1. Manuals
  2. Brands
  3. Cyclades Manuals
  4. Network Router
  5. Access Router Cyclades-PR1000
  6. Installation manual

Cyclades Access Router -PR1000 Installation Manual

Access router
Hide thumbs Also See for Access Router Cyclades-PR1000:
Table of Contents

Advertisement

Quick Links

Download this manual
Cyclades-PR1000
Installation Manual
Access Router
Cyclades Corporation

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the Access Router Cyclades-PR1000 and is the answer not in the manual?

Questions and answers

Related Manuals for Cyclades Access Router Cyclades-PR1000

Summary of Contents for Cyclades Access Router Cyclades-PR1000

  • Page 1 Cyclades-PR1000 Installation Manual Access Router Cyclades Corporation...
  • Page 2 Cyclades-PR1000 Installation Manual Version 1.2 – May 2002 Copyright (C) Cyclades Corporation, 1998 - 2002 We believe the information in this manual is accurate and reliable. However, we assume no responsibility, financial or otherwise, for any consequences of the use of this product or Installation Manual. This manual is published by Cyclades Corporation, which reserves the right to make improvements or changes in the products described in this manual as well as to revise this publication at any time and without notice to any person of such revision or change.

  • Page 3: Table Of Contents

    Cyclades-PR1000 CHAPTER 1 HOW TO USE THIS MANUAL ... 7 Installation Assumptions ... 8 Text Conventions ... 8 Icons ... 9 Cyclades Technical Support and Contact Information ... 10 CHAPTER 2 WHAT IS IN THE BOX ... 12 The V.35/RS-232 Model ... 13 The X.21 Model ...
  • Page 4 Cyclades-PR1000 Other Parameters ... 44 CHAPTER 6 THE SWAN INTERFACE ... 45 CHAPTER 7 NETWORK PROTOCOLS... 48 The IP Protocol... 49 The Transparent Bridge Protocol ... 51 CHAPTER 8 DATA-LINK PROTOCOLS (ENCAPSULATION) ... 52 PPP (The Point-to-Point Protocol) ... 52 HDLC ...
  • Page 5 Cyclades-PR1000 OSPF Global Configurations ... 72 CHAPTER 10 CYROS, THE OPERATING SYSTEM ... 77 Creation of the host table ... 77 Creation of user accounts and passwords ... 77 IP Accounting ... 79 CHAPTER 11 NAT (NETWORK ADDRESS TRANSLATION) ... 80 Types of Address Translation ...
  • Page 6 Cyclades-PR1000 CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATION ... 104 APPENDIX A TROUBLESHOOTING ... 109 What to Do if the Login Screen Does Not Appear When Using a Console..109 What to Do if the Router Does Not Work or Stops Working..110 Testing the Ethernet Interface ...

  • Page 7: Chapter 1 How To Use This Manual

    Cyclades-PR1000 CHAPTER 1 HOW TO USE THIS MANUAL Three Cyclades manuals are related to the PR1000. 1 The Quick Installation Manual -- provided with the router, 2 The Installation Manual -- available electronically on the Cyclades web site, 3 The CyROS Reference Guide -- also available electronically on the Cyclades web site. CyROS stands for the Cyclades Routing Operating System.

  • Page 8: Installation Assumptions

    Cyclades-PR1000 Chapter 12 - Filters and Rules - demonstrates how to protect your router from undesired traffic. Chapter 13 - IPX - presents the hidden menus available only in routers with IPX activated. Chapter 14 - Virtual Private Network - describes CyROS’ VPN implementation. Appendix A - Troubleshooting - provides solutions and tests for typical problems.

  • Page 9: Icons

    Cyclades-PR1000 Icons Icons are used to draw attention to important text. Icon Meaning What is Wrong? Where Can I Find More Information? Caution! Reminder. Chapter 1 - How To Use This Manual When an error is common, text with this icon will mention the symptoms and how to resolve the problem.

  • Page 10: Cyclades Technical Support And Contact Information

    Cyclades-PR1000 Cyclades Technical Support and Contact Information All Cyclades products include limited free technical support, software upgrades and manual updates. These updates and the latest product information are available at: http://www.cyclades.com ftp://ftp.cyclades.com/pub/cyclades Before contacting us for technical support on a configuration problem, please collect the information listed below.
  • Page 11 Cyclades-PR1000 The mailing address and general phone numbers for Cyclades Corporation are: Cyclades Corporation Phone: + 01 (510) 770-9727 Fax: + 01 (510) 770-0355 41829 Albrae Street Fremont, CA 94538 Chapter 1 - How to Use This Manual...

  • Page 12: Chapter 2 What Is In The Box

    Cyclades-PR1000 CHAPTER 2 WHAT IS IN THE BOX The Cyclades-PR1000 comes in two varieties, described below. Both models are accompanied by the following accessories: • Quick Installation Manual • Documentation CD containing the complete Installation Manual and the CyROS Reference Guide •...

  • Page 13: The V.35/Rs-232 Model

    Cyclades-PR1000 The V.35/RS-232 Model Power Source To Wall Outlet Figure 2.1 shows which cables (purchased separately) should be used for each type of modem and how everything should be connected. The pinout diagrams of these cables are provided in Appendix B of the Installation Manual. Chapter 2 - What is in the Box Back Panel of PR1000 DB-25...

  • Page 14: The X.21 Model

    Cyclades-PR1000 The X.21 Model Power Source To Wall Outlet Figure 2.2 shows which cable (purchased separately) should be used for an X.21 modem and how everything should be connected. The pinout diagram of this cable appears in Appendix B of the Installation Manual. Cyclades recommends the use of Category 5, shielded twisted-pair cables for Fast Ethernet connections.

