Allied Telesis AT-AR440S Manual
  1. Manuals
  2. Brands
  3. Allied Telesis Manuals
  4. Network Router
  5. SwitchBlade AT-AR440S
  6. Manual

Allied Telesis AT-AR440S Manual

Hide thumbs Also See for AT-AR440S:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Setup Manual
How To
Configure some advanced features on your AT-AR440S ADSL Router

Introduction

This document describes how to configure some of the more advanced features on your AT-
AR440S ADSL router. It assumes that you have already set up basic Internet access on the router,
and are now aiming to add more facilities to the configuration.
This document complements the other documentation available for the AT-AR400 router series:
The AR400 Series Router Quick Install Guide
The AR400 Series Router Documentation and Tools CD-ROM, which includes the complete
AR400 Series Document Set and utilities.
How to set up your AT-AR440S ADSL router for Internet access

What information will you find in this document?

This document provides information about:
Firewall and NAT
DHCP server
DNS relay
ISDN backup of the ADSL link
VPN with NAT-T
Troubleshooting - basic and advanced
Note - The latest documentation can always be downloaded from www.alliedtelesyn.com.

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the AT-AR440S and is the answer not in the manual?

Questions and answers

Related Manuals for Allied Telesis AT-AR440S

Summary of Contents for Allied Telesis AT-AR440S

  • Page 1: Introduction

    The AR400 Series Router Documentation and Tools CD-ROM, which includes the complete AR400 Series Document Set and utilities. • How to set up your AT-AR440S ADSL router for Internet access What information will you find in this document? This document provides information about: •...

  • Page 2: Table Of Contents

    Table of Contents Introduction ..........................1 What information will you find in this document? ............1 1. Firewall Interfaces and NAT ....................3 2. Firewall Allow Rules ....................... 8 Confirming your configuration ..................10 3. DHCP Server ........................11 4. DNS Relay Configuration ....................14 Enabling DNS Relay using the GUI ................

  • Page 3: Firewall Interfaces And Nat

    1. Firewall Interfaces and NAT The PCs on your LAN use private IP addresses. Your ISP allocates, or you have statically defined, a single public address to your router. When your PCs access the Internet via your router, the router must substitute its public IP address into the data packets as it sends them out.
  • Page 4 Note - If you want to change any of these settings, remember to click on the blue Apply button at the bottom of the page afterwards. The Firewall Configuration window is shown below. Step 2 Select the blue Interfaces tab at the top of the Firewall Configuration page. Select the blue Modify LAN button from the next window;...
  • Page 5 Select Modify WAN from the Firewall Interfaces window. The Select WAN Interface(s) window will open. This will confirm your firewall public interface. Again, you have the opportunity to add other public interfaces if required. Select the Close button at the bottom of the page. 1.
  • Page 6 You will be returned to the Firewall Interfaces window. You may also wish to modify some ICMP forwarding options for security reasons. Step 3 Select the TAB marked Policy Options For high security you should turn off all ICMP forwarding options except those really needed, such as Ping.
  • Page 7 If you have added extra public or private interfaces to the firewall, you may wish to define NAT relationships between them. Step 4 Select Configuration > Firewall > NAT from the main menu. The Firewall NAT LAN window will open. You have the opportunity to add other NAT interface relationships if needed.

  • Page 8: Firewall Allow Rules

    2. Firewall Allow Rules You may also need to define some allow rules or ‘pinholes’ to allow externally initiated traffic of some types. For example - you may have a Web server that you wish to allow the public to access. Please note that allowing access to servers will normally mean you need a fixed public address rather than dynamically assigned - or you will need a dynamic DNS domain name arrangement.
  • Page 9 This selects the traffic type, which we want to be HTTP (or port 80) Web traffic. Then you must define the IP translation required. Step 2 Select the IP Address Settings tab and setup the page as shown below: Note - it is highly recommended to leave the ‘Remote IP’ settings unaltered. The purpose of these settings is to define which addresses on the Internet will be able to access your server.

  • Page 10: Confirming Your Configuration

    Confirming your configuration You can also confirm your configuration by selecting the Diagnostics > Command Line menu option. Enter the command: show configuration dynamic=fire You should see output something like this: # FIREWALL configuration enable firewall create firewall policy="guilan" set firewall policy="guilan" max=0 enable firewall policy="guilan"...

  • Page 11: Dhcp Server

    3. DHCP Server A DHCP Server provides the convenience of PCs automatically getting an IP address when they are plugged into your local office LAN network. The default factory configuration has a DHCP Server pre-configured. However, you may need to change the configuration to suit your network's IP addressing scheme.
  • Page 12 Altering DHCP Server configurations If you wish to alter this configuration, take the following steps using the GUI. Select Configuration from the main side menu. Select DHCP Server > Configuration. The DHCP Server Configuration window opens. To alter the DHCP policy, select the lan-dhcp policy name and click modify. Note - Some parameters can be altered here.
  • Page 13 After your configuration changes, you can confirm your changes are correct by selecting Diagnostics > Command Line. Enter the command: show configuration dynamic=dhcp You should also save your configuration changes. 3. DHCP Server...

