP Address 192 168 0 1 _ Secondary IP Address 200 200 200 1 FIGURE 11 1 NAT EXAMPLE In this example the company has 14 global IP addresses available for NAT 200 240 230 225 to 200 240 230 238 Two networks connected to the router via the Ethernet Interface one of which will be translated Chapter 11 NAT 80 Cyclades PR1000 e Two servers that are accessed via the same global IP address assigned statically There are two types of NAT available in CyROS Normal NAT and Expanded NAT This chapter describes Expanded NAT A description of Normal NAT appears in Chapter 4 of the CyROS Reference Guide implementation of NAT used in the Power Router line It has been maintained for backward compatibility Expanded NAT provides static translation not only from one IP address to another but
64. ess assigned to this interface provided by the public X 25 Network Provider Can be up to 15 digits Switch Mode Active Causes the Router to act as a switch Incoming Calls Received Applies when Switch Mode is Active Over the Other X 25 Links With Unknown Destination DTE Can be Forwarded Through This Link Suppress Calling Address _ Public X 25 Network This parameter must be chosen according to the guidelines given by the Public X 25 Network provider When activated the sender s Local DTE address is not included in the Call Request Message Inactivity Timeout Time until connection is automatically terminated by the router if there is no traffic Configure as DTE or DCE As mentioned above the router can act either as the recipient of information DTE or as the passer on of information DCE Public X 25 Network Both routers are DTEs Chapter 8 Data Link Protocols Encapsulation 60 Cyclades PR1000 X 25 Menu Continued Parameter Number of Virtual Circuits Description Indicates the maximum number of virtual circuits total of PVCs and SVCs allowed on this interface The maximum is 128 Number of Permanent Virtual Circuits Indicates the number of permanent virtual circuits that will be connected through this interface This maximum is also 128 Layer 3 Window Size The layer 3 packet level window represents the number of sequentially numbered packets that can be sent before an
65. et at the factory For IPX the Encapsulation parameter should be set according to the value used by the servers on the network In the menu CONFIG gt INTERFACE gt ETHERNET gt NETWORK PROTOCOL gt IPX the protocol should be activated and the LAN Network Number OOAOBOOO in the example set All other parameters are explained in chapter 5 Configuring Other Interfaces This stage depends on which board is occupying slot 1 and which encapsulation will be used Each encapsulation option will be discussed separately Read the chapter describing the configuration for the appropriate interface consulting this section for details on IPX specific parameters PPP The parameters for the PPP data link protocol are discussed in chapter 8 Only the parameters particular to the IPX protocol will be described here The are located in the CONFIG gt INTERFACE gt lt INTERFACE gt gt ENCAPSULATION gt PPP The first parameter is the IPXWAN Network Number shown in Figure 13 1 as 00B0C000 IPX Compression can be enabled and if so the Number of Compression Slots determined If enabled it must be used on both sides of the link both routers in Figure 13 1 in order for the link to work Chapter 13 IPX 101 Cyclades PR1000 The parameter Send SAP Update can be set to Demand Periodic or None This parameter affects both SAP and RIP Periodic causes the router to send these messages every minute while choosing Demand will cause the router to
66. from one IP address port pair to another IP address port pair What is the difference between Expanded and Normal Mode NAT The Normal Mode is a previous As a preview after configuring the router as shown in the example CONFIG gt SECURITY gt NAT gt L will display UDP DNS TCP TCE NAT 1 NAT il NAT Enabled NAT mode Expanded Port map translation Enabled Timeout min 5 Timeout min 1 Timeout min 1440 flags Timeout min 1 Global Addresses address range 200 240 230 225 to 200 240 230 238 Local Addresses address range 192 168 040 255 255 255 0 translated Chapter 11 NAT 81 Cyclades PR1000 NAT Static Translation Table Global address port ji 200 240 230 225 20 2 200 240 230 225 21 3 2005240 2307225 7 80 local address 1 92 16081030 T92 1080 30 T927 L68703 Port 20 21 80 SS Sar CP OS Protocol TPC TREG TPC Types of Address Translation In dynamic address translation a pool of global IP addresses is loosely related to a pool of local IP addresses Mapping of one onto the other is done dynamically whenever a computer on the local network requests a connection to the external network When the connection is broken the global IP address is returned to the pool Hosts connected via dynamic address translation must initiate all connections with the external network In static address translation one global IP address
67. g IP Accounting is used to count the total number of packets allowed or not to pass through an interface Statistics are given for packets that meet the criterions defined in a rule Traffic Rules are not supported To see all packets a special rule list permitting everything can be defined Rules are described in chapter 12 Two versions of the IP account table are available for viewing The result of INFO gt SHOW ACCOUNT TABLE gt SUMMARY is shown below for four filter rules IP Accounting Table Interface Direction Filter List Rule Bytes Packets Ethernet Outgoing generic 0 24876 3072 Ethernet Incoming generic 0 49254 3358 slot 3 Outgoing Swan3out RE 21362 3223 slot 3 Incoming Swan3in T5 32563 3131 Detailed information can be accessed via SNMP To use IP Accounting two parameters must be set When a rule is created the parameter CONFIG gt RULES LIST gt IP gt CONFIGURE RULES gt ADD RULE gt ALLOW ACCOUNT PROCESS must be Yes Additionally when applying a rule to an interface the parameter CONFIG gt INTERFACE gt ETHERNET gt NETWORK PROTOCOL gt IP gt DETAILED INCOMING OUTGOING IP ACCOUNTING must also be Enabled Chapter 10 CyROS the Operating System 79 Cyclades PR1000 CHAPTER 11 NAT NETWORK ADDRESS TRANSLATION NAT exists to convert local IP addresses into Internet global IP addresses Internet IP addresses are assigned by Internet providers Due to the explosion of the internet th
68. g consistently one second on one second off If this is not the case see figure A 2 for an interpretation of the blink pattern Event CPU LED Morse code Normal Operation S short short short FIGURE A 2 CPU LED CODE INTERPRETATION 4 Make sure any external modem DSU CSU or interface equipment is properly connected and that the interface configuration is correct Many cables for example have a DB 25 connector but are not interchangeable Which cable is used for which type of modem is given in chapter 2 Appendix A Troubleshooting 110 Cyclades PR1000 Testing the Ethernet Interface After configuring the Ethernet interface return to the main menu using the lt ESC gt key as many times as is necessary Save the configuration to flash memory the operating system will ask how to save the configuration on the way back to the main menu The simplest way to test the link is by using the ping application From the main menu choose APPLICATIONS gt PING Enter the IP number of a host on the network for the HOST parameter and accept the preset values for the rest of the parameters The output on the screen should appear as shown below Host host00 200 246 93 37 packet size number from 32 to 1600 32 count 0 if forever or 1 to 30000 5 interval in ms 20 to 60000 1000 PING 200 246 93 37 200 246 93 37 32 data bytes 32 bytes from 200 246 93 37 icmp_seg 1 ttl 127 time 1 96 ms 32 bytes from 200 246
