Summary Table of Contents System overview .............................24 Configuration concepts ..........................29 Command line interface (CLI) ........................33 Accessing the CLI ............................38 Establishing basic IP connectivity ........................50 System image handling...........................57 Configuration file handling..........................71 Basic system management ..........................87 RADIUS Client Configuration........................99 IP context overview ............................110 IP interface configuration ..........................117...
Table of Contents Summary Table of Contents ..........................3 Table of Contents ............................4 List of Figures ..............................16 List of Tables ..............................17 About this guide ............................18 Audience................................18 How to read this guide ............................18 Structure................................18 Precautions ................................20 Typographical conventions used in this document....................
Page 5
IPLink Software Configuration Guide Table of Contents Command modes ..............................34 CLI prompt ..............................34 Navigating the CLI ............................35 Initial mode ..............................35 System changes ............................35 Configuration ............................35 Changing Modes ............................35 Command editing ..............................35 Command help ...............................35 The No form ..............................35 Command defaults—returning parameters to default values ................36 Command completion ............................36...
Page 6
IPLink Software Configuration Guide Table of Contents Activating a physical port ..........................52 Displaying IP interface information ........................53 Deleting IP interfaces ............................54 Examples ................................55 Setting up an IP interface on an Ethernet port ....................55 System image handling...........................57 Introduction................................58 Memory regions in IPLink software........................58 System image handling task list ..........................60...
Page 7
IPLink Software Configuration Guide Table of Contents Display clock information ..........................92 Display time since last restart ..........................93 Configuring and starting the Web server ......................93 Determining and defining the active CLI version ....................93 Restarting the system ............................94 Displaying the system logs ..........................95 Controlling command execution ........................95...
Page 8
IPLink Software Configuration Guide Table of Contents ICMP redirect messages ..........................121 Router advertisement broadcast message .......................121 Defining the MTU and MSS of the interface ....................122 Configuring an interface as a point-to-point link ..................123 Displaying IP interface information ......................123 Displaying dynamic ARP entries ........................124 Flushing dynamic ARP entries ........................124...
Page 9
IPLink Software Configuration Guide Table of Contents Link scheduler configuration ........................148 Introduction................................149 Applying scheduling at the bottleneck ......................149 Using traffic classes ............................149 Introduction to Scheduling ...........................150 Priority ..............................150 Weighted fair queuing (WFQ) ........................150 Shaping ..............................150 Burst tolerant shaping or wfq ........................151 Hierarchy ..............................151...
Page 10
IPLink Software Configuration Guide Table of Contents Configuring the LMI type ..........................173 Configuring the keep-alive interval .......................174 Enabling fragmentation ..........................174 Entering Frame Relay PVC configuration mode ...................176 Configuring the PVC encapsulation type ......................177 Binding the Frame Relay PVC to IP interface ....................177 Enabling a Frame Relay PVC ........................179...
Page 11
IPLink Software Configuration Guide Table of Contents Deleting static IP routes ..........................197 Displaying IP route information ........................198 Examples ................................199 Basic static IP routing example ........................199 Changing the default UDP port range for RTP and RTCP .................200 RIP configuration ............................201 Introduction................................202 Routing protocol ..............................202 RIP configuration task list...
Page 12
IPLink Software Configuration Guide Table of Contents Simple Network Management Protocol (SNMP) ....................226 SNMP basic components ..........................226 SNMP basic commands ..........................226 SNMP management information base (MIB) ....................227 Network management framework .........................227 Identification of the IPLink devices via SNMP....................228 SNMP tools.................................228 SNMP configuration task list ..........................228 Setting basic system information...
Page 13
IPLink Software Configuration Guide Table of Contents Configure DHCP-server profiles ........................256 Use DHCP-server profiles and enable the DHCP-server ................258 Check DHCP-server configuration and status ....................259 Get debug output from the DHCP-server .....................259 configuration............................261 Introduction................................262 DNS configuration task list ..........................262 Enabling the DNS resolver ...........................262 Enabling the DNS relay ..........................263...
Page 14
IPLink Software Configuration Guide Table of Contents Transport and tunnel modes .........................289 Key management ............................289 VPN configuration task list ..........................289 Creating an IPsec transformation profile .......................289 Creating an IPsec policy profile ........................290 Creating/modifying an outgoing ACL profile for IPsec .................292 Configuration of an IP interface and the IP router for IPsec .................293 Displaying IPsec configuration information...
About this guide The objective of this IPLink software Command Configuration Guide is to provide information concerning the syntax and usage of the command set. For hardware configuration information, refer to the getting started guide that came with your IPLink systems . This section describes the following: •...
IPLink Software Configuration Guide About this guide • Chapter 3, "Command line interface (CLI)" on page 33 gives an overview of the CLI and the basic features that allow you to navigate the CLI and edit commands effectively. • Chapter 4, "Accessing the CLI"...
IPLink Software Configuration Guide About this guide • Chapter 21, "SNTP client configuration" on page 240 describes how to configure a simple network time pro- tocol (SNTP) client. • Chapter 22, "DHCP configuration" on page 251 provides an overview of the dynamic host configuration control protocol (DHCP) and describes the tasks involved in its configuration.
IPLink Software Configuration Guide About this guide Typographical conventions used in this document This section describes the typographical conventions and terms used in this guide. General conventions In this guide we use certain typographical conventions to distinguish elements of commands and examples. In general, the conventions we use conform to those found in IEEE POSIX publications.
IPLink Software Configuration Guide About this guide Mouse conventions The following conventions are used when describing mouse actions: Table 2. Mouse conventions Convention Meaning Left mouse button This button refers to the primary or leftmost mouse button (unless you have changed the default configuration).
IPLink Software Configuration Guide About this guide Warranty Service and Returned Merchandise Authorizations (RMAs) Patton Electronics is an ISO-9001 certified manufacturer and our products are carefully tested before ship- ment. All of our products are backed by a comprehensive warranty program. Note If you purchased your equipment from a Patton Electronics reseller, ask your reseller how you should proceed with warranty service.
IPLink Software Configuration Guide 1 • System overview Introduction This chapter provides an overview of the main elements of an IPLink system and includes the following sections: • IPLink hardware platforms (see page • IPLink software embedded software (see page A complete IPLink system or network is typically composed of the following main elements plus a third-party network infrastructure (see figure...
IPLink Software Configuration Guide 1 • System overview IPLink hardware platforms The IPLink series of devices covers a performance range varying from that suitable for small office/home office (SOHO) applications to enterprise and carrier sites. Table 3 lists the IPLink models.
IPLink Software Configuration Guide 1 • System overview An IPLink software build is a binary image file. It is usually divided into several checksum-protected files to improve download efficiency and security. The download to the IPLink is handled in sequence by using a download batchfile.
Page 28
IPLink Software Configuration Guide 1 • System overview • The SNMP agent and MIB, with an emphasis on inventory and alarm management for integration in a third-party Network Management System (NMS) With the aid of configuration files and TFTP up and downloads, the IPLink devices can also be managed offline using standard text editors and file systems.
Page 29
Chapter 2 Configuration concepts Chapter contents Introduction................................30 Contexts and Gateways ............................31 Context ................................31 Interfaces, Ports, and Bindings ..........................31 Interfaces ................................31 Ports and circuits ............................31 Bindings .................................32 Profiles and Use commands...........................32 Profiles ................................32 Use Commands ..............................32...
IPLink Software Configuration Guide 2 • Configuration concepts Introduction This chapter introduces basic IPLink software configuration concepts. A good understanding of these concepts is vital for the configuration tasks explained in the remaining chapters of this guide. Patton strongly recommends that you read through this chapter because it introduces the fundamental ideas behind the structure of the command line interface.
IPLink Software Configuration Guide 2 • Configuration concepts Contexts and Gateways Context An IPLink software context represents one specific networking technology or protocol, namely IP (Internet Protocol). A context can be seen as virtual dedicated equipment within the IPLink. For example: •...
IPLink Software Configuration Guide 2 • Configuration concepts Examples of IPLink ports are: 10Base-T Ethernet, Serial T1/E1, V.35, and X.21. Ports are numbered according to the IPLink port numbering scheme. The port name corresponds to the label (or abbreviation) printed on the hardware.
IPLink Software Configuration Guide 3 • Command line interface (CLI) Introduction The primary user interface to IPLink software is the command line interface (CLI). You can access the CLI via the IPLink console port or through a Telnet session. The CLI lets you configure the complete IPLink software functionality, as opposed to the SNMP and HTTP management interfaces that offer a more limited subset of the functions.
IPLink Software Configuration Guide 3 • Command line interface (CLI) Navigating the CLI Initial mode When you initiate a session, you can log in with operator or administrator privileges. Whichever login you use, the CLI is always set to operator exec (non-privileged exec) mode by default upon startup. This mode allows you to examine the state of the system using a subset of the available CLI commands.
IPLink Software Configuration Guide 3 • Command line interface (CLI) Command defaults—returning parameters to default values The parameters of certain commands are set to their default value simply by omitting the parameter. For example: • sntp-client local-port 220—Sets the UDP port used by the SNTP client to 220 •...
Page 37
IPLink Software Configuration Guide 3 • Command line interface (CLI) Table 4. Command edit shortcuts (Continued) Keyboard Description <Esc>-<f> Move cursor forward one word. <Esc>-<b> Move cursor backward one word. <Ctrl>-<a> Move cursor to beginning of line. <Ctrl>-<e> Move cursor to end of line. <Ctrl>-<k>...
Chapter 4 Accessing the CLI Chapter contents Introduction................................39 Accessing the IPLink software CLI task list......................39 Accessing via the console port .........................40 Console port procedure ..........................40 Accessing via a Telnet session ..........................41 Telnet Procedure ............................41 Using an alternate TCP listening port for the Telnet server ................42 Disabling the Telnet server ..........................42...
IPLink Software Configuration Guide 4 • Accessing the CLI Introduction IPLink products are designed for remote management and volume deployment. The management and config- uration of IPLink devices is therefore based on IP network connectivity. Once an IPLink is connected to, and addressable in, an IP network, you can remotely perform all configuration, management, and maintenance tasks.
IPLink Software Configuration Guide 4 • Accessing the CLI Accessing via the console port To access an IPLink via its console port, the host computer must be connected directly to the console port (labeled CONSOLE) with a serial cable (see figure 5).
IPLink Software Configuration Guide 4 • Accessing the CLI Accessing via a Telnet session This is the most commonly used method for connecting to an IPLink. The Telnet host accesses the IPLink via its network interface. A host can be connected directly to the ETH 1 port (LAN) with a crossover cable (see figure 6, part A) or through an Ethernet hub with two straight cables (see figure...
IPLink Software Configuration Guide 4 • Accessing the CLI 3. Power on your IPLink and wait until the Run LED lights. 4. Set your PC is set to DHCP. 5. Open a Telnet session to the ETH 1 (LAN) port with the IP address 192.168.1.1 of your IPLink. 6.
IPLink Software Configuration Guide 4 • Accessing the CLI Upon logging in you are in operator execution mode, indicated by the “>” as command line prompt. Now you can enter system commands. Note Details on screen in figure 7, such as the IP address in the system prompt and window header bar, may be different on your IPLink device.
IPLink Software Configuration Guide 4 • Accessing the CLI Configure operators and administrators To secure the system, as well as to enable remote access to the system, you must create operator and administra- tor login accounts. These accounts are valid system-wide. Operators and administrators can log in to the IPLink software via the console or through Telnet.
