Allied Telesis AR 300 AT-AR300 AT-AR300 Release Manual
  1. Manuals
  2. Brands
  3. Allied Telesis Manuals
  4. Network Router
  5. AR 300 AT-AR300 AT-AR300
  6. Release manual
Allied Telesis AR 300 AT-AR300 AT-AR300 Release Manual

Allied Telesis AR 300 AT-AR300 AT-AR300 Release Manual

Software release 2.3.1
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Software Release 2.3.1
For Rapier Switches,
AR300 and AR700 Series Routers, and
AR800 Series Modular Switching Routers
S i m p ly c o n n e c t i n g t h e wo r l d
Introduction ...................................................................................................... 2
Hardware Platforms .......................................................................................... 2
Rapier i Series ............................................................................................. 2
Hot Swapping Network Service Modules .................................................... 3
Software Features ............................................................................................. 5
NSM Hot Swap Software Support ..................................................................... 6
Domain Name Server Enhancements ................................................................. 7
DNS Caching .............................................................................................. 7
Server Selection .......................................................................................... 8
Automatic Nameserver Configuration ......................................................... 9
Telnet Server Port Number ................................................................................ 9
Triggers for Ethernet Interfaces ......................................................................... 9
ENCO Channels .............................................................................................. 10
IP Security (IPsec) Source Interface and Enhancements ..................................... 11
OSPF on Demand ............................................................................................ 12
Paladin Firewall Enhancements ........................................................................ 14
Interface-based NAT ................................................................................. 14
Rule-based NAT ........................................................................................ 14
Time Limited Rules ................................................................................... 15
New Command Syntax ............................................................................. 15
Web Redirection with Reverse NAT Rules .................................................. 18
Further Examples ...................................................................................... 19
SHOW Output .......................................................................................... 21
Paladin Firewall HTTP Application Gateway (Proxy) .......................................... 21
Firewall HTTP Proxies and Firewall Policies ................................................. 22
HTTP Filters .............................................................................................. 22
Firewall Policy Debugging ......................................................................... 25
VRRP Port Monitoring ..................................................................................... 26
Border Gateway Protocol 4 (BGP-4) ................................................................. 28
Internet Protocol (IP) ................................................................................. 29
IP and Interface Counters ................................................................................ 29
Telephony (PBX) Functionality .......................................................................... 33
Bandwidth Limiting ......................................................................................... 34
Errata: Telnet Server ........................................................................................ 34
DISABLE TELNET SERVER .......................................................................... 34
ENABLE TELNET SERVER ........................................................................... 35
SHOW TELNET .......................................................................................... 35
Installation ...................................................................................................... 35

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the AR 300 AT-AR300 AT-AR300 and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Allied Telesis AR 300 AT-AR300 AT-AR300

Summary of Contents for Allied Telesis AR 300 AT-AR300 AT-AR300

  • Page 1: Table Of Contents

    Software Release 2.3.1 For Rapier Switches, AR300 and AR700 Series Routers, and AR800 Series Modular Switching Routers Introduction ... 2 Hardware Platforms ... 2 Software Features ... 5 NSM Hot Swap Software Support ... 6 Domain Name Server Enhancements ... 7 Telnet Server Port Number ...

  • Page 2: Introduction

    Introduction Allied Telesyn International announces the release of Software Release 2.3.1 on the AR300 and AR700 Series routers, Rapier Series layer 3 switches, and AR800 Series modular switching routers. This release note describes software features that are new since Software Release 2.2.2. It should be read in conjunction with the Quick Install Guide, Quick Start Guide, User Guide, Hardware Reference and Software Reference for your router or switch.

  • Page 3: Hot Swapping Network Service Modules

    Software Release 2.3.1 Hot Swapping Network Service Modules In routers and switches that have NSM bays, this release allows the following NSMs to be hot swapped, so that they can be installed and uninstalled without powering down the entire router or switch: AT-AR040 NSM with 4 PIC slots (NSM-4PIC) AT-AR041 NSM with 8 BRI S/T WAN ports (NSM-8BRI) AT-AR042 NSM with 4 BRI S/T WAN Ports (NSM-4BRI)
  • Page 4 files, feature licences and other files. (If this happens, FLASH memory may need to be cleared completely, leaving no functioning software to run the router.) Hot swap an NSM out of an NSM bay Follow these steps to hot swap an NSM, or PICs in an NSM-4PIC, out of an NSM bay.

