Allied Telesis AR Router Configuration
  1. Manuals
  2. Brands
  3. Allied Telesis Manuals
  4. Network Router
  5. AR Router
  6. Configuration

Allied Telesis AR Router Configuration

Ar router series
Hide thumbs
Table of Contents

Advertisement

Quick Links

Helpful Configuration
Scripts for the
AR Router Series

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the AR Router and is the answer not in the manual?

Questions and answers

Related Manuals for Allied Telesis AR Router

Summary of Contents for Allied Telesis AR Router

  • Page 1 Helpful Configuration Scripts for the AR Router Series...

  • Page 2: Revision History

    Ex 6.3, 6.4, 6.5; Secoff user and securedelay defined ATI are manufacturers of the AR router and are specialists in ISDN and secure networking devices. More detailed information on the AR products is available on ATI’s World Wide Web sites ; www.alliedtelesyn.com www.alliedtelesyn.co.nz...

  • Page 3: Table Of Contents

    Helpful Scripts Contents Quick Command Reference ......................5 1.1. Configurations........................5 1.2. Filing, Reboots, and Feature Licences................. 5 1.3. Command Actions........................ 5 1.4. Upgrade Process ......................... 6 1.5. Generating an Encryption Key ..................... 6 PPP over ISDN and DDS ......................7 2.1.
  • Page 4 Helpful Scripts 6.1. GRE Tunnel (with SA Encrypt.), NAT, and Internet ............29 6.2. L2TP Tunnel (with SA Encrypt.), Firewall and Internet............30 6.3. IPSec (with ISAKMP), Firewall, and VPN Client..............31 6.3.1. IPSec Client option for Example 6.3................32 6.4. IPSec (with Manual Key) and Firewall with NAT device (eg: ADSL), plus VPN Client..33 6.4.1.

  • Page 5: Quick Command Reference

    Helpful Scripts 1. Quick Command Reference 1.1. Configurations Task Command Sho the log Sho log View the current release and patch Sho install Sho the system Information Sho sys Save the current configuration Create config=<config>.cfg Change the boot configuration file Set conf=<config>.cfg What is the current configuration file Sho conf...

  • Page 6: Upgrade Process

    Helpful Scripts 1.4. Upgrade Process Upgrade process Commands Make space, delete the old files Del fi=<oldfile.ext> Load files Load fi=<file.rez> dest=flash serv=<server ip> Load fi=<file.paz> dest=flash serv=<server ip> Load fi=<file.hlp> dest=flash serv=<server ip> Apply a Help file Set help=<help>.hlp Save the config Create conf=<current config>...

  • Page 7: Ppp Over Isdn And Dds

    Helpful Scripts 2. PPP over ISDN and DDS 2.1. PPP over DDS for a Private network Site A Site B 192.168.254.0 CentreCOM AR300 CentreCOM AR300 A c ce ss R o ut er L AN W A N S YS T EM L AN W AN S YS TE M...

  • Page 8: Ppp Over Dds For Internet Access

    Helpful Scripts 2.2. PPP over DDS for Internet Access Site A 200.200.200.0/30 CentreCOM AR300 A c ce ss R o ut er L AN W A N S YS T EM 192.168.10.0 Internet Private NAT Public Note: Be aware that with many Internet Providers it may be more suitable to turn LQR (link quality reporting) off on PPP links, and instead use LCP Echo Request and Echo Reply messages to determine link quality (echo=on).

  • Page 9: Ppp Over Dds For Internet (Nat To Smtp Server) And Private Networks

    Helpful Scripts 2.3. PPP over DDS for Internet (NAT to SMTP Server) and Private networks M ail Server 192.168.10.2 Site A 192.168.10.0 200.200.200.0/30 C ent reC O M A R 30 0 A cces s R ou t er W AN SYST EM ppp0 ppp1...

  • Page 10: Ppp Over Isdn Private Network

    Helpful Scripts 2.4. PPP over ISDN Private network Mail Server 192.168.10.2 192.168.1.0 Site B Ce ntreCO M AR30 0 Access R outer SYS TEM 192.168.254.0/30 Site A ppp1 ISDN 192.168.2.0 Ce ntreCO M AR30 0 Access R outer SYS TEM Site C ppp2 192.168.10.0...

  • Page 11: Ppp Over Isdn Internet Access

    Helpful Scripts Router C Same as router B with the following exceptions 1) Replace all occurances of "siteb" with "sitec" 2) Change the ip address of ppp0 and eth0 appropriately 2.5. PPP over ISDN Internet Access Dynamic IP Site A ISDN CentreCO M AR 300 LA N...