  • Page 14: Dns Relay Configuration

    4. DNS Relay Configuration The default factory script also enables DNS Relay. The net effect of DNS relay is that your local PCs will make DNS queries to the router, and these queries are relayed to your ISP's Domain Name Server, which will resolve the query and reply.

  • Page 15: Enabling Dns Relay Using The Gui

    Enabling DNS Relay using the GUI If the DNS relay is currently disabled, it can be enabled using the GUI: Select Internet Protocol > General from the side menu. Tick the Enable DNS relay box as shown below. You can see that this configuration page gives you the opportunity to enter the addressees of the primary and secondary DNS Servers, if they are not being automatically assigned.

  • Page 16: Configuring An Isdn Backup Link For Your Main Adsl Link

    This discussion assumes you have already configured a main link to your ISP using an ADSL link - such as shown in the document "How to Set-up your AT-AR440S ADSL Router for Internet Access”, for example, your link type may be PPPoA, PPPoEoA, IPoA or RFC1483 Routed.
  • Page 17 How the Secondary PPP mechanism works The PPP module can monitor the quality of the link using either Link Quality Reporting (LQR) or LCP Echo Request/Reply messages (echo=on). Note that many ISP's use echo, not LQR - as shown in the configuration above. If either method detects failure of the primary link, the PPP module will automatically activate the secondary link and traffic is redirected over the backup link.

  • Page 18: How The Higher Preference Route Works

    How the higher preference route works The router is configured with two default routes to the Internet. The default route via the ADSL link has the lower preference value. Therefore, if this link is up, data will be sent down that route. If the ADSL link goes down, then the associated IP interface and route are marked as not available.

  • Page 19: Verifying Your Back-Up Link

    Verifying your Back-up Link Whichever backup method you use, you may want to confirm that your back-up ISDN call works as expected. Start a long sequence of Echo Requests from a PC on the LAN to an Internet address. For this to work it is likely you will also need to enable firewall ICMP forwarding for ping. Step 1 On the router enter the command: Enable firewall policy="guilan"...
  • Page 20 show atm=0 channel=1 Manager > show atm=0 channel=1 ATM interface atm0.1 -------------------------------------------------------------------------------- Channel Number ....1 Channel Description ... None Channel Type ....PVC VPI ......0 VCI ......100 Encapsulation ....VCMUX Service Class ....UBR Configured pcr ....... n/a mcr .......
  • Page 21 sh ip interface Manager > show ip interface Interface Type IP Address Bc Fr PArp Filt RIP Met. SAMode IPSc Pri. Filt Pol.Filt Network Mask OSPF Met. DBcast Mul. VLAN Tag InvArp -------------------------------------------------------------------------------- Local Not set Pass Not set 1500 vlan1 Static 192.168.1.1...

  • Page 22: Ipsec Vpn With Nat-T

    6. IPSEC VPN with NAT -T One very useful application for the AR440 router is to provide an IPSEC gateway to enable remote teleworkers to have a secure connection across the Internet to their office LAN. An IPSEC VPN client comes as a standard component of Microsoft® Windows XP, so it is now very easy to set up a PC to make a secure connection across the Internet.
  • Page 23 create ip pool=myippool ip=x.x.x.x-x.x.x.x enable fire create fire policy=main create fire policy=main dy=dynamic add fire policy=main dy=dynamic user=ANY add fire policy=main int=vlan1 type=private add fire policy=main int=dyn-dynamic type=private add fire policy=main int=atm0.1 type=public add fire policy=main nat=enhanced int=vlan1 gblinterface=atm0.1 add fire policy=main nat=enhanced int=dyn-dynamic gblinterface=atm0.1 add fire policy=main rule=1 int=atm0.1 action=allow protocol=udp ip=<Public IP address>...

  • Page 24: How To Troubleshoot Your Ar440S Series Adsl Connection

    Basic troubleshooting - initial checklist If you are failing to access the Internet via your AT-AR440S ADSL router, then start the troubleshooting process by working through the steps described below: 1. Could you access the router's GUI successfully? If not, then check whether your PC is correctly setup, following the steps in “Appendix B - checking if your PC is correctly configured”...

  • Page 25: Advanced Troubleshooting

    Advanced troubleshooting Most of the work in this troubleshooting process uses the Command Line Interface (CLI). This can be accessed either by using a serial console access or by Telnet access. For instructions on how to access the CLI, please refer to the Quick Install Guide available for you on your AR-440S Series Documentation CD-ROM.
  • Page 26 This is an example of the output you would see in a normal progression to connection, including an initial rate exchange. Manager > enable adsl=0 debug=all Info (1121003): Operation successful. Manager > enable adsl=0 Info (1121003): Operation successful. Manager > adsl0: GS_ACC: Xcvr New Config, action %d Manager >...

