Page 1 Order toll-free in the U.S. 24 hours, 7 A.M. Monday to midnight Friday: 877-877-BBOX CUSTOMER FREE technical support, 24 hours a day, 7 days a week: Call 724-746-5500 or fax 724-746-0746 SUPPORT Mail order: Black Box Corporation, 1000 Park Drive, Lawrence, PA 15055-1018 INFORMATION Web site: www.blackbox.com • E-mail: info@blackbox.com...
Page 2 Black Box LR11xx Series Router Configurations Guide FEDERAL COMMUNICATIONS COMMISSION CANADIAN DEPARTMENT OF COMMUNICATIONS RADIO FREQUENCY INTERFERENCE STATEMENTS This equipment generates, uses, and can radiate radio frequency energy and if not installed and used properly, that is, in strict accordance with the manu- facturer’s instructions, may cause interference to radio communication.
Page 3 Normas Oficiales Mexicanas (NOM) Electrical Safety Statement INSTRUCCIONES DE SEGURIDAD Todas las instrucciones de seguridad y operación deberán ser leídas antes de que el aparato eléctrico sea operado. Las instrucciones de seguridad y operación deberán ser guardadas para referencia futura. Todas las advertencias en el aparato eléctrico y en sus instrucciones de operación deben ser respetadas.
Page 4 Black Box LR11xx Series Router Configurations Guide El cable de corriente deberá ser desconectado del cuando el equipo no sea usado por un largo periodo de tiempo. Cuidado debe ser tomado de tal manera que objectos liquidos no sean derramados sobre la cubierta u orificios de ventilación.
Page 5: Table Of Contents
Configure the Black Box LR1104A ..........22 Example 3 ..................22 Configure the Black Box LR1104A ..........22 ..............23 ONFIGURING ECURITY IPSec Configurations .................23 Example 1: Managing the Black Box LR1104A Securely Over an IPSec Tunnel .................24 Example 2: Single Proposal: Tunnel Mode Between Two Black...
Page 6 Configure the Black Box LR1114A System at Site 1 ....64 PPP and MLPPP Configuration ............ 64 Configure the Black Box LR1104A System at the Main Site ..64 HDLC Configuration ..............64 Configure the Black Box LR1104A System at the Main Site ..64 ..............
Page 7 Contents NAT Configuration Examples ............74 Dynamic NAT (many to many) .............75 Static NAT (one to one) ..............76 Port Address Translation (Many to one) ........77 ........79 ULTIPATH ULTICAST ONFIGURATIONS Multipath Multicast ................79 Multipath Commands ................80 Multipath Examples ...............80 NAT................81 ONFIGURING Network Address Translation ............81 Dynamic NAT ................81...
Page 8 Black Box LR11xx Series Router Configurations Guide Configuring the host name ............99 Configuring interface ethernet 0 ........... 99 Configuring interface bundle Dallas ..........99 Configuring ospf ................100 Configuring ospf interface parameters .......... 100 Displaying neighbors ..............100 Displaying ospf routes ..............
Page 9 Configure interface bundle mip .............127 Configure ip routing ...............127 ..........129 ANAGING EDUNDANT CONNECTIONS Trunk Group/Failover ................129 Configuration Details ..............129 Configure the Black Box LR1114A for Failover Operation ..130 WAN I ...........131 NTERFACE ONFIGURATIONS T1 Interface Configuration ..............131 Module Configuration ..............131 T1 ....................131...
Page 10 Black Box LR11xx Series Router Configurations Guide Configure the LR1104A LR1104A at Site 1 ......... 141 Configure the LR1104A ..............141 Configure the LR1104A LR1114A at Site 2 ......... 142 Configure the LR1104A ..............142...
Page 11: Dhcp Relay
1.1.1 Feature Overview Black Box DHCP relay feature eliminates the need for a DHCP server on every LAN, because DHCP requests can be relayed to a single remote DHCP server. Black Box’s implementation of DHCP relay is based on RFC 1532.
Page 12: Bootp Replies
Black Box LR11xx Series Router Configurations Guide Figure 2 BOOTP Requests Unicast BOOTREQUEST Broadcast BOOTREQUEST Tasman 1400 DHCP Client DHCP Relay Agent DHCP Server 1.1.2.2 BOOTP Replies BOOTP replies are messages from the server to the client. Reply messages include DHCP OFFER, DHCP ACK, DHCP NAK, etc.
Page 13: Disabling Dhcp Relay
DHCP Relay Blackbox> configure terminal Blackbox/configure> interface ethernet 0 Blackbox/configure/interface/ethernet 0> dhcp server_address 20.1.1.1 1.1.4.2 Disabling DHCP Relay Blackbox/configure/interface/ethernet 0> no dhcp server_address 20.1.1.1 1.1.4.3 Configuring the Gateway Address field when NAT is enabled Blackbox/configure/interface/ethernet 0> dhcp gateway_address 192.168.20.1 1.1.5 Displaying DHCP Configuration The following screen captures show the displayed results of issuing show commands relevant to DHCP relay, with and without gateway addresses configured.
Page 14: Dhcp Limitations
1.1.7 DHCP Limitations There are limitations when using DHCP relay on a Black Box system. Only one DHCP server can be specified per interface. DHCP can be enabled only on Ethernet interfaces (not on bundles). And last, DHCP can be enabled in IP routing (static and dynamic) mode,...
Page 15: Configuring Internet Group Management Protocol
ONFIGURING NTERNET ROUP ANAGEMENT ROTOCOL 2.1IGMP Configuration Internet Group Management Protocol (IGMP) is enabled on hosts and routers that want to receive multicast traffic. IGMP informs locally-attached routers of their multicast group memberships. Hosts inform routers of the groups of which they are members by multicasting IGMP Group Membership Reports.
Page 16: Igmp Commands
Black Box LR11xx Series Router Configurations Guide 2.1.1 IGMP Commands The IGMP commands are: ip igmp ignore-v1-messages ignore-v2-messages last-member-query-count last-member-query-interval query-interval query-response-interval require-router-alert robustness send-router-alert startup-query-count startup-query-interval group filter version debug ip igmp debug ip igmp state debug ip igmp normal...
Page 17: Example 5
IGMP Configuration Blackbox/configure/ip/igmp/interface ethernet0> ip igmp ignore-v2-messages Blackbox/configure/ip/igmp/interface ethernet0> exit 3 Blackbox/configure> 2.1.2.5 Example 5 The following example configures the Last Member Query Count to be 4 on ethernet 0. Blackbox/configure/ip/igmp/interface ethernet0> last-member-query-count 4 2.1.2.6 Example 6 In the following example for interface ethernet 0, the Robustness is configured to be 4. The Last Member Query count is configured to be 5.