IPLink Software Configuration Guide 4 • Accessing the CLI Step Command Purpose node(cfg)# operator name password password Creates a new operator account name and password password copy running-config startup-config Saves the change made to the running config- uration of the IPLink, so that it will be used fol- lowing a reload Example: Create an operator account The following example shows how to add a new operator account with a login name support and a matching...
IPLink Software Configuration Guide 4 • Accessing the CLI Mode: Operator execution Step Command Purpose node>show version cli Displays the CLI version Example: Displaying the CLI version The following example shows how to display the version of the current running IPLink software CLI on your device, if you start from the operator execution mode.
IPLink Software Configuration Guide 4 • Accessing the CLI login: support password: <password> IPLink>who You are operator support IPLink>su super Enter password: <password> IPLink>who You are administrator super Checking identity and connected users command displays who is logged in or gives more detailed information about users and process states.
Page 48
IPLink Software Configuration Guide 4 • Accessing the CLI profile provisioning testpro location 1 tftp://10.10.1.2/test1.cfg location 2 tftp://10.10.1.2/test2.cfg location 3 tftp://10.10.1.2/test3.cfg The following command has index numbers: • location These commands always have index numbers in the running-config. However, entering the index is optional. If you enter such a command with an index, it is inserted into list at the position defined by the index.
IPLink Software Configuration Guide 4 • Accessing the CLI Ending a Telnet or console port session Use the command in the operator or administration execution mode to end a Telnet or console port ses- logout sion. To confirm the command, you must enter yes on the dialog line as shown in the example below. logout Mode: Operator execution Step...
Chapter 5 Establishing basic IP connectivity Chapter contents Introduction................................51 IP context selection and basic interface configuration tasks..................51 Entering the IP context, creating IP interfaces and assigning an IP address .............51 Defining IP Ethernet encapsulation and binding an IP interface to a physical port .........52 Activating a physical port ..........................52...
IPLink Software Configuration Guide 5 • Establishing basic IP connectivity Introduction This chapter explains how to establish network-based connections to and from your IPLink using IP interfaces and Ethernet ports. You can configure basic IP connectivity in the context IP and the subsidiary interface com- mand modes.
IPLink Software Configuration Guide 5 • Establishing basic IP connectivity Example: Enter IP context, create IP interfaces, and set IP address and netmask The procedure below assumes that you want to create an IP interface named lan, with an IP address of 192.168.1.3 and a net mask of 255.255.255.0.
IPLink Software Configuration Guide 5 • Establishing basic IP connectivity Using the command slot port lists the actual status for the selected physical port. The fol- show port ethernet lowing listing shows the port Ethernet information for port 0 on slot 0, which is in the shutdown state as indi- cated by the current state CLOSED.
IPLink Software Configuration Guide 5 • Establishing basic IP connectivity Example: List existing IP interfaces You can display IP interface information by using the show ip interface command in configuration mode. In the following example, only the information available for IP interface lan is displayed. Depending on the num- ber of defined IP interfaces, the output of the show ip interface command can be longer.
IPLink Software Configuration Guide 5 • Establishing basic IP connectivity 2. Delete the interfaces named external with the command, with the interface name no interface as argument: IPLink(ctx-ip)[router]#no interface external 3. List the interfaces again to check if the IP interface external has been deleted: IPLink(ctx-ip)[router]#interface <?>...
Page 56
IPLink Software Configuration Guide 5 • Establishing basic IP connectivity IPLink(prt-eth)[0/0]#encapsulation ip 4. Bind the interface lan you just defined to the Ethernet port, and then activate the port. IPLink(prt-eth)[0/0]#bind interface lan router IPLink(prt-eth)[0/0]#no shutdown 5. Store the configuration s 6.
Chapter 6 System image handling Chapter contents Introduction................................58 Memory regions in IPLink software........................58 System image handling task list ..........................60 Displaying system image information ......................60 Copying system images from a network server to Flash memory ..............61 Copying driver software from a network server to Flash memory ..............62 Auto provisioning of firmware and configuration ....................63...
IPLink Software Configuration Guide 6 • System image handling Introduction This chapter describes how to load, maintain, and update the various software images in the IPLink. The IPLink software system software consists of the application image and the driver images. The images are stored in persistent (non-volatile) memory.
Page 59
IPLink Software Configuration Guide 6 • System image handling the IPLink. The command syntax in IPLink software requires you to prefix the file path on the TFTP server with tftp: followed by the absolute file path. You need to start from the root directory of the TFTP server. The three physical regions of memory are the remote tftp server’s memory, the Volatile memories, and the Per- sistent memory in the IPLink.
IPLink Software Configuration Guide 6 • System image handling Note When returning to the factory-config by using the copy factory-config star- command, all user-specific configurations saved in nvram: tup-config remain even after reload. Storing the current Running Configuration remotely Memory Regions in Embedded Software Storing the current Configuration locally Configuration File Upload...
IPLink Software Configuration Guide 6 • System image handling Mode: Administrator execution Step Command Purpose show version Lists the system software release version, information about optional interface cards mounted in slots and other information that is the currently running system software.
IPLink Software Configuration Guide 6 • System image handling Comment lines must have a hash character # in column one and can appear anywhere in the script file. Com- ment lines contain information for administrators or operators who maintain or use the script file. The following example shows a script file used to download a system image and command line syntax defini- tion file from a TFTP server.
IPLink Software Configuration Guide 6 • System image handling Downloading a driver software image file means storing it permanently at a defined location within the flash memory on the motherboard or in the non-volatile memory of an optional interface card. To download the driver software image file, you must use a special download script file.
Page 64
IPLink Software Configuration Guide 6 • System image handling The unit downloads a specific file from a TFTP server. If this file has changed since the last download, it is stored and executed. If the file on the server did not change since the last download, no action is taken. If the units are configured to do auto provisioning, a network operator can only update the firmware files on the TFTP server, which automatically distributes it to all units.
IPLink Software Configuration Guide 6 • System image handling Step Command Purpose [name] (pf-prov)[CONFIG]#location 2 Specifies alternate locations of the file. If tftp://172.16.1.33/configs/$(system.mac).cfg the first could not be contacted, the sec- ond is tried, and so on. [name] (pf-prov)[CONFIG]#activation reload Specifies how the new configuration graceful should be activated.
IPLink Software Configuration Guide 6 • System image handling in nonvolatile memory to the logical region running-config in the volatile memory. The IPLink software now uses the running-config to set up the operating configuration of the IPLink. Figure 10 illustrates the boot procedure.
Recall that the bootloader ensures that basic operations, network access, and downloads are possible in case of interrupted or corrupted application image downloads. The IPLink Series comes with the RedBoot Bootloader. It offers new features such as console access to the Bootloader and the capability for downloading application images (e.g.
IPLink Software Configuration Guide 6 • System image handling Start-up with factory configuration Step Command Purpose RedBoot> fis load Copies the IPLink software application image from the persistent memory (flash:) to the volatile mem- ory (RAM) from where it will be executed. RedBoot>...
Page 69
IPLink Software Configuration Guide 6 • System image handling Step Command Purpose RedBoot> go Starts the application image that was down- loaded into the volatile memory (RAM). Note With the Bootloader, only the Ethernet interface 0/0 is available. The Boot- loader applies the IP address, subnet mask, and default gateway that were last configured by the Bootloader itself or by another application (e.g.
IPLink Software Configuration Guide 6 • System image handling Load a new application image (IPLink software) via the serial link The Bootloader supports the ‘X-Modem’ and ‘Y-Modem’ protocols to download application images via the serial link of the console. Do the following to initiate the download: Step Command Purpose...
Chapter 7 Configuration file handling Chapter contents Introduction................................72 Understanding configuration files ........................72 Factory configuration ............................74 Configuration file handling task list........................74 Copying configurations within the local memory ....................75 Replacing the startup configuration with a configuration from Flash memory ..........76 Copying configurations to and from a remote storage location ...............78 Replacing the startup configuration with a configuration downloaded from TFTP server .......79...
IPLink Software Configuration Guide 7 • Configuration file handling Introduction This chapter describes how to upload and download configuration files from and to an IPLink device. A con- figuration file is a batch file of IPLink software commands used in the software modules that perform specific functions of the IPLink.
IPLink Software Configuration Guide 7 • Configuration file handling Figure 11, shows the characteristics of a configuration file. It is stored on a TFTP server in the file IP2805_001.cfg for later download to the IPLink. The command syntax used to enter commands with the CLI and add commands in configuration files is identical.
IPLink Software Configuration Guide 7 • Configuration file handling Each configuration file stored in the flash memory needs a unique name. The user has to assign a file name to any user-specific configuration. IPLink software predefines some names for configuration files. These are the factory configuration (factory-config), startup configuration (startup-config), and running configuration (run- ning-config) file names.
IPLink Software Configuration Guide 7 • Configuration file handling • Downloading encrypted files (see page Copying configurations within the local memory Configuration files may be copied into the local memory in order to switch between different configurations. Remember the different local memory regions in IPLink software as shown in figure Store the current Running Local Memory Regions...
IPLink Software Configuration Guide 7 • Configuration file handling cess. There are three predefined configuration file names for which it is optional to specify the memory region, namely factory-config, startup-config and running-config. Mode: Administrator execution Step Command Purpose node#copy {factory-config | startup- Copies the selected source configuration file config | running-config | nvram: source- source-name as target configuration file target-...
Page 77
IPLink Software Configuration Guide 7 • Configuration file handling Example: Replacing the startup configuration with a configuration from Flash memory The following example shows how to replace the persistent startup configuration in the flash memory of an IPLink by overwriting it with the configuration in the file new-startup stored in flash memory. 1.
IPLink Software Configuration Guide 7 • Configuration file handling Copying configurations to and from a remote storage location Configuration files can be copied from local memory (persistent or volatile region) to a remote data store. Remember the different store locations; they are the local memory in your IPLink and the remote data store on a server system (see figure 13).
IPLink Software Configuration Guide 7 • Configuration file handling TFTP server, where it can be distributed to other IPLink devices. These devices therefore get clones of the starting system if the configuration does not need any modifications. Replacing the startup configuration with a configuration downloaded from TFTP server From within the administration execution mode, you can replace the startup-configuration by downloading a configuration from the TFTP server into the flash memory area where to store the startup configuration.
IPLink Software Configuration Guide 7 • Configuration file handling When you log in to an IPLink by using the CLI, all commands you enter directly modify the running configu- ration located in the volatile memory region system: (or RAM) of your IPLink. Because it is located in volatile memory, to be made permanent, your modifications must be copied to the persistent (non-volatile) memory.
Page 82
IPLink Software Configuration Guide 7 • Configuration file handling Note Consider that a customized configuration file will not modify any function of IPLink software until it has been copied to persistent memory as the new con- figuration file startup-config. Mode: Administrator execution Step Command Purpose...
IPLink Software Configuration Guide 7 • Configuration file handling The system is going down Deleting a specified configuration This procedure describes how to delete configuration files from the IPLink flash memory region nvram:. Mode: Administrator execution Step Command Purpose node#show nvram: Lists the loaded configurations node#erase name Deletes the configuration name from the flash memory.
IPLink Software Configuration Guide 7 • Configuration file handling Pre-requisites: Only authorized users have configuration access to the IPLink. The configurations can be stored in plain form on the IPLink. SNMP Write Access shall be restricted by means of communities and ACLs to prevent unauthorized SNMP initiated configuration downloads.