  • Page 5: Software Features

    Software Release 2.3.1 Software Features The following features are available on all routers and switches supported by this release, unless otherwise stated: Major features NSM Hot Swap software support for models with NSM bays (“NSM Hot Swap Software Support” on page 6) Domain Name Server Enhancements (IP) (“Domain Name Server Enhancements”...

  • Page 6: Nsm Hot Swap Software Support

    NSM Hot Swap Software Support When a card is hot-swapped out of a bay, its interface instances become dormant. They stay dormant until either another card of the same type is hot- swapped into the bay, in which case they are reactivated, or a card of a different type is hot-swapped into the bay, in which case they are destroyed.

  • Page 7: Domain Name Server Enhancements

    Software Release 2.3.1 Figure 2: Example output from the SHOW INTERFACE command for a specific interface. Interface... bri0 ifIndex... 3 ifMTU... 1712 ifSpeed... 144000 ifAdminStatus... Up ifOperStatus... Swapped out ifLinkUpDownTrapEnable... Disabled TrapLimit... 20 Interface Counters ifInOctets ... 52190 ifInUcastPkts ... 3070 ifInNUcastPkts ...

  • Page 8: Server Selection

    If the DNS servers have already been configured, the configuration information can be set using the command: SET IP DNS [DOMAIN={ANY|domain-name}] {INTERFACE=interface| For example, to add or set the IP addresses of the default primary and secondary name servers to 192.168.20.1 and 192.168.20.2 respectively, use the commands: ADD IP DNS PRIMARY=192.168.20.1 SECONDARY=192.168.20.2 SET IP DNS PRIMARY=192.168.20.1 SECONDARY=192.168.20.2...

  • Page 9: Automatic Nameserver Configuration

    Software Release 2.3.1 Automatic Nameserver Configuration The primary and secondary name server’s addresses can either be statically configured as above, or learned dynamically over an interface. Name servers can be learned via DHCP over an Ethernet interface or via IPCP over a PPP interface.

  • Page 10: Enco Channels

    SET TRIGGER=trigger-id [INTERFACE[=interface]] EVENT={UP| The INTERFACE parameter defines an interface (link) trigger and specifies the interface to monitor. The EVENT parameter is required for an INTERFACE trigger. The INTERFACE parameter must be followed by the EVENT parameter. The CIRCUIT parameter may be used if INTERFACE specifies an X.25T interface;...

  • Page 11: Ip Security (Ipsec) Source Interface And Enhancements

    Software Release 2.3.1 IP Security (IPsec) Source Interface and Enhancements A source interface can now be specified for tunnelled IPsec traffic. The performance of IPsec is also enhanced, and more simultaneous IPsec tunnels are supported, because of the increase in ENCO channels. A new SRCINTERFACE parameter has been added to the SET and CREATE IPSEC POLICY commands.

  • Page 12: Ospf On Demand

    OSPF on Demand OSPF on demand circuits allow data link connections to be closed when not carrying application traffic. A new parameter, DEMAND, has been added to the following commands to support this feature: ADD OSPF INTERFACE [DEMAND={ON|OFF|YES|NO|TRUE|FALSE}] SET OSPF INTERFACE [DEMAND={ON|OFF|YES|NO|TRUE|FALSE}] For example, to set the OSPF interface ppp0 to a demand circuit over the point- to-point link, use the command: SET OSPF INTERFACE=PPP0 DEMAND=ON...
  • Page 13 Software Release 2.3.1 Figure 3: Example of dial-on-demand ISDN before configuring OSPF on demand. Router A RIP on demand or static routes Figure 4: Example of dial-on-demand ISDN after configuring OSPF on demand. Router A OSPF on demand For more information, see the Open Shortest Path First (OSPF) chapter of your switch or router’s Software Reference.

  • Page 14: Paladin Firewall Enhancements

    Paladin Firewall Enhancements The existing firewall NAT performs address translation for traffic passing between a pair of interfaces. With Software Release 2.3.1, firewall rules can also be configured which selectively perform address translation on sessions passing through an interface, based on the properties of the session (protocol, ports, IP addresses).