Page 18 Black Box LR11xx Series Router Configurations Guide...
Page 19: Filtering Ip Traffic
“permit” statement. The order in which you enter the filtering rules is important. As the Black Box system is evaluating each packet, the Black Box OS tests the packet against each rule statement sequentially. After a match is found, no more rule statements are checked.
Page 20: Example 2
- he wishes to permit FTP sessions from all networks to the internal FTP server (222.199.19.12), deny FTP sessions to all other addresses, and permit all other traffic to flow through the Black Box unit. 3.1.2.1 Configure the Black Box LR1104A Blackbox>...
Page 21: Onfiguring Ecurity
This guide provides information and examples on how to configure IPSec. There are three licenses that control access to the features: Basic VPN Management ( vpn_mgmt )—allows users to manage a remote Black Box router. Firewall ( firewall )—allows users to manage the firewall features. Also includes Basic VPN Management.
Page 22: Example 1: Managing The Black Box Lr1104A Securely Over An Ipsec Tunnel
Securely Over an IPSec Tunnel The following example demonstrates how to manage a Black Box router through an IP security tunnel. Steps are presented for configuring the Black Box1 and Black Box2 routers to assist any host on the LAN side of Black Box-2 to manage the Black Box1 router through the IP security tunnel.
Page 23 Mode Transform ------ ---- ---- --------- Black Box 172.14.0.2 Main P1 pre-g1-3des-sha Blackbox> Step 7: Display IKE policies in detail Displays the encryption algorithm, hash algorithm, authentication mode, and other details of the IKE policies. Step 8: Configure the IPSec tunnel to the remote host Black Box1/configure/crypto>...
Page 24 Black Box LR11xx Series Router Configurations Guide Step 10.1: Configure firewall policies to allow IKE negotiation through untrusted interface (applicable only if firewall license is also enabled) Black Box1/configure> firewall internet Black Box1/configure/firewall internet> policy 1000 in service ike self Black Box1/configure/firewall internet/policy 1000 in>...
Page 25 Example 1: Managing the Black Black Box1> show firewall policy internet detail Policy with Priority 1000 is enabled, Direction is inbound Action permit, Traffic is self Logging is disable Source Address is any, Dest Address is any Source Port is any, Service Name is ike Schedule is disabled, Ftp-Filter is disabled Smtp-Filter is disabled, Http-Filter is disabled Rpc-Filter is disabled, Nat is disabled...
Page 26: Box Security Gateways
The following example demonstrates how to form an IP security tunnel to join two private networks: 10.0.1.0/24 and 10.0.2.0/24. The security requirements are as follows: Phase 1: 3DES with SHA1 Phase 2: IPSec ESP with AES (256-bit) and HMAC-SHA1 Figure 9 Tunnel Mode Between Two Black Box Security Gateways - Single Proposals 172.16.0.1 172.16.0.2 TRUSTED...
Page 27 Peer Mode Transform ------ ---- ---- --------- Black Box 172.14.0.2 Main P1 pre-g1-3des-sha Blackbox> Step 7: Configure IPSec tunnel to the remote host Black Box1/configure/crypto> ipsec policy Black Box2 172.16.0.2 Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2> match address 10.0.1.0 24 10.0.2.0 24...
Page 28 Black Box LR11xx Series Router Configurations Guide For IPSec only – when you create an outbound tunnel, an inbound tunnel is automatically created. The inbound tunnel applies the name that you provide for the outbound tunnel and adds the prefix “IN” to the name.
Page 29 Black Box1/configure/firewall corp/policy 1000 in> exit Black Box1/configure/firewall corp> exit Step 8.5: Display firewall policies in the corp map (applicable only if firewall license is enabled) Black Box 1> show firewall policy corp Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter,...
Page 30 Black Box LR11xx Series Router Configurations Guide Black Box1> show firewall policy corp detail Policy with Priority 1000 is enabled, Direction is inbound Action permit, Traffic is transit Logging is disable Source Address is 10.0.2.0/24, Dest Address is 10.0.1.0/24 Source Port is any, Dest Port is any, any...
Page 31: Two Black Box Security Gateways
As a result of quick mode negotiation, the two routers are expected to converge on a mutually acceptable proposal, which is the proposal “IPSec ESP with AES (256-bit) and HMAC-SHA1” in this example. Figure 10 Tunnel Mode Between Two Black Box Security Gateways - Multiple Proposals 172.16.0.1 172.16.0.2...
Page 32 Black Box LR11xx Series Router Configurations Guide Blackbox> show crypto interfaces Interface Network Name Type --------- ------- wan1 Untrusted ethernet0 trusted Blackbox> Step 4: Add route to peer LAN Black Box1/configure> ip route 10.0.2.0 24 wan1 Step 5: Configure IKE to the peer gateway Black Box1/configure>...
Page 33: Example 4: Ipsec Remote Access To Corporate Lan Using User Group Method
The following example demonstrates how to configure a Black Box router to be an IPSec VPN server using user group method with extended authentication (XAUTH) for remote VPN clients. The client could be any standard IPSec VPN client.
Page 34 Black Box LR11xx Series Router Configurations Guide Step 2: As in Step2 of Example 1 Step 3: As in Step3 of Example 1 Step 4: Configure dynamic IKE policy for a group of mobile users Black Box1/configure> crypto Black Box1/configure/crypto> dynamic Black Box1/configure/crypto/dynamic>...
Page 35 Example 4: IPSec remote access Black Box1/configure/crypto/dynamic> ipsec policy sales Black Box1/configure/crypto/dynamic/ipsec/policy sales> match address 10.0.1.0 24 Default proposal created with priority1-esp-3des-sha1-tunnel and activated. Black Box1/configure/crypto/dynamic/ipsec/policy sales> proposal 1 Black Box1/configure/crypto/dynamic/ipsec/policy sales/proposal 1> encryption-algorithm aes256-cbc Black Box1/configure/crypto/dynamic/ipsec/policy sales/proposal 1> exit Black Box1/configure/crypto/dynamic/ipsec/policy sales>...
Page 36 Black Box LR11xx Series Router Configurations Guide Black Box1> show crypto dynamic ipsec policy all detail Policy sales is enabled, User group name sales Direction is outbound, Action is Apply Key Management is Automatic PFS Group is disabled Match Address: Protocol is Any Source ip address (ip/mask/port): (10.0.1.0/255.255.255.0/any)