  • Page 15: Horizontal Surfaces

    Cyclades-PR1000 Horizontal Surfaces The Velcro® strips should be used to attach the PR1000 more firmly to a horizontal surface. Remove the backing from the prickly Velcros® and attach them to the router as shown in the figure. Remove the backing from the fuzzy Velcros®...

  • Page 16: Vertical Surfaces

    Cyclades-PR1000 Next, place the PR1000 on the horizontal surface, aligning the fuzzy and prickly Velcros® as shown in Figure 2.4. Cyclades-PR1000 Horizontal Surface Where the PR1000 Will be Secured FIGURE 2.4 HOW TO ATTACH THE PR1000 TO A HORIZONTAL SURFACE Vertical Surfaces There are two slots in the base of the PR1000 to allow it to be affixed to a vertical surface.
  • Page 17 Cyclades-PR1000 Cyclades-PR1000 Two 5mm Ø Screws with Nylon Fixings Screw Slot 184,8 mm or 7.27 in Vertical Surface Where the PR1000 Will be Secured FIGURE 2.5 POSITIONING OF SCREWS Chapter 2 - What is in the Box...
  • Page 18 Cyclades-PR1000 Place the center of the screw slots over the screws and slide the router down so the screws hold the router in place as shown in Figure 2.6. Cyclades-PR1000 Vertical Surface Where the PR1000 Will be Secured FIGURE 2.6 HOW TO ATTACH THE PR1000 TO A VERTICAL SURFACE Note that the PR1000 can be hung with the LEDs facing up or facing down, whichever is more convenient.

  • Page 19: Chapter 3 Using Cyros Menus

    Cyclades-PR1000 Chapter 3 Using CyROS Menus This chapter explains CyROS menu navigation and special keys. There are three ways to interact with CyROS: • Traditional menu interface using a console or Telnet session, • CyROS Management Utility based on interactive HTML pages, •...
  • Page 20 Cyclades-PR1000 Once the console connection is correctly established, a Cyclades banner and login prompt should appear on the terminal screen. Pressing <ESC> during the boot process will temporarily halt initialization and present several options: IP address of the router, IP address of the boot server, boot from network, MAC address, etc. If the login prompt does not appear, see the first section of the troubleshooting appendix for help.

  • Page 21: Special Keys

    Cyclades-PR1000 Special Keys <Enter> or <Ctrl+M> These keys are used to end the input of a value. <ESC> or <Ctrl+I> These keys are used to cancel a selection or return to the previous menu. In some isolated cases, this key forwards you to the next menu in a series of menus at the same level.

  • Page 22: The Cyros Management Utility

    Cyclades-PR1000 The CyROS Management Utility After one of the interfaces has been connected and configured, there is another way to interact with CyROS. Type the IP address in the location field in an HTML browser of a PC connected locally or remotely through the configured interface.
  • Page 23 Cyclades-PR1000 The link Configuration Menu Interface will present an HTML version of the CyROS Main Menu, described previously. Clicking on an interface will show its current status and some additional information. Clicking on End HTTP Session will terminate the connection. Chapter 3 - Using CyROS Menus...

  • Page 24: Chapter 4 Step-By-Step Instructions For Common Applications

    Cyclades-PR1000 CHAPTER 4 STEP-BY-STEP INSTRUCTIONS FOR COMMON APPLICATIONS This chapter provides detailed examples that can be used as models for similar applications. Turn to the example that is closest to your application, read the explanations, and fill in the blank spaces with parameters appropriate to your system.
  • Page 25 Cyclades-PR1000 Please read the entire example and follow the instructions before turning the router on. The router is programmed to log the super user off after 10 minutes of inactivity. All data not explicitly saved to memory is then lost. Collecting the data while configuring the router will likely cause delays and frustration.
  • Page 26 Cyclades-PR1000 Parameter Example IP fragmentation - Ignore Bit DF Local ICMP Port Inactive Incoming Rule List None, filters are not included in this example. Outgoing Rule List None, filters are not included in this Name example. Proxy ARP Inactive IP Bridge Inactive FIGURE 4.2 ETHERNET NETWORK PROTOCOL MENU PARAMETERS (CONTINUED) STEP TWO...
  • Page 27 Cyclades-PR1000 STEP THREE The network protocol parameters, shown in Figure 4.4, are similar to those for the Ethernet interface. Fill in the parameters for your network in the right-most column. Menu CONFIG=>INTERFACE=>SWAN=>NETWORK PROTOCOL=>IP Parameter Example Active or Inactive Active enables IP communication (IPX and Transparent Bridge are not used in this example).
  • Page 28 Cyclades-PR1000 STEP FOUR The Encapsulation parameters for PPP are less straight-forward. Many of them are based on decisions that cannot be shown in a diagram. Fortunately, the choices made here will mostly affect the performance of the link, rather than whether it works or not. Fill in the parameters appropriate for your system, consulting chapter 8 of the Installation Manual for more information if necessary.
  • Page 29 Cyclades-PR1000 STEP FIVE Since a modem is used in the example, the dial-out table must be configured. This is done as shown in Figure 4.6. Menu CONFIG=>SYSTEM=>MODEMS=>DIAL OUT TABLE=>ADD Parameter Example IP Address Type in any valid IP address not on the local network.
  • Page 30 Cyclades-PR1000 STEP SIX Two static routes must be added to tell the router that all traffic not intended for the local LAN should be sent to the Access Provider. Chapter 9 of the Installation Manual explains static routes and other routing methods available in CyROS.
  • Page 31 Cyclades-PR1000 Menu CONFIG=>STATIC ROUTES=>IP=>ADD ROUTE Parameter Example Destination IP Address Type in the word "DEFAULT". Gateway or Interface Gateway Gateway IP address Use the same value as for Destination IP Address in the previous table. Metric Is This a Backup Route? OSPF Advertises This Static Route FIGURE 4.8 STATIC ROUTE MENU PARAMETERS FOR GATEWAY ROUTE...
  • Page 32 Cyclades-PR1000 Menu CONFIG =>SECURITY =>NAT =>LOCAL ADDRESS =>ADD RANGE Parameter Example First IP Address 192.168.0.10 Last IP Address 192.168.0.30 FIGURE 4.10 NAT LOCAL ADDRESS RANGE MENU PARAMETERS The factory preset values for all other NAT parameters are appropriate for this example. STEP NINE Now that the parameters have been defined, enter into each menu described above, in the order presented (read chapter 3, Using Menus, if you have not done so already).

