Avocent Cyclades-PR2000 User's Manual
Contents
1. Delete Rule Rule to delete Y Clear Rule List Edit Rule Same Parameters as Add Rule 97 Cyclades PR2000 Exterior Router Perimeter Network 192 168 0 0 172 16 0 0 192 168 0 3 Bastion Host Extension to Network FIGURE 12 2 FIREWALL EXAMPLE Figure 12 2 will be used to show how both an exterior router and an interior router would be configured using the filters available in CyROS Chapter 12 Filters and Rules Cyclades PR2000 Exterior Router The exterior router is the network s first defense against attacks For this reason it is reasonable to prohibit all packets except for those explicitly allowed This is done by choosing the Default Scope to be Deny Thus ALL desired traffic must be expressly allowed by the rules in the rule list DENY e mail in Let e mail out DENy Let Telnet Connections Out DENY FIGURE 12 8 DENY AS DEFAULT SCOPE In Figure 12 3 a conceptual equivalent of the interface is shown All packets except those which fall into the holes in the ball will be denied entry in to or out of the network Chapter 12 Filters and Rules 99 Cyclades PR2000 Steps necessary to activate filtering on the exterior router in the example 1 wo There are two interfaces with two directions each Filtering on link 1 requires the creation of two rule lists2. IP Options and Data As sent by local Gateway Public b Network Remote Gateway Message 58 Header Message Source IP Address Destination IP Address IP Options and Data As received by x remote Gateway Conversion Header with destination remote security gateway IP Address Header with destination remote security gateway IP Address performed by Router with Cyclades VPN Encrypted IP Datagram Encrypted IP Datagram FIGURE 14 1 CONVERSION PERFORMED BY CYCLADES VIRTUAL PRIVATE NETWORK UTILITY Chapter 14 Virtual Private Network Configuration 115 Cyclades PR2000 An example showing a local security network and two remote security networks is shown in Figure 14 2 The PR2000 in the local security network will be configured step by step Which network is considered local and which network is considered remote depends on the router being configured STEP ONE The Virtual Private Network Utility must be Enabled in the ADMIN gt ENABLE FEATURES gt VPN menu before it can be used Navigate to this menu and enter the password supplied by Cyclades to activate VPN STEP TWO Link 1 of the PR3000 RSG3 should be fully configured and operational before beginning the VPN configuration Each router has an IP address with optional secondary IP addresses for each numbered i
3. Username Applies when Authentication Type is Remote The username the remote device expects to receive Password Applies when Authentication Type is Remote The password the remote device expects to receive Authentication Server Applies when Authentication Type is Server Indicates that either a Radius or Tacacs server is used for validation The location and other parameters of the server must be configured in CONFIG gt SECURITY See section 4 3 of the CyROS Reference Guide Authentication Applies when Authentication Type is Local or Server Either PAP or CHAP or both can Protocol be used for authentication STEP FIVE The parameters defined in the Routing Protocol and Traffic Control Menus should be set after reading chapters 9 and 12 respectively It is probably best to complete the basic configuration of all router interfaces then return to the routing protocol and traffic control menus after general routing and traffic control strategies have been defined Chapter 6 The SWAN and Async Interfaces 47 Cyclades PR2000 CHAPTER 7 NETWORK PROTOCOLS The second step in most interface configurations is to choose which network protocol to use and assign values to the relevant parameters At least one of IP Transparent Bridge or IPX optional and discussed in chapter 13 must be activated Use the information provided below to set the parameters for each interface The Ethernet network protocol menu
4. 123 APPENDIX B HARDWARE SPECIFICATIONS 126 General Specifications rarr ect te dur cate duit eiue e eu detur 126 External Interfaces oir etd e Hei RE HEC e Co Ser ERE 127 The WAN Interfaces 3 e GI 127 TPROSLAN Interface it ete 127 The Asynchronous Interface esses eene enitn tnn tnnt eene nnne rennen 128 The Console Interface oie ede phi eget eee plese or debe poe Leo hve e epe YU Pra d 128 ar Lr pj 129 The Straight Through Cable eiiis 129 DB 25 M 34 st te p E E EP I EE EHE RE ERES a aed 130 The ASY Modem Gable a v bb RERO EE BERE PR E tru ha 131 The Cross Cable 53 m o E OE ESTE RE DUREE ER e EE Eee ee f 131 DB 25 Eoopback Gonnheclot ei er e EE T E ERE Rae RR eod 133 APPENDIX CONFIGURATION WITHOUT A CONSOLE esee nre 134 Hedquiremients cease oe d ad e a eee panies 134 134 INDEX morer EE Draper pedi eee RS 135 Table of Contents 6 Cyclades PR2000 CHAPTER 1 HOW TO USE THIS MANUAL Three Cyclades manuals are related to the PR2000 1 The Quick Installation Manual provided with the router 2 The Installation Manual available electronically
5. o pne EHE P BR o i D o t e eo bete bd dea 16 The GyROS Management Utility 22 2 20 t RE urne Ee ic de D d Peel eb ied 17 CHAPTER 4 STEP BY STEP INSTRUCTIONS FOR COMMON 19 Example 1 Connection to an Internet Access Provider via 19 Example 2 A LAN to LAN Example Using Frame Relay sseeeeneeneennne emen 27 Example 3 ink Backup e OR Ht uttter Ma fedt utut 35 CHAPTER 5 CONFIGURATION OF THE ETHERNET INTERFACE sess 41 The IP Network Protocol 3 oki ER ELE enit ela aeaa ae 41 IP Bridge p 43 Other Parameters ve eve emo A uda ee da 44 CHAPTER 6 THE SWAN AND ASYNC INTERFACES sess nennen netten nne nne 45 CHAPTER 7 NETWORK PROTOCOLS itani tiiin nennen nnne nne nnne tenen enne TEA nennen rnnt rennen nennen 48 Table of Contents 3 Cyclades PR2000 Tae IP Protocols i tico RE ke ok ie t eS EE te Sa a ae te Eom dee tot 49 The Transparent Bridge Protocol uui eto eee ote cnni one tod edite dear tance nope et cip Ce 51 CHAPTER 8 DATA LINK PROTOCOLS ENCAPSULATION seen em emen rennen 52 PPP The Point to Point Protocol 1 ied tato rd beate dde tee cap eate eror de 52 GHAR S55 22v re exa ER PRI AO
6. Cyclades PR2000 CHAR The configuration of the CHAR data link protocol is confined to one menu CONFIG gt INTERFACE gt lt LINK gt gt ENCAPSULATION gt CHAR Information about all the parameters appearing in this menu is provided in the table below Not all parameters will appear for all interfaces CHAR Encapsulation Menu CONFIG gt INTERFACE gt lt LINK gt gt ENCAPSULATION gt CHAR Parameter Description Device Type Determines whether a Terminal Printer or Socket device will be connected to this port TCP Keep Alive Timer The delay between Keep Alive messages sent by TCP Terminal Type For a terminal ANSI is generally used For a printer dumblp is generally used Switch Session Character Code Applies for Terminal Device Control character used to switch sessions 1 is Ctrl A 2 is Ctrl B etc The value 254 disables this option Escape Session Character Code Applies for Terminal Device Control character used while in a telnet session to return to the router menu without closing the session Username Applies for a Terminal Device Must be entered into the local user table first See chapter 16 If this parameter is left blank the user will have to enter a username Wait for or Start a Connection Applies for Socket Device Waitis used when the remote application will start the communication When Startis used a connection is attempted as soon as the line is consid
7. Rules Lists Rule List Name exterior in exterior out Rule Status Enabled Enabled TCP connections allowed Account Process allowed Default List Linked Scope Type Rule List Deny Filter Deny Filter Enabled Permit PCP None Equal 192 168 0 3 255 255 255 255 Greater than 1023 Equal Filter list Name exterior in Rule 0 Status Scope Protocol Source IP Operator Destination IP Operator Destination IP start Destination IP Mask Source Port Operator Source Port Start Destination Port Operator Destination Port Start SMTP Y N FIGURE 12 4 OUTPUT FOR EXTERIOR ROUTER EXAMPLE Chapter 12 Filters and Rules 101 Cyclades PR2000 Filter_list Name exterior_out Rule 0 Status Scope Protocol Source IP Operat Source IP start Source IP Mask Destination IP Source Port Ope or Operator rator Source Port Start Destination Port Operator Destination Port Start Enabled Permit TCP Equal 192 168 0 3 255 255 22552255 one Equal SMTP Greater than 1023 TCP connections allowed N Account Process allowed N Chapter 12 Filters and Rules FIGURE 12 4 OUTPUT FOR EXTERIOR ROUTER EXAMPLE CONTINUED 102 Cyclades PR2000 Interior Router If an interior router exists in the network the administrator may decide to use a Default Scope of Permit In this case all undesired traffic must be excluded by a rule in the rule list In Fig
8. CONFIG gt IP gt BGP4 gt ROUTE MAP gt ADD Parameter Description Route Map Number Identifies the route map Sequence Number Identifies the sequence within the route map The numbers need not be consecutive Match List Name Associates an access list with this sequence as shown in the figure above Weight Alters the weight used to determine the best path This value replaces the importance assigned to the route by the weight parameter in the neighbor configuration Origin Set Nexthop Set Metric Set Local Preference Set Atomic Aggregate Set Aggregate AS number Set AS Path AS Path Prepend AS Path AS SET These parameters modify the path attributes with the same name in the update message STEP SEVEN The neighbor definition should now be changed again to include the new route map This is done in the Neighbor Menu described in step 2 STEP EIGHT This last step permits aggregation of networks inside the AS to simplify routing tables In the example in Figure 9 4 the two networks can be aggregated to form one network with the IP address Mask of 200 50 50 0 23 Chapter 9 Routing Protocols 85 Cyclades PR2000 CONFIG gt IP gt BGP4 gt AGGREGATE ADDRESSES gt ADD Parameter Description Number An ID for reference Address The aggregated address In the example 200 50 50 0 Mask bitlen The mask for the aggregated address In the example 23
9. In the United States and Canada contact technical support by phone or e mail Phone 510 770 9727 9 00AM to 5 00PM PST Fax 510 770 0355 E mail support cyclades com Outside North America please contact us through e mail or contact your local Cyclades distributor or representative Chapter 1 How to Use This Manual 10 Cyclades PR2000 The mailing address and general phone numbers for Cyclades Corporation are Cyclades Corporation Phone 01 510 770 9727 Fax 01 510 770 0355 41829 Albrae Street Fremont CA 94538 USA Chapter 1 How to Use This Manual 11 Cyclades PR2000 CHAPTER 2 WHAT IS IN THE BOX The Cyclades PR2000 is accompanied by the following accessories Back Panel of PR2000 Console Cable Labeled Conf To COM Port of Computer To Wall Outlet 8 pec CU wi 2 with M Gender Changer Interface Interface Cyclades PR2000 CD Rom Containing Quick Installation Manual Documentation Mounting Kit FIGURE 2 1 CYCLADES PR2000 AND CABLES Chapter 2 What is in the Box 12 Cyclades PR2000 e Quick Installation Manual e Console Cable Installation Manual amp Reference Guide on CD Mounting Kit e Two straight through cables e Power Source amp Cable e Two V 35 Adapters e Gender Changer Figure 2 1 shows which cables are used for each type of modem and how everything should be connected The pinout diagrams of these cables are provided in Ap
10. memory is then lost Collecting the data while configuring the router will likely cause delays and frustration Modem or Network Address S 5 PR2000 SWAN 1 DSU CSU F R G SWAN 2 IP Address 100 200 200 1 Frame Relay Network Primary Link DSU CSU IP Address Bandwidth 64 kbps 100 200 200 2 Modem or DSU CSU Modem DSU CSU FIGURE 4 16 PRIMARY AND SECONDARY BACKUP LINKS BETWEEN TWO LANS Spaces have been provided next to the parameters needed for the configuration for you to fill in the parameters for your system Do this now before continuing Chapter 4 Step by Step Instructions 35 Cyclades PR2000 STEP ONE The bandwidth used by CyROS for multilink circuit calculations is that given in the traffic control menu rather than the actual physical bandwidth available If this bandwidth value is not set the preset value zero will be used and the multilink circuit will not function The bandwidth for both links SWAN 1 and SWAN 2 in the example should also have been set when the interface was configured If not the multilink circuit will not work Since the bandwidth was probably not set when the link was configured you should make sure the value is the desired one Menu CONFIG gt INTERFACE gt SWAN 1 gt TRAFFIC CONTROL gt GENERAL Parameter Example Your Application Bandwidth bps 64000 IP Traffic Control List None
11. port pair In the example the web server is connected to one of the global IP addresses for services on port 80 reducing the IP address pool to 13 Static address translation is used when the connection with the external network is to be initiated from either side external or internal Translation may be done in two ways 1 Address translation only each global address is assigned to a single local address when necessary In the example there are only 13 global addresses available and more than 13 hosts With this type of translation only 13 servers can connect to the Internet at any given time 2 Port and address translation the UDP TCP port and local IP address are translated as a pair With this type of translation only ONE global address is needed All hosts can be mapped to the same global IP address This can be used in our example to allow all hosts in the 192 168 0 0 network access to the Internet at the same time Chapter 11 NAT 92 Cyclades PR2000 An overview of the NAT menu is shown in the table below NAT Menu CONFIG gt SECURITY gt NAT Menu Option Description General Parameters for enabling NAT and choosing the NAT Mode Also includes port translation option Global Address The first and last IP addresses in the range In the example these numbers are 200 240 230 225 and 200 240 230 238 Local Address The local network IP address and network mask and whether or not the n
12. 0 Frame Relay Menu CONFIG gt INTERFACE gt lt LINK gt gt ENCAPSULATION gt FRAME RELAY Parameter Description SNAP IP Indicates that the Sub Network Access Protocol should be used The router on the sending end must be using the same header type NLPID or SNAP as the router on the receiving end See the CyROS Reference Guide for more information LMI Selects the Local Management Interface specification to be used ANSI Group of Four defined by the vendors that first implemented Frame Relay Q933a defined by ITU T and None used for a dedicated FR connection without a network T391 Interval between the LMI Status Enquiry messages N391 Full Status Polling Counter Full Status Enquiry messages are sent every N391 th LMI Status Enquiry message N392 Error Threshold The network counts how many events occur within a given period and considers an interface inactive when the number of events exceeds a threshold N393 is the number of events to be considered and N392 the number of errors within this period If N392 of the last N393 events are errors the interface is deemed inactive A successful event is the receipt of a valid Status Enquiry message N393 Monitored Events Count See the description of N392 This value must be larger than N392 CIR Committed Information Rate in percentage of total bandwidth bandwidth defined in CONFIG gt INTERFACE gt SWAN gt TRAFFIC CONTROL 2 GENERAL gt BANDWIDTH Traffic a
13. AS Set Yes causes the route to be tagged with the AS Set path attribute Otherwise the AS Sequence path attribute is assigned Summary Only Yes removes all more specific routes leaving only the aggregated form No maintains both the individual and aggregated routes Chapter 9 Routing Protocols 86 Cyclades PR2000 CHAPTER 10 CYROS THE OPERATING SYSTEM This chapter explains various operating system features that are not covered in other chapters creation of the host table e creation of user accounts and passwords P Accounting Creation of the host table CyROS allows identification of hosts by name In the menu CONFIG gt SYSTEM gt HOSTS each host is assigned a number 1 to 32 and a host name a maximum of 8 characters The IP address to be associated with this host name and the port to be used for telnet is then requested This host name can be used in aplications like ping and telnet and in some other configuration menus Another way to identify hosts by name is to configure access to a DNS Server This is done in the menu CONFIG gt IP gt DNS CLIENT The domain name where the router is located and two DNS Server addresses are the only parameters Creation of user accounts and passwords Four users are preset 1 super with the password surt 2 usr with no password 3 auto with no password and 4 pppauto with no password Chapter 10 CyROS the Operating System 87 Cyclades PR2000 Other users c
14. After the NAT menu parameters have been set the NAT property in the Network Protocol Menu of each interface must be configured In the example the IP Address of the Ethernet interface is not assigned dynamically The parameter CONFIG gt INTERFACE gt ETHERNET gt NETWORK PROTOCOL gt IP gt NAT DYNAMIC ADDRESS ASSIGNMENT should be set to Inactive The IP address of the interface connecting the router to the Internet is also assigned by the super user in the example rather than dynamically The parameter CONFIG gt INTERFACE gt SWAN gt NETWORK PROTOCOL gt IP gt NAT DYNAMIC ADDRESS ASSIGNMENT would also be set to nactive After NAT has been configured and is running the menu option INFO gt SHOW STATISTICS gt NAT will show Network Address Translation Statistics Chapter 11 NAT 95 Cyclades PR2000 CHAPTER 12 RULES AND FILTERS There are four basic types of rules 1 IP filter rules 2 Radius rules actually a combination of previously defined IP filter rules 3 traffic control rules and 4 transparent bridge rules similar to IP filter rules but for applications that use a transparent bridge IP filter rules and traffic control rules will be covered in detail in this chapter See section 4 7 of the CyROS Reference Guide for more information about all four types of rules As an introduction the Rules List Menu Tree is presented in Figure 12 1 First a rule list is created and named Second rules are added to the list
15. Where Can Find More Information CyROS contains many features and sometimes related material must be broken up into digestible pieces Text with this icon will indicate the relevant section Caution Not following instructions can result in damage to the hardware Text with this icon will warn when damage is possible Reminder Certain instructions must be followed order Text with this icon will explain the proper steps Chapter 1 How To Use This Manual Cyclades PR2000 Cyclades Technical Support and Contact Information All Cyclades products include limited free technical support software upgrades and manual updates These updates and the latest product information are available at http www cyclades com ftp ftp cyclades com pub cyclades listed below Before contacting us for technical support on a configuration problem please collect the information The Cyclades product name and model Applicable hardware and software options and versions Information about the environment network carrier etc The product configuration Print out a copy of the listing obtained by selecting INFO gt SHOW CONFIGURATION 2ALL A detailed description of the problem The exact error or log messages printed by the router or by any other system The Installation Guide for your product Contact information in case we need to contact you at a later time
