1. Manuals
  2. Brands
  3. Perle Manuals
  4. Network Router
  5. P1705
  6. User and system administration manual

Perle P1705 User And System Administration Manual

Bridge / routers with vpn
Hide thumbs Also See for P1705:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Reference Manual
Perle 1700 Series
Perle 1700 Series
Perle 1700 Series
Perle 1700 Series
Bridge / Routers With VPN
User And System
Administration Guide
Part number 5500074-16
© Copyright 2003 by Perle Systems Ltd.

Advertisement

Table of Contents
loading

Related Manuals for Perle P1705

Summary of Contents for Perle P1705

  • Page 1 Perle 1700 Series Perle 1700 Series Perle 1700 Series Perle 1700 Series Bridge / Routers With VPN User And System Administration Guide Part number 5500074-16 © Copyright 2003 by Perle Systems Ltd.
  • Page 2 Encryption product delivery, import and use Delivery of Perle cryptographic products does not imply third-party authority to import, distribute, or use encryption. Importers, distributors, and users are responsible for compliance with all local country laws. Perle strongly recommends that importers, distributors, and users investigate such regulations prior to encryption product...
  • Page 3 Federal Communications Commission (FCC) Note: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.

  • Page 4: Using This Manual

    ” provides a graphical representation of the various common Ethernet frames that the P1705 & P1730 will bridge or route. When defining a pattern filter, these frame displays indicate the offset values to use in order to define the pattern filter correctly.

  • Page 5: Table Of Contents

    P1730..........................3 Connect to the Console....................4 Make the Link Connection(s)..................4 Power Up the Bridge/Router................5 Managing the P1705 & P1730 Using the Menus ..........5 Conventions......................6 Login to Bridge/Router and Enter the Required Configuration....7 Mandatory Configuration....................8 Setting the T1/E1Parameters (T1/E1 WAN only) ..........
  • Page 6 Contents Configure Remote Site Profiles ................37 Configure Remote Site Profiles for ISDN PPP............38 Configure Remote Site Profile for Frame Relay ............40 Configure Remote Site Profiles for Leased Line PPP ..........43 Configure Remote Site Profiles for Frame Relay with ISDN backup ....45 Configure Remote Site Profiles for PPPoE...............
  • Page 7 Contents Installing the ISDN Link Modules..............91 Processor settings for the ISDN Link Modules ..........91 Changing the Termination Straps on the ISDN S/T Interface ...... 92 Connecting to the ISDN-U Link Module ............92 Performing a Software Upgrade ................93 APPENDIX D INTERFACE PINOUTS Pinout Information ......................

  • Page 9: Installation

    Local Area Networks and Wide Area Network connections over leased lines, ISDN circuits, and frame relay permanent virtual circuits. The P1705 supports a single LAN and one or two WAN links (one ISDN BRI interface or two other WAN modules). The P1730...

  • Page 10: Identify The Reset Switch

    Installation Identify the Reset Switch The small hole under the front right corner of the faceplate is used in case a hardware reset is required. The end of a paper clip is sufficient to toggle the small switch behind the hole. Front View RESET...

  • Page 11: Identify The Connectors

    The P1705 may be ordered with a 10Base2, 10Base5, or 10BaseT LAN interface. If this P1705 has an ISDN U or S/T Module, it must only be installed in the slot 1 (leftmost position when viewed from the rear of the unit). The slot 2 position may be unused and covered with a blank panel or may contain another type of module.

  • Page 12: Connect To The Console

    Installation LAN 2 module Link 2 module LAN/Console module MDI-X MDI MDI-X MDI 10/100 BT LAN 10 BT LAN RS-232/V.24 CONSOLE Power connector Figure 1-4 Rear View of the P1730 with Dual LAN connections and a single WAN module Connect to the Console Connection to the bridge/router operator’s console is made through the DB25 connector labeled CONSOLE on the back of the bridge/router.

  • Page 13: Power Up The Bridge/Router

    P1705 & P1730. Each of the configuration scenarios requires setting of operational parameters on the P1705 & P1730. The built-in menu system of the P1705 & P1730 is used to configure the unit. The router menu system operates on a “hotkey” principle; navigating around the menu system is done by typing the number associated with the desired option;...

  • Page 14: Conventions

    Installation Conventions Throughout this section, P1705 & P1730 menu options are shown that are required for the various configuration choices. The appropriate menu options are shown in each instance in the following format: Configuration Option Name Location: Main Sub-Menu Name...

  • Page 15: Login To Bridge/Router And Enter The Required Configuration

    Installation Login to Bridge/Router and Enter the Required Configuration At the login screen type a 1 and the default password to enter the menu system of the Router. The default password is “BRIDGE” (case sensitive) and should be changed if security is desired.