  • Page 33: Example 2 A Lan-To-Lan Example Using Frame Relay

    Cyclades-PR1000 Example 2 A LAN-to-LAN Example Using Frame Relay This section will guide you through a complete router installation for the connection of two LANs via Frame Relay. Figure 4.11 shows the example system used in this section. Spaces have been provided next to the parameters needed for the configuration where you can fill in the parameters for your system.
  • Page 34 Cyclades-PR1000 STEP ONE The first step is to determine the parameters needed to configure the Ethernet interface (ETH0). The parameters in the Network Protocol Menu (IP) are shown in Figure 4.12. Fill in the blanks for your application in the right-most column.
  • Page 35 Cyclades-PR1000 STEP TWO No more parameters are necessary for the Ethernet interface. The other interface to be configured is the SWAN in slot 1. The SWAN physical media parameters are shown in Figure 4.13. Fill in the values for your application. The SWAN configuration is described in more detail in chapter 6 of the Installation Manual.
  • Page 36 Cyclades-PR1000 STEP THREE The network protocol parameters, shown in Figure 4.14, are similar to those for the Ethernet interface. Fill in the parameters for your network in the right-most column. Menu CONFIG=>INTERFACE=>SWAN=>NETWORK PROTOCOL=>IP Parameter Example Active or Inactive Active enables IP communication (IPX and Transparent Bridge are not used in this example).
  • Page 37 Cyclades-PR1000 STEP FOUR The Encapsulation parameters for Frame Relay are less straight-forward. Many of them are based on decisions that cannot be shown in a diagram. Fortunately, the choices made here will mostly affect the performance of the link, rather than whether it works or not. Fill in the parameters appropriate for your system, consulting chapter 8 of the Installation Manual for more information if necessary.
  • Page 38 Cyclades-PR1000 At the end of the parameter list shown above, the DLCI menu appears. Choosing Add DLCI will lead to the parameters shown in Figure 4.16. The <ESC> key used at any time during the Frame Relay encapsulation parameter list will also bring up the DLCI menu. A DLCI entry must be created for every remote Frame Relay network to be contacted.
  • Page 39 Cyclades-PR1000 STEP FIVE Now that the central office’s LAN has been defined, a route must be added to tell the router that the remote site’s LAN is at the other end of the line. Creating a static route is the simplest way to do this. Chapter 9 of the Installation Manual explains static routes and other routing methods available in CyROS.
  • Page 40 Cyclades-PR1000 STEP SEVEN The Ethernet interface can be tested as described in the troubleshooting appendix. The SWAN interface can be tested in a similar manner. At this point, you should create a backup of the configuration file (in binary) and print out a listing of the configuration.

  • Page 41: Chapter 5 Configuration Of The Ethernet Interface

    Cyclades-PR1000 CHAPTER 5 CONFIGURATION OF THE ETHERNET INTERFACE The PR1000 has one Ethernet 10/100Base-T interface, provided in a standard RJ-45 modular jack, which should be connected to an Ethernet hub or switch. Use a standard 10/100Base-T straight-through cable (not included). When the Ethernet link is correctly connected, the link LED will be lit.
  • Page 42 Cyclades-PR1000 Network Protocol Menu (Continued) Parameter Description Secondary IP Applies to Numbered interfaces. Indicates a second (or third, etc. up to eight) IP address Address that can be used to refer to this interface. This parameter and the next are repeated until no value is entered.

  • Page 43: Ip Bridge

    Cyclades-PR1000 IP Bridge An IP Bridge is used to divide a network without subnetting. Whenever a subnetwork is created, two IP numbers are lost — one describing the network and the other reserved for broadcast. This does not occur with an IP Bridge.

  • Page 44: Other Parameters

    Cyclades-PR1000 In Figure 5.1, an example of the use of an IP Bridge is given. From the available IP addresses, the range 200.240.240.4 to 200.240.240.8 is bridged to another physical location. The following parameters apply only for IP Bridge. Network Protocol Menu (Continued) -- (IP Bridge) Parameter Description IP Bridge...

  • Page 45: Chapter 6 The Swan Interface

    Cyclades-PR1000 CHAPTER 6 THE SWAN INTERFACE This chapter describes how to configure a SWAN interface. The physical link should be set up as shown in chapter 2, according to the type of modem or device at the other end of the connection and the type of SWAN port.
  • Page 46 Cyclades-PR1000 STEP TWO The second step is to choose a data-link protocol in the Encapsulation menu. There are many encapsulation options on this interface. For synchronous communication: Frame Relay: the Frame Relay Protocol is based on frame switching and constructs a permanent virtual •...
  • Page 47 Cyclades-PR1000 STEP FOUR If PPP Encapsulation is being used, a type of authentication should be chosen. This is done in the authentication menu. Authentication Menu CONFIG=>INTERFACE=>SWAN=>AUTHENTICATION Parameter Description Authentication Type Local uses the list of users defined in CONFIG=> SECURITY=>USERS=>ADD. Server uses either Radius or Tacacs to authenticate the user.