16. called exterior in and exterior out Create them using the menu CONFIG gt RULES LIST gt IP gt ADD RULE LIST and the following parameters Rule List Type Filter Default Scope Deny Linked Rule List Name None Create the rules for each rule list in the order in which they should be evaluated The order is important and mis ordering the rules can cause unexpected results This is done in the menu CONFIG gt RULES LIST gt IP gt CONFIGURE RULES The parameters for rules 0 and 1 in the example are shown in Figure 12 4 Link the rule lists to the respective interface parameters in the menu CONFIG gt INTERFACE gt lt INTERFACE gt gt NETWORK PROTOCOL gt INCOMING OUTGOING RULE LIST NAME exterior in should be set as the incoming rule list name and exterior_out should be set as the outgoing rule list name Exterior_in rule 0 allows a remote computer to connect to the bastion host using the TCP protocol on its SMTP port Exterior_out rule 0 allows the Bastion Server to RESPOND to the connection started by the remote computer To send e mail out two more rules would be needed If all the router needs to do is receive e mail the configuration is done If not other holes must be created in the deny ball Chapter 12 Filters and Rules 100 Cyclades PR2000 The configuration for Let e mail in is shown in the following figure obtained by selecting CONFIG gt RULES LIST gt IP gt L in the menus
17. 18 74 21 23 FIGURE B 10 LOOPBACK CONNECTOR DB 25 MALE Appendix B Hardware Specifications 133 Cyclades PR2000 APPENDIX C CONFIGURATION WITHOUT A CONSOLE When a terminal or PC is not available for use as a console the router has a special feature that allows configuration of the Ethernet interface from any PC on the LAN The router adopts the destination IP address of the first non UDP packet received from the LAN and accepts the connection After configuration of the Ethernet interface with or without a console the remaining configuration can be done via telnet 2 It is recommended that console be used for the initial configuration of the router due to the hardware and software diagnostic messages given on the console screen If a console is not available follow the instructions in this appendix to configure the Ethernet interface Requirements The router must be set to the factory default If the router is being moved from one location to another the configuration should be reset using the menu option ADMIN gt LOAD CONFIGURATION gt FACTORY DEFAULTS before the router is moved Procedure 1 Edit the ARP table of the PC in the LAN and associate the MAC address of the router affixed to the underside of the router to the IP address for the interface In Unix and Microsoft Windows systems the command to manipulate the ARP table is something similar to arp s IP address MAC add
18. Description UDP Timeout Inactivity time required before a UDP translation is removed from the translation table An entry is created in the translation table the first time a UDP packet passes through the interface Five minutes is a reasonable time DNS Timeout Inactivity time required before a DNS translation is removed from the translation table TCP Timeout Inactivity time required before a TCP translation is removed from the translation table This time should be relatively long because under normal conditions TCP connections are formally disconnected with FIN No more data from sender or RST Reset Connection flags Flags Timeout Inactivity time required after the receipt of a FIN RST or SYN Synchronize sequence numbers flag before a TCP translation is removed from the translation table This time can be relatively short because after the TCP connection has been closed there is no further need for its address translation STEP THREE The next step is to define the global address range to which the local addresses will be translated This is done inthe menu CONFIG gt SECURITY gt NAT gt GLOBAL ADDRESSES gt ADD RANGE The First IP Address in the example in Figure 11 1 is 200 240 230 225 while the Last IP Address is 200 240 230 238 The local address ranges must also be entered into the router in the menu CONFIG gt SECURITY gt NAT gt LOCAL ADDRESSES gt ADD RANGE Here the Network IP Addr
19. IP From Interface Applies to Unnumbered interfaces Applies the IP address of another router interface to this one Primary IP Address Applies to Numbered interfaces Address assigned to this interface Subnet Mask Applies to Numbered interfaces Subnet mask of the network Secondary IP Address Applies to Numbered interfaces Indicates a second or third etc up to eight IP address that can be used to refer to this interface This parameter and the next are repeated until no value is entered Subnet Mask Applies to Numbered interfaces Subnet mask of Secondary IP Address Enable Dynamic Local IP Address The terminal connected through PAD assigns an IP address to the router for purposes of their connection Remote IP Address Type The computer connected through PAD or PPP sends its IP address in the negotiation package Fixed The IP address sent must match the number set in the next parameter Same Net The IP address sent must be an address in the network set in the next parameter Any The IP address can be any number that does not conflict with any local IP address None Any IP address is accepted This is not recommended Remote IP Address If Remote IP Address Type not None Used in conjunction with the previous parameter this table is continued Chapter 7 Network Protocols 49 Cyclades PR2000 Network Protocol IP Menu Continued Parameter De
20. TWO The second step is to choose a data link protocol in the Encapsulation Menu There are many encapsulation options on this interface For synchronous communication Frame Relay the Frame Relay Protocol is based on frame switching and constructs a permanent virtual circuit PVC between two or more points X 25 The X 25 Protocol is generally used to connect to a public network The router can act either as a DTE or a DCE HDLC A proprietary alternative to PPP For synchronous or asynchronous communication PPP The PPP Point to Point protocol is used for leased and dial up lines Multilink PPP is also provided Information on how to determine the values of the parameters for each data link protocol is provided in chapter 8 STEP THREE The third step is to set the Network Protocol parameters Information for this step is provided in chapter 7 Chapter 6 The SWAN and Async Interfaces 46 Cyclades PR2000 STEP FOUR If PPP Encapsulation is being used a type of authentication should be chosen This is done in the authentication menu Authentication Menu CONFIG gt INTERFACE gt SWAN gt AUTHENTICATION Parameter Description Authentication Type Local uses the list of users defined in CONFIG gt SECURIT Y gt USERS gt ADD Server uses either Radius or Tacacs to authenticate the user Remote is when this interface is considered to be the user and the other end of the connection performs the authentication
21. The map is built up with the following commands Clear Resets the ACCM table toggle Toggle XON XOFF Add XON XOFF control characters to the ACCM table Toggle Char Add other control characters to the ACCM table using their ASCII value Typing the option once for example X includes it in the table Typing it again excludes it from the table More details are given in the CyROS Reference Guide Enable Predictor Compression Enables data compression using the Predictor algorithm This feature should be enabled only if Cyclades equipment is being used on both ends of the connection because there is no established standard for data compression interoperability Data compression is very CPU intensive making this feature effective only for links running at speeds under 1Mbps At higher speeds the time necessary to compress data offsets the gains in throughput achieved by data compression Number of Bits for Compression Applies when Predictor Compression Enabled Sixteen is fastest but 10 must be used if the router on the other end is a PathRouter for compatibility Connection Type Applies to asynchronous connections only NT Serial Cable is a direct connection to a Windows NT computer This is necessary because NT requires a negotiation before the beginning of the PPP negotiation Direct is used for other connections using cables or leased lines Chapter 8 Data Link Protocols Encapsulation 53
22. Timer After this time has elapsed the DTE retransmits the Clear message Negotiable Facilities Initiates facility negotiation during virtual circuit creation Send Facility Determines which facilities are negotiated during virtual circuit creation Packet size is part of the flow control parameters negotiation Throughput is part of the throughput class negotiation and N3 Window Level 3 Window Size above is part of the flow control parameters negotiation Chapter 8 Data Link Protocols Encapsulation 62 Cyclades PR2000 STEP TWO The next step is to create a static routing table associating each remote X 121 address with an IP address or a TCP Socket location This is done in the Add DTE menu which appears at the end of the X 25 parameter list It can be reached by passing through all X 25 parameters or by using the lt ESC gt key at any point in the parameter list 25 Add DTE Menu CONFIG gt INTERFACE gt lt LINK gt gt ENCAPSULATION gt X 25 gt lt ESC gt gt Add DTE Parameter Description Type of Logical Address IP Address or TCP Socket Users that intend to use the TCP Socket option should see the CyROS Reference Guide IP Address Applies for Address Type P Address of remote DTE device X 121 DTE Address Address of remote DTE device VC Number Number assigned to this circuit if itis a PVC For SVCs the value should be zero Enable Predictor Applies for P Addres
23. Translation see NAT Open Shortest Path First see OSPF OSPF 69 areas 70 autonomous system 70 virtual links 75 P Problem Resolution 120 R Reserved IP Addresses 90 RIP interface configuration 68 Routing Protocol RIP see RIP Rules Lists 96 Run Configuration 16 S Saving Changes to flash 16 to flash at a later time 16 to run configuration 16 Service Prioritization 106 SNMP and IP accounting 89 Static Routes 24 SWAN Interface 45 testing 123 135 y P x Cyclades Australia Phone 61 7 3279 4320 Fax 61 7 3279 4393 www au cyclades com Cyclades Philippines Phone 632 813 0353 Fax 632 655 2610 www ph cyclades com NN 122 2 Cyclades UK Phone 44 1724 277179 Fax 44 1724 279981 www uk cyclades com Cyclades Corporation 41829 Albrae Street Fremont CA 94538 USA Phone 510 770 9727 Fax 510 770 0355 www cyclades com ES Em CYCLADES The Leader in Linux Connectivity Cyclades South America Phone 55 11 5033 3333 Fax 55 11 5033 3388 www cyclades com br Cyclades Italy Phone 39 329 099045 1 Cyclades Germany Phone 49 0 81 22 90 99 90 Fax 49 0 81 22 90 999 33 www cyclades de
24. and defined Configuration of IP Filters IP Filter rules are a very important part of a network s firewall They permit packets into or out of the network depending on the source and destination IP addresses the source and destination ports the protocol used and the ACK bit for TCP packets The Syslog can be used to monitor the packets that meet the rules applied in this menu Chapter 12 Filters and Rules 96 Cyclades PR2000 Config Rules List IP Add Rule List Edit Rule List Add _ Rule Lis Configure Rules Rule List Name Rule List Name Rule Status Rule List Type Default Scope Incoming Rule List Name Outgoing Rule List Name J Linked Rule List Name N Insert as Rule Number Add Rule FIGURE 12 1 THE RULES LIST MENU TREE Chapter 12 Filters and Rules Rule Status Scope Rule Priority Level Reserved Bandwidth Bandwidth Priority Level Protocol Source IP Operator IP Address Start Mask IP Address Start IP Address End Destination IP Operator IP Address Start Mask IP Address Start IP Address End Source Port Operator Source Port Start Source Port End Destination Port Operator Destination Port Start Destination Port End Allow TCP connections Allow Account Process
25. and the external metric provided in the previous parameter For Type 2 the total metric of this route is the value provided in the previous parameter Chapter 9 Routing Protocols 67 Cyclades PR2000 RIP Configuration CyROS supports three basic types of RIP 1 RIP1 RFC 1058 2 RIP2 with broadcast compatible with RIP1 RFC 1723 3 RIP2 with multicast RFC 1723 The primary difference between RIP1 and RIP2 is that only RIP2 advertises subnet masks and next hops If the network contains equipment that understands only RIP1 packets then RIP1 or RIP2 with broadcast should be used See RFC 1723 item 3 3 for more details If only RIP2 is used RIP2 with multicast is recommended Unlike static routes RIP is configured on each interface rather than in a global menu The menu is the same for all interfaces and its parameters are presented in the table below RIP Menu CONFIG gt INTERFACE gt lt L INK gt gt ROUTING PROTOCOL gt RIP Parameter Description Send RIP Causes the router to transmit RIP messages Listen RIP Causes the router to accept RIP messages RIP2 Authentication Applies if 2 was chosen in the first two options Activates RIP message authentication with a password RIP2 Authentication Applies if 2 Authentication is Active Password used for both received and Password transmitted RIP messages Chapter 9 Routing Protocols 68 Cyclades PR2000 OSPF The OSPF Ope
26. been defined enter into each menu described above in the order presented read chapter 3 Using Menus if you have not done so already Set the parameters in each menu according to the values you wrote in the figures above Save the configuration to flash memory at each step when requested configurations saved in run memory are erased when the router is turned off If you saved part of the configuration to run memory for some reason save to flash memory now using the menu option ADMIN gt WRITE CONFIGURATION gt TO FLASH Be sure to change the superuser password using the menu option CONFIG gt SECURITY gt USERS gt MODIFY The user ID super can remain the same but the password must be changed to avoid unauthorized access Chapter 4 Step by Step Instructions 39 Cyclades PR2000 STEP SIX The multilink circuit can be tested by temporarily deactivating the interface on the primary link This is done in the ADMIN gt START STOP INTERFACE menu by selecting the SWAN interface If there is traffic the backup link should then take over and the menu item INFO gt SHOW ROUTING TABLE will show that the backup link is working To create traffic try pinging a host in the destination network At this point you should create a backup of the configuration file in binary and print out a listing of the configuration Instructions for creating a backup of the configuration file Use the menu option ADMIN gt WRITE CONFIGURATION gt T
27. gt PPP The first parameter is the PXWAN Network Number shown in Figure 13 1 as 00 0 000 IPX Compression can be enabled and if so the Number of Compression Slots determined If enabled it must be used on both sides of the link both routers in Figure 13 1 in order for the link to work Chapter 13 IPX 112 Cyclades PR2000 The parameter Send SAP Update can be set to Demand Periodic or None This parameter affects both SAP and RIP Periodic causes the router to send these messages every minute while choosing Demand will cause the router to send messages only when a message request is received Frame Relay Frame Relay parameters are explained in chapter 8 The IPX protocol specific parameters are the same as those described in the preceding section but are located in the menu CONFIG gt INTERFACE gt lt INTERFACE gt gt ENCAPSULATION gt FRAME RELAY gt lt ESC gt gt ADD DLCI 25 X 25 is explained in chapter 8 IPX protocol specific parameters are the same as those described in the PPP section but are located in the menu CONFIG gt INTERFACE gt lt INTERFACE gt gt ENCAPSULATION gt X25 gt lt ESC gt gt ADD DTE Routing Routing can be done statically by configuring static routes or dynamically using RIP RIP is described in chapter 9 To create a static route as shown in Figure 13 1 navigate to the menu CONFIG gt STATIC ROUTES gt IPX gt ADD ROUTE The parameters for the system shown
28. in the example are the following Add IPX Static Route Menu CONFIG gt STATIC ROUTES gt IPX gt ADD ROUTE Parameter Value for the Example Destination Network 00010001 Number Interface Slot 1 Next Hop Node 006026001 100 Number of Hops 1 one router is between the router being configured and the network to be reached Number of Ticks 1 related to the time necessary to reach the network Chapter 13 IPX 113 Cyclades PR2000 The routing table is displayed by the menu option INFO gt SHOW ROUTING TABLE gt IPX For the example and using only the static route created above the routing table appears as in Figure 13 2 Destination Interface Subinterface hops ticks Type Remote address 00000001 0 1 PrimaryNet 00A0B000 Ethernet 0 1 Connected 00010001 Slot1 Node 00602E001100 1 1 Static 00B0CO000 Slotl 0 1 Connected FIGURE 13 2 ROUTING TABLE FOR THE EXAMPLE The SAP Service Advertisement Protocol Table In Novell networks a given server can provide various services In order for the router to identify these servers their locations and services are entered into a SAP table in the router This is done using the menu CONFIG gt IPX gt SAP TABLE The parameters for each entry are shown in the table SAP Table Menu CONFIG gt IPX gt SAP TABLE Parameter Description Service Type Service this server offers provides a list of valid codes Fo
29. includes IP bridging and is explained in chapter 5 The SWAN Network Protocol Menu is given in figure 7 1 Note that this menu varies slightly for each interface Specific information on the options for each interface is provided in the CyROS Reference Guide in the chapter for the interface Config Interface SWAN Network Protocol IP Transparent Bridge Active _ Interface Unnumbered Numbered Assign IP from Interface Primary IP address Subnet Mask Secondary IP Address Subnet Mask CIP MTU NAT C ICMP Incoming Rule List Name Detailed Incoming IP Accounting Outgoing Rule List Name Detailed Outgoing IP Accounting Routing of Broadcast Messages Status _ Port Priority Incoming Rule List Name Outgoing Rule List Name FIGURE 7 1 NETWORK PROTOCOL MENU TREE FOR THE SWAN INTERFACE Chapter 7 Network Protocols 48 Cyclades PR2000 The IP Protocol If the preset values provided by the operating system are accepted the interface will work at a basic level The most common options are explained in the following table Network Protocol IP Menu CONFIG gt INTERFACE gt lt LINK gt gt NETWORK PROTOCOL gt IP Parameter Description Active or Inactive Activates this interface Interface Unnumbered Unnumbered interfaces can be used for point to point connections Assign
30. internal use only they may not have a direct connection to the Internet for reference they are 10 0 0 0 10 255 255 255 172 16 0 0 172 16 255 255 and 192 168 0 0 192 168 255 255 These are used as local IP addresses Figure 11 1 shows an example of the utility of NAT 1 Global Address Range ftp Networks Network 200 240 230 224 Server 192 168 0 0 amp SS Mask 255 255 255 240 L gt 192 168 0 30 200 200 200 0 200 240 230 2 PR2000 With x oM Expanded NAT 200 200 200 10 192 dud 31 192 168 0 5 Router Ethernet Port Primary IP Address 192 168 0 1 Secondary IP Address 200 200 200 1 FIGURE 11 1 NAT EXAMPLE In this example the company has 14 global IP addresses available for NAT 200 240 230 225 to 200 240 230 238 Two networks connected to the router via the Ethernet Interface one of which will be translated Two servers that are accessed via the same global IP address assigned statically Chapter 11 NAT 90 Cyclades PR2000 There are two types of NAT available in CyROS Normal NAT and Expanded NAT This chapter describes Expanded NAT A description of Normal NAT appears in Chapter 4 of the CyROS Reference Guide implementation of NAT used in the Power Router line It has been maintained for backward compatibility Expanded NAT provides static translation not only from one IP address to another but from one IP address port pair to another IP address port pair 2 What is th
31. is 192 168 100 0 Subnet Mask Both Examples To access all hosts in Network 3 its mask 255 255 255 0 is used Gateway or Interface Example 1 the route is to a gateway Example 2 the route is to an interface since unnumbered interfaces are being used Gateway IP Address Applies only when previous parameter is Gateway It must be an address visible to the router In Example 1 it is 142 10 0 4 Interface Applies only when previous parameter is Interface Select the port Ethernet or slot N that will be unnumbered In Example 2 it is Slot 1 Metric Relative cost of this link Generally measured in number of routers between two IP addresses Both Examples 1 Is This a Backup Route Indicates that this route is used as a backup in a multilink circuit See section 4 4 for more information about multilink circuits OSPF Advertises This Static Route Static routes defined in the router can be advertised by OSPF Both this parameter and the parameter CONFIG gt IP gt OSPF gt GLOBAL gt ADVERTISE STATIC ROUTES must be set to Yes for the route to be advertised External Metric Applies when OSPF Advertises This Static Route is set to Yes Defines the metric that will be advertised by OSPF External Metric Type Applies when OSPF Advertises This Static Route is set to Yes For Type 1 the total metric of this route is composed of the internal metric inside the autonomous system