69. ices made here will mostly affect the performance of the link rather than whether it works or not Fill in the parameters appropriate for your system consulting chapter 8 of the Installation Manual for more information if necessary Menu CONFIG gt INTERFACE gt SWAN gt ENCAPSULATION gt FRAME RELAY Parameter Example Your Application Encapsulation Type Choose RFC1490 unless the router at the other end of the connection uses the default Cisco standard SNAP IP Inactive for the example The router on the sending end must be using the same header type NLPID or SNAP as the router on the receiving end LMI ANSI for the example This must also be the same as the router on the receiving end T391 Ten seconds the interval between the LMI Status Enquiry messages N391 Six N392 Three N393 Four This value must be larger than N392 Bandwidth Reservation Inactive Traffic control will not be covered in this example FRF 12 Fragment Size Indicates the size of FRF 12 fragments Use default value Voice over this link Inactive FIGURE 4 15 FRAME RELAY ENCAPSULATION MENU PARAMETERS Chapter 4 Step by Step Instructions 37 Cyclades PR1000 At the end of the parameter list shown above the DLCI menu appears Choosing Add DLCI will lead to the parameters shown in Figure 4 16 The lt ESC gt key used at any time during the Frame Relay encapsulation parameter list will also bring up the D
70. is value as the default FIGURE 4 13 SWAN PHYSICAL MENU PARAMETERS Chapter 4 Step by Step Instructions 35 Cyclades PR1000 STEP THREE The network protocol parameters shown in Figure 4 14 are similar to those for the Ethernet interface Fill in the parameters for your network in the right most column Menu CONFIG sINTERFACE gt SWAN gt NETWORK PROTOCOL gt IP Parameter Example Your Application Active or Inactive Active enables IP communication IPX and Transparent Bridge are not used in this example Interface Unnumbered Numbered Numbered Primary IP Address 200 240 230 2 Subnet Mask 255 255 255 240 is the mask in the example Secondary IP Address 0 0 0 0 for none IP MTU Use the preset value 1500 This determines whether or not a given IP datagram is fragmented IP Fragmentation Ignore Yes Bit DF NAT Global because NAT is not being used in this example ICMP Port Inactive Incoming Rule List None filters are not included in this example Outgoing Rule List Name None filters are not included in this example Routing of Broadcast Inactive Messages FIGURE 4 14 SWAN NETWORK PROTOCOL IP MENU PARAMETERS Chapter 4 Step by Step Instructions 36 Cyclades PR1000 STEP FOUR The Encapsulation parameters for Frame Relay are less straight forward Many of them are based on decisions that cannot be shown in a diagram Fortunately the cho
71. k 3 and not separately on links 0 2 Steps for this configuration 1 Create a Traffic Rule list traffic 1 This is done in the CONFIG gt RULES LIST gt IP gt ADD RULE LIST menu with the Rule List Type set to Traffic 2 Create rules for each of the three source IP addresses This is done in the CONFIG gt RULES LIST gt IP gt ADD RULE menu The parameters for each rule are shown in Figure 12 7 Of the traffic parameters only the Reserved Bandwidth and Bandwidth Priority parameters are important in this example Flow Priority is not used 3 Enter into the configuration for link 3 and change the parameter CONFIG gt INTERFACE gt lt NTERFACE gt gt TRAFFIC CONTROL gt GENERAL gt IP TRAFFIC CONTROL LIST traffic 1 Note that the bandwidth used for the percentage calculation is that set in CONFIG gt INTERFACE gt lt NTERFACE gt gt TRAFFIC CONTROL gt GENERAL gt BANDWIDTH and not the actual bandwidth available in the link Chapter 12 Filters and Rules 95 Cyclades PR1000 Rules Lists Rule List Name Rule Default List Linked Status Scope Type Rule List traffic_l Enabled Traffic Filter list Name traffic_l Rule 0 Status Enabled Flow priority 0 Rule bandwidth 50 Bandwidth priority 1 Protocol O Source IP Operator Equal Source IP start Cee TLT IsO Source IP Mask 255 2552550 Destination IP None Operator Source Port Operator None Destination Port None Operator Chapter 12
72. lades PR1000 OSPF Global COMNQUIAIONS massan ssh d anses ss ss AMN E EATE AEAEE EREEREER EEEE ERRER 72 CHAPTER 10 CYROS THE OPERATING SYSTEM s sies kee ae E nr nns rr none 77 Creation of the host table lnsseesessrrsssssssserrerrrrsssressrrsnnnrr rr rer rr narr r annan r rr KAKA ARR R RR RR R KKR KKR KRKA ARR RR RR RR KKR KRK KRK KKR ARR RR RR RR Sn enn 77 Creation of user ACCOUNTS and passwordS ssssuessssesrerererrrrrsssrrannnrrrrrrrrrrrrrrrrrn nns arr rss rr RAR RAR R ARR RR KRK KRA ARR RAR EEan 77 IP Accounting se 5 8 aac cc SSE REAR ces Hide d dd dd dd AANAREE EEE 79 CHAPTER 11 NAT NETWORK ADDRESS TRANSLATION ltereesrsrssssssneersssssnenessssnenrsseenenrrersrrnrerrs eran rr rr nn ana 80 Types of Address Translation ssmnmeessssssrsssrrrrrrrssrrsannnrrrnrrrrrrrrr resan nn r rr nns rr ARR ARR RANKAR ARR R RR RR KRK RRD R KKR KRK RR RR KKR RR nn na 82 CHAPTER 2 RULES AND PIETERS e e orre roosen dekncosbenssesennnensnesncosnennsasaaaanawunmuanaanmuuauanannuugs anacoreceaeanacnens 86 Configuration of IP Filters sossssssssssssssrssserrerrrrsssresannnrnrnnrrrnrrr eter nn EERT TERRI RR RR KRKA ARR ARR RR ARR RR KKR KKR KRK RR RR RR RR RR RR eer 86 ratie Rule VE STS sieaa ena tes RANA NS ERA NAR ve neaiildlasninapaanneepicial llublehlcallubllihha ie ninlanaaadasosmrmn mr EE Ke 93 CHAPTER 13 IPX INTERNETWORK PACKET EXCHANGE ictcccscocscauuausiuaneauuwusrerreacsunsereusseeaserssiiaetduanuvns 100 Enabling ge rese me Cee ar arn ee Cory rr er ROCCE NCTE
73. ls are available in the CyROS Reference Guide STEP ONE The first step is to set the general Frame Relay parameters those applying to all DLCs This is done in the Frame Relay Menu The parameters are shown in the table below Most of these depend on the standards used by the Frame Relay Network Provider The Local Management Interface LMI Protocol provides services not available in simple Frame Relay It is used for controlling the connection between the user and the network It monitors this link maintains the list of DLCs and sends status messages about the PVCs A separate virtual circuit is created to pass this information DLCI 0 Frame Relay Menu CONFIG gt INTERFACE gt lt LINK gt gt ENCAPSULATION gt FRAME RELAY Chapter 8 Data Link Protocols Encapsulation 54 Cyclades PR1000 Parameter Description Encapsulation RFC1490 IETF is the standard used by most equipment The Cisco option should be used Type when the PR is communicating with a router configured to use the default Cisco standard SNAP IP Indicates that the Sub Network Access Protocol should be used The router on the sending end must be using the same header type NLPID or SNAP as the router on the receiving end See the CyROS Reference Guide for more information LMI Selects the Local Management Interface specification to be used ANSI Group of Four defined by the vendors that first implemented Frame Relay Q933a defined
