1. Manuals
  2. Brands
  3. Perle Manuals
  4. Network Router
  5. P840
  6. Reference manual

Perle P840 Reference Manual

Bridge/router with vpn
Hide thumbs Also See for P840:
Table of Contents

Advertisement

Quick Links

Download this manual
Perle P840
Bridge/Router with VPN

Reference Manual

All Software Versions
Part number 5500063-12
© copyright 2002 by Perle Systems Ltd.

Advertisement

Table of Contents
loading

Related Manuals for Perle P840

Summary of Contents for Perle P840

  • Page 1: Reference Manual

    Perle P840 Bridge/Router with VPN Reference Manual All Software Versions Part number 5500063-12 © copyright 2002 by Perle Systems Ltd.
  • Page 2 The P840 router can be thought of as a group of discrete functions combined in a single box. The first functional module is the LAN interface, which receives all LAN traffic and then decides where individual frames should be sent: to the IP router, to the bridge, to the management system, or discarded altogether.

  • Page 3: Arp-Address Resolution Protocol

    IP Routing and the P840 Router The P840 router may be used to route between subnets within the same network or between different networks. Network broadcasts sent within a subnet-routed environment will not be forwarded to the other subnets in the network.

  • Page 4: The Complete Ip Connection

    Introduction The Complete IP Connection The following are the steps that a frame of data will take when being transmitted from an originating station on an IP network to a destination station on a different IP network. In this example, the two networks are separated by a third network. Originating station will send an ARP request if it does not have the MAC address of the destination station.

  • Page 5: Ip Header Details

    Each of the fragments is assigned a fragment offset value, which determines where the fragment fits into the original IP frame. The P840 router will accept fragmented frames directed to itself and reassemble them, but it will not fragment frames.

  • Page 6: Icmp Messages

    Introduction Source Routing Source routing is used to predetermine the path that the IP frame must travel through the network. There are two types of source routing: strict source routing and loose source routing. Strict source routing will contain a list of IP addresses of routers that must be used when the IP frame is sent through the network.

  • Page 7: Rip-Routing Information Protocol

    Ping The “ping” message is actually a query status message that may be sent to devices on the LAN to query their operation status. The ping message is basically a message asking “Are you alive?” The LAN device will reply with a message if it is active.

  • Page 8: The Initial Bridging Process

    P840 router will resolve the media conflicts that might have otherwise prevented the consolidation of these resources. The P840 router will also fit right into those environments that may require more than one bridge by using the IEEE 802.1D Spanning Tree Protocol.

  • Page 9: Aging Timer

    In summary, the P840 router will “learn” the location of a station by examining the source Ethernet address, and will “filter” frames based on destination address.

  • Page 10: Address Purging

    These tables may be displayed and modified with the bridge/router options discussed in this manual. Access is made locally from each Bridge/Router Console or one bridge/router can be made Master, able to control all functions of a partner P840 router. Filled Address Table Sometimes filter address table may become full.

  • Page 11: Link Compression

    IP address to each P840 router in your network that you wish to use to make Telnet connections. Once a bridge/router has an IP address, any other P840 router may connect to it by entering the IP address in the connection attempt.
  • Page 12 Introduction Compression Ratio Figure 1 —3 Typical Compression Ratios by File Type Data compression will give a 56/64 Kbps link an effective throughput range from 112/128 Kbps when transferring binary files, to 364/384 Kbps when transferring graphic files. This increased throughput significantly reduces the bandwidth required between the LANs to achieve a given performance level, and also allows the use of lower-cost transmission facilities.

  • Page 13: Wan Topologies

    Bandwidth On Demand Each P840 router has the ability to automatically enable or disable a second link based on traffic activity, or time of day. The Bandwidth on Demand feature allows you to use a second link only when required, thus saving the cost of having the second link up and connected all of the time.

  • Page 14: Operating Software Upgrades

    Time of Day Connect Application In addition to the Bandwidth on Demand feature, the P840 router has the ability to establish link connections based on a specific time-of-day schedule. Either one or two links may be controlled using the Time of Day feature. The Time of Day feature may also be used in conjunction with the Bandwidth on Demand feature.