  • Page 16: Mandatory Configuration

    Typical Applications and How to Configure Them. Each configuration requires a different set of parameters to be entered. Refer to Section 2 for details on configuring the P1705 & P1730 in different operational states. Also refer to the P1705 & P1730 VPN Menus Manual file for your operating software on the accompanying CD-ROM for a complete description of all the Menu Options.

  • Page 17: Setting The T1/E1Parameters (T1/E1 Wan Only)

    Installation Setting the T1/E1Parameters (T1/E1 WAN only) The parameters required for a T1 or E1 connection may be obtained from your service provider. These may then be entered via the T1/E1 set-up menu to configure the router for that service. T1/E1 Selection: Location: Main Configuration...
  • Page 18 Installation E1 service does not require line build out selection. Set Link Interface Type: Location: Main Configuration Interfaces Set Up WAN Set Up Link Set Up T1/E1 Set Up as specifed T1 long-haul LBOs: L0db, L7.5db, L15db, L22.5db Short haul LBOs: S0to110ft, S110to220ft, S220to330ft, S330to440ft, S440to550ft, S550to660ft AT&T standard TR64211long-haul connection: TL0db AT&T standard TR64211 short-haul connection: TS0to110ft, TS110to220ft,...

  • Page 19: Identify The Status Leds

    Installation Identify the Status LEDs The four three colour Light Emitting Diodes (LEDs) on the front of the router are depicted in Figure 1-1. The meanings of these LEDs are found in the following chart. Bridge/Router is powered down Green Bridge/Router is running and has passed power-up diagnostics Green (flashing) Bridge/Router is in BOOT mode and is programming the flash...

  • Page 20: Typical Applications & How To Configure Them

    ISDN PPP router would not apply. The P1705 & P1730 routers may be configured as a simple Ethernet bridge, an Ethernet IP router, an Ethernet IPX router, or a combination of the three. When operating the router as a combination bridge/router, simply configure each of the components separately.

  • Page 21: Bridging And Routing

    Bridging and Routing Should You Bridge or Route? When connecting two networks together, the first question to ask is “should I bridge or route”? The decision to bridge or to route may be decided by how the existing networks have been already set-up. Bridging should be used when the network consists of non-routable protocols or routable protocols using the same network numbers.

  • Page 22: Bridging

    Wide Area Network (WAN) connection has been established. The P1705 & P1730 are also pre-configured as an IPX router. This means that if you wish to bridge IPX traffic instead of routing it, you must disable the IPX routing function of the router.

  • Page 23: Ip Routing

    IP Routing An Ethernet IP router is used to intelligently route Internet Protocol (IP) traffic to another network. The networks may be connected across a WAN link (illustrated below) or two LANs connected to the same dual LAN P1730. Router IP Address Router IP Address 199.169.1.10 199.169.2.12...

  • Page 24: Ip Addressing

    Typical Applications & How to Configure Them IP Addressing Devices on an IP network are located by their IP addresses, which is a 32 bit number divided into four 8 bit fields. The IP address identifies both the network and the host device (also known as a node) on that network.

  • Page 25: Masks

    Masks The portion of the IP address to use as the network address is specified by using a mask; a mask is the contiguous number of bits to be used for the network address all set to 1. When the mask is logically ANDed with an IP address, the result is the network address. The mask is specified by entering the mask size as the number of bits in the mask.
  • Page 26 Typical Applications & How to Configure Them The P1705 & P1730 allows mask sizes from 8 to 32 bits. The subnet mask size determines how many bits of the host field of the original IP network address will be used for the creation of subnets.

  • Page 27: Ip Default Gateway

    IP Static Route With its default settings, the P1705 & P1730 will automatically learn the routes to other devices on the network through RIP messages. In some instances it may be desirable to have a predetermined or static route that will always be used to reach certain devices, such as when one specific router is to be used to reach a destination IP network.

  • Page 28: Ipx Routing

    Typical Applications & How to Configure Them IPX Routing The P1705 & P1730 are pre-configured to operate as an IPX router. When installed in an IPX network, the router will learn the IPX network numbers from connected networks. It will then route the IPX frames to the appropriate destination IPX network.