  • Page 12: Example 2.5 With 2 B Channels Always Up

    Helpful Scripts 2.5.1. Example 2.5 with 2 B channels always up Note: Some ISDN providers and /or ISP providers charge per minute and this option may not be affordable. This alternative is intended where an affordable fixed monthly charge account has been offered by ISDN and ISP providers.

  • Page 13: Ppp Over Isdn Internet And Private Networks

    Helpful Scripts 2.6. PPP over ISDN Internet and Private networks I n te rn e t M a i l S e r v e r 1 9 2 .1 6 8 .1 0 .2 1 9 2 .1 6 8 . 1 . 0 I S D N S ite B 2 0 0 .2 0 0 .

  • Page 14: Time Division Muliplexing (Tdm)

    Helpful Scripts 3. Time Division Muliplexing (TDM) Mail Server 192.168.10.2 192.168.1.0 Site B CentreCOM A R 30 0 A cce ss R outer W AN SYS TEM Site A 192.168.254.0/30 AR 395 ppp1 2M PRI 192.168.2.0 CentreCO M A R 30 0 L AN W AN SYS T EM...

  • Page 15: Frame Relay

    Helpful Scripts 4. Frame Relay 4.1. Standard Frame Relay for LMI REV 1 (Sometimes referred to as “cisco” LMI type) 192.168.1.0 192.168.2.0 Site A Site B CentreCOM AR300 DLC=102 CentreCOM AR30 0 DLC=101 A cce s s R out er W AN SYS T EM A cce ss R out er...

  • Page 16: Standard Frame Relay Isp Access

    Helpful Scripts 4.2. Standard Frame Relay ISP Access Mail Server 192.168.10.2 200.200.200.1 192.168.10.0 Site A LIN K Coll TX RX CentreCOMAR300 SYSTEM Access Frame Internet Relay DLC=102 Router A # Frame Relay Configuration # Note: By default LMI is set to "LMIrev1" which is the same as "cisco" LMI type. create fr=0 over=syn0 # IP Configuration enable ip...

  • Page 17: Standard Frame Relay For Lmi Annexd

    Helpful Scripts 4.3. Standard Frame Relay for LMI AnnexD (Sometimes referred to as “ANSI” LMI type) 192.168.1.0 192.168.2.0 Site A Site B CentreCOM AR300 DLC=102 CentreCOM AR30 0 DLC=101 A cce s s R out er W AN SYS T EM A cce ss R out er W AN SYS T EM...

  • Page 18: Logical Interfacing To Frame Relay, Internet Connection Via Isp With Private Network

    Helpful Scripts 4.4. Logical interfacing to Frame Relay, Internet connection via ISP with Private Network 192.168.1.0 192.168.2.0 Site A Site B 192.168.254.1 CentreCOM AR300 DLC=102 CentreCOM AR300 DLC=101 A cce ss R out er L AN W AN S YS T EM A cc e ss R out er L AN W AN...

  • Page 19: Ospf On The Private Network, 4.4 Continued

    Helpful Scripts 4.4.1. OSPF on the private network, 4.4 continued Router A ( First remove the 2 static routes to the private network sites, leave default route # Frame Relay Configuration # Note: By default LMI is set to "LMIrev1" which is the same as "cisco" LMI type. create fr=0 over=syn0 add fr=0 li=1 type=ptp add fr=0 li=2 type=ptp...
  • Page 20 Helpful Scripts Router B # Frame Relay Configuration # Note: By default LMI is set to "LMIrev1" which is the same as "cisco" LMI type. create fr=0 over=syn0 add fr=0 li=1 type=ptp set fr=0 dlc=101 li=1 # IP Configuration enable ip add ip int=fr0.1 ip=192.168.254.2 mask=255.255.255.252 add ip int=eth0 ip=192.168.2.1 # OSPF Configuration...

  • Page 21: Firewall Configs

    Helpful Scripts 5. Firewall Configs 5.1. Simple Firewall over PPP with internal mail server Mail Server 192.168.10.2 Site A 200.200.200.0/30 Internet CentreCO M A R 30 0 A cce ss Rout er L AN W AN SYS T EM 192.168.10.0 Private Firewall Public Note: Be aware that with many Internet Providers it may be more suitable to turn LQR (link quality reporting) off on PPP links, and instead use LCP Echo Request and Echo Reply messages to determine link quality (echo=on).

  • Page 22: Pinging, Email Notification, Accounting, And Logging

    Helpful Scripts 5.1.1. PINGING, Email notification, accounting, and logging Router A set mail host=mydomain.mail.com set ip nameserve=100.100.100.100 # Firewall Configuration # Ping is blocked by default, to enable outgoing ping responses back in enable firewall policy=main icmp_forward=ping enable firewall policy="main" accounting enable firewall policy="main"...
  • Page 23 Helpful Scripts Router A # Frame Relay Configuration # Note: By default LMI is set to "LMIrev1" which is the same as "cisco" LMI type. create fr=0 over=syn0 add fr=0 li=1 type=ptp add fr=0 li=2 set fr=0 dlc=102 li=2 set fr=0 dlc=103 li=2 set fr=0 dlc=104 li=1 # IP Configuration enable ip...