  • Page 15: Isdn Connection Management

    The generation of the regular status inquiries and responses normally generated by the two devices involved in the LAN connection is performed by the P840 ISDN bridge/router while the ISDN call is suspended. Wide Area Network Topologies Supported Two types of Wide Area Network (WAN) topologies are supported with Connection Management 1.

  • Page 16: Auto-Call (Time-Of-Day Connections)

    An Auto-Call connection is an ISDN connection that is established each time the P840 attempts to start the link. This starting of the links occurs each time a P840 powers up or when the link goes through a restart or at the times specified by the Time-of-Day Activation Schedule.

  • Page 17: Address Connect

    If the P840 can determine the route to the destination network address, the frame is passed along to one of the currently connected partner P840 Routers. If the destination network is not located on a currently connected partner P840, the local P840 will then look in the Address Connect table to determine which partner P840 to call.

  • Page 18: Connection Process

    256 limit of the table. The 257th and greater LAN sessions will not be allowed by the P840. While an ISDN call is up and connected, all traffic within the sessions will be transferred to the partner P840 across the ISDN call.

  • Page 19: Protocol Awareness

    IP Client-Server sessions are established between devices located on the LANs that are routed by the P840 router. If the P840 is to manage the ISDN calls between the routed LANs, the P840s on each WAN end of the Client-Server session must be aware of the session and also must become actively involved in the maintenance of the session.
  • Page 20 RIP packets. When the P840 receives a keepalive packet from the LAN for one of the sessions, the P840 will not activate the ISDN call and will not pass the keepalive packet to the remote LAN. The P840 will generate a response to the keepalive packet and send it to the originator of the packet.

  • Page 21: Termination Process

    If the device does not respond to five consecutive keepalive packets sent from the P840, the P840 will determine that the device has gone away and the P840 will send a packet to each end of the TCP session to shut down the session.

  • Page 22: Pinout Information

    Console Connector The console connector on the P840 is a DCE interface on a RJ45 pinout. The supplied DB9 to RJ45 converter should be used to connect to the DB9 connector of a DTE terminal. This connection will then provide access to the built-in menu system.

  • Page 23: Event Logs

    The P840 router generates event logs for various functions performed by the bridge/router. All of the event logs are stored in the internal event log file, which is accessible through the Network Events menu. Certain event logs are classified as alarms because they are deemed to be of higher urgency. Alarm logs are indicated by an asterisk (“*”) at the start of the alarm text and are printed on the ALARM line on the menu system as well as being stored in...
  • Page 24 Completed BCP negotiation with <remote site alias> Generated when the Bridging Control Protocol negotiation has been completed with the remote site device associated with the stated remote site profile. Once BCP negotiations are complete, IP routing may take place between the two routers. Completed CCP negotiation with <remote site alias>...
  • Page 25 Event Logs ISDN link has had no traffic for longer than specified by the idle timer and has been disconnected. Incorrect password from <IP address> Generated when an incorrect password is given for a Telnet connection. The connecting bridge/router’s name or IP address is specified. After three incorrect login attempts within ten minutes, an alarm is generated (see Security alarms: “Possible intruder”) and any further attempts from that IP address within the next ten minutes are rejected.
  • Page 26 LCP X authenticating peer with PAP Generated when this device is using PAP to authenticate the peer (remote) device. LCP X establishing Generated when the Link Control Protocol of a PPP link or remote site is establishing between this device and the remote site PPP device.
  • Page 27 Event Logs Restoring boot DNLDSEG configuration Generated upon entering Network Load Mode to initialize specific configuration information required for retrieving new code image. Generated upon entering operational after a successful code burn into flash. Restoring boot EEPROM configuration Generated when restoring values in EEPROM configuration, this occurs when entering a load or operational mode.
  • Page 28 Station address table has been filled Generated when the station address table is filled. This event is not regenerated until the table size drops below 3/4 full and then fills again. STP disabled Generated when STP is disabled. STP enabled Generated when STP is enabled.

