Page 1 RuggedRouter RX1000/RX1100 User Guide RuggedCom Inc. 30 Whitmore Road, Woodbridge, Ontario, Canada L4L 7Z4 Web: www.ruggedcom.com Tel: (905) 856-5288 Fax: (905) 856-1995 Toll Free: (888) 264-0006...
Page 2 OUTER RX1000/RX1100 P Disclaimer RuggedCom Inc. makes no warranty of any kind with regard to this material. RuggedCom shall not be liable for errors contained herein or for consequential damages in connection with the furnishing, performance, or use of this material.
Page 3: About This User Guide
Gauntlet Virtual Polling Controller (VPC) User Manual Gauntlet System Installation Manual Gauntlet System Best Practices RuggedCom using the RuggedCom command line, setup menu and web can be used to support Routing over Ethernet, T1/E1, T3 ROX 1.12.6 software revision. Installation Guide...
Page 4: Document Conventions
Means reader take note. Notes contain helpful suggestions or references to materials not contained in this guide. Helpful Hint This type of note often indicates useful shortcuts or methods employed by other RuggedCom customers. Quick Start Recommendations The following description is included to aid those users experienced with communications equipment that may wish to attempt to configure the router without fully reading the guide.
Page 5 See the chapter “Configuring PPPoE On ADSL” for more details. If you wish to use PPPOE with an external ADSL modem, the Networking menu, Ethernet sub-menu will configure it. RuggedCom About this User Guide If radius...
Page 6 Detection system and the Gauntlet Security Appliance. If you decide to forward daily email summaries you must configure a mail forwarder in the Maintenance menu Miscellaneous sub-menu Outgoing Mail sub-menu. See the chapter You can configure SNMP by following the RuggedCom...
Page 7 36. Should you need to transfer files to or from the router, the Maintenance menu Upload/Download Files sub-menu will be useful. 37. Further concerns such as ensuring robustness, measuring and optimizing performance are dealt with by reading the guide fully. RuggedCom About this User Guide...
Page 8: Table Of Contents
Chapter 2 – Webmin Configuration...39 Introduction...39 Webmin Configuration Menu ...39 IP Access Control ...39 Ports And Addresses ...40 Change Help Server...41 Logging ...41 Authentication ...42 Webmin Events Log ...43 Chapter 3 – Configuring The System...45 Introduction...45 Command Prompt...29 ...32 RuggedCom...
Page 9: Table Of Contents
PPP Logs...66 Current Routes & Interface Table...66 Chapter 6 – Configuring Frame Relay/PPP And T1/E1...67 Introduction...67 T1/E1 Fundamentals...67 Frame Relay...67 Location Of Interfaces And Labeling...68 LED Designations ...68 Included With T1E1...68 T1/E1 ...68 T1/E1 Network Interfaces...69 RuggedCom Table Of Contents...
Page 10 Editing A Logical Interface (Frame Relay) ...87 Editing A Logical Interface (PPP) ...88 DDS Statistics...88 Link Statistics...88 Frame Relay And PPP Interface Statistics...89 DDS Loopback...89 Current Routes & Interface Table...89 Upgrading Software ...89 Chapter 9 – Configuring PPPoE/Bridged Mode On ADSL...91 RuggedCom...
Page 11 Linux® netfilter, iptables And The Shoreline Firewall ...105 Network Address Translation...106 Port Forwarding...107 Shorewall Quick Setup...107 ShoreWall Terminology And Concepts...108 Zones...108 Interfaces...108 Hosts...109 Policy...109 Masquerading And SNAT...110 Rules...111 Configuring The Firewall And VPN...113 Route Based Virtual Private Networking...113 Policy Based Virtual Private Networking...113 RuggedCom Table Of Contents...
Page 12 VPN Networking Parameters...137 Client Configuration...137 Router IPSec Configuration...137 Firewall IPSec Configuration...138 Ethernet Port Configuration...139 Chapter 13 – Configuring Dynamic Routing ...141 Introduction...141 Quagga, RIP and OSPF...141 RIP Fundamentals...141 OSPF Fundamentals...142 Link State Advertisements...142 Key OSPF And RIP Parameters...143 Network Areas...143 RuggedCom...
Page 13 Link Backup Main Menu...160 Link Backup Configuration...160 Edit Link Backup Configuration...161 Link Backup Logs...162 Link Backup Status...162 Test Link Backup...162 Chapter 15 – Configuring VRRP...165 Introduction...165 VRRP Fundamentals ...165 The Problem With Static Routing...165 The VRRP Solution...165 VRRP Terminology...166 RuggedCom Table Of Contents...
Page 14 Interface Status...187 Chapter 19 – Configuring Serial Protocols ...189 Introduction...189 Serial IP Port Features...189 LED Designations ...189 Serial Protocols Applications...190 Character Encapsulation...190 RTU Polling...190 Broadcast RTU Polling...190 Serial Protocols Concepts And Issues...191 Host And Remote Roles...191 Use Of Port Redirectors...191 RuggedCom...
Page 15 NTP Fundamentals ...217 The NTP Sanity Limit ...218 NTP And The Precision Time Protocol Card...218 Included With NTP ...218 NTP Server Main Menu...219 Generic Options...219 Servers Configuration...220 Peers Configuration...220 Viewing The NTP Status...221 Viewing The NTP Log ...221 RuggedCom Table Of Contents...
Page 16 Snort Rules...235 Alerting Methods...236 Performance And Resources...236 Snort IDS Main Menu...236 Global Configuration...236 Interfaces...236 Rulesets...237 Rule Lookup by SID ...238 Network Settings ...238 PreProcessors...238 Alerts & Logging...239 Edit Config File...239 Chapter 26 – Maintaining The Router...240 Introduction...240 Alert System...240 RuggedCom...
Page 17 Installing A New Package...269 Pre-upgrade/Post-upgrade scripts...269 Uploading And Downloading Files...271 Chapter 27 – Security Considerations...272 Introduction...272 Security Actions ...272 Appendix A – Setting Up A Repository ...274 Repository Server Requirements ...274 Initial Repository Setup...274 Upgrading The Repository...275 RuggedCom Table Of Contents...
Page 18 Upgrading Considerations ...276 Appendix B – Downgrading Router Software ...277 Appendix C – Installing Apache Web Server On Windows...278 Appendix D – Installing IIS Web Server On Windows...280 Appendix E – Radius Server Configuration...281 FreeRadius...281 Windows Internet Authentication Service...281 Index...285 RuggedCom...
Page 19: Table Of Figures
Figure 19: Webmin Configuration Menu, Logging...41 Figure 20: Webmin Configuration Menu, Authentication...42 Figure 21: Webmin Events Log...43 Figure 22: Bootup and Shutdown, Part 1...45 Figure 23: Bootup and Shutdown, Part 2...46 Figure 24: System Menu Change Password Command...46 Figure 25: Scheduled Commands...46 RuggedCom...
Page 20 Figure 46: Editing a Boot Time Interface...63 Figure 47: List PPPoE Interfaces...64 Figure 48: Editing a PPPoE Interface...65 Figure 49: Display PPP Logs...66 Figure 50: T1/E1 Trunks And Interfaces...68 Figure 51: T1/E1 Network Interfaces Initial Configuration...69 Figure 52: T1/E1 Network Interfaces After Channel Creation...69 RuggedCom...
Page 21 Figure 73: Edit Logical Interface (Frame Relay), multiple DLCIs...87 Figure 74: Edit Logical Interface (PPP)...88 Figure 75: DDS Link Statistics...88 Figure 76: ADSL Interfaces...93 Figure 77: ADSL WAN Interfaces...93 Figure 78: Edit Logical Interface (PPPoE)...94 Figure 79: Edit Logical Interface (Bridged)...95 RuggedCom...
Page 22 Figure 102: Creating a Static NAT Entry...122 Figure 103: Actions When Stopped...123 Figure 104: IPsec VPN Configuration Menu Before Key Generation ...128 Figure 105: IPsec VPN Configuration Menu Before After Generation ...129 Figure 106: IPsec VPN Configuration After Connections Have Been Created...130 RuggedCom...
Page 23 Figure 126: RIP Global Parameters...154 Figure 127: RIP Interfaces...156 Figure 128: RIP Networks...157 Figure 129: Link Backup Main Menu...160 Figure 130: Link Backup Main Menu...160 Figure 131: Link Backup Configuration...160 Figure 132: Link Backup Configuration...161 Figure 133: Link Backup Log...162 RuggedCom...
Page 24 Figure 154: Frame Relay Trace Menu...184 Figure 155: Serial Server Port Trace Menu...185 Figure 156: Interface Statistics Menu...185 Figure 157: Current Routing & Interface Table...186 Figure 158: Serial Protocols Server Main Menu...192 Figure 159: Assign Protocols Menu...193 Figure 160: Port Settings Menu...193 RuggedCom...
Page 25 Figure 179: NTP Status...221 Figure 180: NTP Log...221 Figure 181: GPS Status...222 Figure 182: GPS Log...222 Figure 183: SSH Server...224 Figure 184: SSH Server Authentication Menu...224 Figure 185: SSH Server Networking...225 Figure 186: SSH Server Access Control...225 Figure 187: IRIGB/1588 Main Menu...230 RuggedCom...
Page 26 Figure 206: Gauntlet Security Appliance Menu...246 Figure 207: System Backup And Restore...247 Figure 208: General Configuration Setup...248 Figure 209: Archive History...249 Figure 210: Archive Backup...249 Figure 211: Archive Backup, Complete...249 Figure 212: Archive Restore Menu...250 Figure 213: Start Restore...250 Figure 214: Archive Differences Menu...251 RuggedCom...
Page 27 Figure 234: Change Repository Server...267 Figure 235: Automatic Upgrade...268 Figure 236: Upgrading All Packages...268 Figure 237: Installing A New Package...269 Figure 238: Upload/Download menu...271 Figure 239: Apache Default Web Page...278 Figure 240: Installing IIS...280 Figure 241: IAS Window - Edit Remote Access Policy...282 RuggedCom...
Page 28 Figure 242: IAS Window - Edit Profile...282 Figure 243: IAS Window – Add Attribute...283 Figure 244: IAS Window – Multivalued Attribute Information...283 Figure 245: IAS Window – Vendor-Specific Attribute Information...283 Figure 246: IAS Window – Configure VSA (RFC compliant)...284 RuggedCom...
Page 29: Chapter 1 - Setting Up And Administering The Router
Chapter 1 – Setting Up And Administering The Router Introduction This chapter familiarizes the user with the RuggedCom Serial Console interface, the RuggedRouter describes the following procedures: Running the Setup Script Signing on the Web Interface Signing on to the Command Prompt...
Page 30: Accessing The Ruggedrouter Command Prompt
Figure 1: RuggedRouter Setup Main Menu The shell provides a number of configuration commands, described below. Configuring Passwords The Change Passwords command changes the rrsetup and root account passwords. These passwords should be changed before installing the router on the network. Command Prompt RuggedCom...
Page 31: Configuring Ip Address Information
The Set Hostname command sets the hostname, shown in shell prompts and Web Management. Configuring Radius Authentication The Set Radius Authentication command configures the address of a Radius server, if available. RuggedCom Chapter 1 – Setting Up And Administering The Router...
Page 32: Enabling And Disabling The Ssh And Web Server