Page 37 Example 4: IPSec remote access Black Box1/configure> firewall internet Black Box1/configure/firewall internet> policy 1000 in service ike self Black Box1/configure/firewall internet/policy 1000 in> exit Black Box1/configure/firewall internet> exit Step 12: Display firewall policies in the internet map (applicable only if firewall license is enabled) Black Box1>...
Page 38: Example 5: Ipsec Remote Access To Corporate Lan Using Mode Configuration Method
4.1Example 5: IPSec remote access to corporate LAN using mode configuration method The following example demonstrates how to configure a Black Box router to be an IPSec VPN server using mode-configuration method. The client could be any standard mode configuration enabled IPSec VPN client.
Page 39 Example 5: IPSec remote access VPN Client 1 Local Outer Address: Dynamic Local Inner Assigned Address: 10.0.1.100/32 Local ID: blackbox.com david@tasmannetworks. VPN Client 2 Black Box 1 Tasman #1 Local Outer Address: VPN Server Dynamic 172.16.0.1 Corporate Local Inner Assigned Mode Config IP Headquarters Address: 10.0.1.101/32...
Page 40 Black Box LR11xx Series Router Configurations Guide Black Box1> show crypto dynamic ike policy all Policy Remote-id Mode Transform Address-Pool ------ --------- ---- --------- ------------ sales U david@BlackBox... Aggressive P1 pre-g1-3des-sha1 1 S 20.1.1.100 E20.1.1.150 Step 6: Display dynamic IKE policies in detail Black Box1>...
Page 41 Example 5: IPSec remote access Black Box1> show crypto dynamic ipsec policy all detail Policy sales is enabled, Modeconfig Group Action is Apply Key Management is Automatic PFS Group is disabled Match Address: Protocol is Any Source ip address (ip/mask/port): (10.0.1.0/255.255.255.0/any) Destination ip address (ip/mask/port): (any/any/any) Proposal of priority 1 Protocol: esp...
Page 42 Black Box LR11xx Series Router Configurations Guide Black Box1> show firewall policy internet detail Policy with Priority 1000 is enabled, Direction is inbound Action permit, Traffic is self Logging is disable Source Address is any, Dest Address is any Source Port is any, Service Name is ike...
Page 43 Example 5: IPSec remote access Black Box1> show firewall policy corp detail Policy with Priority 1000 is enabled, Direction is inbound Action permit, Traffic is transit Logging is disable Source Address is 20.1.1.100-20.1.1.150, Dest Address is 10.0.1.0/24 Source Port is any, Dest Port is any, any Schedule is disabled, Ftp-Filter is disabled Smtp-Filter is disabled, Http-Filter is disabled Rpc-Filter is disabled, Nat is disabled...
Page 44 Black Box LR11xx Series Router Configurations Guide...
Page 45: Ips Ec Specifications
PECIFICATIONS 5.1IPSec Appendix This appendix provides information about IPSec supported protocols and modes, encryption algorithms and block sizes, and Black Box IPSec and IKE default values. IPSec Supported Protocols and Algorithms The following tables provide supported protocol and algorithm information.
Page 46: Black Box Ike And Ipsec Defaults
Group 2 1024-bits 5.1.1 Black Box IKE and IPSec Defaults To minimize configuration required by the user, default IKE and IPSec values have been implemented in Black Box’s encryption scheme. 5.1.1.1 IKE Defaults The following table lists IKE defaults. When the user creates an IKE policy specifying an IKE peer, an IKE proposal with priority 1 is automatically created.
Page 47 IPSec Appendix Figure 12 IPSec Default Values Parameter Name Black Box Default Value Key management type Automatic Hash algorithm SAH1 Encryption algorithm 3DES Protocol Mode Tunnel Lifetime 3600 seconds Direction Position in SPD where policy added End Perfect forward secrecy...
Page 48 Black Box LR11xx Series Router Configurations Guide...
Page 49: Orwarding Ip Traffic
Specific IPMux Routes 6.1.2 Proxy ARP and Packet Forwarding In the simple network example below, router 1, router 2, and both Black Box Ethernets are on a single 29-bit IP subnet. Consider the sequence that occurs when router 1 pings router 2.
Page 50: Addressing In Ip Multiplexing Networks
200.1.1.3/29 Router 1 broadcasts an ARP request for 200.1.1.1. Black Box 1 recognizes that router 200.1.1.1 is reachable via its WAN interface, based on a configured IP route. Black Box 1 Proxy ARPs, responding with the MAC address mapped to bundle WAN1.
Page 51: Single Subnet
Router/DSU 192.1.1.7/28 6.1.5 Split Subnet This is similar to the single subnet scheme in that all four routers are in the same 28-bit subnet, but the Black Box products are on smaller, 30-bit subnets. Table 7 Split Subnet Addressing POP Router 192.1.1.1/28...
Page 52: Secondary Addressing - Pop Only
This approach relies on configuring the POP router with a secondary Ethernet address for each remote site. The remote router is also configured with a secondary address in that same subnet. The 30-bit approach uses reserved addresses for bundle addressing. The router primary and the directly connected Black Box reside in a different 30-bit subnet. Table 9 30-Bit Secondary Addressing POP Router 200.1.1.1/30 primary...
Page 53: Secondary Addressing - 29 Bit
Table 10 Addressing Schemes: Pros and Cons Approach Pros Cons Single Subnet Minimizes consumption of IP POP Black Box requires two route statements address space per remote connection. Split Subnet Less routes required in Black Consumes 29-bit subnet per remote site.
Page 54 Black Box LR11xx Series Router Configurations Guide...
Page 55: Ip Multiplexing Hdlc Configurations
7.1Connecting a Black Box Router to a Router/CSU via HDLC The following diagram details a single T1 connection between a Black Box and a remote router/CSU combination. Secondary IP addressing is used for IP multiplexing. Figure 15 IP Multiplexing Application 10.1.1.2/24...
Page 56: Configure The Black Box Lr1104A At Site 2
Configuration Guide 7.1.1 Configure the Black Box LR1104A at Site 2 Site2-LR1104A> configure term Site2-LR1104A/configure> interface ethernet 0 Site2-LR1104A/configure/interface/ethernet> ip addr 129.1.1.2 255.255.255.0 Site2-LR1104A/configure/interface/ethernet> exit Site2-LR1104A/configure> interface bundle toSite1 Site2-LR1104A/configure/interface/bundle> link ct3 1 1 Site2-LR1104A/configure/interface/bundle> encap hdlc Site2-LR1104A/configure/interface/bundle> ip addr 10.1.1.2 255.255.255.0 Site2-LR1104A/configure/interface/bundle>...