74. made up of a backbone area and optionally of non backbone areas OSPF Areas are sub systems that have identical routing databases An area generally has no knowledge of the routing databases of other areas The Backbone connects areas and contains any routers not contained in another area An Area Border Router connects areas and contains a separate database for each area it is contained in An Autonomous System Boundary Router ASBR connects Autonomous Systems The other Autonomous System does not necessarily need to use OSPF STEP ONE If using OSPF for the first time sketch the network and determine which routers will make up the backbone and each area Determine if each router is an area border router or an autonomous system boundary router Chapter 9 Routing Protocols 69 Cyclades PR1000 OSPF Configuration on the Interface STEP TWO Contrary to most other protocols in CyROS OSPF must first be configured on each interface then configured in the CONFIG gt IP gt OSPF menu Enter into each interface and set the parameters listed in the table OSPF Menu CONFIG gt INTERFACE gt lt L INK gt gt ROUTING PROTOCOL gt OSPF Parameter Description OSPF on This Activates OSPF Enable Inactive is used to temporarily disable the OSPF protocol Interface without erasing the parameters set below This is useful when OSPF is first configured as the general parameters must be set afterwards in CONFIG gt IP gt OSPF and OSPF cannot fun
75. measured in number of routers between two IP addresses Both Examples 1 Is This a Backup Route Indicates that this route is used as a backup in a multilink circuit See section 4 4 for more information about multilink circuits OSPF Advertises This Static Route Static routes defined in the router can be advertised by OSPF Both this parameter and the parameter CONFIG gt IP gt OSPF gt GLOBAL gt ADVERTISE STATIC ROUTES must be set to Yes for the route to be advertised External Metric Applies when OSPF Aoavertises This Static Route is set to Yes Defines the metric that will be advertised by OSPF External Metric Type Applies when OSPF Advertises This Static Route is set to Yes For Type 7 the total metric of this route is composed of the internal metric inside the autonomous system and the external metric provided in the previous parameter For Type 2 the total metric of this route is the value provided in the previous parameter Chapter 9 Routing Protocols 66 Cyclades PR1000 RIP Configuration CyROS supports three basic types of RIP 1 RIP1 RFC 1058 2 RIP2 with broadcast compatible with RIP1 RFC 1723 3 RIP2 with multicast RFC 1723 The primary difference between RIP1 and RIP2 is that only RIP2 advertises subnet masks and next hops If the network contains equipment that understands only RIP1 packets then RIP1 or RIP2 with broadcast should be used See RFC 1723 item 3 3 f
76. mful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user is required to correct the problem at his or her own expense Canadian DOC Notice The Cyclades PR1000 does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications Le Cyclades PR1000 n met pas de bruits radio lectriques d passant les limites applicables aux appareils num riques de la classe A prescrites dans le r glement sur le brouillage radio lectrique edict par le Minist re des Communications du Canada Cyclades PR1000 Table of Contents CHAPTER 1 HOW TO USE THIS MANUAL 1 0 00 cccecesessecseeeesssseeseeeeessssenseeeesesssnsseeesssssesseeesecsseneuseessseseentes 7 Installation Assumptions essoseessrrrsssrrsssnererrrernrrrsnrrrannnrr rr rr rrrrr snaran RR aan St ARR R RR RAR RR ARK KRA KKR ARR RR RR RR RK RR KRK RR RR RR RR RK KR nn nen 8 TEXT G ONVE NU OS csi tae essa aa rea NS 8 G RS ssaaateattnnnnntatanennte E E E 9 Cyclades Technical Support and Contact Information ssnessssssssrsrrrrrsssrrsnrrsnnnnrnrrrrrrrrrran kanns r rr nns ARR RR RR ARR RR annen 10 CHAPTER 2 WHAT TIS IN THE BOX busos liarren e EEE E E 12 THE MI35 RS 232 Modelist r I E EErEE EEEE EEEE TOE EE OEE EE E E E eea aeaa aaide nahr 13 The 2r Yolo Bpaeamemeainws svc scat etn EEEE EATA EE EEEE EEEE
77. mware version Cyclades PR1000 CyROS V_1 9 5 Configuration Menu Interface Text Mode End HTTP session a Document Done SS Se ca FIGURE 3 2 CYROS MANAGEMENT UTILITY HOME PAGE Chapter 3 Using CyROS Menus 22 Cyclades PR1000 The link Configuration Menu Interface will present an HTML version of the CyROS Main Menu described previously Clicking on an interface will show its current status and some additional information Clicking on End HTTP Session will terminate the connection Chapter 3 Using CyROS Menus 23 Cyclades PR1000 CHAPTER 4 STEP BY STEP INSTRUCTIONS FOR COMMON APPLICATIONS This chapter provides detailed examples that can be used as models for similar applications Turn to the example that is closest to your application read the explanations and fill in the blank spaces with parameters appropriate to your system At the end of the section you should have listed all the parameters needed to configure the router At that point read chapter 3 if you have not already and configure your router with help from later chapters of the Installation Manual when needed Example 1 Connection to an Internet Access Provider via Modem This section will guide you through a complete router installation for the connection of a LAN to an Internet access provider via PPP The configuration of NAT Network Address Translation will also be shown Figure 4 1 shows the example system used in this section
78. n Frame Relay Address Map is Static Provides the IP address to be used for static address mapping CIR Committed Information Rate in percentage of total bandwidth bandwidth defined in CONFIG gt INTERFACE gt SWAN gt TRAFFIC CONTROL gt GENERAL gt BANDWIDTH Traffic above this rate may be discarded if the network is congested Enable Predictor Compression Enables data compression using the Predictor algorithm This feature should be enabled only if Cyclades equipment is being used on both ends of the connection because there is no established standard for data compression interoperability Data compression is very CPU intensive making this feature effective only for links running at soeeds under 1Mbps At higher speeds the time necessary to compress data offsets the gains in throughput achieved by data compression Number of Bits for Compression Applies when Predictor Compression Enabled Sixteen is fastest but 10 must be used if the router on the other end is a PathRouter for compatibility DLCI Priority Level This is the equivalent of CONFIG gt RULES LIST gt IP gt CONFIGURE RULES gt ADD RULE gt FLOW PRIORITY LEVEL See the section on traffic control in chapter 12 Reserved Bandwidth This is the equivalent of CONFIG gt RULES LIST gt IP gt CONFIGURE RULES gt ADD RULE gt RESERVED BANDWIDTH Defines what percentage of the CIR for an interface will be set aside for this DLC See the section on traffi
