Perle Systems Perle IOLINK-520 User's Manual
Contents
1. CONDECION seo tere ene e e UD d ERU CE SHN eR ee 2 25 Configure Remote Site ee iet dar pe tus 2 26 Configure Remote Site Profiles for ISDN PPD sse 2 26 Manual Call none OR DUI OUR ROME UNT EIE 2 27 IP Addtess CohfleCt caeci eren TIER TREE RENTRER 2 27 2 2 28 Acttvauonisehedule ue ea 2 28 Secondaty JXCHVAtODB 2 28 Configure Remote Site Profiles for Frame 2 29 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Contents Contents Configure Remote Site Profiles for Leased Line PPP sss 2 32 Configure Remote Site Profiles for Frame Relay with ISDN Backup 2 34 Advanced f tanita 2 35 Configure Dynamic Host Configuration Protocol sees 2 35 Network Address Translation and Port Translation 20 2 37 angi 2 39 Secutity xui i PRO DH DR RD e EB HD DARAN 2 39 Contigure PPP Security is teo esce dtt directe HL Lees 2 46 Contigure Firewall sneetunteunie eunte pad ee OD unde rete tU DR Dee NS 2 48 Network Address Translatie a tree etd n i nte e 2 51 lac e 9 2 52. expotter s Export Permit allows the distribution of this product either directly to the end users or to distribution partners subsidiaries and or agents who will act as intermediaries for deliveries to the end users The subsidiaries or agents will be able to re export this product subject to local export controls laws 4 The exporter s Export Permit requires that the exporter or through the exporter s subsidiaries and or agents notifies in writing foreign end users of any end use or transfer restrictions applicable to this product Federal Communications Commission FCC Note This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense Warning The user is cautioned that modifications to this equipment can void the authority granted by the FCC to operate the equipment The following repairs may be made by the customer none Canadian Emissions Standar
3. 22 23 24 25 UIO Soc The connecting cable must be a shielded cable Circuits which are paited contain an A and B reference should be connected to twisted pairs within the connecting cable D 6 IOLINK 520 amp IOLINK PROOO Installation amp Applications Guide Interface Pinouts V 35 Link Pinouts The connector pinouts described here correspond to the connector labeled V 35 on the back of the IOLINK 520 amp IOLINK PRO 13 1 25 0 25 34 Direction Contact Contact Circuit To From Number Number Name DCE DCE Protective Ground NENNEN ee Request to Send PRIMI Receiver Signal Element Timing A ee Receiver Signal Element Timing B O U a TTA Transmitter Signal Element Timing A DTE Eo es Figure D 8 V 35 Link Pin Outs a m y t ee e NES EE NENNEN EB E pom ee ee 8 F E 9 Jj 40 1 S R a 7 L0 18 U 19 w 20 HWH 1 22 J eV 22 25 i p X The connecting cable must be a shielded cable Circuits which are paired contain an A and B reference should be connected to twisted pairs within the connecting cable NOTE For U K Approval The connecting cable may be any length between 0 and 5M One end must be termi
4. Reservea WINDOW CHECKSUM URGENTPOINIER DATA FIELD 44 45 46 47 48 49 50 2 W X Y Z 1 il DATA FIELD NEXT 5000CTETS ETHERNET CHECKSUM Octet Locations on an IPX Routed Novell Netware Frame NOVELLIPX HEADER 0 1 2 3 4 5 6 7 8 9 Checksum LENGTH Transport PACKET DESTINATION NETWORK 10 11 2 13 14 15 16 17 18 19 20 21 DESTINATION HOST DESTINATION SOURCENETWORK 22 23 24 25 26 27 28 29 SOURCE SOURCEHOST SOURCE NOVELLSPXHEADER 30 31 32 33 34 35 36 37 38 39 40 4l Connection Datastream SOURCE DESTINATION SEQUENCE ACKNOWLEDGE ALLOCATION Control Type CONNECTION ID CONNECTION ID NUMBER NUMBER NUMBER NOVELL DATA FIELD AND ETHERNET CHECKSUM 42 43 44 45 46 47 48 Ww x Y 7 1 DATA FIELD UP TO 534 OCTETS OF DATA ETHERNETCHECKSUM IOLINK 520 amp IOLINK PRO Installation amp Applications Guide B 3 Octet Locations Octet Locations on a Bridged XNS Frame LEVEL 2 ETHERNET 0 1 2 3 4 5 6 7 8 9 10 u 12 B 1 1 1 1 1 1 1 1 1 1 1 1 1 1 ETHERNET DESTINATION ADDRESS ETHERNET SOURCE ADDRESS TYPE CODE INTERNET PACKET 14 15 16 17 18 19 20 21 22 23 1 1 1 1 1 1 1 1 CHECKSUM LENGTH iod DESTINATION NETWORK 2 25 26 27 28 29 30 31 32 33 34 35 1 1 1 1 Li 1 1 1 1
5. Applications Set up Firewall Set up LAN Firewall Set up Edit Firewall Entry V filter ID 1 Destination Address 195 100 1 0 Destination Mask 255 255 255 0 Source Address 195 100 2 0 Source Mask 255 255 255 0 V Protocol Type TCP Entry Direction outbound Finally holes are provided in the LAN firewall to allow Internet access to the FTP and WWW servers Firewall Location Main Configuration V Applications Set up Firewall Set up LAN Firewall Set up Designated Servers FTP Server 195 100 1 12 WWW HTTP Server 195 100 1 20 The configuration options described here are only for initial set up and configuration e purposes For more information on all of the configuration parameters available please refer to the IOLINK 520 amp IOLINK PRO VPN Menus Manual file on the accompanying CD ROM 2 50 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 4 3 4 Network Address Translation Using private addresses on a network and NAT NAPT for interactions over an internetwork connection hides the internal address from the rest of the world Access is restricted to only those services that are specifically designated to be available Please see section 2 4 2 for more information on Network Address Translation 2 4 3 5 Filters The programmable filtering functions available on the IOLINK 520 amp IOLINK PRO provide a very powerful means of controll
6. L The information icon is used to indicate that more information is available on this subject The information is usually located within another document as specified AN The caution icon indicates that caution should be taken when performing this task 1 6 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Login to Bridge Router and Enter the Required Configuration At the login screen type a 1 and the default password to enter the menu system of the IOLINK Router The default password is BRIDGE case sensitive and should be changed if security is desired With the options of the built in menu system the IOLINK router may be configured to operate within your environment Refer to the PPP Menus Manual file for your operating software on the accompanying CD ROM for a complete description of all the Menu Options The menu system of the IOLINK router may also be used to view system statistics Bridge Router database changes and statistics viewing may be done remotely by establishing Telnet connections to a partner bridge router across the WAN This is accomplished by selecting the Telnet option Location Main Configuration V5 Access Set up Telnet Set up Telnet Specify the name or IP address of the router you wish to connect to for configuration purposes viewing of statistics Noting the Device name at the top left of each Menu may identify the router being controlled If
7. Q Quick Start Frame Relay 2 23 ISDN 2 19 Leased Line 2 24 Security 2 39 R Remote Site Profile 2 26 Frame Relay 2 29 Frame Relay with ISDN backup 2 34 ISDN 2 26 Leased Line 2 31 Security 2 39 Reset Switch 1 2 RS232 Null Modem Cable Configuration D 8 RS442 amp RS530 Link Pinouts D 6 RS530 Null Modem Cable Configuration D 10 RS530 To RS449 Conversion Cable D 11 Index S Secondary Link 2 34 2 41 Security 2 39 SA Security Association 2 39 Security Level 2 39 Servicing Information C 1 Should you Bridge or Route 2 2 Soft Reset 2 21 SPID 2 20 Static IP Routes 2 9 2 10 Status LEDs 1 10 Subnets 2 6 Subnet Mask 2 6 Subnet Size 2 6 Switch type 2 16 T Typical Applications 2 1 U Unnumberted links 2 14 V V 11 amp X 21 Link Pinouts D 5 V 11 X 21 Null Modem Cable Configuration D 12 V 24 amp RS232C Link Pinouts D 4 V 35 Link Pinouts D 9 V 35 Null Modem Cable Configuration D 9 VPN Virtual Private Network 2 39 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Lifetime Warranty Limited Lifetime Warranty Policy Limited Warranty Subject to the schedules set forth below Perle products carry a limited lifetime parts and labour warranty that is Perle warrants to the original purchaser of each new product that the product will be free from defective materials and workmanship Purchaser s sole remedy for any such defect shall be repair or replaceme
8. You may easily prevent stations on one segment from accessing all but a specific resource on the other segment for this negative filtering and the use of Forward if Destination would be appropriate If you want to disallow all but one specific station from accessing any service on the other segment the use of Forward if Source could be used IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 3 1 Introduction to Filtering Pattern Filtering Pattern filtering is provided in three separate sections Bridge Pattern Filters Router Pattern Filters and IPX Router Pattern Filters When the IOLINK router is operating as an IP IPX Bridge Router each of the frames received is passed on to the appropriate internal section of the IOLINK router The IPX frames are passed on to the IPX router the IP frames are passed on to the IP router and all other frames ate passed on to the bridge Different pattern filters may be defined each of these sections to provide vety extensive pattern filtering on LAN traffic being sent to remote LANs Pattern filters are created by defining an offset value and a pattern match value offset value determines the starting position for the pattern checking An offset of 0 indicates that the pattern checking starts at the beginning of the data frame An offset of 12 indicates that the pattern checking starts at the 12 octet of the data frame When a data frame is examin
9. ri Applications 2 4 3 Security The IOLINK router provides a number of means of providing security on incoming and outgoing traffic on a network These methods include the IPsec protocol suite access password authentication firewall limiting access to only designated device addresses private network address translation NAT and filtering for both incoming and outgoing traffic 2 4 3 1 IPSec Protocol Suite The PPP IOLINK 520 amp IOLINK PRO support a number of features from the Internet Protocol Security IPSec extensions that provide data encryption authentication and ptivacy IPSec can be used to establish a secure Virtual Private Network VPN over a public network The connection through the unsecured public network between two routers on a VPN is often referred to as a tunnel VPN 15 set up as Security Association SA between the two routers also known as security gateways in this case on either end of the desired secure connection The SA defines the security parameters that will be used between the two routers Many of the settings define source and destination parameters These settings will be mirror images on the partner routers i e the source value for a parameter will become the destination setting when configuring the partner router Each router on the VPN has a policy list which defines the SAs the IPSec authentication and enctyption parameters and the rules used to determine which
10. Directory Numbers SPIDs Password and connection data for the remote site if applicable and then reset After the reset the router will operate normally using the newly upgraded software In some upgrade situations the Directory Numbers and SPIDs may be corrupted after the upgrade and will need to be re entered The router may take up to two 2 minutes to program and verify the FLASH The console will not respond during this time To check on the router s current state during this process get the file status txt from the router This file will report the router s state both the mode and version if no errors have occurred ot an error message On the rare occasion that during the programming of the FLASH something happens to the bridge router power hit or hardware reset causing the FLASH to become corrupted the bridge router will restart in ZMODEM receive mode only If the bridge router does not start in ZMODEM receive mode power down the bridge router remove the WAN module s and if present the second LAN module power up the bridge router The bridge router should now restart and be in ZMODEM receive mode Once the file transfer is complete the router will again come up in ZMODEM receive mode Power down the unit and replace the interface modules C 6 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Servicing Information In the following diagram of a cluster of routers when upgrading the three I
11. This precaution may be particularly important in rural areas CAUTION Users should not attempt to make such connections themselves but should contact the appropriate electric inspection authority or electrician as appropriate Using This Manual This Installation and Applications Guide provides the basic information required to initially set up and configure the IOLINK 520 amp PRO Bridge Router This guide is organized into the following sections Installation provides instructions for installing the IOLINK 520 amp IOLINK PRO Typical Applications amp How to Configure Them provides simple configuration examples for typical applications in which the IOLINK 520 amp IOLINK PRO might be used The applications described in this document are for example only and provide a method of quick configuration of the IOLINK 520 amp IOLINK PRO applications and corresponding configuration may be combined if the operation of the IOLINK 520 amp IOLINK PRO requires more complexity For more complete information on all of the configuration parameters available please refer to the appropriate Menu Reference Manual file for your operating software on the accompanying CD ROM Introduction to Filtering provides an introduction to the pattern filtering options of the IOLINK 520 amp IOLINK PRO Several examples of typical pattern filters are also provided Menu Trees provides a graphical tree type overview of the structure of
12. the menu system will display the range of values acceptable and a prompt symbol gt Enter the new value at the prompt symbol and press enter Should you make an error in entering the new value the lt BACKSPACE gt key for most terminals deletes the most recently entered characters IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 1 5 Applications Conventions Throughout this section IOLINK 520 amp IOLINK PRO menu options are shown that are required for the various configuration choices The appropriate menu options are shown in each instance in the following format Configuration Option Name Location Main Sub Menu Name Sub Menu Name Option The configuration option is shown as well as the options location within the menu system The character indicates that a sub menu level must be chosen The option name is finally shown in italics The keyboard graphic in the left margin indicates that this is information that the user will have to enter for configuration note icon is used to provide miscellaneous information on the configuration and 4 set up of the IOLINK router te Configuration The Configuration Note is used to indicate that there may be a difference in Note configuration between the various operational modes of the IOLINK router This may mean for example that the remote site set up is configured differently for an ISDN PPP router than for Frame Relay
13. 1 1 DESTINATION HOST DEREN SOURCE NETWORK 3 37 38 39 40 4l 42 23 46 wW X Y 2 1 1 1 1 1 1 1 1 1 1 1 1 1 SOURCE HOST ETHERNET CHECKSUM SEQUENCED PACKET PROTOCOL 14 15 16 17 18 19 20 21 22 23 1 1 1 1 1 1 1 1 1 CHECKSUM LENGTH DESTINATION NETWORK 25 26 27 28 29 30 31 32 33 34 35 1 1 1 1 1 1 1 1 1 1 1 DESTINATION HOS SOURCE NETWORK 38 39 40 41 42 23 44 45 46 47 48 49 1 1 1 1 1 1 1 1 1 1 1 1 SOURCE Connection Datastream SOURCE DESTINATION SOURCE HOST Control Type CONNECTION ID 0 52 53 54 55 56 57 58 59 W X Y Z 1 1 1 1 1 1 1 1 1 1 1 1 1 1 ACKNOWLEDGE ALLOCATION ST ME DATA FIELD ETHERNET CHECKSUM B 4 IOLINK 520 amp IOLINK PROO00 Installation amp Applications Guide Appendix C Servicing Information Opening of the case and changing of modules is only to be performed by qualified service personnel WARNING Always disconnect the power cord from the rear panel of the bridge router The bridge router case does not need to be opened to change LAN or WAN interface modules Opening the case 1 Remove power from the bridge router and remove the other cabling 2 Turn the bridge router over and place it a flat cushioned surface 3 Remove the six Phillips head screws that fasten the case together 4 across the front and 1 on each rear side 4 Hold the two halves of the case together and turn the bridge router right side up 5 Lift off the top half of the case The LEDs in the front panel of
14. Count 5 Terminate Count IP Address Connect 1 Edit IP address entry 2 IP address connect 3 Show IP address entries 4 Remove IP address entry 5 Remote site summary Force disconnect Link summary 5 6 Continued on next page 1 Edit Remote Site menu Edit Remote Site 1 Connection set up menu Activation menu Protocol set up menu Remote site type 1 Default parameters menu Security level Default Parameters ISDN Options 7771 Frame Relay Options JE Security parameters menu 2 Primary link Remote site alias 3 Secondary link Connection 4 Auto call Primary connection Secondary connection 1 Schedule 2 Usage set up 3 Threshold set up 4 nactivity timer 5 Recovery timer Protocol Set Up IP parameters menu IPX parameters menu CCP parameters menu BACP set up menu Multilink Security Parameters 1 Incoming PAP password 2 Incoming CHAP secret z3 Outgoing user name 4 Outgoing PAP password 5 Outgoing CHAP secret 1 Outgoing user name 2 Outgoing PAP password 3 Outgoing CHAP secret 1 2 Resta timer 2 Restart Timer Advanced PPP Set Up ACFC PFC Echo monitoring Quality protocol Quality interval MP encapsulation MP sequencing MP discriminator MP minimum ISDN call set up menu Bridge parameters menu CMCP parame
15. Each data packet that goes through an IPSec router will be tested against one or more sets of rules concerning the source IP Address of the packet the destination IP Address of the packet the IP protocol TCP etc associated with the packet the source port from which the packet originated and destination port to which it is going An action determined by the outcome of the test is then performed on the packet such as IPSec processing discard etc The first step in setting up IPSec is to define the local address that the router will use for the local end of the tunnel 5 IPSec Policy Set up Location Main Configuration Packet Services Set up IP Security Set up V Policy Set up V Local IP address 199 22 33 01 The Local IP Address must be an IP address for this router on the public network It should not be a dynamically assigned address In this case Router 175 address will be the numbered WAN link 199 22 33 01 If this connection had been set up as an unnumbered link then the local IP would be set as LAN or the router s IP address Note that in the case of unnumbered links the LANs would require registered IP addresses to operate over the Internet The policy is applied at the WAN link the outbound IPSec interface this must be specified IPSec Policy Set up Location Main V Configuration Packet Services Set up IP Security Set up V Interfaces Set up V IPSec Interface WAN 2 40
16. Ground Received Line Signal Detector CD z N 2 Transmit Signal Element Timing DCE Source Peo o a _ Oo o ee O d e ee Transmit Signal Element Timing DTE Source X BE ee a Figure D 5 RS232 Link Pinouts 114 115 141 A 2 2 A 2 2 2 ojojo 56 N oOo amp OO N O OQ 0 wW 2 3 5 6 ge 18 20 22 23 24 25 gt The connecting cable must be shielded cable NOTE For U K Approval The connecting cable may be any length between 0 and 5M Each end must be terminated in a male 25 pin X 21 bis connector as defined in ISO 2110 1989 D 4 IOLINK 520 amp IOLINK PROOO Installation amp Applications Guide V 11 X 21 Link Pinouts The connector shown here and pinouts described here correspond to the connector labeled V 11 x 21 on the back of the IOLINK 520 amp IOLINK PRO 8 DB15 Female DTE 15 1 O 9 X 21 Direction Contact Circuits Circuit To From Number Reference Name DCE DCE Protective Ground A T A Transmitted Data A 1 C A eee Ground Signal Ground X 11 R B Received Data B x 12 Signal Element Timing B X i aa p Figure D 6 V 11 x 21 Link Pinouts The connecting cable must be a shielded cable Circuits which are paired contain an A
17. IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications Note that the policy will be applied to all WAN interfaces so a link on a second WAN interface must have a policy item or items to permit traffic across that interface Next the policy item s that specify the SA s the rules to test packets against and encapsulation algorithms and keys must be set Each policy item is created by entering a name after selecting the Edit Item menu option IPSec Policy Table Entry Location Main V Configuration Packet Services Set up IP Security Set up Policy Set up V Edit Item Mem name The name may be up to 16 alphanumeric characters spaces are not allowed use underscore as a separator After the name 15 entered the Edit Policy Item menu will be displayed Under this menu the Encapsulating Security Payload SA parameters and policy rules are set IPSec ESP SA Location Main Configuration Packet Services Set up IP Security Set up Policy Set up Edit Item item name Manual ESP SA V Peer IP Address 201 55 44 02 Outbound SPI 24680BD Inbound SPI ECA97531 Security Parameters Indices SPI are identification numbers used to identify packets to outbound or from inbound the peer router in the SA connection The Outbound SPI on one router must be exactly the same as the Inbound SPI on the peer similarly the Inbound SPI must exactly match the outbound SPI on the peer
18. IOLINK router is connected to and is used to route IP frames for destination networks that do not exist in the routing table When an IP frame is received that is destined for a network that is not listed in the routing table of the IOLINK router the router will send the IP frame to the default gateway If the device originating the IP frame is on the same LAN as the IOLINK router the router will then send an ICMP redirect message to the originating device Any future IP frames for that destination network will then be sent directly to the default gateway instead of the IOLINK router A default gateway may be configured if there are a large number of routes that will pass through another router to a larger network An example of this would be a router that is used to connect to the Internet All of the routers on the LAN would have the Internet access router as the default gateway 2 1 2 4 IP Static Route With its default settings the IOLINK 520 amp IOLINK PRO will automatically learn the routes to other devices on the network through RIP messages In some instances it may be desirable to have a predetermined or static route that will always be used to reach certain devices such as when one specific router is to be used to reach a destination IP network The static route will have precedence over all learned RIP routes even if the cost of the RIP learned routes 1s lower Edit Static Route Location Main Configuration V5 Packet Service
19. Important IOLINK 520 amp IOLINK PRO uses FLASH memory to store the configuration information Configuration settings are stored to FLASH memory after there has been 30 seconds of idle time Idle time is when there is no selection or modification of the value in the built in menu system If you wish to save a configuration immediately enter to get to the main menu then select option 5 Save configuration IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 1 Applications 2 1 Bridging and Routing Should You Bridge or Route When connecting two networks together the first question to ask is should I bridge or route The decision to bridge or to route may be decided by how the existing networks have been already set up Bridging should be used when the network consists of non routable protocols or routable protocols using the same network numbers Some protocols can only be bridged some of the more well known ate NetBEUI used by Microsoft Windows and LAT used by Digital Equipment Corp If your IPX or IP network address is the same at both locations bridging is simpler and requires less configuration If the locations are to be routed together the network numbers will have to be different in both cases this could require extensive reconfiguration IPX routing should be used if the two locations are already set up with different IPX netwotk numbers Routing IPX will minimize the number of
20. LINK is auto learning LMI type Yellow 5 5 8 Frame Relay Not used Leased Line mode S 2 If the module is an ISDN BRI interface a connection on either B channel will display green LED IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 1 9 Applications 1 10 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 Typical Applications amp How to Configure Them The IOLINK 520 amp IOLINK PRO are flexible Ethernet Bridge Routers This section will describe how to set up the IOLINK 520 amp IOLINK PRO routers using each of its networking functions Note that depending on the model of unit and what interface modules are installed some of the configuration examples may not apply for example if no ISDN BRI module is installed the sections on setting up an ISDN PPP IOLINK router would not apply The IOLINK 520 amp IOLINK PRO routers may be configured as a simple Ethernet bridge an Ethernet IP router an Ethernet IPX router or a combination of the three When operating the IOLINK router as a combination bridge router simply configure each of the components separately Note The configuration options described within this section are only for initial set up and configuration purposes For more complete information on all of the configuration parameters available please refer to the IOLINK 520 amp IOLINK PRO VPN Menus Manual file on the accompanying CD ROM
21. Level The security level defines the type of security that this IOLINK router will request when a remote site PPP router attempts to establish a PPP connection The security may defined as none PAP or CHAP When a security level is defined on this IOLINK router an entry for each remote site PPP router that may be connected to this IOLINK router must be placed in the security database The security database is used to store the user names and passwords of the remote site PPP routers 2 46 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Remote Site Security Parameters Entry Location Main Configuration Connections up Vb Edit Remote Site Security Parameters Outgoing User Name Incoming PAP Password Outgoing PAP Password or Incoming Secret Outgoing Secret The outgoing entries in the security database define the user names and passwotds secrets that this IOLINK router will send in response to an authentication request is sent from the remote partner router The incoming entries define the passwords secrets that this router expects to receive from the remote partner in response to authentication requests re For a pair of partner routers with security enabled the outgoing user name in the security parameters entry of one router must match the remote site alias in the partner router s remote sites table To use PPP security with frame relay PPP encapsulati
22. SHALL NOT BE LIABLE FOR ANY INCIDENTAL SPECIAL OR CONSEQUENTIAL DAMAGES RESULTING FROM THE USE INABILITY TO USE OR FAILURE OF ANY OF OUR PRODUCTS OR FOR DIRECT DAMAGES IN EXCESS OF THE PURCHASE PRICE OF THE APPLICABLE PRODUCT Your statutory rights are not affected by this warranty Product returned to Perle must be pre authorised by Perle with an RMA Return Material Authorisation number marked on the outside of the package and sent prepaid insured and packaged for safe shipment If we determine that the product is not covered by the warranty then the cost of repair at our then current rate and all transportation costs will be paid by you Limited Lifetime Warranty Schedules Part 1 details what is deemed outside of warranty cover Part 2 explains the possible causes and recommended precautions to take to avoid such failures Part 1 The following are deemed to be outside of the Limited Lifetime Warranty cover and are therefore treated as chargeable repairs Multiple Port Failure Multiple LAN Port Failure Track Damage Non Perle Repair Damage 12780895 2 12901 1047C 063 Other Damage No Fault Found Upgrades Part 2 Multiple Port Failure This is where more than one port has been damaged Possible causes are listed below Plugging a defective peripheral into the port Plugging a live peripheral into the port Plugging a defective data cable into the port An external high voltage being applied mains surge lightning
23. Send A 6 DCE Ready A 22 DCE Ready B 20 DTE Ready A 23 DTE Ready B 7 Signal Ground 8 Received Line Signal Detector A 10 Received Line Signal Detector B 15 Transmit Timing A DCE Source 12 Transmit Timing B DCE Source 24 Transmit Timing A DTE Source 11 Transmit Timing B DTE Source 18 Local Loopback 21 Remote Loopback 17 Receiver Timing A DCE Source DB25 MALE Shield 1 Received Data A 3 Received Data B 16 Transmitted Data A 2 Transmitted Data B 14 DCE Ready A 6 DCE Ready B 22 Clear To Send 5 Clear To Send B 13 Request To Send A 4 Request To Send B 19 Received Line Signal Detector A 8 Received Line Signal Detector B 10 Signal Ground 7 DTE Ready A 20 DTE Ready B 23 Receiver Timing A DCE Source 17 Receiver Timing B DCE Source 9 Transmit Timing A DTE Source 24 Transmit Timing B DTE Source 11 Local Loopback 18 Remote Loopback 21 Transmit Timing A DCE Source 15 9 Receiver Timing B DCE Source Transmit Timing B DCE Source 12 25 Test Mode Test Mode 25 Figure D 11 RS530 Null Modem Cable The connecting cable must be a shielded cable Circuits which are paired contain an A and B reference should be connected to twisted pairs within the connecting cable This cable is needed when it is necessary to connect two units back to back and a set of modems is not available Note that this cable specifies DB25 connectors on eac
24. Windows For Workgroups Filter OO O 14 F0F0 Forward only 14 F0F0 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 3 3 Introduction to Filtering Note Banyan Banyan 12 0BAD 12 80C4 12 80C5 IP Router IP router pattern filters are applied to IP Ethernet frames that are being routed When the IOLINK router is operating as an IP router all IP routed frames will be checked against the defined IP router pattern filters IP routed frames are unaffected by the bridge pattern filters and the IPX router pattern filters NetBIOS over TCP NetBIOS over TCP NETBIOS Name Service 22 0089 NETBIOS Datagram Service 22 008A NETBIOS Session Service 22 008B Uses the TCP Destination Port location Other interesting TCP Ports Other interesting TCP Ports i e pce ee __ 45 2 9 e Po2 9 _ 0 3 4 IOLINK 520 amp IOLINK PRO000 Installation amp Applications Guide Appendix Menu Trees menu trees on the following pages are a graphical representation of the hierarchy of the built in menu system of the IOLINK 520 amp IOLINK PRO Each of the menus are shown with the options of the menus being displayed below the specific menu name Each of the menu options shown in each of the menu trees 1s explained in the accompanying IOLINK 520 amp IOLINK PRO VPN Menus Manual located on the accompanying CD ROM Menu names are
25. and B reference should be connected to twisted pairs within the connecting cable NOTE For U K Approval The connecting cable may be any length between 0 and 5M Each end must be terminated in a male 15 pin X 21 connector as defined in ISO 4903 1989 but one end of the cable must have UNC 4 40 screws and the other end must have M3 screws Interface Pinouts IOLINK 520 amp IOLINK PRO Installation amp Applications Guide D 5 Interface Pinouts RS442 amp RS530 Link Pinouts The connector shown here and pinouts described here correspond to the connector labeled RS530 on the back of the IOLINK 520 amp IOLINK PRO 13 1 25 14 Direction Contact Circuit To From Number Circuit Name A CleartoSend DataSetReady Tl D O gt 25455555 5 Received Line Signal Detector x U O JIJIOIg m w gt v gt m Transmit Signal Element Timing DTE Source Transmit Signal Element Timing DCE Source Transmit Signal Element Timing DCE Source Clear to Send Transmitted Data gt Received Data UU m Receive Signal Element Timing DCE Source L PEE gt N Q gt R Remote Loopback Data Set Ready Data Terminal Ready D Transmit Signal Element Timing DTE Source eee e Figure D 7 RS530 Link Pinouts 2 3 HN uU 5 ERE TES 8 9 20
26. damage is suspected contact the shipper Save the box and all packing material to protect the bridge router should it ever need to be moved or returned for service Check the packing slip that identifies the components and the LAN connector Select a Site Place the bridge router in a well ventilated area The site should maintain normal office temperature and humidity levels Air vents located on the sides of the bridge router must have approximately one inch 2 5 centimeters of clearance from any object IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 1 1 Applications Identify the Reset Switch The small hole under the front right corner of the faceplate is used in case a hardware reset is required The end of a paper clip is sufficient to toggle the small switch behind the hole Figure 1 1 Location of the Reset Hole on IOLINK Router 1 2 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications Identify the Connectors Important IOLINK PRO The IOLINK PRO may be ordered with a 10Base2 10Base5 or 10BaseT LAN interface If this IOLINK PRO has an ISDN U or S T Module it must only be installed in the slot 1 leftmost position when viewed from the rear of the unit The slot 2 position may be unused and coveted with a blank panel or may contain another type of module If a second WAN module is installed only one BRI channel will be available for use ISDN BRI U modul
27. may be created with a name that describes the location of the remote router or a user name on an incoming connection The alias may be up to 16 characters long and must begin with an alphabetic character blanks and the character not allowed There can be up to 128 remote site profiles The ID numbers are assigned automatically in ascending order as the site profiles are created ID numbers 129 130 and 131 are templates for creating remote site profiles with ISDN Frame Relay or Leased Line connections respectively A template may have its parameters set to match common network configurations and then be used to quickly set up a new site In addition to the reserved templates you can use any remote site as a template to create a new site The remote site profile allows the definition of various connection parameters Circuit set up Bridge and Routing protocol configuration activation criteria and security The following steps must be performed on the IOLINK 520 amp IOLINK PRO in order to define a new remote site profile Remote Site Profile ID amp Alias Location Main Configuration Connections up Remote Site Set up Edit Remote Site The remote site alias must be entered The remote site profile is then created an ID number is automatically assigned to it and the remote site profile is opened for editing If a remote site profile already exists either the ID number or the alias may be provided to access the
28. number of devices are connected via a hub this router will be connected via the LAN cable to the MDI port However in locations where a single wotkstation is to be connector to the router the cable from the workstation should be plugged into the MDI X port This eliminates the need for a hub at a remote site that has only one LAN device IOLINK 520 amp IOLINK PRO Installation amp Applications Guide C 3 Servicing Information Installing the ISDN Link Modules If there is an ISDN module plus another type of WAN interface module or if there is a single ISDN module the ISDN U or S T Module must only be installed in the Slot 1 position The slot 2 position may contain another type of WAN module or may be unused and covered with a blank panel For IOLINK 520 models if there is a second LAN module in this unit it must go in the Slot 1 position and the ISDN module in Slot 2 Note the older double width type ISDN module will not fit in this device Slot1 Slot 2 LAN Console module v v v MDI X MDI EE e D e 10 100 BT LAN e SEIS LINE CONSOLE Remove these screws to remove the modules Figure C 2 Rear View with the ISDN U Module Installed Processor settings for the ISDN Link Modules ISDN S T or U modules have jumper straps to set the module for the CPU used on the main board On an S T interface these are labele
29. on the secondary activation menu If the ISDN circuit is to be available only at specified times rather than all the time the default set up a recovery schedule with times the connection is to be activated and deactivated Activation Schedule Location Main Configuration Connections up V Remote Site Set up Edit Remote Site V5 Connection Set up Activation Schedule Enter and the times the recovery circuit is to be made available enter d and the times the recovery circuit is to be deactivated Enable the secondary activation circuit for recovery Recovery Location Main Configuration Connections up Remote Site Set up Edit Remote Site Connection Recovery N The recovery schedules MUST be set identically on both partner PPP routers N to operate if they are not one IOLINK router will try to bring the link up and the other will shut it down 2 34 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications 2 4 Advanced Features 2 4 1 Configure Dynamic Host Configuration Protocol The IOLINK 520 amp IOLINK PRO use Dynamic Host Configuration Protocol DHCP to allow users a small office environment to be added and removed from a network with all of the network information ie IP address DNS subnet mask etc being configured automatically DHCP configures devices DHCP clients from a central DHCP server It is designed to allocate network address
30. packets are passed through the interface The IPSec policy is applied at the outbound interface of the router and packets enter the tunnel at the outbound interface Router 1 Internet iem de P 199 22 33 1 I ntemet 201 55 44 2 3 LAN 1 10 10 10 1 through 10 10 10 127 LI LAN 2 192 168 10 1 CA through m m 192 168 10 255 M Figure 2 12 Sample IPSec Application The figure above illustrates an example if a VPN made up of two private address LANs joined through the Internet by IPsec tunnels from router 1 to router 2 and router 2 to router 1 The routers are set up with numbered links so that each routers Internet connection has a publicly known address that is separate from the private LAN IP address for that router Note that this example does not IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 39 Applications make provision for NAT to be used with tunneling We will use this example for the configuration on the pages that follow setup for an IPSec connection is done in the IP security set up menu under Configuration Packet Services IP Security may be disabled to check the link connections before the secure connection is set up Security Level Location Main V Configuration V Packet Services Set up IP Security Set up IP Security Be sure to toggle IP Security back to enabled when IPSec is configured
31. setvice providet DLCI numbers i assigned for these 51 PVCs from the N frame relay provider Frame Relay PVC WAN connections Figure 2 8 Frame Relay configuration 2 20 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications Configuration default configuration for IOLINK 520 amp IOLINK PRO shipped outside North America is to have frame relay disabled To run frame relay on these routers it must first be enabled Selecting the Frame Relay option will toggle the setting from disabled to enabled Frame Relay enable Location Main Configuration V5 Interfaces Set up WAN Set up Link Set up Frame Relay enabled The router will request confirmation of the change enter yes q ge y an IOLINK 520 amp IOLINK PRO with a CSU DSU interface the default clock speed that the IOLINK 520 amp IOLINK PRO will expect to receive from the DCE link is 64Kbps If the DCE link is 56 Kbps then the Link Speed value must be reset to 56 here Link Speed Location Main Configuration V5 Interfaces Set up V5 WAN Set up Link Set up Vo Link Speed 56 2 2 2 1 Auto Learning the Frame Relay Configuration The IOLINK 520 amp IOLINK PRO are pre configured to query the frame relay service to auto learn the LMI type and the PVC DLCI numbers This auto learn function allows the IOLINK 520 amp IOLINK PRO to be plugged into the frame relay service and
