1. Manuals
  2. Brands
  3. Planet Manuals
  4. Network Router
  5. ERT-805
  6. User manual

Planet ERT-805 User Manual

Serial wan router
Hide thumbs Also See for ERT-805:
Table of Contents

Advertisement

Quick Links

Download this manual
Serial WAN Router
ERT-805
User's Manual

Advertisement

Table of Contents
loading

Related Manuals for Planet ERT-805

Summary of Contents for Planet ERT-805

  • Page 1 Serial WAN Router ERT-805 User’s Manual...

  • Page 2: Product

    Disclaimer PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for a particular purpose.

  • Page 3: Table Of Contents

    Chapter 1 Introduction ... 1 1.1 C ... 1 HECKLIST 1.2 A ERT-805... 1 BOUT 1.3 P ... 2 RODUCT EATURE 1.4 P RODUCT PECIFICATION Chapter 2 HARDWARE INSTALLATION ... 4 2.1 P ... 4 ACKAGE ONTENTS 2.2 ERT-805 ... 4 OUTLOOK 2.3 I...
  • Page 4 6.4.4 Custom Queuing... 87 Appendix A Upgrade firmware... 92 Appendix B Router Dialing ... 94 Appendix C Cables / Pin-assignment for ERT-805 ... 96 C.1 V.35 DTE – CB-ERTV35-MT ... 96 C.2 V.35 DCE – CB-ERTV35-FC ... 96 C.3 V.24 DTE – CB-ERT232-MT ... 97 C.4 V.24 DCE –...

  • Page 5: Chapter 1 Introduction

    ERT-805 provides single WAN port, which is T1/E1 serial interface, single LAN port, and single console (Async) port. With IPSec/VPN capability, the ERT-805 not only being a standard router but also can be a router with feature-enhanced security. ERT-805 is supports MD5-HMAC/SHA1-HMAC and certificate authentication, DES-CBC and 3DES-CBC encryption.

  • Page 6: Product Feature

    Ø ERT-805 supports SNMP and can be managed by using SNMP management software 1.3 Product Feature Ø Support PPP, FR, X.25, HDLC, LAPB, SDLC, SLIP and Stun Ø Complies with IEEE802.3 10Base-T, IEEE 802.3u 100Base-TX Standard Ø One serial WAN port, one RJ-45 10/100Mbps LAN port and one Console port Ø...
  • Page 7 Power Input 100 ~ 240V AC (+/-10%); 50/60Hz (+/-3%) auto-sensing Power Consumption 10 watts / 34BTU Dimensions 217 x 135 x 43 mm (1U height) Weight 1 Kg 0 to 50 degree C (operating) Temperature -20 to 70 degree C (storage) Humidity 10 ~ 90% RH (non-condensing) Regulatory...

  • Page 8: Chapter 2 Hardware Installation

    Chapter 2 HARDWARE INSTALLATION 2.1 Package Contents Item includes with ERT-805 serial router. Ø ERT-805 Serial WAN Router Ø Power Cord Ø DB9 to RJ-45 changer Ø Console cable Ø Quick Installation Guide and CD-ROM Black power cord CD-ROM user’s Guide &...
  • Page 9 RJ-45 Power 100~240VAC socket The two RJ-45 ports of ERT-805 are not a telephone port. Connect to a telephone wire or PSTN line to the ports may cause the router permanently malfunction. Warning! Serial cable is not bundled together with the router, please consult your local dealer for the available serial cable for your CSU/DSU modem.

  • Page 10: Installation Requirements & Physical Installation

    19-inch cabinet. Please consult with your local dealer for the available rack ear if you would to install the router into a 10-inch/19-inch shelf. You can also place the ERT-805 on the desktop, please install the router in a clean, dry environment. Avoid install the router in a place with moisture and water around/near-by.

  • Page 11: Power On The Device

    V.35 2.3.4 Power on the device ERT-805 accepts power input from 100 to 240VAC, 50/60Hz power source. Before connect the power cable to the router, please be sure the AC power output from your power outlet. The router must connected to earth ground during normal use.

  • Page 12: Chapter 3 Command Line Interface

    ERT_805# 3.1 Help command “?” and “Tab” keys are two help keys that help user to configure ERT-805. By using a “?” key in different operate mode, the system will display the help message that tell user what command they can use in different operate mode. For example:...

  • Page 13: Redisplay Previous Command

    ERT_805> ? disable Turn off privileged commands, enter GUEST user mode enable Turn on privileged commands exit Exit from the EXEC help Description of the interactive help system logout Exit from the EXEC Open a X.29 PAD connection ping Send echo messages Start IETF Point-to-Point Protocol (PPP) schedule Schedule one task...

  • Page 14: Ctrl-Z, Ctrl-C And Exit

    Once the terminal has connected to the device, power on the device, the terminal will display that it is running POST (Power on self-test) procedures. Then, screen as below will show up. The ERT-805 will prompt with “>”. This means ERT-805 is in operating mode now.
  • Page 15 telnet. If configures like below, the system will only ask for password when anyone access. For example set the password as “1234”. ERT805> enable ERT805# config t ERT805(config)# enable password 1234 ERT805(config)#line vty 0 4 ERT805(config-line)# login ERT805(config-line)# password cisco ERT805(config-line)# exi ERT805(config)# exit ERT805#...

