Enterasys Security Router X-PeditionTM Manuals

Manuals and User Guides for Enterasys Security Router X-PeditionTM. We have 1 Enterasys Security Router X-PeditionTM manual available for free PDF download: User Manual

Enterasys Security Router X-PeditionTM User Manual (466 pages)

Enterasys Security Router User's Guide

Brand: Enterasys | Category: Network Router | Size: 5 MB

Federal Communications Commission (FCC) Notice
4
Regulatory Compliance Information
4
Industry Canada Notices
5
Product Safety
5
Seguridad del Producto
5
Electromagnetic Compatibility (EMC)
6
Declaration of Conformity
7
Firmware License Agreement
9
Table of Contents
13
Contents of the Guide
29
Conventions Used in this Guide
30
Getting Help
32
Chapter 1: Overview

33
Chapter 2: Managing the XSR

37
- Utilizing the Command Line Interface
  37
  - Connecting Via the Console Port on XSR Series
    37
    
    Using the Console Port for Dial Backup on the XSR 1800 Series
    37
    
    Connecting a Serial Interface to a Modem
    38
    
    Using the Console Port to Remotely Control the XSR
    38
    
    Terminal Commands
    39
  - Connecting Via Telnet
    39
  - Connecting Via SSH
    39
  - Accessing the Initial Prompt
    40
  - Synchronizing the Clock
    40
  - Managing the Session
    41
  - Remote Auto Install
    41
    
    RAI Features and Requirements
    41
    
    How RAI Components Work
    43
    
    RAI Requirements on the XSR
    43
    
    Bootp Client
    44
    
    TFTP Client
    44
  - CLI Editing Rules
    47
  - Setting CLI Configuration Modes
    48
    
    Privileged EXEC Mode
    50
    
    User EXEC Mode
    50
  - Global Configuration Mode
    50
  - Exiting from the Current Mode
    50
  - Mode Examples
    51
  - Observing Command Syntax and Conventions
    51
    
    CLI Command Limits
    52
  - Describing Ports and Interfaces
    52
    
    Supported Physical Interfaces
    52
    
    Supported Virtual Interfaces
    52
    
    Supported Ports
    53
  - Numbering XSR Slots, Cards, and Ports
    53
    
    Setting Port Configuration Mode
    53
  - Setting Interface Type and Numbering
    53
    
    Configuration Examples
    54
  - Entering Commands that Control Tables
    56
    
    Adding Table Entries
    56
    
    Deleting Table Entries
    57
    
    Displaying Table Entries
    57
    
    Modifying Table Entries
    57
  - Managing XSR Interfaces
    57
    
    Configuring an Interface
    58
    
    Disabling an Interface
    58
    
    Displaying Interface Attributes
    58
    
    Enabling an Interface
    58
  - Managing Message Logs
    59
    
    Logging Commands
    59
  - Performing Fault Management
    59
    
    Capturing Fault Report Data
    60
    
    Fault Report Commands
    60
  - Using the Real-Time Clock
    61
    
    RTC Commands
    61
    
    Rtc/Network Clock Options
    61
  - Managing the System Configuration
    61
  - Resetting the Configuration to Factory Default
    62
    
    Using the Default Button (XSR 1800/1200 Series Only)
    62
  - Configuration Save Options
    63
    
    Using File System Commands
    63
  - Bulk Configuration Management
    63
    
    Downloading the Configuration
    63
    
    Creating Alternate Configuration Files
    64
    
    Uploading the Configuration/Crash Report
    64
  - Managing the Software Image
    65
    
    Bootrom Upgrade Choices
    65
    
    Creating Alternate Software Image Files
    65
    
    Loading Software Images
    70
    
    Using EOS Fallback to Upgrade the Image
    70
    
    Configuration Change Hashing
    72
    
    Downloading with FIPS Security
    72
    
    Software Image Commands
    72
  - Displaying System Status and Statistics
    73
- Memory Management
  73
  - Creating Resources
    73
- Network Management through SNMP
  74
- Accessing the XSR through the Web
  81
- Network Management Tools
  81
  - Netsight Atlas Router Services Manager V2.0
    81
  - Firmware Upgrade Procedures
    81
    
    Using SNMP for Downloads
    82
    
    Using the CLI for Downloads
    82
  - Fault Reporting
    82
  - Auto-Discovery
    82
Chapter 3: Managing LAN/WAN Interfaces

83
- Overview of LAN Interfaces
  83
- LAN Features
  83
- Configuring the LAN
  84
- MIB Statistics
  84
- Overview of WAN Interfaces
  85
- WAN Features
  85
- Configuring the WAN
  86
Chapter 4: Configuring T1/E1 & T3/E3 Interfaces

89
Chapter 5: Configuring IP

103
- Overview
  103
- General IP Features
  103
  - ARP and Proxy ARP
    106
  - Proxy DNS
    106
  - BOOTP/DHCP Relay
    106
  - Broadcast
    107
    
    Directed Broadcast
    107
    
    Local Broadcast
    107
  - Icmp
    107
  - Tcp
    108
  - Udp
    108
  - Telnet
    108
  - Ssh
    108
  - Trivial File Transfer Protocol (TFTP)
    109
  - IP Interface
    109
  - Secondary IP
    109
    