  • Page 24: Firewall Over Ppp With A Public And Private Ip Range Multi-Homed On The Lan

    Helpful Scripts 5.3. Firewall over PPP with a Public and private IP range multi-homed on the LAN (Pseudo DMZ) No NAT to Internal Public IP Mail Server 100.100.100.100 Valid Internet address Site A 200.200.200.0/30 Internet LIN K TX RX Coll CentreCOM AR300 Access SYSTEM...

  • Page 25: Firewall Over Ppp With Private Ip Addesses Only On The Lan

    Helpful Scripts 5.4. Firewall over PPP with Private IP addesses only on the LAN Internet Address Mail Server 200.200.200.2 Web Server 200.200.200.3 Mail Server Site A 192.168.10.2 200.200.200.0/30 Internet C entreC O M AR300 A c ce ss R out e r L A N W A N S YS TE M...

  • Page 26: Firewall With Adsl

    Helpful Scripts 5.5. Firewall with ADSL Internet Address Internet Address Mail Server Mail Server 192.168.1.1 200.200.200.1 Web Server Web Server 192.168.1.1 200.200.200.1 Mail Server Site A 200.200.200.1/30 192.168.1.0/24 192.168.10.2 Internet CentreCOM AR300 Access Router SYSTEM ADSL 192.168.1.1 192.168.1.2 192.168.10.0 Web Server ADSL Private Firewall Public 192.168.10.3...

  • Page 27: Firewall Over Ppp With A Dmz Lan

    Helpful Scripts 5.6. Firewall over PPP with a DMZ LAN Private Firewall Public Out going Web access out 192.168.0.0 with NAT Site A 200.2.2.1 192.168.0.1 Internet NK TX RX CentreCOM AR300 Access Router SYSTEM 208.10.10.1 Mail Server 208.10.10.20 Note: Be aware that with many Internet Providers it may be more suitable to turn LQR (link quality reporting) off on PPP links, and instead use LCP Echo Request and Echo Reply messages to determine link quality (echo=on).

  • Page 28: Firewall Over Frame Relay With (Dynamic Ip) For Internet Access. "Mailing Bagging

    Helpful Scripts 5.7. Firewall over Frame Relay with (Dynamic IP) for Internet access. "Mailing bagging" Mail Server 192.168.10.2 Dynamic IP 192.168.10.0 Site A CentreCOM AR 30 0 LA N W AN SY S T E M A cc e s s R ou t er Frame Internet Relay...

  • Page 29: Vpn

    Helpful Scripts 6. VPN 6.1. GRE Tunnel (with SA Encrypt.), NAT, and Internet (Preferred example uses L2TP with firewall. Refer example 6.2) Internet Access Site A Site B Virtual Tunnel CentreCOM AR300 CentreCOM AR300 A cc e ss R o u te r L A N W AN S YS T E M...

  • Page 30: L2Tp Tunnel (With Sa Encrypt.), Firewall And Internet

    Helpful Scripts 6.2. L2TP Tunnel (with SA Encrypt.), Firewall and Internet Internet Access Site A Site B 200.200.200.1 222.222.222.1 V irtual Tunnel CentreCOM AR300 192.168.1.1 192.168.1.2 CentreCOM AR300 A ccess Router SYSTEM Access Router SYSTEM 192.168.10.0 192.168.20.0 Note: Be aware that with many Internet Providers it may be more suitable to turn LQR (link quality reporting) off on PPP links, and instead use LCP Echo Request and Echo Reply messages to determine link quality (echo=on).

  • Page 31: Ipsec (With Isakmp), Firewall, And Vpn Client

    Helpful Scripts 6.3. IPSec (with ISAKMP), Firewall, and VPN Client This configuration illustrates two IPSec tunnels, allowing for a remote office, a remote VPN client (roaming user), and Internet access. The VPN client may use dynamic ip address. This example is not suitable behind a NATing device (eg: ADSL).

  • Page 32: Ipsec Client Option For Example 6.3

    Helpful Scripts Router B set sys name=remoffice set user securedelay=600 add user=secoff pass=<your password> priv=sec create ppp=0 over=syn0 enable ip add ip int=eth0 ip=192.168.20.1 add ip int=ppp0 ip=222.222.222.1 add ip rou=0.0.0.0 mask=0.0.0.0 int=ppp0 next=0.0.0.0 # Firewall # To enable out going ping see example 5.1.1 enable firewall create firewall policy="main"...