  • Page 16: Password Encryption

    In default the system will display these password by clear. So the password is not very secure. The ERT-805 is offers a command that make the system display the password by cryptograph. For example: ERT_805# show run Building configuration ...
  • Page 17 crypto isakmp key 12345678 address 10.0.0.2 255.255.255.192 interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 interface serial 0/0 encapsulation ppp ip address 10.0.0.1 255.255.255.192 crypto map dynmap clockrate 48000 interface async 0/0 line vty 0 5 login password 7 wAVcXxom8sGSOA ip route 0.0.0.0 0.0.0.0 10.0.0.2 access-list 100 permit ip 192.168.99.0 0.0.0.255 192.168.98.0 0.0.0.255 ERT_805#...

  • Page 18: Chapter 4 Router Communication Protocol

    Chapter 4 Router Communication Protocol 4.1 RIP- Router Information Protocol The routing information Protocol (RIP) is a distance-vector protocol that used to exchange routing information between routers. RIP uses broadcast User Datagram Protocol (UDP) data packets to exchange routing information and rip is based on distance-vector algorithm. This routing protocol is determines the best path through an Internet by looking at the number of hops between the two end nodes.

  • Page 19: Rip Command

    convergence. Whenever a router changes the metric of a route, it is required to send update messages almost immediately 4.1.1.5 RIP Command router rip – enable rip in global configuration mode version - To specify a RIP version used globally by the router (version 1 and 2) auto-summary –...
  • Page 20 Building configuration ... description fault service password-encryption service timestamps debug hostname ERT_805 enable password 7 3EDRIxtqRWCA username router password 7 65WeJR6evnrR3mP crypto ipsec transform-set transform-1 esp-3des esp-md5-hmac crypto map dynmap 1 ipsec-isakmp set transform-set transform-1 set peer 10.0.0.2 match address 100 crypto isakmp policy 1 authentication pre-share group 1...

  • Page 21: Eigrp - Enhanced Interior Gateway Routing Protocol

    network 10.0.0.0 network 192.168.99.0 line vty 0 5 login password 7 wAVcXxom8sGSOA ip route 0.0.0.0 0.0.0.0 10.0.0.2 access-list 100 permit ip 192.168.99.0 0.0.0.255 192.168.98.0 0.0.0.255 ERT_805# ERT_805# show ip route Codes: A--all O--ospf S--static R--rip C--connected E--egp T--tunnel o--cdp D--EIGRP 0.0.0.0/0 [2/0] via 10.0.0.2 serial0/0* act 10.0.0.0/26 [0/1] via 10.0.0.1 serial0/0* act 10.0.0.2/32 [1/0] via 10.0.0.1 serial0/0* act...
  • Page 22 Bind-interface – enable EIGRP protocol on some interface Distance – define an administrative distance Distribute-list – filter networks in routing updates Metric/e – modify EIREP routing metrics and parameters Passive-interface - To disable sending routing updates on an interface. Redistribute eigrp – redistribute information from other routing protocol and there are some optional value allow user to configure which is bandwidth, delay, reliability, loading and mtu.

  • Page 23: Ospf- Open Shortest Path First

    authentication pre-share group 1 hash md5 crypto isakmp key 12345678 address 10.0.0.2 255.255.255.192 interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 interface serial 0/0 encapsulation ppp ip address 10.0.0.1 255.255.255.192 crypto map dynmap ip hold-time eigrp 1 20 clockrate 48000 interface async 0/0 router eigrp 1 network 192.168.99.0 network 10.0.0.0...

  • Page 24: Ospf Command

    information between non-backbone areas Stub area – this area do not accept router that belong to external autonomous system (AS). The routers in stub area use a default route to reach outside autonomous system. Totally stubby area – This area that does not accept routes from other intra-area and default routes to be propagated within the area.
  • Page 25 - key’s max length is 16 Bytes, it is valid when area’s authentification type is Cryptographic authentication Configuration Example Router Software Version 4220lab-RT805 on ERT805 (4.2c ) User Access Verification Password: ERT-805> enable...

  • Page 26: Ppp

    Password: ERT_805# show run Building configuration ... service password-encryption service timestamps debug hostname router enable password level 15 7 aNTUS0QSfz8T interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 interface serial 0/0 encapsulation hdlc ip address 10.0.0.1 255.255.255.192 ip ospf priority 255 clockrate 48000 interface async 0/0 router ospf 2...
  • Page 27 Ø PPP has a method for encapsulating multi-protocol datagrams Ø Link Control Protocol (LCP) establishes, configures, authenticates and testing the data-link connection. Ø Network Control Protocol (NCP) establish and configure different network-layer protocol. PPP provides two authentications which is: Ø Password Authentication protocol (PAP) Ø...
  • Page 28 Figure 4-2 Networking diagram of PAP and CHAP authentication example ROUTER A ROUTER B encapsulation ppp – encapsulation style to ppp style (interface command) ppp authentication [pap | chap - enable the PAP or CHAP authentication username username password password [callback-dialstring]– add the username and password of the peer into the local user.
  • Page 29 15 7 aNTUS0QSfz8T username ERT-805 password 7 SBFV4NgG60tV interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 interface serial 0/0 encapsulation ppp ip address 10.0.0.1 255.255.255.192 ppp authentication chap clockrate 48000 interface async 0/0 line vty 0 4...
  • Page 30 ip address 192.168.98.63 255.255.255.0 interface serial 0/0 encapsulation ppp ip address 10.0.0.2 255.255.255.192 ppp authentication chap interface async 0/0 line vty 0 4 login password 7 o2EUq2a6AFiY4D ip route 192.168.99.0 255.255.255.0 10.0.0.1 PAP example outer# show run Building configuration ... service password-encryption service timestamps debug hostname router...
  • Page 31 0/0 line vty 0 4 login password 7 hd3cpRj4s14LeA ip route 192.168.98.0 255.255.255.0 10.0.0.2 router# ERT-805# show run Building configuration ... service password-encryption service timestamps debug hostname ERT-805 enable password 7 5EVbxkwzBvfT username router password 7 qBjbURagjK0L interface fastethernet 0/0 ip address 192.168.98.63 255.255.255.0...