32. site profile for editing 2 26 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 3 1 Configure Remote Site Profiles for ISDN PPP If this IOLINK router is configured to have at least one ISDN switched circuit the ISDN call parameters must be defined so that the IOLINK router knows what ISDN phone number to dial when a connection to this remote site is required and what security parameters to use when establishing a connection When this IOLINK router receives an ISDN connection it will prompt the calling device for a uset name and password PPP access security once the name and password have been authenticated the user name is used to search the remote site profile entries to find a match Once a match is found the configuration parameters defined within that remote site profile are used to finish establishing the PPP connection For example if this IOLINK router receives ISDN call from another device and in response to the user name prompt receives the name Calgary it will look in the remote site list for a profile with the alias Calgary If the Calgary profile is found the parameters in it will be used for password authentication and completion of the connection If there is no match for the user name Calgary the call will be rejected The remote site profile alias user name of the security entry and the user name defined on the partner PPP router must all be the same for the conne
33. strike Recommended precautions Always switch the peripheral off before connection or disconnection to the port Never run a product with any port failures this can in time destroy the unit Multiple LAN Port Failure This is where both thick thin or UTP LAN ports are defective Possible caused are listed below A high voltage being applied to the LAN cable Track Damage Track damage can seriously affect functionality and may result in total breakdown of the product Possible causes are listed below By not taking care when installing removing a board from a system A high voltage being applied to the unit or power supply Non Perle Repair Damage This is where a product has been repaired by an unauthorised third party or where non approved or incorrect components have been fitted Other Damage Other damage covers problems which are not detailed elsewhere in this document Possible causes are listed below Fluid which contaminates the unit whether by accidental spillage or otherwise Fire or corrosion Mechanical damage i e physical damage to casing or connectors No Fault Found No fault found covers any product tested that is found to be not faulty and will be subject to a handling charge Upgrades In an effort to improve the quality of our products repairs may have upgrades applied that improve the reliability of the product All other upgrades such as enhanced features will be chargeable at the applicable rat
34. the built in menu system of the IOLINK 520 amp IOLINK PRO All of the configuration is performed using the options provided in the menu system The Menu Tree is like an index to the menu options Octet Locations on Ethernet Frames provides a graphical representation of the various common Ethernet frames that the IOLINK 520 amp IOLINK PRO will bridge or route When defining a pattern filter these frame displays indicate the offset values to use in order to define the pattern filter correctly Servicing Information provides information on changing Link interfaces Interface Pinouts provides information on Link interface connectors Using The Electronic Reference Manuals This manual and the IOLINK 520 amp IOLINK PRO Reference Manuals are provided as Adobe Acrobat PDF files on the accompanying CD ROM Adobe Acrobat Reader program required to view the Manuals is also loaded onto the CD ROM In addition it is available for most computer operating platforms from Adobe on the Internet at www adobe com The Reference Manual provides the following information Introduction to bridging routing and IOLINK 520 amp IOLINK PRO features Pin out references for the link modules List of event and alarm logs and Expanded description of programmable filtering PPP Menu Reference Manual provides the following information Complete description of the options for the built in menu system including PPP ISDN PPP Leased
35. there is no data transmitted or received for a period of 5 minutes the Telnet session will be disconnected To disconnect from the router being controlled enter Control C C Telnet security considerations Telnet may be disabled to prevent remote access control of the router If Telenet access is enabled the device password should be changed to some value other than the default to prevent unauthorized access Location Main Configuration Access Set up Device Set up Password Applications IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 1 7 Applications Mandatory Configuration The IOLINK 520 amp IOLINK PRO requires a minimum amount of mandatory configuration in order to operate The following table identifies the configuration parameters that must be defined for proper operation under the operational states shown in the table IP Router IPX Router ISDN Switch Type ISDN Switch Type B channel assignment Directory Numbers Directory Numbers Remote Site Profile Frame Relay PPP Lease Line none North America none International pU Remote Site Profile Frame Relay enabled Frame Relay disabled International only North America only The configuration options required for proper initial operation are described in Section 2 Typical Applications and How to Configure Them Each configuration requires a different set of parameters to be entered Refer to Section 2 for details on conf
36. when this IOLINK router receives a link connection attempt it will prompt the remote device for a user name and password PPP security Once the name and password have been authenticated the user name is used to search the remote site profile entries to find a match Once a match is found the configuration parameters defined within that remote site profile are used to finish establishing the PPP connection The outgoing user name in the remote site security parameters entry and the remote site alias defined on the partner PPP router must be the same to allow for proper operation The following steps must be performed on the IOLINK 520 amp IOLINK PRO in order to define a new remote site profile Remote Site Profile ID amp Alias Location Main Configuration Connections up Remote Site Set up Edit Remote Site The remote site alias must be entered to create a new site If a user defined remote site profile already exists only the id number needs to be provided to edit that site s parameters Applications Now that the remote site profile is created a link number must be assigned as the primary link number primary link number is the link interface that the IOLINK router will use to attempt to establish a connection to the remote site PPP router Primary Link Number Location Main Configuration Connections up Remote Site Set up Edit Remote Site V Connection Set up Primary Link The Primary Lin
37. 0 BT LAN RS 232 V 24 CONSOLE e 9 Power connector Figure 1 4 Rear View of the IOLINK 520 with Dual LAN connections and a single WAN module Connect to the Console Connection to the bridge router operator s console is made through the DB25 connector labeled CONSOLE on the back of the bridge router Connect the console port of the IOLINK Router to a computer running an asynchronous communication package or a standard asynchronous terminal The bridge router supports autobaud rates at 1200 2400 9600 19 200 38 400 or 57 600 bps Both the bridge router and the bridged network are configured through the use of hotkey Menus Make the Link Connection s By default the links ate configured as permanent D TE interfaces The clocking for each link will be provided by the DCE device connected to each link The V 35 link modules require interface converters that convert from a DB25 connector to a male 34 pin V 35 connector used for the V 35 interface Be sure to secure the cable connector s to the bridge router and the communications equipment with the connector screws to prevent accidental disconnection The CSU DSU module uses a RJ 48S connector to interface with the digital data service G 703 modules use a standard BNC connector with 75 ohm cable ISDN ST interface module of the ISDN IOLINK Router provide
38. 1 Compression s Pu se 2 51 Bandwidth Demand eter erret 2 52 3INTRODUCTION TO FILTERING 3 1 MAC Address nep ttem pO 3 1 Patter Filterino Doo top actua os nid 3 2 PEO PUL APA TNNT ET OON 3 3 Bri t 3 3 TP amp Related Traffic cete teen ete be niece eee teste ne bi nidi te 3 3 Novell IPX Frames NetBIOS amp NetBEUI Windows For Workgroups Banyan ss IP Router NetBIOS over TCP Other interesting TER Ports sch ence reete dtd na fite dts ted td 3 4 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide A MENU TREES A 1 B OCTET LOCATIONS ON ETHERNET FRAMES B 1 Octet Locations on a Bridged TCP IP UPAIIRS qiiia dapes aedi B 1 Octet Locations on a Bridged Novell Netware B 2 EIHERNET Type Codes Dad Do Rob Debt B 2 Octet Locations on an IP Routed TCP IP B 3 Octet Locations on IPX Routed Novell Netware B 3 Octet Locations on a Bridged XNS Frame de m eerie es B 4 C SERVICING INFORMATION C 1 Identifying the Internal Componelts 5 idet cadi pd C 2 OM eA a Lost C 3 Ghancine LAN ub m a a c tede a G3 Cbanpini
39. 2 2 2 Manual Configuration LMI Type The LMI Type option allows you to manually specify the type of Link Management Interface in use by the Frame Relay service provider for the Frame Relay service When the LMI type is set to none the IOLINK router simply creates frame relay packets and sends them on the defined The links are not checked for errors There is no congestion control checking The link is only monitored for control signals To manually configure the LMI type the Auto Learning option must be disabled Auto Learning Location Main o Configuration Interfaces Set up WAN Set up Link Set up V5 Frame Relay Set up Auto learning Enabled LMI Type Location Main Configuration V5 Interfaces Set up V5 WAN Set up Link Set up V5 Frame Relay Set up LMI 2 The configuration options described here are only for initial set up and configuration purposes For more complete information on all of the configuration parameters available please refer to the IOLINK 520 amp IOLINK PRO VPN Menus Reference Manual file on the accompanying CD ROM 2 22 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 2 2 3 Quick Start Frame Relay Since the IOLINK 520 amp IOLINK PRO auto learns the frame relay configuration only a couple of parameters need to be configured before the unit 1s fully operational as an IP router for frame relay Upon initial start up the IOLINK 520 amp I
40. 35 DESTINATION HOST DESTINATION SOURCE NETWORK 36 37 38 39 40 41 42 43 SOURCEHOST SOURCE NOVELL SPX HEADER 44 45 46 47 48 49 50 51 52 53 54 55 Connection Datastream SOURCE DESTINATION SEQUENCE ACKNOWLEDGE ALLOCATION Control CONNECTION ID CONNECTIONID NUMBER NUMBER NUMBER 56 57 58 59 60 61 62 1 NOVELL DATA FIELD AND ETHERNET CHECKSUM w x x 2 DATA FIELD UP TO 534 OCTETS OF DATA ETHERNET CHECKSUM ETHERNET Type Codes Type Code Description 6x DEC MOP Remote Console B DECNET Phase WV Roue s DEC Diagnostic Protocol ReemeARP _ aur EC LAN Trafic Monitor AepieTakAARP Kmeies _ _ B 2 IOLINK 520 amp IOLINK PRO000 Installation amp Applications Guide Configuration Pages Octet Locations on an IP Routed TCP IP Frame INTERNET PROTOCOL 0 1 2 3 4 5 6 7 8 9 10 11 f ING 31 RAG 3 BPF TOTALLENGTH IDENTIFICATION FRAGMENT TIMETO PROTOCOL HEADERS 12 3 14 15 6 17 8 19 SOURCE ADDRESS DESTINATION ADDRESS TRANSPORT CONTROL PROTOCOL 20 21 22 23 24 25 26 27 28 29 30 31 SOURCEPORT PESEEEHON SEQUENCE NUMBER ACKNOWLEDGEMENT NUMBER 32 33 34 35 36 37 38 39 40 4 42 43
41. DSU remote loopback 6 Help 12 Status 3 Host IP address 4 Host port 5 Description 6 Remove 1 Telnet 1 Syslog 12 TFTP 2 Syslog 3 SNMP 3 Events 4 Security 5 5 Activation 6 Firewall software release 51 04 06 52P 04 06 xx 1 Designated Servers 1 E mail SMTP server 2 POP 2 3 server 3 FTP server 14 WWW HTTP server 5 Telnet server 6 Local DNS 7 Remote DNS 8 Secondary local DNS 9 Secondary remote DNS Edit Firewall Entry 1 Dest IP address 2 Destination mask Source IP address Source mask Protocol type Source port 17 Destination port 18 Description 9 Entry direction K K K X Appendix Octet Locations on Ethernet Frames This appendix provides octet locations for the various portions of three of the common Ethernet frames When creating pattern filters these diagrams will assist in the correct definition of the patterns The offset numbers are indicated by the numbers above the frame representations Note the differences in the TCP IP and Novell frames when bridging and when routing When routing the and Novell frames examined after the Level 2 Ethernet portion of the frame has been stripped from the whole data frame This means that the offset numbers now start from 0 at the beginning of the routed frame and not the bridged frame Some of the common Ethernet type codes are also show
42. Guide 2 29 Applications number defined here is the Data Link Connection Identifier value provided by your frame relay service provider This value must be set if auto learning 1s disabled Each Remote Site PVC must be defined to exist on one of the two physical WAN links available on this IOLINK router Primary Link Location Main Configuration V Connections up Remote Site Set up V5 Edit Remote Site Connection Set up Primary Link The Primary Link value defines to which of the two physical WAN links that this PVC will be assigned This value must be set Two other values must be set before the remote site profiles are fully configured the CIR and EIR The Committed Information Rate CIR option specifies the data rate that the Frame Relay service has guaranteed to provide The Excess Information Rate EIR option specifies the data rate that the Frame Relay service indicates may be available for this PVC CIR Location Main Configuration V Connections up Remote Site Set up Edit Remote Site V Connection Set up CIR The CIR value specifies the guaranteed data rate for this This value must be set to the same as the value provided by the Frame Relay network provider The value of 0 indicates that there is no commitment on the data rate Configuration When changing the CIR option for this PVC the PVC must be disabled and Note then enabled before the new value will take e
43. INK router starts up Auto Call or automatically depending upon the time of day activation schedule or upon receiving IP frames from the local LAN destined for the IP network connected to that particular PPP router 2 18 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications 2 2 1 1 1 IPX Router Manual Call Connection To establish an IPX PPP direct dial connection enter the ISDN phone number of the remote site PPP router in the manual dial option Refer to the Configure as an Ethernet IPX Router section 2 3 1 for more information on IPX configuration required Manual Call Location Main Configuration Connections Set up Remote Site Set up V Manual Call Enter the ISDN phone number of the remote site IPX PPP router and an ISDN call will be placed 2 2 1 1 2 IP Router Manual Call Connection To establish an IP PPP direct dial connection the IP addresses must be supplied for this device before the ISDN call may be placed Refer to the Configure as an Ethernet IP Router section 2 1 2 for mote information on the IP configuration required IP Address Location Main Configuration V5 Interfaces Set up LAN Set up V LAN IP Set up IP Address Subnet mask size Manual Call Location Main Configuration Connections Set up Remote Site Set up V Manual Call Enter the ISDN phone number of the remote site IP PPP router and an ISDN call will be placed IOLINK 520 amp IOLI
44. IOLINK 520 and IOLINK PRO Bridge Routers with VPN USER AND SYSTEM ADMINISTRATION GUIDE Issue 1 Copyright 2001 by Perle Systems Ltd 01 2001 Part 168 44201 IOLINK 520 and IOLINK PRO Bridge Routers with VPN USER AND SYSTEM ADMINISTRATION GUIDE Issue 1 perle Essential Network Connectivity IOLINK 520 and IOLINK PRO Bridge Router with IPSec USER AND SYSTEM ADMINISTRATION GUIDE Export Control Notice Undet the terms of Canadian Export Control the exporter 1s obligated to inform the end user of certain restrictions on the use and re exportation of products containing cryptographic technology 1 The exporter s Export Permit allows the distribution of this product containing specified cryptographic technology to only those countries listed below and does not authorize the export sale transfer or other disposition to any country outside of those eligible Eligible countries include all countries except in the countries listed below List of Countries per Alphabetical Order aby p 9 10 11 12 Any country on Canada s Area Control List Angola Democratic Peoples Republic of Korea Federal Republic of Yugoslavia Serbia and Montenegro Iran Iraq India Libya Myanmar Burma Pakistan Peoples Republic of China excluding Hong Kong Sudan 2 The exporter s Export Permit does not allow the distribution of this product to military end users 3
45. Line 1490 Frame Relay and encapsulated PPP Frame Relay 1INSTALLATION 1 1 Unpack te riot e b rede i E orbe 14 Select a OILS UO HEC PUR te nnus 1 1 Identify the Reset Switch Dass ud i m eec 1 2 Idetitify the Connectors 1 2 Connect to the Console oett e eee t n PE RE Cel AERE RESP 1 3 Make the Link Connections ia eerte error a ia 1 4 Power Ep the Dados ROUGE qoae nido Oe HER 1 5 Managing the IOLINK 520 amp IOLINK PRO Using the Menus 1 6 CODVEHDOBS titm cond adu plc dran adv tad 1 6 Login to Bridge Router and Enter the Required Configuration 1 7 Mandatory Configuration ertet tette tente 1 8 Identify the Stat s LETS tacente neenon 1 10 2 TYPICAL APPLICATIONS amp HOW TO CONFIGURE THEM 24 pudemp and eie ede tei title er E Fide OR de ets 2 2 Should You Bridge or 2 2 Beit os n AAA AA 2 3 UP ROVE Gif 2 4 IP Addtessing cnet eed t d UO ean 2 5 MP 2 5 IP Subh ts ire T 2 6 IP Defaul
46. NK PRO Installation amp Applications Guide 2 19 Applications 2 2 2 Basic Frame Relay Configuration North American IOLINK 520 amp IOLINK PRO with at least one non ISDN interface are configured to have frame relay enabled for that interface by default IOLINK 520 amp IOLINK PRO shipped outside of North America with at least one non ISDN interface will have frame relay disabled on that interface as a default setting See the following page for instructions on switching Frame relay from disabled to enabled If the IOLINK 520 or IOLINK PRO 15 configured as a frame relay router it will communicate over WAN connections to other Frame Relay units via Frame Relay Permanent Virtual Circuits PVC From 1 to 128 PVC s may be defined to connect to other frame relay units Before the IOLINK 520 or IOLINK PRO can establish a PVC connection to another frame relay router at least one PVC must be defined The IOLINK router is pre configured to query the frame relay service to auto learn the required parameters they may also be set manually DLCI Data Link Connection Identifier number for the PVC 15 assigned by the frame relay service providet The PVC must be defined on at least one physical links on the IOLINK router Refer to the following diagram that shows three IOLINK router units connected together with two PVCs being configured on each unit The configuration of the PVCs within the frame relay cloud is controlled by the frame relay
47. OLINK PRO are pre configured to query the frame relay service to auto learn the LMI type and the PVC DLCI numbers IOLINK 520 amp IOLINK PRO will then automatically create a remote site profile for each PVC Within each of the remote site profiles automatically created Bridging IP routing and IPX routing all set to enabled Because each of these options are enabled by default and the automatically created remote site profiles will establish a PVC connection to the remote site routers the IOLINK 520 amp IOLINK PRO will bridge and IPX route data without any user configuration Because an IP router requires an IP address the IOLINK router must be configured with an IP address before IP routing is fully operational To configure an IP address for the IOLINK 520 amp IOLINK PRO use the IP address option IP Address Location Main Configuration V5 Interfaces Set up LAN Set up V LAN IP Set up IP Address mask size If security is required for the PVC connection refer to the Configure PPP Security section for information on setting the security passwords and user names for PPP By default PPP is disabled for each of the newly created remote site profiles If PPP encapsulation is desired for example to use security the PPP encapsulation option should be set to enabled By default when PPP encapsulation is enabled multilink is also enabled PPP Encapsulation Location Main Configuration V5 Int