  • Page 29: Novell Servers In One Location Only

    to the IPX frames they receive from the network. Manual entries may be made in the routing tables by adding static IPX routes. Novell Servers in One Location Only Some Novell LAN installations require that a remote LAN that consists of only Novell IPX clients be connected to a central LAN that contains the Novell servers and some more clients.
  • Page 30 Typical Applications & How to Configure Them The following steps must be performed on the router connected to LAN #2. IPX Routing Disabled Location: Main Configuration Packet Services Set-up IPX Routing Set-up IPX Routing Disabling IPX routing allows the IPX frame types to be modified. Configuration: IPX Routing does not need to be disabled in order to change the defined Note network numbers on a PPP router.

  • Page 31: Novell Server With Dual Lans

    The configuration options described here are only for initial set-up and configuration purposes. For more complete information on all of the configuration parameters available please refer to the P1705 & P1730 VPN Menus Manual file on the accompanying CD- ROM.

  • Page 32: Ppp Overview

    Typical Applications & How to Configure Them PPP Overview Point to Point Protocol (PPP) is a connection protocol that allows control over the set-up and monitoring of network communications. It is used in procedures for user authentication (name and password), connection management (spoofing, bandwidth on demand, multilink), and compression.

  • Page 33: Unnumbered Links

    Unnumbered Links An unnumbered link does not use network addressing on the WAN link. The WAN connection is roughly equivalent to an internal connection with each of the two end point routers operating as half of a complete router that is connected between the two endpoint LANs.

  • Page 34: Multilink Operation

    Typical Applications & How to Configure Them Multilink Operation Multilink operation defines the use of more than one link to connect between two PPP routers. The MultiLink Operation option of the remote site profile for a connection is enabled by default. When a Multilink connection is established, the Multilink (MP) options within the PPP set- up and Advanced PPP set-up menus will determine the operation of the Multilink connection.

  • Page 35: Basic Wan Configurations

    Basic WAN Configurations Basic ISDN Connections If this P1705 & P1730 are configured as an ISDN bridge/router, it may establish WAN connections to other bridge/routers via ISDN (Integrated Services Digital Network) connections. Before the P1705 & P1730 can establish an ISDN connection to another ISDN router, the ISDN information must be defined.
  • Page 36 Typical Applications & How to Configure Them The following steps must be performed to configure the P1705 & P1730: The default switch type for ISDN S/T interface modules is NET3, the default switch type for ISDN U interface modules is NI-1. If the type of service your provider uses matches the default setting for the interface module, the following step may be skipped, otherwise, the switch type must be set.

  • Page 37: Ppp Isdn Manual Call Quick Connections

    CD-ROM. PPP ISDN Manual Call Quick Connections The PPP P1705 & P1730 should be configured with a remote site profile entry for each router that will be called (see section 2.3.1). A manual direct dial connection may be performed to establish an initial connection to a remote site router.

  • Page 38: Ipx Router Manual Call Connection

    Typical Applications & How to Configure Them IPX Router Manual Call Connection To establish an IPX PPP direct dial connection, enter the ISDN phone number of the remote site PPP router in the manual dial option. Refer to the Configure as an Ethernet IPX Router section 2.3.1 for more information on IPX configuration required.

  • Page 39: Basic Frame Relay Configuration

    See the following page for instructions on switching Frame relay from disabled to enabled. If the P1730 or P1705 is configured as a frame relay router, it will communicate over WAN connections to other Frame Relay units via Frame Relay Permanent Virtual Circuits (PVC).

  • Page 40: Auto Learning The Frame Relay Configuration

    Profile and the individual link configuration menus. When the P1730 or P1705 first starts up it will query the frame relay service to try to determine the LMI type on each of the frame relay links. Once the LMI type is determined, the PVC configurations will be known from the full status enquiry messages.

  • Page 41: Manual Configuration - Lmi Type

    The configuration options described here are only for initial set-up and configuration purposes. For more complete information on all of the configuration parameters available please refer to the “P1705 & P1730 VPN Menus Reference Manual” file on the accompanying CD-ROM.

  • Page 42: Quick Start Frame Relay

    IPX routing are all set to “enabled”. Because each of these options are enabled by default and the automatically created remote site profiles will establish a PVC connection to the remote site routers, the P1705 & P1730 will bridge and IPX route data without any user configuration.

  • Page 43: Basic Leased Line Configuration

    Before the P1705 & P1730 can establish a link connection to another PPP router, the link speed information must be defined. Refer to the following diagram that shows two routers and another vendors unit connected together with direct leased line connections.

  • Page 44: Bridge Connection

    Typical Applications & How to Configure Them The following steps must be performed on each of the routers in the network. Local IP Address Location: Main Configuration Interfaces Set-up LAN Set-up LAN IP Set-up IP Address / mask size This is the IP address and subnet mask for the link of this router in the unnumbered IP connection.