Page 57: Ip Multiplexing Ppp And Mlppp Configurations
Site 1 utilizes a Black Box LR1114A communicating over a 4 x T1 WAN bundle. Site 2 utilizes a Black Box LR1114A communicating over a 2 x T1 WAN bundle. Site 3 utilizes a router/T1 CSU combination to communicate over a single This example focuses on the main site Black Box LR1104A - refer to other configuration examples for details on remote site configurations.
Page 58 203.1.1.1/24 The main site Black Box LR1104A is configured with three WAN bundles. Each bundle has a unique name and an IP address from a unique WAN subnet associated with it. The main site router is configured with the following IP...
Page 59: Configure The Black Box Lr1104A At The Main Site
Configuring Multiple PPP and 8.1.1 Configure the Black Box LR1104A at the Main Site MainLR1104A/configure> interface ethernet 0 MainLR1104A/configure/interface/ethernet> ip addr 200.1.1.2 255.255.255.0 MainLR1104A/configure/interface/ethernet> exit MainLR1104A/configure> module ct3 1 MainLR1104A/configure/module/ct3> t1 1-4 esf b8zs line gen_det description "4 x T1 to Site 1"...
Page 60 Black Box LR11xx Series Router Configurations Guide...
Page 61: Configuring Ppp, Mlppp, And Hdlc
SITE 2 Site 1 uses a Black Box LR1114A system to establish a 6 Mbps MLPPP connection (four T1 lines) to the main site. In this example, MLPPP segmentation is configured lower than the default setting of 512 bytes, and the differential delay tolerance is tighter than the default 128 milliseconds.
Page 62: Mlppp Configuration
Blackbox/configure/interface/bundle> mlppp seg_threshold LR1114A differential_delay Blackbox/configure/interface/bundle> ip addr 192.168.1.2 255.255.255.0 Blackbox/configure/interface/bundle> exit 9.1.2 PPP and MLPPP Configuration 9.1.2.1 Configure the Black Box LR1104A System at the Main Site Blackbox/configure> interface bundle ToSite1 Blackbox/configure/interface/bundle> link ct3 1 5-8 Blackbox/configure/interface/bundle> encap ppp Blackbox/configure/interface/bundle>...
Page 63: Configuring Firewalls
Just as virus protection software requires updates to protect against the latest intrusion attacks, firewalls must be updated. In this release of Black Box software, administrators are able to filter traffic on specific ports, protect against Denial of Services attacks, enable IP packet reassembly, and so forth.
Page 64: Firewall Configuration Examples
A typical and basic firewall implementation is one which protects traffic to and from a network, a server farm, and the Internet. In this example, the firewall features in the Black Box router will protect the CORP network and the server farm in the DMZ from unauthorized access from the Internet.
Page 65 Firewall Configuration Ex- Blackbox/configure> interface ethernet 0 Configuring existing Ethernet interface Blackbox/configure/interface/ethernet 0> ip address 10.2.1.1 24 Blackbox/configure/interface/ethernet 0> exit Blackbox/configure> interface ethernet 1 Configuring existing Ethernet interface Blackbox/configure/interface/ethernet 1> ip address 10.3.1.1 24 Blackbox/configure/interface/ethernet 1> exit Blackbox/configure> interface bundle wan Blackbox/configure/interface/bundle wan>...
Page 66 Black Box LR11xx Series Router Configurations Guide Blackbox/configure> Blackbox/configure/firewall corp> Blackbox/configure/firewall corp> Blackbox/configure/firewall corp> policy 1024 out Blackbox/configure/firewall corp/policy 1024 out> exit Blackbox/configure/firewall corp> policy 1021 in deny Blackbox/configure/firewall corp/policy 1021 in> exit Blackbox/configure/firewall corp> object Blackbox/configure/firewall corp/object> http-filter javadeny deny *.java...
Page 67 Firewall Configuration Ex- Blackbox/configure> firewall dmz Blackbox/configure/firewall dmz> object Blackbox/configure/firewall dmz/object> ftp-filter putdeny deny put mkdir Blackbox/configure/firewall dmz/object> nat-pool ftpsrvr static 10.3.1.100 Blackbox/configure/firewall dmz/object> exit Blackbox/configure/firewall dmz> policy 100 in address any any 193.168.94.221 32 Blackbox/configure/firewall dmz/policy 100 in> apply-object nat-pool ftpsrvr Blackbox/configure/firewall dmz/policy 100 in>...
Page 68 Black Box LR11xx Series Router Configurations Guide Blackbox/configure> show configuration running Please wait... (up to a minute) terminal exit terminal exit qos module t1 1 alarms thresholds exit thresholds exit alarms linemode exit linemode exit t1 module t1 2 alarms...
Page 69 Black Box enable_trap exit enable_trap exit snmp hostname Black Box log utc telnet_banner exit telnet_banner event exit event system logging...
Page 70 Black Box LR11xx Series Router Configurations Guide multicast exit multicast route 0.0.0.0 0.0.0.0 wan 1 exit ip policy community_list exit community_list crypto exit crypto firewall global exit firewall firewall internet interface wan policy 1024 out self exit policy exit firewall...
Page 71: Stopping Dos Attacks
Firewall Configuration Ex- 10.2.1 Stopping DoS Attacks The following commands show how to configure the firewall to defend against Denial of Service (DoS) attacks. Black Box provides protection against FTP bounce, ICMP error checks, IP sequence number checks, unaligned timestamps, MIME flooding, source routing checks, SYN flooding, and WIN nuke attacks.
Page 72: Packet Reassembly
Black Box system’s public IP address, a source port allocated from its list of available ports, and the same destination IP address and port number generated by the PC. The Black Box system also adds an entry into a table it keeps, which maps the internal address and source port number that the PC generated against the port number it allocated to this session.
Page 73: Dynamic Nat (Many To Many)
NAT IP address from 60.1.1.1 to 60.1.1.2. In case of many-to-many NAT, only IP address translation takes place, i.e., if a packet travels from 10.1.1.1 to yahoo.com, Black Box-Firewall only substitutes the source address in the IP header with one of the NAT IP address and the source port will be the same as the original.
Page 74: Static Nat (One To One)
Black Box LR11xx Series Router Configurations Guide 10.4.2 Static NAT (one to one) Figure 20 Static NAT 10.1.1.1 OPAL INTERNET 50.1.1.1-50.1.1.3 10.1.1.2 10.1.1.3 In static (one-to-one) NAT type, for each IP address in the corporate network, one NAT IP address will be used. For example, for the three IP addresses from 10.1.1.1 to 10.1.1.3, there is a set of three NAT IP address from 50.1.1.1 to 50.1.1.3.