Upon disabling the services, the titles in the main menu will change to Enable SSH and Enable Web Management to reflect the disabled state. Enabling a service automatically restarts it. RuggedCom...
Page 33: Enabling And Disabling The Gauntlet Security Appliance
Configuring The Date, Time And Timezone The Set The Date, Time And Timezone command allows these parameters to be set. Figure 7: RuggedRouter Date/Time/Timezone Menu Once set, the router will account for Daylight Savings time. RuggedCom Chapter 1 – Setting Up And Administering The Router...
Page 34: Displaying Hardware Information
RuggedRouter User Guide Displaying Hardware Information The Display Hardware Information command describes commissioned hardware. Figure 8: RuggedRouter Hardware Information Menu RuggedCom...
Page 35: Restoring A Configuration
Figure 10: Selecting a previously made configuration Once a configuration is selected the archive will be restored. After the configuration is restored, the router will reboot immediately. RuggedCom Chapter 1 – Setting Up And Administering The Router...
Page 36: The Ruggedrouter Web Interface
RuggedRouter User Guide The RuggedRouter The RuggedCom Web interface is provided by an enhanced version of the popular Webmin interface. Using a Web Browser to Access the Web Interface Start a web browser session and open a connection to the router by entering a URL that specifies its hostname or IP address (e.g.
Page 37: Figure 12: Ruggedrouter Web Interface Main Menu Window
Webmin. The menu system entries are composed of the Webmin, System, Servers, Networking and Maintenance menus. The Webmin Menu provides the ability to: RuggedCom Chapter 1 – Setting Up And Administering The Router...
Page 38: Using The Led Status Panel
Backup and restore configurations, Configure SNMP access, Configure Radius Authentication, View system logs, Upgrade the software of the router, Upgrade the router type to RX1100, Upload/Download files to and from the router. Using The LED Status Panel Figure 13: LED Status Panel RuggedCom...
Page 39: Obtaining Chassis Information
The chassis displays the hardware inventory at boot time. This information is captured in the /var/log/messages file after boot. The Web Management interface home page displays the chassis serial number. RuggedCom Chapter 1 – Setting Up And Administering The Router...
Page 40: Chapter 2 - Webmin Configuration
But Webmin will provide access to any client that provides the correct password, rendering it vulnerable to brute force attacks. The best way of addressing this problem is to restrict access to specific IP addresses or subnets. By default, IP access control allows all IP addresses to access Webmin. RuggedCom...
Page 41: Ports And Addresses
Webmin to listen on the local interface. By default, Webmin listens on TCP port 10000 for clients. It is possible to change this default behaviour. Change Help Server Figure 18: Webmin Configuration Menu, Change Help Server RuggedCom Chapter 2 – Webmin Configuration...
Page 42: Logging
The Clear logfiles every...hours field causes Webmin to rotate its own logs and keep them from overfilling the disk with old logs. Currently, the Log actions by all users field should be left selected. The Log changes made to files by each action field causes verbose logging and should be left enabled. RuggedCom...
Page 43: Authentication
If the Log blocked hosts, logins and authentication failures to syslog field is selected, warning messages will be added to the syslog. Enabling the Enable session authentication field, activating “Auto-logout after..” will cause an individual administrators session to be logged out after the specified period. RuggedCom...
Page 44: Webmin Events Log
RuggedRouter User Guide Webmin Events Log Figure 21: Webmin Events Log This menu allows you to search the Webmin log for changes made by yourself or other administrators. RuggedCom...
Page 45 Chapter 2 – Webmin Configuration This page intentionally blank RuggedCom...
Page 46: Chapter 3 - Configuring The System
If you really want the router to remain powered but permanently inactive, you must issue the shutdown, connect a terminal to the serial port, wait for the router to enter the shutdown shell and issue a CTRL-C. Once again, if you accidentally shutdown the router it will restart after five minutes. RuggedCom...
Page 47: Change Password Command
This command changes only the root account password used to login to Webmin and the root account via the serial console or SSH. Scheduled Commands Figure 25: Scheduled Commands This menu allows you to schedule a command to run in the future. RuggedCom Chapter 3 – Configuring The System...
Page 48: Figure 26: Scheduled Commands Displaying A Command
Finally, enter the command to execute in the Commands to execute field. Note that the command will remain scheduled after reboot. After the command is entered, the Scheduled Commands menu will display any commands and allow you cancel them. Figure 26: Scheduled Commands Displaying a Command RuggedCom...
Page 49: Scheduled Cron Jobs
The Active radio button at the top of the menu temporarily disables the job. After selecting the Create button, the Scheduled Cron Jobs menu will display the job. Figure 29: Scheduled Cron Jobs menu displaying cron jobs RuggedCom...
Page 50: System Hostname
This menu provides a method to set the time and timezone of the router. Note: Changing the system may confuse protocols such as OSPF and RIP, which depend upon an accurate system time. If you use OSPF or RIP, changing the time from this menu will restart them. This page intentionally blank RuggedCom...
Page 51: Dummy Interface
Select the End To End Backup icon to configure an end to end backup connection. Select the Current Routing & Interface Table icon to view the routing table. The Apply Configuration button serves to restore the permanently saved changes and restart Ethernet networking. RuggedCom Chapter 4 – Configuring Networking...
Page 52: Core Settings
ICMP ECHO request packets if their destination address is a broadcast address. The Syncookie Protection field corresponds to the kernel tcp_syncookie setting. Setting Syncookie Protection to “yes” will cause the kernel to protect against SYN flood attacks. Dummy Interface Figure 34: Dummy Interface RuggedCom...
Page 53: Manually Entered Static Routes
Use the Save button below the table to change the default gateway setting. Configured Static Routes This table configures static and host routes. RuggedCom Chapter 4 – Configuring Networking...
Page 54: Manually Entered Static Routes
Routes” link will make the route permanent. Note: There are situations where manually entered routes should not be converted, e.g. routes dynamically added by IPsec and GRE tunnels. Making these routes permanent may cause the daemons that add them to fail. RuggedCom...
Page 55: Static Multicast Routing
The Comment field shows the current status of the the routing. The Note field below the table shows current active interfaces. In order to start Multicast routing at each and every boot, you must enable it via the System folder, Bootup And Shutdown menu. RuggedCom...
Page 56: Dns Client
If connectivity to the target is lost from the primary interface, traffic is migrated to the secondary interface. When connectivity is restored on the primary path, traffic will be restored to it. Figure 39: End To End Backup Example RuggedCom...
Page 57 1, the second router's gateway will still point towards Network A after a failure of the primary path. Packets from router 1 would reach router 2 through the secondary, but the responses would disappear in the black hole of the failed path. RuggedCom...
Page 58: Configuring End To End Backup
Current Routing & Interface Table This menu displays the current routing table and the state of the router's interfaces. Consult the Network Utilities chapter for details of this menu. RuggedCom...
Page 59: Chapter 5 - Configuring Ethernet Interfaces
Configuring PPPoE Ethernet Interface Fundamentals RuggedCom manufactures dual Ethernet Interface boards in a variety of formats. Some (most notably the optical interfaces) have the same outward appearance but different order numbers. A complete set of descriptions is displayed on the console during boot and can be found after boot in the file /var/cache/ruggedrouter/inventory.
Page 60: Ruggedrouter Functions Supporting Vlans
The name is “pppX”, where X is 10 plus the native Ethernet interface the PPPoE is created upon (e.g. a PPPoE on eth1 is ppp11). Supported Comments Netkey (policy based VPNs) supports VLAN Klips (route based VLANs) do not support VLAN Both OSPF and RIP support VLAN RuggedCom...
Page 61: Ethernet
The entries in this table can also be used to temporarily disable or re-enable an interface. The Boot Time Configuration table router allows you make changes to the “permanent” configuration of any interface. RuggedCom Chapter 5 – Configuring Ethernet Interfaces...
Page 62: Editing Currently Active Interfaces
The Proxy ARP fields display whether the interface has proxy-arp activated. The Media Type field displays the current media type. Copper interfaces may be configured to Auto-negotiable, 10 BaseT Half Duplex, 10 BaseT Full Duplex, 100 BaseT Half Duplex and 100 BaseT Full Duplex modes. RuggedCom...
Page 63: Virtual Interfaces
4094. The vlan id will be changed automatically as 4 digits (prefixed with 0) if the input is less than 4 digits. For example, if the input is 2, it will be automatically changed to 0002. Edit Boot Time Interfaces Figure 46: Editing a Boot Time Interface RuggedCom Chapter 5 – Configuring Ethernet Interfaces...
Page 64: Pppoe On Native Ethernet Interfaces
The Interface Name field shows created PPPoE interfaces and provides a link to edit the existing configuration or create a new one. The MTU, Use Peer DNS and Default Route fields are the configured information for PPPoE interfaces. The Status field shows the current PPPoE link status. RuggedCom...
Page 65: Edit Pppoe Interface
MTU and use whatever it considers to be the default. The Save button will update all of the changes. The current PPPoE link will be connected. The Delete button will delete the PPPoE interface, closing the current PPPoE link. RuggedCom...
Page 66: Ppp Logs
This is mainly useful when trying to debug a PPP connection problem. Current Routes & Interface Table The table provided by this command is as described in the Networking menu, Network Utilities sub-menu. It is also provided here as a convenience. RuggedCom...
Page 67: Chapter 6 - Configuring Frame Relay/Ppp And T1/E1
DTE and switching packets between connections. The DTE raises individual connections and sends data on them. When using a T1/E1 line to access a public Frame Relay provider, configure the Router as a DTE. RuggedCom Chapter 6 – Configuring Frame Relay/PPP And T1/E1...