  • Page 32: Hdlc Protocol

    Building configuration ... service password-encryption service timestamps debug hostname router enable password level 15 7 aNTUS0QSfz8T username ERT-805 password 7 3hlZiJYY6pOn interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 interface serial 0/0 encapsulation hdlc ip address 10.0.0.1 255.255.255.192...
  • Page 33 router# router# debug hdlc s0/0 router# 03:59.544 %serial0/0 Hdlc Port debug turn on 04:01.399 serial0/0 HDLC O(len=162):CDP 01 b4 cc 27 00 01 00 0a 72 6f 75 74 65 04:01.399 72 00 02 00 11 00 00 00 01 01 01 cc 00 04 0a 00 00... 04:03.094 serial0/0 HDLC I(len=22):lmi peer_seq=155,local's=159 04:03.753 %HDLC serial0/0 Keepalive 04:03.753 serial0/0 HDLC O(len=22):lmi local_seq=160,peer's=155...

  • Page 34: Sna

    router# no 05:13.094 serial0/0 HDLC I(len=22):lmi peer_seq=162,local's=166de 05:13.753 %HDLC serial0/0 Keepalive 05:13.753 serial0/0 HDLC O(len=22):lmi local_seq=167,peer's=162 4.6 SNA 4.6.1 Introduction Switch-to-Switch Protocol (SSP) is a protocol specified in the DLSw standard that routers use to establish DLSw connections, locate resources, forward data, and handle flow control and error recovery.
  • Page 35 sdlc role – establish role of the interface sdlc-largest-frame- Set the largest I-frame size that can be sent or received by the designated SDLC station sdlc simultaneous [full-datemode | half-datamode] - full-datemode is enable the primary station to send data to and receive data from the polled secondary station. half-datamode is Prohibit the primary stations from sending data to the polled secondary station.
  • Page 36 hostname RouterA source-bridge ring-group 2000 dlsw local-peer peer-id 150.150.10.2 dlsw remote-peer 0 TCP 150.150.10.1 interface serial 8 IP address 150.150.10.2 255.255.255.192 clockrate 56000 interface tokening 0 no Ip address ring-speed 16 source-bridge 500 1 2000 source-bridge spanning Configuration for Router B hostname RouterB dlsw local-peer peer-id 150.150.10.1 dlsw remote-peer 0 TCP 150.150.10.2...

  • Page 37: Protocol

    4.7 X.25 Protocol The X.25 protocol is defines the connection between data terminal equipment (DTE) and circuit-terminating equipment (DCE). X.25 is the protocol of point-to-point interaction between DTE and DCE equipment. DTE usually refers to the host or terminal at the user side and DCE usually refers to the synchronous modem.
  • Page 38 types of VC, which is permanent virtual circuit (PVC) and switch virtual circuit (SVC). The different between PVC and SVC is PVC is permanently established connections used for frequent and consistent data transfers and not use call setup and call clear. encapsulation x25 [dce | dte] –...
  • Page 39 Request reverse charging initiating a call Request throughput-level negotiation while initiating a call Network user ID x25 t21 – set DTE call request retransmission timer x25 t22 – set DTE reset request retransmission timer x25 t23- set DTE clear request retransmission timer x25 r20 –...
  • Page 40 x25 address 87654321 x25 map ip 10.1.1.2 12345678 clockrate 9600 Router2: interface serial 1 encapsulation x25 dte ip address 10.1.1.2 255.255.0.0 x25 address 12345678 x25 map ip 10.1.1.1 87654321 Access packet switching network Figure 1-16 Accessing packet switching network Router1 s1:14.1.1.2/24 x121:14112 Router2...

  • Page 41: Frame Relay Protocol

    x25 map ip 14.1.1.2 14112 Set up network with PVC Router1: interface serial 1 encapsulation x25 ip address 14.1.1.1 255.255.255.0 x25 address 14111 x25 ltc 3 x25 pvc 1 ip 14.1.1.2 x25 pvc 2 ip 14.1.1.3 Router2: interface serial 1 encapsulation x25 ip address 14.1.1.2 255.255.255.0 x25 address 14112...
  • Page 42 The frame relay switch, which is responds one or more LMI types. There are three different LMI types: cisco, ansi and q933a. encapsulation frame-relay – encapsulation frame relay type on serial interface frame-relay map ip protocol address dlci [broadcast | gateway-down | interface-down | payload-compression] –...
  • Page 43 Figure 2-1 Configuration Example E1:142.10.2. Router1 7/24 S1:192.1.1.1 S1:192.1.1.3 host_b S1:192.1.1.2 Router2 E1:142.10.3. 7/24 142.10.3.6/ (1) Router1 Configuration: Router1>enable Router1#conf term Router1 (config)#interface s1 Router1 (config-if)#enca fram Router1 (config-if)#no sh Router1 (config-if)#Ip addr 192.1.1.1 255.255.255.0 Router1 (config-if)#fram first-dlci 16 Router1 (config-if)#fram map IP 192.1.1.2 16 Router1 (config-if)#fram map IP 192.1.1.3 17 Router1 (config-if)# exit Router1 (config)#int e1...
  • Page 44 Router2#conf term Router2 (config)#interface s1 Router2 (config-if)#enca fram Router2 (config-if)#no sh Router2 (config-if)#Ip addr 192.1.1.2 255.255.255.0 Router2 (config-if)#fram first-dlci 16 Router2 (config-if)#fram map IP 192.1.1.1 16 Router2 (config-if)#exit Router2 (config)#int e1 Router2 (config-if)#no shut Router2 (config-if)#Ip addr 142.10.3.7 255.255.255.0 Router2 (config-if)#exit Router2 (config)#IP route 142.10.2.0 255.255.255.0 192.1.1.1 Router2 (config)#exit Router2#wr...