Page 75: Port Address Translation (Many To One)
NAT allows multiple IP addresses to be mapped to one address. There are two methods to configure Port Address Translation (PAT) on the Black Box gateway. In the first method, specify the IP address to the nat-ip parameter in the policy command. In the second method, create a pool of type PAT and then attach it to the policy.
Page 76 Black Box LR11xx Series Router Configurations Guide Blackbox/configure> firewall corp Blackbox/configure/firewall corp> object Blackbox/configure/firewall corp/object> nat-pool addresspoolPat pat 50.1.1.5 Blackbox/configure/firewall corp/object> exit Blackbox/configure/firewall corp> policy 2 out address 10.1.1.1 10.1.1.3 any any Blackbox/configure/firewall corp/policy 2 out> apply-object nat-pool addresspoolPat Blackbox/configure/firewall corp/policy 2 out> exit 2...
Page 77: Multipath Multicast Configurations
Modulo-N, Hash Threshold, and HRW are not disruptive. RFC 2991 recommends to use HRW method to select the next-hop for multicast packet forwarding. or this reason, Black Box-only scenarios apply the HRW method as the default. This is similar to the Cisco Systems IPv6 multicast multipath implementation.
Page 78: Multipath Commands
<addr> - source or RP address When multipath is disabled, Black Box selects the nexthop address with lowest ip address. For equal cost routes the nexthops are stored in the increasing (ascending) order of IP address. show ip rpf command displays the selected path, based on the configured multipath method and the nexthops of the best route to the IP address passed.
Page 79: Configuring Nat
Consider a PC on the LAN sending a packet destined for some.server.com. The source IP address and port are in the packet together with the destination IP address and port. When the packet arrives at the Black Box system it will be de-encapsulated, modified, and re-encapsulated.
Page 80: Configuration For Figure 1
Black Box LR11xx Series Router Configurations Guide Figure 22 illustrates dynamic and static NAT. The static translation between 192.168.1.6 and 100.1.1.6 automatically matches the port addresses, thus a request destined for 100.1.1.6 tcp port 25 is translated to 192.168.1.6 tcp port 25 and so on.
Page 81: Configuration For Figure 2
Network Address Translation Figure 23 provides an example of static port mapping. TCP port 81 of the web server at private address 192.168.1.6 is mapped to the same TCP port of the public address. Figure 23 Mapping Ports Internet 100.1.1.1/29 192.168.1.254/24 www server is running on TCP port 81...
Page 82: Configuration For Figure 3
Black Box LR11xx Series Router Configurations Guide Figure 24 Reverse NAT Internet 100.1.1.1/29 FTP, SMTP, HTTP Server Ethernet 1 199.7.3.2/24 199.7.3.2/24 Ethernet 0 www server is running 192.168.1.254/24 on TCP port 81 FTP, SMTP, HTTP Server 192.168.1.6/24 10/100 BaseT Ethernet...
Page 83: Nat Configuration Xamples
Consider a PC on the LAN sending a packet destined for some.server.com. The source IP address and port are in the packet together with the destination IP address and port. When the packet arrives at the Black Box system it will be de-encapsulated, modified, and re-encapsulated.
Page 84 Black Box LR11xx Series Router Configurations Guide translation takes place, i.e., if a packet travels from 10.1.1.1 to yahoo.com, Black Box-Firewall only substitutes the source address in the IP header with one of the NAT IP address and the source port will be the same as the original.
Page 85: Static Nat (One To One)
NAT Configuration Examples 13.1.2Static NAT (one to one) Figure 26 Static NAT 10.1.1.1 OPAL INTERNET 50.1.1.1-50.1.1.3 10.1.1.2 10.1.1.3 In static (one-to-one) NAT type, for each IP address in the corporate network, one NAT IP address will be used. For example, for the three IP addresses from 10.1.1.1 to 10.1.1.3, there is a set of three NAT IP address from 50.1.1.1 to 50.1.1.3.
Page 86: Port Address Translation (Many To One)
NAT allows multiple IP addresses to be mapped to one address. There are two methods to configure Port Address Translation (PAT) on the Black Box gateway. In the first method, specify the IP address to the nat-ip parameter in the policy command. In the second method, create a pool of type PAT and then attach it to the policy.
Page 87: Remote Access Vpns
14.2.1 Remote Access: User Group One of the methods to achieve IPSec remote access in Black Box is the user group method. In this method, the administrator creates an IKE policy for a logical group of users such as a department in an organization. Each user in the group is identified with unique information that is uniquely configured in the IKE policy.
Page 88: Remote Access: Mode Configuration
The following example demonstrates how to manage the Black Box gateway from a secure VPN management host. An application would look like a host in a remote site is interested in managing Black Box router using SNMP. But the remote host is interested in doing securely. The SNMP response that is generated in Black Box router for a request from the management host is called self-generated traffic.
Page 89 IPSec Remote Access User Figure 28 User Group Remote Access Configuration VPN Client 2 Black Box Tasman #1 Local Outer Address: VPN Server Dynamic 172.16.0.1 Local ID: blackbox.com admin@tasmannetworks .com To create the user group configuration enter: Blackbox>configure term Blackbox/configure>interface bundle wan Blackbox/configure/interface/bundle wan>link t1 1-2...
Page 90: Ipsec Remote Access Mode Configuration Group Method
14.5 IPSec Remote Access Mode Configuration Group Method The following example demonstrates how to configure a Black Box router to be an IPSec VPN server using mode-configuration method. The client could be any standard mode config enabled IPSec VPN client.
Page 91 IPSec Remote Access Mode Con- To configure the IKE policy for negotiating with VPN clients needing access to the corporate private network 10.0.1.0. Blackbox/configure>crypto corp Blackbox/configure/crypto>dynamic Blackbox/configure/crypto/dynamic>ike policy IDCsales modecfg-group Blackbox/configure/crypto/dynamic/ike/policy IDCsales>modeconfig-group Blackbox/configure/crypto/dynamic/ike/policy IDCsales>local-address 172.16.0.1 To configure the user name (optional) for remote-id: Blackbox/configure/crypto/dynamic/ike/policy IDCsales>remote-id email-id sampledata david@Blackbox.com Blackbox/configure/crypto/dynamic/ike/policy IDCsales>remote-id email-id sampledata...