Page 68: Location Of Interfaces And Labeling
T1E1 includes wanpipemon, a utility that can capture traces from the T1E1 line. T1/E1 Figure 50: T1/E1 Trunks And Interfaces This menu allows you to display and configure T1 or E1 Trunks as well as display the routes and status of the network interfaces. RuggedCom...
Page 69: T1/E1 Network Interfaces
The resultant menus will allow you select the desired channel. If you are assigning multiple DLCIs, assign the first DLCI used by that interface and configure the Frame Relay Link Parameters and that DLCIs network parameters. RuggedCom Chapter 6 – Configuring Frame Relay/PPP And T1/E1...
Page 70: Naming Of Logical Interfaces
This property is desirable since interface names used by features such as OSPF, RIP and the firewall can rely on the interface name. Channel re-assignments can, however, lead to a non-intuitive relationship between channels and timeslots. Editing A T1/E1 Interface Figure 54: Edit T1 Interface RuggedCom...
Page 71: T1 Settings
E1 Settings The Framing and Line Decoding fields for E1 reflect the European variants. The Clocking field performs the same function as that described for T1. RuggedCom Chapter 6 – Configuring Frame Relay/PPP And T1/E1...
Page 72: Editing A Logical Interface (Frame Relay)
“Request”, EEK messages are sent every EEK Timer x T391 seconds. This timer may be configured from 1 to 100 periods in duration. Your network provider will inform you of what is proper for these parameters. RuggedCom...
Page 73: Frame Relay Dlcis
Editing A Logical Interface (PPP) Figure 56: Edit Logical Interface (PPP) The Local Address, Netmask, Remote Address, Default Gateway and Description fields are as described in the previous section. RuggedCom Chapter 6 – Configuring Frame Relay/PPP And T1/E1...
Page 74: T1/E1 Statistics
YEL (Yellow Alarm) – This alarm is transmitted to the network and alerts it that a failure has been detected. OOF (Out of Frame) – This alarm signifies the occurrence of a particular density of framing error events. This alarm could signify that the wrong framing mode is configured. RuggedCom...
Page 75: Frame Relay Interface Statistics
Chapter 6 – Configuring Frame Relay/PPP And T1/E1 Frame Relay Interface Statistics Figure 58: Frame Relay Statistics Note that the Frame Relay Trunk Statistics and Frame Relay Trunk Communications Errors tables are common to all Frame Relay DLCIs on the trunk. RuggedCom...
Page 76: Ppp Interface Statistics
RuggedRouter User Guide PPP Interface Statistics Figure 59: PPP Link Statistics RuggedCom...
Page 77: T1/E1 Loopback
If the remote equipment is able to loop, the entire T1/E1 line can be verified. If the remote router is another RuggedCom router, a starting a line loopback will verify both cards and the line. This router will display the count of loopback frames as they arrive.
Page 78: Current Routes & Interface Table
Note: The upgrade process requires upwards of 15 minutes for each PCI interface card. Because of the lengthy duration required to upgrade the interfaces, RuggedCom does not automatically perform the firmware upgrade. Instead, the scheduling of the upgrade is left to the user.
Page 79: Chapter 7 - Configuring Frame Relay/Ppp And T3
The RuggedRouter also indicates information about T3 ports on the LED Panel. A pair of LEDs will indicate traffic and link status of the port. Consult the section “Using The LED Status Panel” to determine which LEDs correspond to the port. RuggedCom Chapter 7 – Configuring Frame Relay/PPP And T3...
Page 80: T3 Configuration
Webmin names the logical interfaces for you (but allows you to provide a description). All interfaces start with a “w” to identify them as wan interfaces, followed by the interface number. The next part of the identifier is either “ppp” or “fr” and the frame relay DLCI number. RuggedCom...
Page 81: Editing A T3 Interface
DLCIs. The second table provides configuration parameters for individual DLCIs. After the first DLCI has been configured, revisiting that DLCI will display a menu that allows additional DLCIs to be configured. RuggedCom Chapter 7 – Configuring Frame Relay/PPP And T3...
Page 82: Editing A Logical Interface (Ppp)
Frame Relay/PPP And T1/E1 chapter with the exception that T3 provides only AIS, LOS, OOF and YEL alarms. Current Routes & Interface Table The table provided by this command is as described in the Networking menu, Network Utilities sub-menu. It is also provided here as a convenience. RuggedCom...
Page 83: Upgrading Software
If T3 port was upgraded in this way, the upgrade would fail as the T3 link was taken down. Instead, T3 software upgrades modify only the software on the disk. You must schedule a reboot in order to run the new version of T3 software. RuggedCom...
Page 84 RuggedRouter User Guide This page intentionally blank RuggedCom...
Page 85: Chapter 8 - Configuring Frame Relay/Ppp And Dds
CSU manages electrical levels, isolation and provides loopback to the TELCO. RuggedCom DDS port provides an integrated DTE, DSU and CSU. Location Of Interfaces And Labeling Unlike the Ethernet ports (which are statically located), the location of T1/E1, DDS and ADSL ports in your router depends upon the number of ports and how they were ordered.
Page 86: Dds Configuration
Refresh this page link to update to the current status. The menu will change after assignment of a logical interface, providing links to logical interface and link statistics. Figure 71: DDS WAN Interfaces after logical interface assignment RuggedCom...
Page 87: Naming Of Logical Interfaces
Figure 73: Edit Logical Interface (Frame Relay), multiple DLCIs The fields and buttons in this menu are the same as those described in the Editing A Logical Interface (Frame Relay) section of the Configuring Frame Relay/PPP And T1/E1 chapter. RuggedCom Chapter 8 – Configuring Frame Relay/PPP And DDS...
Page 88: Editing A Logical Interface (Ppp)
Link Statistics are provided through the “View Link Statistics” link at the bottom of each interface table. Frame Relay and PPP statistics are available through “(Statistics)” links under the interface name column of each interface table. Link Statistics Figure 75: DDS Link Statistics RuggedCom...
Page 89: Frame Relay And Ppp Interface Statistics
The remote equipment must be able to loop, allowing the entire entire line to be verified. If the remote equipment is another RuggedCom router, starting a line loopback will verify both cards and the line. DDS has no standard for performing digital loopback.
Page 90 RuggedRouter User Guide This page intentionally blank RuggedCom...
Page 91: Chapter 9 - Configuring Pppoe/Bridged Mode On Adsl
As your PPPoE connection is established a PPP interface will be created. The name will be “pppX” where X is the same as the interface number. Use this interface name in firewall rules. RuggedCom Chapter 9 – Configuring PPPoE/Bridged Mode On ADSL...
Page 92: Authentication, Addresses And Dns Servers
ADSL card itself and the LED Panel. Four LEDs are associated with the line, next to the interface jack. Power (Green) indicates when the card is active and powered. Link (Green) indicates when the DSL link is established. RuggedCom...
Page 93: Adsl Configuration
This menu presents connection statuses but does not update them in real time. Click on the Refresh this page link to update to the current status. Editing A Logical Interface (PPPoE) Figure 78: Edit Logical Interface (PPPoE) RuggedCom Chapter 9 – Configuring PPPoE/Bridged Mode On ADSL...
Page 94: Editing A Logical Interface (Bridged)
MTU and use whatever it considers to be the default. Note: If the negotiated MTU is different from the requested MTU, a warning will be displayed on the Networking, ADSL menu. Editing A Logical Interface (Bridged) Figure 79: Edit Logical Interface (Bridged) RuggedCom...
Page 95: Adsl Statistics
Internet service provider. The Gateway IP Address field defines the IP address to use as the gateway for sending to other sites. This is usually the same as the Remote IP Address. ADSL Statistics Figure 80: ADSL Link Statistics RuggedCom...
Page 96: Current Routes & Interface Table
If ADSL was upgraded in this way, the upgrade would fail as the ADSL link was taken down. Instead, ADSL software upgrades modify only the software on the disk. You must schedule a reboot in order to run the new version of ADSL software. RuggedCom...
Page 97: Chapter 10 - Configuring Ppp And Modem
PPP-Link will be green when the modem PPP link is established. It will flash while a connection is being established, or a console dial in session is active. PPP-Data will flash green when there is traffic on the PPP link. RuggedCom Chapter 10 – Configuring PPP and Modem...
Page 98: Modem Main Menu
PPP link at all times, and hence block incoming calls most of the time. Enabling the PPP Client at the same time as the Dial-in Console and/or PPP Server is not recommended. RuggedCom...
Page 99 Country Code selects which country's dialing system to work with. If this is not set correctly the modem might not be able to dial or connect. Speaker Volume controls how load the modem speaker is. Speaker Mode controls whether the speaker on the modem is on or off. RuggedCom...
Page 100: Modem Ppp Client Connections
If this is your primary connection you probably want this option enabled. The Use peer DNS checkbox enables automatically setting the DNS server entries that the PPPoE server recommends. Enable this option unless you provide your own name servers. RuggedCom...
Page 101: Modem Ppp Server
Add. To change a password, enter the username and new password, and click Add and the password will be updated on the existing entry. Modem Incoming Call Logs Figure 86: Incoming Call Logs RuggedCom Chapter 10 – Configuring PPP and Modem...
Page 102: Modem Ppp Logs
This page shows the latest log entries for incoming calls. This is mainly useful when trying to debug a problem with establishing incoming connections. Modem PPP Logs Figure 87: PPP Logs This page shows the PPP logs. This is mainly useful when trying to debug a PPP connection problem. RuggedCom...
Page 103: Modem Ppp Connection Logs
Current Routes & Interface Table The table provided by this command is as described in the Networking menu, Network Utilities sub-menu. It is also provided here as a convenience. RuggedCom Chapter 10 – Configuring PPP and Modem...
Page 104 RuggedRouter User Guide This page intentionally blank RuggedCom...
Page 105: Chapter 11 - Configuring The Firewall
The netfilter system is an interface built into the Linux kernel that allows the IP network stack to provide access to packets. RuggedCom Chapter 11 – Configuring The Firewall...