48. OLINK routers in the diagram the upgrade order should be Router C then Router B and finally Router software load to router C would be performed as follows Using get config txt from each router and save Telnet to Router C Enter the ID or alias of Router in the Network option to put Router C in Network Load mode When Router C restarts in Network Load mode the connection to Router B will be re established only if autocall is enabled on router B The TFTP transfer of the upgrade code may now be performed from the PC to Router C Once Router C has completed programming the flash and has restarted in operational mode the connection to Router B will be re established only if autocall is enabled on router B Once router C is operating with the new software the PC may be used to reload the config txt file back to Router Repeat for Router B then again for Router A Perform the Router B upgrade using the ID or alias of Router A Router A upgrades would not require a remote site ID as the PC used for TF TP transfers is located on the same LAN as Router A PC used for TFTP transfers Router A Router B Router C IOLINK 520 amp IOLINK PRO Installation amp Applications Guide C 7 Servicing Information C 8 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Appendix D Interface Pinouts Pinout Information Each link interface availa
49. SAP and RIP messages being sent across the WAN IP routing should be used if the two locations are already set up with different IP network numbers or if you wish to divide your one IP network number into two sub networks In some cases both bridging and routing may be required Routing may be required for IP information and bridging may be requited for NetBEUI 2 2 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications 2 1 1 Bridging An Hthernet bridge intelligently forwards Ethernet data packet traffic between connected netwotks The traffic may be across the Wide Area Netwotk illustrated below or in the case of the IOLINK 520 may be between two LANs connected to the same IOLINK 520 WAN connection Network 1 Windows for Workgroups Computers Windows for Workgroups Computers Figure 2 1 Networks Bridged across a WAN link Ethernet bridges simply forward information based on Ethernet MAC addresses If a packet is destined for a device located on a different network than the device that sent the packet the bridge will forward that packet to the connected network Ifa packet is destined for a device located on the same local network as the originating device the bridge will ignore the packet Ethernet bridges also communicate to each other using what is called the Spanning Tree Protocol STP STP is used to prevent loops a network which cause traffic to be re broadcast again and again caus
50. Set up Bridge Parameters Bridge enabled disabled IP Parametets IP enabled disabled Disabling a particular connection protocol option will prevent the IOLINK router from negotiating that Network Connection Protocol Leaving all options enabled will result in a Bridge IP router and IPX router connection IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 31 Applications 2 32 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 3 3 Configure Remote Site Profiles for Leased Line PPP Remote Site Profiles allow the IOLINK router to have different sets of configuration parameters for each of the possible remote site PPP routers that may be connected to this IOLINK router This allows greater control over the configuration of each possible PPP connection Each remote site profile is named with an alias The alias provides a simple method of maintaining configuration control over the remote site profiles defined For example a remote site profile may be created with a name that describes the location of the remote PPP router The alias also provides a method of matching a remote site profile and its configuration settings to a particular user name on an incoming connection When a PPP security user name is defined the same as one of the remote site profiles that remote site profile will be used for PPP negotiations after the security authentication process has passed In other words
51. The ISDN interface of this device is intended for direct connection to the S T jack of an NT 1 unit and therefore does not require Communications Canada certification The IOLINK 520 amp PRO should only be connected to Communications Canada approved NT 1 units Statements for ISDN U Module NOTICE The Canadian Department of Communications label identifies certified equipment This certification means that the equipment meets certain telecommunications network protective operational and safety requirements The Department does not guarantee the equipment will operate to the user s satisfaction Before installing this equipment users should ensure that it is permissible to be connected to the facilities of the local telecommunication company equipment must also be installed using an acceptable method of connection The customer should be aware that compliance with the above conditions may not prevent degradation of service in some situations Repairs to certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier Any repairs or alteration made by the user to this equipment or equipment malfunctions may give the telecommunications company cause to request the user to disconnect the equipment Users should ensure for their own protection that the electrical ground connections of the power utility telephone lines and internal metallic water pipe system if present are connected together
52. al IP address Port translation allows data exchanges initiated from hosts with ptivate IP addresses to be sent to the Internet via the IOLINK router using a single global IP address A global IP address must be assigned to the WAN link upon which 15 enabled for port translation to work The global IP address will be assigned by the ISP To use NAPT the private network addresses of the setvices that will be available globally must be assigned NAT Exports Location Main Configuration Applications Set up NAT Exports Edit Services gt enter the private network IP address of each service offered Then NAT Network Address Translation is enabled NAT Enable Location Main Configuration o WAN Set up Remote Site Set up Edit Remote Site V5 Protocol Set up Parameters NAT Enabled Enabled Configuration When running frame relay RAW 1490 the local IP address and peer router IP Note address must be set in the IP parameters menu IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 37 Applications Private Network Addresses e mail server 1 1 1 2 telnet server 1 1 1 3 WWW Server 1 1 1 4 1 1 1 6 Internet Service E Provider Global IP Address 199 87 65 43 T mapping 99 87 65 43 25 99 87 65 43 23 99 87 65 43 80 aun U Figure 2 11 NAPT Configuration 2 38 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide
53. at the 12 octet equals the 80 of the filter pattern Used in pattern filters to indicate that all packets not matching the defined pattern will be filtered 3 2 IOLINK 520 amp IOLINK PRO000 Installation amp Applications Guide Introduction to Filtering Example 712 80 This filter pattern will match if the packet information starting at the 12th octet does not equal the 80 of the filter pattern brackets Used in pattern filters to separate portions of filter patterns for specific operators Example 12 80 amp 14 24 14 32 This filter pattern will be checked in two operations First the section in brackets will be checked and then the results of the first check will be used in the second check using the first portion of the filter pattern If the packet information starting at the 14 octet equals 24 or 32 and the information at the 12 octet equals 80 the filter pattern will match Popular Filters Shown here ate some of the mote commonly used pattern filters Bridge Bridge pattern filters are applied to Ethernet frames that are bridged only When the IOLINK router is operating as a router all routed frames will be unaffected by the bridge pattern filters IP amp Related Traffic IP amp Related Traffic Forward only 12 0800 12 0806 Fit 208012088 Novell IPX Frames Novell IPX Frames ae NetBIOS amp NetBEUI Windows For Workgroups NetBIOS amp NetBEUI
54. auto learn the PVC configuration to become operational without further manual configuration IOLINK router auto learning conforms to RFC1490 Manual configuration is also allowed by modifying the options within each Remote Site Profile and the individual link configuration menus When the IOLINK 520 or IOLINK PRO first starts up it will query the frame relay setvice to try to determine the LMI type on each of the frame relay links Once the LMI type is determined the PVC configurations will be known from the full status enquiry messages If the DLCI numbers of the PVC s on your service are determined during this IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 21 Applications learning process the IOLINK router will automatically create a remote site profile for each PVC The automatically created remote site profiles will be named LinkxDLClyyy where x is the physical link number the PVC is on and yyy is the DLCI of the PVC If during this learning process the maximum number of remote sites has been 4 reached the IOLINK router will prompt you that there are no remote sites available A new remote site cannot be auto created unless one of the existing remote sites is manually deleted r4 Auto learning with PPP encapsulation enabled see following page may not be compatible with some older model routers If problems with auto learning occur with PPP enabled try disabling PPP encapsulation 2
55. ble is described with detailed information on pin designation Standard interface cables will provide correct connections to modems datasets or DSU CSUs When connecting two bridge routers back to back without modems a null modem cable is required to crossover the pins on the links Crossing over the pins allows two bridge routers both configured as DTE interfaces to be connected together With this configuration both bridge routers will provide clocking for the links and each bridge router must have a link speed defined Link Clocking Information All of the link interfaces on the IOLINK router act as DTE devices this means that they may be directly connected to DCE devices modems etc with the DCE devices providing the clocking for the link The link speed is controlled by the DCE device Setting the link speed on the IOLINK router will not result in a speed change on the link Some DCE devices allow the DTE devices connected to them to supply a clock signal which is then routed back to the transmit clock pins on the DCE interface This clock is then received by the IOLINK router link interface By using this method the IOLINK router may be in control of the link speed The link speed may also be controlled by the IOLINK router when a null modem cable is used to connect two IOLINK routers in back to back configuration Changing the link speed within the menu system of the IOLINK router changes the clock output speed that 15 generat
56. ction to be established Remote Site ISDN Phone Number Location Main o Configuration Connections up Remote Site Set up Edit Remote Site V Connection Set up V5 ISDN Call Set up ISDN Number The ISDN number defined here is the ISDN phone number of the remote site ISDN PPP router This is the ISDN phone number that will be dialed to establish a connection to this remote site profile connection to this remote site may be established by one of the following methods 1 a Using the Manual Call option of the Remote Site set up menu Location Main o Configuration Connections up Remote Site Set up V Manual Call Applications IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 27 Applications 1 b Defining this remote site profile within the IP Address connect table which will cause a call to be made when a packet for this IP address 15 routed Location Main Configuration Connections up IP Address Connect IP Address Connect Enabled 1 c Defining the Auto Call option within the Edit Remote Site menu of this remote site profile The Auto Call option causes the IOLINK router to attempt to establish a connection to this remote site profile each time the IOLINK router starts up Location Main Configuration Connections up V5 Remote Site Set up Edit Remote Site Connection Set up Auto call Enabled 1 d Setting up an activation schedule with times the conn
57. d ICES 003 This digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus as set out in the interference causing equipment standard entitled Digital Apparatus ICES 003 of the Industry Canada Cet appareil num rique respecte les limites de bruits radio lectriques applicables aux appareils num riques de Classe prescrites dans la norme sur le mat riel brouilleur Appareils Num riques NMB 003 dict e par Industrie Canada For products marked with the CE Telecommunications label the following declaration The manufacturer declares that as shipped from the factory this product is in compliance with the CE Telecommunications Terminal Equipment P P quip Directive 91 263 EEC with the marking C 1 68 X applied in respect of this declaration and in respect of the following telecommunications interfaces X 21 V 11 NET 1 X 21bis V 28 and X 21bis V 35 NET 2 PSTN ISDN Basic Rate Interface compatible with 1 420 NET 3 The manufacturer further declares that the product conforms with the requirements of the Low Voltage Directive 73 23 EEC and with the requirements of the EMC Directive 89 336 EEC for radiated emissions at the Class A level This product is not intended for residential applications ISDN Type Approval Labels Labels for National ISDN Type Approvals can be found on the inside surface of the backpanel of the ISDN module Canadian ISDN Approval
58. d W1 and W2 on a U interface the pins are labeled J1 When installing an ISDN module check the jumpers to be certain that they are configured to operate with the 360 series CPU by having both straps across pins W1 and W2 S T module or across pins 1 3 and 2 4 at J1 U module as illustrated in the figure below JUMPERS Figure C 4 ISDN Module processor setting jumpers C 4 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Servicing Information Changing the Termination Straps on the ISDN S T Interface The ISDN S T link interface module has two configurable straps that control whether the ISDN LINE is set to terminated or unterminated Jumper straps W5 and W6 are factory installed to configure the module as TERMINATED The TERMINATED position is used when the bridge router is the only ISDN device connected to the ISDN circuit Removing the W5 and W6 straps sets the module to UNTERMINATED This allows this bridge router to be part of a daisy chain connection to the ISDN circuit by using the ISDN AUX connector JUMPERS W5 Y Figure C 5 ISDN S T Module Termination setting jumpers Connecting to the ISDN U Link Module The connection to the central office is made with the RJ45 connector on the panel of the U Module Pins 4 and 5 are used for the connection These pins are polarity in
59. d for providing remote access security in any type of network The Ethernet MAC Media Access Control address is checked against the addresses the filtering list and the frame is filtered or forwarded accordingly The second method of filtering is pattern filtering where each frame is checked against a filter pattern The filter pattern may be defined to perform a check of any portion of the Ethernet frame Separate filter patterns may be defined for bridged frames routed frames and IPX routed frames For more information on filtering please refer to the Programmable Filtering section of the IOLINK 520 amp IOLINK PRO Reference Manual located on the accompanying CD ROM MAC Address Filtering MAC address filtering is provided by three built in functions The first function is Filter if Source the second is Filter if Destination The third function allows you to change the filter operation from positive to negative The positive filter operation causes frames with the specified MAC addresses to be filtered The negative filter operation causes frames with the specified MAC addresses to be forwarded You may easily prevent any station on one segment from accessing a specific resource on the other segment for this positive filtering and the use of Filter if Destination would be appropriate If you want to disallow a specific station from accessing any service Filter if Source could be used
60. ddress of each partner router must be manually entered in the remote site set up for the link to operate Location Main Configuration V Connections Set up V Remote Site Set up Edit Remote Site V5 Protocol Set up Parameters Peer IP address 2 14 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications 2 1 4 4 Multilink Operation Multilink operation defines the use of more than one link to connect between two PPP routers When a multilink connection is required simply enable the Multilink Operation option of the remote site profile for that connection When a multilink connection is established the multilink MP options within the PPP set up and Advanced PPP setup menus will determine the operation of the multilink connection Location Main Configuration Connections Set up Remote Site Set up Edit Remote Site V5 Protocol Set up V5 Multilink Enabled IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 15 Applications 2 2 Basic WAN Configurations 2 2 1 Basic ISDN Connections If this IOLINK 520 amp IOLINK PRO are configured as an ISDN bridge router it may establish WAN connections to other bridge routers via ISDN Integrated Services Digital Network connections Before the IOLINK 520 amp IOLINK PRO can establish an ISDN connection to another ISDN router the ISDN information must be defined ISDN switch type must be defined
61. displayed in boxes The numbers on the left side of the boxes indicate the menu option from the parent menu that this menu corresponds to All menu options are listed with numbers indicating their actual position within the menu system Menu options contained within a grayed box are ISDN options Menu options contained within a black box ate Frame Relay options IOLINK 520 amp IOLINK PRO Installation amp Applications Guide A 1 ISDN Options M enu Tree 1 1 Frame Relay Options software release 51P 04 06 xx 52P 04 06 xx 1 41 Device Set Up menu 42 Telnet Set Up menu z Upgrade Device 14 Load FLASH Set Up menu 15 16 7 Device Set Up 1 Password 2 Device Name 3 Show Time 4 Set Time Hardware Status TFTP access Telnet Set Up 1 Telnet access 2 Telnet 3 Telnet port 4 Show Names 5 Add Name 6 Remove Name Upgrade Device 1 VPN 2 High Security VPN Load FLASH Set Up 1 Console ZMODEM 2 Network TFTP Console Dump 41 2 Interfaces Set Up x2 Restore ul LAN Set Up 1 Bridge STP Set Up 11 State 2 Path cost 3 Priority LAN IP Set Up 1 2 1 Secondary IP set up Secondary IP Set Up a Setup 11 Edit Secondary Edit Secondary 4 Routing protcol 12 Show Secondary Entry 25 RIP mode 3 Remove Secondary Entry i Secondary IP 6 Route cost 12 Mask Size Subnet Mask 2 4 Routin
62. dress must be different from the two existing networks that are being connected together with the PPP routets IPX node address of the local WAN link is defined as the Local IPX Node within the remote site profile settings The IPX address of the WAN link of the remote PPP router is defined as the Peer IPX Node within the remote site profile settings WAN netwotk number 1s defined with the IPX Net option in the remote site profile settings Applications IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 13 Applications 2 1 4 3 Unnumbered Links An unnumbered link does not use network addressing on the WAN link The WAN connection is roughly equivalent to an internal connection with each of the two end point routers operating as half of a complete router that is connected between the two endpoint LANs When an IPCP link is set to unnumbered the only configuration option applicable is Peer IP Address The peer IP address in this case is the IP address of the remote PPP router that is the IP address of its LAN connection If the peer IP address is not specified the IOLINK router will attempt to determine it when negotiating the IPCP connection When an IPXCP link is set to unnumbered no addressing configuration is required of the IPX settings are negotiated during the IPXCP connection When making a raw frame relay no PPP encapsulation connection with unnumbered links the IP network a
63. e Copyright O 2000 Perle Systems Limited 12780895 2 12901 1047C 063