  • Page 15: Time Limited Rules

    Software Release 2.3.1 Reverse NAT This translates the addresses of public side devices to addresses suitable for the private side of the firewall (destination address will be translated for outbound packets, source address for inbound packets). Double NAT This translates both the public and private side source and destination addresses.
  • Page 16 Release Note additional rules can be added to allow or deny access based on IP addresses, port numbers, day of the week, or time of day. Each rule for a specific interface in a policy is processed in order, starting with the lowest numbered rule and proceeding to the highest numbered rule, or until a match is found.
  • Page 17 Software Release 2.3.1 translates both the public and private side source and destination addresses. ENHANCED NAT defined for a private interface will translate the private side source address (specified using the IP parameter) and protocol dependent ports to a single source address (specified by the GBLIP parameter), suitable for the public side of the Firewall.

  • Page 18: Web Redirection With Reverse Nat Rules

    Table 2: Required parameters for Firewall NAT rules. NAT Rule Type Standard Standard subnet Enhanced Reverse Reverse subnet Double Double subnet a. If the rule is applied to a public interface, the result will be reverse enhanced NAT. Key to table: Direction I = in.

  • Page 19: Further Examples

    Software Release 2.3.1 redirection any web traffic from the user’s PC or laptop can be redirected to the ISP's web server. This forces the user to arrange payment for using the service before being able to browse to any other site. With appropriate supporting “deny”...
  • Page 20 Figure 5: Using enhanced NAT in an IPsec tunnel with different IPsec and default gateways. LAN 1 192.168.2.0 subnet Private interface: 192.168.2.100 Standard NAT To translate the source address of traffic received on the private interface eth0 and destined for addresses in the range 210.25.4.1-210.25.4.99 to the global subnet 210.25.4.0, use the command: ADD FIREWALL POLICY=zone1 RULE=10 ACTION=NAT NATTYPE=STANDARD To provide a corresponding rule on the public interface eth1 to translate to the...

  • Page 21: Show Output

    Software Release 2.3.1 Reverse NAT To redirect all traffic received on a private interface to a destination of 210.25.7.1, without changing the source address, use the command: ADD FIREWALL POLICY=zone1 RULE=51 ACTION=NAT NATTYPE=REVERSE Changing Source Address To cause all traffic that comes in over the public interface eth1 to appear to come from the private IP address 192.168.1.2, regardless of its source IP address, use the command: ADD FIREWALL POLICY=zone1 RULE=60 ACTION=NAT NATTYPE=ENHANCED...

  • Page 22: Firewall Http Proxies And Firewall Policies

    Firewall HTTP Proxies and Firewall Policies To add or delete a Firewall HTTP proxy, use the new HTTP option for the PROXY parameter in the commands: ADD FIREWALL POLICY=policy-name PROXY={HTTP|SMTP} DELETE FIREWALL POLICY=policy-name PROXY={HTTP|SMTP} The PROXY parameter specifies the application proxy that will be added to the security policy.
  • Page 23 Software Release 2.3.1 per line. Options are supplied after the entry and a colon. Each option is separated by a space. The option keywords that are allowed for each entry are “allow” and “nocookies”. The “allow” option will explicitly allow the URL, or part of the URL, given on the line.
  • Page 24 Figure 6: Example of a HTTP filter file. # The keywords section starts with the string “keywords:”. keywords: # The keywords can match any part of the URL. URLs containing these entries will # be denied unless specifically allowed by an entry later in the file. plants toys # Putting a * in front of the keyword indicates that the string must appear at...

  • Page 25: Firewall Policy Debugging

    Software Release 2.3.1 To re-enable HTTP cookie requests to pass through the HTTP proxy, use the command: ENABLE FIREWALL POLICY=name HTTPCOOKIES For example, to enable the passing of HTTP cookies through HTTP proxies configured for the policy zone1, use the command: ENABLE FIREWALL POLICY=zone1 HTTPCOOKIES Firewall Policy Debugging By default, firewall policy debugging is disabled.