  • Page 33: Ipsec (With Manual Key) And Firewall With Nat Device (Eg: Adsl), Plus Vpn Client

    Helpful Scripts 6.4. IPSec (with Manual Key) and Firewall with NAT device (eg: ADSL), plus VPN Client This configuration illustrates two IPSec tunnels, allowing for a remote office, a remote VPN client (roaming user), and Internet access. In this example the VPN client must use a static address. (This is because router at Site A is behind a NATing device (ADSL modem), which therefore necessitated a manual key configuration, which in turn requires a peer with static address).

  • Page 34: Ipsec Client Option For Example 6.4

    Helpful Scripts Router B set user securedelay=600 add user=secoff pass=<your password> priv=sec # PPP create ppp=0 over=syn0 # optional set ppp=0 over=syn0 lqr=off echo=on # IP enable ip Add ip int=eth0 ip=192.168.20.1 Add ip int=ppp0 ip=222.222.222.1 add ip rou=0.0.0.0 next=0.0.0.0 int=ppp0 # Firewall # To enable out going ping see example 5.1.1 enable fire...

  • Page 35: Ipsec & Isakmp (With L2Tp) And Firewall Router, Behind Nat Device (Eg:adsl)

    Helpful Scripts 6.5. IPSec & ISAKMP (with L2TP) and Firewall router, behind NAT device (eg:ADSL) This configuration illustrates an IPSec tunnel over L2TP to a remote office, and allows for Internet access. Note: This solution uses Firewall with NAT and IPSec, supported from release 1.9.3. L2TP is used to Tunnel ISAKMP/IPSec through NAT process between routers (eg: ADSL).
  • Page 36 Helpful Scripts # IPSec ena ipsec create ips sas=1 prot=esp hasha=null encalg=des keym=isakmp create ips sas=2 prot=ah mode=tunn hasha=sha keym=isakmp create ips bundle=1 keym=isakmp string=”1 and 2” create ips pol=isakmp int=ppp10 act=permit lpo=500 rpo=500 create ips pol=tunnel int=ppp10 act=ipsec key=isakmp bund=1 peer=192.168.5.2 set ips pol=tunnel lad=192.168.10.0 lmask=255.255.255.0 rad=192.168.20.0 rmask=255.255.255.0 #ISAKMP # Note: Use Section 1.5 to enable system security and generate an Encryption Key of type GENERAL...

  • Page 37: Ipsec And Firewall Through Two Nat Gateways (Eg: Adsl)

    Helpful Scripts 6.6. IPSec and Firewall through two NAT gateways (eg: ADSL) This configuration illustrates an IPSec tunnel through two NATing devices (eg: NATing ADSL gateway devices). It uses release 2.2.1, which allows ISAKMP through NATing devices without the need of L2TP, because of the introduction of the ‘localid’ and ‘remoteid’ parameters. It also allows for Internet access.
  • Page 38 Helpful Scripts Router B set sys name="Remote Office" set user securedelay=600 add user=secoff pass=<your password> priv=sec # IP enable ip add ip int=eth0 ip=192.168.20.1 mask=255.255.255.0 add ip int=eth1 ip=192.168.2.253 add ip rou=0.0.0.0 next=192.168.2.254 int=eth1 # Firewall # To enable out going ping see example 5.1.1 enable fire create fire policy="main"...

  • Page 39: Two Gateways; Firewall With Ipsec And Isakmp To Vpn Client & Remote Office

    Helpful Scripts 6.7. Two Gateways; Firewall with IPSec and ISAKMP to VPN Client & Remote Office This example is intended for networks where there is an existing default gateway (behind a ‘dirty LAN’) which needs to remain in service. An Allied Telesyn router is introduced as an alternative gateway, intended only for providing the IPSec VPN tunnels.
  • Page 40 Helpful Scripts #ISAKMP # Note: Use Section 1.5 to enable system security and generate an Encryption Key of type GENERAL # on router A and B create isakmp pol=remoffice pe=222.222.222.1 hashalg=sha key=1 set isakmp pol=remoffice sendd=true setc=true create isakmp pol=roaming1 pe=any hashalg=sha key=1 set isakmp pol=roaming1 sendd=true setc=true sendnotify=on set isa pol=roaming1 xauth=server xauthtype=generic enable isakmp...

  • Page 41: Notes On Ipsec Testing And Verification

    Helpful Scripts 6.8. Notes on IPSec Testing and Verification Testing of an IPSec tunnel. The following are precautions to testing through IPSec tunnels: • The ‘ip local’ ip address is best left at default. If ‘ip local’ is set to an address other default, this may invalidate ISAKMP negotiation.
  • Page 43 Helpful Scripts Helpful Scripts Revision 5.8.7; 5 April 2001  ATI...

This manual is also suitable for:

Ar router series

Table of Contents