79. nceptual equivalent of the interface is shown All packets except those which fall into the holes in the ball will be denied entry in to or out of the network Chapter 12 Filters and Rules 89 Cyclades PR1000 Steps necessary to activate filtering on the exterior router in the example 1 There are two interfaces with two directions each Filtering on link 1 requires the creation of two rule lists called exterior_in and exterior_out Create them using the menu CONFIG gt RULES LIST gt IP gt ADD RULE LIST and the following parameters Rule List Type Filter Default Scope Deny Linked Rule List Name None 2 Create the rules for each rule list in the order in which they should be evaluated The order is important and mis ordering the rules can cause unexpected results This is done in the menu CONFIG gt RULES LIST gt IP gt CONFIGURE RULES The parameters for rules 0 and 1 in the example are shown in Figure 12 4 3 Link the rule lists to the respective interface parameters in the menu CONFIG gt INTERFACE gt lt NTERFACE gt gt NETWORK PROTOCOL gt INCOMING OUTGOING RULE LIST NAME exterior in should be set as the incoming rule list name and exterior_out should be set as the outgoing rule list name Exterior_in rule 0 allows a remote computer to connect to the bastion host using the TCP protocol on its SMTP port Exterior_out rule 0 allows the Bastion Server to RESPOND to the connection started by the remote computer To
80. nds for the Cyclades Routing Operating System It is the operating system for all Cyclades Power Routers PR1000 PR2000 PR3000 and PR4000 The CyROS Reference Guide contains complete information about the features and configuration of all products in the PR line CyROS is constantly evolving and the menus in this manual might be slightly different from the menus in the router The latest version of all three manuals and the latest version of CyROS can be downloaded from Cyclades web site All manuals indicate on the second page the manual version and the corresponding version of CyROS This manual should be read in the order written with exceptions given in the text Chapter 2 What is in the Box explains how the router should be connected Chapter 3 Using Menus describes CyROS menu navigation Chapter 4 Step by Step Instructions for Common Applications guide to configuration with detailed examples Chapters 5 to 9 Basic router configuration information for applications that do not fit any of the examples in chapter 4 Chapter 10 CyROS shows how to set router specific parameters and create lists of hosts and users Chapter 11 Network Address Translation describes CyROS NAT implementation Chapter 1 How To Use This Manual 7 Cyclades PR1000 Chapter 12 Filters and Rules demonstrates how to protect your router from undesired traffic Chapter 13 IPX presents the hidden menus available only in routers with
81. ne When an area is connected to the backbone only through another area two virtual links must be created One from the backbone to the unattached area and one from the unattached area to the backbone If this occurs in the network containing the router enter the Virtual Links Menu to configure this link In the table listing the parameters the link between Area 3 router 8 and the backbone is used as an example Virtual Links Menu CONFIG gt IP gt OSPF gt VIRTUAL LINKS Parameter Description Transit Area ID ID of the OSPF Area sandwiched between this router and the backbone In the figure area 2 is the area used to link Router 8 with the Backbone This ID has the form of an IP address Neighbor s ID Router ID of router at end of virtual link In the example this will be Router 6 Virtual Link Status Activates the virtual link Parameters available only when Virtual Link Status is Active Transit Delay in Seconds Estimated transit time in seconds to route a packet from Router 8 to Router 6 Use the preset value 1 or increase the number for slow links Retransmit Interval in Seconds Time in seconds between link state advertisement retransmissions for adjacencies belonging to this interface Hello Interval in Time in seconds between the hello packets on this interface Seconds Dead interval in Inactivity time seconds before a neighbor router is considered down Sec
82. ng Frame Relay This section will guide you through a complete router installation for the connection of two LANs via Frame Relay Figure 4 11 shows the example system used in this section Spaces have been provided next to the parameters needed for the configuration where you can fill in the parameters for your system Do this now before continuing Network IP 100 130 130 0 Central Office s Network IP 15 0 0 0 Remote Site s LAN Se ees LAN gg R TTT een ETHO Pelee 200 240 230 2 PR1000 N 100 130 130 1 _ SWAN 128 Kbps ee ee Connection dX V 35 DSU CSU 200 240 230 1 Frame Relay Network Network IP 200 240 2300 Mask 255 255 255 240 FIGURE 4 11 CENTRAL OFFICE AND REMOTE SITE CONNECTED USING SWAN INTERFACES Chapter 4 Step by Step Instructions 33 Cyclades PR1000 STEP ONE The first step is to determine the parameters needed to configure the Ethernet interface ETHO The parameters in the Network Protocol Menu IP are shown in Figure 4 12 Fill in the blanks for your application in the right most column These parameters will be entered into the router later after all parameters have been chosen Each parameter in this menu is explained in more detail in chapter 5 of the Installation Manual Menu CONFIG sINTERFACE sETHERNET gt NETWORK PROTOCOL gt IP Parameter Example Your Application Active or Inactive Active enables IP communication IPX and
83. od PAP CHAP BOTH depends on the service provider Login Name Login name device receiving call is expecting Password Password device receiving call is expecting FIGURE 4 6 MODEM DIAL OUT TABLE PARAMETERS Chapter 4 Step by Step Instructions 29 Cyclades PR1000 STEP SIX Two static routes must be added to tell the router that all traffic not intended for the local LAN should be sent to the Access Provider Chapter 9 of the Installation Manual explains static routes and other routing methods available in CyROS Fill in the spaces in Figures 4 7 and 4 8 with the values for your application Menu CONFIG gt STATIC ROUTES gt IP gt ADD ROUTE Parameter Example Your Application Destination IP Address This IP address must match the IP address given in figure 4 6 CONFIG gt SYSTEM gt MODEMS gt DIAL OUT TABLE gt ADD s3IP ADDRESS Subnet Mask The subnet mask for the Destination IP Address 295 255 255 255 Static Route Gateway or Interface Interface Interface SWAN Is This a Backup Route _ No OSPF Advertises This No FIGURE 4 7 STATIC ROUTE MENU PARAMETERS FOR INTERFACE ROUTE Chapter 4 Step by Step Instructions 30 Cyclades PR1000 Menu CONFIG gt STATIC ROUTES gt IP gt ADD ROUTE Parameter Example Your Application Destination IP Address Type in the word DEFAULT Gateway or Interface Gateway Gateway IP address Use the same v