32. on the Cyclades web site 3 The CyROS Reference Guide also available electronically on the Cyclades web site CyROS stands for the Cyclades Routing Operating System It is the operating system for all Cyclades Power Routers PR1000 PR2000 PR3000 and PR4000 The CyROS Reference Guide contains complete information about the features and configuration of all products in the PR line CyROS is constantly evolving and the menus in this manual might be slightly different from the menus in the router The latest version of all three manuals and the latest version of CyROS can be downloaded from Cyclades web site All manuals indicate on the second page the manual version and the corresponding version of CyROS This manual should be read in the order written with exceptions given in the text Chapter 2 What is in the Box explains how the router should be connected Chapter 3 Using Menus describes CyROS menu navigation Chapter 4 Step by Step Instructions for Common Applications guide to configuration with detailed examples Chapters 5 to 9 Basic router configuration information for applications that do not fit any of the examples in chapter 4 Chapter 10 CyROS shows how to set router specific parameters and create lists of hosts and users Chapter 11 Network Address Translation describes CyROS NAT implementation Chapter 1 How To Use This Manual 7 Cyclades PR2000 Chapter 12 Filters and Rules demonstrates ho
33. or not to pass through an interface Statistics are given for packets that meet the criterions defined in a rule Traffic Rules are not supported To see all packets a special rule list permitting everything can be defined Rules are described in chapter 12 Two versions of the IP account table are available for viewing The result of INFO gt SHOW ACCOUNT TABLE gt SUMMARY is shown below for four filter rules IP Accounting Table Interface Direction Filter List Rule Bytes Packets Ethernet Outgoing generic 0 24876 3072 Ethernet Incoming generic 0 49254 3358 slot 3 Outgoing swan3out 17 21362 3223 slot 3 Incoming swan3in 15 32563 3131 Detailed information can be accessed via SNMP To use IP Accounting two parameters must be set When a rule is created the parameter CONFIG gt RULES LIST gt IP gt CONFIGURE RULES gt ADD RULE gt ALLOW ACCOUNT PROCESS must be Yes Additionally when applying a rule to an interface the parameter CONFIG gt INTERFACE gt ETHERNET gt NETWORK PROTOCOL sIP gt DETAILED INCOMING OUTGOING IP ACCOUNTING must also be Enabled Chapter 10 CyROS the Operating System 89 Cyclades PR2000 CHAPTER 11 NAT NETWORK ADDRESS TRANSLATION NAT exists to convert local IP addresses into Internet global IP addresses Internet IP addresses are assigned by Internet providers Due to the explosion of the internet these numbers are scarce Certain ranges of IP addresses are reserved for
34. routing table If some routes that might be received are undesired they can be filtered as they enter or leave so that they are not placed in the routing table or are not propagated to other autonomous systems This requires the following three steps 3 Create an Access List 4 Add rules to the Access List 5 Return to the Neighbor configuration and match each list to the neighbor it should be applied to In some cases a route should be accepted but with changes determined by policies defined by the system administrator In this case a route map should be created indicating which of the path attributes of the incoming or outgoing message should be changed This route map can be associated with a filter so that only specific rules will be altered The steps are the following 6 Create a route map sequence pair 7 Edit the neighbor definition to link it to the new route map Chapter 9 Routing Protocols 76 Cyclades PR2000 The last option is to aggregate the addresses contained in the local autonomous system in order to present an aggregated route to the outside world This is done in the last step 8 Aggregate the addresses contained in the AS The steps defined above will now be clarified STEP ONE The global parameters apply to the router s AS Classless Inter Domain Routing CIDR Address notation is used instead of the normal IP Address and Subnet mask notation Both are shown in Figure 9 4 lt 200 50 51 0 2
35. the configuration of the router This can be saved in a text file and or printed on a printer Chapter 4 Step by Step Instructions 26 Cyclades PR2000 Example 2 A LAN to LAN Example Using Frame Relay This section will guide you through a complete router installation for the connection of two LANs via Frame Relay Figure 4 9 shows the example system used in this section Spaces have been provided next to the parameters needed for the configuration where you can fill in the parameters for your system Do this now before continuing a Network IP 100 130 130 0 Central Office s Network IP 15 0 0 0 Remote Site s LAN ETHO PISO 200 240 230 2 PR2000 _ _ 128 Kbps Se Connection V 35 DSU CSU 16 Public Frame Relay Network Network IP 200 240 230 0 1 1 Mask 255 255 255 240 FIGURE 4 9 CENTRAL OFFICE AND REMOTE SITE CONNECTED USING SWAN INTERFACES Chapter 4 Step by Step Instructions 27 Cyclades PR2000 STEP ONE The first step is to determine the parameters needed to configure the Ethernet interface ETHO The parameters in the Network Protocol Menu IP are shown in Figure 4 10 Fill in the blanks for your application in the right most column These parameters will be entered into the router later after all parameters have been chosen Each parameter in this menu is explained in more detail in chapter 5 of the Installation Manual Menu CONFIG gt INTERFACE gt E THERNET gt NET
36. 0 Iypes of Address Translations ce aid heb uino bee 92 CHAPTER 12 RULES AND PILTERS detener 96 Configuration on IP Filters nnde eet ee 96 Traffic Rule Lists ont e eae et Inde sade eie Hes 105 CHAPTER 13 IPX INTERNETWORK PACKET EXCHANGE cecceceeseceeeeeeceeeseeeeeeeeeeeeaeseeseeeeeaseaeeeaeeees 111 Enabling IPX c CE 112 Configuring the Ethernet Interface 112 Configuring Other Interfaces ics seit PES ERE EC DE Be Rd REC ken PC E EE pcdes 112 PEP ui suns REED BU mind UU UOS 112 Frame Rela j ur TB HR euis 113 113 PROUTING PEE 113 The SAP Service Advertisement Protocol Table 114 CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATION seeeeerenerenenene 115 APPENDIX A TROUBLESHOOTING ipeum e ebur eri eR Du ERES 120 What to Do if the Login Screen Does Not Appear When Using a Console 120 What to Do if the Router Does Not Work or Stops Working seen 121 Testing the Ethernet Interface cinere IE UD sees eines eels 122 Table of Contents 5 Cyclades PR2000 Testing the WAN
37. 0 98 ms 200 246 93 37 ping statistics 5 packets transmitted 5 packets received 0 packet loss round trip min avg max 0 98 1 19 1 96 ms Pinging the router from a host on the network should give similar results If the test fails confirm that the link LED is lit and that the P Address and Subnet Mask parameters in the Network Protocol menu are correct for the network to which the router is attached The command CONFIG gt INTERFACE gt ETHERNET gt will display the current values of the interface parameters Appendix A Troubleshooting 122 Cyclades PR2000 Testing the WAN Interfaces The WAN interface can be tested using ping as described in the previous section If the ping is not successful check the routing table to see if a route to the destination exists INFO gt SHOW ROUTING TABLE The menu items INFO gt SHOW STATISTICS gt SWAN and INFO gt SHOW STATUS gt SWAN may also provide useful information If the router does not seem to be working properly and none of the above advice has located the problem the hardware interfaces should be tested This will determine if the problem is hardware software or configuration related This test will be between the two SWAN interfaces 1 Connect the cable labeled cross between the two interfaces to be tested 2 Choose DEBUG gt HARDWARE TESTS gt NEW RUN IN from the menu Test options for each interface are shown Choose Yes for the two S
38. 2000 Rules Lists Rule List Name Rule Status traffic 1 Enabled Rule 0 Status Flow priority Rule bandwidth Bandwidth priority Protocol Source IP Operator Source IP start Source IP Mask Destination IP Operator Source Port Operator Destination Port Operator Default List Linked Scope Type Rule List Traffic Filter list Name traffic 1 255 255 255 0 one one one FIGURE 12 8 OUTPUT SHOWING PARAMETERS FOR TRAFFIC RULE EXAMPLE 1 Chapter 12 Filters and Rules 107 Cyclades PR2000 FIGURE 12 8 OUTPUT SHOWING PARAMETERS FOR TRAFFIC RULE EXAMPLE 1 CONTINUED Rule 1 Status Flow Priority Rule bandwidth Bandwidth priority Protocol Source IP Operator Source IP start Source IP Mask Destination IP Operator Source Port Operator Destination Port Operator Rule 2 Status Flow Priority Rule bandwidth Bandwidth priority Protocol Source IP Operator Source IP start Source IP Mask Destination IP Operator Source Port Operator Destination Port Operator 2222220 255 255 255 0 one one one 255 255 25540 one one one Chapter 12 Filters and Rules 108 Cyclades PR2000 An example showing the third type of traffic control is given in Figure 12 8 The network administrator wants to prioritize the access to his web server He also wants to prioritize e mail sent by his SMTP server but the priority should be lower All other traffic sh
39. 55 255 255 0 200 50 51 0 24 AS 747 Tele Popeye 200 50 50 0 255 255 255 0 200 50 50 0 24 Tele Brutus FIGURE 9 4 EXAMPLE SYSTEM WITH PR2000 IN AS 100 BEING CONFIGURED Chapter 9 Routing Protocols 77 Cyclades PR2000 CONFIG gt IP gt BGP4 gt GLOBAL Parameter Description BGP4 Protocol Activates the protocol Local AS Number This number is assigned by the service provider Router Identifier Usually the same as the Router ID one of the interface IP addresses Cluster Identifier Only used when this router is used as a router reflector Default Local Preference Value of the attribute local pref used by IBGP Accept Connections From All Peers Allows BGP connections from neighbors that have not been specified in the Neighbors Menu Advertise Direct Routes Allows the removal of the interface routes from the list of routes to be advertised In the example these would be 100 100 100 1 200 200 200 1 and the LAN interface IP address Advertise Static Routes Allows the removal of static routes from the list of routes to be advertised Advertise RIP Routes Allows the removal of routes learned via RIP from the list of routes to be advertised Advertise OSPF Routes Allows the removal of routes learned via OSPF from the list of routes to be advertised The BGP network menu allows registration of the IP Addresses contained
40. 8 Cyclades PR2000 Add DLCI Menu CONFIG gt INTERFACE gt lt LINK gt gt ENCAPS gt FRAME RELAY gt lt ESC gt gt ADD Parameter Description DLCI Number Used to identify the DLC This number is supplied by the Public Frame Relay network provider The DLCls are stored in a table which can be seen with the L command Frame Relay Address Map Determines the method used for mapping the remote IP address to the Permanent Virtual Circuit Static maps one IP address to this DLCI nverse ARP maps the IP address dynamically in a manner similar to the ARP table IP Address Applies when Frame Relay Address Map is Static Provides the IP address to be used for static address mapping Enable Predictor Compression Enables data compression using the Predictor algorithm This feature should be enabled only if Cyclades equipment is being used on both ends of the connection because there is no established standard for data compression interoperability Data compression is very CPU intensive making this feature effective only for links running at speeds under 1Mbps At higher speeds the time necessary to compress data offsets the gains in throughput achieved by data compression Number of Bits for Compression Applies when Predictor Compression Enabled Sixteen is fastest but 10 must be used if the router on the other end is a PathRouter for compatibility DLCI Priority Level This is the equivalen
41. Cyclades PR2000 Installation Manual Access Router Cyclades Corporation Cyclades PR2000 Installation Manual Version 1 2 May 2002 Copyright C Cyclades Corporation 1998 2002 We believe the information in this manual is accurate and reliable However we assume no responsibility financial or otherwise for any consequences of the use of this Installation Manual This manual is published by Cyclades Corporation which reserves the right to make improvements or changes in the products described in this manual as well as to revise this publication at any time and without notice to any person of such revision or change The menu options described in this manual correspond to version 1 9 7 of the CyROS operating system This manual is printed horizontally in order to match the electronic PDF format of the Installation Manual page per page All brand and product names mentioned in this publication are trademarks or registered trademarks of their respective holders FCC Warning Statement The Cyclades PR2000 has been tested and found to comply with the limits for Class A digital devices pursuant to Part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the Installation Manual may cause harmful interf
42. Menu CONFIG gt INTERFACE gt SWAN 2 gt TRAFFIC CONTROL gt GENERAL Parameter Example Your Application Bandwidth bps 64000 IP Traffic Control List None FIGURE 4 17 TRAFFIC CONTROL PARAMETERS STEP TWO Now the primary link Slot 1 and the secondary link Slot 3 must be registered as a multilink circuit First multilink circuit is created and assigned an identifier This is done in the CONFIG gt MULTILINK menu Then the two links are added to the multilink circuit The parameters used in the example for the two interfaces in this multilink circuit are shown in Figures 4 18 and 4 19 Chapter 4 Step by Step Instructions 36 Cyclades PR2000 Menu CONFIG gt MULTILINK gt MULTILINK CIRCUIT NUMBER gt ADD MODIFY INTERFACE Backup After This Link Returns Parameter Example Your Application Slot N SWAN 1 Type of Interface Main Time to Activate 5 Backup After This Link Goes Down Time to Deactivate 20 FIGURE 4 18 ADDITION OF THE PRIMARY MAIN LINK Menu CONFIG gt MULTILINK gt MULTILINK CIRCUIT NUMBER gt ADD MODIFY INTERFACE Parameter Example Your Application Slot N SWAN 2 Type of Interface Backup Time to Activate Backup After This Link Goes Down Zero since this link S the backup A backup can itself have a backup but this is not done in this example Time to Deactivate Backup After This Link Goes Up Zero since this link
43. O FTP SERVER Fill in the IP address of the computer where the configuration file should be saved the file name the directory name and the user account information This configuration file can later be downloaded with the ADMIN gt LOAD CONFIGURATION gt FTP SERVER option Instructions for listing the configuration The menu option INFO gt SHOW CONFIGURATION gt ALL will list to the terminal screen the configuration of the router This can be saved in a text file and or printed on a printer Chapter 4 Step by Step Instructions 40 Cyclades PR2000 CHAPTER 5 CONFIGURATION OF THE ETHERNET INTERFACE The PR2000 has one Ethernet 10Base T interface provided in a standard RJ 45 modular jack which should be connected to an Ethernet hub or switch Use a standard 10Base T straight through cable not included When the Ethernet link is correctly connected the link LED will be lit The menus for the Ethernet Interface are independent of the speed of the link If your network uses 10Base2 thin coaxial cable or 10Based thick coaxial cable you will need a transceiver to convert between the different Ethernet media A crossover cable is required for direct connection to a computer an RJ 45 Ethernet pinout is provided in appendix B Note While Cyclades Power Routers work with most standard RJ 45 cable connectors shielded Ethernet cables should be used to avoid interference with other equipment The parameters in the encapsulation menu a
44. OUTES CONTAINING AS 5 CONFIG gt IP gt BGP4 gt ACCESS LIST gt ADD Parameter Description Access List Name Name assigned to list to indicate which interface and direction it applies to Access List Type The AS Path type allows filtering by AS number the Dist BGP type allows filtering by IP address and the Community BGP type allows filtering by community In the figure the filtering can be done based either on AS 5 or the address 100 10 0 0 16 Rule Status Enables the rule Default Scope If the default of the list is permit the default of each rule must be deny and the corresponding rule must define which routes must be discarded If the default of the list is deny the default of each rule must be permit and the corresponding rule must define which routes will be accepted with all others being discarded Chapter 9 Routing Protocols 81 Cyclades PR2000 STEP FOUR An access list needs at least one rule The example in Figure 9 6 shows three access lists each one with several rules Each neighbor can be assigned up to 6 access lists as seen in step 2 Discarded Discarded Discarded Routes Routes Routes BGP 4 Message From Tele Popeye 2 2 2 2 2 6 o C 5 5 C 5 5 NI o jo Route Map Access list Access list Access list popeye comm popeye dist popeye path type Community type Distribution type AS Path FIGURE 9 6 UPDATE MESSAGE ARRIVING FROM TELE POPEYE
45. PASSING THROUGH 3 FILTERS AND A ROUTE MAP An update message arriving from the neighbor called Popeye in step 2 will pass through the filters assigned to it in the Neighbor Menu The figure shows the case where the scope of the list is permit and that of the rules is deny Each rule causes routes to be discarded until finally the shortened message arrives at the route map if one has been configured for this neighbor Chapter 9 Routing Protocols 82 Cyclades PR2000 CONFIG gt IP gt BGP4 gt ACCESS LIST gt CONFIGURE RULES gt lt ACCESS LIST NAME gt gt ADD Parameter Description Rule Status Enables the rule Scope See explanation of this parameter in step 3 Rule AS Position Applies only for Access List Type equal to AS Path Limits the search on AS number to a particular position in the route For the example in Figure 12 5 Any would be the correct choice because AS 5 will appear in the middle or the beginning of the route Rule AS Number Applies only for Access List Type equal to AS Path Applies the rule to routes containing this AS number with the restriction given in the preceding parameter Rule Distr Search Type Applies only for Access List Type equal to Dist BGP Exact filters rules that match the IP Address Mask pair exactly Refine matches more specific routes Rule Distr Address Applies only for Access List Type equal to Dist BGP Applies the rule to routes with this IP number and the
46. PU LED CODE INTERPRETATION 4 Make sure any external modem DSU CSU or interface equipment is properly connected and that the interface configuration is correct Many cables for example have a DB 25 connector but are not interchangeable Which cable is used for which type of modem is given in chapter 2 Appendix A Troubleshooting 121 Cyclades PR2000 Testing the Ethernet Interface After configuring the Ethernet interface return to the main menu using the lt ESC gt key as many times as is necessary Save the configuration to flash memory the operating system will ask how to save the configuration on the way back to the main menu The simplest way to test the link is by using the ping application From the main menu choose APPLICATIONS gt PING Enter the IP number of a host on the network for the HOST parameter and accept the preset values for the rest of the parameters The output on the screen should appear as shown below Host host00 200 246 93 37 packet size number from 32 to 1600 32 count 0 if forever or 1 to 30000 5 interval in ms 20 to 60000 1000 PING 200 246 93 37 200 246 93 37 32 data bytes 32 bytes from 200 246 93 37 icmp seq 1 ttl1 127 time 1 96 ms 32 bytes from 200 246 93 37 icmp seq 2 ttl1 127 time 1 02 ms 32 bytes from 200 246 93 37 icmp seq 3 ttl1 127 time 0 99 ms 32 bytes from 200 246 93 37 icmp seq 4 ttl1 127 time 0 99 ms 32 bytes from 200 246 93 37 icmp seq 5 ttl1 127 time