  • Page 45: Configure Remote Site Profiles

    The remote site profile allows the definition of various connection parameters: Circuit set- up, Bridge and Routing protocol configuration, activation criteria and security. The following steps must be performed on the P1705 & P1730 in order to define a new remote site profile.

  • Page 46: Configure Remote Site Profiles For Isdn Ppp

    Typical Applications & How to Configure Them Configure Remote Site Profiles for ISDN PPP If this router is configured to have at least one ISDN switched circuit, the ISDN call parameters must be defined so that the router knows what ISDN phone number to dial when a connection to this remote site is required and what security parameters to use when establishing a connection.
  • Page 47 1 b) Defining this remote site profile within the IP Address connect table, which will cause a call to be made when a packet for this IP address is routed, Location: Main Configuration Connections up IP Address Connect IP Address Connect Enabled 1 c) Defining the Auto-Call option within the Edit Remote Site menu of this remote site profile.

  • Page 48: Configure Remote Site Profile For Frame Relay

    Typical Applications & How to Configure Them Configure Remote Site Profile for Frame Relay Each of the PVC’s on the frame relay service must be configured within an individual remote site profile on the router. This is usually done automatically through the auto- learning process.
  • Page 49 The DLCI number defined here is the Data Link Connection Identifier value provided by your frame relay service provider. This value must be set if auto-learning is disabled. Each Remote Site PVC must be defined to exist on one of the two physical WAN links available on this router.
  • Page 50 Typical Applications & How to Configure Them Location: Main Configuration Connections up Remote Site Set-up Edit Remote Site Connection Set-up The EIR value specifies the indicated data rate that may be available for this PVC. This value must be set to the same as the value provided by the Frame Relay network provider.

  • Page 51: Configure Remote Site Profiles For Leased Line Ppp

    PPP router must be the same to allow for proper operation. The following steps must be performed on the P1705 & P1730 in order to define a new remote site profile. Remote Site Profile ID & Alias...
  • Page 52 Typical Applications & How to Configure Them Now that the remote site profile is created, a link number must be assigned as the primary link number. The primary link number is the link interface that the router will use to attempt to establish a connection to the remote site PPP router.

  • Page 53: Configure Remote Site Profiles For Frame Relay With Isdn Backup

    Configure Remote Site Profiles for Frame Relay with ISDN backup Frame Relay operation is set-up as described in section 2.3.2 The PVC on both partner routers must be disabled during this set-up procedure, then re-enabled when ready to start. ISDN call set-up is done as described in section 2.3.1. Recovery operation is set-up on the secondary activation menu.

  • Page 54: Configure Remote Site Profiles For Pppoe

    Remote Site Profiles allow for the router to be configured to support PPP over Ethernet (PPPoE) client on the router. The PPPoE feature on the Perle routers provides a PPPoE client support on Ethernet interfaces to a bridging DSL modem to the Internet. This feature will create a PPP tunnel to an ISP located somewhere on the ATM network side of the xDSL modem.
  • Page 55 To verify that PPPoE is enabled for this remote connection, view the read-only parameter Location: Main Configuration Configuration Connection Set-UP Remote Site Set-Up Edit Remote Site Protocol Set-Up PPPoE enabled When setting up your PPPoE link with your ISP provider, one global IP addresses will be provided that should be used for the PPPoE remote site configuration.
  • Page 56 Typical Applications & How to Configure Them Location: Main Configuration Connection Set-Up Remote Site Set-up Protocol Set-Up IP Parameters NAT Advanced Set-up TCP mss enabled TCP mss value 1452 Normally your ISP provider will provide you with an outgoing username and password and to authenticate with their services.
  • Page 57 To ensure that network traffic is routed to the PPPoE connection, the router must be configured to have the default IP gateway setup to your newly created PPPoE remote site connection. Location: Main Configuration Packet Services IP Routing Set-up IP Gateway PPPoE remote site alias...

  • Page 58: Advanced Features

    LAN and supply the minimal configuration needed to allow hosts to operate in an IP network. The following steps must be performed on the P1705 & P1730 to configure it as a DHCP server.
  • Page 59 DNS Set-Up Location: Main Configuration Application Set-up DHCP Set-up DNS Set-up Primary DNS -IP address local DNS server Secondary DNS -IP address external DNS server External DNS Server (Secondary) Internet Service Provider Local DNS Server (Primary) Figure 2 -10 Local + External DNS Server Configuration The configuration options described here are only for initial set-up and configuration purposes.