84. oming packets Note Rule lists for Transparent Bridge and IP are created separately See section 4 7 in the CyROS Reference Guide for instructions on how this rule list is created Outgoing Rule List Name Filter rule list name for outgoing packets See section 4 7 in the CyROS Reference Guide for instructions on how this rule list is created Chapter 7 Network Protocols 51 Cyclades PR1000 CHAPTER 8 DATA LINK PROTOCOLS ENCAPSULATION Each encapsulation option is presented in a separate section in this chapter Not all data link protocols are available for all interfaces PPP The Point to Point Protocol PPP is the only encapsulation option than can be either synchronous or asynchronous It is important to choose between them in CONFIG gt INTERFACE gt lt LINK gt gt PHYSICAL before entering the Encapsulation menu The menu options depend on this choice Note not all interfaces support both the synchronous and asynchronous modes In this case there is no physical menu The configuration of the PPP data link protocol is confined to one menu CONFIG gt INTERFACE gt lt LINK gt gt ENCAPSULATION gt PPP Information about all the parameters appearing in this menu is provided in the table below Not all parameters will appear for all interfaces PPP Menu CONFIG gt INTERFACE gt lt LINK gt gt ENCAPSULATION gt PPP Parameter Description MLPPP Enables Multilink
85. on Menu CONFIG gt STATIC ROUTES gt IP gt ADD ROUTE Parameter Example Your Application Destination IP Address 15 0 0 0 Subnet Mask 255 255 255 0 Gateway or Interface gateway Gateway IP Address 200 240 230 1 Metric One number of routers between router being configured and the destination IP address Is This a Backup Route No OSPF Advertises This No Static Route FIGURE 4 17 STATIC ROUTE MENU PARAMETERS STEP SIX Now that the parameters have been defined enter into each menu described above in the order presented read chapter 3 Using Menus if you have not done so already Set the parameters in each menu according to the values you wrote in the figures above Save the configuration to flash memory at each step when requested configurations saved in run memory are erased when the router is turned off If you saved part of the configuration to run memory for some reason save to flash memory now using the menu option ADMIN gt WRITE CONFIGURATION gt TO FLASH Be sure to change the superuser password using the menu option CONFIG gt SECURITY gt USERS gt MODIFY The user ID super can remain the same but the password must be changed to avoid unauthorized access Chapter 4 Step by Step Instructions 39 Cyclades PR1000 STEP SEVEN The Ethernet interface can be tested as described in the troubleshooting appendix The SWAN interface can be tested in a similar manner At
86. onds Password String of up to 8 characters used to authenticate OSPF packages The use of this password is enabled in CONFIG gt IP gt OSPF gt AREA gt AUTHENTICATION TYPE Inside a given area these 4 parameters should be the same for all routers In the example virtual link they should be the same as those used for the backbone Chapter 9 Routing Protocols 76 Cyclades PR1000 CHAPTER 10 CYROS THE OPERATING SYSTEM This chapter explains various operating system features that are not covered in other chapters e creation of the host table e creation of user accounts and passwords e IP Accounting Creation of the host table CyROS allows identification of hosts by name In the menu CONFIG gt SYSTEM gt HOSTS each host is assigned a number 1 to 32 and a host name a maximum of 8 characters The IP address to be associated with this host name and the port to be used for telnet is then requested This host name can be used in aplications like ping and telnet and in some other configuration menus Another way to identify hosts by name is to configure access to a DNS Server This is done in the menu CONFIG gt IP gt DNS CLIENT The domain name where the router is located and two DNS Server IP addresses are the only parameters Creation of user accounts and passwords Four users are preset 1 super with the password surt 2 usr with no password 3 auto with no password and 4 pppauto with no password
87. or more details If only RIP2 is used RIP2 with multicast is recommended Unlike static routes RIP is configured on each interface rather than in a global menu The menu is the same for all interfaces and its parameters are presented in the table below RIP Menu CONFIG gt INTERFACE gt lt LINK gt gt ROUTING PROTOCOL gt RIP Parameter Description Send RIP Causes the router to transmit RIP messages Listen RIP Causes the router to accept RIP messages RIP2 Authentication Applies if R P2 was chosen in the first two options Activates RIP message authentication with a password RIP2 Authentication Applies if R P2 Authentication is Active Password used for both received and Password transmitted RIP messages Chapter 9 Routing Protocols 67 Cyclades PR1000 OSPF The OSPF Open Shortest Path First routing protocol is significantly more complicated than RIP The determination of which protocol is better suited to a given network is beyond the scope of this manual An example network using OSPF is given in Figure 9 3 AREA 0 Backbone To Another Autonomous System Router 4 AN AUTONOMOUS SYSTEM Area Border D Routers uter 7 R3 R6 R8 AS Boundary Router R5 FIGURE 9 3 OSPF EXAMPLE Chapter 9 Routing Protocols 68 Cyclades PR1000 First some definitions An Autonomous System AS is a portion of the network that will use a single routing strategy It is
88. own whichever is more convenient Chapter 2 What is in the Box 18 Cyclades PR1000 Chapter 3 Using CyROS Menus This chapter explains CyROS menu navigation and special keys There are three ways to interact with CyROS e Traditional menu interface using a console or Telnet session e CyROS Management Utility based on interactive HTML pages e SNMP explained in the CyROS Reference Manual Connection Using the Console Cable and a Computer or Terminal The first step is to connect a computer or terminal to the router using the console cable If using a computer HyperTerminal can be used in the Windows operating system or Kermit in the Unix operating system The terminal parameters should be set as follows e Serial Speed 9600 bps e Data Length 8 bits e Parity None e Stop Bits 1 stop bit e Flow Control Hardware flow control or none PR1000 login super PR1000 Password Cyclades Router Router Name Main Menu 1 Config 2 Applications 3 gt Logout 4 Debug ov gt INTO 6 Admin Select Option gt FIGURE 3 1 LOGIN PROMPT AND MAIN MENU Chapter 3 Using CyROS Menus 19 Cyclades PR1000 Once the console connection is correctly established a Cyclades banner and login prompt should appear on the terminal screen Pressing lt ESC gt during the boot process will temporarily halt initialization and present several options IP address of the router IP address of the boot server boot from
89. password is enabled in CONFIG gt IP gt OSPF gt AREA gt AUTHENTICATION TYPE Inside a given area these 4 parameters should be the same for all routers In the example virtual link they should be the same as those used for the backbone Chapter 9 Routing Protocols 73 Cyclades PR1000 STEP FOUR The next step is to define the areas created in step two This is done in the OSPF Area Menu Area Menu CONFIG gt IP gt OSPF gt AREA Parameter Description Area ID Has the format of an IP address but is not linked to any IP address in the system Use the CONFIG gt IP gt OSPF sL option to see which areas have been defined and use the area ID here Authentication Type Simple password authentication can be used in OSPF The authentication type should be the same for all routers in an OSPF Area If used the password for each interface is set in CONFIG gt INTERFACE gt lt NTERFACE gt gt ROUTING PROTOCOL gt OSPF gt PASSWORD Area Range N Status An Area Border Router ABR advertises link states for all networks within the area The number of such advertisements can potentially be reduced by condensing different IP networks into a single range Area Range N Net Address Area Range N Mask Applies when Area Range N Status is Active Sets the network IP address for the range Applies when Area Range N Status is Active Sets the network IP mask for the range Chapter 9 Routing P