47. REM ER RE ERE DU trit e e E RO RI DERE 54 PIPPGHAR xime pure ce Eee cus d ERE PORE RE EG PUO Pe hae toe dmi 55 gere Er 55 Frame Relay E EE 55 X25 a EE 60 X 25 with PAD Packet Assembler Disassembler c ccceseeeeeeeceeeeeceeeeeeeeeeeaceeeeeaeeeeeaeeeseaeeeeseneeeesneeeeeeaes 63 CHAPTER 9 ROUTING PROTOCOLS 2 2 2 oe erae see 64 ROUTING Strategies eder ERREICHTE ER ERE PRECES RR HERR ies 64 Static ROUINO 64 P e P E ED D Pih qs 64 Static ROUTES s ioi Ree 65 RIP Gornfiguration tastes eles dete Re fe d Re e eb 68 OSBE d iot uie te e eee a deaf denied e t e ees 69 OSPF Configuration on the Interface esistente ntn rns trenta nnne nnns 70 QSPF Global Gonfiguratiors eo 72 BGP 4 Config ratiOty 2 e E Ea epe Eo atas e Pee RO Re iret E Re ri Pede dd 76 CHAPTER 10 CYROS THE OPERATING SYSTEM essere nennen enne neret nennen neret 87 Greation of the host table 2 eaten ee ite Te veo Et eave etoile 87 Table of Contents 4 Cyclades PR2000 Creation of user accounts and enne 87 rdi Xe eror VIO oro REED CE 89 CHAPTER 11 NAT NETWORK ADDRESS TRANSLATION essere nennen nnne 9
48. ROTOCOLS ENCAPSULATION Each encapsulation option is presented in a separate section in this chapter Not all data link protocols are available for all interfaces PPP The Point to Point Protocol PPP is the only encapsulation option than can be either synchronous or asynchronous It is important to choose between them in CONFIG gt INTERFACE gt lt LINK gt gt PHYSICAL before entering the Encapsulation menu The menu options depend on this choice Note not all interfaces support both the synchronous and asynchronous modes In this case there is no physical menu The configuration of the PPP data link protocol is confined to one menu CONFIG gt INTERFACE gt lt LINK gt gt ENCAPSULATION gt PPP Information about all the parameters appearing in this menu is provided in the table below Not all parameters will appear for all interfaces PPP Menu CONFIG gt INTERFACE gt lt LINK gt gt ENCAPSULATION gt PPP Parameter Description MLPPP Enables Multilink PPP on this interface MLPPP is described in the CyROS Reference Guide for each interface that supports it Leased Dial in etc Applies for MLPPP Yes Type of line used on this link Identification for This Bundle Applies for MLPPP Yes and Dial out or Leased An integer value Total Number of lines for Applies for MLPPP Yes Maximum number of links allowed in the bundle This Bundle PPP Inactivity Timeout Applies to asynchronou
49. Router IP Address as described in step two be used and not the IP address of the link connected to the IP network unless the two IP addresses happen to be the same Chapter 14 Virtual Private Network Configuration 118 Cyclades PR2000 STEP SIX Now the Remote Security Networks must be defined This is done in the CONFIG gt SECURITY gt VPN gt REMOTE IP NETWORKS gt ADD NETWORK menu The IP address and network mask must be defined for all remote devices to be included in the remote network for VPN communication The Remote Security Gateway IP address set in step five must also be given for each network In the example the RSG IP address for the network 10 255 255 0 is 9 9 9 1 and the RSG IP address for the network 192 168 0 0 is 20 20 20 1 STEP SEVEN The last step is to activate VPN and configure the VPN options Be aware that after activating VPN on the local network data sent to the remote network will not be forwarded until VPN is configured and activated on that network too The VPN Options Menu parameters should be set using the guidelines given below The options should be defined identically for all Remote Security Gateways in a VPN VPN Options Menu CONFIG gt SECURITY gt VPN gt OPTIONS Parameter Description Cyclades VPN Status Activates the Virtual Private Network Warning until VPN is activated on both ends of a given tunnel all traffic will halt Tunnel Keepalive Keepalive messages are sen
50. S the backup Cost One Indicates the relative priority of this backup link which is unnecessary since this example has only one Chapter 4 Step by Step Instructions FIGURE 4 19 ADDITION OF THE SECONDARY BACKUP LINK 37 Cyclades PR2000 STEP THREE Up to this point the configuration can be used either for link back up or for load back up This example shows link back up but parameters applicable to load back up will be mentioned when they appear Complete information on the multilink circuit concept is provided in chapter 4 of the CyROS Reference Guide Menu CONFIG gt MULTILINK gt MULTILINK CIRCUIT NUMBER gt CIRCUIT ATTRIBUTES packet is forwarded to the interface with the lesser load Adaress Based distribution is used when the receiver cannot reorder packets and all packets to a certain IP address must be sent through the same interface This distribution method is not recommended unless absolutely necessary Parameter Example Your Application Criterion for Traffic This parameter has no effect for link backup For load Distribution backup Optimal distribution is performed randomly and the Bandwidth Upper Limit Zero for link backup For load backup this defines when load backup should activate the backup link It is measured as a percentage of the bandwidth defined in step four Time to Activate Backup if Above Limit This parameter does not appear for link backup Time unti
51. TR CTS 5 5 CTS RTS 1 4 RTS RJ 45 DCD 7 8 DCD DSR 8 6 DSR Gnd 4 7 Gnd FIGURE B 8 ASY MODEM CABLE RJ 45 TO DB 25 MALE The Cross Cable Appendix B Hardware Specifications 131 Cyclades PR2000 DB 25 Male Signal PGnd TxD RxD RTS CTS Gnd DCD DTR DSR RxD V 35 B TxD V 35 B TxD V 35 A RxD V 35 A TxClk_DTE A RxClk TxClk_DCE TxClk_DTE V 35 B RxClk V 35 B TxClk DCE V 35 TxClk_DTE V 35 RxCIk V 35 TxClk DCE V 35 A B A A A Pin N 11 13 14 15 17 24 16 25 19 18 23 21 Cross Cable DB 25 Male Pin Signal 120 e gt lt RxD TxD RTS CTS Gnd DCD DTR DSR RxD V 35 B TxD V 35 B RxD V 35 A TxD V 35 A TxD V 35 A RxClk TxClk DCE TxClk_DCE V 35 B RxClk V 35 B TxClk DTE V 35 B TxClk_DCE V 35 A RxClk V 35 A TxClk DTE V 35 A FIGURE B 9 CROSS CABLE DB 25 MALE TO DB 25 MALE Appendix B Hardware Specifications 132 Cyclades PR2000 DB 25 Loopback Connector DB 25 Male 2 4 3 4 B 8 20 11 4 13 12 4 14 15 _ 17 24 16 4 19 25
52. WAN RSV interfaces and No for all other tests Let the test run for a while Pressing will show the General Statistics Table Figure INTERFACE STATUS BYTES PACKETS REMOTE Slt Prt Board Lp E 6 Sent Sent Slt Prt Name 1 1 SWAN M 0 0 00 D 1512 1466 4 4 2 l OCAL 2 1 SWAN S 0 0 00 1833 1510 5 4 1 1 OCAL FIGURE A 3 GENERAL STATISTICS TABLE The first three columns show which interfaces are being tested The column shows which board is master and which is slave The LP column indicates how many test loops have been completed The E9696 column shows how many errors per 1000 packets have occurred Appendix A Troubleshooting 123 Cyclades PR2000 The S column reveals the stage of the test at the time the table was created D data transfer S synchronization The next 4 columns indicate bytes and packets sent and received The last three columns indicate the port with which the interface is communicating errors appear to determine if the errors repeat or are just an artifact of the test procedure If there The test should be run until at least one test loop LP 1 has completed More loops can be run if is a hardware defect the value in the E column will be large Below the General Statistics Table the time in test and total errors are indicated If an error occurs typing E will s
53. WORK PROTOCOL gt IP Parameter Example Your Application Active or Inactive Active enables IP communication IPX and Transparent Bridge are not used in this example Interface Unnumbered Numbered Primary IP Address 100 130 130 1 Subnet Mask 255 255 255 0 Secondary IP Address 0 0 0 0 for none IP MTU Use the preset value 1500 This determines whether or not a given IP datagram is fragmented NAT Global because NAT is not being used in this example ICMP Port Inactive Incoming Rule List None filters are not included in this example Outgoing Rule List Name None filters are not included in this example Proxy ARP Inactive IP Bridge Inactive FIGURE 4 10 ETHERNET NETWORK PROTOCOL MENU PARAMETERS Chapter 4 Step by Step Instructions 28 Cyclades PR2000 STEP TWO No more parameters are necessary for the Ethernet interface The other interface to be configured is the SWAN in slot 1 The SWAN physical media parameters are shown in Figure 4 11 Fill in the values for your application The SWAN configuration is described in more detail in chapter 6 of the Installation Manual Menu CONFIG gt INTERFACE gt SWAN gt PHYSICAL Parameter Example Your Application Mode Synchronous Clock Source When the interface is connected to a DSU CSU the Clock Source is External Media for SWAN Cable V 35
54. an be created and the user usr can be assigned a password The password of the super user should be changed as soon as possible The menu CONFIG gt SECURITY gt USERS allows addition deletion and modification of the list of users The parameters are User Name e Password User Type Super Usr Auto or PPPAuto User Status Disabled or Enabled e Hosts 1 through 4 the host names entered here must already exist in the host table Automatic login name for hosts 1 through 4 only for user of type auto Then the main menu items for this user are determined Telnet e Ping Traceroute SLIP Lastly any restrictions as to how the user may log are defined Console Terminal PPP Terminal Telnet PAD Terminal The super user has access to all menus The usr user is shown a menu upon sucessful login with the items chosen in the user s profile The pppauto user is connected directly to the user via PPP No menu appears The auto user is connected via telnet directly to the host specified as host 1 in the user profile If an automatic Chapter 10 CyROS the Operating System 88 Cyclades PR2000 login name is indicated when the auto user is configured the user is logged in to the remote host directly though a password may be necessary depending on the remote host configuration IP Accounting IP Accounting is used to count the total number of packets allowed
55. arameter Example Your Application Destination IP Address 15 0 0 0 Subnet Mask 255 255 255 0 Gateway or Interface gateway Gateway IP Address 200 240 230 1 Metric One number of routers between router being configured and the destination IP address Is This a Backup Route No OSPF Advertises This No Static Route FIGURE 4 15 STATIC ROUTE MENU PARAMETERS STEP SIX Now that the parameters have been defined enter into each menu described above in the order presented read chapter 3 Using Menus if you have not done so already Set the parameters in each menu according to the values you wrote in the figures above Save the configuration to flash memory at each step when requested configurations saved in run memory are erased when the router is turned off If you saved part of the configuration to run memory for some reason save to flash memory now using the menu option ADMIN gt WRITE CONFIGURATION gt TO FLASH Be sure to change the superuser password using the menu option CONFIG gt SECURITY gt USERS gt MODIFY The user ID super can remain the same but the password must be changed to avoid unauthorized access STEP SEVEN The Ethernet interface can be tested as described in the troubleshooting appendix The SWAN interface can be tested in a similar manner At this point you should create a backup of the configuration file in binary and print out a listing of the configuration Chapter 4 Step by St
56. ation parameters for Frame Relay are less straight forward Many of them are based on decisions that cannot be shown in a diagram Fortunately the choices made here will mostly effect the performance of the link rather than whether it works or not Fill in the parameters appropriate for your system consulting chapter 8 of the Installation Manual for more information if necessary Menu CONFIG gt INTERFACE gt SWAN gt ENCAPSULATION gt FRAME RELAY Parameter Example Your Application SNAP IP Inactive for the example The router on the sending end must be using the same header type NLPID or SNAP as the router on the receiving end LMI ANSI for the example This must also be the same as the router on the receiving end T391 Ten seconds the interval between the LMI Status Enquiry messages N391 Six N392 Three N393 Four This value must be larger than N392 CIR 90 percent 100 minus this number is the percentage of total bandwidth that may be discarded if the network is congested Bandwidth Reservation Inactive Traffic control will not be covered in this example FIGURE 4 13 FRAME RELAY ENCAPSULATION MENU PARAMETERS At the end of the parameter list shown above the DLCI menu appears Choosing Add DLCI will lead to the parameters shown in Figure 4 14 The lt ESC gt key used at any time during the Frame Relay encapsulation parameter list will also bring up the DLCI menu A DLCI entry
57. ber of Permanent Virtual Circuits Indicates the number of permanent virtual circuits that will be connected through this interface This maximum is also 64 Layer 3 Window Size The layer 3 packet level window represents the number of sequentially numbered packets that can be sent before an acknowledgement must be received This number may be negotiated if the Window Size Facility is utilized see last parameter in this table Layer 2 Window Size The layer 2 frame level window represents the number of sequentially numbered frames that can be sent before an acknowledgement must be received The frame numbers are independent of the packet numbers this table continued Chapter 8 Data Link Protocols Encapsulation 61 Cyclades PR2000 X 25 Menu Continued Parameter Description Packet Size The packet size to be sent across the interface This number may be negotiated if the Packet Size Facility is utilized see last parameter in this table Number of Retries N2 Number of times an information frame can be resent without response before the link is considered down TL Time the frame level waits for an acknowledgement for a given frame before re sending it T2 Time that can elapse after receiving a frame until the router must send an acknowledgement T21 Call Request response Timer After this time has elapsed the DTE sends a Clear message T23 Clear Request response
58. bove this rate may be discarded if the network is congested Bandwidth Enables traffic control per DLCI Traffic control options appear in the Add DLCI Menu Reservation Chapter 8 Data Link Protocols Encapsulation 56 Cyclades PR2000 STEP TWO After configuring the general parameters each DLC must be defined An example will be used to demonstrate the procedure A public Frame Relay network connecting offices in Sao Paulo Rio de Janeiro Salvador and Recife is shown in Figure 11 1 Each router will have a routing table pairing destination network with router interface and gateway A Frame Relay Address Map is also created either statically or dynamically to associate each DLCI with the destination router IP For the router in Salvador the Frame Relay address map will look like this DLCI IP 11 200 1 1 1 21 200 1 1 4 81 200 1 1 3 Data link connections are defined in the Add DLCI menu which appears at the end of the Frame Relay parameter list It can be reached by passing through all parameters or by using the lt ESC gt key at any point in the parameter list Chapter 8 Data Link Protocols Encapsulation 57 Cyclades PR2000 S o Paulo Rio de Janeiro Network 192 168 200 0 Network 192 168 201 0 Router Salvador Recife Network 192 168 203 0 Network 192 168 202 0 FIGURE 8 1 PERMANENT VIRTUAL CIRCUITS BETWEEN OFFICES Chapter 8 Data Link Protocols Encapsulation 5
59. date messages received from this neighbor Outgoing Distribute Access List Name Applies a distribution access list to update messages sent to this neighbor Incoming Filter Access List Name Applies a filter access list to update messages received from this neighbor Outgoing Filter Access List Name Applies a filter access list to update messages sent to this neighbor Incoming Community Access List Name Applies a filter access list to update messages received from this neighbor Outgoing Community Access List Name Applies a filter access list to update messages sent to this neighbor Incoming Route Map Number Applies a route map to update messages received from this neighbor Outgoing Route Map Number Applies a route map to update messages sent to this neighbor Neighbor Alias Address Additional address used by the other router STEP THREE Figure 9 5 shows an example of a route that could be filtered out The preferred route from 5 to 1 is through 4 with 6 serving as a reliable backup Any route received from neighbor 2 which includes 5 will probably be a duplicate of the equivalent route received from 4 In order to reduce the size of the routing table all routes received from 2 than contain 5 can be filtered out of incoming update messages Chapter 9 Routing Protocols Cyclades PR2000 yndesired Route 100 10 0 0 16 Backup Route FIGURE 9 5 MULTIPLE R
60. e 47 63 Hz single phase Environmental Conditions Operating temperature 32 to 112 F O to 44 Celsius Relative humidity 5 to 95 non condensing Altitude Operating 10 000 feet max 3000 m Physical Specifications External dimensions 8 5 w x 8 D x 1 6 H Safety FCC Class A CE class A FIGURE B 1 GENERAL SPECIFICATIONS Appendix B Hardware Specifications 126 Cyclades PR2000 External Interfaces The WAN Interfaces The WAN interfaces are provided on a DB 25 female connector The pinout diagram is not shown here as it depends on which protocol RS 232 V 25 or X 21 is configured Please see the pinout diagrams for the cables used for each protocol to determine the signals on the interface 15 000000000000 1000000000000 FIGURE B 2 SERIAL WAN INTERFACE DB 25 FEMALE The LAN Interface ETHERNET PORT Ethernet Signal TPTX TPTX 1 8 TPRX m TPRX ETHERNETPORT 1 7 N C FIGURE 10 100 BASE T ETHERNET INTERFACE RJ 45 FEMALE Appendix B Hardware Specifications 127 Cyclades PR2000 The Asynchronous Interface ASYNCHRONOUS PORT i Signal RTS DTR 1 8 TxD Ground CTS RxD DCD DSR FIGURE B 4 ASYNCHRONOUS INTERFACE RJ 45 FEMALE The Console Interface CONSOLE PORT Pin RS 232 Signal FIGURE B 5 CONSOLE INTERFACE RJ 45 FEMALE Appendix B Hardware Specifica
61. e difference between Expanded and Normal Mode NAT The Normal is a previous As a preview after configuring the router as shown in the example CONFIG gt SECURITY gt NAT gt L will display NAT Enabled NAT mode Expanded Port map translation Enabled UDP Timeout min 5 DNS Timeout min 1 TCP Timeout min 1440 TCP flags Timeout min 1 1 1 NAT Global Addresses address range 200 240 230 225 to 200 240 230 238 NAT Local Addresses address range 192 168 0 0 255 255 255 0 translated Chapter 11 NAT 91 Cyclades PR2000 NAT Static Translation Table Global address port local address Port Protocol 1 200 240 230 225 20 192 168 0 30 20 TPC 2 200 240 230 225 21 192 168 0 30 21 TPC 3 200 240 230 225 80 192 168 0 31 80 TPC Types of Address Translation In dynamic address translation a pool of global IP addresses is loosely related to a pool of local IP addresses Mapping of one onto the other is done dynamically whenever a computer on the local network requests a connection to the external network When the connection is broken the global IP address is returned to the pool Hosts connected via dynamic address translation must initiate all connections with the external network In static address translation one global IP address or global IP address port pair is permanently associ ated with one local IP address or global IP address