  • Page 45: Chapter 5 Security

    [in | out] – applies an existing access-list as an incoming or outgoing to an interface. Access-list access-list number [permit | deny] protocol source-address source-wildcard destination-address destination-wildcard [operator port] – set the extended access-list rule. Standard access-list configuration example ERT-805# show run Building configuration ... service password-encryption service timestamps debug...
  • Page 46 1 permit host 192.168.98.62 access-list 1 permit host 192.168.98.63 access-list 1 permit host 192.168.98.64 access-list 1 permit host 10.0.0.0 access-list 1 deny any ERT-805# Extended access-list configuration example ERT-805# ERT-805# show run Building configuration ... service password-encryption service timestamps debug hostname ERT-805...
  • Page 47 48000 interface async 0/0 router rip network 192.168.98.0 network 10.0.0.0 line vty 0 4 login password 7 o2EUq2a6AFiY4D ip route 0.0.0.0 0.0.0.0 10.0.0.1 access-list 100 deny tcp 192.168.98.66 0.0.0.0 host 192.168.99.61 eq 21 access-list 100 permit ip any any ERT-805#...

  • Page 48: Nat - Network Address Translation

    5.2 NAT – Network Address Translation IP address depletion is a main problem that facing in the public network. NAT (network address translation) is a solution that allows the IP network of an organization to appear from the outside to use different IP address then it own IP address.
  • Page 49 Static NAT Configuration ERT-805# show run Building configuration ... service password-encryption service timestamps debug hostname ERT-805 enable password 7 5EVbxkwzBvfT username router password 7 qBjbURagjK0L interface fastethernet 0/0 ip address 192.168.98.63 255.255.255.0 ip nat inside interface serial 0/0 encapsulation ppp ip address 10.0.0.2 255.255.255.192...
  • Page 50 ERT-805# ERT-805# show ip nat translations Total 1 NAT translations Pro Inside Local Inside Global 192.168.98.62:0 10.0.1.1:0 ERT-805# Dynamic NAT Configuration ERT-805# show run Building configuration ... service password-encryption service timestamps debug hostname ERT-805 enable password 7 5EVbxkwzBvfT username router password 7 qBjbURagjK0L interface fastethernet 0/0 ip address 192.168.98.63 255.255.255.0...