  • Page 48: Chapter 7 Network Protocols

    Cyclades-PR1000 CHAPTER 7 NETWORK PROTOCOLS The second step in most interface configurations is to choose which network protocol to use and assign values to the relevant parameters. At least one of IP, Transparent Bridge, or IPX (optional, and discussed in chapter 13) must be activated.

  • Page 49: The Ip Protocol

    Cyclades-PR1000 The IP Protocol If the preset values provided by the operating system are accepted, the interface will work at a basic level. The most common options are explained in the following table. Network Protocol (IP) Menu CONFIG=>INTERFACE=><LINK>=>NETWORK PROTOCOL=>IP Parameter Description Active or Inactive Activates this interface.
  • Page 50 Cyclades-PR1000 Network Protocol (IP) Menu (Continued) Parameter Description IP MTU Assigns the size of the Maximum Transmission Unit for the interface. This determines whether or not a given IP datagram is fragmented. IP Fragmentation - Ignore When this parameter is set to No, the DF (Do Not Fragment) bit in the IP header Bit DF causes IP to reject a packet that is oversized: the router sends an ICMP message back to the sender.

  • Page 51: The Transparent Bridge Protocol

    Cyclades-PR1000 The Transparent Bridge Protocol The Transparent Bridge Protocol can be used in conjunction with either IP or IPX. A detailed explanation of its use appears in section 4.6 of the CyROS Reference Guide. Transparent Bridge Menu CONFIG=>INTERFACE=>SWAN=>NETWORK PROTOCOL=>TRANSPARENT BRIDGE Parameter Description Status...

  • Page 52: Chapter 8 Data-Link Protocols (Encapsulation)

    Cyclades-PR1000 CHAPTER 8 DATA-LINK PROTOCOLS (ENCAPSULATION) Each encapsulation option is presented in a separate section in this chapter. Not all data-link protocols are available for all interfaces. PPP (The Point-to-Point Protocol) PPP is the only encapsulation option than can be either synchronous or asynchronous. It is important to choose between them in CONFIG =>INTERFACE =><LINK>...
  • Page 53 Cyclades-PR1000 PPP Menu (Continued) Parameter Description Disable LCP Echo LCP (Link Control Protocol) messages are normally exchanged to monitor the status Requests of the link. Disabling these messages reduces traffic, but the link then has no way of knowing if the other end is still connected. Time Interval to Send Config Request messages are used to negotiate the parameters at the start of a PPP Config Requests...

  • Page 54: Hdlc

    Cyclades-PR1000 HDLC This data-link protocol is a proprietary alternative to PPP. It has only one parameter, the HDLC Keepalive Interval . This is the time interval between transmission of Keepalive messages. The receiver of these messages must send keepalive messages with the same frequency or will be considered inoperative. Frame Relay FR supports multiple connections over a single link.
  • Page 55 Cyclades-PR1000 Parameter Description Encapsulation RFC1490 - IETF is the standard used by most equipment. The Cisco option should be used Type when the PR is communicating with a router configured to use the default Cisco standard. SNAP IP Indicates that the Sub-Network Access Protocol should be used. The router on the sending end must be using the same header type (NLPID or SNAP) as the router on the receiving end.
  • Page 56 Cyclades-PR1000 STEP TWO After configuring the general parameters, each DLC must be defined. An example will be used to demonstrate the procedure. A public Frame Relay network connecting offices in São Paulo, Rio de Janeiro, Salvador, and Recife is shown in Figure 11.1. Each router will have a routing table pairing destination network with router interface and gateway.
  • Page 57 Cyclades-PR1000 Data link connections are defined in the Add DLCI menu, which appears at the end of the Frame Relay parameter list. It can be reached by passing through all parameters or by using the <ESC> key at any point in the parameter list.
  • Page 58 Cyclades-PR1000 Add DLCI Menu CONFIG=>INTERFACE =><LINK> =>ENCAPS =>FRAME RELAY => <ESC> =>ADD DLCI Parameter Description DLCI Number Used to identify the DLC. This number is supplied by the Public Frame Relay network provider. The DLCIs are stored in a table which can be seen with the L command. Frame Relay Determines the method used for mapping the remote IP address to the Permanent Address Map...
  • Page 59 Cyclades-PR1000 To edit the DLCI table, use the list command (CONFIG=>INTERFACE=><LINK>=>ENCAPSULATION =>FRAME RELAY=>L) to discover the number CyROS has assigned to each table entry. It will not be the same as the DLCI. Router Modem Modem Switch / DCE Switch / DCE X.25 Modem Modem...

  • Page 60: X.25

    Cyclades-PR1000 X.25 A Cyclades Router can act either as a DTE (Data-terminal Equipment) connected to a public X.25 network or as a DTE or DCE (Data circuit-terminating Equipment) as part of a private X.25 network. The first case is discussed in this chapter.
  • Page 61 Cyclades-PR1000 X.25 Menu (Continued) Parameter Description Number of Virtual Circuits Indicates the maximum number of virtual circuits (total of PVCs and SVCs) allowed on this interface. The maximum is 128. Number of Permanent Indicates the number of permanent virtual circuits that will be connected through Virtual Circuits this interface.

  • Page 62: With Pad (Packet Assembler/Disassembler)

    Cyclades-PR1000 STEP TWO The next step is to create a static routing table associating each remote X.121 address with an IP address or a TCP Socket location. This is done in the Add DTE menu, which appears at the end of the X.25 parameter list. It can be reached by passing through all X.25 parameters or by using the <ESC>...