Page 85
IPLink Software Configuration Guide 7 • Configuration file handling The key file shall contain a key string of at most 24 characters on a single line. Spaces, tabs and LF/CR charac- ters are trimmed. The key must not contain LF/CR or the null character and must not start or end with a space or tab.
Page 86
IPLink Software Configuration Guide 7 • Configuration file handling The downloaded key also defines how the passwords are encrypted in your configuration files. After you downloaded a key file you have to regenerate the startup-config from the IMPORTANT running-config by executing the command. copy running-config startup-config If you don’t do this, the device will fail executing the commands that have encrypted password arguments, e.g., ‘administrator’,...
Chapter 8 Basic system management Chapter contents Introduction................................88 Basic system management configuration task list ....................88 Managing feature license keys .........................89 Setting system information ..........................90 Setting the system banner ..........................91 Setting time and date ............................92 Display clock information ..........................92 Display time since last restart ..........................93 Configuring and starting the Web server ......................93...
IPLink Software Configuration Guide 8 • Basic system management Introduction This chapter describes parameters that report basic system information to the operator or administrator, and their configuration. The following are basic IPLink software parameters that must be established when setting up a new system: •...
IPLink Software Configuration Guide 8 • Basic system management Managing feature license keys Several features of the firmware require a system specific license key to be installed to enable the feature. You will receive a file containing license keys for all of your purchased features from your equipment vendor. This section describes how to install the feature license keys on your equipment.
IPLink Software Configuration Guide 8 • Basic system management The following example shows the command used to display all installed licenses on a system and a sample of its output. IPLink(cfg)#show licenses VPN [vpn] License serial number: 14343534 Status: Active IPLink(cfg)# Setting system information The system information includes the following parameters:...
IPLink Software Configuration Guide 8 • Basic system management Mode: Configure Step Command Purpose node(cfg)#system contact information Sets the contact information to information node(cfg)#system hostname information Sets the hostname to information node(cfg)#system location information Sets the location information to information node(cfg)#system provider information Sets the provider information to information node(cfg)#system subscriber information...
IPLink Software Configuration Guide 8 • Basic system management Example: Setting the system banner The following example shows how to set a message for the system banner for your device, if you start from the configuration mode. IPLink(cfg)#banner "#\n# Patton Electronics Co.\n#\n# The password of all operators has changed\n# please contact the administrator\n#"...
IPLink Software Configuration Guide 8 • Basic system management Display time since last restart This procedure describes how to display the time since last restart Mode: Operator execution Step Command Purpose node>show uptime Display the time since last restart. Example: The following example shows how to display the uptime of your device, if you start from the configuration mode.
IPLink Software Configuration Guide 8 • Basic system management Mode: Configure Step Command Purpose node(cfg)#show version cli Displays the currently running CLI version node(cfg)#cli version version.revision Selects the active CLI version in the form version.revi- sion Example: Defining the desired CLI version The following example shows how to determine the running CLI version and define CLI version 2.10 for your device, if you start from the configuration mode.
IPLink Software Configuration Guide 8 • Basic system management Displaying the system logs The system logs contain warnings and information from the system components of IPLink software. In case of problems it is often useful to check the event or the supervisor logs for information about malfunctioning sys- tem components.
Page 96
IPLink Software Configuration Guide 8 • Basic system management Step Command Purpose Execute the second command node#jobs Shows the currently running commands node#fg jobid Brings job with jobid back to foreground node#<Ctrl-C> Terminates the currently running command Example: Controlling Command Execution The following example shows how to suspend an active command, list the running commands, switch back a suspended command and terminate a currently active command on your device, if you start from the configu- ration mode.
IPLink Software Configuration Guide 8 • Basic system management Timed execution of CLI command The command allows the timed execution of CLI commands. The command is incremental; this timer timer means for each time it is entered, a new timer is created. All timers appear in the running-configuration, except if they have been created with the volatile option.
Page 98
IPLink Software Configuration Guide 8 • Basic system management Step Command Purpose [name] (sys)#[no] terminal idle-time- After 30 minutes without user input, a terminal session logout is automatically closed. If longer session periods are required (logging/debugging) this command allows to increase the session timeout, or to disable it com- pletely.
IPLink Software Configuration Guide 9 • RADIUS Client Configuration Introduction This chapter provides an overview of the authentication, authorization, and accounting (AAA) component in IPLink software and describes how to configure the RADIUS client, a subpart of the AAA component. It is important to understand how AAA works before configuring the RADIUS client.
IPLink Software Configuration Guide 9 • RADIUS Client Configuration Figure 15 illustrates the authentication procedure for a user logging into an IPLink that is configured to use RADIUS as authentication method. AAA Server (RADIUS) 3. Authentication accepted 4. Access granted 2.
Page 102
IPLink Software Configuration Guide 9 • RADIUS Client Configuration 3. Query the local database (see “Configuring the local database accounts” on page 108 for information on how to configure the local database) If, e.g. radius_deepblue is not available, radius_extern will be queried after a timeout. But if radius_deepblue gives an answer that rejects the login request, the remaining methods are not used and the login is denied.
IPLink Software Configuration Guide 9 • RADIUS Client Configuration Transactions between the RADIUS client and server are authenticated through the use of a shared secret, which is never sent over the network—the same secret must thus be known to the server and the client by configuration. Using this secret as an encryption key, user passwords are sent encrypted between the client and RADIUS server.
IPLink Software Configuration Guide 9 • RADIUS Client Configuration IPLink(cfg)# Configuring RADIUS accounting The RADIUS accounting functionality can be added to a call-router configuration by inserting an AAA call- control service between two call-router elements. Any call that is then routed through the AAA service will cause call detail records (CDRs) to be sent to the radius server.
Page 106
IPLink Software Configuration Guide 9 • RADIUS Client Configuration The following procedure guides you through the steps necessary to enable RADIUS accounting in an existing configuration: Mode: Configure Step Command Purpose node(cfg)# radius-client Create a new RADIUS client <client-name> node(radius)[client-name]# Define the RADIUS server to be used.
IPLink Software Configuration Guide 9 • RADIUS Client Configuration Step Command Purpose node(svc-aaa)[svc-name]# Define, if accounting shall be started at call-setup or call-con- (Optional) accounting-start-trigger nect time. The default is at call-connect time. [setup | connect] Note If setup is specified, an interim update will be sent at call-connect time.
IPLink Software Configuration Guide 9 • RADIUS Client Configuration Attributes in the RADIUS accept message After the user and his credentials are approved by the authentication procedure on the RADIUS server, the IPLink expects a RADIUS accept message with the following attributes: Attribute Attribute Type Description...
Page 109
IPLink Software Configuration Guide 9 • RADIUS Client Configuration servers are down or the network is not reachable, you can create an emergency user in the local database so that you can still access the IPLink. Perform the following steps to configure the local accounts. Mode: Configure Step Command...
Chapter 10 IP context overview Chapter contents Introduction................................111 IP context overview configuration task list......................111 Planning your IP configuration ...........................112 IP interface related information ........................112 Serial interface related information ........................113 QoS related information ..........................113 Configuring Ethernet and serial ports........................113 Creating and configuring IP interfaces.........................113 Configuring NAPT .............................114...
IPLink Software Configuration Guide 10 • IP context overview Introduction This chapter outlines the IPLink software Internet protocol (IP) context and its related components. You will get the fundamental understanding on how to set up your IPLink to make use of IP related services. The following sections describe the configuration steps necessary to put together certain IP services and the ref- erences to the related chapters that explain the issue in more details.
IPLink Software Configuration Guide 10 • IP context overview • You can find the information regarding network address port translation (NAPT) in chapter 12, “NAT/ NAPT configuration” on page 128. • If you need to configure a physical port, chapter 13, “Ethernet port configuration”...
IPLink Software Configuration Guide 10 • IP context overview • IP address of the central TFTP server used for configuration upload and download Serial interface related information The IPLink supports the V.35 and X.21 standard for synchronous serial interfaces with speeds up to 2 Mbps. Devices that communicate over a serial interface are divided into two classes: •...
IPLink Software Configuration Guide 10 • IP context overview higher-layer protocol and service information, such as layer 3 addressing. Hence interfaces are configured as part of the IP context and represent logical entities that are only usable if a physical port is bound to them. An interface name can be any arbitrary string, but for ease of identification you should use self-explanatory names that describe the use of the interface.
IPLink Software Configuration Guide 10 • IP context overview ers maintain only the best route (the route with the lowest metric value) to a destination. After updating its routing table, the router immediately begins transmitting routing updates to inform other network routers of the change.
Page 116
IPLink Software Configuration Guide 10 • IP context overview IPLink software QoS features described in chapter 14, “Link scheduler configuration” on page 148 address these diverse and common needs. Configuring quality of service (QoS)
Chapter 11 IP interface configuration Chapter contents Introduction................................118 Software IP interface configuration task list ......................118 Creating an IP interface ..........................118 Deleting an IP interface ..........................119 Setting the IP address and netmask .......................120 Configuring a NAPT DMZ interface ......................120 ICMP message processing ..........................121 ICMP redirect messages ..........................121...
IPLink Software Configuration Guide 11 • IP interface configuration Introduction This chapter provides a general overview of IPLink interfaces and describes the tasks involved in their configu- ration. Within IPLink software, an interface is a logical entity that provides higher-layer protocol and service informa- tion, such as Layer 3 addressing.
IPLink Software Configuration Guide 11 • IP interface configuration Example: Create IP interfaces The procedure illustrated below assumes that you would like to create an IP interface named lan Use the fol- lowing commands in administrator configuration mode. IPLink>enable IPLink#configure IPLink(cfg)#context ip router IPLink(ctx-ip)[router]#interface lan IPLink(if-ip)[lan]#...
IPLink Software Configuration Guide 11 • IP interface configuration Setting the IP address and netmask Each IP interface needs its explicit IP address and an appropriate net mask to be set. You can use the interface configuration command to perform the following tasks: ipaddress •...
IPLink Software Configuration Guide 11 • IP interface configuration ICMP message processing The IP suite offers a number of services that control and manage IP connections. The Internet Control Mes- sage Protocol (ICMP) provides many of these services. Routers send ICMP messages to hosts or other routers when a problem is discovered with the Internet header.
IPLink Software Configuration Guide 11 • IP interface configuration Mode: Interface Step Command Purpose node(ctx-ip)[router]#interface name Selects the interface name for ICMP message pro- cessing configuration node(if-ip)[name]# icmp router-discovery Enables to send router advertisement broadcast messages Example: Router advertisement broadcast message The following example shows how to enable sending router advertisement broadcast messages on IP interface lan.
IPLink Software Configuration Guide 11 • IP interface configuration The following example shows how to define the MTU of the IP interface lan to 1000 and to adjust the MSS in both directions to MTU-40. Use the following commands in IP context configuration mode. IPLink(ctx-ip)[router]#interface lan IPLink(if-ip)[lan]#mtu 1000 IPLink(if-ip)[lan]#tcp adjust-mss rx mtu...
IPLink Software Configuration Guide 11 • IP interface configuration ------------------------------------------------------------ Context: router Name: IP Address: 172.17.100.210 255.255.255.0 MTU: 1500 ICMP router-discovery: enabled ICMP redirect: send only State: CLOSED Binding: ethernet 0 0 1/ethernet/ip … Displaying dynamic ARP entries The following command can be used to display the dynamically learned ARP entries on an IP interface or on the entire system.