  • Page 60: Network Address Translation And Port Translation

    Typical Applications & How to Configure Them Network Address Translation and Port Translation The P1705 & P1730 provide support for Network Address Translation (NAT). Network Address Translation is a technique that translates private IP address on a private network to valid global IP addresses for access to the Internet.
  • Page 61 Private Internet Service Network Provider Addresses: e-mail server 1.1.1.2 1.1.1.8 Global IP telnet Address: server 199.87.65.43 1.1.1.3 NAPT mapping: 1.1.1.2 = 199.87.65.43 (25) server 1.1.1.3 = 199.87.65.43 (23) 1.1.1.4 1.1.1.4 = 199.87.65.43 (80) 1.1.1.6 Figure 2 -11 NAPT Configuration...

  • Page 62: Security

    (NAT) and filtering for both incoming and outgoing traffic. IPSec Protocol Suite The PPP P1705 & P1730 support a number of features from the Internet Protocol Security (IPSec) extensions that provide data encryption, authentication and privacy. IPSec can be used to establish a secure Virtual Private Network (VPN) over a public network.
  • Page 63 make provision for NAT to be used with tunneling. We will use this example for the configuration on the pages that follow. The setup for an IPSec connection is done in the IP security set-up menu under Configuration - Packet Services. IP Security may be disabled to check the link connections before the secure connection is set-up.
  • Page 64 Typical Applications & How to Configure Them Note that the policy will be applied to all WAN interfaces, so a link on a second WAN interface must have a policy item (or items) to permit traffic across that interface. Next, the policy item(s) that specify the SA(s), the rules to test packets against and encapsulation algorithms and keys must be set.
  • Page 65 Packet Services Set-up IP Security Set-up Policy Set-up Edit Item item_name Manual ESP SA Authentication If Authentication is left as “none” (the default setting), no authentication will be done on the packet, only encryption will be performed. Next, the encryption and authentication keys are Set-up. As with the SPIs, the Inbound- Outbound pairs must be mirrored on the peer router set-up.
  • Page 66 Typical Applications & How to Configure Them Now the selection rules used to test each packet against are set IPSec ESP SA Location: Main Configuration Packet Services Set-up IP Security Set-up Policy Set-up Edit Item item_name Selection Rules Src IP 10.10.10.1 (25) Dest IP 192.168.10.1 (24)
  • Page 67 To do its job as a router, this device must know where to forward packets with IP addresses outside the LAN. This may be done in a number of ways: a static IP route to the LAN at the other end of the SA connection may be set, the IP address of the Internet Service Provider may be set as the Default Gateway, or an IPSec policy item may be created specifically to pass RIP packets.
  • Page 68 The configuration options described here are only for initial set-up and configuration purposes. For more complete information on all of the configuration parameters available please refer to the P1705 & P1730 VPN Menus Manual file on the accompanying CD-ROM.

  • Page 69: Internet Key Exchange (Ike)

    Internet Key Exchange (IKE) The IKE feature is designed to automatically negotiate IPsec security associations (SAs) and enables IPsec secure communications without costly manual preconfiguration. IKE provides also authentication of the IPsec peers and generate keys to be used by IPsec. Phase 1 is to establish a secure and authenticated tunnel with which to communicate further IKE negotiations.
  • Page 70 Typical Applications & How to Configure Them Transform-1 Encryption/Authentication 1 To link an IPSec policy item to an IKE tunnel, the following items are required to be changed in an existing IPSec policy item. The IPSec policy item must indicate that the IPSec SA is to be negotiated through the IKE SA and specifically which IKE protection suites are to be used.
  • Page 71 Configuration Packet Service Set-up IP Security Set-up Policy Set-up Edit Item Menu Selection Rules Menu Edit Service Source IP Address Destination IP Address Protocol Source Port Destination Port...

  • Page 72: Configure Ppp Security

    Typical Applications & How to Configure Them Configure PPP Security The PPP P1705 & P1730 provide support for both PAP and CHAP security access authentication. An outgoing user name, PAP password, and CHAP secret are defined that the router will use when responding to an authentication request from a remote site PPP router.
  • Page 73 PVC must be disabled to change the PPP encapsulation status, then re-enabled. The configuration options described here are only for initial set-up and configuration purposes. For more complete information on all of the configuration parameters available please refer to the P1705 & P1730 VPN Menus Manual file on the accompanying CD-ROM.

  • Page 74: Configure Firewall

    195.100.1.0 Branch Office Network 195.100.2.0 Router with firewall enabled. Internet Any other network any IP address Figure 2 -13 Sample Firewall Application The following steps must be performed on the P1705 & P1730 to set-up the firewall support as desired.
  • Page 75 First the firewall on the ISP connection (remote site 1) of the WAN is set-up. The firewall option is set to “inbound” to have this WAN firewall filter traffic from the ISP to the router while allowing unrestricted access out to the Internet. Firewall Location: Main Configuration...
  • Page 76 195.100.1.20 The configuration options described here are only for initial set-up and configuration purposes. For more information on all of the configuration parameters available please refer to the P1705 & P1730 VPN Menus Manual file on the accompanying CD- ROM.