  • Page 51: Vpn - Ipsec

    ip address 10.0.1.1 255.255.255.192 secondary ip nat outside ip access-group 1 out clockrate 48000 interface async 0/0 router rip network 192.168.98.0 network 10.0.0.0 line vty 0 4 login password 7 o2EUq2a6AFiY4D ip nat pool overload 10.0.1.1 10.0.1.1 netmask 255.255.255.192 ip nat inside source list 1 pool overload overload access-list 1 permit 192.168.98.62 0.0.0.255 access-list 1 permit 10.0.0.2 0.0.0.255 ! 5.3 VPN - IPSec...
  • Page 52 crypto ipsec security-association lifetime [ kilobytes | seconds] – to modify the time value when negotiating Ipsec security. crypto map map-name map number [ ipsec-isakmp | ipsec-manual] – create a crypto map entry. Ipsec-isakmp is used to establish the Ipsec security for protecting the traffic. Ipsec-maunal is not using IKE to establish the ipsec secutiry.
  • Page 53 crypto isakmp key keystring address peer-address – configure preshared authentication key crypto isakmp policy priority – to define Internet Key exchange (IKE) policy hash encryption group authentication lifetime show crypto ipsec sa – shows current connections and information regarding encrypted and decrypted packets.
  • Page 54 match address 100 crypto isakmp policy 1 authentication pre-share group 1 hash md5 crypto isakmp key 12345678 address 10.0.0.2 255.255.255.192 interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 interface serial 0/0 encapsulation ppp ip address 10.0.0.1 255.255.255.192 crypto map dynmap clockrate 48000 interface async 0/0 line vty 0 5 login...
  • Page 55 hostname router enable password 7 7JDUhlA4A907 username scott password 7 phTLTNmZFcwY3D crypto ipsec transform-set transform-1 esp-3des esp-md5-hmac crypto map dynmap 1 ipsec-isakmp set transform-set transfrom-1 set peer 10.0.0.1 match address 100 crypto isakmp policy 1 authentication pre-share group 1 hash md5 crypto isakmp key 12345678 address 10.0.0.1 255.255.255.192 interface fastethernet 0/0 ip address 192.168.98.63 255.255.255.0...
  • Page 56 router# router# debug crypto isakmp router# 22:34.011 Crypto ISAKMP debugging is on router# term router# terminal m router# terminal monitor router# 23:03.993 IPSEC: SEND KEEYALIVE ON PEER 10.0.0.2 23:03.993 recv msg type=331, msg=08 0a 00 00 01 0a 00 00 02 23:03.993 recv Ipsec Msg 23:03.994 recv DPD req 23:03.994 creat a DPD struct...
  • Page 57 router# show crypto ipsec sa interface: serial0/0 Crypto map tag:dynmap, local addr:10.0.0.1 Local ident (addr/mask/prot/port):192.168.99.0/255.255.255.0/0/0 Remotel ident (addr/mask/prot/port):192.168.98.0/255.255.255.0/0/0 PERMIT,flags={origin_is_acl,} Current Peer:10.0.0.2 #pkts encaps:1160 ,pkts encrypts:1160, pkts digest:1160 #pkts decaps:1160 ,pkts decrypts:1160, pkts verify:1160 #pkts send errrors:0 ,pkts receive errors:0 local crypto endpt.:10.0.0.1, remote crypto endpt.:10.0.0.2 inbound esp sas: Spi: 0X103(259) transform: esp-md5-hmac, esp-3des...
  • Page 58 Configure Ipsec Manual between routers Router 2 eth:192.168.98.63 s0/0 10.0.0.2 Router 1 configuration ERT-805# show run Building configuration ... service password-encryption service timestamps debug hostname ERT-805 enable password level 15 7 EJketQjD8uBh crypto ipsec transform-set test esp-des crypto map dynmap 1 ipsec-manual set transform-set test set peer 10.0.0.1...
  • Page 59 10.0.0.0 line vty 0 4 login password 7 iFEdTlElgPbW4D access-list 100 permit ip 192.168.98.0 0.0.0.255 192.168.99.0 0.0.0.255 Router 2 configuration ERT-805# router# show run Building configuration ... service password-encryption service timestamps debug hostname router enable password level 15 7 aNTUS0QSfz8T...
  • Page 60 ip address 192.168.99.64 255.255.255.0 interface serial 0/0 encapsulation ppp ip address 10.0.0.1 255.255.255.192 crypto map dynmap interface async 0/0 router rip network 192.168.99.0 network 10.0.0.0 line vty 0 4 login password 7 hd3cpRj4s14LeA ip route 0.0.0.0 0.0.0.0 10.0.0.2 access-list 100 permit ip 192.168.99.0 0.0.0.255 192.168.98.0 0.0.0.255 router# Dynamic example Router 1- central router...
  • Page 61 match address 100 crypto map mm 1 ipsec-isakmp dynamic dy crypto isakmp policy 1 authentication pre-share hash md5 crypto isakmp key 1234 address 10.0.0.2 255.255.255.192 interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 ip address 192.168.99.64 255.255.255.0 interface serial 0/0 encapsulation ppp ip address 10.0.0.1 255.255.255.192 crypto map mm clockrate 48000...
  • Page 62 Building configuration ... service password-encryption service timestamps debug hostname ERT-805 enable password 7 uh4a5s35v9i6 crypto ipsec transform-set scott esp-des ah-md5-hmac crypto map mm 1 ipsec-isakmp set transform-set scott set peer 10.0.0.1 match address 100 crypto isakmp policy 1 authentication pre-share hash md5 crypto isakmp key 1234 address 10.0.0.1 255.255.255.192...
  • Page 63 0.0.0.0 0.0.0.0 serial 0/0 access-list 100 permit ip 192.168.98.0 0.0.0.255 192.168.99.0 0.0.0.255 ERT-805# router# show crypto ipsec sa interface: serial0/0 Crypto map tag:dynmap, local addr:10.0.0.1 Local ident (addr/mask/prot/port):192.168.99.0/255.255.255.0/0/0 Remotel ident (addr/mask/prot/port):192.168.98.0/255.255.255.0/0/0 PERMIT,flags={origin_is_acl,} Current Peer:10.0.0.2 #pkts encaps:1160 ,pkts encrypts:1160, pkts digest:1160...
  • Page 64 Y outbound pcp sas: router# GRE Example Router 1 ERT-805> enable Password: ERT-805# show run Building configuration ... service password-encryption service timestamps debug hostname ERT-805 enable password 7 at1a2V/tbD6b crypto ipsec transform-set marc esp-3des ah-md5-hmac initialization-vector size 8...
  • Page 65 0/0 router rip version 1 network 192.168.99.0 network 10.0.0.0 line vty 0 31 access-list 100 permit ip 192.168.99.0 0.0.0.255 10.0.0.0 0.0.0.255 ERT-805# Router 2 router# show run Building configuration ... service password-encryption service timestamps debug hostname router enable password 7 wonRBhc01DcE...
  • Page 66 crypto map mm 1 ipsec-isakmp set transform-set marc set peer 10.0.0.1 match address 100 crypto isakmp policy 1 authentication pre-share hash sha crypto isakmp key 1234 address 10.0.0.1 255.0.0.0 interface fastethernet 0/0 ip address 192.168.98.63 255.255.255.0 ip nat inside interface serial 0/0 encapsulation hdlc ip address 130.0.1.1 255.255.0.0 tunnel 10.0.0.2 10.0.0.1 ip address 10.0.0.2 255.0.0.0 secondary...