IPLink Software Configuration Guide 11 • IP interface configuration The following example shows how to invoke the echo protocol to the destination host at IP address 172.16.1.10 by using the command from operator execution mode. ping IPLink>ping 172.16.1.10 Sending 5 ICMP echo requests to 172.16.1.10, timeout is 1 seconds: Reply from 172.16.1.10: Time <10ms Reply from 172.16.1.10: Time <10ms Reply from 172.16.1.10: Time <10ms.
IPLink Software Configuration Guide 11 • IP interface configuration Mode: Context IP Step Command Purpose node(ctx-ip)[ctx-name]# Go to the IP interface, which shall act as the IGMP proxy interface <if-name> upstream interface node(if-ip)[if-name]# igmp Define the interface as the IGMP proxy upstream interface interface-type proxy- upstream node(ctx-ip)[ctx-name]#...
IPLink Software Configuration Guide 12 • NAT/NAPT configuration Introduction This chapter provides a general overview of Network Address (Port) Translation and describes the tasks involved in its configuration. The two most compelling problems facing the IP Internet are IP address depletion and scaling in routing. Long-term and short-term solutions to these problems are being developed.
IPLink Software Configuration Guide 12 • NAT/NAPT configuration Figure 18 illustrates the basic and enhanced behavior of the Dynamic NAPT. The big arrows indicate the direction of the connection establishment. Although only a local host can establish a connection, traffic always flows in both directions.
IPLink Software Configuration Guide 12 • NAT/NAPT configuration Dynamic NAT NAT only modifies addresses but not ports. Dynamic NAT assigns a global address from a global NAT address pool each time a local host wants to access the global network. It creates a dynamic NAT entry for the reverse path.
IPLink Software Configuration Guide 12 • NAT/NAPT configuration The IPLink software NAPT can handle one GRE (Generic Routing Encapsulation) connection and one ESP (Encapsulating Security Payload) connection at a time. It also routes ICMP messages back to the source of the concerned connection or to the source of an ICMP Ping message.
IPLink Software Configuration Guide 12 • NAT/NAPT configuration Step Command Purpose node(pf-napt)[name]#range local- Configures and activates the Dynamic NAT: local-ip- (optional) ip-range-start local-ip-range-stop range-start and local-ip-range-stop define the subset global-ip-start global-ip-stop of local hosts that use an address from the global NAT address pool to access to global network.
IPLink Software Configuration Guide 12 • NAT/NAPT configuration Defining NAPT port ranges The TCP/UDP port ranges to be used by the NAPT can be defined using the following procedure. The default port ranges for both TCP/UDP are 8000 to 15999. Mode: profile napt <pf-name>...
IPLink Software Configuration Guide 12 • NAT/NAPT configuration Activate NAT/NAPT To activate a NAT/NAPT component, bind its NAPT profile to an IP interface. This binding identifies the global interface of the respective NAT/NAPT component. All other IP interfaces are local relative to this NAT/ NAPT.
Chapter 13 Ethernet port configuration Chapter contents Introduction................................138 Ethernet port configuration task list ........................138 Entering the Ethernet port configuration mode ....................139 Configuring medium for an Ethernet port ....................139 Configuring Ethernet encapsulation type for an Ethernet port ..............140 Binding an Ethernet port to an IP interface ....................140 Multiple IP addresses on Ethernet ports ......................141...
This chapter provides an overview of Ethernet ports and describes the tasks involved in configuring Ethernet ports through the IPLink software. For IPLink Series devices, the term Ethernet refers to the family of local area network (LAN) or wide area net- work (WAN) implementations that include two principal categories.
Since a port must be configured unambiguously, choose the appropriate expansion slot and port number. The num- ber and type of available ports depend upon your IPLink model, and also on the interface card fit for IPLink series devices. All permanent on-board interfaces of an IPLink are described as being on slot 0.
Example: Configuring Ethernet encapsulation type for an Ethernet port The following example shows how to configure the encapsulation type to IP for the Ethernet port on slot 0 and port 0 of an IPLink series device. IPLink(cfg)#port ethernet 0 0...
IPLink Software Configuration Guide 13 • Ethernet port configuration Figure 22 shows the logical binding of the Ethernet port at slot 0 on port 0 to the IP interface lan which is defined in the IP context router. Context “router” interface lan interface wan bind command...
IPLink Software Configuration Guide 13 • Ethernet port configuration Mode: Configure Step Command Purpose [name] (cfg)# context ip Enter the IP context configuration mode. [name] (ctx-ip)[router]# interface <ip-if-1-name> Create the first IP interface. [name] (if-ip)[ <ip-if-1-name>]# ipaddress <ip- Set the IP address for the first IP inter- address-1>...
IPLink Software Configuration Guide 13 • Ethernet port configuration Mode: Configure Step Command Purpose node(config)#port ethernet slot port Enter Ethernet port configura- tion. node(prt-eth)[slot/port]#vlan id Create new VLAN port. node(vlan)[id]#encapsulation {ip|pppoe|multi} Defines the payload type(s) to be used on this VLAN: •...
IPLink Software Configuration Guide 13 • Ethernet port configuration Mode: Configure Step Command Purpose node(cfg)#port ethernet slot port Enters Ethernet port configura- tion mode for the interface on slot and port node(prt-eth)[slot/port]#map cos layer 2 class of service value Selects the layer 2 CoS to traffic- to traffic class name class mapping.
IPLink Software Configuration Guide 13 • Ethernet port configuration Adding a transmit mapping table entry The transmit mapping table defines the conversion of transmitting firmware-specific service class value into a Layer 2 CoS to service class value. Each conversion is stored as a mapping table entry, so the transmitting map- ping table consists of several mapping table entries.
IPLink Software Configuration Guide 13 • Ethernet port configuration Example: Disabling an Ethernet port The following example shows how to disable the Ethernet port on slot 0 and port 0 of an IPLink device. IPLink(cfg)#port ethernet 0 0 IPLink(prt-eth)[0/0]#shutdown Checking the state of the Ethernet port on slot 0 and port 0 shows that the interface was closed. IPLink(prt-eth)[0/1]#show port ethernet 0 1 Ethernet Configuration -------------------------------------...
Page 147
IPLink Software Configuration Guide 13 • Ethernet port configuration The following is an example of how the sniffer is normally used: Step Command Purpose [name] (cfg)# sniff ethernet Enable the sniffer on ethernet port 0 1. (Normally the sniffer stops 0 1 [wrap] capturing, if the capture buffer is full.
IPLink Software Configuration Guide 14 • Link scheduler configuration Introduction This chapter describes how to use and configure the IPLink software Quality of Service (QoS) features. Refer to chapter 19, “Access control list configuration” on page 211 more information on the use of access control lists.
IPLink Software Configuration Guide 14 • Link scheduler configuration service that is only available for a limited bandwidth e.g. low delay. When connecting the IPLink to a DiffServ network shaping might be a required operation. Burst tolerant shaping or wfq For weighted fair queuing and shaping there is a variation of the scheduler that allows to specify if a traffic class may temporarily receive a higher rate as long as the average stays below the limit.
IPLink Software Configuration Guide 14 • Link scheduler configuration Mode priority local voice min. 30% min. 40% Level_1 min. 30% Mail Low_Priority Default Mode Shaper Define 2nd level Define 1st level Use arbiter on arbiter arbiter an interface Figure 24. Example of Hierarchical Scheduling Quick references The following sections provide a minimal “standard”...
IPLink Software Configuration Guide 14 • Link scheduler configuration • “modem-512” is the title of the profile which is referred to when installing the scheduler • “rate-limit 512” allows no more than 512 kbit/sec to pass which avoids queueing in the modem. •...
IPLink Software Configuration Guide 14 • Link scheduler configuration • Displaying link arbitration status (see page 165) • Displaying link scheduling profile information (see page 165) • Enable statistics gathering (see page 165) Profile Packet Classification Predefined Classes Different Types (Classes) of Traffic The service-policy profile defines the arbitration mode and order in which...
IPLink Software Configuration Guide 14 • Link scheduler configuration Some types of packets you do not have to tag with ACL. Voice and data packets from or for the IPLink itself are automatically tagged with predefined traffic-class names: Predefined internal classes for voice and other data are: •...
IPLink Software Configuration Guide 14 • Link scheduler configuration Mode: Configure Step Command Purpose node(cfg)#profile acl name Creates a new access control list profile named name node(pf-acl)[name]#permit ip host ip-address any traffic-class Creates an IP access con- class-name trol list entry that permits access for host at IP address ip-address, and specifies that packets...
IPLink Software Configuration Guide 14 • Link scheduler configuration profile service-policy <profile-name> link rate, arbitration common settings common parameters source traffic-class <x> bandwidth, packet mark settings for class x queue-size, etc. source traffic-class <y> settings for class y source traffic-class default settings for all other traffic-classes not listed Figure 27.
IPLink Software Configuration Guide 14 • Link scheduler configuration The following lines configure the source traffic-classes. When using weighted fair queuing (wfq) each user- specified source traffic-class needs a value specifying its share of the overall bandwidth. For this purpose the share command is used, which defines the relative weights of the source traffic-classes and policies.
IPLink Software Configuration Guide 14 • Link scheduler configuration Mode: Source Command Purpose node(src)[name]#share percentage Defines fair queuing weight (relative to other sources) to percent- age for the selected class or policy name Defining the bit-rate The command is used with shaper link arbitration to assign the (average) bit-rate to the selected source. rate When enough bandwidth is available each source will exactly receive this bandwidth (but no more), when overloaded the shaper will behave like a wfq arbiter.
IPLink Software Configuration Guide 14 • Link scheduler configuration The type-of-service (TOS) byte in an IP header specifies precedence (priority) and type of service (RFC791, RFC1349). The precedence field is defined by the first three bits and supports eight levels of priority. The next four bits—which are set by the command—determine the type-of-service (TOS).
IPLink Software Configuration Guide 14 • Link scheduler configuration “traffic-class” number called. With IPLink software you can inspect the DSCP value in the ACL rules and modify the DSCP value with the link scheduler command. set ip dscp Note When configuring service differentiation on the IPLink, ensure that code- point settings are arranged with the service provider.
IPLink Software Configuration Guide 14 • Link scheduler configuration Defining random early detection The command is used to request random early detection (RED). When a queue carries lots of random-detect TCP transfers that last longer than simple web requests, there is a risk that TCP flow-control might be ineffi- cient.
Page 163
IPLink Software Configuration Guide 14 • Link scheduler configuration Mode: profile service-policy/profile Command Purpose [name] (pf-srvp)[<name>]# [no] map packet-size Assigns IP packets of a predefined or speci- {routed-voice | routed-voice-encrypted | [<lower-size> fied range to a traffic-class. To name a spe- <upper-size>] } traffic-class <traffic-class-name>...
IPLink Software Configuration Guide 14 • Link scheduler configuration Devoting the service policy profile to an interface Any service policy profile needs to be bound to a certain IP interface to get activated. According the terminol- ogy of IPLink software a service policy profile is used on a certain IP interface, as shown in figure Service Policy...
IPLink Software Configuration Guide 14 • Link scheduler configuration IPLink(ctx-ip)[router]#interface wan IPLink(if-ip)[wan]#use profile service-policy Voice_Prio out Displaying link arbitration status command displays link arbitration status. This command supports the optional show service-policy argument that select a certain IP interface. This command is available in the operator mode. interface Mode: Operator execution Step...