  • Page 77: Network Address Translation

    2.4.2 for more information on Network Address Translation. Filters The programmable filtering functions available on the P1705 & P1730 provide a very powerful means of controlling traffic flow to and from a network. Please see section 3 Introduction to Filtering for details on how to set-up various filtering operations.

  • Page 78: Bandwidth On Demand

    Typical Applications & How to Configure Them Bandwidth On Demand The router may be set to activate its secondary link when the load on the primary link exceeds a user-defined threshold. Set the traffic loads for enabling and disabling the secondary circuit Location: Main Configuration Connections up...

  • Page 79: Qos - Priority Queuing

    QOS - Priority Queuing Priority Queuing (PQ) allows the users to configure the router to allow specific traffic bound for an outgoing interface to be prioritized into high, medium, normal and low queues. Packets sent to the high priority queue are serviced first, followed by the packets on the medium queue and so on.
  • Page 80 Typical Applications & How to Configure Them To assign a Priority List to a LAN interface: Location: Main Configuration Interfaces Set-up Lan Set-up QOS Set-up Queuing Strategy Priority Priority List Number To assign a Priority List to a Remote Site Connection: Location: Main Configuration Connections Set-up...

  • Page 81: Simple Network Time Protocol (Sntp)

    Additionally, the router can also be configured to support various time variations features such as local time zone and adjustments for daylight savings time. When the Perle router has SNTP enabled it will periodically send NTP packets to the NTP/SNTP server which will respond with the network time. The router will synchronize its internal clock with the response from the NTP/SNTP server.
  • Page 82 Typical Applications & How to Configure Them IP Address (XXX.XXX.XXX.XXX) Secondary IP Address IP Address (XXX.XXX.XXX.XXX) Version The time zone and daylight savings time configuration is setup within the device setup menu. To configure for Eastern Standard Time (EST) and have daylight saving time implemented for this year only, implement the following steps: Location: Configuration...

  • Page 83: Introduction To Filtering

    Introduction to Filtering The P1705 & P1730 provide programmable filtering which gives you the ability to control under what conditions Ethernet frames are forwarded from one network to another. There are many reasons why this might need to be accomplished, some of which are security, protocol discrimination, bandwidth conservation, and general restrictions.
  • Page 84 Introduction to Filtering Bridge/Router, each of the frames received is passed on to the appropriate internal section of the router. The IPX frames are passed on to the IPX router, the IP frames are passed on to the IP router, and all other frames are passed on to the bridge. Different pattern filters may be defined in each of these sections to provide very extensive pattern filtering on LAN traffic being sent to remote LANs.

  • Page 85: Popular Filters

    Introduction to Filtering brackets Used in pattern filters to separate portions of filter patterns for specific operators. Example: 12-80&(14-24|14-32) This filter pattern will be checked in two operations. First the section in brackets will be checked and then the results of the first check will be used in the second check using the first portion of the filter pattern.

  • Page 86: Ip Router

    Introduction to Filtering IP Router IP router pattern filters are applied to IP Ethernet frames that are being routed. When the router is operating as an IP router, all IP routed frames will be checked against the defined IP router pattern filters. IP routed frames are unaffected by the bridge pattern filters and the IPX router pattern filters.

  • Page 87: Appendix A Menu Trees

    The menu trees on the following pages are a graphical representation of the hierarchy of the built-in menu system of the P1705 & P1730. Each of the menus are shown with the options of the menus being displayed below the specific menu name.

  • Page 88: Menu Tree

    Menu Tree MAIN ISDN Options software release: 51V8.01.xx Frame Relay Options 52V8.06.xx Configuration P1730 only Access Set-Up Device Set-Up 1. Device Set-Up menu 1. Password 2. Telnet Set-Up menu 2. Device Name 3 Upgrade Device 3. Show Time 4. Load FLASH Set-Up menu 4.
  • Page 89 Continued from previous page ISDN Options software release: 51V8.01.xx Frame Relay Options 52V8.06.xx Connections Set-Up P1730 only Remote Site Set-Up Edit Remote Site 1. Edit Remote Site menu 2. Remote site summary 1. Connection set-up menu Connection Set-Up 3. Display learned summary 2.
  • Page 90 Continued from previous page ISDN Options software release: 51V8.01.xx Frame Relay Options Packet Services Set-Up 52V8.06.xx P1730 only Bridging Set-Up Spanning Tree 1. Spanning Tree menu 2. Bridge Forwarding 1. STP State 3. Bridge Aging Timer 2. Bridge Priority 4. Show Bridging Table 3.
  • Page 91 Continued from previous page ISDN Options software release: 51V8.01.xx Frame Relay Options 52V8.06.xx P1730 only Application Set-Up SNMP Set-Up 1. SNMP set-up menu 2. DHCP set-up menu Edit Community 1. Edit Community menu 3. Firewall set-up menu 2. Message Size 4.