  • Page 27: Checking The Atm Layer

    2. Checking the ATM Layer If ADSL is successfully connecting, but you still cannot access the Internet, you then need to check the network layers above. The next layer above ADSL is ATM, so we need to check this next. For your ATM checks, initially use the command "show atm=0", Manager >...
  • Page 28 There is another debugging mode that is much less verbose: Manager > ena atm=0 debug=interface Info (1068003): Operation successful. Manager > ena adsl=0 Info (1121003): Operation successful. Manager > DEBUG_atmIntInstanceL1StatusChange:1892- L1 state Change up on instanc DEBUG_atmIntInstanceStatusHasChanged:5334- Instance 0 Link UP DEBUG_atmIntInstanceStatusHasChanged:5389- L1 is up txBps:576000 rxBps:5280000 DEBUG_atmIntInstanceL1RateChange:3599- L1 rate change txBps:576000 rxBps:5280000 DEBUG_atmIntInstanceL1RateChange:3635- channel 1 speedFactor=10, bandwidth=57600...

  • Page 29: Checking The Ppp Link

    3. Checking the PPP Link If the ATM link is successfully up, but you still cannot access the Internet you then need to check the PPP connection - if your link type is PPPoA or PPPoEoA. (If you use IPoA or RFC1483 Routing links, or bridging over ADSL - skip to the next step).
  • Page 30 15:17:24 ppp0 Link0 (atm0.1) Rx: LCP ConfAck: ID: 38, len: 14/14 MRU ......1656 Magic Number .... 0x3397D1F0 -----End of LCP negotiation---------------- 15:17:24 ppp0 Peer: Transmitting PAP request 15:17:24 ppp0 Peer: Received PAP ACK 15:17:24 ppp0 Peer: PAP authentication succeeded -----End of authentication----------------- 15:17:24 ppp0 Link0 (atm0.1) Tx: IPCP ConfReq: ID: 40, len: 22/22...
  • Page 31 Typical problem scenarios Now let us look at the sort of PPP decode debug output you will see in some typical problem scenarios. Scenario 1 If the ATM link is UP, but the ATM parameters have been set to incorrect values, then the PPP debug will show only transmitted packets, but no incoming packets.
  • Page 32 Scenario 2 If the IP interface has not been configured on the PPP interface, then there will be configure reject packets sent from the router when it receives the IPCP packets from the other end of the link. 20:30:47 ppp0 Link0 (atm0.1) Rx: IPCP ConfReq: ID: 176, len: 10/10 IP Address ...

  • Page 33: Checking The Ip Layer

    4. Checking the IP Layer If the PPP link is successfully up (for PPPoA or PPPoEoA), but you still cannot access the Internet, you then need to check the IP Layer. If you are running PPPoA or PPPoEoA, part of the IP Layer has probably already been assigned through PPP remote assignment - it can be observed in the PPP debugging above.

  • Page 34: Checking The Ip Routes

    5. Checking the IP Routes If you are still not accessing the Internet successfully you may need to check your IP default route is correct. Again, this can be confirmed with the command: show configuration dynamic=ip The relevant part is underlined below: # IP configuration enable ip enable ip remote...

  • Page 35: Appendix A - Typical Adsl Performance Figures To Expect

    Appendix A - Typical ADSL Performance Figures to Expect No doubt you are keen to know if your ADSL performance is OK. As mentioned earlier, you can enter ‘show adsl=0’ and see an output like the one below. It quotes your connection rates and signal-to-noise ratio margins.

  • Page 36: Appendix B - Checking If Your Pc Is Correctly Configured

    IP Routing Enabled..: No WINS Proxy Enabled..: No DNS Suffix Search List..: alliedtelesyn.co.nz Appendix B - checking if your PC is correctly configured...

  • Page 37: For Windows 2000/Xp

    Ethernet adapter Main Lan: Connection-specific DNS Suffix . : alliedtelesyn.co.nz Description ... : Intel(R) PRO/100 VE Network Connection Physical Address..: 00-00-39-FD-BB-E5 DHCP Enabled.

  • Page 38: For Windows 95/98/Me

    Check the radio button labelled ‘Use the following DNS server address’ To manually configure your ISP's DNS addresses, refer to your technical requirements table on page 3 of the document titled: How to set up your AT-AR440S ADSL router for Internet access. For Windows 95/98/ME You can manually define an IP address from within the range 192.168.1.100 to 192.168.1.199 to...
  • Page 39 © 2004 Allied Telesyn International Corp. All rights reserved. Information in this document is subject to change without notice. All company names, logos and product designs that are trademarks or registered trademarks are the property of their respective owners. www.alliedtelesyn.com C613-16041-00 REV A...

Table of Contents