64. e connected The second configuration consists of Novell servers located on only one of the LAN segments to be connected IOLINK router IPX router will need to be configured differently in the second configuration with Novell servers located on only one of the LAN segments 2 1 3 1 Novell Servers in Both Locations An Ethernet IPX router is used to intelligently route Novell IPX LAN traffic to another netwotk The networks may be connected actoss a WAN link illustrated below or two LANs connected to a dual LAN IOLINK 520 WAN connection IPX Network Address IPX Network Address Novell IPX Client Novell Server Novell Server Novell IPX Client Figure 2 3 IPX Routed Local Area Networks Servers on both sides IPX routers forward IPX frames based upon their IPX destination address and an internal routing table The router maintains the internal routing table with the network IPX addresses and the remote partner IPX routers associated with those networks When an IPX frame is received the destination IPX address is examined and looked up in the routing tables Once the destination IPX address is found in the routing tables the IPX router sends the IPX frame to the appropriate remote IPX network When both LAN segments contain Novell servers the IPX network numbers are learned automatically simply ensure that IPX routing is enabled on the router for both networks When two IPX LAN segments with Novell servers on each se
65. e used for the creation of subnets In this example specifying a mask size of 26 will produce a subnet size of 2 bits Two bits gives 4 possible sub network addresses from the original IP netwotk address Two of the resulting sub networks will have either all zeros or all ones as the subnet address these addresses are reserved for network functions and hence are invalid addresses The subnet mask fot the above example networks will be 255 255 255 192 255 255 255 192 So setting a subnet mask size of 26 will generate two sub networks with up to 62 host addresses each 64 potential addresses minus the all zero and all one addresses The new IP sub network addresses will be 199 169 100 64 and 199 169 100 128 Original IP Network Address 199 169 100 0 Subnet IP Network Address Subnet IP Network Address 199 169 100 64 199 169 100 128 2 Subnet Mask is 5 Subnet Mask Size 26 255 255 255 192 Subnet Mask See 26 outer IP Address 199 169 100 129 Router IP Address 199 169 100 65 LAN 2 IP Computers LAN 1 IP Computers 6 p c Host IP Address Host IP Address Host IP Address Host IP Address 199 169 100 66 199 169 100 67 199 169 100 130 199 169 100 131 Figure 2 2 Defining an IP Subnet Mask IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 7 Applications 2 1 2 3 IP Default Gateway An IP default gateway is an IP router that is resident on the local IP network that this
66. e LAN Console module Y Y ISDN U WII LINE Power connector Figure 1 2 Rear View of the IOLINK PRO with ISDN interface IOLINK 520 The IOLINK 520 is configured with a 10 100BaseT LAN and either one or two optional interface modules The optional modules may be a second LAN 10 BaseT a second LAN plus one WAN module a single WAN module or two WAN modules If a second LAN module is installed it must be in the slot 1 leftmost position when viewed from the rear of the unit to operate In addition if only one optional interface module is installed it must be in slot 1 Each interface may be changed by simply removing the existing module and installing a new module Refer to Appendix D Setvicing Information for information on replacing modules Link 1 module Link 2 module LAN Console module v v v CSU DSU LINE MDI X MDI 10 100 LAN RS 232 V 24 CONSOLE 4 Power connector Figure 1 3 Rear View of the IOLINK 520 with a single LAN connection and two WAN modules IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 1 3 Applications LAN 2 module Link 2 module LAN Console module v v y ia MDI X MDI MDI X MDI gy gy 10 100 BT LAN 1
67. e Lank Interfaces CHE UE dn LU d Changing the Link Integrity on the 10BaseT LAN Interface eee 4 Chanping ISDN Link Gs Processor settings for tbe ISDN Link Modules aio ione oi red C 5 Changing the Termination Straps on the ISDN S T Interface C 6 Connecting to the ISDN U Link Module aci oe epe preis C 6 Performing Software Upgrade dae vette RU dd PRU doy D INTERFACE PINOUTS D 1 Pinout esee a a a D 1 Lig out id D 1 ATL CSU DSU Module Information eerte D 2 D 3 VAT Go RS 252 Link etia tette edi we ep D 4 Apos Dank PIU S ee qu De ah eqno UDIN oh dida D 5 RS442 Gc 5530 Tank oer ost D 6 V325 link PIROUES obi D 7 RS232 Null Modem Cable Conbigutationiu s ditata o D 8 V 35 Null Modem Cable COH Bgufa EOTEs oe dita eet tette ocn o e cei D 9 RS530 Null Modem Cable qase tanq qe tt D 10 RS530 To RS449 Conversion T peo D 11 V 11 amp X21 Null Modem Cable Configurations iere ih repere tns D 12 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Contents Contents IOLINK 520 amp IOLINK PRO Installatio
68. e Pinouts V 11 X 21 Null Modem Cable Configuration DB15 MALE The connecting cable must be a shielded cable DB15 MALE 1 Protective Ground Protective Ground 1 2 Transmit Data A Receive Data A 4 3 Control A Indication A 5 4 Receive Data A Transmit Data A 2 5 Indication A Control A 3 6 Signal Element Timing A Signal Element Timing 6 7 Not Used Not Used 7 8 Signal Ground Signal Ground 8 9 Transmit Data B Receive Data 11 10 Control B Indication 12 11 Receive Data B Transmit Data B 9 12 Indication B Control B 10 13 Signal Element Timing B Signal Element Timing B 13 14 Not Used Not Used 14 15 Not Used NotUsed 15 Figure D 13 V 11 X 21 Null Modem Cable Circuits which are paired contain an A and B reference should be connected to twisted pairs within the connecting cable This cable is needed when it is necessary to connect two units back to back and a set of modems is not available Note that this cable specifies DB 5 connectors on each end to allow direct connection to the link interface connector on each unit The link speed must be defined for each of the two units When using this cable to connect two units back to back a jumper must be installed on pinheaders W8 W9 one of the V 11 X 27 interface modules This allows that particular module to generate the required timing signals D 12 IOLINK 520 amp IOLINK PROOO Installa
69. e same dual LAN IOLINK 520 Router IP Address Router IP Address IP Network Address 199 169 2 0 IP Network Address 199 169 1 0 Network 1 Network 2 TCP IP Network TCP IP Network Figure 2 2 IP Networks Routed across a WAN link IP routers forward IP frames based upon their IP destination address and an internal routing table The router maintains the internal routing table with the connected network IP addresses and for WAN link connections the remote partner IP routers associated with those networks When an IP frame is received the destination IP address is examined and looked up in the routing table In the case of a dual LAN IOLINK router if the destination IP address is on the other LAN the packet is routed there For WAN connections if the destination IP network is found in the routing tables the IP router sends the IP frame to the remote partner router that is connected to the appropriate remote IP network If no explicit route entry is found in the routing table the IP frame is sent to the Default Gateway The Default Gateway may be learned from the LAN or may be set manually see section 2 1 2 3 To configure an IOLINK router for IP routing between networks the following parameters must be defined in the built in menu system 1 IP Address Location Main Configuration Interfaces Set up V5 LAN Set up V IP Set up IP Address Size of Subnet Mask If this IOLINK 520 has the dual LAN option i
70. e than one frame type is to be used each frame type must have a unique IPX network number There must be no duplicate IPX network numbers within your entire IPX routed network they must all be unique The IPX network numbers may be any value from 0 to FFFFFFFF HEX IPX Routing Enabled Location Main Configuration V Packet Services Set up V IPX Routing Set up IPX Routing IPX routing must be re enabled to allow the IOLINK router to operate as an IPX router with the newly defined IPX network numbers All connected IOLINK router IPX routers must have IPX routing enabled for IPX routing to take place between the LANs When one of the IOLINK routers on a network has IPX routing disabled all of the IOLINK router IPX routers will become bridges only for IPX frames IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 11 Applications IPX Forwarding Enabled Location Main Configuration V Packet Services Set up V IPX Routing Set up Vo IPX Forwarding IPX forwarding must be re enabled to allow the IOLINK router to forward IPX frames onto the WAN to the partner IOLINK router IPX routers The IPX Forwarding function enables or disables the forwarding of IPX traffic when IPX routing is enabled When IPX forwarding is disabled all IPX traffic across the WAN links will be blocked While IPX forwarding is disabled the IOLINK router will still operate as an IPX router and maintain its routing and server tab
71. ection is to be activated and deactivated Location Main Configuration Connections up Remote Site Set up Edit Remote Site Activation Schedule Activation intervals 1 e Ifa second ISDN channel is available and traffic level is enabled setting the traffic load at which the second channel is to be activated Location Main Configuration Connections up Remote Site Set up Edit Remote Site Activation V5 Threshold Up Threshold Down Threshold Up Stability timer Down Stability timer 2 28 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications 2 3 2 Configure Remote Site Profile for Frame Relay Each of the PVC s on the frame relay service must be configured within an individual remote site profile on the IOLINK router This is usually done automatically through the auto learning process When the frame relay router first starts up it will query the frame relay service to try to determine the PVC configurations If the DLCI numbers of the PVC s on your service ate determined during startup the IOLINK router will automatically create a remote site profile for each PVC The automatically created remote site profiles will be named LinkxDLCIyyy where x is the physical link number the PVC is on and yyy is the DLCI of the PVC re If during this learning process the maximum number of remote sites has been ies reached the IOLINK router will prompt you that there are no remote si
72. ection to another DNS server for example through an ISP then the local DNS server should be set as the primary DNS and the external DNS server as the secondary DNS IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 35 Applications DNS Set Up Location Main V Configuration V Application Set up DHCP Set up DNS Set up V Primary DNS IP address local DNS server V Secondary DNS IP address external DNS server External DNS Server m Secondary C LJ Local DNS Server _ Primary Figure 2 10 Local External DNS Server Configuration L The configuration options described here are only for initial set up and configuration purposes For more complete information on all of the configuration parameters available please refer to the PPP Menus Manual file on the accompanying CD ROM 2 36 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications 2 4 2 Network Address Translation and Port Translation The IOLINK 520 amp IOLINK PRO provide support for Network Address Translation NAT Network Address Translation is a technique that translates private IP address on a private network to valid global IP addresses for access to the Internet Network Address Port Translation translates both the IP address and the port number advantage of port translation is that more than one private IP address can be translated to the same glob
73. ection to another PPP router the link speed information must be defined Refer to the following diagram that shows two IOLINK routers and another vendors unit connected together with direct leased line connections PPP IP Router Figure 2 9 Basic PPP Leased Line Configuration 2 24 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide The following steps must be performed on each of the IOLINK routers the network Local IP Address Location Main Configuration V5 Interfaces Set up V5 LAN Set up LAN IP Set up IP Address mask size This is the IP address and subnet mask for the link of this IOLINK router in the unnumbered IP connection Usually the clocking signal is received from the link see Appendix D Link Clocking Information If the link interface is a V 11 V 35 or RS232 connection and the link speed is different from the default 64Kbps and the IOLINK router is to be the clock source the link speed must be set to the clock speed that the IOLINK router receives from the DCE link device Link Speed Location Main W Configuration V5 Interfaces Set up V5 WAN Set up Link Set up Vo Link Speed 2 2 3 1 1 Bridge Connection Once the link speeds have been configured the IOLINK router will attempt to establish the link connection to the remote site PPP router The Bridge connection does not require any configuration for operation 2 2 3 1 2 IP Router Connection Once the
74. ed in its HEX format an octet is a pair of HEX values with offset location 0 starting at the beginning of the frame Please refer to Appendix C Octet Locations on Ethernet Frames for more information on octet locations in data frames The pattern match value is defined as a HEX string that is used to match against the data frame If the HEX data at the appropriate offset location in the data frame matches the HEX string of the filter pattern there is a positive filter match The data frame will be filtered according to the filter operators being used in the filter pattern The following operators are used in creating Pattern filters offset Used in pattern filters to determine the starting position to start the pattern checking Example 12 80 This filter pattern will match if the packet information starting at the 1218 octet equals the 80 of the filter pattern OR Used in combination filters when one or the other conditions must be met Example 10 20 12 80 This filter pattern will match if the packet information starting at the 10 octet equals the 20 of the filter pattern or if the packet information starting at the 12 octet equals the 80 of the filter pattern amp AND Used in combination filters when one and the other conditions must be met Example 10 20 amp 12 80 This filter pattern will match if the packet information starting at the 10 octet equals the 20 of the filter pattern and the packet information starting
75. ed on the DTE Terminal Timing pins external clocking pins on the link interfaces ATL CSU DSU Link Module Information The IOLINK 520 amp IOLINK PRO are currently produced with LXT CSU DSU interface modules however the earlier model ATL CSU DSU module is still compatible with the IOLINK router and may be used with it Note that ATL master mode signaling is not compatible with the current standatd 64K master mode signaling therefore for back to back connections an ATL unit will only operate at 64K when connected to another ATL unit If one interface is an ATL unit and the other is not back to back operation must be set to 56K The ATL CSU DSU link module is normally configured to receive clock from the connected netwotk When two ATL CSU DSU link modules to be used on a leased line in a back to back set up one of the modules must provide the clock IOLINK 520 amp IOLINK PRO Installation amp Applications Guide D 1 Interface Pinouts These modules may have either the UP DOWN switch type or the ON OFF slide switch type Each type is illustrated below Switches un down Figure D 1 Rear View of ATL CSU DSU Link Module with UP DOWN Switches 4 Switch Switches sliders on di 3 top of the x CSU DSU Switch On uu off 1234 urere View from back of module View from top of module F
76. erfaces Set up WAN Set Up V Remote Site Set Up Edit Remote Site Connection Set up V5 ppp Enabled Applications IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 23 Applications 2 2 3 Basic Leased Line Configuration The IOLINK 520 amp IOLINK PRO establishes PPP Point to Point Protocol WAN connections to other PPP Leased Line IOLINK routers or to other vendors PPP leased line routers via direct leased line connections Either 1 or 2 links may be used to connect to other PPP routers Configuration The default configuration for IOLINK 520 amp IOLINK PRO shipped within North American with at least one non ISDN interface module is to have frame relay enabled on that interface To run PPP leased line frame relay must be disabled Selecting the Frame Relay option will toggle the setting from enabled to disabled Frame Relay disable Location Main Configuration V5 Interfaces Set up V5 WAN Set up Link Set up V Frame Relay disabled The router will request confirmation of the change enter yes 2 2 3 1 Quick Start PPP Leased Line Connections A Quick Start minimal configuration may be used to initially establish connection to another vendors PPP router Once the connection is established and is working properly the IOLINK router should be configured with a remote site profile entry for that vendors router Before the IOLINK 520 amp IOLINK PRO can establish a link conn
77. es to a number of hosts on the IOLINK router s LAN and supply the minimal configuration needed to allow hosts to operate in an IP network The following steps must be performed on the IOLINK 520 amp IOLINK PRO to configure it as a DHCP server DHCP Services Location Main Configuration V Applications Set up V DHCP Set up DHCP Services Server DHCP Services options which are available are none relay and servet Set to server to enable this device as a DHCP Server IP Address Pool Location Main Configuration o Applications Set up V DHCP Set up V Server IP address pool V IP address pool IP Address number of addresses IP address pool option requires setting the first IP address the range that is to be used for the devices attached to the DHCP Server The number of addresses to be assigned must also be specified to a maximum of 253 When setting a router as a DHCP server you may not assign an address pool that includes broadcast addresses all ones in the host portion of the IP address for known networks Known networks include any local networks plus standard A B and C class addresses With the DHCP Services and Address Pool defined devices may be attached to the netwotk up to the maximum specified and they will be automatically configured re When setting up a router as a DHCP server that will have both a DNS server C on the internal network and a remote conn
78. ess Pool 2 34 IP Routing 2 5 IPSec 2 39 44 ESP SA 2 42 Policy 2 40 IPX Frame Types 2 11 IPX Routing 2 9 ISDN 2 16 2 26 ISDN backup 2 34 ISDN Directory Numbers 2 17 ISDN SPID 2 17 ISDN Switch Type 2 17 ISDN Termination Straps C 6 ISDN ST Module 1 3 ISDN U Module 1 3 C 6 L LAN Connection 1 3 LAN Module 10Base2 1 2 10Base5 1 2 10BaseT 1 2 Leased Line 2 26 2 34 LED Interpretation 1 10 Link Clocking Information D 1 Link Interfaces Reference D 1 Link Pin Out Information D 1 Link Speed 2 24 LMI Type 2 19 2 20 Login 1 5 M MAC Address Filtering 3 1 Managing the IOLINK 520 amp IOLINK PRO 1 6 Manual Configuration of LMI type 2 22 Manual Conventions 1 6 Maasks 2 6 Menu System 1 6 Module 1 2 Multilink 2 15 2 23 2 33 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide NAT Network Address Translation 2 37 NAPT 2 37 Negative Filtering 3 1 Novell Server 2 9 2 10 Null Modem Cable D 1 Numbered Links 2 15 On Link 2 35 Opening the case C 1 P Passwotd 2 37 passwotd clear lost C 3 Pattern Filtering 3 2 Popular Filters 3 3 Bridge 3 3 IP Router 3 4 Positive Filtering 3 1 Policy IPSec 2 40 PPP 2 13 2 21 2 26 PPP encapsulation 2 23 2 29 2 31 2 39 PPP ISDN 2 16 2 26 2 27 PPP Leased Line 2 32 PPP Numbered Link 2 13 PPP Security 2 46 PPP Unnumbered Link 2 14 Primary Link 2 33 2 20 2 27
79. ets first set the action to bypass IPSec so the packets are not processed IPSec ESP SA Location Main Configuration V Packet Services Set up IP Security Set up V Policy Set up Edit Item pass RIP Action bypass IDSec then set up the rules to check for RIP packets IPSec ESP SA Location Main Configuration V Packet Services Set up IP Security Set up V Policy Set up Edit Item pass RIP Selection Rules Src IP any V Dest IP any Protocol 17 Src port 520 Dest Port 520 RIP packets protocol 17 to and from any IP and to and from port 520 will be passed through the WAN interface on this router 2 44 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications Once the IPSec policies have been configured and it has been confirmed that traffic is passing over the IPSec connection the default action for failed packets should be changed to discard The initial factory setting is to bypass IPSec which allows remote configuring of the router via Telnet Once the IPSec configuration has been completed and tested this should be changed so that only those packets matching the IPSec conditions ate passed IPSec Policy Set up Location Main Configuration V Packet Services Set up TP Secutity Set up Policy Set up Default action discard The configuration options described here are only for initial set up and configuration purposes For more complete