  • Page 92: Appendix B Octet Locations On Ethernet Frames

    Appendix B Octet Locations on Ethernet Frames This appendix provides octet locations for the various portions of three of the common Ethernet frames. When creating pattern filters these diagrams will assist in the correct definition of the patterns. The offset numbers are indicated by the numbers above the frame representations.

  • Page 93: Octet Locations On A Bridged Novell Netware Frame

    Configuration Pages Octet Locations on a Bridged Novell Netware Frame ETHERNET Type Codes Type Code Description 0800 DOD IP 0801 X.75 Internet 0804 Chaosnet 0805 X.25 Level 3 0806 0807 XNS Compatibility 6001 DEC MOP Dump/Load 6002 DEC MOP Remote Console 6003 DEC DECNET Phase IV Route 6004...

  • Page 94: Octet Locations On An Ip Routed Tcp/Ip Frame

    Octet Locations Octet Locations on an IP Routed TCP/IP Frame Octet Locations on an IPX Routed Novell Netware Frame...

  • Page 95: Octet Locations On A Bridged Xns Frame

    Configuration Pages Octet Locations on a Bridged XNS Frame...

  • Page 96: Appendix C Servicing Information

    Appendix C Servicing Information Opening of the case and changing of modules is only to be performed by qualified service personnel. WARNING ! Always disconnect the power cord from the rear panel of the bridge/router. The bridge/router case does not need to be opened to change LAN or WAN interface modules.

  • Page 97: Identifying The Internal Components

    Interface Module Interface Module LAN 2 (ISDN BRI, DSU, Interface Module G.703, RS232, V.35, RS422 or V.11) (ISDN BRI, DSU, G.703, RS232, V.35, RS422 or V.11) Flash Memory Figure C-1 Top Internal View of the P1705 & P1730 Ethernet Bridge/Router...

  • Page 98: To Clear A "Lost" Password

    Servicing Information To Clear a “Lost” Password Remove power from the bridge/router. Remove the screw securing the LAN / Console module to the rear of the bridge/router. Be sure to grip the module only by the flange at the bottom of the metal panel.

  • Page 99: Installing The Isdn Link Modules

    Servicing Information Installing the ISDN Link Modules If there is an ISDN module plus another type of WAN interface module or if there is a single ISDN module, the ISDN U or S/T Module must only be installed in the Slot 1 position.

  • Page 100: Changing The Termination Straps On The Isdn S/T Interface

    Servicing Information Changing the Termination Straps on the ISDN S/T Interface The ISDN S/T link interface module has two configurable straps that control whether the ISDN LINE is set to terminated or unterminated. Jumper straps W5 and W6 are factory installed to configure the module as TERMINATED. The TERMINATED position is used when the bridge/router is the only ISDN device connected to the ISDN circuit.

  • Page 101: Performing A Software Upgrade

    Servicing Information Performing a Software Upgrade Execute the Network (TFTP) command from the Load FLASH Set-Up menu. Enter “none” to connect locally or enter the remote site ID number or alias to connect to a remote site. Start the TFTP application to be used for transfers to the router. (The IP address of the router may be found in the Internet Set-Up menu.).
  • Page 102 Servicing Information In the following diagram of a cluster of routers, when upgrading the three routers in the diagram, the upgrade order should be Router C, then Router B, and finally Router A. A TFTP software load to router C would be performed as follows: Using TFTP, get config.txt from each router and save.

  • Page 103: Appendix D Interface Pinouts

    ATL-CSU/DSU Link Module Information The P1705 & P1730 are currently produced with LXT CSU/DSU interface modules; however, the earlier model ATL CSU/DSU module is still compatible with the router and may be used with it. Note that ATL master mode signaling is not compatible with the current standard 64K master mode signaling;...
  • Page 104 Interface Pinouts These modules may have either the UP/DOWN switch type or the ON/OFF slide switch type. Each type is illustrated below. Switches 1 2 3 4 down CSU/DSU LINE Figure D-1 Rear View of ATL-CSU/DSU Link Module with UP/DOWN Switches Figure D-2 View of ATL-CSU/DSU Link Module with Sliding ON/OFF Switches When connecting two bridge/routers back-to-back with CSU/DSU link modules, a null-modem cable is required to crossover the pins on the links.