  • Page 29: Alarm Logs

    Event Logs Alarm logs: * Bad internal block checksum detected Generated when power up diagnostics finds a fault in the internal block of the EEPROM. * Closing remote site X (call limit) Generated when the specified number of calls has been exceeded. * Closing remote site X (callback failure) Generated when the remote site interpreted the call sequence as a callback.
  • Page 30 * Closing remote site X (usage limit) Generated due to reaching usage limit for this 24 hour period. * Config. erase failed Generated when, during a software update, the device configuration is not erased from the non-volatile memory within the time limit. Possible hardware fault. * Configuration saved Generated when the save configuration option has been activated.
  • Page 31 Event Logs * DHCP server – out of addresses in IP pool Generated when the last address from the DHCP IP Address pool has been assigned to a device. * Download aborted – Incomplete file Generated when a TFTP download is aborted before the file transfer is complete * Download aborted –...
  • Page 32 * FTP server added to firewall The IP address of the FTP server added to the table of services available through the firewall. * FTP server removed from firewall The IP address of the FTP server removed from the table of services available through the firewall. * ISDN BRI interface deactivated Generated when the ISDN link module has lost a physical connection to the NT-1.
  • Page 33 Event Logs * Link X Disconnect: Y Generated when the disconnect of an ISDN call is completed. This event is generated on both sides of the ISDN call. The cause will be one of the causes as specified in the CCITT Recommendation Q.931. Causes of “normal call clearing”, “User busy”, and “Number changed”...
  • Page 34 Code Incoming calls barred within CUG Call waiting not subscribed Bearer capability not authorized Bearer capability not presently available Service or option not available, unspecified Bearer capability not implemented Channel type not implemented Transit network selection not implemented Message not implemented Requested facility not implemented Only restricted digital information bearer capability is available Service or option not implemented, unspecified...
  • Page 35 Event Logs * Link X down Generated when a WAN link goes down. * Link X down to <remote site alias> Generated when a PPP ISDN call to a remote site is dropped. * Link X down to <remote site alias> Generated when a WAN link connection to the specified remote site goes down.
  • Page 36 * Local DNS server added to firewall The IP address of the Local DNS server added to the table of services available through the firewall. * Local DNS server removed from firewall The IP address of the Local DNS server removed from the table of services available through the firewall. * NAT UDP flooding –...
  • Page 37 Event Logs * Old download method! Load in \”*.all\” file Generated when an attempt is made to load a *.fcs or *.lda format program file into hardware which will only accept *.all format code. * Old format configuration, using default Generated when the saved configuration does not match the expected correct revision number.
  • Page 38 * Running in System Load mode Generated when entering System Load Mode in preparation for a download of code to be burned into flash. * SECURITY ALERT: SNMP community <X> has write access enabled to “ALL” hosts The SNMP community displayed has had write access enabled to all hosts on the network; anyone may access any host to make changes.
  • Page 39 Event Logs * Unable to bind UDP Boot P server port Generated as a result of an internal device error. Try resetting the device. If this is unsuccessful, contact a service representative. * Unable to bind UDP DHCP server port Generated as a result of an internal device error.
  • Page 40 CHAP failed to complete Generated when the remote site router sent a CHAP challenge and this P840 sent a response, but no further information was received from the remote site router. CHAP login refused by <remote site alias>...