80. ffect 2 30 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide EIR Location Main Configuration Connections up Remote Site Set up Edit Remote Site Connection Set up V EIR EIR value specifies the indicated data rate that may be available for this PVC This value must be set to the same as the value provided by the Frame Relay network provider When EIR 0 no excess burst data is allowed to be transmitted If EIR 1s non zero bursting is allowed The only restriction is that CIR EIR gt 0 Configuration When changing the EIR option for this PVC the PVC must be disabled and Note then enabled before the new value will take effect The Bridge IP IPX and Compression settings may now be configured within the Bridge Parameters IP Parameters IPX Parameters and CCP Parameters menus note compression over frame relay is only available if PPP encapsulation is enabled If either the Bridge portion or the IP or IPX router portion of the connection is not required the appropriate Connection Protocol setting must be disabled within the appropriate sub menu For example if an IPX only connection is to be established the Bridging and IP parameters must be disabled so that the IOLINK router does not negotiate the Bridge or IP Connection Protocols on the connection Connection Protocol Setting Location Main Configuration Connections up V5 Remote Site Set up Edit Remote Site Protocol
81. for the ISDN interface and the phone numbers must be defined Refer to the following diagram that shows three IOLINK router units connected together with two ISDN B channels being configured on each unit lt f TT 4 555 1301 ISDN phone numbers assigned from the ISDN circuit provider information a ISDN WAN connections Figure 2 5 Basic ISDN Configuration 2 16 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications The following steps must be performed to configure the IOLINK 520 amp IOLINK PRO The default switch type for ISDN S T interface modules is NET3 the default switch type for ISDN U interface modules is NI 1 If the type of service your provider uses matches the default setting for the interface module the following step may be skipped otherwise the switch type must be set Switch Type Location Main Configuration V5 Interfaces Set up WAN Set up Vo Switch Type Ten ISDN switch types are available net3 ni 1 ni 2 dms 100 5ess pp 5ess mp tph1962 sweden or ntt Note that if your routers are located within different ISDN jurisdictions the ISDN switch type may be different on each of the units Directory Numbers amp SPIDs Location Main Configuration V5 Interfaces Set up V WAN Set up Link Set up V5 ISDN Set up Directory Number V5 SPID directory number will be the ISDN phone number used to establish a cal
82. g Protocol 5 RIP mode 3l LAN IPX Set Up LAN NAT set up 6 Private Route 1 Translation type 57 Route Cost 1 Ethernet Il frames 2 Show address pool z 2 RAW 802 3 frames 3 Dynamic IP pool 3 IEEE 802 2 frames 4 Add static entry 4 802 2 SNAP frames 5 Remove static entry z 5 Auto Learn 6 NAT enable 6 Help 1 Switch type 2 Group Set Up 1 Force 56k 2 Hunt Group z 3 Add link 4 Show Groups 3 1 Link Set Up 1 Physical link type 2 Link operation 1 3 Link IP MTU Size 4 Frame Relay 4 1 4 Logical ISDN type 5 Frame Relay set up menu Frame Relay Set Up 1 5 ISDN set up menu 6 Link speed 1 8 Son 7 Link CD wait time i EM aea Ing 5 tect i amp LPE B ehanas eteci 8 Loop compensation 3 Polling interval 4 Enquiry interval 5 Error threshold 6 Monitored events ISDN Set Up 1 Dial prefix 3 power detect 1 1 3 Force Terminal Set Up 54 Directory number 11 Terminal 5 SPID 12 Show 13 Add 4 Remove Continued on next page Continued from previous page Connections Set Up Remote Site Set Up 1 1 2 Remote site summa 3 Display learned summa 3 Call summary Remove remote site 4 5 Manual call 6 Force disconnect CHAP challenges 1 2 3 Request security 24 5 Caller ID security PPP Set Up 3 Configure Count 4 Failure
83. gment are to be connected via IPX routing you must ensure that the IPX network numbers on each of the Novell servers is unique If the IPX network numbers are the same IPX routing will not operate Applications IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 9 Applications Once the WAN connections have been established to the remote partner IOLINK routers the IPX router portion of the IOLINK routers will begin to build their routing tables according to the IPX frames they receive from the network Manual entries may be made in the routing tables by adding static IPX routes 2 1 3 2 Novell Servers in One Location Only Some Novell LAN installations require that a remote LAN that consists of only Novell IPX clients be connected to a central LAN that contains the Novell servers and some mote clents In this configuration the IOLINK router IPX router located at the remote site must be configured with the appropriate IPX network numbers The IPX network number must be configured manually because there is no Novell server at the remote site The IOLINK router must act as a Novell server to supply the proper IPX network number to the clients on the remote site LAN In the following diagram the IOLINK router connected to LAN 2 must be configured with IPX network number 1500 or any other valid unique IPX network number using the appropriate frame type The clients connected to LAN 2 must also be running with the sa
84. gnal Element Timing B Receiver Signal Element Timing B 16 14 Receiver Signal Element Timing A Transmitter Signal Element Timing A 23 16 Receiver Signal Element Timing B Transmitter Signal Element Timing B 25 23 Transmitter Signal Element Timing A Transmitter Signal Element Timing 25 Transmitter Signal Element Timing B Transmitter Signal Element Timing B 19 20 Data Terminal Ready Data Channel Received Line Signal Detector CD 8 8 Data Channel Received Line Signal Detector CD Data Terminal Ready 20 7 Signal Ground Signal Ground 7 4 Request to Send Data Set Ready 6 6 Data Set Ready Request to Send 4 Figure D 10 V 35 Null Modem Cable The connecting cable must be a shielded cable Circuits which are paired contain an A and B reference should be connected to twisted pairs within the connecting cable This cable is needed when it is necessary to connect two units back to back and a set of modems is not available Note that this cable specifies DB25 connectors on each end to allow direct connection to the link interface connector on each unit The link speed must be defined for each of the two units IOLINK 520 amp IOLINK PRO Installation amp Applications Guide D 9 Interface Pinouts RS530 Null Modem Cable Configuration DB25 MALE 1 Shield 2 Transmitted Data A 14 Transmitted Data B 3 Received Data A 16 Received Data B 4 Request To Send A 19 Request To Send B 5 Clear To
85. h end to allow direct connection to the link interface connector on each unit The link speed must be defined for each of the two units D 10 IOLINK 520 amp IOLINK PROOO Installation amp Applications Guide Interface Pinouts RS530 To RS449 Conversion Cable DB25 MALE DB37 MALE FEMALE 2 Transmitted Data A 4 14 Transmitted Data B 22 3 Received Data A 6 16 Received Data B 24 8 Received Line Signal Detector A 13 10 Received Line Signal Detector B 31 6 Data Set Ready A 11 22 Data Set Ready B 29 4 Request to Send A 7 19 Request to Send 25 5 Clear to Send A 9 13 Clear to Send B 27 20 Data Terminal Ready A 12 23 Data Terminal Ready B 30 17 Receiver Signal Element Timing DCE Source A 8 9 Receiver Signal Element Timing DCE Source B 26 15 Transmit Signal Element Timing DCE Source A 5 12 Transmit Signal Element Timing DCE Source B 23 24 Transmit Signal Element Timing DTE Source A 17 11 Transmit Signal Element Timing DTE Source B 35 7 Signal Ground 19 1 Shield 1 Figure D 12 RS530 to RS449 Conversion Cable The connecting cable must be a shielded cable Circuits which are paired contain an A and B reference should be connected to twisted pairs within the connecting cable This cable is used to connect an RS530 link to an RS449 device The cable converts from a DB25 connector to a DB37 connector IOLINK 520 amp IOLINK PRO Installation amp Applications Guide D 11 Interfac
86. igure D 2 View of ATL CSU DSU Link Module with Sliding ON OFF Switches When connecting two bridge routers back to back with CSU DSU link modules a null modem cable is required to crossover the pins on the links Crossing over the pins allows two bridge routers both configured as DTE interfaces to be connected together Switch number 1 determines whether the ATL CSU DSU link module will generate clocks or receive clocks When switch 1 is down on the normal position the module receives clock signals from the connected network When switch 1 is up up the module will generate clocks When a pair of IOLINK routers are connected back to back with CSU DSU link modules one module must be set to generate clocks and one module must be set to receive clocks On 64 Kbps units only switch number 3 determines the mode of the ATL CSU DSU When switch 3 is down on the ATL CSU DSU is in DDS Digital Data Service mode for normal connection to the 64 Kbps digital service When switch 3 is up off the ATL CSU DSU is in LDM Limited Distance Modem mode for back to back connection with a null modem cable On 56 Kbps units the position of switch 3 is not a factor for back to back connection with a null modem cable Switch 1 must still be set as noted above A DSU CSU crossover cable would be constructed as follows 1 7 2 28 7 gt 1 8 gt 2 D 2 IOLINK 520 amp IOLINK PROOO Installation amp Applications Guide Console Pinouts The connect
87. iguring the IOLINK 520 amp IOLINK PRO in different operational states Also refer to the IOLINK 520 amp IOLINK PRO VPN Menus Manual file for your operating software on the accompanying CD ROM for a complete description of all the Menu Options Other options may be changed depending upon specific installation configurations Refer to the menu tree in Appendix A for a reference of the menu structure and options 1 8 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications Identify the Status LEDs The four three colour Light Emitting Diodes LEDs on the front of the IOLINK router are depicted in Figure 1 1 The meanings of these LEDs are found in the following chart Red Bedge Routeris powered up but has failed power up diagnostics 4 2 POWER Module is not installed Module is connected and forwarding LAN 15 connected and NOT forwarding i e Listening Learning or Blocking Bridge Router is NOT connected to the LAN S 4 LAN zd Yellow Module is not installed or is configured to be down Disabled Connection is up LAN 2 connected and forwarding LINK is negotiating in ISDN LINK is auto learning LMI type Yellow f 4 in Frame Relay Not used Leased Line or LAN mode Software failure i WAN module installed LAN 2 not connected if LAN2 module m LINK 1 LAN 2 Module is not installed or is configured to be down Disabled LINK is negotiating in ISDN
88. information on all of the configuration parameters available please refer to the IOLINK 520 amp IOLINK PRO VPN Menus Manual file on the accompanying CD ROM IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 45 Applications 2 4 3 2 Configure PPP Security The PPP IOLINK 520 amp IOLINK PRO provide suppott for both PAP and CHAP security access authentication An outgoing user name PAP password and CHAP secret are defined that the IOLINK router will use when responding to an authentication request from a remote site PPP router IN JV The cold start defaults for the security user name and passwords are as follows a These defaults will exist when the IOLINK router is first started before and configuration is entered and after a Full Reset has been performed These default values are also set when the IOLINK router is placed in TFTP Network load mode for upgrading the operating software via TFTP transfers Care should be taken when upgrading a group of IOLINK routers that have security levels set Default outgoing user name for each remote site when it is defined is the same as the default device name Default PAP password and CHAP secret are both set to BRIDGE The complete password security configuration for both incoming and outgoing calls is defined within the Security menu of the WAN set up section Security Level Location Main Configuration V Connections Set up Security Set up V5 s ecurity
89. ing network congestion The IOLINK 520 amp IOLINK PRO are pre configured to operate as an Ethernet bridge compatible with the IEEE 802 1d Spanning Tree Protocol definitions This means that without configuration modifications the IOLINK 520 amp IOLINK PRO will bridge Ethernet traffic to its partner bridges when the Wide Area Network WAN connection has been established The IOLINK 520 amp IOLINK PRO are also pre configured as an IPX router This means that if you wish to bridge IPX traffic instead of routing it you must disable the IPX routing function of the IOLINK router Once IPX routing has been disabled all IPX traffic will be bridged between networks To set up a bridge between two LANs using a dual LAN IOLINK 520 all that is required is that the LANs be connected to the IOLINK router To set up a bridge between two networks connected by a WAN link Connect each IOLINK router to the LAN s it will be serving Connect the WAN interface of each IOLINK router to the equipment supplied by the service provider Configure the remote site profile of the partner router if necessary Establish the WAN connection IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 3 Applications 2 1 2 IP Routing An Ethernet IP router 15 used to intelligently route Internet Protocol IP traffic to another netwotk The networks may be connected actoss a WAN link illustrated below or two LANs connected to th
90. ing traffic flow to and from a network Please see section 3 Introduction to Filtering for details on how to set up various filtering operations 2 4 4 Compression Compressing data allows data throughput rate considerably greater than the physical line rate The actual rate achieved will depend on how compressible the specific data is Generally graphics and databases compress up to 600 text 400 to 500 binary codes about 200 At line rates above 256 Kbps compression is not effective as it takes more time to perform the compression than to transmit the raw data Enable compression Location Main Configuration Connections up V5 Remote Site Set up Edit Remote Site V5 Protocol Set up CCP parameters Compression Enabled Applications IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 51 Applications 2 4 5 Bandwidth On Demand IOLINK router may be set to activate its secondary link when the load on the primary link exceeds a user defined threshold Set the traffic loads for enabling and disabling the secondary circuit Location Main Configuration Connections up Remote Site Set up Edit Remote Site Activation Set up V5 Threshold Set up o up threshold up stability timer down threshold down stability timer The up and down stability timers are the delay times that the primary link must be above the threshold before the secondary is activated or below thre
91. k number defined here is the link interface used to establish the connection to the remote site PPP router When a link number is defined within a new remote site profile that link number will be removed from any remote site profile that originally was defined to use the link The link will then be used within the newly defined remote site profile When this remote site profile is defined to use Multilink protocol the Secondary Connection should also be defined The Bridge settings may now be configured within the Bridge Parameters menu The IP settings may now be configured within the IP Parameters menu The IPX settings may now be configured within the IPX Parameters menu The Compression settings may now be configured within the CCP Parameters menu L The configuration options described here are only for initial set up and configuration purposes For more complete information on all of the configuration parameters available please refer to the PPP Menu Reference Manual file on the accompanying CD ROM IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 33 Applications 2 3 4 Configure Remote Site Profiles for Frame Relay with ISDN backup Frame Relay operation is set up as described in section 2 3 2 The PVC both partner routers must be disabled during this set up _ procedure then re enabled when ready to start ISDN call set up is done as described in section 2 3 1 Recovery operation is set up
92. l between the routers The SPID is used to register the ISDN interface with the central switch For switch type only one directory number is required The IOLINK router will operate without putting in the directory number for a switch but it is recommended that it be entered Most North American installations use the switch type NI 1 and must have the directory number entered as well the SPID Service Profile Identifiers value For an NI 1 switch type enter only the local portion of the directory number unless the area code is required for local calls The SPID must be set to the exact number given by the ISDN service provider IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 17 Applications Once the ISDN switch type and directory numbers have been configured the IOLINK router must be reset for the new values to take effect and for the ISDN BRI interface to register with the central switch Soft Reset Location Main Diagnostics Soft Reset Once the IOLINK router has restarted it is ready to establish ISDN connections With the ISDN numbers and switch type defined an ISDN call may be placed to another properly configured bridge router The calls may be placed manually or automatically The automatic call features available Auto Call or Address Connect Auto Call connection is established each time the IOLINK router starts up IP Address Connect call is e
93. les 2 1 3 3 Novell Server with Dual LANs If an IOLINK 520 is configured with two LAN interface modules the setup will be similar to the above configuration the difference being that rather than configuring the IPX numbers on different IOLINK routers they are configured on different LANs IPX Frame Types Location Main o Configuration V5 Interfaces Set up LAN Set up select LANT or LAN2 V LAN IPX Set up Ethernet II Frames RAW 802 3 Frames V IEEE 802 2 Frames 802 2 SNAP Frames e The configuration options described here are only for initial set up and configuration purposes For more complete information on all of the configuration parameters available please refer to the IOLINK 520 amp IOLINK PRO VPN Menus Manual file on the accompanying CD ROM 2 12 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 1 4 PPP Overview Point to Point Protocol PPP is a connection protocol that allows control over the set up and monitoring of network communications It is used in procedures for user authentication name and password connection management spoofing bandwidth on demand multilink and compression If any these functions are required on a frame relay connection PPP encapsulation within frame relay is available 2 1 4 1 PPP Link Configuration A PPP connection between two routers may use a number of Network Control Protocols for communication An IP router connection will use the In
94. link speeds and local IP address have been configured the IOLINK router will attempt to establish the link connection to the remote site PPP router The IP connection is an unnumbered connection that requires only the configuration of the IP address of the IOLINK router 2 2 3 1 3 IPX Router Connection Once the link speeds have been configured the IOLINK router will attempt to establish the link connection to the remote site PPP router The IPX connection is an unnumbered connection that does not require any configuration If security is required for the direct dial connection refer to the Configure PPP Security section for information on setting the security passwords and user names for PPP Applications IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 25 Applications 2 3 Configure Remote Site Profiles Remote Site Profiles allow the IOLINK router to have different sets of configuration parameters for each of the remote site routers that may be called or that may call this IOLINK router This allows complete control over the configuration of each possible connection Each remote site profile is assigned an identification number when it is created whether it is created automatically under auto learning or manually by the user editing the remote site profile The remote site is also named with an alias which provides a more descriptive identifier for the remote site profile For example a remote site profile