  • Page 67: Firewall- Context-Based Access Control (Cbac)

    1 permit 192.168.98.62 0.0.0.255 access-list 100 permit ip 10.0.0.0 0.0.0.255 192.168.99.61 0.0.0.255 router# ERT-805# show ip route Codes: A--all O--ospf S--static R--rip C--connected E--egp T--tunnel o--cdp D--EIGRP, EX--EIGRP external, O--OSPF, IA--OSPF inter area N1--OSPF NSSA external type 1, N2--OSPF NSSA external type 2 E1--OSPF external type 1, E2--OSPF external type 2 [Distance/Metric] g<Group#>...
  • Page 68 Ø Neighbor router authentication Ø Even logging CBAC uses timeout and thresholds to determine how long to manage information for a session and when to drop the session that connects is failed. CBAC is only check with TCP and UDP but not ICMP. The following example is showing the user how to configure CBAC.
  • Page 69 show ip inspect interface – show interface configuration with inspection rule and access-list show ip inspect session – display the current session that have been established debug ip inspect events – display the information about CBAC events debug ip inspect object-creation – display the message about object that create by CBAC. debug ip inspect object-deletion –...
  • Page 70 ip route 0.0.0.0 0.0.0.0 10.0.0.1 ip inspect audit-trail ip inspect max-incomplete low 100 ip inspect max-incomplete high 120 ip inspect one-minute low 100 ip inspect one-minute high 120 ip inspect tcp synwait-time 50 ip inspect name test http ip inspect name test ftp ip inspect name test udp ip inspect name test tcp ip inspect name test smtp...
  • Page 71 25:54.379 CBAC: RCV TCP packet 192.168.99.61:21=>192.168.98.62:1412 serial0/0 25:54.569 CBAC: RCV TCP packet 192.168.98.62:1412=>192.168.99.61:21 fastethern 25:54.569 et0/0 25:58.813 CBAC: RCV TCP packet 192.168.98.62:1412=>192.168.99.61:21 fastethern 25:58.813 et0/0 25:58.850 CBAC: RCV TCP packet 192.168.99.61:21=>192.168.98.62:1412 serial0/0 25:58.975 CBAC: RCV TCP packet 192.168.98.62:1412=>192.168.99.61:21 fastethern 25:58.975 et0/0 25:59.714 CBAC: RCV TCP packet 192.168.98.62:1412=>192.168.99.61:21 fastethern 25:59.714 et0/0...

  • Page 72: Radius Security (Aaa)

    29:37.201 CBAC: delete a session table (40235) 29:40.059 CBAC: delete a session table (40232) 29:45.059 CBAC: delete a session table (40230) 29:58.059 CBAC: delete a host session table 29:58.059 CBAC: delete a session table (40236) 5.5 Radius Security (AAA) AAA (Authentication Authorization Accounting) is the way that allows access to the network server and what services they are allow using once they have access.
  • Page 73 router# show run Building configuration ... service password-encryption service timestamps debug hostname router enable password 7 St3Yuxw1NBTq aaa authentication ppp scott radius aaa accounting network scott start-stop radius username scott password 7 1clZ5Mnm-XEu interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 interface serial 0/0 encapsulation ppp ip address 10.0.0.1 255.255.255.192...
  • Page 74 192.168.99.63 router# Router 2 ERT-805> enable Password: ERT-805# show run Building configuration ... service password-encryption service timestamps debug hostname ERT-805 enable password 7 uh4a5s35v9i6 interface fastethernet 0/0 ip address 192.168.98.63 255.255.255.0 interface serial 0/0 encapsulation ppp ip address 10.0.0.2 255.255.255.192...
  • Page 75 0.0.0.0 0.0.0.0 serial 0/0 ERT-805# CHAP Example Router 1 router# show run Building configuration ... service password-encryption service timestamps debug hostname router enable password 7 St3Yuxw1NBTq aaa authentication ppp scott radius aaa accounting network scott start-stop radius username scott password 7 1clZ5Mnm-XEu interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0...
  • Page 76 4 radius-server host 192.168.99.63 acct-port 1646 auth-port 1645 router# Router 2 ERT-805> enable Password: Password: ERT-805# show run Building configuration ... service password-encryption service timestamps debug hostname ERT-805 enable password 7 uh4a5s35v9i6 interface fastethernet 0/0 ip address 192.168.98.63 255.255.255.0...

  • Page 77: Debug Radius

    10.0.0.0 network 192.168.98.0 line vty 0 4 login password 7 3Z4SNtmYpBT6BC ip route 0.0.0.0 0.0.0.0 serial 0/0 ERT-805# Debug radius 13:51.914 #Line serial0/0 Protocol Up 13:51.921 Radius: Send to 192.168.99.63:1646, Accounting_Request, id 0xfe, len 13:51.921 52 13:51.922 Attribute type: ATTR_USER_NAME, len: 7 13:51.922...

  • Page 78: Chapter 6 Qos

    Quality of service (QOS) is use to improve the network efficiency. ERT-805 provides some different QOS, which are CAR, Policy-based Routing, Weight fair queuing and class-map 6.1 CAR – Committed Access Rate CAR (Committed Access Rate) is allows user to limit the output transmission rate on an interface. CAR provides two qualities of service functions: Ø...
  • Page 79 – display information about CAR for an interface Configuration Example router# show run Building configuration ... service password-encryption service timestamps debug hostname ERT-805 enable password 7 uh4a5s35v9i6 interface fastethernet 0/0 ip address 192.168.98.63 255.255.255.0 interface serial 0/0 encapsulation ppp ip address 10.0.0.2 255.255.255.192...
  • Page 80 password 7 3Z4SNtmYpBT6BC ip route 0.0.0.0 0.0.0.0 serial 0/0 access-list 100 permit tcp any any eq www access-list 101 permit tcp any any eq ftp router# router# show interface s0/0 rate-limit Output matches: access-group 100 params: 9600 bps, 24000 limit, 32000 extended limit conformed 3582 packets, 219373 bytes;...