90. r more networks connected through a public communications network The basic concepts are presented in Figure 14 1 An IP datagram is sent by a device on the LAN The message arrives at the router The router has two tables One with all the IP addresses contained in the Local Security Network and another with all the IP addresses in the Remote Security Networks If the source IP address is contained in the Local Security Network list and the destination IP address is contained in the Remote Security Network list the message is encrypted and encapsulated The only destination address is that for the remote gateway defined in the Remote Security Network list Upon arrival at the remote gateway the packet is unwrapped and sent to its destination w PC Message Message gt pe P Local Remote S IP Datagram Gateway P sent by user gt Header PR3000 Header Source IP Address Destination IP Address IP Options and Data Source IP Address Destination IP Address IP Options and Data As sent by As received by gt local Gateway remote Gateway gt Public S Network y Header with destination remote security gateway IP Address Header with destination Conversion remote security gateway performed by Router IP Address with Cyclades VPN Encrypted IP Datagram Encrypted IP Datagram FIGURE 14 1 CONVERSION PERFORMED BY CY
91. ranrruaneinniterecte tts 114 General Specifications umsssesssssssssrsssssrerrrrssarssssrrannnrerrrrr raser kar RR n ARR RASAR ARR RR RR RR ARKA KRK KR RR RR RR RR RR RR RR KR KRK RR RAR RR RR RR KR EEEE 114 External Interfaces massssssssssss nose annen dee ERARE EEEE EEEE EEEE EE SEE REAR 115 The WAN Intera C ciones a E E E E Ea E aaa AR MELO 115 TUG PAIN TAIT iee anaa aaa aE S EEEE AEREE EEEE eee KAISA 115 The CONS Ol IMCHACO serii aneen R E aaa EE Eaa aeaa SAOR aaa Taaa aaa 116 ADIOS aSa SSPE E T S Ae EARE EEEE EEEE EEEE EE EERE EEEE RE A E aa 117 Th Stralght TRAro gh Cable wccccsssscceszannecnnennsieseesssanss SANNE RESA SANS SS E EEEE REEE EEE EEEE E 117 TheDB 25 10 M 34 PO ADI Ol see sess cea bite eee E EEEE E EEE 118 The X 2t Modem CADE r aaa a sr 119 The lkoop Back CONNCE OM manserit seder ir eee a E E Ea a 120 APPENDIX C CONFIGURATION WITHOUT A CONSOLE orsoressssessrerssssssssnneranerrrrrrrrnnrrrnnn rann rr rr rr rann rr narr n nn enn 121 R gu irementS sss En a NEETER EREEREER REEERE R EE REE E Er 121 Proced ra AEE EEEE TEE TT EEEE EEES SRA E 121 INDEX E E E E A EET 122 Table of Contents Cyclades PR1000 CHAPTER 1 HOW TO USE THIS MANUAL Three Cyclades manuals are related to the PR1000 1 The Quick Installation Manual provided with the router 2 The Installation Manual available electronically on the Cyclades web site 3 The CyROS Reference Guide also available electronically on the Cyclades web site CyROS sta
92. rotocols 74 Cyclades PR1000 STEP FIVE The CONFIG gt IP gt OSPF gt NEIGHBORS menu is required if the router uses OSPF over non broadcast multi access interfaces such as X 25 and Frame Relay If this is the case set the parameters described in the following table Neighbors Menu CONFIG gt IP gt OSPF gt NEIGHBORS Parameter Description Interface Link for which neighbors will be defined In the OSPF example consider link 1 of Router 3 Neighbor s IP The router ID of the neighboring router For Router 3 link 1 use the router ID of router Neighbor s Status Enable includes link in OSPF database Enable Inactive leaves link in OSPF database but router at end of link Router 1 in this case no longer passes OSPF information Disable deactivates neighbor link and erases Neighbor s IP Neighbor s Priority Priority used by OSPF in multicast networks to elect the designated router A priority of 1 will make this router the most likely to be chosen A priority of 2 will make it second most likely Set it to O zero if this router should never be the designated router An example can be seen in Area 1 in the figure Router 1 should never be the Designated Router because it does not have a direct link to Router 2 Either Router 0 or Router 3 should be chosen Chapter 9 Routing Protocols 75 Cyclades PR1000 STEP SIX It is not always possible to connect all areas directly to the backbo
93. rovided below to set the parameters for each interface The Ethernet network protocol menu includes IP bridging and is explained in chapter 5 The SWAN Network Protocol Menu is given in figure 7 1 Note that this menu varies slightly for each interface Specific information on the options for each interface is provided in the CyROS Reference Guide in the chapter for the interface Config Interface SWAN Network Protocol IP Transparent Bridge Active i Interface Unnumbered Numbered _Assign IP from Interface Primary IP address Subnet Mask Secondary IP Address Subnet Mask IP MTU NAT ICMP Port Incoming Rule List Name Detailed Incoming IP Accounting _ Outgoing Rule List Name g Detailed Outgoing IP Accounting I Routing of Broadcast Messages Status Port Priority Incoming Rule List Name Outgoing Rule List Name FIGURE 7 1 NETWORK PROTOCOL MENU TREE FOR THE SWAN INTERFACE Chapter 7 Network Protocols 48 Cyclades PR1000 The IP Protocol If the preset values provided by the operating system are accepted the interface will work at a basic level The most common options are explained in the following table Network Protocol IP Menu CONFIG gt INTERFACE gt lt LINK gt gt NETWORK PROTOCOL gt IP Parameter Description Active or Inactive Activates this interface Interfac
94. s specified above The router will receive the packet because of the modified ARP table and use the IP address for its Ethernet interface 3 The new IP address is saved only in run memory The configuration must be explicitly saved to flash using the menu option ADMIN gt WRITE CONFIGURATION gt TO FLASH Do this now 4 The Ethernet and other interfaces can now be configured using the telnet session established If the connection fails or if the link goes down before the IP address is saved to flash a console must be used Appendix C Configuration Without a Console 121 Cyclades PR1000 Bandwidth Reservation 94 Boot Messages 109 C Cables 13 with a DB 25 connector 110 Connection to an Internet Access Provider 24 Cyclades ftp site 10 telephones 10 CyROS menus 19 E Ethernet testing the interface 111 F Flash Memory 21 Frame Relay 33 DLCI 38 H Hot Keys esc moving between menus 21 L list current configuration 21 Index Index IP Bridges 43 IP Filter Rules 86 L Lan to Lan 33 LEDs CPULED 109 110 definitions 112 illumination while booting 109 link LED 110 Memory flash 21 Menu Navigation 19 N NAT 24 80 Navigation 19 Network Address Translation see NAT O Open Shortest Path First see OSPF OSPF 68 areas 69 autonomous system 69 virtual links 76 P Problem Resolution 109 R Reserved IP Addresses 80 RIP interface configuration 67 Routing Protocol RIP see RIP Rules Lis