Page 166
IPLink Software Configuration Guide 14 • Link scheduler configuration The command has optional values (in the range of 1 to 4) that define the level of detail (see table 10). Table 10. Values defining detail of the queuing statistics Optional Value Implication on Command Output Statistic gathering is switched off Display amount of packets passed (did not have to wait), queued (arrived ear-...
Chapter 15 Serial port configuration Chapter contents Introduction................................168 Serial port configuration task list .........................168 Disabling an interface ...........................169 Enabling an interface ............................169 Configuring the serial encapsulation type ......................170 Configuring the active clock edge .........................171 Configuring the baudrate ..........................172 Enter Frame Relay mode ..........................173 Configuring the LMI type ..........................173...
IPLink Software Configuration Guide 15 • Serial port configuration Introduction This chapter provides an overview of the serial port and describes the tasks involved in its configuration through the IPLink software, it includes the following sections: • Serial port configuration task list •...
IPLink Software Configuration Guide 15 • Serial port configuration Disabling an interface Before you replace a compact serial cable or attach your IPLink to other serial equipment, use the shutdown command to disable the serial interfaces. This prevents anomalies and hardware faults. When you shut down an interface, it has the state CLOSED in the command display.
IPLink Software Configuration Guide 15 • Serial port configuration Mode: Administrator execution Step Command Purpose node(cfg)#port serial slot port Selects the serial interface on slot and port node(prt-ser)[slot/port]#no shutdown Enables the interface node(prt-ser)[slot/port]#show port serial Displays the serial interface configuration. Example: Enabling an interface The example shows how to enable the built-in serial interface on slot 0 and port 0 of an IPLink.
IPLink Software Configuration Guide 15 • Serial port configuration IPLink(prt-ser)[0/0]#encapsulation framerelay IPLink(prt-ser)[0/0]#show port serial Serial Interface Configuration ------------------------------ Port : serial 0 0 0 State : CLOSED Hardware Port : V.35 Transmit Edge : normal Port Type : DTE CRC Type : CRC-16 Max Frame Length: 2048 Recv Threshold...
IPLink Software Configuration Guide 15 • Serial port configuration Configuring the baudrate A DCE interface has to provide the signal clocks. The X.21 DCE interface can provide different baudrates on its interface. The desired baudrate can be configured. Note The actual baudrate may differ from the baudrate you configured. This procedure describes how to set the baudrate for the serial interface.
IPLink Software Configuration Guide 15 • Serial port configuration Rx abort sequence: Rx non octet: Rx frame len violation: Rx DPLL error: Sent frames: 116106 Tx good frames: 116106 Tx CTS lost: Tx underrun: Status Link: Control Line: enabled True Baudrate: 64000 bps Enter Frame Relay mode This section describes how to configure Frame Relay on the serial interface of an IPLink, after setting the basic...
IPLink Software Configuration Guide 15 • Serial port configuration Mode: Frame Relay Step Command Purpose node(frm-rel)[slot/port]#lmi-type {ansi | gof | itu} Sets the LMI type Example: Configuring the LMI type The following example sets the LMI type to ANSI T1.617 Annex D for Frame Relay over the serial interface on slot 0 and port 0.
Page 175
IPLink Software Configuration Guide 15 • Serial port configuration This procedure describes how to enable Frame Relay fragmentation Mode: Frame Relay Step Command Purpose node(cfg)#port serial slot port Selects the serial interface on slot and port. node(prt-ser)[0/0]#framerelay Enters Frame Relay configuration mode. node(frm-rel)[0/0]#use profile Uses the previously defined service policy profile on Frame service-policy name out...
IPLink Software Configuration Guide 15 • Serial port configuration The fragmentation size depends on the available bandwidth, the chosen codec, and its packet length: • The less bandwidth available per call, the smaller the fragment size has to be configured. •...
IPLink Software Configuration Guide 15 • Serial port configuration The following example enters the configuration mode for PVC with the assigned DLCI of 1 for Frame Relay over the serial interface on slot 0 and port 0 of an IPLink. IPLink(cfg)#port serial 0 0 IPLink(prt-ser)[0/0]#framerelay IPLink(frm-rel)[0/0]#pvc 1...
IPLink Software Configuration Guide 15 • Serial port configuration Frame Relay PVC. If serial Frame Relay PVC shall be used as WAN access, a suitable name for the logical IP interface could be wan as in figure 29 below. Context “router”...
IPLink Software Configuration Guide 15 • Serial port configuration Enabling a Frame Relay PVC After binding Framerelay PVC to an ip interface it must be enabled for packet processing. This procedure acti- vates the PVC by opening the bound ip interface. This procedure describes how to enable Framerelay PVC for packet processing Mode: PVC Step...
IPLink Software Configuration Guide 15 • Serial port configuration IPLink(pvc)[1]#shutdown Check the PVC 1 status by using and verify that the entry shutdown occurs in the con- show running-config figuration part responsible for this PVC. IPLink(pvc)[1]#show running-config Running configuration: #----------------------------------------------------------------# …...
IPLink Software Configuration Guide 15 • Serial port configuration Displaying serial port information The following example shows the commands used to display serial port configuration settings. HDLC Driver: 0x8496b8 ===================== Slot: Number of Ports: HDLC Driver: 0x8496b8 ===================== Slot: Number of Ports: Port: serial 0 0 0 ------------------ State:...
IPLink Software Configuration Guide 15 • Serial port configuration PVC Configuration: Port DLCI State Fragment Encaps Binding -------------------------------------------------------------- serial 0 0 0 open disabled rfc1490 wan@router PSTN Internet Multi Multi Service Service Provider PVC 1 Provider Leased Line Node Modem IPLink Modem Network...
IPLink Software Configuration Guide 15 • Serial port configuration Between the leased line modem and the IPLink, ANSI T.617 type of LMI packets have to be exchanged. In addi- tion, the keep-alive interval has to be set to 20 seconds. To guarantee voice quality, fragmentation is enabled on the PVC which carries voice (PVC 1) and a service profile is assigned which gives priority to voices packets.
Page 184
IPLink Software Configuration Guide 15 • Serial port configuration IPLink(src)[local-d~]#source class default … 4. Configure the serial interface settings. IPLink(cfg)#port serial 0 0 IPLink(prt-ser)[0/0]#shutdown IPLink(prt-ser)[0/0]#encapsulation framerelay IPLink(prt-ser)[0/0]#hardware-port x21 IPLink(prt-ser)[0/0]#port-type dte … 5. Configure the Frame Relay. You must thus change to the Frame Relay configuration mode. Use the ser- vice-policy profile defined above to give voice priority over data.
IPLink Software Configuration Guide 16 • T1/E1 port configuration Introduction This chapter provides an overview of the T1/E1 ports, their characteristics and the tasks involved in the configuration. The configurable parameters for the T1/E1 port are type (T1 or E1), clock mode (or source) (master or slave), line code (AMI, HDB3, or B8ZS), framing (CRC-4, ESF, or unframed), line-build-out (for T1 only) and encapsulation (channelized or HDLC).
IPLink Software Configuration Guide 16 • T1/E1 port configuration Configuring T1/E1 port-type The T1/E1 Port can either work in T1 or in E1 (G.704) mode. This mode can be changed dynamically as long as no encapsulation or encapsulation ‘hdlc’ is set. Be aware that changing the port-type also resets the framing and linecode parameters to the default values of the new port-type.
IPLink Software Configuration Guide 16 • T1/E1 port configuration The advantage of the unframed mode (obviously with hdlc encapsulation) is the utilization of the whole link speed for user data transmission, 2.048MBit/s for E1 and 1.544MBit/s for T1. However note that HDLC has its own overhead which decreases the actual data rate.
IPLink Software Configuration Guide 16 • T1/E1 port configuration Configuring T1/E1 LOS threshold This command takes effect only if the T1/E1 port is configured for long-haul applications. It specifies the sen- sitivity for Loss Of Signal threshold. A signal suffers more attenuation over long distances than over short dis- tances.
IPLink Software Configuration Guide 16 • T1/E1 port configuration The command has three other options that allow you to manually switch on/off different loops. All these addi- tional options are applicable in T1 and E1 mode. The ‘line-interface’ loop sends back the whole link bandwidth (2048kBit/s or 1544kBit/s). In ‘payload’...
IPLink Software Configuration Guide 16 • T1/E1 port configuration connection..”.) On creating a new channel-group the channel-group configuration mode is immediately entered. To remove an existing channel-group the ‘no’ form of the command has to be used. Mode: port e1t1 <slot> <port> Step Command Purpose...
IPLink Software Configuration Guide 16 • T1/E1 port configuration tion mode the encapsulation must be set to ‘hdlc’ as well followed by configuring at least one timeslot per the ‘timeslots’ command. Mode: port e1t1 <slot> <port> Step Command Purpose [name] (prt-e1t1)[slot/port]# hdlc Entering the hdlc configuration mode Mode: channel-group <group>...
Chapter 17 Basic IP routing configuration Chapter contents Introduction................................196 Routing tables ...............................196 Static routing ..............................196 Basic IP routing configuration task list ........................196 Configuring static IP routes ..........................196 Deleting static IP routes ..........................197 Displaying IP route information ........................198 Examples ................................199 Basic static IP routing example ........................199 Changing the default UDP port range for RTP and RTCP .................200...
IPLink Software Configuration Guide 17 • Basic IP routing configuration Introduction This chapter provides an overview of IP routing and describes the tasks involved in configuring static IP rout- ing in IPLink software. IP routing moves information across an internetwork from a source to a destination, typically passing through one or more intermediate nodes along the way.
IPLink Software Configuration Guide 17 • Basic IP routing configuration a backup route is activated, thus improving network reliability. Each route is assigned a default precedence value and cost value. Modifying these values allow you to set a preference for one route over the next. If static routes are redistributed through dynamic routing protocol to neighboring devices, only the active static route to a destination is advertised.
IPLink Software Configuration Guide 17 • Basic IP routing configuration Mode: Administrator execution Step Command Purpose node(cfg)#context ip router Enters the IP router context node(ctx-ip)[router]#no route network mask {address | interface} Deletes a static route Example: Deleting a static IP route In the following example, the route for packets to network 20.0.0.0/24, which are routed to device with IP address 172.17.100.2, shall be deleted.
IPLink Software Configuration Guide 17 • Basic IP routing configuration Examples Basic static IP routing example Figure 32 shows an Internetwork consisting of three routers, an IPLink device in the middle, and the four autonomous networks, with network addresses 10.1.5.0/16, 172.16.40.0/24, 172.17.100.0/24, and 10.2.5.0/ 16.
IPLink Software Configuration Guide 17 • Basic IP routing configuration Changing the default UDP port range for RTP and RTCP The UDP port range to be used for RTP streams can be configured using the following procedure: Mode: context ip Step Command Purpose...
IPLink Software Configuration Guide 18 • RIP configuration Introduction This chapter provides an overview of the Routing Information Protocol (RIP) and describes the tasks involved in configuring RIP features within IPLink software, it includes the following sections: • Routing protocol •...
IPLink Software Configuration Guide 18 • RIP configuration RIP 2 is more useful in a variety of environments and allows the use of variable subnet masks on your network. It is also necessary for implementation of classless addressing as accomplished with CIDR (classless inter- domain routing).