62. e used to refer to this interface This parameter and the next are repeated until no value is entered Subnet Mask Applies to Numbered interfaces Subnet mask of Secondary IP Address IP MTU Assigns the size of the Maximum Transmission Unit for the interface This determines whether or not a given IP datagram is fragmented NAT Determines the type of IP address if NAT is being used Use Global otherwise See chapter 11 or the examples in chapter 2 for details on how to configure NAT ICMP Port Active causes the router to send ICMP Port Unreachable messages when it receives UDP or TCP messages for ports that are not recognized This type of message is used by some traceroute applications and if disabled the router might not be identified in the traceroute output However there are security and performance reasons to leave this option nactive Incoming Rule List Filter rule list for incoming packets See chapter 12 for instructions on how this parameter should be set Detailed Incoming IP Accounting Applies when a list is selected in the previous parameter See explanation of IP Accounting in chapter 10 IP Accounting for a rule requires that the parameter CONFIG gt RULES LIST IP 2 CONFIGURE RULES gt ADD RULE gt ALLOW ACCOUNT PROCESS also be Yes Outgoing Rule List Name Filter rule list for outgoing packets See chapter 12 for instructions on how this parameter should be set Detailed Outgoin
63. eas are created here then later defined in CONFIG gt IP gt OSPF gt AREA Has the format of an IP address but is not linked to any IP address in the system Small OSPF networks will typically have only one area the backbone area represented by 0 0 0 0 Router Priority Priority used by OSPF in multicast networks to elect the designated router A priority of 1 will make this router the most likely to be chosen A priority of 2 will make it second most likely Set it to O zero if this router should never be the designated router Transit Delay in Seconds Estimated transit time in seconds to route a packet through this interface Use the preset value 1 or increase the number for slow links Retransmit Interval Time in seconds between link state advertisement retransmissions for adjacencies belonging to this interface Hello Interval Time in seconds between the hello packets on this interface Dead Interval Inactivity time seconds before a neighbor router is considered down Poll Interval Time in seconds between the hello packets sent to an inactive non broadcast multi access neighbor Password String of up to 8 characters used to authenticate OSPF packages The use of this password is enabled in CONFIG gt IP gt OSPF gt AREA gt AUTHENTICATION TYPE Metric Defines the cost for normal service For consistent routing this parameter should be determined in the same manner for all
64. elist S1ot1 in will not protect this network Either another rule can be added to this list or the new router can filter packets into its area or both Chapter 12 Filters and Rules 104 Cyclades PR2000 Traffic Rule Lists There are three kinds of traffic rules that can be configured in CyROS The first two determine a division of bandwidth for traffic flowing out of the router 1 Traffic Shaping the division of bandwidth is strictly adhered to 2 Bandwidth Reservation the division with the larger priority can steal bandwidth from the others An example showing the first two types is given in figure 12 6 Network of Client A 50 or more m of total bandwidth AM Y INTERNET Link 2 33 33 33 1 25 or less of total bandwidth 25 or less Faq lt of total bandwidth E 2 Client C Client B FIGURE 12 7 TRAFFIC RULE EXAMPLE 1 Chapter 12 Filters and Rules 105 Cyclades PR2000 The third determines which services have priority flowing through the router 3 Service Prioritization An Internet provider has three clients connected to the same router Client A is larger and without traffic control would overwhelm the router to the exclusion of Clients B and C The administrator decides to divide the flow out of the router to the Internet into three portions 50 guaranteed for Client A and the rest divided equally between Clients B and C Since he does not want to limit Client A need
65. ep Instructions 33 Cyclades PR2000 Instructions for creating a backup of the configuration file Use the menu option ADMIN gt WRITE CONFIGURATION gt TO FTP SERVER Fill in the IP address of the computer where the configuration file should be saved the file name the directory name and the user account information This configuration file can later be downloaded with the ADMIN gt LOAD CONFIGURATION gt FTP SERVER option Instructions for listing the configuration The menu option INFO gt SHOW CONFIGURATION gt ALL will list to the terminal screen the configuration of the router This can be saved in a text file and or printed on a printer Chapter 4 Step by Step Instructions 34 Cyclades PR2000 Example 3 Link Backup This example shows the configuration of a backup link with a swan connection to a public Frame Relay Network providing the primary link and a SWAN with a PPP connection providing the secondary link Figure 4 16 shows the networks used in this example It is assumed that the routers are already connected to LANs and that the SWAN interfaces have already been configured and are working The use of a SWAN to connect to a Frame Relay network is described in example 2 and a connection using PPP is shown in example 1 Please read the entire example and follow the instructions before turning the router on The router is programmed to log the super user off after 10 minutes of inactivity All data not explicitly saved to
66. er 1 will automatically include servers A B C and D as they are direct links A static route must be created for access to Network 3 This type of route a Gateway route tells the router that any message not intended for hosts A B C or D should be sent to Router 2 Details are given in the parameter table that follows Chapter 9 Routing Protocols 65 Cyclades PR2000 Router 2 Unnumbered Interfaces Router 1 Network 3 A Network 1 FIGURE 9 2 STATIC ROUTING EXAMPLE 2 Figure 9 2 shows another static routing example to explain the Gateway or Interface parameter Between the two routers is a point to point connection Another network could be created but is not necessary Both routers can be assigned unnumbered interfaces because everything that leaves one router is sent to the other To define static routes enter the menu CONFIG gt STATIC ROUTES gt IP gt ADD ROUTE A description of the parameters in this menu with the configuration for Router 1 in the examples above is given in the table that follows Chapter 9 Routing Protocols 66 Cyclades PR2000 Add Static Route Menu CONFIG gt STATIC ROUTES gt IP gt ADD ROUTE Parameter Description Destination IP Address that route will lead to To configure a default route type default for this Address parameter otherwise enter 0 0 0 0 in both this and the next parameter Both Examples for the static route between Router 1 and Network 3 the IP address
67. er description The name of the parameter to be configured in this case Imi type Options Legal choices The letter in parentheses is the letter that selects the corresponding option Current value The option in square brackets is the current value Pressing Enter without typing a new value leaves the item unchanged Chapter 3 Using CyROS Menus 15 Cyclades PR2000 Special Keys lt Enter gt or lt Ctrl M gt These keys are used to end the input of a value lt ESC gt or lt Ctrl l gt These keys are used to cancel a selection or return to the previous menu In some isolated cases this key jumps to the next menu in a series of menus at the same level lt Backspace gt or lt CtrltH gt These keys have the expected effect of erasing previously typed characters L When available this option displays the current configuration For example in the Ethernet Interface Menu L displays the Ethernet configuration lt Ctrl L gt This key combination displays the same information as the L option above but works like a toggle switch to allow display of one page of information at a time or display the entire configuration without page breaks lt Ctrl C gt This key combination disables any traces activated in the Debug Menu On leaving a menu where a change in configuration was made CyROS will ask whether or not the change is to be saved D iscard save to F lash or save to R
68. ered operational Destination Hostname Applies for Socket Device The remote hostname to which the socket will be connected if the previous parameter was start This name must have been defined in the host table See chapter 16 Filter Null Char after CR Char Applies for Socket Device Interprets a CR NULL sequence received on a TCP connection as CR only Idle Timeout in Minutes Applies for Socket Device The connection is broken if no traffic passes in this time DTR ON Only if Socket Connection Established Applies for Socket Device lf False the Data Terminal Ready line is switched on when the router is booted Device Attached to This Port Will Send ECHO Applies for Socket Device Yesif the device attached to the socket will echo the chacters sent to it Chapter 8 Data Link Protocols Encapsulation 54 Cyclades PR2000 PPPCHAR The configuration of the PPPCHAR protocol is contained the menu CONFIG sINTERFACE gt lt LINK gt gt ENCAPSULATION gt PPPCHAR The parameters for PPPCHAR are a combination of those for PPP and CHAR See the tables describing the PPP and CHAR options for guidance in configuring this protocol HDLC This data link protocol is a proprietary alternative to PPP It has only one parameter the HDLC Keepalive Interval This is the time interval between transmission of Keepalive messages The receiver of these messages must send keepalive messages with t
69. erence to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user is required to correct the problem at his or her own expense Canadian DOC Notice The Cyclades PR2000 does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference Regulations of the Canadian Department of Communications Le Cyclades PR2000 n met pas de bruits radio lectriques d passant les limites applicables aux appareils num riques de la classe A prescrites dans le r glement sur le brouillage radio lectrique edict par le Minist re des Communications du Canada Cyclades PR2000 Table of Contents CHAPTER 1 HOW TO USE THIS MANUAL 7 Installation Assumdptions reds eter tet eei e ER 8 Text Gonventloris d iicet Re en Paz rea Fe ert Hag oe Re ue taedet eo gen Re e Ets 8 vec ECCE 9 Cyclades Technical Support and Contact Information cece eeeeeneeeeeeseeeeeseeeaeeeeaeesaeeseeesneeseseeeeeaeeneeeee 10 CHAPTER 2 WHAT IS INTHE BOX rope itecto een ive ante en ee a ce dcs 12 CHAPTER 3 USING CYROS MENUS siete ives edet Dee ieee e ed det Lp eec pecie 14 Connection Using the Console Cable and a Computer or Terminal se 14
70. ess 192 168 0 0 in the example and Network Mask 255 255 255 0 in the example are entered Since this range is to be translated the parameter Should This Range be Translated should be set to Yes In the example the network 200 200 200 0 is not to be translated This can be configured by adding a new range and setting the translation parameter to No or by simply not adding the range Chapter 11 NAT 94 Cyclades PR2000 STEP FOUR If static translations are to be performed as described in the example the parameters in the Static Translation Menu must be set A brief explanation of each parameter is given in the table Static Translation Menu CONFIG gt SECURITY gt NAT gt STATIC TRANSLATION gt ADD ENTRY Parameter Description Global IP Address of the addresses assigned by the Internet access provider and included in one of the NAT global address ranges Protocol TCP UDP ICMP or any protocol Global Port The port to be translated on the WAN side When a request comes in on port 80 for IP 200 240 230 225 in the example it is sent to the server with IP 192 168 0 31 port 80 Local IP Address The IP address of the server on the LAN in the example which is translated to an Internet IP address Local Port The port to be translated on the LAN side When a request comes in on port 80 for IP 200 240 230 225 in the example it is sent to the server with IP 192 168 0 31 port 80 STEP FIVE
71. etwork should be translated In the example these numbers are 192 168 0 0 and 255 255 255 0 Static Translation Defines a static translation between a global IP address port pair and a local IP address port pair In the example three such pairs are defined Timeout Definition of inactivity timeouts for UDP DNS and TCP dynamic NAT translations STEP ONE The first step in the configuration of NAT is to enable NAT and choose the NAT Mode Normal or Extended Only the extended mode is discussed in this chapter The normal mode is a previous version of NAT maintained for backwards compatability See chapter 4 of the CyROS Reference Guide for information about the Normal Mode NAT Menu CONFIG gt SECURITY gt NAT gt GENERAL Menu Option Description NAT Status Enables NAT NAT Mode Provides a choice between the previous NAT version the Normal Mode and the new Extended NAT version Disable Port Disables enables NAT with port translation If this parameter is changed while the router Translation is in use all the active translations are destroyed and their entries are removed from the translation table Chapter 11 NAT 93 Cyclades PR2000 STEP TWO The parameters in the Timeout Menu are explained in more detail below The preset values should be appropriate for most applications Timeout and Options Menu CONFIG gt SECURITY gt NAT gt TIMEOUT AND OPTIONS Parameter
72. g IP Accounting Applies when a list is selected in the previous parameter See explanation of Detailed Incoming IP Accounting Routing of Broadcast Messages Activating this parameter causes the router to route broadcast messages from the LAN to the WAN and vice versa An individual interface can be excluded by setting this parameter to nactive without effecting the broadcast of messages on the other interfaces Proxy ARP Causes the router to answer ARP requests with its own MAC address for IP addresses reachable on another interface Chapter 5 Configuration of the Ethernet Interface 42 Cyclades PR2000 IP Bridge An IP Bridge is used to divide a network without subnetting Whenever a subnetwork is created two IP numbers are lost one describing the network and the other reserved for broadcast This does not occur with an IP Bridge 200 240 240 9 ZA PR2000 A re 200 240 240 4 FIGURE 5 1 IP BRIDGE EXAMPLE In Figure 5 1 an example of the use of an IP Bridge is given From the available IP addresses the range 200 240 240 4 to 200 240 240 8 is bridged to another physical location The following parameters apply only for IP Bridge Chapter 5 Configuration of the Ethernet Interface 43 Cyclades PR2000 Network Protocol Menu Continued IP Bridge Parameter Description IP Bridge Activates the IP Bridge functionality The following parameters apply only if IP Bridge is Active Ini
73. he same frequency or will be considered inoperative Frame Relay FR supports multiple connections over a single link Each data link connection DLC has a unique DLCI data link connection identifier This allows multiple logical connections to be multiplexed over a single channel These are called Permanent Virtual Circuits PVCs The DLCI has only local significance and each end of the logical connection assigns its own DLCI from the available local numbers Traffic Control based on Data Link Connection Traffic Control as described in chapter 12 can also be performed on a Frame Relay interface for each permanent virtual connection The parameters in the Add DLC menu are used in the same manner as those described in chapter 12 More details are available in the CyROS Reference Guide STEP ONE The first step is to set the general Frame Relay parameters those applying to all DLCs This is done in the Frame Relay Menu The parameters are shown in the table below Most of these depend on the standards used by the Frame Relay Network Provider Chapter 8 Data Link Protocols Encapsulation 55 Cyclades PR2000 The Local Management Interface LMI Protocol provides services not available in simple Frame Relay It is used for controlling the connection between the user and the network It monitors this link maintains the list of DLCs and sends status messages about the PVCs A separate virtual circuit is created to pass this information DLCI
74. hould never be the designated router An example can be seen in Area 1 in the figure Router 1 should never be the Designated Router because it does not have a direct link to Router 2 Either Router 0 or Router 3 should be chosen Chapter 9 Routing Protocols 74 Cyclades PR2000 STEP SIX It is not always possible to connect all areas directly to the backbone When an area is connected to the backbone only through another area two virtual links must be created One from the backbone to the unattached area and one from the unattached area to the backbone If this occurs the network containing the router enter the Virtual Links Menu to configure this link In the table listing the parameters the link between Area 3 router 8 and the backbone is used as an example Virtual Links Menu CONFIG gt IP gt OSPF gt VIRTUAL LINKS Parameter Description Transit Area ID ID of the OSPF Area sandwiched between this router and the backbone In the figure area 2 is the area used to link Router 8 with the Backbone This ID has the form of an IP address Neighbor s ID Router ID of router at end of virtual link In the example this will be Router 6 Virtual Link Status Activates the virtual link Parameters available only when Virtual Link Status is Active Transit Delay in Estimated transit time in seconds to route a packet from Router 8 to Router 6 Use the Seconds preset value 1 or increase the n
75. how an Error Table with information about the error Typing S will show a Status Table indicating the profile being tested at the time S was pressed This does not supply information that can be interpreted by a user Appendix A Troubleshooting 124 Cyclades PR2000 LEDs The LEDs on the PR1000 s case display the following information Power Lit when the PR1000 is turned on 10BT Lit when the Ethernet link is being used for a fast Ethernet connection Col Indicates collisions on the LAN Link Lit when the Ethernet link is correctly terminated TX Indicates transmission of data to the LAN RX Indicates data received from the LAN CPU A steady one second on one second off blinking pattern indicates that the CPU is working correctly Other blinking patterns are described in Figure A 2 Indicates transmission of data through the SWAN 1 Port Indicates transmission of data through the Asynchronous Port 3 Indicates transmission of data through the SWAN 2 Port Cyclades PR2000 f ance M M E ie Ethernet B System FIGURE A 4 FRONT PANEL Appendix A Troubleshooting 125 Cyclades PR2000 APPENDIX B HARDWARE SPECIFICATIONS General Specifications The Cyclades PR2000 power requirements and environmental restrictions are listed in Figure B 1 Power Requirements external DC adapter Input voltage range 90 264 VAC 13W Input frequency rang
76. in the AS This will mark these routes as IGP instead of EGP or incomplete in the path origin attribute CONFIG gt IP gt BGP4 gt BGP NETWORK gt ADD Parameter Description Network Address Network IP address of network to be added Network Mask bitlen Mask in CIDR format Chapter 9 Routing Protocols 78 Cyclades PR2000 STEP TWO The neighbor menu identifies the routers inside and outside the AS that will communicate with the router via BGP 4 Each update message exchanged between routers contains path attributes How these path attributes are manipulated by the router when routes are received or sent to each neighbor is determined here CONFIG gt IP gt BGP4 gt NEIGHBOR gt ADD Parameter Description Name A string to facilitate identification of the Neighbor In the example above the names Popeye and Brutus could be used IP Address The IP address at the other end of the connection For AS 747 the value is 100 100 100 2 Description Another string to identify the Neighbor AS Number The AS number assigned to the neighbor Source IP Address When this number is set the protocol accepts TCP BGP connections only when the destination IP is this value For Popeye the value would be 100 100 100 1 Passive Causes the router to not initiate BGP connections with this neighbor Transparent AS Yes causes the router to NOT include its own AS number in the AS Pa