95. send messages only when a message request is received Frame Relay Frame Relay parameters are explained in chapter 8 The IPX protocol specific parameters are the same as those described in the preceding section but are located in the menu CONFIG gt INTERFACE gt lt INTERFACE gt gt ENCAPSULATION gt FRAME RELAY gt lt ESC gt gt ADD DLCI X 25 X 25 is explained in chapter 8 The IPX protocol specific parameters are the same as those described in the PPP section but are located in the menu CONFIG gt INTERFACE gt lt INTERFACE gt gt ENCAPSULATION gt X25 gt lt ESC gt gt ADD DTE Routing Routing can be done statically by configuring static routes or dynamically using RIP RIP is described in chapter 9 To create a static route as shown in Figure 13 1 navigate to the menu CONFIG gt STATIC ROUTES gt IPX gt ADD ROUTE The parameters for the system shown in the example are the following Add IPX Static Route Menu CONFIG gt STATIC ROUTES gt IPX gt ADD ROUTE Parameter Value for the Example Destination Network 00010001 Number Interface Slot 1 Next Hop Node 00602e001100 Number of Hops 1 one router is between the router being configured and the network to be reached Number of Ticks 1 related to the time necessary to reach the network Chapter 13 IPX 102 Cyclades PR1000 The routing table is displayed by the menu option INFO gt SHOW ROUTING TABLE gt
96. sions on the LAN e TX Indicates transmission of data to the LAN e RX Indicates data received from the LAN e CPU A steady one second on one second off blinking pattern indicates that the CPU is working correctly Other blinking patterns are described in Figure A 2 e TX Indicates transmission of data to the WAN e RX Indicates data received from the WAN e GP General Purpose LED reserved for future use Appendix A Troubleshooting 112 Cyclades PR1000 Power 100BT Col Link TX RX cpu TX RX GP FIGURE A 3 LED PANEL Appendix A Troubleshooting 113 Cyclades PR1000 APPENDIX B HARDWARE SPECIFICATIONS General Specifications The Cyclades PR1000 power requirements and environmental restrictions are listed in Figure B 1 Power Requirements external DC adapter Input voltage range 90 264 VAC 0 5A Input frequency range 50 60 Hz single phase Maximum input surge current 40A cold start Power dissipation max 18W Safety UL1950 CUL TUV EN60950 Line Conducted Noise FCC PART 15J CLASS B CISPR 22 CLA MTBF 80 000 HOURS Output plug Standard DC plug central pin positive 2 1mm Power Requirements PR1000 case Input voltage range 5 VDC 5 Current consumption type 0 5A 5VDC Power dissipation type 2 5W Power dissipation max Sw Approvals FCC Class A CE class A Environmental Conditions Operating temperature 10C to 44C 50F to 112F
97. sk IP Address Start _ IP Address End Destination IP Operator IP Address Start Mask IP Address Start IP Address End Source Port Operator Source Port Start Source Port End Destination Port Operator Destination Port Start Destination Port End Allow TCP connections Allow Account Process Syslog Status Syslog Level 87 Cyclades PR1000 Perimeter Network 192 168 0 0 192 168 0 2 168 0 a Router 172 16 0 0 192 168 0 3 Bastion Host Extension to Network FIGURE 12 2 FIREWALL EXAMPLE Figure 12 2 will be used to show how both an exterior router and an interior router would be configured using the filters available in CyROS Chapter 12 Filters and Rules 88 Cyclades PR1000 Exterior Router The exterior router is the network s first defense against attacks For this reason it is reasonable to prohibit all packets except for those explicitly allowed This is done by choosing the Default Scope to be Deny Thus ALL desired traffic must be expressly allowed by the rules in the rule list DENY e mail in Let e mail out DENY Let Telnet Connections Out DENY FIGURE 12 3 DENY AS DEFAULT SCOPE In Figure 12 3 a co
98. t be used if the router on the other end is a PathRouter for compatibility Connection Type Applies to asynchronous connections only NT Serial Cable is a direct connection to a Windows NT computer This is necessary because NT requires a negotiation before the beginning of the PPP negotiation Direct is used for other connections using cables or leased lines Chapter 8 Data Link Protocols Encapsulation 53 Cyclades PR1000 HDLC This data link protocol is a proprietary alternative to PPP It has only one parameter the HDLC Keepalive Interval This is the time interval between transmission of Keepalive messages The receiver of these messages must send keepalive messages with the same frequency or will be considered inoperative Frame Relay FR supports multiple connections over a single link Each data link connection DLC has a unique DLCI data link connection identifier This allows multiple logical connections to be multiplexed over a single channel These are called Permanent Virtual Circuits PVCs The DLCI has only local significance and each end of the logical connection assigns its own DLCI from the available local numbers Traffic Control based on Data Link Connection Traffic Control as described in chapter 12 can also be performed on a Frame Relay interface for each permanent virtual connection The parameters in the Add DLC menu are used in the same manner as those described in chapter 12 More detai
99. t connection Another network could be created but is not necessary Both routers can be assigned unnumbered interfaces because everything that leaves one router is sent to the other To define static routes enter the menu CONFIG gt STATIC ROUTES gt IP gt ADD ROUTE A description of the parameters in this menu with the configuration for Router 1 in the examples above is given in the table that follows Chapter 9 Routing Protocols 65 Cyclades PR1000 Add Static Route Menu CONFIG gt STATIC ROUTES gt IP gt ADD ROUTE Parameter Description Destination IP Address that route will lead to To configure a default route type default for this Address parameter otherwise enter 0 0 0 0 in both this and the next parameter Both Examples for the static route between Router 1 and Network 3 the IP address is 192 168 100 0 Subnet Mask Both Examples To access all hosts in Network 3 its mask 255 255 255 0 is used Gateway or Interface Example 1 the route is to a gateway Example 2 the route is to an interface since unnumbered interfaces are being used Gateway IP Address Applies only when previous parameter is Gateway It must be an address visible to the router In Example 1 it is 142 10 0 4 Interface Applies only when previous parameter is Interface Select the port Ethernet or slot N that will be unnumbered In Example 2 it is Slot 1 Metric Relative cost of this link Generally
100. this chapter See section 4 7 of the CyROS Reference Guide for more information about all four types of rules As an introduction the Rules List Menu Tree is presented in Figure 12 1 First a rule list is created and named Second rules are added to the list and defined Configuration of IP Filters IP Filter rules are a very important part of a network s firewall They permit packets into or out of the network depending on the source and destination IP addresses the source and destination ports the protocol used and the ACK bit for TCP packets The Syslog can be used to monitor the packets that meet the rules applied in this menu Chapter 12 Filters and Rules 86 Cyclades PR1000 Config Rules List IP Add Rule List Edit Rule List a as Add ule List v L Clear Rule List FIGURE 12 1 THE RULES LIST MENU TREE Chapter 12 Filters and Rules Configure Rules Add Rule Delete Rule Edit Rule Rule List Name Rule Status Rule List Type Default Scope Incoming Rule List Name Outgoing Rule List Name Linked Rule List Name N Rule List Name Insert as Rule Number Rule Status i _ Scope Rule Priority Level i Reserved Bandwidth Bandwidth Priority Level Protocol Source IP Operator IP Address Start Ma