95. me frame type as defined on the IOLINK router After the IOLINK routers have established the WAN connection the IPX routing procedures will cause the names of the services located on LAN 1 to be stored in the services table on the IOLINK router on LAN 2 When one of the clients on LAN 2 starts up it will look for a server on the local LAN and the IOLINK router will respond with the list of servers that are located on LAN 1 IPX Network Address WAN connection 1500 defined on router IPX Network Address Novell IPX Client Novell Server Novell IPX Client Novell IPX Client Figure 2 4 IPX Routed Local Area Networks Servers on one side 2 10 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications The following steps must be performed on the IOLINK router connected to LAN 2 IPX Routing Disabled Location Main Configuration V5 Packet Services Set up V IPX Routing Set up IPX Routing Disabling IPX routing allows the IPX frame types to be modified Configuration IPX Routing does not need to be disabled in order to change the defined Note network numbers on a PPP IOLINK router IPX Frame Types Location Main Configuration V5 Interfaces Set up V LAN Set up V LAN IPX Set up Ethernet II Frames V RAW 802 3 Frames V IEEE 802 2 Frames 802 2 SNAP Frames Define the IPX network number for the appropriate frame type Note that IPX network numbers must be unique If mor
96. n amp Applications Guide i Installation The IOLINK 520 amp IOLINK PRO are flexible Ethernet Bridge Routers that may be configured to service Local Area Networks and Wide Area Network connections over leased lines ISDN circuits and frame relay permanent virtual circuits The IOLINK PRO supports a single LAN and one or two WAN links one ISDN BRI interface or two other WAN modules The IOLINK 520 supports two independent LANs plus one WAN interface or a single LAN plus two WAN interface modules if two ISDN BRI modules are installed this will provide 4 WAN links PPP ISDN units provide bridging IP IPX routing and compression over a PPP ISDN connection and support an ISDN BRI interface via an integral ISDN ST or ISDN U link module The ISDN BRI interface supports two 64 Kbps B channels PPP Lease line units provide bridging IP IPX routing and compression and support one two physical wide area network WAN links that may operate at speeds up to 2 048 Mbps Frame Relay units provide bridging and IP IPX routing and support 1 to 128 Permanent Virtual Circuit PVC across two physical wide area links running RAW 1490 or encapsulated PPP The following instructions provide a quick set up guide for installation of the IOLINK 520 amp IOLINK PRO Ethernet Bridge Routers Unpack the IOLINK Router Rough handling during shipment can damage electronic equipment As you unpack the bridge router carefully check for signs of damage If
97. n here The Ethernet type codes are located at offset 12 of the bridged Ethernet frame Octet Locations on a Bridged TCP IP Frame LEVEL2ETHERNET 0 1 2 3 4 5 6 7 8 9 10 11 12 13 ETHERNET DESTINATION ADDRESS ETHERNET SOURCE ADDRESS TYPECODE INTERNET PROTOCOL 14 15 16 17 8 19 20 21 22 23 24 25 5 pe of 7 f METO AD ver mL TOTALLENGTH IDENTIFICATION FRAGMENT TIMETO PROTOCOL 26 27 28 29 30 31 32 33 SOURCE ADDRESS DESTINATION ADDRESS TRANSPORT CONTROL PROTOCOL 34 35 36 37 38 39 40 4 42 43 44 45 SOURCEPORT PPTDETON SEQUENCENUMBER ACKNOWLEDGEMENT NUMBER 46 47 48 49 50 51 52 53 54 55 56 57 1 ge Reserved ify WINDOW CHECKSUM URGENTPOINTER DATA FIELD 58 59 60 61 62 63 64 W Z 1 1 DATA FIELD NEXT 500 OCTETS ETHERNET CHECKSUM IOLINK 520 amp IOLINK PRO Installation amp Applications Guide B 1 Octet Locations Octet Locations on a Bridged Novell Netware Frame LEVEL2ETHERNET 0 1 2 3 4 5 6 7 8 9 10 11 13 i ETHERNET DESTINATION ADDRESS ETHERNET SOURCE ADDRESS TYPE CODE NOVELLIPX HEADER 14 15 16 17 8 19 20 21 22 23 Checksum LENGTH Pd Eg DESTINATION NETWORK 24 25 26 27 28 29 30 31 32 33 34
98. nated in a male 34 pin X 21 bis connector as defined in ISO 2593 1984 The other end must be terminated in a male 25 pin X 21 bis connector as defined in ISO 2110 1989 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide D 7 Interface Pinouts RS232 Null Modem Cable Configuration DB25 MALE DB25 MALE 1 1 7 7 Signal Ground Signal Ground 8 Received Line Signal Detector CD DTE Ready 20 15 Transmit Timing DCE Source Receiver Timing DCE Source 17 17 Receiver Timing DCE Source Transmit Timing DCE Source 45 24 Transmit Timing DTE Source Transmit Timing DTE Source 24 Figure D 9 RS232 Null Modem Cable The connecting cable must be a shielded cable This cable is needed when it is necessary to connect two units back to back and a set of modems is not available Note that this cable specifies DB25 connectors on each end to allow direct connection to the link interface connector on each unit The link speed must be defined for each of the two units D 8 IOLINK 520 amp IOLINK PROOO Installation amp Applications Guide Interface Pinouts V 35 Null Modem Cable Configuration DB25 MALE DB25 MALE 1 Protective GND Protective GND 1 9 Transmitted Data A Received Data A 11 10 Transmitted Data B Received Data B 12 11 Received Data A Transmitted Data A 9 12 Received Data B Transmitted Data B 10 18 Transmitter Signal Element Timing A Receiver Signal Element Timing A 14 19 Transmitter Si
99. nnect the module from the internal main board WARNING Because of the close proximity of the AC power from the power coupler do not insert anything into the LAN Console opening while the bridge router is powered up Reattach the power to the bridge router and wait for the power up diagnostics to finish The Power LED will turn green Remove power from the bridge router Re install the LAN Console module and secure it with the screw Power up the bridge router Log into the bridge router using the default password BRIDGE and change the password as desired Changing LAN or WAN Interfaces Important 1 2 3 4 5 Remove power from bridge router Remove the screw securing the interface module to the rear of the bridge router Remove the interface module from the bridge router Be sure to grip the module only by the flange at the bottom of the metal panel Install the new interface module and secure it with the screw Power up the bridge router there must be a module in slot 1 left side module position when viewed from the rear of the unit before a module in slot 2 center position will operate For IOLINK 520 models if a LAN 2 module is installed it must go in slot 1 Note in addition that installing a LAN 2 module will clear the IP address of LAN 1 After installing a LAN 2 module the IP address for both LANs must be entered Selecting MDI or MDI X LAN Interface For most LANs where a
100. not listed This terminal type operates in scroll mode and may be used successfully until a custom terminal definition is created Managing the IOLINK 520 amp IOLINK PRO Using the Menus This section describes the minimum configuration parameters required when setting up the IOLINK 520 amp IOLINK PRO Each of the configuration scenarios requires setting of operational parameters on the IOLINK 520 amp IOLINK PRO The built in menu system of the IOLINK 520 amp IOLINK PRO is used to configure the unit The IOLINK router menu system operates on a hotkey principle navigating around the menu system is done by typing the number associated with the desired option the IOLINK 520 amp IOLINK PRO acts on the choice immediately no need to hit the enter key The menu system consists of different menu levels each containing new configuration options Navigation back out of a nested menu is easily accomplished by pressing the tab key The tab key takes you to the previous menu level If you wish to move from your cutrent menu location directly to the main menu simply press the equals When choosing menu options that will toggle between values simply pressing the number associated with that option will cause the options value to change Each successive selection of the option will cause the option s value to change again Some menu options require input from the operator When selecting an option that requires a value
101. nstalled you will first be asked which LAN to reference 1 or 2 Both LANs must have unique IP addresses to use IP routing 2 4 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications 2 1 2 1 IP Addressing Devices on an IP netwotk are located by their IP addresses which is a 32 bit number divided into four 8 bit fields The IP address identifies both the network and the host device also known as a node on that network The address is usually written as the four decimal values for the fields between 0 and 255 separated by decimal points for example 196 65 43 21 The high order field defines the IP class of the address are three commonly used classes of standard IP addresses A 1 to 127 B 128 to 191 C 192 to 223 For Class A addresses only the first 7 bits of the high order field represents the network addtess so there can be 127 networks The remaining three fields are the host portion of the address there can be over 16 million 225 host devices on each class A network Network Address Host Address Class A IP Address Class B uses the first two fields for network addresses and can address approximately 16 000 netwotks The two low order fields allow approximately 65 000 host addresses 219 for each network Network Address Host Address PP ee COT CO Goo Class B IP Address Class C uses three high order fields to address over 2 million networks the low
102. nt at our discretion of any unit of our manufacture which under normal installation use and service exhibits such defect provided that the unit is delivered to us or our authorised service centre in the same condition as originally provided for our examination with all transportation charges prepaid within the serviceable lifetime of the product for which it was purchased by its original purchaser and provided that such examination discloses in our judgement that it is thus defective The lifetime is the serviceable life of the product This is defined as the period during which spare parts components are available or for a minimum of two years from the date of manufacture whichever is the longer Should the product prove to be irreparable Perle reserves the right to substitute an equivalent product This warranty does not extend to any products which have been subjected to misuse neglect accident fire flood physical damage incorrect wiring not of our doing improper installation or testing unauthorised modification use in violation of instructions furnished by us or repair by an unauthorised third party This warranty will be void if the products serial number or other identification marks have been defaced damaged or removed EXCEPT AS EXPRESSLY SPECIFIED THE PRODUCTS ARE PROVIDED AS IS WE MAKE NO REPRESENTATION OR WARRANTY OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE NON INFRINGEMENT OR OF TECHNOLOGICAL VALUE AND
103. on must be enabled The PVC must disabled to change the PPP encapsulation status then re enabled o L The configuration options described here are only for initial set up and configuration purposes For more complete information on all of the configuration parameters available please refer to the IOLINK 520 amp IOLINK PRO VPN Menus Manual file on the accompanying CD ROM Applications IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 47 Applications 2 4 3 3 Configure Firewall The IOLINK 520 amp IOLINK PRO provide Firewall security for restricting access between any two networks connected through the router Firewalls are set up on a per connection basis for the LAN and remote sites The direction of filtering is from the perspective of the IOLINK router incoming traffic is from the network in question to the IOLINK router outgoing is from the IOLINK router to the network The direction of filtering may be set to incoming outgoing both or none Once the direction of filtering for a connection has been set holes may be created in the firewall to allow specified traffic through Normally the LAN firewall is used for restricting intranet traffic connections within the corporate network and remote site firewalls are used to limit access from less trusted sources such as the Internet or dial up ISDN links The following diagram shows a corporate head office network which is connected to the Inte
104. or shown here and pinouts described here correspond to the connector labeled Console on the back of the IOLINK 520 amp IOLINK PRO 13 1 25 1 Contact CCITT IEEE Circuit Direction Number Circuit Circuit Name To From Number Desig DCE DCE 101 Protective Ground Transmitted Data Received Data Interface Pinouts x CleartoSend x Z Xe Signal Ground Received Line Signal Detector CD Data Terminal Ready X Ring Indicator X 2 3 Pe 6 107 CC DataSetReady 28 20 22 Figure D 3 Console Pinouts The connecting cable must be a shielded cable When connecting the IOLINK router console directly to a modem a null modem cable must be used because both the IOLINK router console and the modem are DCE devices A null modem cable with pinouts according to the following figure must be used IOLINK router Contact Modem Contact Number Number Figure D 4 Console Null Modem Cable Pinouts IOLINK 520 amp IOLINK PRO Installation amp Applications Guide D 3 Interface Pinouts V 24 amp RS232C Link Pinouts The connector shown here and pinouts described here correspond to the connector labeled RS232 V 24 on the back of the IOLINK 520 amp IOLINK PRO 13 1 25 71 Contact CCITT Circuit Circuit Direction Number Circuit Name To From Number DCE DCE A __ 2 Data Set Ready Signal
105. order field is used to address up to 253 hosts the addresses with all bits set to 1 and all 0 are reserved for network use so addresses available from 8 bits 255 minus the 2 reserved Network Address Host Address m xX COT CO Class C IP Address IP addresses within a private network may be assigned arbitrarily however if that network is to interconnect with the global Internet it is necessary to obtain a registered IP address For example a small company is connected to the Internet they are assigned a single class C IP network address 199 169 100 0 This network address allows the company to define up to 253 host addresses within their network IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 5 Applications Network Address Host Address 199 169 100 0 2 1 2 2 Masks The portion of the IP address to use as the network address is specified by using a mask a mask is the contiguous number of bits to be used for the network address all set to 1 When the mask is logically ANDed with an IP address the result is the network address The mask is specified by entering the mask size as the number of bits in the mask For the standard Class A B and C Internet addresses the mask sizes would be 8 16 and 24 respectively Networks are not restricted to the above standard sizes the mask and hence the network address it specifies may be any number of bits from 8 to 32 This gives much mo
106. rnet with an IOLINK router There is also a branch office at a remote site connected with a leased link The administrator at the corporate head office wishes to set up an IP firewall to allow everyone on the Internet to have access to the corporate FTP and Web servers and nothing else The administrator also wishes to allow all of the TCP traffic from the branch office network to have access to the head office Anyone in the corporation may have unrestricted access to the Internet Main FTP server 195 100 1 12 Main Web server 195 100 1 20 Corporate Head Office Network 195 100 1 0 Branch Office Network 195 100 2 0 Router with firewall enabled Any other network any IP address Figure 2 13 Sample Firewall Application The following steps must be performed on the IOLINK 520 amp IOLINK PRO to set up the firewall support as desired 2 48 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications First the firewall on the ISP connection remote site 1 of the WAN is set up The firewall option is set to inbound to have this WAN firewall filter traffic from the ISP to the IOLINK router while allowing unrestricted access out to the Internet Firewall Location Main Configuration Applications Set up Firewall Set up WAN Firewall Set up enter ID 1 for ISP remote site V Firewall Vo inbound The firewall on the Internet connection is set up to protect the entire corpora
107. s Set up V IP Routing Set up V IP Routes V Edit Route Destination IP Address amp Mask Vo Next Remote site ID or IP Address lt gt Mask Cost Add Each static IP route is defined in the Edit Route menu The destination network IP address is specified when you first enter the menu and then the IP address alias or ID number of the next hop route and the cost may be defined Finally select Add to add the route to the routing table Once static IP routes are defined they may be viewed with the Show Static Routes command from the IP Routes menu Configuration When the IP routing protocol is set to none static routes will be used to route Note traffic The mask size must also be defined when creating a static route entry The subnet mask is required to allow a static route to be created to a different IP network address See the previous section for an explanation of masks 2 8 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 1 3 IPX Routing The IOLINK 520 amp IOLINK PRO are pre configured to operate as an IPX router When installed in an IPX network the IOLINK router will learn the IPX network numbers from connected networks It will then route the IPX frames to the appropriate destination IPX netwotk IPX routing scenario may consist of one of the two following configurations The first configuration consists of Novell servers located on each of the LAN segments to b
108. s a RJ 45 connector to connect to the RJ 45 connector of the NT1 provided with your ISDN service The ISDN U interface module of the ISDN IOLINK Router provides an integrated NT1 with a RJ 45 connector to connect directly with your ISDN service Pinouts for the WAN connectors are listed in Appendix D of this manual 1 4 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications Power Up the Bridge Router Once the LAN and Link connections are made and the console is connected to a terminal you are ready to power up the IOLINK router Connect the AC power cord to the back of the IOLINK router and plug the cord into the AC wall outlet Observe the LEDs as the bridge router powers up The LEDs will go through a circular flashing pattern as the power up diagnostics are performed After the power up diagnostics are finished the Power LED will go from red to green Enter at least one RETURN up to three if necessary in order for the bridge router to determine the baud rate of the terminal used for the console 1 autobaud The following information will now be seen on the console connected to the bridge router Terminals supported ansi avt ibm3101 qvt109 qvt102 qvt119 tvi925 tvi950 vt52 vt100 wyse 50 wyse vp teletype Enter terminal type Select the terminal type being used if listed and enter its name in lower case at the prompt or choose the terminal type teletype if your terminal is
109. sensitive The Ferrite module included with the ISDN U Module must be installed on the cable that is connected to the ISDN U Module The Ferrite module must be installed approximately two inches from the RJ45 connector at the bridge router end of the cable The cable must pass through the Ferrite module twice with a Single loop around the Ferrite module 2 from connector dE Ferrite module installed on the cable RJ45 connector on the end connecting to the ISDN U Module Figure C 6 Ferrite Module Installed on the Cable IOLINK 520 amp IOLINK PRO Installation amp Applications Guide C 5 Servicing Information Performing a Software Upgrade 1 Execute the Network TFTP command from the Load FLASH Set Up menu 2 Enter none to connect locally or enter the remote site ID number or alias to connect to a remote site 3 Start the TFTP application to be used for transfers to the router The IP address of the router may be found in the Internet Set Up menu 4 Put the file all to the router from the Operational Code directory on the CD ROM Any router not in Network Load BOOT mode will respond with an access violation error 5 The router will verify the file all in memory program and verify the FLASH clear the configuration to default values except Address IP Routing state IP Forwarding state WAN Environment Link 1 amp 2 State the Switch Type