Page 106: Network Address Translation
NAT can be used in static and dynamic modes. Static NAT masks the private IP addresses by translating each internal address to a unique external address. Dynamic NAT translates all internal addresses to one (or more) external address(es). RuggedCom...
Page 107: Port Forwarding
6) If your network interface IP is statically assigned, configure Source Network address Translation (SNAT). If a sufficient number of IP addresses are provided by the ISP, static NAT can be employed instead. RuggedCom Chapter 11 – Configuring The Firewall...
Page 108: Shorewall Terminology And Concepts
If an interface supports more than one subnet, place the interface in zone 'Any' and use the zone hosts setup (see below) to define a zone for each subnet on the interface. An example follows: Interface Zone eth1 eth2 eth3 eth4 w1ppp RuggedCom...
Page 109: Hosts
Internet you would need to add a policy of ACCEPT fw zone to net zone. Drop (ignore) all connection requests from the Internet to your firewall or local network, and Reject all other connection requests. RuggedCom Chapter 11 – Configuring The Firewall policy is also installed that blocks access IP Address or Network 10.0.0.0/8...
Page 110: Masquerading And Snat
IP is assigned to the modem. Internet clients will not be able to determine the router's public address unless some form of dynamic dns is employed. ddress are present. Address Protocol Ports 66.11.180.161 66.11.180.161 100.1.101.16 100.1.101.16 tcp smtp RuggedCom...
Page 111: Rules
The remaining fields of a rule are as described below: Action Source-Zone Destination-Zone Protocol Destination-Port RuggedCom Chapter 11 – Configuring The Firewall The action as described in the previous table. The zone the connection originated from. The zone the connection is destined for. The tcp or udp protocol type.
Page 112: Configuring The Firewall And Vpn
A method of limiting outbound traffic from the firewall to a specific user, group of users and a specific application. Destination-Zone Protocol Dest- loc:192.168.1.3 icmp icmp Source- Original- Port Port Destination-IP ssh, http http 130.252.100.69 RuggedCom...
Page 113: Ruggedcom
If the firewall is to pass the VPN traffic through to another device (e.g. a VPN device in a DMZ) then establish a DMZ zone and install the following rules. ACCEPT ACCEPT ACCEPT ACCEPT ACCEPT ACCEPT RuggedCom Chapter 11 – Configuring The Firewall Subnet IPsec Zone? 192.168.1.0/24 0.0.0.0/0...
Page 114: Firewall Main Menu
If the firewall starts cleanly, the menu appearance will change to that of the figure below. In order to start the firewall at each and every boot, you must enable it via the System folder, Bootup And Shutdown menu. RuggedCom...
Page 115: Figure 90: Shorewall Firewall Menu
Stopping the firewall will not disable it. Disable the firewall via the System folder, Bootup And Shutdown menu. The “Show Status” button presents a variety of information summarizing the status of the firewall and routing system. The “Check Firewall” button tests the current configuration to ensure it is valid. RuggedCom...
Page 116: Network Zones
Note that if you delete a zone you should remove any rules that reference it. Note: There must be exactly one zone of type firewall. You may also make changes by manually editing the zone file. Network Interfaces Figure 92: Firewall Network Interfaces Do not delete this zone. RuggedCom...
Page 117: Figure 93: Editing A Firewall Network Interfaces
+RST and FIN+URG+PSH; these flag combinations are typically used for “silent” port scans. Packets failing these checks are logged according to the TCP_FLAGS_LOG_LEVEL option in /etc/shorewall/shorewall.conf and are disposed of according to the TCP_FLAGS_DISPOSITION option. RuggedCom Chapter 11 – Configuring The Firewall...
Page 118: Network Zone Hosts
Selecting the IPSEC zone Host Option field will identify that the traffic to host in this zone is encrypted. The Save and Delete buttons will allow you to edit or delete the zone host. You may also make changes by manually editing the policy RuggedCom...
Page 119: Default Policies
The Limit field is the steady state rate and is of the form “X/sec” or “X/min” where X is the number of allowed rule followings. The Burst field denotes the largest permissible burst and defaults to five if not configured. Masquerading Figure 97: Firewall Masquerading And SNAT RuggedCom Chapter 11 – Configuring The Firewall...
Page 120: Firewall Rules
Move field. Clicking on a link under the Action field will allow you to edit or delete the rule, as shown below. You may also make changes by manually editing the rule file. Figure 100: Editing A Firewall Rule RuggedCom...
Page 121: Static Nat
The Rule applies to user set fields allow advanced users to match the rule against specific users and groups. This matching only takes place when the source of the traffic is the firewall itself. Static NAT Figure 101: Static NAT RuggedCom Chapter 11 – Configuring The Firewall...
Page 122: Actions When Stopped
INTERFACE column should undergo NAT. The Active for firewall system field is used to specify whether packets originating from the firewall itself and destined for the EXTERNAL address are redirected to the internal ADDRESS. Actions When Stopped Figure 103: Actions When Stopped RuggedCom...
Page 123 Add field. Reorder the translations by clicking on the arrows under the Move field. Clicking on a link under the Interface field will allow you to edit or delete the rule, as shown below. You may also make changes by manually editing the rule file. RuggedCom...
Page 124 RuggedRouter User Guide This page intentionally blank RuggedCom...
Page 125: Chapter 12 - Configuring An Ipsec Vpn
IPSec headers, old IP header and IP payload. Tunnel mode is most commonly used between gateways, the gateway acting as a proxy for the hosts behind it. Policy Vs Route Based VPNs The RuggedRouter supports two main modes of VPN: policy and route based VPN. RuggedCom Chapter 12 – Configuring An IPsec VPN...
Page 126: Supported Encryption Protocols
The public key is made public while the private key is kept secret. Messages can then be sent by anyone who knows the public key to the holder of the private key. Only the owner of the private key can decrypt the message. RuggedCom...
Page 127: X509 Certificates
IPSec relies upon the following protocols and ports: protocol 51, IPSEC-AH Authentication Header (RFC2402), protocol 50, IPSEC-ESP Encapsulating Security Payload (RFC2046), UDP port 500. RuggedCom Chapter 12 – Configuring An IPsec VPN...
Page 128: The Openswan Configuration Process
The new menu appearance will resemble that of the following menu with the exception that you will be warned that VPN networking is not enabled. Enable VPN networking via the System folder, Bootup And Shutdown menu. Figure 105: IPsec VPN Configuration Menu Before After Generation RuggedCom...
Page 129: Preshared Keys
Select the IPsec Status icon to display information about the server's capabilities and any current connections.. After a VPN connection is created this menu will include a “Start Connection” button that can start or restart VPN connections. This button is shown in the next view of the VPN Configuration menu. RuggedCom...
Page 130: Server Configuration
If the Default field is selected, Openswan will use its current default (Default route interface at the time of writing) to associate the named ipsec interface with. If the Listed below.. field is selected, Openswan will establish the real to ipsec interfaces listed. RuggedCom...
Page 131: Public Key
Select the links under the “Remote Address” column to edit or delete a secret key. The menu will not allow more than one entry to have a specific pair of IP addresses. The menu will not allow a password shorter than eight characters in length. RuggedCom Chapter 12 – Configuring An IPsec VPN...
Page 132: List Certificates
RSA signatures at each peer. These two sections are identical and are described once. IPsec VPN Connection Details Figure 111: Editing A VPN Connection, Part 1 The Connection name field associates a name with the connection. Do not embed whitespace in the name. RuggedCom...
Page 133 The Perfect Forward Secrecy fields will enable PFS, causing keys to be exchanged in a manner which provides attackers that have compromised a key with no advantage in decoding previously intercepted packets or with subsequent packets. Not all clients support PFS. RuggedCom...
Page 134: Left/Right System's Settings
Configuration menu, Current Routing & Interface Table icon . A default route will be indicated by a “default” in the Destination column. Export Configuration Selecting the “Export Configuration” button provides a means to capture the connection specification in such a way as to be importable at the remote router. RuggedCom...
Page 135: Showing Ipsec Status
VPN devices. This is also frequently referred to as the Phase 1 parameters, because the key exchange process is the first thing to occur in establishing a VPN. RuggedCom Chapter 12 – Configuring An IPsec VPN...
Page 136: Ipsec X.509 Roaming Client Example
Ensure that the the Certificate Authority generates certificates with a reasonable life and generates keys of at least 1024 bits in length. w1ppp vpn@xyz.com Internet Remote Gateway 192.168.17.3 (10.0.1.1) Laptop (IPSec Client) RuggedCom...
Page 137: Generate X.509 Certificates
Visit the Server Configuration menu and associate the ipsec0 interface with the desired interface the connection will arrive on (here w1ppp). Create a connection for the clients. Set the parameters as follows: RuggedCom Chapter 12 – Configuring An IPsec VPN...
Page 138: Firewall Ipsec Configuration
NAT firewall. Router's side Address or hostname .. (IP of public gateway) Default Certificate File (router.pem) Default Laptop1 side Automatic Default Assign IP based on client from within this subnet Entered below (%cert) Derive identity from incoming certificate Default RuggedCom...
Page 139 Chapter 12 – Configuring An IPsec VPN This page intentionally blank RuggedCom...
Page 140: Chapter 13 - Configuring Dynamic Routing
For fast convergence and recovery, OSPF is a much better choice. RIP is a fairly old routing protocol and has mostly been superseded by OSPF. RuggedCom...
Page 141: Ospf Fundamentals
Note: OSPF areas must be designed such that no single link failure will cause the network to be split into two disjoint networks. RuggedCom Chapter 13 – Configuring Dynamic Routing...
Page 142: Router-Id