  • Page 63: Chapter 9 Routing Protocols

    Cyclades-PR1000 CHAPTER 9 ROUTING PROTOCOLS Routing Strategies Routing can be done either statically or dynamically. Static Routing Static routing is recommended when the network contains a small number of routers and other equipment. When a system is simple and without redundant links, static routing is the simplest option. Even with some redundant links, a multilink circuit can be created for semi-dynamic routing behavior.
  • Page 64 Cyclades-PR1000 Network 2 142.10.0.2 Router 1 142.10.0.1 10.0.0.3 10.0.0.0 Mask: 255.0.0.0 In the first example, three networks are connected by 2 routers. The routing table for router 1 will automatically include servers A,B,C, and D, as they are direct links. A static route must be created for access to Network 3. This type of route, a Gateway route, tells the router that any message not intended for hosts A, B, C or D should be sent to Router 2.
  • Page 65 Cyclades-PR1000 Slot 1 Router 1 10.0.0.3 ETH0 Figure 9.2 shows another static routing example to explain the Gateway or Interface parameter. Between the two routers is a point-to-point connection. Another network could be created, but is not necessary. Both routers can be assigned unnumbered interfaces, because everything that leaves one router is sent to the other.
  • Page 66 Cyclades-PR1000 Add Static Route Menu CONFIG =>STATIC ROUTES =>IP =>ADD ROUTE Parameter Description Destination IP Address that route will lead to. To configure a default route, type "default" for this Address parameter, otherwise enter 0.0.0.0 in both this and the next parameter. Both Examples -- for the static route between Router 1 and Network 3, the IP address is 192.168.100.0.

  • Page 67: Rip Configuration

    Cyclades-PR1000 RIP Configuration CyROS supports three basic types of RIP: 1 RIP1 [RFC 1058] 2 RIP2 with broadcast (compatible with RIP1) [RFC 1723] 3 RIP2 with multicast [RFC 1723] The primary difference between RIP1 and RIP2 is that only RIP2 advertises subnet masks and next hops. If the network contains equipment that understands only RIP1 packets, then RIP1 or RIP2 with broadcast should be used.

  • Page 68: Ospf

    Cyclades-PR1000 OSPF The OSPF (Open Shortest Path First) routing protocol is significantly more complicated than RIP. The determination of which protocol is better suited to a given network is beyond the scope of this manual. An example network using OSPF is given in Figure 9.3. Router 0 Router 1 Link 1...
  • Page 69 Cyclades-PR1000 First, some definitions: • An Autonomous System (AS) is a portion of the network that will use a single routing strategy. It is made up of a backbone area and optionally of non-backbone areas. • OSPF Areas are sub-systems that have identical routing databases. An area generally has no knowledge of the routing databases of other areas.

  • Page 70: Ospf Configuration On The Interface

    Cyclades-PR1000 OSPF Configuration on the Interface STEP TWO Contrary to most other protocols in CyROS, OSPF must first be configured on each interface, then configured in the CONFIG =>IP =>OSPF menu. Enter into each interface and set the parameters listed in the table. OSPF Menu CONFIG =>INTERFACE =>...
  • Page 71 Cyclades-PR1000 OSPF Menu (Continued) Parameter Description Retransmit Interval Time in seconds between link-state advertisement retransmissions for adjacencies in Seconds* belonging to this interface. Hello Interval in Time in seconds between the hello packets on this interface. Seconds* Dead Interval in Inactivity time (seconds) before a neighbor router is considered down.

  • Page 72: Ospf Global Configurations

    Cyclades-PR1000 OSPF Global Configurations STEP THREE After completing the OSPF interface configuration for all interfaces (even those that will not use OSPF), navigate to the OSPF Menu, CONFIG=>IP=>OSPF. Enter into the OSPF Global Commands menu and set the parameters as indicated in the table below. OSPF Global Commands Menu CONFIG =>IP =>OSPF =>GLOBAL Parameter Description...
  • Page 73 Cyclades-PR1000 OSPF Global Commands (Continued) Parameter Description Transit Area ID ID of the OSPF Area sandwiched between this router and the backbone. In the figure, area 2 is the area used to link Router 8 with the Backbone. This ID has the form of an IP address.
  • Page 74 Cyclades-PR1000 STEP FOUR The next step is to define the areas created in step two. This is done in the OSPF Area Menu. Area Menu CONFIG =>IP =>OSPF =>AREA Parameter Description Area ID Has the format of an IP address, but is not linked to any IP address in the system. Use the CONFIG=>IP=>OSPF=>L option to see which areas have been defined, and use the area ID here.
  • Page 75 Cyclades-PR1000 STEP FIVE The CONFIG =>IP =>OSPF =>NEIGHBORS menu is required if the router uses OSPF over non-broadcast multi- access interfaces such as X.25 and Frame Relay. If this is the case, set the parameters described in the following table. Neighbors Menu CONFIG=>IP =>OSPF =>NEIGHBORS Parameter Description...
  • Page 76 Cyclades-PR1000 STEP SIX It is not always possible to connect all areas directly to the backbone. When an area is connected to the backbone only through another area, two virtual links must be created. One from the backbone to the unattached area and one from the unattached area to the backbone.

  • Page 77: Chapter 10 Cyros, The Operating System

    Cyclades-PR1000 CHAPTER 10 CYROS, THE OPERATING SYSTEM This chapter explains various operating system features that are not covered in other chapters: creation of the host table • creation of user accounts and passwords • IP Accounting • Creation of the host table CyROS allows identification of hosts by name.
  • Page 78 Cyclades-PR1000 Other users can be created and the user “usr” can be assigned a password. The password of the super user should be changed as soon as possible. The menu CONFIG=>SECURITY=>USERS allows addition, deletion, and modification of the list of users. The parameters are: User Name, •...