  • Page 41: Programmable Filtering

    The P840 router provides three built-in functions – in addition to defined programmable masks – to control the access to resources. The first function is “Filter if Source the second is “Filter if Destination The third function allows you to change the filter operation from “positive”...
  • Page 42 Filtering Security—“Filter if Destination” Filter if Destination is a function that allows you to filter an Ethernet frame based on the destination of its address. If the destination address equals the address that the Filter if Destination function has been applied to, the frame is filtered.
  • Page 43 Security—“Filter if Source” Filter if Source is a function that allows you to filter an Ethernet frame if the source address of the frame equals the address that the Filter if Source function has been applied to. Example: Assume that a Personal Computer is located on segment 1 on the local bridge/router. This station is a community station that various departments may use for general processing.
  • Page 44 Filtering The bridge/router will prompt you for the LAN that the station is located on; enter the name of the partner bridge/router LAN (LAN345678, for example). Note that the Status of the address is marked as [present], the location is updated to LAN345678 and the Permanent entry is [enabled].
  • Page 45 From the MAC ADDRESS FILTERS MENU, enter a 1. This will place you at the first EDIT MAC ADDRESS FILTER MENU screen. At the prompt enter the MAC address for which you want to specify the filter. Enter the 12-digit Ethernet address of the host system in the following format: Return) The edit screen will fill in the information that the table knows about this address.
  • Page 46 Filtering From the MAC ADDRESS FILTERS MENU, make sure that the Filter Operation is currently set to “negative”. This will cause the MAC Address Filters specified to be used for forwarding frames with the specified MAC addresses. At this menu, enter a 1. This will place you at the first EDIT MAC ADDRESS FILTER MENU screen.

  • Page 47: Pattern Filter Operators

    Pattern Filter Operators The following operators are used in creating Pattern filters and will be discussed further in the following pages. For additional information refer to the octet locations diagrams at the back of this manual. Each octet location may contain a HEX value.
  • Page 48 Ethernet frame, and therefore is transparent to the normal bridging function. If you would like to discriminate against a particular protocol to prevent its use of the bridged LAN facilities, the P840 router provides programmable filter masks that may be defined to act on any part of the Ethernet frame.
  • Page 49 Filtering In this case, whenever a frame is received, the frame will be filtered if the protocol type is NOT equal to 0800 (IP). Only one filter pattern may be used that contains the NOT operator.
  • Page 50 Filtering Transport Control Protocol / Internet Protocol (TCP/IP) The previous example showed how to filter all Ethernet frames that contained an IP protocol packet. However, IP is used as the Network-layer protocol for more than 40 different Transport-layer protocols, TCP being only one of them.

  • Page 51: Bandwidth Conservation

    Bandwidth Conservation Reducing traffic on each LAN segment is one benefit of the bridging functions of a P840 router. There are several simple methods that may be used to provide a further reduction of inter-LAN traffic. The examples that follow present a few very simple methods to reduce inter-LAN traffic, without necessarily reducing resource capability.

  • Page 52: Internet Addresses

    Filtering General Restrictions Bridge Filter Masks may be created to generally restrict access for various purposes. Some of these purposes may be to filter specific combinations of information. This section will generally depict masks that may be created to control traffic across the bridged LAN network.

  • Page 53: Mask Combinations

    Mask Combinations Mask combinations may be required to ensure that a frame is sufficiently qualified before the decision to filter is made. The qualification a frame must go through before a filter decision is made depends on the reason for the filter. Nonetheless, a few examples below have been provided that should aid in the creation of a mask that may require that extra little bit of qualification.
  • Page 54 IP frame, and therefore is subject to the IP routing function. If you would like to discriminate against a particular protocol to prevent its usage of the routed LAN facilities the P840 router provides programmable filter masks that may be defined to act on any part of the IP frame.

  • Page 55: Octet Locations On A Bridged Tcp/Ip Frame

    Frame Formats This appendix provides octet locations for the various portions of three of the common Ethernet frames. When creating pattern filters these diagrams will assist in the correct definition of the patterns. The offset numbers are indicated by the numbers above the frame representations.

  • Page 56: Ethernet Type Codes

    Frame Formats ETHERNET TYPE CODES Type Code 0800 0801 0804 0805 0806 0807 6001 6002 6003 6004 6005 6006 6007 8035 803D 803F 809B 80D5 80F3 8137-8138 814C 8863 8864 Description DOD IP X.75 Internet Chaosnet X.25 Level 3 XNS Compatibility DEC MOP Dump/Load DEC MOP Remote Console DEC DECNET Phase IV Route...
  • Page 57 Frame Formats Octet Locations on an IP Routed TCP/IP Frame...

  • Page 58: Octet Locations On A Bridged Xns Frame

    Frame Formats Octet Locations on a Bridged XNS Frame...

Table of Contents