110. set up The example shows 8 hex character SPIs as set in Routet 1 so for Router 2 the matching Outbound SPI would then be ECA97531 and the Inbound SPI 24680BD IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 41 Applications Then the authentication algorithm should be set to MD5 IPSec ESP SA Location Main V Configuration V Packet Services Set up IP Security Set up V Policy Set up Edit Item Mem name Manual ESP SA V Authentication MD5 If Authentication is left as none the default setting no authentication will be done on the packet only encryption will be performed Next the encryption and authentication keys are Set up As with the SPIs the Inbound Outbound pairs must be mirrored on the peer router set up IPSec ESP SA Location Main Configuration V Packet Services Set up IP Security Set up Policy Set up Edit Item Mem name V Manual ESP SA V Keys V Outbound encrypt key 0123456789 ABCDEF V Inbound encrypt key FEDCBA 9876543210 V Outbound auth key 1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F V Inbound auth key F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1F1 The encryption keys must be exactly 16 hex characters for DES encryption 48 hex E characters for 3 DES and the authentication keys must be exactly 32 hexadecimal characters long 2 42 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications Now the selection rules used to te
111. shold before it is brought down This prevents activation or deactivation of the secondary link due to momentary peaks or drops in traffic Bandwidth Allocation Control Protocol BACP may be used to negotiate the link activation between partner routers BACP must be used if the partner router is not another IOLINK router Enable BACP Location Main Configuration Connections up Remote Site Set up Edit Remote Site V Protocol Set up V BACP Set up V BACP enable call mode local ot partner Call mode determines which router originates the call to bring up the second link If BACP is not used the partner IOLINK routers will use proprietary negotiations to determine which router is to activate the second link 2 52 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Introduction to Filtering 3 Introduction to Filtering The IOLINK 520 amp IOLINK PRO provide programmable filtering which gives you the ability to control under what conditions Ethernet frames are forwarded from one network to another There are many reasons why this might need to be accomplished some of which security protocol discrimination bandwidth conservation and general restrictions Filtering may be accomplished by using two different methods The first method is to filter or forward frames based solely on their source or destination MAC address This method of filtering is useful when bridging between LANs an
112. st each packet against are set IPSec ESP SA Location Main Configuration V Packet Services Set up IP Security Set up Policy Set up Edit Item item name Selection Rules Src IP 10 10 10 1 25 Dest IP 192 168 10 1 24 Protocol any Src port any Dest Port any The example policy items for Router 1 show the source and destination specified by the local IP addresses with masks All protocols will be allowed between all ports Then the policy item must be activated IPSec ESP SA Location Main Configuration V Packet Services Set up IP Security Set up V Policy Set up Edit Item Mem name Activate If packets to be checked against more than one policy item tab back to the Policy set up menu and repeat the previous steps for the next policy item There may be up to 32 policy items Packets are tested against policy items in order of the items priority numbers from lowest to highest IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 43 Applications To do its job as a router this device must know where to forward packets with IP addresses outside the LAN This may be done in a number of ways a static IP route to the LAN at the other end of the SA connection may be set the IP address of the Internet Service Provider may be set as the Default Gateway or an IPSec policy item may be created specifically to pass RIP packets To set a policy item for RIP pack
113. stablished to a specifically configured remote IOLINK router when certain IP traffic is received from the local LAN Note that any time the switch type is changed a soft reset must be performed before the change will take effect The switch type is not saved through a full reset the IOLINK router will come up with the C default switch type NET3 if you require a different switch type it must be re entered after a configuration reload It is strongly recommended that the entire configuration set of the router be saved Dump config txt to the console then reloaded Restore config txt from the console after a full reset L The configuration options described here are only for initial set up and configuration purposes For more complete information on all of the configuration parameters available please refer to the IOLINK 520 amp IOLINK PRO VPN Menus Reference Manual PDF on the accompanying CD ROM 2 2 1 1 PPP ISDN Manual Call Quick Connections The PPP IOLINK 520 amp IOLINK PRO should be configured with a remote site profile entry for each router that will be called see section 2 3 1 A manual direct dial connection may be performed to establish an initial connection to a remote site router Once the connection is established and working properly the remote site configuration for that router should be entered into the IOLINK router The remote site profile enables ISDN calls to be placed automatically each time the IOL
114. t Gateway ern nna ER Aa 2 8 IP State Routes neii E A A 2 8 IPX e aa a aa aa E E E TE E RRi 2 9 Novell Servets in Both Locations sorire eiin r k 2 9 Novell Server in One Location 2 10 gt sede hende ee He ERRARE 2 13 PPP Tink Gonfioutationy icine niente eter aad eia RE RR du d cete ete eee etes 2 13 N mbered Links aerei a er pir e ERR REPRE UK e eG EROR DEED PO XR GREC KH ET 2 13 Uru bere Eiks 2 14 iei EE HOM LEER ER RO HAERES SR UE 2 15 paste COTA ULATIONS bra pem rota Eo eet 2 16 Basic ISDN Connections innie ebrii 2 16 Manual ISDN call Quick amp 2 18 TPX Manual Call introire p DRE ER IRR RD SEE 2 18 eo toe tes eves erae E 219 Basic Frame Relay Configuration 2 20 Auto Learning the Frame Relay Configuration 2 20 Manual Configuration EMI Type AE 2 22 QuickStart Frame rA RE ODE PUER UD ep DE eR 2 23 Basic Leased Line Connections eene edebcienidebadepedednidieteetis 2 24 Quick Start PPP Leased Line Connections eese ttn 2 24 Bridge Connection xa unten ete be cete e Pet edt ER eg Pete ie 2 25 TR Routet Connection eoi D DROP E PH e tip do 2 25
115. te flexibility to match the size of the two fields of the IP address to the number of netwotks and hosts to be setviced 2 1 2 3 IP Subnets An IP network may be divided into smaller networks by a process called sub netting A subnet is specified using some of the high order bits of the host field of the IP address for sub network addressing The portion of the IP address to be used as the subnet address is defined by using a subnet mask If the company in the example above Class C IP address 199 169 100 0 decides to split their network into two LANs to reduce the load on their network the original IP network address may be sub netted into two or more smaller IP networks consisting of a smaller number of host addresses in each LAN This allows each of the sites to be a smaller IP network and to be routed together to allow inter netwotk communication Network Address Subnet Host Bits Address Subnet Addressing The subnet mask size is the number of bits in the subnet mask In the above figure the subnet mask size would be 26 24 bits for the class C network address and 2 subnet bits The subnet size is the number of subnet bits in the above figure the subnet size would be 2 2 6 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Applications The IOLINK 520 amp IOLINK PRO allows mask sizes from 8 to 32 bits The subnet mask size determines how many bits of the host field of the original IP network address will b
116. te netwotk including the branch office from unauthorized traffic Then the entries are made in the Designated Servers menu to allow Internet access to the and Web servers on the corporate network gt amp WWW Designated Servers Location Main Configuration V Applications Set up Firewall Set up WAN Firewall Set up Vo ID 1 for ISP remote site Designated Servers FTP Server 195 100 1 12 v WWW Server 195 100 1 20 When defining a designated server you will be prompted for the IP address of that device Adding an entry to the designated servers list allows you to quickly setup a firewall entry without having to figure out TCP port values Next the LAN firewall is set up to restrict access to the LAN The firewall option is set to outbound to have the LAN firewall filter traffic from the IOLINK router Firewall Location Main Configuration Applications Set up V Firewall Set up LAN Firewall Set up Firewall V5 Outbound Note if this IOLINK 520 has a second LAN interface installed you will be requested to select which LAN this firewall entry is to be used with IOLINK 520 amp IOLINK PRO Installation amp Applications Guide 2 49 Applications Then an entry is placed in the firewall table to allow the devices in the branch office remote site to have unlimited TCP access to devices in the head office Firewall Table Entry Location Main Configuration
117. terface Protocol 11 Source IP Address 25 Network Source Port 2 Destination IP Address 6 Node Destination Port 13 Protocol 7 Socket Direction 14 Source Port 8 Hops Perform Test 15 Destination Port Status Server Name Service Type Interface Network Node Socket Hops Edit MAC Address Filter z1 Status Location Filter If Source Filter If Destination Permanent Remove 5 6 T 8 2 3 4 25 56 Continued from previous page ISDN Options Frame Relay Options SNMP set up menu DHCP set up menu Firewall set up menu NAT exports Syslog Time to live Traceroute Ping 1 1 Edit Community menu Edit Community 2 Message Size 3 Show Communities 1 Write Access 14 Remove Community 2 Show Addresses 3 Add Address 4 Remove Address 1 Server pool address menu DNS setup menu NetBIOS setup menu DHCP services Relay destination ICMP echo verification Lease period 8 Default Gateways Server IP address pool 1 IP address pool 2 Show address pool 13 Add static address 4 Remove static address 51 Primary DNS 2 Secondary DNS 3 Domain name NetBIOS Setup 1 Send NetBIOS node type 2 Send NetBIOS scope 3 Send NetBIOS name srv 4 NetBIOS node type 6 3 NetBIOS scope Id NetBIOS name server Firewall Set Up 1 2 1 LAN fire
118. ternet Protocol Control Protocol PCP for all IP communications An IPX router connection will use the Internet Packet Exchange Control Protocol IPXCP for all IPX communications In order to establish an IPCP or IPXCP link connection between two PPP routers either a numbered link or an unnumbered link connection must be established The two types of link connections are available to allow for greater flexibility between vendors products 2 1 4 2 Numbered Links A numbered link assigns a network address either IP or IPX to both ends of the WAN connection In a numbered link configuration the WAN connection may be viewed as another LAN network with the two PPP routers simply routing information between their local LANs and the common connected WAN network Because the WAN is considered a separate network each of the stations on that network must be assigned a network address If a numbered IP link is to be established then each WAN interface must be assigned an IP address on a unique IP network The WAN IP network address must be different from the two existing networks that are being connected together with the PPP routers Location Main Configuration Connections Set up Remote Site Set up Edit Remote Site V Protocol Set up Parameters Link IP address If a numbered IPX link is to be established then each WAN interface must be assigned an IPX node address a unique IPX network number The WAN IPX network ad
119. ters menu software release 51 04 06 52 04 06 Advanced settings menu Advanced settings Advanced set Alternate ISDN 12 Redial timer Grou i 3 Redial count Call you Call me Callback 1 Activation intervals 2 Display schedule 3 Display time 1 Usage limit 2 Call limit 3 Restart time Up threshold Up stability timer 1 2 3 Down threshold 4 Down stability timer 1 STP parameters menu 1 STP Parameters 12 Bridge enabled 3 Tinygram 1 State 4 FCS preservation 2 Path cost 3 Priority 1 IP routing menu NAT Advanced menu IP enabled NAT enabled Link IP address Peer IP address Private Route Negotiate address VJ compression IP Routing 1 Routing protocol 2 RIP mode 3 Triggered 4 ib Auto Default Route Link cost 2 NAT Advanced 1 Translation type 2 Show address pool 1 IPX enabled Link IPX type 3 D 8 Dynamic IP pool d Local IPX node 4 Add static entry 5 Peer IPX node 5 Remove static entry Static routes only IPX DMR enabled 8 Force RIP update z 1 Compression Extended sequence IP spoofing menu IP Spoofing 1 2 IPX spoofing menu le DAD dee E 13 enabled 2 TGP interval 4 Bridge traffic 3 TCP retries z 5 Disc after last 4 TCP aging 6 Suspension
120. tes available A new remote site cannot be auto created unless one of the existing remote sites is manually deleted These automatically created remote site profiles may be renamed for easier identification or usage by changing the Remote Site Alias Remote Site Profile Alias Location Main Configuration V Connections up Remote Site Set up Edit Remote Site Remote Site Alias Configuration When configuring the IOLINK router to use PAP or CHAP security Note authentication after the IOLINK router has automatically created remote site profiles for each of the PVC s either the remote site profile alias must be changed to match the Outgoing User Name configured on the remote site router or vice versa If the local remote site alias and the remote site routers outgoing user name do not match the PVC will always fail with a security violation Also note that PPP encapsulation must be enabled to run security access authentication With auto learning the above is all that is required of the user to set up frame relay remote site profiles If desired parameters may be entered manually as follows Each PVC defined on this IOLINK router must have a DLCI Data Link Connection Identifier value assigned for proper frame relay communication DLCI Location Main Configuration V Connections up Remote Site Set up Edit Remote Site V Connection Set up DLCI IOLINK 520 amp IOLINK PRO Installation amp Applications
121. teway 3 Show all Routes 4 Show Static Routes 5 Clear Static Routes ARP aging timer ARP retry timer Add Remove 1 2 3 4 5 Show ARP table 1 Edit Item menu 2 Show Item 3 Show Summary 4 Show Active Items 5 Show SA summary 6 Remove Item 7 Local IP Address 8 Default Action Show Policy Stats Edit Route Show Static Services Clear Static Services 1 Edit MAC Address Filter Filter Operation Broadcast Address Show Bridging Table Show Permanent Table Clear Bridging Table Show Alias Add Alias Remove Alias Show Pattern Add Pattern Remove Pattern Help Show Alias Add Alias Remove Alias Show Pattern Add Pattern Remove Pattern Help Show Alias Add Alias Remove Alias Show Pattern Add Pattern Remove Pattern Help software release 51 04 06 52 04 06 Edit Static Route Destination Status Remote site Next hop Type Cost Private Add Remove Network mask Status NOU RONONA 1 Name 2 Status 3 Activate 4 Priority 15 Action 6 SA creation 7 7 Manual ESP SA menu Manual ESP SA 8 Selection Rules menu 11 Edit Service 1 Peer IP Address 2 SA node 13 Authentication 14 Encryption z 5 Outbound SPI 6 Inbound SPI 7 Status Test IPSec 2 Server Name Source IP 3 Service Type Destination IP 21 Edit Service 4 In
122. the bridge touter are connected to the main board by a short ribbon cable When lifting the top half of the case off the lid should be lifted from the back and hinged at the front The lid will then fold completely over and lie top down IOLINK 520 amp IOLINK PRO Installation amp Applications Guide C 1 Identifying the Internal Components major components of concern are shown in the following illustration Slot 2 Primary LAN amp Console Interface Module Link 2 Interface Module ISDN BRI DSU G 703 RS232 V 35 RS422 or V 11 LAN Console Board Link2 Board Main Board LAN 2 Interface Module ISDN BRI DSU G 703 RS232 V 35 RS422 or V 11 Link1 LAN2 Board Servicing Information Figure C 1 Top Internal View of the IOLINK 520 amp IOLINK PRO Ethernet Bridge Router C 2 IOLINK 520 amp IOLINK PRO Installation amp Applications Guide Servicing Information To Clear a Lost Password D 2 3 4 5 7 8 Remove power from the bridge router Remove the screw securing the LAN Console module to the rear of the bridge router Be sure to grip the module only by the flange at the bottom of the metal panel Unplug the LAN Console module approximately 1 2 inch from the bridge router Be sure to grip the module only by the flange at the bottom of the metal panel module only needs to be removed slightly to disco
123. timeout 2 IPX Spoofin Set Up tw veer jee IPX type20 1 IPX broadcast z 2 Call mode IPX idle z 3 Request number IPX interval IPX retries IPX aging Continued from previous page Bridging Set Up 1 Spanning Tree menu Bridge Forwarding Bridge Aging Timer Show Bridging Table Show Permanent Table Clear Bridging Table 2 IP Routing Set Up 1 IP Routes menu ARP Set up menu IP routing IP forwarding ARP proxy 1 2 3 4 5 6 11 12 13 14 5 2 1 IP Security 1 2 Policy Set up menu Interfaces menu Statistics menu Diagnostics menu 3 4 5 1 4 IPX Routing Set Up Static Routes menu Static Services menu IPX Routing IPX Forwarding Local Networks Show Routes Show Services Help 1 Filter Set Up MAC Address Filters Bridge Pattern Filters IP Router Pattern Filters IPX Router Pattern Filters 1 2 3 4 Continued IP Routes ARP Set Up 2 Show Item Stats 3 Clear Policy Stats 4 Clear Item Stats 2 Convert Route 3 Show Static Routes 4 Clear Static Routes ISDN Options Frame Relay Options Spanning Tree STP State Bridge Priority Forwarding Delay Message Age Timer Hello Time Show Bridge Show Ports NOuhwn 1 1 Edit Static Route 2 Default Ga
124. tion amp Applications Guide Index A AC power 1 5 Addtess Filtering 3 1 Auto Learning LMI Type 2 21 B Backup ISDN 2 34 2 50 Bandwidth on Demand 2 52 Battery Replacement C 1 Bridge or Route 2 4 C Changing LAN Interfaces C 3 Changing Link Interfaces C 3 Changing the 10BaseT LAN Interface MDI to MDI X C 4 Clear Lost Password C 3 Compression 2 50 Configuration Sheets B 1 Configure as Bridge 2 3 Configure as IP Router 2 4 Configure IPSec 2 39 Configure as IPX Router 2 9 Configuring Firewall 2 39 Configuring Frame Relay 2 19 Configuring ISDN 2 16 Configuring PPP 2 13 2 24 2 27 2 29 2 32 2 33 2 34 2 46 Configuring PPP Security 2 46 Connectots 1 2 Console 1 4 Auto baud 1 4 Console Pinouts D 3 Conventions 1 6 CSU DSU Back to Back Connection D 2 Crossover Cable D 2 Switches D 2 D Data Link Connection Identifier 2 20 2 29 Default Gateway 2 8 DHCP 2 35 Directory Numbers 2 17 DLCI 2 20 2 29 DNS 2 35 E EIR 2 32 Encapsulated PPP 2 23 Ethernet Bridge 2 2 F Ferrite Module C 6 Filters 2 47 3 1 3 4 Filter if Destination 3 1 Filter if Source 3 1 Firewall 2 39 Forward if Destination 3 1 Forward if Source 3 1 Frame Relay 2 20 2 23 2 31 2 34 2 37 2 40 Front View 1 2 I Installing ISDN Link Modules C 5 Internal Components C 2 Introduction to Filtering 3 1 IP Address 2 5 2 13 2 23 2 25 2 27 2 37 2 39 2 50 IP Addr
125. wall setup menu 1 2 WAN firewall setup menu LAN WAN Firewall Set Up 5 3 Block src IP spoofing 1 Designated servers menu z 2 Edit firewall entry menu 3 Firewall Firewall statistics Clear statistics Show firewall entries Remove entry NOJA NAT Exports 1 Edit Services Router port 3 Default export 4 Show services 5 Clear services 1 Statistics Set Up 1 Extended Statistics z2 Interval 3 Clear Statistics Statistics set up menu Remote site information menu LAN statistics menu Link stats Link summary Interface stats Interface status Clear link amp interface stats Remote Site Information 1 Common protocol stats 2 PPP statistics 3 Frame relay statistics 4 Status 5 Usage information 6 Clear remote site stats LAN Statistics 1 Bridged traffic IP traffic IPX traffic 4 Total LAN traffic 5 LAN error 6 7 Clear LAN statistics Clear LAN errors WAN Trace 1 Soft Reset Full Reset 1 3 Heartbeat 4 WAN trace 5 WAN loopback 1 Trace link 2 Real Time z 3 Capture 4 End 5 Data display Acknowledge alarm 6 Time Show events Clear events Show security log Clear security log Show resumption log Clear resumption log 1 Link operation 2 External loopback 3 CSU DSU self test 4 CSU DSU digital loopback 5 CSU
Download Pdf Manuals
Related Search