  • Page 79: Ip Accounting

    Cyclades-PR1000 The super user has access to all menus. The usr user is shown a menu, upon sucessful login, with the items chosen in the user’s profile. The pppauto user is connected directly to the user via PPP. No menu appears. The auto user is connected via telnet directly to the host specified as host 1 in the user profile.

  • Page 80: Chapter 11 Nat (Network Address Translation)

    Cyclades-PR1000 CHAPTER 11 NAT (NETWORK ADDRESS TRANSLATION) NAT exists to convert local IP addresses into Internet “global” IP addresses. Internet IP addresses are assigned by Internet providers. Due to the explosion of the internet, these numbers are scarce. Certain ranges of IP addresses are reserved for internal use only —...
  • Page 81 Cyclades-PR1000 Two servers that are accessed via the same global IP address, assigned statically. • There are two types of NAT available in CyROS -- Normal NAT and Expanded NAT. This chapter describes Expanded NAT. A description of Normal NAT appears in Chapter 4 of the CyROS Reference Guide. What is the difference between Expanded and Normal Mode NAT? The Normal Mode is a previous implementation of NAT used in the Power Router line.

  • Page 82: Types Of Address Translation

    Cyclades-PR1000 NAT Static Translation Table Global address 200.240.230.225 / 200.240.230.225 / 200.240.230.225 / Types of Address Translation In dynamic address translation, a pool of global IP addresses is loosely related to a pool of local IP addresses. Mapping of one onto the other is done dynamically whenever a computer on the local network requests a connection to the external network.
  • Page 83 Cyclades-PR1000 An overview of the NAT menu is shown in the table below. NAT Menu CONFIG =>SECURITY =>NAT Menu Option Description General Parameters for enabling NAT and choosing the NAT Mode. Also includes port translation option. Global Address The first and last IP addresses in the range. In the example, these numbers are 200.240.230.225 and 200.240.230.238.
  • Page 84 Cyclades-PR1000 STEP TWO The parameters in the Timeout Menu are explained in more detail below. The preset values should be appropriate for most applications. Timeout and Options Menu CONFIG =>SECURITY =>NAT =>TIMEOUT AND OPTIONS Parameter Description UDP Timeout Inactivity time required before a UDP translation is removed from the translation table. An entry is created in the translation table the first time a UDP packet passes through the interface.
  • Page 85 Cyclades-PR1000 STEP FOUR If static translations are to be performed, as described in the example, the parameters in the Static Translation Menu must be set. A brief explanation of each parameter is given in the table. Static Translation Menu CONFIG =>SECURITY =>NAT =>STATIC TRANSLATION => ADD ENTRY Parameter Description Global IP Address...

  • Page 86: Chapter 12 Rules And Filters

    Cyclades-PR1000 CHAPTER 12 RULES AND FILTERS There are four basic types of rules: 1 IP filter rules, 2 Radius rules (actually a combination of previously defined IP filter rules), 3 traffic control rules, and 4 transparent bridge rules (similar to IP filter rules, but for applications that use a transparent bridge). IP filter rules and traffic control rules will be covered in detail in this chapter.
  • Page 87 Cyclades-PR1000 Config Rules List Chapter 12 - Filters and Rules Add Rule List Edit Rule List Same as Add Rule List Configure Rules Rule List Name Add Rule Delete Rule Clear Rule List Edit Rule FIGURE 12.1 THE RULES LIST MENU TREE Rule List Name Rule Status Rule List Type...
  • Page 88 Cyclades-PR1000 Exterior Router Slot 1 ETH0 192.168.0.2 192.168.0.3 Bastion Host 10.0.0.0 Figure 12.2 will be used to show how both an exterior router and an interior router would be configured using the filters available in CyROS. Chapter 12 - Filters and Rules Perimeter Network 192.168.0.0 192.168.0.1...
  • Page 89 Cyclades-PR1000 Exterior Router The exterior router is the network’s first defense against attacks. For this reason, it is reasonable to prohibit all packets except for those explicitly allowed. This is done by choosing the Default Scope to be Deny . Thus, ALL desired traffic must be expressly allowed by the rules in the rule list.
  • Page 90 Cyclades-PR1000 Steps necessary to activate filtering on the exterior router in the example: 1 There are two interfaces with two directions each. Filtering on link 1 requires the creation of two rule lists, called exterior_in and exterior_out. Create them using the menu CONFIG =>RULES LIST =>IP =>ADD RULE LIST and the following parameters: Rule List Type = Filter Default Scope = Deny...
  • Page 91 Cyclades-PR1000 Rules Lists Rule List Name exterior_in exterior_out ------------------------------------------------------------------------------ FILTER_LIST NAME: exterior_in ## PROT OP Source IP Address Destination IP Address 192.168.0.3 ------------------------------------------------------------------------------ FILTER_LIST NAME: exterior_out ## PROT OP Source IP Address Destination IP Address 192.168.0.3 FIGURE 12.4 OUTPUT FOR IP FILTERING EXAMPLE Chapter 12 - Filters and Rules Rule Default...
  • Page 92 Cyclades-PR1000 Interior Router If an interior router exists in the network, the administrator may decide to use a Default Scope of Permit . In this case, all undesired traffic must be excluded by a rule in the rule list. In Figure 12.5, a conceptual equivalent of the interface is shown.