Routes for subnets which are directly connected to the router but are not part of the OSPF area or RIP network can be advertised if “redistribute connected” is enabled in the OSPF or RIP Global Parameters. Static routes and other routes handled by the kernel can also be redistributed if redistribute kernel is enabled. RuggedCom...
Page 143: Link Detect
Ethernet links, packets on subnets native to the wan will still be forwarded via Ethernet because of cost. If antispoofing is enabled, the packet will be discarded at the peer OSPF router. RuggedCom Chapter 13 – Configuring Dynamic Routing...
Page 144: Administrative Distances
By default the distances for a connected interface is 0 and for a static route is 1. By default, OSPF will set an administrative distance of 110 and RIP will set a distance of 120. be disabled in the Network Configuration menu, RuggedCom...
Page 145: Ospf And Vrrp Example Network
Router 2 take over the virtual IP. The virtual IP used as the gateway is 1.1.2.254. Each router also has its own IP on the network so that each can be reached individually. RuggedCom Chapter 13 – Configuring Dynamic Routing 2.2.2.254 1.1.1.6...
Page 146: Dynamic Routing
The Core menu configures link related items such as link-detect and link cost. The RIP and OSPF menu configure these protocols for each interface. Enable Protocols Figure 117: Enable Protocols Menu This menu enables RIP and OSPF for dynamic routing. RuggedCom...
Page 147: Core
By default it uses the highest IP assigned to an interface on the router. It is recommended that this value be set to a unique fixed IP on each router. Core Interface Parameters Figure 120: Core Interface Parameters RuggedCom Chapter 13 – Configuring Dynamic Routing...
Page 148: View Core Configuration
The Link Detect field controls core's link detect feature on the interface. When link detect is enabled, routes through the interface will only be advertised to other routers when the link is up. This option is usually desirable. View Core Configuration This menu shows the current configuration file for the Core interfaces. RuggedCom...
Page 149: Ospf Interfaces
The OSPF Global Parameters, OSPF Interfaces and Network Areas menus configure OSPF. The Status and View OSPF Configuration menu display the actual status and configuration file contents of OSPF. OSPF Global Parameters Figure 122: OSPF Global Parameters RuggedCom Chapter 13 – Configuring Dynamic Routing...
Page 150 The Redistribute Connected fields control distribution of connected routes. When enabled, OSPF will advertise routes to directly connected interfaces to other OSPF routers in the area. Normally only routes that fall within the scope of the network areas will be advertised. RuggedCom...
Page 151: Ospf Interfaces
This value must match on all router interfaces in an area. The Dead Interval field controls how long to wait for hello packets before declaring another router dead. This should normally be set to 4 times the hello interval. The Retransmit Interval field controls the delay between retransmissions. RuggedCom...
Page 152: Ospf Network Areas
The status of each interface is shown, the current database, the current OSPF neighbors and the current OSPF routing table. View OSPF Configuration This menu shows the current configuration file of OSPF. Figure 125: RIP Menu This menu contains the configuration and status of RIP on the router. RuggedCom...
Page 153: Rip Global Parameters
RIP network. The Default Metric field sets the default metric to be used for RIP routes which don't have another metric specified. The Distance field sets the administrative distance to use for all routes unless overridden by other distance settings. RuggedCom...
Page 154: Rip Key Chains
A key consists of a key string, which is the value used for authentication. It also has the optional lifetime to accept RIP messages with the key, and the optional lifetime to send RIP messages with that key. RIP Interfaces Figure 127: RIP Interfaces RuggedCom...
Page 155: Rip Networks
OSPF. RIP Networks Figure 128: RIP Networks Neighbors are specific routers with which to exchange routes using the RIP protocol. This can be used when you want to explicitly control which routers are part of your RIP network. RuggedCom...
Page 156: Rip Status
This status menu shows various pieces of information about the current RIP status. The status of each interface is shown, the current database, the current RIP neighbors and the current RIP routing table. View RIP Configuration This menu shows the current configuration file of RIP. RuggedCom...
Page 157 Chapter 13 – Configuring Dynamic Routing This page intentionally blank RuggedCom...
Page 158: Chapter 14 - Configuring Link Backup
In this way, failures of network links within the cloud are discovered. It is essential that the host always respond to the ping. Another option is to configure a dummy address within the router and ping that address. Figure 129: Link Backup Main Menu RuggedCom...
Page 159: Use Of Routing Protocols And The Default Route
This menu displays existing main:backup link relationships. Following the links under the Name field to an existing pair will edit them or adds a new one. The Apply Configuration button will apply changes by restarting the link backup daemon. RuggedCom Chapter 14 – Configuring Link Backup...
Page 160: Edit Link Backup Configuration
The Main path up timeout field specifies the number of seconds the main trunk must have returned to service before stopping the backup trunk. You may delete a link backup configuration through the Delete button. RuggedCom...
Page 161: Link Backup Logs
The test link backup menu tests a link backup by discarding all data received on the main interface. This convinces the daemon that the main trunk is unusable and forces it to fail over to the backup trunk. RuggedCom Chapter 14 – Configuring Link Backup...
Page 162 Add to this a time that will allow time to navigate the webmin menus to observe that Link Backup status, link states, and routing are all as expected before, during, and after the Link Backup test. RuggedCom...
Page 163 Chapter 14 – Configuring Link Backup This page intentionally blank RuggedCom...
Page 164: Chapter 15 - Configuring Vrrp
VRRP Terminology Each physical router running VRRP is known as a VRRP Router. Two or more VRRP Routers can be configured to form a “Virtual Router”. Each VRRP Router may participate in one or more Virtual Routers. RuggedCom...
Page 165: Figure 136: Vrrp Example
If a monitored interface goes down, a master router will immediately signal an election and allow a backup router to assume mastership. RuggedCom Remote Router 1 Router 2 1.1.1.200...
Page 166 These unsolicited ARPs teach the hosts and switches in the network of the current MAC address and port associated with the VRIP. The router will issue a second set of ARPs after the time specified by the Gratuitous ARP delay. RuggedCom...
Page 167: Vrrp Main Menu
Set the Router Name field to supply an identification of the router for VRRP logs. This field initially defaults to the current hostname. The VRRP instances under the Name column define virtual IP groups. Clicking on a link will allow you to edit that instance. RuggedCom Chapter 15 – Configuring VRRP...
Page 168: Editing A Vrrp Instance
VRID. Both an IP address and appropriate subnet mask must be provided for each gateway. The Save button saves the virtual instance. The Delete button deletes the virtual instance. After you save or delete an instance you must restart the daemon to action your change. RuggedCom...
Page 169: Viewing Vrrp Instances Status
The entries under the VRRP Interface State column reflect the link state of the interface that the instance runs upon. The entries under the Monitored Interface State column reflect the link state of the monitored interface or “none” if an interface is not configured. RuggedCom...
Page 170: Chapter 16 - Configuring Traffic Prioritization
It is possible to match on source and destination IP address/mask pairs, source and destination port numbers and protocols. The 0.0.0.0/0 address/mask matches any IP address. Protocols that can be matched upon include tcp, udp, icmp, ospf, vrrp and ipsec. RuggedCom...
Page 171: Tos Prioritization
Included With Traffic Prioritization Your RuggedRouter software includes the priostats command line utility, which can be used to show cummulative and one second interval statistics in a format similar to those of the GUI. RuggedCom Chapter 16 – Configuring Traffic Prioritization TOS Bits...
Page 172: Prioritization Example
Finally, note that the final traffic filter essentially suppresses TOS inspection by directing all unmatched traffic onto the “low” queue. RuggedCom...
Page 173: Traffic Prioritization Main Menu
You are not allowed to reorder queues in a way that violates the priority implicit in their name. The Transmit Queue Length Selector allows you to make a tradeoff between latency and performance. RuggedCom Chapter 16 – Configuring Traffic Prioritization...
Page 174: Prioritization Queues
Normally there is only one queue, the transmit queue, and packets are transmitted from it in the order in which they arrived. The transmit queue is a means of enhancing performance. Prioritization favors some packets over others by transmitting them with preference. RuggedCom...
Page 175: Prioritization Statistics
RuggedCom recommends that the transmit queue length be left at its minimum default value of 1. Higher values, however, may strike a balance between latency an performance.
Page 176: Chapter 17 - Configuring Generic Routing Encapsulation
Router2 becomes available, the tunneled packets will flow through the lowest cost route. You can optionally restrict the packets by specifying the local egress device (in the case of router1, w1ppp). w1ppp 172.19.20.21 172.16.17.18 w2ppp Router 2 192.168.2.1 eth2 192.168.2.0/8 RuggedCom...
Page 177: Gre Main Menu
The Local Egress Port configures a port to bind the tunnel to. If set, tunneled packets will only be routed via this port and will not be able to escape to another device when the route the to endpoint changes. RuggedCom Chapter 17 – Configuring Generic Routing Encapsulation...
Page 178 RuggedRouter User Guide This page intentionally blank RuggedCom...
Page 179: Chapter 18 - Network Utilities
The upper part leads to menus providing more configurable options for these commands. Additionally, Ethernet, WAN and Serial port tracing is provided. A summary of interface statistics and the current routing table is provided. RuggedCom Chapter 18 – Network Utilities...
Page 180: Ping Menu
This can make ping behave very slowly if DNS is not properly configured. The Use ICMP instead of UDP? field causes traceroute to probe with ICMP packets. The How many Hops? field limits the maximum number of hops that traceroute will attempt to map. RuggedCom...