IPLink Software Configuration Guide 18 • RIP configuration Example: Enabling send RIP The following example shows how to enable send RIP on IP interface wan on an IPLink. IPLink(cfg)#context ip router IPLink(ctx-ip)[router]#interface wan IPLink(if-ip)[wan]#rip supply Enabling an interface to receive RIP By default an interface does not listen to routing information.
IPLink Software Configuration Guide 18 • RIP configuration Specifying the receive RIP version By default, IPLink software application software receives RIP version 1 and version 2 packets. IPLink software application software allows receiving RIP version 1, version 2 or both version 1 and version 2 packets. Alterna- tively, you can explicitly configure the RIP version to be received with the last command argument as following: •...
IPLink Software Configuration Guide 18 • RIP configuration Example: Enabling RIP learn host and default The following example shows how to enable RIP learn host and default on IP interface wan on an IPLink. IPLink(cfg)#context ip router IPLink(ctx-ip)[router]#interface wan IPLink(if-ip)[wan]#rip learn host IPLink(if-ip)[wan]#rip learn default Enabling an interface to receive RIP This procedure describes how to enable receive RIP on an IP interface...
IPLink Software Configuration Guide 18 • RIP configuration Example: Enabling RIP announcing The following example shows how to enable the RIP default routes and IP host routes RIP announcing method on IP interface wan on an IPLink. IPLink(cfg)#context ip router IPLink(ctx-ip)[router]#interface wan IPLink(if-ip)[wan]#rip announce default IPLink(if-ip)[wan]#rip announce host...
IPLink Software Configuration Guide 18 • RIP configuration Setting the default route metric, which is a number, indicating the distance to the destination network ele- ment, e.g. another router or IPLink in a network, is possible with the command. The rip default-route-value value is between 1 and 15 for a valid route, or 16 for an unreachable route.
IPLink Software Configuration Guide 18 • RIP configuration acquired over that interface. Poison reverse updates are then sent to remove the route and place it in hold- down. One drawback is that routing update packet sizes will be increased when using poison reverse. This procedure describes how to enable the poison reverse algorithm on an interface Mode: Interface Step...
IPLink Software Configuration Guide 18 • RIP configuration The following example shows how to display the RIP configuration of IP interface wan of an IPLink. IPLink(cfg)#context ip router IPLink(ctx-ip)[router]#interface wan IPLink(if-ip)[wan]#show rip interface wan Interface wan (IP context router): -------------------------------------------------- listen: disabled supply: enabled send version: 1compatible...
Chapter 19 Access control list configuration Chapter contents Introduction................................212 About access control lists .............................212 What access lists do ............................212 Why you should configure access lists ......................212 When to configure access lists ........................213 Features of access control lists ........................213 Access control list configuration task list......................214 Mapping out the goals of the access control list .....................214...
IPLink Software Configuration Guide 19 • Access control list configuration Introduction This chapter provides an overview of IP Access Control Lists and describes the tasks involved in configuring them through IPLink software. This chapter includes the following sections: • About access control lists •...
IPLink Software Configuration Guide 19 • Access control list configuration For example, access lists can allow one host to access a part of your network, and prevent another host from accessing the same area. In figure 33 host A is allowed to access the Human Resources network and host B is prevented from accessing the Human Resources network.
IPLink Software Configuration Guide 19 • Access control list configuration • All access control lists have an implicit deny ip any any at the end. A packet that does not match the criteria of the first statement is subjected to the criteria of the second statement and so on until the end of the access control list is reached, at which point the packet is dropped.
IPLink Software Configuration Guide 19 • Access control list configuration Before you begin to enter the commands that create and configure the IP access control list, be sure that you are clear about what you want to achieve with the list. Consider whether it is better to deny specific accesses and permit all others or to permit specific accesses and deny all others.
Page 216
IPLink Software Configuration Guide 19 • Access control list configuration Mode: Profile access control list Step Command Purpose node(pf-acl)[name]#deny ip {src src-wildcard | any | host Creates an IP access of control list src} {dest dest-wildcard | any | host dest} [cos group] entry that denies access defined according to the command options...
IPLink Software Configuration Guide 19 • Access control list configuration Adding an ICMP filter rule to the current access control list profile The command permit or deny are used to define an ICMP filter rule. Each ICMP filter rule represents an ICMP access of control list entry.
Page 218
IPLink Software Configuration Guide 19 • Access control list configuration Where the syntax is as following: Keyword Meaning The source address to be included in the rule. An IP address in dotted-decimal-format, e.g. 64.231.1.10. src-wildcard A wildcard for the source address. Expressed in dotted-decimal format this value specifies which bits are significant for matching.
IPLink Software Configuration Guide 19 • Access control list configuration The same effect can also be obtained by using the simpler message name option. See the following example. IPLink(cfg)#profile acl WanRx IPLink(pf-acl)[WanRX]#deny icmp any any msg echo IPLink(pf-acl)[WanRX]#exit IPLink(cfg)# Adding a TCP, UDP or SCTP filter rule to the current access control list profile The commands permit or deny are used to define a TCP, UDP or SCTP filter rule.
Page 220
IPLink Software Configuration Guide 19 • Access control list configuration Where the syntax is: Keyword Meaning The source address to be included in the rule. An IP address in dotted-decimal-format, e.g. 64.231.1.10. src-wildcard A wildcard for the source address. Expressed in dotted-decimal format this value specifies which bits are significant for matching.
IPLink Software Configuration Guide 19 • Access control list configuration Binding and unbinding an access control list profile to an IP interface The command use is used to bind an access control list profile to an IP interface. This procedure describes how to bind an access control list profile to incoming packets on an IP interface Mode: Profile access control list Step...
IPLink Software Configuration Guide 19 • Access control list configuration Unbind an access control list profile from an interface. IPLink(cfg)#context ip router IPLink(cfg-ip)[router]#interface wan IPLink(cfg-if)[wan]#no use profile acl in Note When unbinding an access control list profile the name argument is not required, since only one incoming and outgoing access control list can be active at the same time on a certain IP interface.
Page 223
IPLink Software Configuration Guide 19 • Access control list configuration Mode: Interface Step Command Purpose node(cfg)#context ip router Selects the IP router context node(ctx-ip)[router]#interface if-name Selects IP interface if-name for which access control list profile shall be debugged node(if-ip)[if-name]#debug acl {in | out} [level] Enables access control list debug monitor with a certain debug level for the selected interface if-name...
IPLink Software Configuration Guide 19 • Access control list configuration Examples Denying a specific subnet Figure 34 shows an example in which a server attached to network 172.16.1.0 shall not be accessible from outside networks connected to IP interface lan of the IPLink device. To prevent access, an incoming filter rule named Jamming is defined, which blocks any IP traffic from network 172.16.2.0 and has to be bound to IP interface lan.
IPLink Software Configuration Guide 20 • SNMP configuration Introduction This chapter provides overview information about Simple Network Management Protocol (SNMP) and describes the tasks used to configure those of its features supported by IPLink software. This chapter includes the following sections: •...
IPLink Software Configuration Guide 20 • SNMP configuration • command is used by an NMS to control managed devices. The NMS changes the values of vari- write ables stored within managed devices. • command is used by managed devices to asynchronously report events to the NMS. When certain trap types of events occur, a managed device sends a trap to the NMS.
IPLink Software Configuration Guide 20 • SNMP configuration Identification of the IPLink devices via SNMP All IPLink devices have assigned sysObjectID (.iso.org.dod.internet.mgmt.mib-2.system.sysObjectID) num- bers (see table 11). Table 11. IPLink Models and their Unique sysObjectID IPLink Model SysObjectID 2802 .iso.org.dod.internet.private.enterprises.patton.products.sn2802 1.3.6.1.4.1.1768.2.2.8.1 2805 .iso.org.dod.internet.private.enterprises.patton.products.sn2805...
IPLink Software Configuration Guide 20 • SNMP configuration Setting basic system information The implementation of the MIB-II system group is mandatory for all systems. By default, an SNMP agent is configured to have a value for any of these variables and responds to get commands from a NMS. On the IPLink devices appropriate values should be set for the following MIB-II system group objects: •...
IPLink Software Configuration Guide 20 • SNMP configuration The procedure to use the SNMP MIB browser is: • Enter the community string public into the Community field in the upper right corner of the window. For safety reasons each entered character is displayed with a “*”. •...
IPLink Software Configuration Guide 20 • SNMP configuration Setting access community information SNMP uses one or more labels called community strings to delimit groups of objects (variables) that can be viewed or modified on a device. The SNMP data in such a group is organized in a tree structure called a Man- agement Information Base (MIB).
IPLink Software Configuration Guide 20 • SNMP configuration In the following example the SNMP communities for the default community public with read-only access and the undisclosed community Not4evEryOne with read/write access are defined. Only these valid communities have access to the information from the SNMP agent running on the respective IPLink device. 2803-01(cfg)#snmp community public ro 2803-01(cfg)#snmp community Not4evEryOne rw Note...
IPLink Software Configuration Guide 20 • SNMP configuration Mode: Configure Step Command Purpose node(cfg)#snmp target IP-address-of-node Configures a SNMP trap target with IP-address-of- security-name community hostanme node that receives trap messages of this IPLink device, using the security name community on the target.
IPLink Software Configuration Guide 20 • SNMP configuration Using the AdventNet SNMP utilities The AdventNet SNMP utilities are a set of cross-platform applications and applets for SNMP and Web-based network management. These utilities can be used for device, element, application and system management. The tools can communicate and interact with any SNMP enabled device, such as an IPLink device.
IPLink Software Configuration Guide 20 • SNMP configuration • The same can be done through clicking the MibBrowser settings button on the toolbar. See figure Figure 36. AdventNet MibBrowser Settings Button on the Toolbar By default the MIB description display and the result display are visible in the MibBrowser. Using the TrapViewer TrapViewer is a graphical tool to view the traps received from one or more SNMP agents running on an IPLink device.
IPLink Software Configuration Guide 20 • SNMP configuration • The default value in the Community text field is public. Set the community of the incoming traps as desired, depending on the SNMP configuration of your IPLink device. • Click on Add button to add the port and community list on which the trap has to listen to. This is visible in the TrapList combo box.
IPLink Software Configuration Guide 20 • SNMP configuration The various details available in the Trap Details window are listed in table Table 12. Details available in the Trap Details window Trap Details Description TimeStamp The TimeStamp is a 32-bit unsigned value indicating the number of hundredths-of-a-second that have elapsed since the (re)start of the SNMP agent and the sending of the trap.
Page 238
IPLink Software Configuration Guide 20 • SNMP configuration "A warmStart trap signifies that the sending protocol entity is reinitializing itself such that neither the agent configuration nor the protocol entity implementa- tion is altered." ::= 1 linkDown TRAP-TYPE ENTERPRISE snmp VARIABLES { ifIndex } DESCRIPTION...
IPLink Software Configuration Guide 20 • SNMP configuration Note The standard SNMP version 1 trap coldStart as listed below is not sup- ported. After powering up an IPLink device sends a warmStart trap message if any trap target host is defined. SNMP interface traps The IPLink sends Interface Traps (linkUp, linkDown) when the status of logical or physical interfaces change.
IPLink Software Configuration Guide 21 • SNTP client configuration Introduction This chapter describes how to configure Simple Network Time Protocol (SNTP) client, it includes the follow- ing sections: • SNTP client configuration task list • Recommended Public SNTP Time Servers (see page 248) The Simple Network Time Protocol (SNTP) is an adaptation of the Network Time Protocol (NTP) that is...