  • Page 93: Traffic Rule Lists

    Cyclades-PR1000 The configuration for “Stop forged packets” is shown in the following listing: Rules Lists Rule List Name Slot1_in -------------------------------------------------------------------------------- FILTER_LIST NAME: Slot1_in ## PROT OP Source IP Address Destination IP Address 192.168.0.0 Slot1_in, rule 0, prohibits any incoming packets with source IP addresses of the internal network. Since the addresses used for internal networks cannot be routed on the Internet, they cannot be valid unless there is a leak of traffic through another router to the perimeter network.
  • Page 94 Cyclades-PR1000 1 Traffic Shaping (the division of bandwidth is strictly adhered to), 2 Bandwidth Reservation (the division with the larger priority can steal bandwidth from the others), An example showing the first two types is given in figure 12.6. Network of Client A 25% or less of total bandwidth...
  • Page 95 Cyclades-PR1000 An Internet provider has three clients connected to the same router. Client A is larger and without traffic control would overwhelm the router to the exclusion of Clients B and C. The administrator decides to divide the flow out of the router (to the Internet) into three portions: 50% guaranteed for Client A, and the rest divided equally between Clients B and C.
  • Page 96 Cyclades-PR1000 Rules Lists Rule List Name traffic_1 Filter_list Name traffic_1 Rule 0 Status Flow priority Rule bandwidth Bandwidth priority Protocol Source IP Operator Source IP start Source IP Mask Destination IP Operator Source Port Operator Destination Port Operator Chapter 12 - Filters and Rules Rule Default List...
  • Page 97 Cyclades-PR1000 Rule 1 Status Flow Priority Rule bandwidth Bandwidth priority Protocol Source IP Operator Source IP start Source IP Mask Destination IP Operator Source Port Operator Destination Port Operator Rule 2 Status Flow Priority Rule bandwidth Bandwidth priority Protocol Source IP Operator Source IP start Source IP Mask Destination IP...
  • Page 98 Cyclades-PR1000 An example showing the third type of traffic control is given in Figure 12.8. The network administrator wants to prioritize the access to his web server. He also wants to prioritize e-mail sent by his SMTP server, but the priority should be lower.
  • Page 99 Cyclades-PR1000 The configured rules will appear as shown in the following listing. Rules Lists Rule List Rule Default Name Status Scope web_access Enabled Filter_list Name web_access Rule 0 Status Enabled Flow priority Rule bandwidth Bandwidth priority Protocol Source IP Operator None Destination IP None...

  • Page 100: Chapter 13 Ipx (Internetwork Packet Exchange)

    Cyclades-PR1000 CHAPTER 13 IPX (INTERNETWORK PACKET EXCHANGE) IPX is an alternative to IP, proprietary to Novell. When IPX is activated, many new menus appear to allow configuration of this type of network. IP and IPX can both be active in the router simultaneously, and an interface can have both IP and IPX traffic passing through it.

  • Page 101: Enabling Ipx

    Cyclades-PR1000 Enabling IPX The first step is to activate the IPX feature in the router. This is accomplished using the menu option ADMIN =>ENABLE FEATURES => IPX. The IPX protocol must also be activated in the menu CONFIG =>IPX => GENERAL. In this menu, the Internal Network Number (the unique number assigned to the router) and the Maximum Number of Hops must be defined.

  • Page 102: X.25

    Cyclades-PR1000 The parameter Send SAP Update can be set to Demand, Periodic, or None. This parameter affects both SAP and RIP. Periodic causes the router to send these messages every minute, while choosing Demand will cause the router to send messages only when a message request is received. Frame Relay Frame Relay parameters are explained in chapter 8.

  • Page 103: The Sap (Service Advertisement Protocol) Table

    Cyclades-PR1000 The routing table is displayed by the menu option INFO => SHOW ROUTING TABLE => IPX. For the example, and using only the static route created above, the routing table appears as in Figure 13.2. Destination Interface/ Subinterface/ Remote address 00000001 00A0B000 Ethernet...

  • Page 104: Chapter 14 Virtual Private Network Configuration

    Cyclades-PR1000 CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATION The Virtual Private Network utility can be used on any link using IP routing. It is used to provide greater security between two or more networks connected through a public communications network. The basic concepts are presented in Figure 14.1.
  • Page 105 Cyclades-PR1000 An example showing a local security network and two remote security networks is shown in Figure 14.2. The PR1000 in the local security network will be configured step by step. (Which network is considered local and which network is considered remote depends on the router being configured.) STEP ONE The Virtual Private Network Utility must be Enabled in the ADMIN =>ENABLE FEATURES =>VPN menu before it...
  • Page 106 Cyclades-PR1000 LOCAL SECURITY NETWORK IP: 1 RSG3 - Remote Security Gateway Router Link 2 IP: 190.190.190.1 ......PR3000 Router IP Address: 190.190.190.1 FIGURE 14.2 VIRTUAL PRIVATE NETWORK EXAMPLE Chapter 14 - Virtual Private Network Configuration REMOTE SECURITY NETWORK 1 Link 1 IP: 50.50.50.1...
  • Page 107 Cyclades-PR1000 STEP THREE Use the menu item INFO =>SHOW ROUTING TABLE to confirm that the other Remote Security Gateways (RSGs), and all the networks included in the Remote Security Networks, are reachable. In the example, this would require that all of the following appear in RSG3’s routing table: RSG1 router IP address: 9.9.9.1 •...
  • Page 108 Cyclades-PR1000 STEP SIX Now, the Remote Security Networks must be defined. This is done in the CONFIG =>SECURITY =>VPN =>REMOTE IP NETWORKS =>ADD NETWORK menu. The IP address and network mask must be defined for all remote devices to be included in the remote network for VPN communication. The Remote Security Gateway IP address (set in step five) must also be given for each network.

  • Page 109: Appendix A Troubleshooting

    Cyclades-PR1000 APPENDIX A TROUBLESHOOTING What to Do if the Login Screen Does Not Appear When Using a Console. 1 Check the configuration of the terminal. The correct values are given in chapter 2. Is the PC’s COM port enabled? Is the Console cable being used? See Chapter 2 for instructions on which cables go where. 2 Check to see if the router booted correctly.