Page 181: Host Menu
Frame Relay or Serial server interfaces. Tcpdump A Network Interface Figure 153: Tcpdump Menu The Interface to capture on field specifies the interface to show traffic on. RuggedCom Chapter 18 – Network Utilities...
Page 182: Frame Relay Link Layer Trace A Wan Interface
The Maximum packets captured and Maximum capture time fields limits the amount of traffic captured. Serial Trace A Serial Server Port Figure 155: Serial Server Port Trace Menu The Trace on ports fields specify the serial port to show traffic on. RuggedCom...
Page 183: Interface Statistics Menu
The difference is not a real time rate in bytes or packets per second. Note that detailed statistics for T3, T1/E1, DDS and ADSL are available within the menus that configure those interfaces. RuggedCom...
Page 184: Current Routing & Interface Table
The entries under the ToS field reflect the ToS value a packet must match to be routed by this route. The entries under the Weight field reflect the relative bandwidth or quality of this link within a multi-path route. Note that multi-path routes are shown with multiple lines for a single destination. RuggedCom...
Page 185: Interface Status
The entries under the MTU field reflect the Maximum Transmission Unit size for the interface. The entries under the Txqueuelen field reflect the transmit queue length for the interface. RuggedCom...
Page 186 RuggedRouter User Guide This page intentionally blank RuggedCom...
Page 187: Chapter 19 - Configuring Serial Protocols
Tracing Serial Port activity Serial IP Port Features RuggedCom Serial IP provides you with the following features: Raw Socket Protocol -A means to transport streams of characters from one serial port on the router, to a specific remote IP address and TCP port.
Page 188: Serial Protocols Applications
The host equipment connects via a serial port to a RuggedRouter. Up to 32 remote RuggedRouters may connect to the host server via the network. Initially, the remote servers will place connections to the host server. The host server in turn is configured to accept the required number of incoming connections. RuggedCom...
Page 189: Serial Protocols Concepts And Issues
If configured to packetize on a specific character, the server will examine each received character and will packetize and forward upon receiving the specific character. The character is usually a <CR> or an <LF> character but may be any ASCII character. RuggedCom Chapter 19 – Configuring Serial Protocols...
Page 190: Use Of Turnaround Delays
If any of your serial ports are configured as RawSocket protocol, this menu will configure them. The Serial Protocols Statistics menu will show you the status and statistics for any established sessions. The Line Trace menu will provide a line activity trace for the serial ports. RuggedCom...
Page 191: Assign Protocols Menu
This menu configures the serial settings and electrical protocol associated with a serial port. Changes are made immediately. RawSocket Menu Figure 161: Raw Socket Menu This menu configures the Raw Socket settings for each port. Changes are made immediately. RuggedCom Chapter 19 – Configuring Serial Protocols...
Page 192 The Remote IP field configures the address used when placing an outgoing connection. The Remote Port field selects the TCP destination port used in outgoing connections. The Local Port field selects the local TCP port to use to accept incoming connections. RuggedCom...
Page 193: Serial Protocols Statistics Menu
This is usually symptomatic of a remote peer that uses a higher baud rate or local flow control. RuggedCom Chapter 19 – Configuring Serial Protocols...
Page 194: Serial Protocols Trace Menu
Note: Specifying large numbers of ports, entries and capture times can result in a great deal of output. Specifying a large capture time may require the web page to wait that interval if activity is infrequent. RuggedCom...
Page 195: Serial Protocols Sertrace Utility
66 6f 78 20 6a 75 6d 70 65 64 20 6f 76 65 72 20 74 68 65 20 6c 61 7a 79 20 64 6f 67 10:56:47.545 TCPCONN Tx Data from port 1 44b to 10.0.10.236 4991:50002 RuggedCom Chapter 19 – Configuring Serial Protocols the quick brown...
Page 196 RuggedRouter User Guide This page intentionally blank RuggedCom...
Page 197: Chapter 20 - Configuring Goose Tunnels
(with MAC source and destination addresses intact) to the network as GOOSE packets. IEC61850 recommends that the MAC destination address should be in the range 01:0c:cd:01:00:00 to 01:0c:cd:01:01:ff. RuggedCom Chapter 20 – Configuring GOOSE Tunnels...
Page 198: Layer 2 Tunnels Main Menu
The GOOSE Tunnels and GOOSE Statistics menu configures and display statistics for these tunnels. The Activity Trace menu will provide a protocol trace. When enabled, any configuration changes may be made to take effect by selecting the Restart Layer 2 Tunnels daemon button. RuggedCom...
Page 199: General Configuration Menu
This menu configures a GOOSE tunnel. The Ethernet Interface field configures suitable (i.e. VLAN eligible) interfaces to listen for GOOSE frames upon. You may set this field to “none” if the intent is simply to relay network packets. RuggedCom Chapter 20 – Configuring GOOSE Tunnels...
Page 200: Goose Statistics Menu
The Continuous Display button will cause the browser to continuously reload the page showing the differences in statistics from the last display. The difference is not a real time rate in bytes or packets per second. Activity Trace Menu Figure 169: Activity Trace Menu RuggedCom...
Page 201 Specifying large numbers of ports, entries and capture times can result in a great deal of output. Specifying a large capture time may require the web page to wait that interval if activity is infrequent. RuggedCom Chapter 20 – Configuring GOOSE Tunnels...
Page 202 RuggedRouter User Guide This page intentionally blank RuggedCom...
Page 203: Chapter 21 - Configuring The Dhcp Server
The meaning of each option is the same in each case, while the type of target determines which clients it applies to. RuggedCom Chapter 21 - Configuring The DHCP server...
Page 204 NetBIOS scope: The NetBIOS scope the client should use. Time offset: The offset from a time server the client should be using. Custom options allows you to add additional DHCP options required by a client. BOOTP and Dynamic DNS related options include: RuggedCom...
Page 205: Option 82 Support With Disable Nak
See the documentation of the client to determine what values are required by the client for special options. RuggedCom Chapter 21 - Configuring The DHCP server...
Page 206: Example Dhcp Scenarios And Configurations
The switch port 1 is connected to the router while its ports 2 through 8 provide DHCP relay support. The switch has its DHCP relay server address set to router's address 192.168.1.1. The switch has all ports in VLAN 1. The switch base MAC address is 00:0A:DC:11:22:00. RuggedCom...
Page 207: Multiple Subnets On Separate Vlans Using Option82 On One Switch
12) Set the remote id to the switch MAC address (00:0A:DC:11:22:00 in this case). 13) Set the circuit id to the switches circuit id identifier to the port (00:01:00:02 for VLAN 1 port 2 on a RuggedCom switch). 14) Click 'Create'. 15) Click 'Save'.
Page 208 18) Set the remote id to the switch MAC address (00:0A:DC:11:22:00 in this case). 19) Set the circuit id to the switches circuit id identifier to the port (00:02:00:02 for VLAN 2 port 2 on a RuggedCom switch). 20) Click 'Create'. 21) Click 'Save'.
Page 209: Dhcp Server Main Menu
The Start Server button starts the server to check the configuration. To permanently enable DHCP you should enable it in the bootup and shutdown menu. The Apply Changes button applys new settings to the running DHCP server. Use this after making any changes to the configuration. RuggedCom...
Page 210: Dhcp Shared Network Configuration
The Network name field is a unique name to assign to the shared network. It could be the name of the interface the shared network is on, for example. Within a shared network you can great subnets, hosts, and groups of hosts. RuggedCom...
Page 211: Dhcp Subnet Configuration
The Subnet description field is used to describe the subnet as desired. The Network address and Netmask fields of the subnet help to specify the span of assigned addresses. Within a subnet you can great hosts, groups of hosts, and address pools. RuggedCom...
Page 212: Dhcp Group Configuration
Within a group you can create hosts. DHCP Host Configuration Figure 174: DHCP Host Configuration The Host description field is used to describe the host as desired. The Host name field is the unique name to refer to the host within the DHCP configuration. RuggedCom...
Page 213: Dhcp Pool Configuration
The Clients to allow/deny field can be used to control which clients can get IP address from the pool. See documentation for dhcpd3 for syntax and allowed values. Very rarely needed. The Allow unknown clients setting already handles the most common use of this option. RuggedCom...
Page 214: Chapter 22 - Configuring Ntp
UDP offers. The NTP protocol uses port UDP port 123. Note that if your router employs a firewall and acts as a client it must open UDP port 123. Additionally, if the router acts as a server the firewall must allow connection requests on port 123 as well. RuggedCom...
Page 215: The Ntp Sanity Limit
NTP daemon about its current state and to request changes in that state. The ntptrace utility is a utility trace a chain of NTP servers back to the primary source. The ntp-keygen utility can be used to generate secure public keys for authentication. RuggedCom Chapter 22 – Configuring NTP...
Page 216: Ntp Server Main Menu
Set the Broadcast Client option to “Yes” if you wish to act on NTP broadcast messages. The default multicast address used for NTP is 224.0.1.1. Select a custom multicast address with the Custom address field if you wish to use a different addresses. RuggedCom...
Page 217: Servers Configuration
This menu allows you to enter and edit peers. Peers are NTP servers of the same stratum as the router, and are useful when contact is lost with the hosts in the NTP servers menu. The per-peer configuration information is as described in the previous menu. RuggedCom Chapter 22 – Configuring NTP...
Page 218: Viewing The Ntp Status
Viewing The NTP Status Figure 179: NTP Status The NTP Status menu displays possible sources and currently used reference clocks Viewing The NTP Log Figure 180: NTP Log The NTP Log menu displays the log of recent NTP events. RuggedCom...
Page 219: Viewing The Gps Status