  • Page 81: Policy-Based Routing

    6.2 Policy-based Routing PBR (policy-based routing) is allows user manually to defined policy that how to received packets should be routed and also allows user to identify packets using several attributes to specify the next hop to which the packet should be sent. route-map map-name [deny | permit] sequence-number –...

  • Page 82: Class-Map And Policy-Map

    router rip version 2 network 10.0.0.0 network 192.168.98.0 line vty 0 4 login password 7 k2CZPVdrqEggyC route-map richard match ip address 1 set interface serial 0/0 set ip next-hop 10.0.0.1 access-list 1 permit 192.168.98.62 0.0.0.255 router# 6.3 Class-map and policy-map Class-map command is a global command which is for specify a traffic class containing match criteria.
  • Page 83 any – match any packets match input-interface – specify an input interface to match match class-map class-map name – specify the traffic class as a match criterion. match ip rtp lower bound of UDP destination prot – configure class-map that use rtp protocol port as match criterion match protocol ip [ tcp | upd] tcp/udp port number –...
  • Page 84 enable password 7 wonRBhc01DcE class-map match-any test match access-group 101 match protocol ip tcp 80 match input-interface serial 0/0 class-map match-any test1 match access-group 102 match protocol ip tcp 80 match input-interface serial 0/0 policy-map richard class test bandwidth percent 60 queue-limit 2 class test1 bandwidth percent 40...
  • Page 85 login password 7 k2CZPVdrqEggyC ip route 192.168.99.0 255.255.255.0 10.0.0.1 access-list 1 permit 192.168.98.62 0.0.0.255 access-list 101 permit ip host 192.168.98.62 any access-list 102 permit ip host 192.168.98.63 any router# router# show policy-map interface s0/0 serial0/0 Service-policy output: marc Class-map: test (match-any) 13765 packets, 842504 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: access-group 100...

  • Page 86: Queue

    Weighted Fair Queueing Output Queue: Conversation Bandwidth 40 (%) Max Thresh 2 (packets) (pkts matched/bytes matched) 0/0 Class-map: class-default (match-all) 137 packets, 8713 bytes 5 minute offered rate 153 bps, drop rate 0 bps Match any router# router# show class-map Class Map match-any class-default (id 0) Match any Class Map match-any test (id 1)

  • Page 87: Fifo- First In First Out

    ERT-805 is provides four different types of queue that is FIFO (default in all router), WFQ (Weighed fair queuing), priority queuing and custom queuing. 6.4.1 FIFO- First IN First Out The traffic for FIFO is transmitted in the order received, without regard bandwidth consumption. In FIFO all packets is treated equally.

  • Page 88: Priority Queuing

    interface async 0/0 router rip network 192.168.98.0 network 10.0.0.0 line vty 0 4 login password 7 kdWL6UXPkdPV/B ip route 0.0.0.0 0.0.0.0 serial 0/0 router# show queueing fair Current fair queue configuration: Interface Discard threshold serial0/0 router# show queue s0/0 Weighted Fair Queueing Input queue: 0/0/0 (size/max/drops);...
  • Page 89 priority queuing based on protocol type priority-list list number interface interface type interface no [high | medium | normal | low] – Establish priority queuing for all traffic entering on an incoming interface priority-list list number default [high | medium | normal | low] - those packets that doesn’t match any other rule in queue priority-list list number queue-limit –...
  • Page 90 interface async 0/0 router rip network 10.0.0.0 network 192.168.98.0 line vty 0 5 login password 7 tF4VZx7eRx5VcC ip route 0.0.0.0 0.0.0.0 10.0.0.1 access-list 100 permit tcp host 192.168.99.61 host 192.168.98.62 access-list 100 permit ip any any priority-list 2 protocol ip high tcp 80 priority-list 2 protocol ip high list 100 priority-list 2 interface fastethernet 0/0 medium priority-list 2 protocol ip normal...

  • Page 91: Custom Queuing

    limit 30 router# router# show queue s0/0 Priority Queueing, priority-list 2 router# router# show int s0/0 serial0/0 is administratively up, line protocol is up Hardware is RT800-E Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open IPCP Open, CCP Closed, CDP Open, MPLSCP Close Queueing strategy: priority-list 2 Output queue: (priority #: size/max/drops/forwards), IP: 10.0.0.2 high: 0/15/0/508 medium: 0/20/0/814...
  • Page 92 Queue-keyword Fragments List queue-list list number interface interface type interface number queue number – Establish priority from a given interface queue-list list number default queue number – Assigns the queue number for those packets that doesn’t match any rule in custom queue. queue-list list number queue queue number limit limit number –...
  • Page 93 Configuration Example router# show run Building configuration ... service password-encryption service timestamps debug hostname router enable password 7 Pl2cGlY8liD4 interface fastethernet 0/0 ip address 192.168.98.63 255.255.255.0 interface serial 0/0 encapsulation ppp ip address 10.0.0.2 255.255.255.192 custom-queue-list 10 interface async 0/0 router rip network 10.0.0.0 network 192.168.98.0...
  • Page 94 queue-list 10 default 5 queue-list 10 protocol ip 1 list 1 router# router# show int s0/0 serial0/0 is administratively up, line protocol is up Hardware is RT800-E Encapsulation PPP, loopback not set, keepalive set (10 sec! IPCP Open, CCP Closed, CDP Open, MPLSCP Close Queueing strategy: custom-queue-list 2 Output queues: (queue #: size/max/drops/forwards), IP: 10.0.0.2 0:0/20/0/58 1:0/20/0/38 2:0/20/0/0 3:0/20/0/1914...
  • Page 95 router# show queueing custom Current custom queue configuration: List Queue Args default protocol ip interface serial0/0 protocol ip protocol ip byte-count 115200 router# port 80 list 1 limit 10...