IPLink Software Configuration Guide 21 • SNTP client configuration Selecting SNTP time servers This procedure describes how to select a primary and secondary SNTP time server Mode: Configure Step Command Purpose node(cfg)#sntp-client server primary host Enter the SNTP primary server IP address or hostname node(cfg)#sntp-client server secondary host Enter the SNTP secondary server IP...
IPLink Software Configuration Guide 21 • SNTP client configuration Example: Configuring SNTP client operating mode Configures the SNTP client operating mode to unicast operation IPLink(cfg)#sntp-client operating-mode unicast Configures the SNTP client operating mode to anycast operation IPLink(cfg)#sntp-client operating-mode anycast Configures the SNTP client operating mode to multicast operation IPLink(cfg)#sntp-client operating-mode multicast Defining SNTP local UDP port The communication between an SNTP client and its the primary or secondary SNTP time server uses UDP.
IPLink Software Configuration Guide 21 • SNTP client configuration Enabling and disabling the SNTP client The SNTP client is disabled by default and has to be enabled if clock synchronization shall be used. This pro- cedure describes how to enable or disable the SNTP client Mode: Configure Step Command...
IPLink Software Configuration Guide 21 • SNTP client configuration Mode: Configure Step Command Purpose node(cfg)#sntp-client gmt-offset offset Specifies the SNTP client constant offset from GMT, where offset is + or – followed by hh:mm:ss, with a range from –24:00:00 to +24:00:00 Example: Setting SNTP client local time zone offset from GMT In the following example the SNTP client local time zone offset is set to +2 hours ahead of GMT, e.g.
IPLink Software Configuration Guide 21 • SNTP client configuration Mode: Configure Step Command Purpose node(cfg)#sntp-client anycast-address ip- Set the anycast-address to ip-address a designated address {port | port-number} local broadcast or multicast group address to which a request is sent. In addition an explicit SNTP server port-number in the range from 1 to 65535 can be defined or the argument port is selected, which sets the value for port to 123.
IPLink Software Configuration Guide 21 • SNTP client configuration Example: Disabling the SNTP client root delay compensation IPLink(cfg)#no sntp-client root-delay-compensation Showing SNTP client related information During set-up and operation of the SNTP client, displaying the information and status of the SNTP client is very useful.
IPLink Software Configuration Guide 21 • SNTP client configuration Example: Enable the SNTP debug monitor The following example shows how to enable the SNTP debug monitor and some typical debug information. IPLink(cfg)#debug sntp client IPLink(cfg)#14:44:21 SNTP > SNTP message sent with Timestamp: 2001-10-26T14:44:21 14:44:21 SNTP >...
IPLink Software Configuration Guide 21 • SNTP client configuration Table 13. Time servers operated by NIST (Continued) Server Name IP Address Note Location time-d.timefreq.bldrdoc.gov 132.163.4.104 Colorado time.nist.gov 192.43.244.18 Colorado time-nw.nist.gov 131.107.1.10 Washington Legend 1. Heavily loaded and not recommended for new users. 2.
Chapter 22 DHCP configuration Chapter contents Introduction................................252 DHCP-client configuration tasks ........................253 Enable DHCP-client on an IP interface ......................253 Release or renew a DHCP lease manually (advanced) ...................255 Get debug output from DHCP-client ......................255 DHCP-server configuration tasks ........................256 Configure DHCP-server profiles ........................256 Use DHCP-server profiles and enable the DHCP-server ................258...
IPLink Software Configuration Guide 22 • DHCP configuration Introduction This chapter provides an overview of the Dynamic Host Configuration Control Protocol (DHCP) and describes the tasks involved in their configuration. This chapter includes the following sections: • DHCP-client configuration tasks (see page 253) •...
IPLink Software Configuration Guide 22 • DHCP configuration vides other clients on the LAN side with IP addresses and other configuration information. DHCP-server and DHCP-client are illustrated in figure IPLink IPLink DHCP Server IPLink IPLink DHCP Clients DHCP Clients IPLink IPLink DHCP Server Figure 39.
Page 254
IPLink Software Configuration Guide 22 • DHCP configuration face, e.g. the default gateway, DNS server IP addresses, etc. To enable the DHCP-client on an IP interface per- form the steps described below. Mode: context IP Step Command Purpose node(ctx-ip)[router]#interface name Creates an IP interface with name name and enters ‘configure’...
IPLink Software Configuration Guide 22 • DHCP configuration Release or renew a DHCP lease manually (advanced) After enabling the DHCP-client, the interface receives a DHCP lease from the DHCP-server. To manually release and/or renew this DHCP lease use the command described below. This procedure describes how to release and renew the DHCP lease Mode: interface Step...
Page 257
IPLink Software Configuration Guide 22 • DHCP configuration Mode: Configure Step Command Purpose node(cfg)#profile dhcp-server name Enter DHCP-server profile mode node(pf-dhcps)[name]#network ip- Defines the IP address range for which this pro- address ip-mask file is responsible IP address: basic DHCP information (‘your (cli- ent) IP address’) IP mask: DHCP Option 1 node(pf-dhcps)[name]#[no] include ip-...
IPLink Software Configuration Guide 22 • DHCP configuration Step Command Purpose node(pf-dhcps)[name]#[no] bootfile boot- Defines the bootfile the client shall use when (optional) file-name starting. Usually this is used in conjunction with the next-server command. Basic DHCP information (‘Boot file name’) node(pf-dhcps)[name]#[no] next-server Defines the address of the next server in the (optional)
IPLink Software Configuration Guide 22 • DHCP configuration Check DHCP-server configuration and status This procedure describes how to check the configuration and current status of the DHCP-server Mode: Any Step Command Purpose node(cfg) #show dhcp-server Displays configuration and status information Example: IPLink(ctx-ip)[router]#show dhcp-server The DHCP server is running...
Page 260
IPLink Software Configuration Guide 22 • DHCP configuration Example: Enable DHCP debug monitor This example shows how to enable the DHCP-server debug monitor. The debug output shows an activation of the DHCP-server, a DHCP-client requesting a lease, and a DHCP-client releasing a lease. IPLink(ctx-ip)[router]#debug dhcp-server 21:40:29 DHCPS >...
Chapter 23 configuration Chapter contents Introduction................................262 DNS configuration task list ..........................262 Enabling the DNS resolver ...........................262 Enabling the DNS relay ..........................263...
IPLink Software Configuration Guide 23 • DNS configuration Introduction The domain name system (DNS) enables users to contact a remote host by using easily remembered text labels (www.patton.com, for example) instead of having to use the host’s numeric address (209.45.110.15, for exam- ple).
IPLink Software Configuration Guide 23 • DNS configuration You can test the DNS server configuration using the command as follows: dns-lookup Example: Testing DNS server configuration IPLink(cfg)#dns-lookup www.patton.com Name: www.patton.com Address: 209.49.110.5 Note The DNS resolver automatically learns domain name servers if it receives them through PPP or DHCP protocols.
Page 264
IPLink Software Configuration Guide 23 • DNS configuration address. DNS Relay agents maintain a cache of host names and IP addresses, much smaller than a DNS Server. It acts as a liaison between the DNS Server and the DNS client Advantages in configuring a DNS Relay in the IPLink are: •...
IPLink Software Configuration Guide 24 • DynDNS configuration Introduction IPLink devices are often used in applications where the addresses of their IP interfaces are not assigned stati- cally (i.e. permanently) but instead are configured dynamically. In these applications, the IP address is assigned dynamically using protocols like DHCP or PPP.
IPLink Software Configuration Guide 24 • DynDNS configuration Configuring basic DynDNS settings The following procedure describes the steps necessary to enable the DynDNS feature. Mode: DynDNS Step Command Purpose node(dyndns)#authentication user pass- Defines the authentication credentials of your word DynDNS account node(dyndns)#service Defines the DynDNS service to use {dynamic|static|custom}...
IPLink Software Configuration Guide 24 • DynDNS configuration Example: Defining a mail exchanger The following example shows how to define a mail exchanger named mail.mycompany.com, which should be used as the primary mail-exchanger for the registered DynDNS hostname. IPLink>enable IPLink#configure IPLink(cfg)#context ip IPLink(ctx-ip)[router]#dyndns IPLink(dyndns)#mail-exchanger mail.mycompany.com...
Page 269
IPLink Software Configuration Guide 24 • DynDNS configuration 16:20:43 DYNDNS> Resolved 'update.dyndns.org'. 16:20:43 DYNDNS> Updating DNS... 16:20:43 DYNDNS> Sending request... 16:20:44 DYNDNS> DNS updated successfully 16:20:44 DYNDNS> Registered IP address is (57.32.59.64). If required, you can force the DynDNS component to re-register the current IP address on the DynDNS server—even if the dynamic IP address has not changed—using the following command (this command could also be useful for observing the update process in the debug monitor).
Chapter 25 PPP configuration Chapter contents Introduction................................271 PPP configuration task list...........................272 Creating an IP interface for PPP ........................272 Disable interface IP address auto-configuration from PPP ................274 Creating a PPP subscriber ..........................274 Trigger forced reconnect of PPP sessions using a timer .................275 Disable interface IP address auto-configuration from PPP ................276...
IPLink Software Configuration Guide 25 • PPP configuration Introduction This chapter describes how to configure the point-to-point protocol over different link layers. The point-to-point protocol (PPP) provides a standard method for transporting multi-protocol datagrams over point-to-point links as defined by the RFC1661 etc. IPLink software offers PPP over the following link layers: •...
IPLink Software Configuration Guide 25 • PPP configuration PPP configuration task list To configure PPP, perform the following tasks: • Creating an IP interface for PPP • Configuring for IP address auto-configuration from PPP (see page 274) • Creating a PPP subscriber (for authentication) (see page 274) •...
Page 273
IPLink Software Configuration Guide 25 • PPP configuration Step Command Purpose node(if-ip)[name]#ipaddress The PPP remote peer offers an IP address for the unnumbered IP interface. The IP interface adopts this IP address node(if-ip)[name]#ipaddress dhcp Once PPP has established an IP connection, the IP interface can use DHCP to acquire an IP address.
IPLink Software Configuration Guide 25 • PPP configuration Step Command Purpose node(if-ip)[name]#use profile napt name Assigns the NAPT profile name to applied to (optional) this IP interface. See 12, “NAT/NAPT configu- ration” on page 128 to learn how to create a NAPT profile.
IPLink Software Configuration Guide 25 • PPP configuration Step Command Purpose node(subscr)[name]# [no] authentication { Defines the authentication protocol to be used, (chap pap) | {chap|pap} } PAP and/or CHAP node(subscr)[name]# [no] identification Sets the credentials to be provided during the (optional) {outbound|inbound} user [password authentication procedure: the user name user...
IPLink Software Configuration Guide 25 • PPP configuration Mode: subscriber ppp <subscriber> Step Command Purpose [name] (subscr)[subscriber]# [no] timeout on- Enables/disables forced reconnect every time timer <timer> the timer <timer> expiries. Disable interface IP address auto-configuration from PPP This procedure enables/disables automatic configuration of the interface IP address from the PPP network control protocol negotiation.
Page 277
IPLink Software Configuration Guide 25 • PPP configuration Mode: Configure Step Command Purpose node(cfg) #port ethernet slot port Enters Ethernet port configuration mode for the interface on slot and port node (prt-eth)[slot/port]# encapsulation Defines the payload type(s) to be used on the {ip|pppoe|multi} Ethernet: •...