Page 92 Black Box LR11xx Series Router Configurations Guide...
Page 93: Networking With Routing Information Protocol
ETWORKING WITH OUTING NFORMATION ROTOCOL 15.1Routing Information Protocol 15.1.1Configuring RIP for Ethernet 0 and WAN 1 Interfaces LR1114A> configure terminal LR1114A/configure> router rip LR1114A/configure/router rip> interface ethernet0 LR1114A/configure/router rip/interface ethernet0> exit LR1114A/configure/router rip> interface wan1 LR1114A/configure/router rip> exit 15.1.2Displaying RIP Configuration Execute show ip rip global to display RIP configuration information Figure 30 show ip rip global Command >...
Page 94 Black Box LR11xx Series Router Configurations Guide Figure 31 show ip rip interface all Command > show ip rip interface all RIP is configured for interface <ethernet0> Mode: RIP 2 Metric: 5 Authentication: None Split Horizon: Poison Routers : None...
Page 95: Configuring
All Black Box systems support IP routing utilizing static routes. The following diagram shows a remote Black Box “A” connected over an MLPPP bundle to the main Black Box “B”. Black Box B in turn routes to the customer router.
Page 96: Configure The Router At Site "A
Black Box LR11xx Series Router Configurations Guide 16.1.1Configure the Router at Site “A” Blackbox> configure term Blackbox/configure> interface ethernet 0 Blackbox/configure/interface/ethernet> ip addr 198.1.1.1 255.255.255.0 Blackbox/configure/interface/ethernet> exit Blackbox/configure> interface bundle wan1 Blackbox/configure/interface/bundle> link t1 1-2 Blackbox/configure/interface/bundle> encap ppp Blackbox/configure/interface/bundle> ip addr 10.1.1.1 255.255.255.252 Blackbox/configure/interface/bundle>...
Page 97: Configuring Open
OUTING 17.1 OSPF Routing Protocol The following example shows a Black Box LR1114A connected to a router over a single T1 link. IP addresses 10.10.10.0, 20.20.20.0, and 30.30.30.0 are assigned to area 760. Figure 33 Configuring OSPF Between a Black Box LR1114A System and a Router 10.10.10.0/24...
Page 98: Configuring Ospf
---------- The metric shows a value of 2. By default, Black Box assigns a cost value of 1 to all interfaces. The cost can be changed by entering it under the appropriate interface in the OSPF command tree structure. For example: LR1114A/configure>...
Page 99: Configuring Generic Routing Encapsulation
18.2 Installing Licenses There are three licenses that control access to the features: Basic VPN Management ( vpn_mgmt )—allows users to manage a remote Black Box router. Firewall ( firewall )—allows users to manage the firewall features. Also includes Basic VPN Management.
Page 100: Gre Configuration Examples
Black Box LR11xx Series Router Configurations Guide Blackbox/configure> system licenses ? NAME licenses - Configure feature upgrade licenses SYNTAX licenses license_type <cr> DESCRIPTION license_type -- Specifies the type of feature upgrade license The parameter may have any of the following values:...
Page 101: Configuring Site To Site Tunnel
GRE Configuration Examples Figure 36 Fig 2 Simple GRE configuration 40.1.1.0 10.3.1.0 192.168.94.220 192.168.55.75 18.3.1Configuring Site to Site Tunnel To configure GRE in a site to site tunnel configuration: Step 1: Configure the interface. Blackbox> configure terminal Blackbox/configure> interface bundle wan1 Blackbox/configure/interface/bundle wan1>...
Page 102 Black Box LR11xx Series Router Configurations Guide NOTE The peer of a local WAN interface cannot be used as a tunnel destination. Step 4: Verify that the tunnel is up and running. (If it is not, check the fields.) Gateway Source Address Blackbox>...
Page 103: Configuring Gre Site To Site With Ipsec
Configuring GRE Site to Site with Step 5: Configure the Cisco side: cisco > config t cisco(config)#interface Ethernet2/0 cisco(config-if)#ip address 192.168.55.75255.255.255.0 cisco(config-if)#exit cisco(config)#interface Tunnel 0 cisco(config-if)#ip address 103.1.1.1 255.255.255.0 cisco(config-if)#tunnel source 192.168.55.75 cisco(config-if)#tunnel destination 192.168.94.220 cisco(config-if)#exit cisco(config)#ip route 0.0.0.0 0.0.0.0 192.168.55.254 cisco(config)#ip route 10.3.1.0 255.255.255.0 Tunnel0 18.4 Configuring GRE Site to Site with IPSec This example extends the first example by adding encryption to the tunnel.
Page 104: Configuring Gre Site To Site With Ipsec And Ospf
This example extends the previous IPSec configuration example by enabling Open Shortest Path First (OSPF) protocol which provides redundant paths for the tunnel. Step 1: To enable OSPF, add to the Black Box configuration above: Blackbox> configure terminal Blackbox/configure> router routerid 2.2.2.2 Blackbox/configure>...
Page 105: Relay
RAME ELAY 19.1 OSPF - Frame Relay The following example shows OSPF running between a Black Box LR1112A and a router over a serial T1 link with back-to-back Frame Relay. Figure 37 OSPF Over a Single T1 with Frame Relay 10 x T1 MLPPP 10.10.10.0/24...
Page 106: Configuring The Host Name
Black Box LR11xx Series Router Configurations Guide 19.1.1Configuring the host name LR1112A> configure terminal LR1112A/configure> hostname LR1112A 19.1.2Configuring interface ethernet 0 LR1112A/configure> interface ethernet 0 LR1112A/configure/interface/ethernet0> ip address 10.10.10.1 24 LR1112A/configure/interface/ethernet0> exit 19.1.3Configuring interface bundle Dallas LR1112A/configure> interface bundle Dallas LR1112A/configure/interface/bundle Dallas>...
Page 107: Routing
There are two modes of PIM protocol – Dense mode (DM) and Sparse mode (SM). Black Box supports SM only. PIM-DM floods multicast traffic throughout the network initially and then generates prune messages as required.
Page 108 Black Box LR11xx Series Router Configurations Guide Configure MRT Stale Blackbox/configure/ip/pim>mrt-stale-mult <number> Multiplier Configure MRT SPT Blackbox/configure/ip/pim>mrt-spt-multiplier <number> Multiplier Configure Probe Period Blackbox/configure/ip/pim>probe-period <time> Configure Registration Blackbox/configure/ip/pim>register-suppress-timeout suppression timeout <time> Configure DR to switch Blackbox/configure/ip/pim>dr-switch-immediate immediate Configure RP to switch Blackbox/configure/ip/pim>rp-switch-immediate...