  • Page 96: Appendix A Upgrade Firmware

    Please follow the steps to upgrade firmware: Find and download the latest firmware from PLANET Web site. Connect Console port to ERT-805 Serial WAN Router Change to DPS-mode and run mrcom32.exe (this program can be found in the CD-ROM menu, directory “/utility”)
  • Page 97 Then press enter still see the Input File Name, type in the file’s name and press enter again 10. Then press 3 to restart Router Now, the ERT-805 is with the firmware file just downloaded.

  • Page 98: Appendix B Router Dialing

    Appendix B Router Dialing ERT-805 is support dial-up from modem which is allow user to remote to office from other place. And the commands are: Physical-layer async – configure serial interface as an async interface async mode [dedicated | interactive ] – specify line mode for interface use dialer-list list number protocol ip [ deny | list | permit ] –...
  • Page 99 ip route 12.0.0.0 255.0.0.0 10.1.1.2 dialer- list 1 protocol ip permit Configuring router Router2 int s1 encap ppp ip address 10.1.1.2 255.0.0.0 physical-layer async async mode dedicate line flowcontrol hardware line cd normal line speed 9600 dialer in-band line inactive-timer 60 dialer- list 1 protocol ip permit...

  • Page 100: Appendix C Cables / Pin-Assignment For Ert-805

    Appendix C Cables / Pin-assignment for C.1 V.35 DTE – CB-ERTV35-MT Pin to ERT-805 Description MODE_1 MODE_0 MODE_DCE Shield B_DCD/DCD+ GND+ I_RXD/TXD+ I_RXD/TXD– O_TXD/RXD+ O_TXD/RXD– I_CTS/RTS+ I_DSR/DTR+ O_RTS/CTS O_DTR/DSR+ I_RXC/TXCE+ I_RXC/TXCE– O_TCXE/RXC+ 0_TXCE/RXC– B_TXC/TXC+ B_TXC/TXC– C.2 V.35 DCE – CB-ERTV35-FC...

  • Page 101: V.24 Dte - Cb-Ert232-Mt

    I_RXD/TXD– O_TXD/RXD+ O_TXD/RXD– I_CTS/RTS+ I_DSR/DTR+ O_RTS/CTS O_DTR/DSR+ I_RXC/TXCE+ I_RXC/TXCE– O_TCXE/RXC+ 0_TXCE/RXC– B_TXC/TXC+ B_TXC/TXC– C.3 V.24 DTE – CB-ERT232-MT Pin to ERT-805 Description MODE_1 MODE_0 MODE_DCE Shield B_DCD/DCD+ I_RXD/TXD+ O_TXD/RXD+ I_CTS/RTS+ I_DSR/DTR+ O_RTS/CTS O_DTR/DSR+ I_RXC/TXCE+ O_TCXE/RXC+ Twisted pair no. 6 —>...

  • Page 102: V.24 Dce - Cb-Ert232-Fc

    C.4 V.24 DCE – CB-ERT232-FC Pin to ERT-805 Description MODE_1 MODE_0 MODE_DCE Shield B_DCD/DCD+ I_RXD/TXD+ O_TXD/RXD+ I_CTS/RTS+ I_DSR/DTR+ O_RTS/CTS O_DTR/DSR+ I_RXC/TXCE+ O_TCXE/RXC+ Twisted pair no. 6 —> B_TXC/TXC+ C.5 X.21 DTE – CB-ERTX21-MT Pin to ERT-805 Description MODE_1 MODE_0 MODE_DCE...

  • Page 103: X.21 Dce - Cb-Ertx21-Fc

    O_TXD/RXD- I_CTS/RTS+ I_DSR/DTR+ O_RTS/CTS O_DTR/DSR+ I_RXC/TXCE+ I_RXC/TXCE- C.6 X.21 DCE – CB-ERTX21-FC Pin to ERT-805 Description MODE_1 MODE_0 MODE_DCE Shield I_RXD/TXD+ I_RXD/TXD- O_TXD/RXD+ O_TXD/RXD- I_CTS/RTS+ I_DSR/DTR+ O_RTS/CTS O_DTR/DSR+ O_TCXE/RXC+ 0_TXCE/RXC– Twisted pair no. 2 <— <— Twisted pair no. 4 —>...

  • Page 104: Console Cable

    C.7 RJ-45 Console Cable The ping out of the RJ-45 console cable bundled in the package is as following: 1…………………………………..8 2…………………………………..7 3……………………………………6 4…………………………………..5 5…………………………………..4 6…………………………………..3 7…………………………………..2 8…………………………………..1 C.8 DB9 to RJ45 The pin out of the DB9 to RJ-45 accessory bundled together with the package are as following. 1………………………………..4 2………………………………..6 3………………………………..3...

Table of Contents