IPLink Software Configuration Guide 25 • PPP configuration Example: Configure a PPPoE session The procedure below configures a PPPoE session for the connection to a DSL provider using the credentials specified in the subscriber profile above. IPLink(cfg)#port ethernet 0 0 IPLink(prt-eth)[0/0]#encapsulation pppoe IPLink(prt-eth)[0/0]#no shutdown IPLink(prt-eth)[0/0]#pppoe...
IPLink Software Configuration Guide 25 • PPP configuration IPLink(prt-ser)[0/0]#no shutdown Creating a PPP profile A PPP profile allows to adjust additional PPP parameters like the maximum transmit unit (MTU) and maxi- mum receive unit (MRU). Only the most important parameters are listed here. The profile default is always present and supplies the parameters if no other profile has been created or no pro- file can be used with a certain type of PPP connection.
IPLink Software Configuration Guide 25 • PPP configuration Example: Display a PPP profile IPLink(pf-ppp)[PPPoE]#show profile ppp PPPoE Profiles: --------- Name: default LCP Configure-Request: interval 3000 ms, max 10 LCP Configure-Nak: max 5 LCP Terminate-Request: interval 3000 ms, max 2 LCP Echo-Request: interval 10000 ms, max 3 MTU: 68 - 1920...
Page 282
IPLink Software Configuration Guide 25 • PPP configuration Mode: Configure Step Command Purpose node(cfg) #show ppp links [ level ] Displays status and configuration information of the Link Control Protocol (LCP) and the authentica- tion protocol(s) (PAP and/or CHAP). Check whether the states of the two protocols are ‘Opened’.
Page 283
IPLink Software Configuration Guide 25 • PPP configuration Example: Display PPP link information IPLink(cfg)#show ppp links 4 PPP Link Information: ===================== Link: Name: ethernet 0 0 0/pppoe/ppp_green Protocols: LCP, PAP LCP: Name: ethernet 0 0 0/pppoe/ppp_green State: Opened Conf-Req send rate: 3000ms Max.
Chapter 26 VPN configuration Chapter contents Introduction................................288 Authentication ..............................288 Encryption ..............................288 Transport and tunnel modes .........................289 Key management ............................289 VPN configuration task list ..........................289 Creating an IPsec transformation profile .......................289 Creating an IPsec policy profile ........................290 Creating/modifying an outgoing ACL profile for IPsec .................292 Configuration of an IP interface and the IP router for IPsec .................293...
IPLink Software Configuration Guide 26 • VPN configuration Introduction This chapter describes how to configure the VPN connections between two IPLink devices or between an IPLink and a third-party device. A virtual private network (VPN) is a private data network that uses the public telecommunications infrastruc- ture, maintaining privacy through the use of a tunneling protocol and security procedures.
IPLink Software Configuration Guide 26 • VPN configuration Transport and tunnel modes The mode determines the payload of the ESP packet and hence the application: • Transport mode: Encapsulates only the payload of the original IP packet, but not its header, so the IPsec peers must be at the endpoints of the communications link.
IPLink Software Configuration Guide 26 • VPN configuration Mode: Configure mac-sha1-96 }Enables authentication and defines the authentication protocol and the hash algorithm Step Command Purpose node(cfg)#profile ipsec-transform name Creates the IPsec transformation profile name node(pf-ipstr)[name]#esp-encryption { Enables encryption and defines the encryp- optional aes-cbc | des-cbc | 3des-cbc } [key-length] tion algorithm and the key length...
Page 291
IPLink Software Configuration Guide 26 • VPN configuration Mode: Configure Step Command Purpose node(cfg)#profile ipsec-policy-man- Creates the IPsec policy profile name ual name node(pf-ipstr)[name]#use profile Selects the IPsec transformation profile to be ipsec-transform name applied node(pf-ipstr)[name]#session-key Sets a key for encryption or an authenticator for optional authentication, either for inbound or outbound { inbound | outbound }...
IPLink Software Configuration Guide 26 • VPN configuration Configuration of an IP interface and the IP router for IPsec The IP interface that provides connectivity to the IPsec peer, must now activate the outgoing ACL profile con- figured in the previous section. Furthermore, the IP router must have a route for the remote network that points to the respective IP interface.
IPLink Software Configuration Guide 26 • VPN configuration Creating an IPSEC transform profile First you need to create at least one IPSEC transform profile. In addition to the parameters used also for man- ually keyed IPSEC security associations, you can optionally also specify a security association lifetime for IKE security associations.
Page 297
IPLink Software Configuration Guide 26 • VPN configuration should be used. You can specify later an ACL with the type of traffic to be treated by a specific ISAKMP IPSEC policy. The following commands are used to create and configure an ISAKMP IPSEC policy profile: Mode: Configure Step Command...
IPLink Software Configuration Guide 26 • VPN configuration Step Command Purpose node(pf- ipsik)[<name>]# protection- If required, you can specify a protection group. group <group> The protection-group is a proprietary feature and optional is not compatible with third-party devices. There- fore do not configure it for connections to third party devices.
IPLink Software Configuration Guide 26 • VPN configuration profile ipsec-policy-isakmp VPN authentication-method pre-shared-key sdfkl@hgdslkfs/iuçkfld$gus+ghf mode tunnel peer 1.2.3.4 diffie-hellman-group group2 use profile ipsec-transform 1 IPSEC_3DES_192 use profile isakmp-transform 1 ISAKMP_3DES_192 context ip interface WAN use profile acl WAN_Out out Troubleshooting To analyze IKe configuration or networking problems, use the following debug monitors that log important information about the exchanged ISAKMP messages: •...
IPLink Software Configuration Guide 26 • VPN configuration Mode: context ip Step Command Purpose node(ctx-ip)[ctx-name]# [no] sourcead- Defines that locally originated packets destined dress-map <destination-net- for the specified destination network shall use the work><destination-mask><ip- IP address of the specified IP interface as their interface-name>...
IPLink Software Configuration Guide 26 • VPN configuration Rest of the configuration, see above, just change the name of the IPsec policy pro- file in the ACL profile ‘VPN_Out’ Cisco router configuration crypto ipsec transform-set AES_SHA1 ah-sha-hmac esp-aes 256 crypto map VPN_AES_SHA1 local-address FastEthernet0/1 crypto map VPN_AES_SHA1 10 ipsec-manual set peer 200.200.200.2 set session-key inbound esp 6666 cipher...
Page 303
IPLink Software Configuration Guide 26 • VPN configuration set session-key inbound esp 8888 cipher FEDCBA0987654321FEDCBA0987654321FEDCBA0987654321 authenticator FEDCBA0987654321FEDCBA0987654321 set session-key outbound esp 7777 cipher 1234567890ABCDEF1234567890ABCDEF1234567890ABCDEF authenticator 1234567890ABCDEF1234567890ABCDEF set transform-set 3DES_MD5 match address 110 For the remainder of the configuration (see above), just change the name of the IPsec policy profile in the ACL profile VPN_Out.
Appendix A Terms and definitions Chapter contents Introduction................................305 IPLink software architecture terms and definitions ....................305...
IPLink Software Configuration Guide A • Terms and definitions Introduction This chapter contains the terms and their definitions that are used throughout this IPLink software Software Configuration Guide. This guide contains many terms that are related to specific networking technologies areas such as LAN protocols, WAN technologies, routing, Ethernet, and Frame Relay.
Page 306
IPLink Software Configuration Guide A • Terms and definitions Term or Definition Meaning Command Line Interface An interface that allows the user to interact with the IPLink software operat- ing system by entering commands and optional arguments. Other operat- ing systems like UNIX or DOS also provide CLIs. Configuration Download A configuration file is downloaded from a remote TFTP server via TFTP to the persistent memory (nvram:) or volatile memory (system:)of an IPLink.
Page 307
PCM Highway A 30 channel interface connecting the switching engine with optional interface cards containing circuit ports. The optional interface cards for IPLink series which are compatible to the PCI Mezzanine Card standards. PMC Driver Software PMC driver software performs the runtime tasks on the PMC interface card mounted in IPLink devices.
Page 308
IPLink Software Configuration Guide A • Terms and definitions Term or Definition Meaning Routing Engine In IPLink software the routing engine handles the basic IP routing. Running Configuration The currently running configuration (running-config) for IPLink software, which is executed from the volatile memory (system:) on the IPLink. IPLink software IPLink software is the application software running on the IPLink hardware platforms.
IPLink Software Configuration Guide B • Mode summary Introduction Figure 42 on page 310 and figure 43 on page 311 show the configuration mode hierarchy. Each box contains the mode name, the command to enter in this mode and the mode prompt printed in a Telnet or console session. The commands are defined in appendix C, “Command summary”...
IPLink Software Configuration Guide C • Command summary Introduction This command summary is valid for IPLink software Release 3.20. Commands in future IPLink software releases may be different. The information provided in this chapter is subject to change without notice. The command summary is organized as follows: Mode Name Enter Command...
IPLink Software Configuration Guide C • Command summary lcp-configure-request interval <interval> max <max> lcp-configure-nak max <max> lcp-terminate-request interval <interval> max <max> lcp-echo-request interval <interval> max <max> mtu min <min> max <max> [ignore-link ] mru min <min> max <max> [ignore-link ] accm <value>...
IPLink Software Configuration Guide C • Command summary exit exit exit Other Show help Step Command Purpose help [topic] Shows command help. Show command history Step Command Purpose show history Shows command history. Use CTRL-N and CTRL-P to browse. The cursor keys (up, down) are not working. Show RedBoot version Step Command...
IPLink Software Configuration Guide D • Internetworking terms & acronyms Abbreviations Abbreviation Meaning Numeric 10BaseT Ethernet Physical Medium ATM Adaptive Layer Available Bit Rate Alternating Current Advice of Charge Asynchronous Transfer Mode audio 3.1 ISDN Audio Service up to 3.1 kHz audio 7.2 ISDN Audio Service up to 7.2 kHz Basic Rate Access...
Page 327
IPLink Software Configuration Guide D • Internetworking terms & acronyms Abbreviation Meaning E-DSS1 ETSI Euro ISDN Standard Embedded File System Exchange Termination Ethernet Frequently Asked Questions Federal Communication Commission IPLink software Frame Relay G.711 ITU-T Voice encoding standard G.723 ITU-T Voice compression standard Graphic User Interface Gateway H.323...
Page 328
IPLink Software Configuration Guide D • Internetworking terms & acronyms Abbreviation Meaning MGCP Media Gateway Control Protocol MIB II Management Information Base II Modem Modulator – Demodulator Multiple Subscriber Number NAPT Network Address Port Translation Network Address Translation Network Interface Card Network Termination Network Termination 1 Network Termination 2...
Page 329
IPLink Software Configuration Guide D • Internetworking terms & acronyms Abbreviation Meaning Real-time Protocol IPLink-connection for Trunk Line IPLink-connection for Subscriber Line Segmentation and Reassembly S-Bus Subscriber Line (Connection) Bus Switched Circuit Network SCTP Stream Control Transmission Protocol SDSL Symmetric Digital Subscriber Line SGCP Simple Gateway Control Protocol Session Initiation Protocol.
IPLink Software Configuration Guide E • Used IP ports in the IPLink software Used IP ports in the IPLink software Component Port Description NAPT TCP 8000-15999 NAPT port range Telnet TCP 23 TCP server port Webserver TCP 80 TCP server port DHCP UDP 67 Source port DHCP Server...