77. in the example because the DSU CSU is V 35 The type of cable is detected by the router so if the correct cable is connected to the DSU CSU the router will choose this value as the default FIGURE 4 11 SWAN PHYSICAL MENU PARAMETERS Chapter 4 Step by Step Instructions 29 Cyclades PR2000 STEP THREE The network protocol parameters shown in Figure 4 12 are similar to those for the Ethernet interface Fill in the parameters for your network in the right most column Menu CONFIG gt INTERFACE gt SWAN sNETWORK PROTOCOL IP Parameter Example Your Application Active or Inactive Active enables IP communication IPX and Transparent Bridge are not used in this example Interface Unnumbered Numbered Numbered Primary IP Address 200 240 230 2 Subnet Mask 255 255 255 240 is the mask in the example Secondary IP Address 0 0 0 0 for none IP MTU Use the preset value 1500 This determines whether or not a given IP datagram is fragmented Messages NAT Global because NAT is not being used in this example ICMP Port Inactive Incoming Rule List None filters are not included in this example Outgoing Rule List Name None filters are not included in this example Routing of Broadcast Inactive FIGURE 4 12 SWAN NETWORK PROTOCOL IP MENU PARAMETERS Chapter 4 Step by Step Instructions 30 Cyclades PR2000 STEP FOUR The Encapsul
78. ing this parameter causes the router to route broadcast messages from the LAN to the WAN and vice versa An individual interface can be excluded by setting this parameter to Inactive without effecting the broadcast of messages on the other interfaces Chapter 7 Network Protocols 50 Cyclades PR2000 The Transparent Bridge Protocol The Transparent Bridge Protocol can be used in conjunction with either IP or IPX A detailed explanation of its use appears in section 4 6 of the CyROS Reference Guide Transparent Bridge Menu BRIDGE CONFIG gt INTERFACE gt SWAN gt NETWORK PROTOCOL gt TRANSPARENT Parameter Description Status Activates the Transparent Bridge on this interface Port Priority For the Spanning Tree Algorithm a priority is given to each link in the router and to each router in the network See CONFIG gt TRANSPARENT BRIDGE gt SPANNING TREE in the CyROS Reference Guide for more information Incoming Rule List Name Transparent Bridge rule list name for incoming packets Note Rule lists for Transparent Bridge and IP are created separately See section 4 7 in the CyROS Reference Guide for instructions on how this rule list is created Outgoing Rule List Name Filter rule list name for outgoing packets See section 4 7 in the CyROS Reference Guide for instructions on how this rule list is created Chapter 7 Network Protocols 51 Cyclades PR2000 CHAPTER 8 DATA LINK P
79. l backup is activated after main link bandwidth exceeds limit defined in last parameter Bandwidth Lower Limit This parameter has no effect for link backup For load backup this defines when load backup should deactivate the backup link It is measured as a percentage of the bandwidth defined in step four Time to Deactivate Backup if Below Limit This parameter does not appear for link backup Time until backup is deactivated after main link bandwidth exceeds limit defined in last parameter FIGURE 4 20 MULTILINK CIRCUIT ATTRIBUTES Chapter 4 Step by Step Instructions 38 Cyclades PR2000 STEP FOUR Now a static backup route must be created for the secondary link It is assumed that a route of some sort static RIP etc already exists for the primary link The static route parameters for the example secondary link are shown in Figure 4 21 Fill in the parameters for your system Menu CONFIG gt STATIC ROUTES gt IP gt ADD ROUTE Parameter Example Your Application Destination IP Address 200 206 206 0 Subnet Mask 255 255 255 0 Gateway or Interface Gateway Gateway IP Address 100 200 200 2 Metric 1 Is This a Backup Route Yes OSPF Advertises This No OSPF not used in this example Static Route If using OSPF see chapter 12 of the Installation Manual for guidance FIGURE 4 21 STATIC BACKUP ROUTE PARAMETERS STEP FIVE Now that the parameters have
80. lessly the bandwidth Client A uses can be increased on demand if the total bandwidth is not being used up by the other two clients This is Bandwidth Reservation The two clients with 25 bandwidth each are given lesser but equal priorities They can not share bandwidth or steal it from Client A However each has the right to 25 of the total bandwidth on link 3 if it is needed This is Traffic Shaping Note that this rule list is applied to link 3 and not separately on links 0 2 Steps for this configuration 1 Create a Traffic Rule list traffic_1 This is done in the CONFIG gt RULES LIST gt IP gt ADD RULE LIST menu with the Rule List Type set to Traffic 2 Create rules for each of the three source IP addresses This is done in the CONFIG gt RULES LIST gt IP gt ADD RULE menu The parameters for each rule are shown in Figure 12 7 Of the traffic parameters only the Reserved Bandwidth and Bandwidth Priority parameters are important in this example Flow Priority is not used 3 Enter into the configuration for link and change the parameter CONFIG gt INTERFACE gt lt NTERFACE gt gt TRAFFIC CONTROL gt GENERAL gt IP TRAFFIC CONTROL LIST traffic_1 Note that the bandwidth used for the percentage calculation is that set in CONFIG gt INTERFACE gt lt INTERFACE gt gt TRAFFIC CONTROL gt GENERAL gt BANDWIDTH and not the actual bandwidth available in the link Chapter 12 Filters and Rules 106 Cyclades PR
81. link states for all networks within the area The number of such advertisements can potentially be reduced by condensing different IP networks into a single range Area Range N Net Address Applies when Area Range N Status is Active Sets the network IP address for the range Area Range N Mask Applies when Area Range N Status is Active Sets the network IP mask for the range STEP FIVE The CONFIG gt IP gt OSPF gt NEIGHBORS menu is required if the router uses OSPF over non broadcast multi access interfaces such as X 25 and Frame Relay If this is the case set the parameters described in the following table Neighbors Menu CONFIG gt IP gt OSPF gt NEIGHBORS Parameter Description Interface Link for which neighbors will be defined In the OSPF example consider link 1 of Router 3 Neighbor s IP The router ID of the neighboring router For Router 3 link 1 use the router ID of router 1 Neighbor s Status Enable includes link in OSPF database Enable Inactive leaves link in OSPF database but router at end of link Router 1 in this case no longer passes OSPF information Disable deactivates neighbor link and erases Neighbor s IP Neighbor s Priority Priority used by OSPF in multicast networks to elect the designated router A priority of 1 will make this router the most likely to be chosen A priority of 2 will make it second most likely Set it to O zero if this router s
82. lowing appear in RSG3 s routing table e RSG1 router IP address 9 9 9 1 Network connected to RSG1 that will be included in Remote Security Network 1 10 255 255 0 e RSG2 router IP address 20 20 20 1 e Network connected to RSG2 that will be included in Remote Security Network 2 192 168 0 0 These IP addresses should appear as a destination or be contained in one of the destination networks listed in the routing table If an address is not in the routing table add it following the instructions given in chapter 9 for static routes STEP FOUR The next step is to define the devices contained in the Local Security Network Navigate to the menu CONFIG gt SECURITY gt VPN gt LOCAL IP NETWORKS gt ADD NETWORK Enter the Network IP address and mask for all devices to be included in the local network for VPN purposes In the example the networks 10 0 0 0 and 172 16 0 0 must be added Traffic from other networks attached to the router will still be routed The only difference is that the messages will be forwarded without processing and encryption by the VPN software STEP FIVE The Gateways represented by RSG1 and RSG2 in the example must be defined The Router IP address for each gateway is requested along with a secret This secret is not global but rather applies to each pair of RSGs If RSG3 defines the secret for RSG1 as rumpelstiltskin then RSG1 s secret for RSG3 must also be rumpelstiltskin It is critical that the
83. ls in CyROS OSPF must first be configured on each interface then configured in the CONFIG gt IP gt OSPF menu Enter into each interface and set the parameters listed in the table OSPF Menu CONFIG gt INTERFACE 2 LINK gt ROUTING PROTOCOL gt OSPF Parameter Description OSPF on This Activates OSPF Enable Inactive is used to temporarily disable the OSPF protocol Interface without erasing the parameters set below This is useful when OSPF is first configured as the general parameters must be set afterwards in CONFIG gt IP gt OSPF and OSPF cannot function without them Parameters that apply only when OSPF on This Interface is Disabled Advertise This Non Causes the router to include this interface in its advertisements through other interfaces OSPF Interface as an external route This table is continued Chapter 9 Routing Protocols 70 Cyclades PR2000 OSPF Menu continued External Metric Defines the metric that will be advertised by OSPF External Metric Type For Type 1 the total metric of this route is composed of the internal metric inside the autonomous system and the external metric provided in the previous parameter For Type 2 the total metric of this route is the value provided in the previous parameter Parameters that apply only when OSPF on This Interface is Enable or Enable Inactive Area ID Identifies the area to which the interface belongs Ar
84. mask defined in the next parameter Rule Distr Mask Bitlen Applies only for Access List Type equal to Dist BGP The shortened mask that is used with the IP address defined in the previous parameter Community Applies only for Access List Type equal to Community BGP Applies this rule to the community number entered or to well known communities defined in RFC 1997 BGP Communities STEP FIVE Each access list can be applied to more than one interface The access list parameters in the Neighbor Menu for the appropriate neighbor should be set now since the access lists did not exist during step two Chapter 9 Routing Protocols 83 Cyclades PR2000 STEP SIX A route map can either apply to all routes not discarded by the access lists as shown in Figure 9 6 or to routes filtered by a particular access list as shown in Figure 9 7 Discarded Discarded Routes Routes BGP 4 Message From Tele Popeye D A 2 2 2 Alk 6156 lt Access list popeye dist type Distribution Access list popeye comm type Community Access list popeye path type AS Path Route Map FIGURE 9 7 ROUTE MAP ASSOCIATED WITH AN ACCESS LIST In figure 9 7 the access list popeye path is associated with sequence 2 of Route Map 1 Instead of the access list causing the disposal of the routes that match its rules it causes the application of the route map 84 Chapter 9 Routing Protocols Cyclades PR2000
85. must be created for every remote Frame Relay network to be contacted In the example only one is shown Chapter 4 Step by Step Instructions 31 Cyclades PR2000 Menu CONFIG gt INTERFACE gt SWAN gt ENCAPSULATION gt FRAME RELAY gt lt ESC gt gt ADD DLCI Parameter Example Your Application DLCI Number Sixteen This number is supplied by the Public Frame Relay network provider Frame Relay Address Map Static which maps one IP address to this DLCI IP Address 200 240 230 1 Enable Predictor Yes if Cyclades routers are used on both Compression ends of the link and Predictor Compression is enabled on both routers This feature is effective only for links running at speeds under 2 Mbps Number of Bits for Sixteen when both routers are of the PR Compression line Ten must be used if the other router is a PathRouter FIGURE 4 14 DLC CONFIGURATION MENU PARAMETERS STEP FIVE Now that the central office s LAN has been defined a route must be added to tell the router that the remote site s LAN is at the other end of the line Creating a static route is the simplest way to do this Chapter 9 of the Installation Manual explains static routes and other routing methods available in CyROS Fill in the spaces in Figure 4 15 with the values for your application Chapter 4 Step by Step Instructions 32 Cyclades PR2000 Menu CONFIG gt STATIC ROUTES gt IP gt ADD ROUTE P
86. n Shortest Path First routing protocol is significantly more complicated than RIP The determination of which protocol is better suited to a given network is beyond the scope of this manual An example network using OSPF is given in Figure 9 3 AREA 1 AREA 0 Backbone To Another Autonomous System Router 4 AN AUTONOMOUS SYSTEM Area Border Routers R3 R6 R8 AS Boundary Router R5 FIGURE 9 3 OSPF EXAMPLE Chapter 9 Routing Protocols 69 Cyclades PR2000 First some definitions An Autonomous System AS is a portion of the network that will use a single routing strategy It is made up of a backbone area and optionally of non backbone areas OSPF Areas are sub systems that have identical routing databases An area generally has no knowledge of the routing databases of other areas The Backbone connects areas and contains any routers not contained in another area An Area Border Router connects areas and contains a separate database for each area it is contained in An Autonomous System Boundary Router ASBR connects Autonomous Systems The other Autonomous System does not necessarily need to use OSPF STEP ONE If using OSPF for the first time sketch the network and determine which routers will make up the backbone and each area Determine if each router is an area border router or an autonomous system boundary router OSPF Configuration on the Interface STEP TWO Contrary to most other protoco
87. nected STEP ONE First the general X 25 protocol parameters are set in the X 25 Menu A detailed description of the X 25 parameters and their values for the example is provided in the table below Chapter 8 Data Link Protocols Encapsulation 60 Cyclades PR2000 X 25 Menu CONFIG gt INTERFACE gt lt LINK gt gt ENCAPSULATION gt 25 Parameter Description X 121 Local DTE Address Address assigned to this interface provided by the public X 25 Network Provider Can be up to 15 digits Switch Mode Active Causes the Router to act as a switch Incoming Calls Received Over the Other X 25 Links With Unknown Destination DTE Can be Forwarded Through This Link Applies when Switch Mode is Active Suppress Calling Address Public X 25 Network This parameter must be chosen according to the guidelines given by the Public X 25 Network provider When activated the sender s Local DTE address is not included in the Call Request Message Inactivity Timeout Time until connection is automatically terminated by the router if there is no traffic Configure as DTE or DCE As mentioned above the router can act either as the recipient of information DTE or as the passer on of information DCE Public X 25 Network Both routers are DTEs Number of Virtual Circuits Indicates the maximum number of virtual circuits total of PVCs and SVCs allowed on this interface The maximum is 64 Num
88. nterface In addition each router has a Router IP Address which is one of the interface IP addresses This router IP address is used whenever a single IP address is needed to identify the router It is critical that each router being used as a remote security gateway have this parameter defined It is NOT defined automatically Navigate to CONFIG gt IP 22 ROUTER IP and confirm that this parameter has been defined and is set to the value desired An address that can be routed on the internet is generally used the example must also be known before beginning the configuration of RSG3 v Important The Router IP Addresses for the other Remote Security Gateways RSG1 and RSG2 in Chapter 14 Virtual Private Network Configuration 116 Cyclades PR2000 REMOTE SECURITY NETWORK 1 Link 1 IP 50 50 50 1 LOCAL SECURITY NETWORK IP 10 0 0 0 RSG3 Remote Security Gateway Router IP Address 9 9 9 1 REMOTE SECURITY NETWORK 2 Link 1 IP 20 20 20 1 Router IP Address 190 190 190 1 Router IP Address 20 20 20 1 FIGURE 14 2 VIRTUAL PRIVATE NETWORK EXAMPLE Chapter 14 Virtual Private Network Configuration 117 Cyclades PR2000 STEP THREE Use the menu item INFO gt SHOW ROUTING TABLE to confirm that the other Remote Security Gateways RSGs and all the networks included in the Remote Security Networks are reachable In the example this would require that all of the fol
89. on OSPF interfaces are up or down When OSPF is disabled on an interface the parameter CONFIG gt INTERFACE gt lt LINK gt gt ROUTING PROTOCOL gt OSPF gt ADVERTISE THIS NON OSPF INTERFACE must also be set to Yes for the interface to be advertised Advertise Static Static routes defined in the router will be converted to OSPF Note that static routes Routes can be configured individually as advertised or not in the parameter CONFIG gt STATIC ROUTES gt IP gt ADD ROUTE gt OSPF ADVERTISES THIS STATIC ROUTE Both parameters must be Yes for the route to be advertised STEP FOUR The next step is to define the areas created in step two This is done in the OSPF Area Menu Area Menu CONFIG gt IP gt OSPF gt AREA Parameter Description Area ID Has the format of an IP address but is not linked to any IP address in the system Use the CONFIG gt IP gt OSPF sL option to see which areas have been defined and use the area ID here Authentication Type Simple password authentication can be used in OSPF The authentication type should be the same for all routers in an OSPF Area If used the password for each interface is set in CONFIG gt INTERFACE gt lt INTERFACE gt gt ROUTING PROTOCOL gt OSPF gt PASSWORD This table is continued Chapter 9 Routing Protocols 73 Cyclades PR2000 Area Menu continued Area Range N Status An Area Border Router ABR advertises
90. onous Speed 38 4k FIGURE 4 3 SWAN PHYSICAL MENU PARAMETERS STEP THREE The network protocol parameters shown in Figure 4 4 are similar to those for the Ethernet interface Fill in the parameters for your network in the right most column Chapter 4 Step by Step Instructions 21 Cyclades PR2000 Menu CONFIG gt INTERFACE gt SWAN sNETWORK PROTOCOL IP Parameter Example Your Application Active or Inactive Active enables IP communication IPX and Transparent Bridge are not used in this example Interface Unnumbered Numbered Numbered Primary IP Address 0 0 0 0 This number will be assigned by the Access Provider dynamically Subnet Mask 255 0 0 0 Secondary IP Address 0 0 0 0 for none IP MTU Use the preset value 1500 This determines whether or not a given IP datagram is fragmented NAT Global Assigned because the IP address of the SWAN interface will be assigned dynamically Enable Dynamic Local IP Address Yes because the IP address of the SWAN interface will be assigned dynamically Remote IP Address Any Remote IP Address 0 0 0 0 ICMP Port Inactive Incoming Rule List Name None filters are not included in this example Outgoing Rule List Name None filters are not included in this example Routing of Broadcast Messages Inactive FIGURE 4 4 SWAN NETWORK PROTOCOL IP MENU PARAMETERS Chapter 4 S
91. or load 3 Off Off On On DRAM test 4 Off On Off Off Flash memory Configuration validation 5 Off On Off On Flash memory Code validation 6 Off On On Off Interface cards detection 7 Off On On Ethernet port detection 8 On Off Off Off Real Time Clock test 9 On Off Off On Boot code selection 10 On Off On Off Load of the operating code 11 On Off On On Control is being passed to the operating code FIGURE A 1 ILLUMINATION OF LEDS WHILE ROUTER IS BOOTING Appendix A Troubleshooting 120 Cyclades PR2000 What to Do if the Router Does Not Work or Stops Working 1 Check that the cables are connected correctly and firmly see chapter 2 What is in the Box for correct cable connection information 2 Confirm that the Link LED is lit indicating proper Ethernet cable termination If it is not lit check both ends of the Ethernet cable and the hub connection 3 Confirm that the CPU LED is blinking consistently one second on one second off If this is not the case see figure A 2 for an interpretation of the blink pattern Event CPU LED Morse code Normal Operation S short short short Flash Memory Error Code L long long long Flash Memory Error Configuration S L Ethernet Error 5 5 No Interface Card Detected 5 5 5 Network Boot Error S S 8 5 Real Time Clock Error S S S S S L FIGURE A 2 C