Page 109 PIM Configuration Configure PIM interface Blackbox/configure/ip/pim/interface wan1>assert-holdtime assert holdtime <time> Configure PIM interface Blackbox/configure/ip/pim/interface wan1>hello-holdtime hello holdtime <time> Configure PIM interface Blackbox/configure/ip/pim/interface wan1>hello-interval hello interval <time> Configure PIM interface Blackbox/configure/ip/pim/interface Join/Prune Delay Timeout wan1>join-prune-timeout <time> Configure PIM interface Blackbox/configure/ip/pim/interface Join/Prune Interval wan1>join-prune-interval <time>...
Page 110: Pim Configuration Examples
Black Box LR11xx Series Router Configurations Guide 20.1.2PIM Configuration Examples This section shows examples of how the PIM commands are used. To access PIM mode, enter: Blackbox/configure/ip> pim Blackbox/configure/ip/pim> The following example enters the BSR mode. Blackbox/configure/ip/pim> cbsr Blackbox/configure/ip/pim/cbsr> The following command sets Ethernet1 as the BSR interface.
Page 111 PIM Configuration To configure the threshold-dr option such that the data from S addressed to G must exceed an average of 1500 KBytes per second before an SPT switch is initiated. If this router is a DR for the pair (S,G), then the same data must exceed an average of 1500 KBytes per second before an SPT switch is initiated.
Page 112 Black Box LR11xx Series Router Configurations Guide To display information for all interfaces, enter: Blackbox/configure> display ip pim interface all To see all IP PIM interface information for Ethernet1, enter: Blackbox/configure/ip/pim/interface ethernet1> display ip pim interface ethernet1 To display IP PIM statistics for ethernet1, enter: Blackbox/configure/ip/pim/interface ethernet1>...
Page 113 PIM Configuration Blackbox/configure> display ip pim timers PIM Timers: Hello Interval: 145 Hello Hold Time: 60 Hello Priority: 15 Join/Prune Interval: 300 Join/Prune Hold Time: 30 Assert Hold Time: 200 Probe Period: 15 Register Suppress Timeout: 90 MRT Interval: 15 MRT SPT Multiplier : 10 MRT Stale Multiplier: 5 Blackbox/configure>...
Page 114 Black Box LR11xx Series Router Configurations Guide...
Page 115: Mtrace Configuration
RPF. For these, mtrace relies on Black Box Networks’ implementation of the mtrace protocol is manageable through the CLI and can be executed from any command sub-tree of the Black Box CLI.
Page 116: Mtrace Example
Black Box LR11xx Series Router Configurations Guide Maximum hops is set to 32 and TTL is set to 127 in all mtrace packets as default. For mtrace to work: IGMP must be enabled in the router IGMP should be enabled on at least one interface.
Page 117: Configuring Quality Of Service Routing
The root class has no parent and is identified as root-out or root-in. There is no theoretical limit to the number of classes that can be created. The only limitation that can arise is due to available memory in the Black Box system.
Page 118: Definitions
Black Box LR11xx Series Router Configurations Guide 22.1.2Definitions Committed Rate Each traffic class can be assigned a CR parameter in Kbps. This is the amount of bandwidth that the class or flow is guaranteed at all times, even during congestion. The sum of the CRs for all classes in a given direction cannot exceed the access bandwidth of their parent class.
Page 119: Create Bundle Apptest
Configuring QoS Configuration for the example in Figure 38: 22.1.3.1 Create bundle AppTest LR1104A/configure> interface bundle AppTest LR1104A/configure/interface/bundle AppTest> link ct3 1 18-19 LR1104A/configure/interface/bundle AppTest> encap ppp LR1104A/configure/interface/bundle AppTest> ip addr 199.1.1.1 255.255.255.252 22.1.3.2 Create traffic classes LR1104A/configure/interface/bundle AppTest> qos LR1104A/configure/interface/bundle AppTest/qos>...
Page 120: Create Bundle Vlantest
Black Box LR11xx Series Router Configurations Guide Figure 39 Assigning VLAN Identifiers Interface Bundle VLANTest 4 x T1 Bandwidth = 6144 Kbps Traffic Classes JonesInc SmithInc Default VLAN ID = 24 VLAN ID = 25-29 VLAN ID = default CR = 3072 Kbps...
Page 121: Configuring Bulk Statistics
Configuring QoS 22.1.5.1 Configuring bulk statistics LR1104A/configure/.../qos> bulk_stats_ftp Primary FTP server: 10.1.3.1 Secondary FTP server: 10.1.18.1 FTP user name: bjones FTP password: xxxxxxxx LR1104A/configure/.../qos> bulk_statistics sample_interval 5 upload_interval 1 LR1104A/configure/.../qos> show qos bulkstats_config Figure 40 Screen Display for show qos bulkstats_config Command Bulk Statistics Configuration ----------------------------- status...
Page 122 Black Box LR11xx Series Router Configurations Guide...
Page 123: Virtual Lan Tagging
The illustration above shows two customers connected to an aggregation/IP services router using a Black Box LR1104A. All packets coming into the Black Box LR1104A on the single T1 bundle are tagged with VLAN ID 5. All packets coming across the 4 T1 bundle from DC are tagged with a VLAN tag of 10.
Page 124: Reston Configuration: Black Box Lr1104A
Black Box LR11xx Series Router Configurations Guide In this example application, the POP router is configured with the following three sub-interfaces: 205.1.1.1 205.1.1.5 10.1.1.5 23.1.1 Reston configuration: Black Box LR1104A LR1104A/configure> hostname reston reston/configure> no ftp_server reston/configure> no autoconf 23.1.1.1 Configure interface bundle balt1 reston/configure>...
Page 125: Configure Ip Routing
205.1.1.0 255.255.255.0 ethernet0 1 reston/configure/ip> route 0.0.0.0 0.0.0.0 10.1.1.5 1 reston/configure/ip> exit # The above route summarizes the customer access subnets. 23.1.2 DC configuration: Black Box LR1114A Blackbox> configure terminal Blackbox/configure> hostname dc1 dc1/configure> 23.1.2.1 Configure interface ethernet 0 dc1/configure>...
Page 126 Black Box LR11xx Series Router Configurations Guide...
Page 127: Managing Redundant Connections
For this configuration, a third IP address is utilized for the failover path. The Black Box LR1114A is configured for failover on E0. When E0 loses link conectivity, it will failover to E1 and continue to pass traffic. When E0 recovers, traffic will be switched back.