GPS module. The Tracked Satellite Status table shows the ID and signal strength of tracked satellites. Viewing The GPS Log Figure 182: GPS Log The GPS Log menu displays the log of recent GPS events. RuggedCom Chapter 22 – Configuring NTP...
Page 220: Chapter 23 - Configuring Ssh
Your RuggedRouter software includes scp, an SSH utility to perform secure copying of files and directories over the network. If you decide to create you own user accounts, the ssh-keygen utility can be used to populate the account with SSH keys. RuggedCom...
Page 221: Ssh Main Menu
The Allow RSA authentication field specifies whether pure RSA authentication is allowed. If this is set to “No”, users will always need to enter their password even if their public key has been set up. RuggedCom Chapter 23 – Configuring SSH...
Page 222: Networking
TCP connections to machines on the RuggedRouter's network. The Allow connection to forwarded ports field specifies whether remote hosts on the client network are allowed to connect to ports forwarded for the client. Access Control Figure 186: SSH Server Access Control RuggedCom...
Page 223 The account selector ( The Deny users and Deny members of groups fields specify users and groups to deny connections to. RuggedCom Chapter 23 – Configuring SSH ) button can be user to build up a list of allowable users.
Page 224: Chapter 24 - Configuring Irigb And Ieee1588
Ethernet. The RuggedRouter provides a special hardware assisted PTP capability as provided by the RuggedCom PTP card. When used in conjunction with the cards Global Positioning System (GPS) receiver, the router can provide nanosecond accuracy via IEEE1588.
Page 225: Synchronizing Ntp From Ieee1588
The signal can be used to synchronize intelligent devices to a high quality time source, called the reference clock. The router uses a global positioning satellite (GPS) receiver, NTP or the router's local clock as the reference clock. RuggedCom Chapter 24 – Configuring IRIGB And IEEE1588...
Page 226: Reference Clocks
Please note that cable characteristics varies from one manufacturer to the other. Dielectric Type Solid Polyethylene Foam Polyethylene (FE) Foam Polystyrene (FS) Air Space Polyethylene (ASP) Solid Teflon (ST) Air Space Teflon (AST) Time Delay in ns/m (ns/ft) 4.62 (1.54) 3.81 (1.27) 3.36 (1.12) 3.45-3.63 (1.15-1.21) 4.38 (1.46) 3.39-3.60 (1.13-1.20) RuggedCom...
Page 227: Irigb/Ieee1588 Main Menu
The Cable Compensation field specifies the value, in nanoseconds, that will be used to compensate for the cable type and length. The compensation is done using integer nanosecond values. Fractional decimal values will be truncated. RuggedCom Chapter 24 – Configuring IRIGB And IEEE1588...
Page 228: Irigb Configuration
The Treat NTP sync'd grandmaster as stratum field assigns the stratum number when grandmaster clock synchronized with remote NTP server but not GPS. The Treat Local Clock sync'd grandmaster as stratum field assigns the stratum number when grandmaster clock synchronized with local clock but not NTP server or GPS. RuggedCom...
Page 229: Irigb Status
The current local time on the router, the IEEE1588 status, IEEE1588 and UTC time, the offset from master in seconds, the master IP/MAC address and grandmaster MAC address are provided. RuggedCom Chapter 24 – Configuring IRIGB And IEEE1588...
Page 230: Irigb Log
RuggedRouter User Guide IRIGB Log Figure 193: IRIGB GPS Status This page reflects reference clock changes in IRIG-B. RuggedCom...
Page 231 Chapter 24 – Configuring IRIGB And IEEE1588 This page intentionally blank RuggedCom...
Page 232: Chapter 25 - Configuring The Snort Ids
Alerting Methods Alerts generated by snort are stored by one of three methods; as local syslog messages, remotely sylogged messages and in an alert file. When the local syslog method is chosen, the destination log file may be selected. RuggedCom...
Page 233: Performance And Resources
Interfaces Figure 195: Snort Main Menu part 2 The Interfaces section selects the interfaces snort will monitor. You must restart snort after changing interfaces. RuggedCom Chapter 25 – Configuring The Snort IDS and cve.mitre.org. These provide more in depth...
Page 234: Rulesets
It is possible to add your own rule, or one obtained from the open source community (e.g. www.bleedingsnort.com). Rule Lookup by SID The Look Up Rule button accepts a SID and displays its rule. You may elect to disable the rule or learn more information about it. Network Settings Figure 198: Snort Network Settings RuggedCom...
Page 235: Preprocessors
Preprocessors perform a variety of transformations to make it easier for snort to classify packets. The configuration of preprocessors is beyond the scope of this user guide. Alerts & Logging Figure 200: Snort Alerts RuggedCom Chapter 25 – Configuring The Snort IDS...
Page 236: Edit Config File
Edit Config File Snort is extremely flexible and not all capabilities have been described in this user guide. This menu provides the user with the ability to make raw configuration changes to the snort configuration file from within Webmin. RuggedCom...
Page 237: Chapter 26 - Maintaining The Router
Any active alerts with Renotify Interval set to non-zero value and matches with the filter level will be forwarded to the defined forwarder destination. Alert Menu Figure 201: Alert Main Menu RuggedCom Chapter 26 – Maintaining The Router...
Page 238: Alert Definition Configuration
The Default Filter Level for Command Line configures the lowest alert level to show when user login by console or ssh. The Save button saves all changes of general configuration. The Create New Filter button allows you to create a new forwarder filter for active alerts. RuggedCom...
Page 239: Alert Filter Configuration
The Create New Definition button allows you to create a user defined alert definition entry. Click on one of the link under the Codepoint column allows you to change the configuration for that alert definition entry. RuggedCom Chapter 26 – Maintaining The Router...
Page 240: Change Alert Definition
Shell. The Sample Interval configures how often should the system run configured shell command to get a sample. The Command configures the shell command to run. The Comparator configures how to compare with the shell command result. RuggedCom...
Page 241 The Falling Threshold configures the value that will trigger an event when the value of the variable decreases past this value. The Startup configures the condition that will cause the initial event. RuggedCom...
Page 242: Gauntlet Security
"loc". The following instructions assume those names. The gauntlet daemon requires rules for certain ports (shown below) to be installed. Contact RuggedCom support for assistance if you wish to reassign these ports. 1. Visit the Shorewall Network Zones sub-menu and create the net and loc IPv4 zones.
Page 243: Gauntlet Status Menu
The order of rules is significant. Rules inserted before this set will not be protected by Gauntlet. Any rule appearing after the gauntlet chain rules will automatically be ignored. Consult with RuggedCom support for assistance. If you want to grant SSH access to the router, replace "10000" in the last rule with "22,10000".
Page 244: Backup And Restore
A factory defaults file is included. Note the following caveats: Chassis specific items such as serial number, hardware inventory and MAC addresses are not saved, Log and history files are not saved, Information stored in the root and user accounts are not saved. RuggedCom...
Page 245: General Configuration
Export Method is SCP. The Show Router SSH Key link will display the ssh public key for this router, which can be used in the configuration server to accept SCP from the router. The Server/Path Option field specifies the configuration server hostname (or IP address) and the directory in which to save archives. RuggedCom...
Page 246: Archive History
The input box above the Start Backup button shows the candidate archive file name, which can be changed by user. Starting the backup results in the following display. Figure 211: Archive Backup, Complete RuggedCom...
Page 247: Archive Restore
Click on one of the links under Archive Name to start the restore. Starting the restore results in the following display. Figure 213: Start Restore To begin the restoring process, click the Start Restore button. Archive Difference Tool Figure 214: Archive Differences Menu RuggedCom Chapter 26 – Maintaining The Router...
Page 248: Figure 215: Archive Differences List
The difference will be shown by two methods. The difference between the two targets will be first be shown in a side by side scrollable comparison. The difference will also be shown in a window that shows differing lines. RuggedCom...
Page 249: Snmp Configuration
“traps”. Traps are unacknowledged UDP messages and may be lost in transit. SNMP V2 adds the ability to notify via “informs”. Informs simply add acknowledgment to the trap process, resending the trap if it is not acknowledged in a timely fashion. RuggedCom Chapter 26 – Maintaining The Router...
Page 250: Snmp Configuration Main Menu
The System name, System location, System contact, and System description fields configure descriptive parameters for the router. Network Addressing Configuration For reference, the set of currently configured and active IP addresses is listed near the the top of the page. Figure 219: Network Addressing Configuration page, Client Address RuggedCom...
Page 251: Access Control
IP address or range (e.g. 10.0.0.0/24) from which access to this community name may be made. The OID field further restricts access to an Object Identifier (OID) tree at or below a specified OID. RuggedCom...
Page 252: Figure 222: Access Control Page, Snmp V3
Note that if authentication and privacy are both used, but only the authentication passphrase is provided, snmpd will use the authentication passphrase as the privacy passphrase. Note also that if any notifications are enabled, a read-only user named internal will be automatically created to satisfy the requirements of the event MIB. RuggedCom...
Page 253: Trap Configuration
The Type field specifies the exchange used with this destination, either V1 trap, V2c trap or V2c inform. The IP address and Trap Community fields specifies the receivers IP address and community name. Figure 225: Trap Destinations V3 RuggedCom...
Page 254: Mib Support
The MIB module for managing TCP implementations. The MIB module for managing IP and ICMP implementations. The MIB module for managing UDP implementations. The SNMP Management Architecture MIB. The MIB for Message Processing and Dispatching. The management information definitions for the SNMP User-based Security Model. RuggedCom...
Page 255: Radius Authentication