92. ould have the lowest priority For web server access the important flow direction is not the user requests but rather the data requested The traffic control rule must be placed on link 2 In the case of e mail the important flow is the data leaving the e mail server and not the acknowledgements back This is also governed by link 2 Note flow control could be placed on the data request packets and the SMTP acknowledgements by associating rules to link 1 2 lt lt Port 25 SMTP lt DN Port F E mail Server Web Client FIGURE 12 9 TRAFFIC RULE EXAMPLE 2 Chapter 12 Filters and Rules 109 Cyclades PR2000 The configured rules will appear as shown in the following listing Rules Lists Rule List Rule Default List Linked Name Status Scope Type Rule List web access Enabled Traffic Filter list Name web access Rule 0 Rule 1 Status Enabled Status Enabled Flow priority 1 Flow Priority 2 Rule bandwidth 0 Rule bandwidth 0 Bandwidth priority 0 Bandwidth priority 0 Protocol TCP Protocol TCP Source IP Operator None Source IP Operator one Destination IP None Destination IP None Operator Operator Source Port Operator Equal Source Port Operator one Source Port Start 80 Destination Port Equal Operator Destination Port None Destination Port SMTP Operator Start FIGURE 12 10 OUTPUT SHOWING PARAMETERS FOR TRAFFIC RULE EXAMPLE 2 Note that for this type of traffic control of the t
93. outer later after all parameters have been chosen Each parameter in this menu is explained in more detail in chapter 5 of the Installation Manual Menu CONFIG gt INTERFACE gt E THERNET gt NETWORK PROTOCOL gt IP Parameter Example Your Application Active or Inactive Active enables IP communication IPX and Transparent Bridge are not used in this example Interface Numbered Unnumbered Primary IP Address 192 168 0 1 Subnet Mask 255 255 255 0 Secondary IP 0 0 0 0 for none Address IP MTU Use the preset value 1500 This determines whether or not a given IP datagram is fragmented NAT Local ICMP Port Inactive Incoming Rule List None filters are not included in this example Outgoing Rule List None filters are not included in this Name example Proxy ARP Inactive IP Bridge Inactive FIGURE 4 2 ETHERNET NETWORK PROTOCOL MENU PARAMETERS Chapter 4 Step by Step Instructions 20 Cyclades PR2000 STEP TWO No more parameters are necessary for the Ethernet interface The other interface to be configured is the SWAN The SWAN physical media parameters are shown in Figure 4 3 Fill in the values for your application The SWAN configuration is described in more detail in chapter 6 of the Installation Manual Menu CONFIG gt INTERFACE gt SWAN gt PHYSICAL Parameter Example Your Application Mode Asynchr
94. pendix B of the Installation Manual The RJ 45 to DB 25 adapter cable which must be purchased separately is shown in Figure 2 2 Back Panel of PR2000 QE em enu mmr RS 232 Modem with DB 25 Interface FIGURE 2 2 HOW TO CONNECT THE Ru 45 TO DB 25 ADAPTER CABLE Chapter 2 What is in the Box 13 Cyclades PR2000 Chapter 3 Using CyROS Menus This chapter explains CyROS menu navigation and special keys There are four ways to interact with CyROS Traditional menu interface using a console or Telnet session CyROS Management Utility based on interactive HTML pages SNMP explained in the CyROS Reference Manual Connection Using the Console Cable and a Computer or Terminal The first step is to connect a computer or terminal to the router using the console cable If using a computer HyperTerminal can be used in the Windows operating system or Kermit in the Unix operating system The terminal parameters should be set as follows Serial Speed 9600 bps Data Length 8 bits Parity None Stop Bits 1 stop bit Flow Control Hardware flow control or none PR2000 login super PR2000 Password Cyclades Router Router Name Main Menu Config 2 Applications 3 Logout 4 Debug 5 Info 6 Admin Select Option gt FIGURE 3 1 LOGIN PROMPT AND MAIN MENU Chapter 3 Using CyROS Menus 14 Cyclades PR2000 Once the console connection is cor
95. plication Destination IP Address Type in the word DEFAULT Gateway or Interface Interface because the IP addresses are not known at configuration time Interface Slot 1 SWAN in the example Is This a Backup Route No OSPF Advertises This No Static Route STEP SIX FIGURE 4 6 STATIC ROUTE MENU PARAMETERS NAT must now be activated There are two varieties of NAT Normal and Expanded This example uses the Normal NAT Mode The other mode is explained in the chapter on NAT in the Installation Manual Menu CONFIG gt SECURITY gt NAT GENERAL Parameter Example Your Application Nat Status Enabled Nat Mode Normal Disable Port Translation No FIGURE 4 7 NAT GENERAL PARAMETERS Chapter 4 Step by Step Instructions 24 Cyclades PR2000 STEP SEVEN NAT parameters will now be determined for routing outside of the local LAN Network Address Translation maps the local IP addresses registered in the local address range menu below to the one global IP address assigned by the access provider Local IP addresses not indicated in this menu will be discarded Menu CONFIG gt SECURITY gt NAT gt LOCAL ADDRESS gt ADD RANGE Parameter Example Your Application First IP Address 192 168 0 10 Last IP Address 192 168 0 30 FIGURE 4 8 NAT LOCAL ADDRESS RANGE MENU PARAMETERS The factory preset values for all other NAT parameters are approp
96. r the server Columbo in the example this code is 0166 Server Name In the example the name is Columbo Service Network 00000003 Number Server Node 00602e001111 Server Socket provides a list of valid codes Number Number of Hops Number of routers between this router and the server 0 in the example Chapter 13 IPX 114 Cyclades PR2000 CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATION The Virtual Private Network utility can be used on any link using IP routing It is used to provide greater security between two or more networks connected through a public communications network The basic concepts are presented in Figure 14 1 An IP datagram is sent by a device on the LAN The message arrives at the router The router has two tables One with all the IP addresses contained in the Local Security Network and another with all the IP addresses in the Remote Security Networks If the source IP address is contained in the Local Security Network list and the destination IP address is contained in the Remote Security Network list the message is encrypted and encapsulated The only destination address is that for the remote gateway defined in the Remote Security Network list Upon arrival at the remote gateway the packet is unwrapped and sent to its destination 06 M 71 Datagram essage Local Gateway Header Source IP Address Destination IP Address sent by user PR3000 Message
97. raffic specific parameters only Flow Priority is used The Reserved Bandwidth and Bandwidth Priority parameters are not important A system needing all three is conceivable but much too complicated to show in this manual Chapter 12 Filters and Rules Cyclades PR2000 CHAPTER 13 IPX INTERNETWORK PACKET EXCHANGE IPX is an alternative to IP proprietary to Novell When IPX is activated many new menus appear to allow configuration of this type of network IP and IPX can both be active in the router simultaneously and an interface can have both IP and IPX traffic passing through it IPX is not discussed in the other chapters of this manual to avoid confusion for those who are using IP Server Named Colombo Novell Network Management Station Mac Address 00 60 2E 00 11 11 Internal Network Number 00000003 IPX Network Number 00A0B000 S Internal Network Number 00000001 IPXWAN Network Number 00B0CO00 Windows Network with Internal Network Network Number 00010001 Number 00000002 Mac Address 00 60 2E 00 11 00 FIGURE 13 1 IPX NETWORK EXAMPLE Chapter 13 IPX 111 Cyclades PR2000 Enabling IPX The first step is to activate the IPX feature in the router This is accomplished using the menu option ADMIN gt ENABLE FEATURES gt IPX The IPX protocol must also be activated in the menu CONFIG sIPX gt GENERAL In this menu the nternal Network Number the unique number assigned to the ro
98. re preset at the factory and it is usually not necessary to change them The first step in the Ethernet configuration is to choose which network protocol to use and assign values to the relevant parameters Either IP Transparent Bridge or IPX optional must be activated In this chapter IP Bridges are also described Use the information provided below to set the parameters for the Ethernet interface The IP Network Protocol Some parameters are explained in detail in later chapters At this point the preset values provided by the operating system can be accepted and the interface will work at a basic level Network Protocol Menu CONFIG gt INTERFACE gt ETHERNET gt NETWORK PROTOCOL gt IP Parameter Description Active or Inactive Activates this interface Interface Unnumbered interfaces are used for point to point connections Unnumbered Assign IP From Applies to Unnumbered interfaces Applies the IP address of another router interface Interface to this one Primary IP Address Applies to Numbered interfaces Address assigned to this interface Subnet Mask Applies to Numbered interfaces Subnet mask of the network This table is continued Chapter 5 Configuration of the Ethernet Interface 41 Cyclades PR2000 Network Protocol Menu Continued Parameter Description Secondary IP Applies to Numbered interfaces Indicates a second or third etc up to eight IP Address address that can b
99. rectly established a Cyclades banner and login prompt should appear on the terminal screen If nothing appears see the first section of the troubleshooting appendix for help The second step is to log in The preset super user user ID is super and the corresponding preset password is surt The password should be changed as soon as possible as described in chapter 10 of the installation manual and at the end of every example in chapter 4 The login prompts and main menu are shown in Figure 3 1 All menus have the following elements Title In the example in Figure 3 1 Main Menu Prompt The text Select Option gt Options The menu options which are selected by number Router Name The default is the name of the product Each router can be renamed by the super user for easier identification Menus can also be navigated using a short cut method This method must be activated first by choosing a shortcut character in the example that follows in the CONFIG 22 SYSTEM gt ROUTER DESCRIPTION menu Typing 4 1 1 at the main menu prompt for example is equivalent to choosing option 4 in the main menu Debug then choosing option 1 in the debug menu Trace then choosing option 1 in the trace menu Driver Trace In addition to menus some screens have questions with letter choices In the line below several elements may be identified lmi type A NSI G roup of four ANSI Paramet
100. ress In Unix type man arp for help In Microsoft Windows type arp for information about this command 2 Telnet to the IP address specified above The router will receive the packet because of the modified ARP table and use the IP address for its Ethernet interface 3 The new IP address is saved only in run memory The configuration must be explicitly saved to flash using the menu option ADMIN gt WRITE CONFIGURATION gt TO FLASH Do this now 4 The Ethernet and other interfaces can now be configured using the telnet session established If the connection fails or if the link goes down before the IP address is saved to flash a console must be used Appendix C Configuration Without a Console 134 Cyclades PR2000 B Backup Link configuration 35 Bandwidth Reservation 105 Boot Messages 120 C Cables parallel 13 Router MD V 35 13 with a DB 25 connector 121 Connection to an Internet Access Provider 19 Cyclades ftp site 10 telephones 10 CyROS menus 14 E Ethernet testing the interface 122 F Flash Memory 16 Frame Relay 27 DLCI 31 H Hardware Tests 123 Index Index Hot Keys esc moving between menus 16 L list current configuration 16 IP Bridges 43 IP Filter Rules 96 L Lan to Lan 27 LEDs CPU LED 120 121 definitions 124 illumination while booting 120 link LED 121 Load Backup 38 Memory flash 16 Menu Navigation 14 Multilink Circuits 36 N NAT 19 90 Navigation 14 Network Address
101. riate for this example STEP EIGHT Now that the parameters have been defined enter into each menu described above in the order presented read chapter 3 Using Menus if you have not done so already Set the parameters in each menu according to the values you wrote in the figures above Save the configuration to flash memory at each step when requested configurations saved in run memory are erased when the router is turned off If you saved part of the configuration to run memory for some reason save to flash memory now using the menu option ADMIN gt WRITE CONFIGURATION gt TO FLASH STEP NINE The Ethernet interface can be tested as described in the troubleshooting appendix The SWAN interface can be tested in a similar manner At this point you should create a backup of the configuration file in binary and print out a listing of the configuration Chapter 4 Step by Step Instructions 25 Cyclades PR2000 Instructions for creating a backup of the configuration file Use the menu option ADMIN gt WRITE CONFIGURATION gt TO FTP SERVER Fill in the IP address of the computer where the configuration file should be saved the file name the directory name and the user account information This configuration file can later be downloaded with the ADMIN gt LOAD CONFIGURATION gt FTP SERVER option Instructions for listing the configuration The menu option INFO gt SHOW CONFIGURATION gt ALL will list to the terminal screen
102. rminal interface A clickable image of the router back panel will apear as shown in Figure 3 2 4 Cyclades PR1000 Main Page Netscape File Edit View Go Communicator Help 3 a awa dd wW BD FF Back Forward Reload Home Search Netscape Print Security Shop Stop Bookmarks Location fhttp 200 246 93 102 prentry htm E What s Related Cyros Management Utility Firmware version Cyclades PR2000 CyROS V_2 0 0 gf s T e NN NN d Cyclades PR2000 Configuration Menu Interface Text Mode End HTTP session SEI Document Done S b 9 FIGURE 3 2 CYROS MANAGEMENT UTILITY HOME PAGE Chapter 3 Using CyROS Menus 17 Cyclades PR2000 The link Configuration Menu Interface will present an HTML version of the CyROS Main Menu described previously Clicking on an interface will show its current status and some additional information Clicking on End HTTP Session will terminate the connection Chapter 3 Using CyROS Menus Cyclades PR2000 CHAPTER 4 STEP BY STEP INSTRUCTIONS FOR COMMON APPLICATIONS This chapter provides detailed examples that can be used as models for similar applications Turn to the example that is closest to your application read the explanations and fill in the blank spaces with parameters appropriate to your system At the end of the section you should have listed all the parameters needed to configure the router At that point read chapter 3 if
103. routers in the OSPF Area Normally metric cost is defined as an inverse function of interface throughput e g 1 for 100Mbps 10 for 10Mbps 65 for T1 1785 for 56kbps etc Advertise Secondary IP Address Causes the router to advertise additional addresses assigned to this interface These are configured in CONFIG gt INTERFACE gt lt LINK gt gt NETWORK PROTOCOL gt IP nside a given area these 4 parameters should be the same for all routers Chapter 9 Routing Protocols 71 Cyclades PR2000 OSPF Global Configurations STEP THREE After completing the OSPF interface configuration for all interfaces even those that will not use OSPF navigate to the OSPF Menu CONFIG gt IP gt OSPF Enter into the OSPF Global Commands menu and set the parameters as indicated in the table below OSPF Global Commands Menu CONFIG gt IP gt OSPF gt GLOBAL Parameter Description OSPF Protocol Enables OSPF on all interfaces Router ID Assigns a unique ID to the router for use by the OSPF protocol It must be one of the router s IP addresses AS Boundary Router An Autonomous System Boundary Router ASBR can convert external routes into OSPF routes Which external routes is determined through the following parameters In the figure only Router 5 is an ASBR The following parameters apply only to Autonomous System Boundary Routers Originate Default Gateway Advertisement Router will adver
104. routing is the simplest option Even with some redundant links a multilink circuit can be created for semi dynamic routing behavior Multilink circuits are described in section 4 4 of the CyROS Reference Guide Dynamic Routing Dynamic routing is recommended when the network contains a large number or routers with redundant links between them RIP and OSPF are currently available in the Power Router line RIP is simpler to configure and is appropriate for systems that are stable links do not go down often OSPF is more complicated to configure requires much more CPU and is not necessarily available in all equipment in a network A mixture of RIP OSPF and static routes is often used BGP 4 is a dynamic routing protocol used to route packets on the Internet It is used in addition to the protocols RIP and OSPF or static routing Chapter 9 Routing Protocols 64 Cyclades PR2000 Static Routes Routers used in very small or simple networks may use static routes as the primary routing method When RIP or OSPF are used some static routes may still be needed Configuration of static routes will be explained using two examples Network 2 D 142 10 0 0 Mask 255 255 0 0 OZ f EB 192 168 100 0 Mask 255 255 255 0 142 10 0 1 192 168 100 3 192 168 100 2 10 0 0 0 Network 3 10001 Network 1 FIGURE 9 1 STATIC ROUTING EXAMPLE 1 In the first example three networks are connected by 2 routers The routing table for rout
105. s Type Enables data compression using the Predictor Compression algorithm This feature should be enabled only if Cyclades equipment is being used on both ends of the connection because there is no established standard for data compression interoperability Data compression is very CPU intensive making this feature effective only for links running at speeds under 1Mbps At higher speeds the time necessary to compress data offsets the gains in throughput achieved by data compression Number of Bits for Applies when Predictor Compression Enabled Sixteen is fastest but 10 must be Compression used if the router on the other end is a Cyclades PathRouter for compatibility X 25 with PAD Packet Assembler Disassembler PAD acts as a protocol converter allowing a user to access the packet switched network via a serial terminal This asynchronous connection is then converted into synchronous communication with the router and the network beyond using the telnet application available in the router Please see the CyROS Reference Guide for information about this Encapsulation option Chapter 8 Data Link Protocols Encapsulation 63 Cyclades PR2000 CHAPTER 9 ROUTING PROTOCOLS Routing Strategies Routing can be done either statically or dynamically Static Routing Static routing is recommended when the network contains a small number of routers and other equipment When a system is simple and without redundant links static
106. s connections only The connection is closed when data does not pass through the line for this period of time Enable Van Jacobson IP Allows the link to receive compressed packets This type of compression is Header Compression useful for low speed links and or small packets It is not recommended for fast links as it requires CPU time Transmit Compressed Applies when Enable Van Jacobson IP Header Compression is Yes This Packets parameter causes the link to send compressed packets Chapter 8 Data Link Protocols Encapsulation 52 Cyclades PR2000 PPP Menu Continued Parameter Description Disable LCP Echo LCP Link Control Protocol messages are normally exchanged to monitor the status of Requests the link Disabling these messages reduces traffic but the link then has no way of knowing if the other end is still connected Time Interval to Send Config Requests Config Request messages are used to negotiate the parameters at the start of a PPP connection For a slow line this time should be increased to allow the reply to return to the sender If not the sender will assume it was lost and send another Edit ACCM Applies to asynchronous connections only Permits control character mapping negotiation on asynchronous links This is useful when you need to send a control character as data e g XON XOFF A etc over an asynchronous link and do not want it interpreted by the modem or other device in the middle