  • Page 26: Vrrp Port Monitoring

    Table 6: New parameters in the output of the SHOW FIREWALL POLICY COUNTER command. Parameter HTTP Proxy Filter File Cookies Sessions Handled URL Denies URL Allows Cookie Denies VRRP Port Monitoring Virtual Router Redundancy Protocol (VRRP) is now able to monitor ports in the VLAN over which it is running, and reduce the priority of the router or switch if ports in the VLAN fail.
  • Page 27 Software Release 2.3.1 If the PROPORTIONAL option is specified, the virtual router reduces the priority to a percentage of the original priority in proportion the percentage of available ports. For example, if a router has five ports and a port fails, the router will drop its priority by a fifth of the original priority.

  • Page 28: Border Gateway Protocol 4 (Bgp-4)

    Border Gateway Protocol 4 (BGP-4) The Border Gateway Protocol version 4 (BGP-4) is an external gateway protocol which allows two routers in different routing domains to exchange routing information. Software release 2.3.1 supports phase one implementation of BGPv4 on AR700 Series routers, Rapier Series Layer 3 Switches, and AR800 Series Modular Switching Routers.

  • Page 29: Internet Protocol (Ip)

    Software Release 2.3.1 Internet Protocol (IP) In conjunction with BGP-4, a number of new commands have been added to the implementation of IP, and several commands have been modified. The new commands are: ADD IP ASPATHLIST ADD IP COMMUNITYLIST ADD IP ROUTEMAP DELETE IP ASPATHLIST DELETE IP COMMUNITYLIST DELETE IP ROUTEMAP...
  • Page 30 To reset IP interfaces, use the command: RESET IP COUNTER={ALL|ARP|EGP|ICMP|INTERFACE|IP|MULTICAST| This command resets the specified group of IP counters to zero (0). The COUNTER parameter specifies the group of counters to be reset. If ALL is specified, all IP counters are reset. If ARP, EGP, ICMP, INTERFACE, IP, MULTICAST, ROUTE, SNMP or UDP is specified then those counters, respectively, are reset.
  • Page 31 Software Release 2.3.1 Figure 8: Example output from the SHOW IP COUNTER=INTERFACE command. IP Interface Counters -------------------------------------------------------------------------------- Interface ifInPkts Type ifOutPkts -------------------------------------------------------------------------------- eth0 23531 Static eth1 Static 63289 ppp0 Static -------------------------------------------------------------------------------- Table 9: Parameters displayed in the output of the SHOW IP COUNTER=INTERFACE command.
  • Page 32 Figure 9: Example output from the SHOW IP COUNTER=SNMP command. SNMP counters: inPkts ... 0 inBadVersions ... 0 inBadCommunityNames ... 0 inBadCommunityUses ... 0 inASNParseErrs ... 0 inTooBigs ... 0 inNoSuchNames ... 0 inBadValues ... 0 inReadOnlys ... 0 inGenErrs ... 0 inTotalReqVars ...

  • Page 33: Telephony (Pbx) Functionality

    Software Release 2.3.1 Table 10: Parameters in the output of the SHOW IP COUNTER=SNMP command. Parameter inSetRequests inGetResponses inTraps outPkts outTooBigs outNoSuchNames outBadValues outGenErrs outGetRequests outGetNexts outSetRequests outGetResponses outTraps Telephony (PBX) Functionality AR300 Series routers with telephony ports now offer a choice of ISDN supplemental services or internal PBX functions.

  • Page 34: Bandwidth Limiting

    Bandwidth Limiting This feature will be available on Rapier i Series layer 3 switches only, when these models become available. Ingress and egress bandwidth limits are specified separately. Limits can be configured for each switch port using the command: SET SWITCH PORT=port-list where: port-list is a port number, a range of port numbers (specified as n-m), or a comma separated list of port numbers and/or ranges.

  • Page 35: Enable Telnet Server

    Software Release 2.3.1 ENABLE TELNET SERVER Syntax ENABLE TELNET SERVER Description This command enables the Telnet server to be accessed remotely. The Telnet server is enabled by default. SHOW TELNET Syntax SHOW TELNET Description This command displays information about the current Telnet settings. Figure 10: Example output from the SHOW TTY command.
  • Page 36 Release Note The LOGIN parameter is used to specify whether or not users with a privilege of “user” will be able to login to the command line interface. Usernames with LOGIN set to TRUE can be used both for PAP and CHAP authentication, and to login and access the command line.

This manual is also suitable for:

Rapier ar 300 seriesRapier ar 700 seriesRapier ar 800 series

Table of Contents

Save PDF