  • Page 105: Console Pinouts

    Interface Pinouts Console Pinouts The connector shown here and pinouts described here correspond to the connector labeled “Console” on the back of the P1705 & P1730. DB25 Female DCE Contact CCITT IEEE Circuit Direction Number Circuit Circuit Name From Number Desig.

  • Page 106: T1/E1 Module

    Interface Pinouts T1/E1 Module: The T1/E1 interface module use a standard RJ45 service connector, pinout specification RJ48C. T1/E1 Figure D-5 Rear View of the T1/E1 Connector When two T1/E1 routers are to be connected in a back to back set-up, a null-modem crossover cable used for the connection.

  • Page 107: V.24 & Rs232C Link Pinouts

    Interface Pinouts V.24 & RS232C Link Pinouts The connector shown here and pinouts described here correspond to the connector labeled “RS232 / V.24” on the back of the P1705 & P1730. DB25 Female DTE Contact CCITT Circuit Circuit Direction Number...

  • Page 108: V.11/X.21 Link Pinouts

    Interface Pinouts V.11/X.21 Link Pinouts The connector shown here and pinouts described here correspond to the connector labeled “V.11/x.21” on the back of the P1705 & P1730. DB15 Female DTE X.21 Direction Contact Circuits Circuit From Number Reference Name DCE DCE...

  • Page 109: Rs442 & Rs530 Link Pinouts

    Interface Pinouts RS442 & RS530 Link Pinouts The connector shown here and pinouts described here correspond to the connector labeled “RS530” on the back of the P1705 & P1730. DB25 Female DTE Direction Contact Circuit From Number Circuit Name DCE DCE...

  • Page 110: V.35 Link Pinouts

    Interface Pinouts V.35 Link Pinouts The connector pinouts described here correspond to the connector labeled “V.35” on the back of the P1705 & P1730. DB25 M.34 Direction Contact Contact Circuit From Number Number Name DCE DCE Protective Ground ---------- ----------...

  • Page 111: Rs232 Null-Modem Cable Configuration

    Interface Pinouts RS232 Null-Modem Cable Configuration DB25 MALE DB25 MALE Shield Shield Transmitted Data Received Data Transmitted Data Received Data Data Set Ready Request To Send Data Set Ready Request To Send DTE Ready Received Line Signal Detector (CD) Signal Ground Signal Ground Received Line Signal Detector (CD) DTE Ready...

  • Page 112: V.35 Null-Modem Cable Configuration

    Interface Pinouts V.35 Null-Modem Cable Configuration DB25 MALE DB25 MALE Protective GND Protective GND Received Data (A) Transmitted Data (A) Received Data (B) Transmitted Data (B) Received Data (A) Transmitted Data (A) Received Data (B) Transmitted Data (B) Receiver Signal Element Timing (A) Transmitter Signal Element Timing (A) Receiver Signal Element Timing (B) Transmitter Signal Element Timing (B)

  • Page 113: Rs530 Null-Modem Cable Configuration

    Interface Pinouts RS530 Null-Modem Cable Configuration DB25 MALE DB25 MALE Shield Shield Received Data (A) Transmitted Data (A) Received Data (B) Transmitted Data (B) Transmitted Data (A) Received Data (A) Transmitted Data (B) Received Data (B) DCE Ready (A) Request To Send (A) DCE Ready (B) Request To Send (B) Clear To Send (A)

  • Page 114: Rs530 To Rs449 Conversion Cable

    Interface Pinouts RS530 To RS449 Conversion Cable DB25 MALE DB37 MALE/FEMALE Transmitted Data (A) Transmitted Data (B) Received Data (A) Received Data (B) Received Line Signal Detector (A) Received Line Signal Detector (B) Data Set Ready (A) Data Set Ready (B) Request to Send (A) Request to Send (B) Clear to Send (A)

  • Page 115: V.11/X.21 Null-Modem Cable Configuration

    Interface Pinouts V.11/X.21 Null-Modem Cable Configuration Figure D-13 V.11/X.21 Null-Modem Cable The connecting cable must be a shielded cable. Circuits which are paired (contain an (A) and (B) reference) should be connected to twisted pairs within the connecting cable. This cable is needed when it is necessary to connect two units back-to-back and a set of modems is not available.

This manual is also suitable for:

P1730

Table of Contents