107. scription IP MTU Assigns the size of the Maximum Transmission Unit for the interface This determines whether or not a given IP datagram is fragmented NAT Determines the type of IP address if NAT is being used Use Global otherwise See chapter 13 or the examples in chapter 4 for details on how to configure NAT ICMP Port Active causes the router to send ICMP Port Unreachable messages when it receives UDP or TCP messages for ports that are not recognized This type of message is used by some traceroute applications and if disabled the router might not be identified in the traceroute output However there are security and performance reasons to leave this option nactive Incoming Rule List Filter rule list for incoming packets See chapter 14 for instructions on how this parameter should be set Detailed Incoming IP Accounting Applies when a list is selected in the previous parameter See explanation of IP Accounting later in this chapter IP Accounting for a rule requires that the parameter CONFIG gt RULES LIST gt IP gt CONFIGURE RULES gt ADD RULE gt ALLOW ACCOUNT PROCESS also be Yes Outgoing Rule List Name Filter rule list for outgoing packets See chapter 14 for instructions on how this parameter should be set Detailed Outgoing IP Accounting Applies when a list is selected in the previous parameter See explanation of Detailed Incoming IP Accounting Routing of Broadcast Messages Activat
108. t across each tunnel with this frequency to make sure Timeout that the router on the other end of the connection is operating Tunnel Keepalive If a keepalive message reply is not received the router sends the request again this Retries number of times Tunnel Inactivity If no messages are passed for this time period keepalive messages not included the Timeout tunnel will be disconnected Time Interval for VPN This is the time between retries for either tunnel creation or keepalive requests that Retries are not acknowledged Chapter 14 Virtual Private Network Configuration 119 Cyclades PR2000 APPENDIX A TROUBLESHOOTING What to Do if the Login Screen Does Not Appear When Using a Console 1 Check the configuration of the terminal The correct values are given in chapter 2 2 Check to see if the router booted correctly Before the login screen appears boot messages should appear on the screen If the system halts while booting the last message on the screen should give an indication of what went wrong 3 While the router is booting the LEDs labeled CPU Tx Rx and GP indicate the stage of the boot process as shown in Figure A 1 When the router has started up properly the CPU LED blinks consistently one second on one second off Test CPU 1 2 3 Boot Code step 1 Off Off Off On Boot Code CRC check 2 Off Off On Off Configuration vect
109. t of CONFIG gt RULES LIST gt IP gt CONFIGURE RULES gt ADD RULE gt FLOW PRIORITY LEVEL See the section on traffic control in chapter 16 Reserved Bandwidth This is the equivalent of CONFIG gt RULES LIST gt IP gt CONFIGURE RULES gt ADD RULE gt RESERVED BANDWIDTH Defines what percentage of the total bandwidth on an interface will be set aside for this DLC See the section on traffic control in chapter 16 Bandwidth Priority Level This is the equivalent of CONFIG gt RULES LIST gt IP gt CONFIGURE RULES gt ADD RULE gt BANDWIDTH PRIORITY LEVEL See the section on traffic control in chapter 16 To edit the DLCI table use the list command CONFIG gt INTERFACE gt lt LINK gt gt ENCAPSULATION gt FRAME RELAY L to discover the number CyROS has assigned to each table entry It will not be the same as the DLCI Chapter 8 Data Link Protocols Encapsulation 59 Cyclades PR2000 Modem or DSU CSU P 4 Router DTE FIGURE 8 2 PUBLIC X 25 NETWORK EXAMPLE X 25 A Cyclades Router can act either as a DTE Data terminal Equipment connected to a public X 25 network or as a DTE or DCE Data circuit terminating Equipment as part of a private X 25 network The first case is discussed in this chapter The second case is described in the CyROS Reference Guide Both Permanent Virtual Circuits PVCs and Switched Virtual Circuits SVCs can be defined A PVC requires that two DTEs be permanently con
110. tep by Step Instructions Cyclades PR2000 STEP FOUR The Encapsulation parameters for PPP are less straight forward Many of them are based on decisions that cannot be shown in a diagram Fortunately the choices made here will mostly effect the performance of the link rather than whether it works or not Fill in the parameters appropriate for your system consulting chapter 8 of the Installation Manual for more information if necessary Menu CONFIG gt INTERFACE gt SWAN gt ENCAPSULATION gt PPP modem used Parameter Example Your Application MLPPP No PPP Inactivity None so that the connection is never Timeout broken Enable Van Jacobson No IP Header Compression Disable LCP Echo No Requests Edit ACCM No Value This will depend on the Time Interval to Send Config Requests Use the preset value one Enable Predictor No Compression Connection Type Dial Out FIGURE 4 5 PPP ENCAPSULATION MENU PARAMETERS Chapter 4 Step by Step Instructions 23 Cyclades PR2000 STEP FIVE A static route must be added to tell the router that all traffic not intended for the local LAN should be sent to the Access Provider Chapter 9 of the Installation Manual explains static routes and other routing methods available in CyROS Fill in the spaces in Figure 4 6 with the values for your application Menu CONFIG gt STATIC ROUTES gt IP gt ADD ROUTE Parameter Example Your Ap
111. th path attribute for update messages sent to this neighbor Transparent NextHop Yes causes the router to NOT alter the NextHop path attribute for update messages sent to this neighbor NextHop Self Yes causes the router to change the NextHop path attribute for update messages sent to this neighbor The value is replaced by the Source IP Address set above Route Reflector Client Indicates that this router is a route reflector and the neighbor is a route reflector client Weight Indicates the relative importance of the routes received from this neighbor Routes with greater weights are chosen over routes with lesser weights Maximum Prefix When set indicates the maximum number of routes that the router will accept in a single update message from this router Holdtime When a message is not received from this neighbor for the holdtime the neighbor is considered inactive This table is continued Chapter 9 Routing Protocols 79 Cyclades PR2000 CONFIG gt IP gt BGP4 gt NEIGHBOR gt ADD continued Keepalive Interval between keepalive messages sent to this neighbor Connection Retry Time When a connection with this neighbor is broken the router try to reconnect with frequency 1 divided by the Connection Retry Time Start Time Time delay before router tries to connect Incoming Distribution Access List Name Applies a distribution access list to up
112. the type of SWAN port The async interface provided on an RJ 45 connector is the same as the SWAN interface except that the synchronous option does not appear the CONFIG gt INTERFACE gt SWAN gt PHYSICAL menu and the only encapsulation option is PPP STEP ONE The first step in the SWAN interface configuration is to define its physical characteristics These parameters are presented in the Physical Menu Table Physical Menu CONFIG gt INTERFACE gt SWAN gt PHY SICAL Parameter Description Mode Asynchronous or Synchronous This parameter is determined by the mode of the device at the other end of the connection Clock Source Applies for Synchronous Mode Whether this interface provides clock for the device at the other end of the cable or vice versa When the interface is connected to a modem the Clock Source is always External Receive Clock Applies for Internal Clock Source When this interface provides clock it can either compare incoming messages with the clock it is generating nternal or with the clock it receives from the sender along with the message External External is recommended Speed Applies for Internal Clock Source Determines at which speed the data will be sent across the line Media for SWAN Type of cable RS 232 V 35 or X 21 Usually the type is cable is detected by the Cable router Chapter 6 The SWAN and Async Interfaces 45 Cyclades PR2000 STEP
113. tial IP Address to _ Indicates the start of the range of IP addresses to be transferred to another physical be Bridged location This and the next three parameters are repeated in case the bridge is to be broken up into various sections Up to 8 sections can be defined In the example this value is 200 240 240 4 Ending IP Address to Indicates the end of the range of IP addresses to be transferred to another physical be Bridged location In the example this value is 200 240 240 8 Broadcast Over the _ Allows propagation of broadcast IP packets over this bridge Link Bridge Over Link Indicates which link forms the other half of the bridge In the example link 1 is used Other Parameters Transparent Bridge is covered in chapter 7 and IPX is covered in chapter 13 The parameters defined in the Routing Protocol and Traffic Control Menus should be set after reading chapters 9 and 12 respectively It is probably best to complete the basic configuration of all router interfaces then return to the routing protocol and traffic control menus after general routing and traffic control strategies have been defined Chapter 5 Configuration of the Ethernet Interface 44 Cyclades PR2000 CHAPTER 6 THE SWAN AND ASYNC INTERFACES This chapter describes how to configure a SWAN interface The physical link should be set up as shown in chapter 2 according to the type of modem or device at the other end of the connection and
114. tions 128 Cyclades PR2000 Cables The Straight Through Cable DB 25 Male Cyclades Router Signal Pin TxD 2 RxD 3 RTS 4 CTS 5 DSR 6 Gnd 7 DCD 8 TxClk_DTE 15 RxClk 17 DTR 20 RI 22 TxCIk DCE 24 Straight Through Cable DB 25 Male DCE DTE Pin Signal 2 TxD 3 RxD 4 RTS 5 CTS 6 DSR Gnd 8 DCD 15 TxCIk DTE 17 RxClk 20 DTR 22 RI 24 TxClk_DCE FIGURE B 6 STRAIGHT THROUGH CABLE DB 25 MALE TO DB 25 MALE Appendix B Hardware Specifications 129 Cyclades PR2000 DB 25 M 34 Adaptor Female Retention Screw B Male Female Retention Retention Screw Screw FIGURE B 7 DB 25 M 34 ADAPTOR DB 25 FEMALE TO M 34 MALE Appendix B Hardware Specifications DB 25 Female Signal PGnd RTS CTS DSR Gnd DCD TxD V 35 B TxD V 35 A RxD V 35 RxD V 35 TxCIk DTE V 35 TxCIk DTE V 35 TxCIk DCE V 35 DTR TxClk_DCE V 35 A RxClk V 35 A RxClk V 35 B B A B A B Pin 1 4 5 6 7 8 11 12 13 14 16 18 19 20 21 23 25 I 5 x crz 2z4vomumoo M 34 Male Signal PGnd RTS CTS DSR Gnd DCD TxCIk DTE B TxCIk DTE A TxCIk DCE B DTR TxCIk A RxClk A RxClk B 130 Cyclades PR2000 The ASY Modem Cable ASY MODEM PR2000 Modem RJ 45 8 pins DB 25 DB 25 Male ASY Modem Cable Signal Pin Pin Signal TxD 3 2 TxD RxD 6 3 RxD DTR 2 20 D
115. tise itself as the Default Gateway DG Default Gateway External Metric Applies when Originate Default Gateway Advertisement is set to Yes Defines the metric that will be advertised by OSPF Default Gateway External Metric Type Applies when Originate Default Gateway Advertisement is set to Yes For Type 7 the total metric of this route is composed of the internal metric inside the autonomous system and the external metric provided in the previous parameter For Type 2 the total metric of this route is the value provided in the previous parameter Advertise RIP Routes Routes learned through the RIP protocol will be converted to OSPF as external routes RIP External Metric Applies when Advertise RIP routes is set to Yes Defines the metric that will be advertised by OSPF This table is continued Chapter 9 Routing Protocols 72 Cyclades PR2000 OSPF Global Commands Continued Parameter Description RIP External Metric Type Applies when Advertise RIP routes is set to Yes For Type 7 the total metric of this route is composed of the internal metric inside the autonomous system and the external metric provided in the previous parameter For Type 2 the total metric of this route is the value provided in the previous parameter Advertise Non OSPF interfaces A router can have both OSPF and non OSPF interfaces This option causes the router to advertise when these n
116. umber for slow links Retransmit Interval in Time in seconds between link state advertisement retransmissions for adjacencies Seconds belonging to this interface Hello Interval in Time in seconds between the hello packets on this interface Seconds Dead interval in Inactivity time seconds before a neighbor router is considered down Seconds Password String of up to 8 characters used to authenticate OSPF packages The use of this password is enabled in CONFIG gt IP gt OSPF gt AREA gt AUTHENTICATION TYPE Inside a given area these 4 parameters should be the same for all routers In the example virtual link they should be the same as those used for the backbone Chapter 9 Routing Protocols 75 Cyclades PR2000 BGP 4 Configuration The BGP 4 routing protocol is used for routing on the Internet performed between Autonomous Systems ASs An autonomous system is defined as A set of routers and networks under the same administration An interconnected network where no router is reachable solely through a path exterior to the AS Each AS is identified by a 16 bit AS number This number is supplied by the service provider Steps 1 Complete the Global Parameters 2 Register the neighbors of the autonomous system the routers with which this router exchanges information Atthis point the BGP 4 protocol is up and running All remaining steps are fine tuning to improve performance and reduce the size of the
117. un configuration Selecting Discard will undo all changes made since the last time the question was asked Saving to Flash memory makes all changes permanent The changes are immediately effective and are saved to the configuration vector in flash memory In this case the configuration is maintained even after a router reboot Saving only to the Run configuration makes all changes effective immediately but nothing is saved permanently until explicitly saved to flash which can be done with the option ADMIN gt WRITE CONFIGURATION gt TO FLASH The menus and parameter lists are represented in this manual by tables The first column contains the menu item or the parameter and the second column contains its description This menu interface is also available via Telnet if one of the interfaces has been connected and configured The menu interface is the same as that described earlier in this section Using Telnet instead of a console for the initial Ethernet configuration is discussed in Appendix C of the Installation Manual Chapter 3 Using CyROS Menus 16 Cyclades PR2000 The CyROS Management Utility After one of the interfaces has been connected and configured there is another way to interact with CyROS Type the IP address in the location field in an HTML browser of a PC connected locally or remotely through the configured interface A super user ID and password will be requested these are the same ID and password used with the line te
118. ure 12 5 a conceptual equivalent of the interface is shown All packets except those which fall into the holes in the ball will be allowed entry in to or out of the network Stop Forged Packets PERMIT Don t Allow PE Access to News RMI T Stop Telnets From the Outside Except Bastion Host PERMIT FIGURE 12 5 PERMIT DEFAULT SCOPE Chapter 12 Filters and Rules 103 Cyclades PR2000 The configuration for Stop forged packets is shown in the following listing Rules Lists Rule List Name Rule Default List Linked Status Scope Type Rule List slotl_in Enabled Permit Filter Filter list Name slotl1 in Rule 0 Status Enabled Scope Deny Protocol 0 Source IP Operator Equal Source IP start 10 0 0 0 Source IP Mask 255 0 0 0 Destination IP Operator one Source Port Operator one Destination Port Operator one TCP connections allowed Y Account Process allowed FIGURE 12 6 OUTPUT FOR INTERIOR ROUTER EXAMPLE Slotl in rule 0 prohibits any incoming packets with source IP addresses of the internal network Since the addresses used for internal networks cannot be routed on the Internet they cannot be valid unless there is a leak of traffic through another router to the perimeter network Imagine that as shown in the figure the network is expanded and another range of IP addresses is used not a sub network Rule Ointh
119. uter and the Maximum Number of Hops must be defined The maximum number of hops defines how many routers can be on the path from this router to the destination of any packet sent through this interface Configuring the Ethernet Interface The example in Figure 13 1 will be used to explain the remaining parameters that must be configured The Ethernet interface for the PR2000 is examined first In the menu CONFIG gt INTERFACE gt ETHERNET gt ENCAPSULATION the Ethernet interface must be activated The MAC address should be correct as it is preset at the factory For IPX the Encapsulation parameter should be set according to the value used by the servers on the network In the menu CONFIG gt INTERFACE gt ETHERNET gt NETWORK PROTOCOL gt IPX the protocol should be activated and the LAN Network Number 00A0B000 in the example set All other parameters are explained in chapter 5 Configuring Other Interfaces This stage depends on which board is occupying slot 1 and which encapsulation will be used Each encapsulation option will be discussed separately Read the chapter describing the configuration for the appropriate interface consulting this section for details on IPX specific parameters PPP The parameters for the PPP data link protocol are discussed in chapter 8 Only the parameters particular to the IPX protocol will be described here The are located in the CONFIG gt INTERFACE gt lt INTERFACE gt gt ENCAPSULATION
120. w to protect your router from undesired traffic Chapter 13 IPX presents the hidden menus available only in routers with IPX activated Chapter 14 Virtual Private Network describes CyROS VPN implementation Appendix A Troubleshooting provides solutions and tests for typical problems Appendix B Hardware Specifications Appendix C Configuration Without a Console Installation Assumptions This Installation Manual assumes that the reader understands networking basics and is familiar with the terms and concepts used in Local Area and Wide Area Networking Text Conventions Common text conventions are used A summary is presented below Chapter 1 How To Use This Manual 8 Cyclades PR2000 Convention Description CONFIG gt INTERFACE gt L A combination of menu items with the last being either a menu item a parameter or a command In this example L lists the interface configuration INTERFACE A variable menu item that depends on hardware options or a choice of hardware or software options IP Address A parameter or menu item referenced in text without path prepended Screen Text Screen Text ESC Enter Simbols representing special keyboard keys Icons Icons are used to draw attention to important text Icon Meaning Why What is Wrong When an error is common text with this icon will mention the symptoms and how to resolve the problem
121. you have not already and configure your router with help from later chapters of the Installation Manual when needed Example 1 Connection to an Internet Access Provider via Modem This section will guide you through a complete router installation for the connection of a LAN to an Internet access provider via PPP The configuration of NAT Network Address Translation will also be shown Figure 4 1 shows the example system used in this section Spaces have been provided next to the parameters needed for the configuration where you can fill in the parameters for your system Do this now before continuing XM Network IP ao 192 168 0 0 Speed 38 4k Z Network Mask 192 168 0 30 255 255 255 0 FIGURE 4 1 CONNECTION TO ACCESS PROVIDER USING A SWAN INTERFACE AND A MODEM programmed to log the super user off after 10 minutes of inactivity All data not explicitly saved to memory V Please read the entire example and follow the instructions before turning the router on The router is is then lost Collecting the data while configuring the router will likely cause delays and frustration Chapter 4 Step by Step Instructions 19 Cyclades PR2000 STEP ONE The first step is to determine the parameters needed to configure the Ethernet interface ETHO The parameters in the Network Protocol Menu IP are shown in Figure 4 2 Fill in the blanks for your application in the right most column These parameters will be entered into the r
Download Pdf Manuals
Related Search