  • Page 110: What To Do If The Router Does Not Work Or Stops Working

    Cyclades-PR1000 What to Do if the Router Does Not Work or Stops Working. 1 Check that the cables are connected correctly and firmly (see chapter 2, What is in the Box, for correct cable connection information). 2 Confirm that the Link LED is lit, indicating proper Ethernet cable termination. If it is not lit, check both ends of the Ethernet cable and the hub connection.

  • Page 111: Testing The Ethernet Interface

    Cyclades-PR1000 Testing the Ethernet Interface After configuring the Ethernet interface, return to the main menu using the <ESC> key as many times as is necessary. Save the configuration to flash memory (the operating system will ask how to save the configuration on the way back to the main menu).

  • Page 112: Testing The Wan Interface

    Cyclades-PR1000 current values of the interface parameters. Testing the WAN Interface The WAN interface can be tested using ping as described in the previous section. If the ping is not successful, check the routing table to see if a route to the destination exists (INFO =>SHOW ROUTING TABLE). The menu items INFO =>SHOW STATISTICS =>SWAN and INFO =>SHOW STATUS =>SWAN may also provide useful information.
  • Page 113 Cyclades-PR1000 FIGURE A.3 LED PANEL Appendix A - Troubleshooting...

  • Page 114: Appendix B Hardware Specifications

    Cyclades-PR1000 APPENDIX B HARDWARE SPECIFICATIONS General Specifications The Cyclades-PR1000 power requirements and environmental restrictions are listed in Figure B.1. Power Requirements (external DC adapter) Input voltage range Input frequency range Maximum input surge current Power dissipation max. Safety Line Conducted Noise MTBF Output plug Power Requirements (PR1000 case)

  • Page 115: External Interfaces

    Cyclades-PR1000 External Interfaces The WAN Interface The WAN interface is provided on a DB-25 female connector. The pinout diagram is not shown here, as it depends on which protocol (RS-232, V.25 or X.21) is configured. Please see the pinout diagrams for the cables used for each protocol to determine the signals on the interface.

  • Page 116: The Console Interface

    Cyclades-PR1000 The Console Interface FIGURE B.4 CONSOLE INTERFACE - RJ-45 FEMALE Appendix B - Hardware Specifications CONSOLE PORT RS-232 Signal Ground...

  • Page 117: Cables

    Cyclades-PR1000 Cables The Straight-Through Cable Cyclades Router TxClk_DTE TxClk_DCE FIGURE B.5 STRAIGHT-THROUGH CABLE - DB-25 MALE TO DB-25 MALE Appendix B - Hardware Specifications Straight-Through Cable DB-25 Male Signal RxClk DB-25 Male DCE / DTE Signal TxClk_DTE RxClk TxClk_DCE...

  • Page 118: The Db-25 To M.34 Adapter

    Cyclades-PR1000 The DB-25 to M.34 Adapter Female Retention Screw Female Retention Screw FIGURE B.6 DB-25 TO M.34 ADAPTER - DB-25 FEMALE TO M.34 MALE Appendix B - Hardware Specifications DB-25 Female Signal PGnd Male TxD/V.35 (B) Retention TxD/V.35 (A) Screw RxD/V.35 (B) RxD/V.35 (A) TxClk_DTE/V.35 (B)

  • Page 119: The X.21 Modem Cable

    Cyclades-PR1000 The X.21 Modem Cable Cyclades-PR1000 Pin # FIGURE B.6 X.21 MODEM CABLE - DB-25 MALE TO DB-15 MALE Appendix B - Hardware Specifications (DB25) Signal CGND CLK- IND- RxD- CTL- TxD- CLK+ IND+ RxD+ CTL+ TxD+ X.21 Equipament (DB15) Signal Pin # CGND...

  • Page 120: The Loop-Back Connector

    Cyclades-PR1000 The Loop-Back Connector The pin-out diagram for this connector is provided for reference. This connector would only be used for testing the WAN interface. FIGURE B.8 LOOP-BACK CONNECTOR - DB-25 MALE Appendix B - Hardware Specifications...

  • Page 121: Appendix C Configuration Without A Console

    Cyclades-PR1000 APPENDIX C CONFIGURATION WITHOUT A CONSOLE When a terminal or PC is not available for use as a console, the router has a special feature that allows configuration of the Ethernet interface from any PC on the LAN. The router “adopts” the destination IP address of the first non- UDP packet received from the LAN and accepts the connection.

  • Page 122: Index

    Cyclades-PR1000 Bandwidth Reservation 94 Boot Messages 109 Cables 13 with a DB-25 connector 110 Connection to an Internet Access Provider 24 Cyclades ftp site 10 telephones 10 CyROS menus 19 Ethernet testing the interface 111 Flash Memory 21 Frame Relay 33 DLCI 38 Hot Keys esc - moving between menus 21...
  • Page 123 Cyclades-PR1000 Technical Support 10 Telephone Numbers 10 Traffic Rule Lists 93 Traffic Shaping 94 Troubleshooting 109 Using CyROS menus 19 Version of CyROS newest, via ftp 7 of manual newest, via ftp 7 Index...
  • Page 124 Cyclades Australia Phone: +61 7 3279 4320 Fax: +61 7 3279 4393 www.au.cyclades.com Cyclades Philippines Phone: (632) 813-0353 Fax: (632) 655-2610 www.ph.cyclades.com Cyclades UK Phone: +44 1724 277179 Fax: +44 1724 279981 www.uk.cyclades.com Cyclades Corporation 41829 Albrae Street Fremont, CA 94538 - USA Phone: (510) 770-9727 Fax: (510) 770-0355 www.cyclades.com...

Table of Contents

Save PDF