Page 128: Configure The Black Box Lr1114A For Failover Operation
Black Box LR11xx Series Router Configurations Guide The Black Box LR1114A is connected to a router via a bundle “WAN” (T1 PPP bundle) in IPMux mode. To manage the Black Box LR1114A from the switch during normal mode, ping, telnet, or snmp to the Ethernet 0 IP address;...
Page 129: Wan Interface Configurations
25.1.2 Bundle Configuration Configuration of an interface bundle is required for use of any of the Black Box system WAN interfaces. Multiple physical interfaces may be linked to a single interface bundle; multi-link protocols, including MLPPP and Multilink Frame Relay, make use of NxT1 interfaces to create single logical interfaces.
Page 130 Black Box LR11xx Series Router Configurations Guide Configure a Fractional T1 HDLC Bundle Blackbox/configure> interface bundle demo1 Blackbox/configure/interface/bundle> link t1 3:1-3,8-10 Blackbox/configure/interface/bundle> encap hdlc Blackbox/configure/interface/bundle> ip addr 10.1.1.1 255.255.255.252 Blackbox/configure/interface/bundle> exit 27.1.3 T1 The following example creates a 1536 Kbps T1 bundle utilizing T1 number 4. This bundle uses IP unnumbered.
Page 131: Virtual Lan Forwarding
The management VLAN feature provides in-band communication with the Black Box systems as well as the Ethernet switches while remaining separate from customer traffic. The Black Box systems will examine the destination IP address of any packets received on the management VLAN. If the destination is the Black Box, the address of the...
Page 132 VLAN. When the Black Box system generates traffic on to the management VLAN, an ARP request is generated in the direction of the VLAN’s default route. If no default is configured, the ARP request will be generated in all possible directions, and the interface receiving the response will be cached with the reply.
Page 133: Pop Configuration: Black Box Lr1104A
Managing VLAN Traffic 26.1.1POP configuration: Black Box LR1104A LR1104A/configure> hostname POP-LR1104A POP-LR1104A/configure> no ftp_server POP-LR1104A/configure> no autoconf 26.1.1.1 Configure mlppp bundle interface POP-LR1104A/configure> interface bundle bldg1 POP-LR1104A/configure/interface/bundle bldg1> link ct3 1 1-4 POP-LR1104A/configure/interface/bundle bldg1> encapsulation ppp POP-LR1104A/configure/interface/bundle bldg1> ip unnumbered ethernet0 POP-LR1104A/configure/interface/bundle bldg1>...
Page 134: Configure Interface Bundle Uplink
Black Box LR11xx Series Router Configurations Guide 26.1.2.1 Configure interface bundle uplink bldg1-LR1114A/configure> interface bundle uplink bldg1-LR1114A/configure/interface/bundle uplink> link t1 1-4 bldg1-LR1114A/configure/interface/bundle uplink> encapsulation ppp bldg1-LR1114A/configure/interface/bundle uplink> ip unnumbered ethernet0 bldg1-LR1114A/configure/interface/bundle uplink> exit 26.1.2.2 Configure inband VLAN forwarding table bldg1-LR1114A/configure/interface> vlanfwd bldg1-LR1114A/configure/interface/vlanfwd>...
Page 135: Mutlilink Frame Relay
A customer desiring to implement DTE-to-DTE MFR can use the architecture illustrated in Figure 1. The normal ordering process can be used to obtain the fame relay T1s. From the perspective of the CPE, the Black Box LR1114As combine those different frame relay PVCs into a consolidated, larger pipe.
Page 136: Configure Ethernet Interface
The above configuration does not include statements for policing and traffic shaping, so all PVCs are given the full CIR for the interface. Once the AVC is configured, the Black Box systems can be configured for transparent IP multiplexing or for static routing. These details are omitted.
Page 137: Configuring Frame
ONFIGURING RAME ELAY AND ULTILINK RAME ELAY 28.1 Layer Two Configurations FR and MFR Figure 45 outlines a Multilink Frame Relay (MFR) configuration with three sites. PVC 16 connects Site 1 to Site 3, while PVC 31 connects Site 2 to Site 3. The Frame Relay switching equipment is represented simply as a Frame cloud. Figure 45 MFT Configuration LR1114A SITE 1...
Page 138: Fr Configuration
Black Box LR11xx Series Router Configurations Guide Figure 46 MFR Configuration Detail LR1114A SITE 1 Tasman 1450 HSSI PVC 16 Router 4 x T1 Tasman 7030 Router PVC 16 PVC 16 PVC 31 100 Base-T Frame Router SITE 3 Switch...
Page 139: Configure The Clear Channel Bundle On The Lr1104A
28.1.2 MFR Configuration The 4 x T1 MFR bundle between the LR1104A and the Black Box connects two Frame Relay switches, therefore it represents an NNI interface. The sample configuration defines the 4 x T1 bundle to be of Class C; that is, a minimum of 2 T1 links are required to be up in order to keep the bundle up.
Page 140: Configure The Lr1104A Lr1114A At Site 2
Black Box LR11xx Series Router Configurations Guide A LR1104A LR1114A at Site 2 serves as the Frame Relay termination point, connecting the Site 2 IP network to the LR1104A. This MFR bundle utilizes 2 T1 links for an approximate 3 Mbps bandwidth. Since it is the Frame Relay terminating point and is defined as a DTE frame relay interface, an IP address is assigned to the WAN bundle.
Page 141 © Copyright 2004. Black Box Corporation. All rights reserved. 1 0 0 0 P a r k D r i v e • L a w r e n c e , P A 1 5 0 5 5 - 1 0 1 8 • 7 2 4 - 7 4 6 - 5 5 0 0 • F a x 7 2 4 - 7 4 6 - 0 7 4 6...

This manual is also suitable for:

Lr1104a-t1/e1 Lr1112a-t1/e1 Lr1114a-t1/e1

Black Box LR1102A-T1/E1 User Manual

Dhcp Relay

Configuring Internet Group Management Protocol

Filtering Ip Traffic

Onfiguring Ecurity

Ips Ec Specifications

Orwarding Ip Traffic

Ip Multiplexing Hdlc Configurations

Ip Mppp Mlpppc

Configuring Ppp, Mlppp, and Hdlc

Configuring Firewalls

Multipath Multicast Configurations

Configuring Nat

Nat Configuration Xamples

Remote Access Vpns

Networking with Routing Information Protocol

Configuring

Configuring Open

Configuring Generic Routing Encapsulation

Configuringospfandframerelay

Configuring Protocol

Mtrace Configuration

Configuring Quality of Service Routing

Virtual Lan Tagging

Managing Redundant Connections

Wan Interface Configurations

Virtual Lan Forwarding

Mutlilink Frame Relay

Configuring Frame

Quick Links

Related Manuals for Black Box LR1102A-T1/E1

Summary of Contents for Black Box LR1102A-T1/E1

This manual is also suitable for:

Table of Contents