101. this point you should create a backup of the configuration file in binary and print out a listing of the configuration Instructions for creating a backup of the configuration file Use the menu option ADMIN gt WRITE CONFIGURATION gt TO FTP SERVER Fill in the IP address of the computer where the configuration file should be saved the file name the directory name and the user account information This configuration file can later be downloaded with the ADMIN gt LOAD CONFIGURATION gt FTP SERVER option Instructions for listing the configuration The menu option INFO gt SHOW CONFIGURATION gt ALL will list to the terminal screen the configuration of the router This can be saved in a text file and or printed on a printer Chapter 4 Step by Step Instructions 40 Cyclades PR1000 CHAPTER 5 CONFIGURATION OF THE ETHERNET INTERFACE The PR1000 has one Ethernet 10 100Base T interface provided in a standard RJ 45 modular jack which should be connected to an Ethernet hub or switch Use a standard 10 100Base T straight through cable not included When the Ethernet link is correctly connected the link LED will be lit The menus for the Ethernet Interface are independent of the speed of the link If your network uses 10Base2 thin coaxial cable or 10Base5 thick coaxial cable you will need a transceiver to convert between the different Ethernet media A crossover cable is required for direct connection to a computer an RJ 45 Eth
102. tion Manual Chapter 2 What is in the Box 13 Cyclades PR1000 The X 21 Model Back Panel of PR1000 amp oe ost Pa To COM Port N of Computer DB 25 3 Male SS X 21 Modem Cable To Wall Outlet X21 DSU CSU with DB 15 Interface FIGURE 2 2 X 21 MODEL Figure 2 2 shows which cable purchased separately should be used for an X 21 modem and how everything should be connected The pinout diagram of this cable appears in Appendix B of the Installation Manual Cyclades recommends the use of Category 5 shielded twisted pair cables for Fast Ethernet connections The Cyclades PR1000 comes with rubber pads to prevent it from slipping on a horizontal surface It may be necessary to affix the router more securely to either a horizontal or vertical surface To this end Velcro strips and screws have been provided Chapter 2 What is in the Box Cyclades PR1000 Horizontal Surfaces The Velcro strips should be used to attach the PR1000 more firmly to a horizontal surface Remove the backing from the prickly Velcros and attach them to the router as shown in the figure Remove the backing from the fuzzy Velcros and place them on the horizontal surface so they are aligned with the Velcros on the router Cyclades PR1000 la Prickly Velcro Prickly Velcro A R Fz A 4 Velcro Horizontal Surface Where the PR1000 Will be Secured FIGURE 2 3 HOW TOATTACH THE V
103. ts 86 Run Configuration 21 S Saving Changes to flash 21 to flash at a later time 21 to run configuration 21 Service Prioritization 94 SNMP and IP accounting 79 Static Routes 30 SWAN Interface 45 testing 112 122 Cyclades PR1000 T Technical Support 10 Telephone Numbers 10 Traffic Rule Lists 93 Traffic Shaping 94 Troubleshooting 109 U Using CyROS menus 19 V Version of CyROS newest via ftp 7 of manual newest via ftp 7 Index 123 gt r Nin sv Cyclades Australia Phone 61 7 3279 4320 Fax 61 7 3279 4393 www au cyclades com Cyclades Philippines Phone 632 813 0353 Fax 632 655 2610 www ph cyclades com SN Ler et Cyclades UK Phone 44 1724 277179 Fax 44 1724 279981 www uk cyclades com Cyclades Corporation 41829 Albrae Street Fremont CA 94538 USA Phone 510 770 9727 Fax 510 770 0355 www cyclades com CYCLADES The Lea der in Linux C nectivity Cyclades South America Phone 55 11 5033 3333 Fax 55 11 5033 3388 www cyclades com br Cyclades Italy Phone 39 329 0990451 Cyclades Germany Phone 49 0 81 22 90 99 90 Fax 49 0 81 22 90 999 33 www cyclades de
104. up into digestible pieces Text with this icon will indicate the relevant section RPE Caution Not following instructions can result in damage to the hardware Text with this icon will warn when damage is possible Reminder Certain instructions must be followed in order Text with this icon will explain the proper steps Chapter 1 How To Use This Manual Cyclades PR1000 Cyclades Technical Support and Contact Information All Cyclades products include limited free technical support software upgrades and manual updates These updates and the latest product information are available at http www cyclades com ftp ftp cyclades com pub cyclades Before contacting us for technical support on a configuration problem please collect the information listed below The Cyclades product name and model Applicable hardware and software options and versions Information about the environment network carrier etc The product configuration Print out a copy of the listing obtained by selecting INFO gt SHOW CONFIGURATION gt ALL A detailed description of the problem The exact error or log messages printed by the router or by any other system The Installation Guide for your product Contact information in case we need to contact you at a later time In the United States and Canada contact technical support by phone or e mail Phone 510 770 9727 9 00AM to 5 00PM PST Fax 510 770
105. wn before beginning the configuration of RSG3 Chapter 14 Virtual Private Network Configuration 105 Cyclades PR1000 REMOTE SECURITY NETWORK 1 Link 1 IP 50 50 50 1 LOCAL SECURITY NETWORK ase a Router IP Address lt 9 9 9 1 REMOTE SECURITY NETWORK 2 Link 1 IP 20 20 20 1 Router IP Address 190 190 190 1 RSG2 eat BR Router IP Address 20 20 20 1 IP 192 168 0 0 FIGURE 14 2 VIRTUAL PRIVATE NETWORK EXAMPLE Chapter 14 Virtual Private Network Configuration 106 Cyclades PR1000 STEP THREE Use the menu item INFO gt SHOW ROUTING TABLE to confirm that the other Remote Security Gateways RSGs and all the networks included in the Remote Security Networks are reachable In the example this would require that all of the following appear in RSG3 s routing table e RSG1 router IP address 9 9 9 1 e Network connected to RSG1 that will be included in Remote Security Network 1 10 255 255 0 e RSG2 router IP address 20 20 20 1 e Network connected to RSG2 that will be included in Remote Security Network 2 192 168 0 0 These IP addresses should appear as a destination or be contained in one of the destination networks listed in the routing table If an address is not in the routing table add it following the instructions given in chapter 9 for static routes STEP FOUR The next step is to define the devices contained in the Local Security Network Navigate to the

Download Pdf Manuals

image

Related Search

Related Contents

S&P Glasphalt G  Balanza para papel PCE-LSZ 200C  Page 1 Page 2 業務用 ア丿~ミを採用することで 総質量を約20%減量し      Bedienungsanleitung  Service Manual  BENDIX BW2739 User's Manual  Versión PDF - Meximusoft.com    

Copyright © All rights reserved.
Failed to retrieve file