The radius server providing the WEBMIN service must also be configured to supply a “privilege-level” field which will be used in upcoming releases to provide operator levels of privilege. See the appendix on Radius Server Configuration for more information. Helpful Hint RuggedCom Chapter 26 – Maintaining The Router...
Page 256: Radius Authentication Configuration
The Shared Secret field configures the unique password used by this server. The time Timeout field selects the maximal time to wait before trying the next server. The Service field configures whether the server authenticates LOGIN, WEBMIN, PPP LOGIN or any combination of these types. RuggedCom...
Page 257: Outgoing Mail
The Hostname field specifies the hostname to be written into the email header upon transmission. Helpful Hint You can generate emails from scheduled commands and scripts with “(echo "To: ops@myco"; echo -e "Subject: Hello!\n"; some-command) | sendmail -t”. RuggedCom Chapter 26 – Maintaining The Router...
Page 258: Chassis Parameters
System alarms will be generated for out-of-range parameters and watchdog initiated reboots. Description Motherboard temperature Redundant 3.3V power supply voltages Redundant 3.3V power supply voltages 5V power supply voltage 12V power supply voltage Battery voltage RuggedCom...
Page 259: System Logs
(such as web management or ssh). critical – This log catches reports of critical failures. There should never be any messages in this log. Your RuggedCom support representative may ask you to inspect this file.
Page 260: Remote Logging
“Add a new system log” link on the System Logs sub-menu. Finally, you may forward all information to the remote logger by creating a new system log entry and specifying “All” Facilities and all priorities, and checking the Syslog server on field with an appropriate address. RuggedCom...
Page 261: Upgrade System
Manually initiated installs of new packages for testing purposes. RuggedRouter Software Fundamentals You may be required to upgrade the router in order to take advantage of new features, security improvement and bug repairs. RuggedCom Chapter 26 – Maintaining The Router...
Page 262: When A Software Upgrade Requires A Reboot
Automatic Upgrade It can be programmed to check a server on your network at a specific time each day, upgrading to the newest release. RuggedCom understands that some administrators may wish to pre-test package upgrades on specific machines before performing a network wide upgrade.
Page 263: Upgrade To Rx1100
If you configure this field with a major/minor/patch release number such as “rr1.7.2”, the router will only upgrade from that release. The Bandwidth Limiting selector allows you to select the bandwidth available for upgrading software. RuggedCom Chapter 26 – Maintaining The Router...
Page 264: Automatic Upgrading
You will be requested to start a Webmin only upgrade. Webmin will start another program to manage the upgrade and will self- terminate. Webmin will automatically restart after the upgrade completes, after which time you may log back in. RuggedCom...
Page 265: Installing A New Package
“View Log File of Last Upgrade” button on the Software Upgrade System page. Example of a post-upgrade script: The following post-upgrade script will send an email notification when upgrade completes (assuming ssmtp is configured properly). #!/bin/bash echo "Subject: Software upgrade for Release rr1.9.0 on `hostname` completed" > /tmp/mail echo "To: controlcenter@ruggedcom.com" >> /tmp/mail echo "Software upgrade for Release rr1.9.0 on `hostname` completed at `date`" >> /tmp/mail echo >> /tmp/mail cat /tmp/mail | ssmtp controlcenter@ruggedcom.com rm f /tmp/mail RuggedCom Chapter 26 –...
Page 266: Uploading And Downloading Files
You may specify the files path directly or click on the browse button to open a file search dialog box. Select the file to upload and close the dialog box. Then click the Upload to your host button. RuggedCom...
Page 267: Chapter 27 - Security Considerations
11.If using a firewall, configure and start the firewall before attaching the router to the public network. Configure the firewall to accept connections from a specific domain. 12. Configure remote system logging to forward all logs to a central location. RuggedCom Chapter 27 – Security Considerations...
Page 268 RuggedRouter User Guide This page intentionally blank RuggedCom...
Page 269: Ruggedcom
This host must be able to act as a web server or ftp server. The host must also be able to access the RuggedCom web site in order to download new releases of software from RuggedCom.
Page 270: Upgrading The Repository
User Guide Upgrading The Repository RuggedRouter releases are obtained from the RuggedCom web site as ZIP files. Download the ZIP file to your regular and/or test release directories and unzip them. You may delete the original ZIP file if desired.
Page 271: Upgrading Considerations
Administrators should also be wary of routers which concentrate locally connected routers as the upgrade bandwidth consumed on the network link could reach the sum of all bandwidth limiting settings. Routers using Frame Relay with CIR under-subscription may also encounter lengthier downloads because of retransmission. RuggedCom...
Page 272: Appendix B - Downgrading Router Software
The release process involves the following steps: 1. The downgrade image file is downloaded from RuggedCom to a web server. 2. The router to downgrade is attached via one of its Ethernet ports to the web server (either directly or via a network), configured and tested.
Page 273: Appendix C - Installing Apache Web Server On Windows
A number of customers have asked for advice and instructions on setting up a web server on Windows. RuggedCom recommends the Apache web server, because it is secure, robust, easy to install and configure as well as being able to be installed on a wide variety of Windows platforms.
Page 274 User Guide Return to the web browser used earlier to verify Apache and refresh the screen. It should now reflect the contents of your RuggedRouter release directory. You should now be able to perform an upgrade from a router. RuggedCom...
Page 275: Appendix D - Installing Iis Web Server On Windows
Visit the router you wish to upgrade and visit the Maintenance menu, Upgrade System sub-menu. Click on the Change Server button and set the Repository Server field (e.g. http:// 192.168.0.1/ruggedcom). Set the Release Version field to rr1. Save the configuration and return to the Maintenance menu. Set the Only show which packages would be upgraded radio button to No and click on the Upgrade Now button to start the upgrade.
Page 276: Ruggedcom
Specific field, “privilege-level”, which is used by Webmin to assign assign specific capabilities to Webmin users on a per user basis. Currently, the only privilege-level is that of “root”, but RuggedCom will be introducing additional levels in upcoming releases. FreeRadius The following steps to add Vendor-Specific attributes to the freeradius radius server.
Page 277: Ruggedcom
3. Double click the policy name you created, In the popup window, click Edit Profile... button. Figure 241: IAS Window - Edit Remote Access Policy 4. In Edit Profile window, Click Add... button Figure 242: IAS Window - Edit Profile RuggedCom Appendix E – Radius Server Configuration...
Page 278: Figure 243: Ias Window - Add Attribute
7. In the Vendor-Specific Attribute Information window, select radio button Enter Vendor Code, and input 15004 to the editbox. Select the radio button Yes, It conforms and click the button Configure Attribute... Figure 245: IAS Window – Vendor-Specific Attribute Information RuggedCom...
Page 279: Figure 246: Ias Window - Configure Vsa (Rfc Compliant)
2; in the Attribute format listbox, select String, in the Attribute value editbox, input the desired privilege level (in the above case, it is operator, in your case, currently you should input root). Figure 246: IAS Window – Configure VSA (RFC compliant) RuggedCom...
Page 280: Index
Fundamentals...205 Option 82 Support...207 DNS...56 Downgrading Router Software...277 Dummy Interface...52 Email... Configuring SMTP...260 End To End Backup...56 Ethernet Interfaces... Active...62 Boot Time ...63 Proxy ARP...62 Virtual ...63 Firewall... Fundamentals...105 Frame Relay... End to End Keepalive...73 Introduction...67 Link Failure...72 N391...72 RuggedCom...
Page 281 Lookup By Host file...56 Modem PPP...101 PPPoE...95 T1/E1 Frame Relay...73 Virtual Ethernet...63 Web Access Control...39 Web Browser Address...35 IPV6 Support...52 IRIGB... Output Formats...228 Reference Clocks...229 Kernel Settings... icmp_echo_ignore_all...52 icmp_echo_ignore_broadcasts...52 rp_filter...52 tcp_syncookie...52 LED Status Panel ...37 LEDs... ADSL Ports...92 DDS Ports...85 RuggedCom Index...
Page 282 Active vs Passive Interfaces...143, 153, 156 Administrative Distances...145 Antispoofing...145 Areas...143 Authentication...144, 153 Hello And Dead Intervals...143, 153 Link Costs...144, 149, 151 Link Detect...144, 149 Link State Advertisements...142 Neighbours...142 Operation With VRRP...146 Redistributing Routes...144 Passwords... Changing from Webmin...46 Changing through setup menu...30 Default...28 PPPoE... RuggedCom...
Page 283 IP Access Control...39 SSH Access Control...225 Webmin listening address ...40 Webmin Password...46 Serial Numbers...38 Sertrace...197 Services... Enabling and Disabling from setup menu...31 Enabling And Disabling from Webmin...45 Shell, Accessing through... Console port...29 SSH ...29 Shutdown...45, 49 SSH... Access Control ...225 RuggedCom Index...
Page 284 Virtual Lan Interfaces... Adding...63 Supported Functions...60 VPN... Configuring...125 Connections ...132 Encryption Protocol ...126 Fundamentals...125, 141, 142 NAT Traversal...131 Policy Vs Route Based...126 Preshared Keys...131 Public Key ...131 Server Configuration...130 Showing Status...135 VRRP... Fundamentals...165 keepalived...165 wanpipemon...184 Web Interface...35 Web Server...280 RuggedCom...

This manual is also suitable for:

Ruggedrouter rx1100

RuggedCom RuggedRouter RX1000 User Manual

Chapter 1 - Setting up and Administering the Router

Chapter 2 - Webmin Configuration

Chapter 3 - Configuring the System

Chapter 4 - Configuring Networking

Chapter 5 - Configuring Ethernet Interfaces

Chapter 6 - Configuring Frame Relay/Ppp and T1/E1

Chapter 7 - Configuring Frame Relay/Ppp and T3

Chapter 8 - Configuring Frame Relay/Ppp and DDS

Chapter 9 - Configuring Pppoe/Bridged Mode on ADSL

Chapter 10 - Configuring PPP and Modem

Chapter 11 - Configuring the Firewall

Quick Links

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for RuggedCom RuggedRouter RX1000

Summary of Contents for RuggedCom RuggedRouter RX1000