    Interface & Secondary IP
    109
    
    ARP & Secondary IP
    110
    
    ICMP & Secondary IP
    110
    
    DHCP & Secondary IP
    111
    
    NAT & Secondary IP
    111
    
    OSPF & Secondary IP
    111
    
    RIP & Secondary IP
    111
    
    Routing Table Manager & Secondary IP
    111
    
    Unnumbered Interface & Secondary IP
    111
    
    VPN & Secondary IP
    111
    
    Pppoe & Secondary IP
    112
    
    VRRP & Secondary IP
    112
  - Maximum Transmission Unit (MTU)
    112
  - Ping
    112
  - Traceroute
    112
- IP Routing Protocols
  112
  - Ripv1 and V2
    113
  - Triggered-On-Demand RIP
    114
    
    How Triggered-On-Demand RIP Works
    114
  - Ospf
    116
    
    LSA Type 3 and 5 Summarization
    117
    
    OSPF Database Overflow
    117
    
    OSPF Passive Interfaces
    118
  - OSPF Troubleshooting
    119
  - Null Interface
    119
  - Route Preference
    119
  - Static Routes
    120
  - VLAN Routing
    120
    
    Forwarding VLAN, Pppoe over VLAN
    121
    
    VLAN Processing over the Xsr's Ethernet Interfaces
    122
    
    VLAN Processing: VLAN-Enabled Ethernet to Standard LAN Interfaces
    122
    
    VLAN Processing: VLAN-Enabled Ethernet to WAN Interfaces
    123
    
    VLAN Processing: WAN Interface to a VLAN-Enabled Ethernet Interface
    123
    
    Qos with VLAN
    124
  - Policy Based Routing
    124
    
    Accessing the Global Routing Policy Table
    124
    
    Match Clauses
    125
    
    PBR Cache
    125
    
    Set Clauses
    125
  - Default Network
    126
  - Classless Inter-Domain Routing (CIDR)
    126
  - Router ID
    126
  - Real Time Protocol (RTP) Header Compression
    127
  - Network Address Translation
    128
    
    Features
    128
  - Virtual Router Redundancy Protocol
    129
    
    VRRP Definitions
    130
    
    Different States of a VRRP Router
    131
    
    How the VRRP Works
    131
  - VRRP Features
    132
    
    Authentication
    132
    
    Multiple Virtual IP Addresses Per VR
    132
    
    Multiple Vrs Per Router
    132
    
    ARP Process on a VRRP Router
    133
    
    Gratuitous ARP
    133
    
    Host ARP
    133
    
    Load Balancing
    133
    
    Proxy ARP
    133
    
    Traffic Process on a VRRP Router
    133
    
    ICMP Ping
    134
    
    Interface Monitoring
    134
    
    Physical Interface and Physical IP Address Change on a VRRP Router
    135
    
    Watch Group Monitoring
    135
  - Equal-Cost Multi-Path (ECMP)
    136
    
    Configuration Considerations
    136
- Configuring RIP Examples
  137
- Configuring Unnumbered IP Serial Interface Example
  139
- Configuring OSPF Example
  139
- Configuring NAT Examples
  140
  - Basic One-To-One Static NAT
    140
    
    Configuring Static Translation
    140
  - Dynamic Pool Configuration
    141
    
    Configuring Dynamic Pool Translation
    141
  - Network Address and Port Translation
    142
    
    Configuring NAPT
    142
    
    Configuring NAPT
    143
  - Multiple NAT Pools Within an Interface
    143
  - Static NAT Within an Interface
    144
  - NAT Port Forwarding
    146
- Configuring Policy Based Routing Example
  146
- Configuring VRRP Example
  147
  - Router Xsra
    147
  - Router Xsrb
    147
- Configuring VLAN Examples
  148
Chapter 6: Configuring the Border Gateway Protocol

149
- Features
  149
- Overview
  149
  - Describing BGP Messages
    150
    
    Open
    150
    
    Keepalive
    151
    
    Notification
    151
    
    Update
    151
  - Defining BGP Path Attributes
    151
    
    AS Path
    152
    
    Origin
    152
    
    Local Preference
    153
    
    Next Hop
    153
    
    Atomic Aggregate
    155
    
    Weight
    155
    
    Aggregator
    156
    
    Multi-Exit Discriminator
    156
    
    Community
    157
  - BGP Path Selection Process
    159
  - BGP Routing Policy
    159
    
    Access Control Lists
    160
    
    Community Lists
    160
    
    Filter Lists
    160
    
    Route Maps
    160
    
    Regular Expression Characters
    161
    
    Regular Expression Examples
    161
    
    Regular Expressions
    161
    
    Peer Groups
    162
  - Initial BGP Configuration
    163
  - Adding BGP Neighbors
    163
  - Resetting BGP Connections
    163
  - Synchronization
    164
  - Address Aggregation
    164
  - Route Flap Dampening
    164
    
    Recommendations for Route Flap Dampening
    165
  - Capability Advertisement
    165
  - Route Refresh
    165
  - Scaling BGP
    166
    
    Route Reflectors
    167
    
    Confederations
    168
  - Displaying System and Network Statistics
    169
- Configuring BGP Route Maps
  170
- Configuring BGP Peer Groups
  173
  - IBGP Peer Group Example
    173
  - EBGP Peer Group Example
    174
  - BGP Community with Route Maps Examples
    174
Chapter 7: Configuring PIM-SM and IGMP

177
- Features
  177
  - Differences with Industry-Standard Approach
    177
- IP Multicast Overview
  178
  - Defining Multicast Group Addressing
    178
  - Outlining IGMP Versions
    179
  - Comparing Multicast Distribution Trees
    179
  - Forwarding Multicast Traffic
    180
- Describing the Xsr's IP Multicast Features
  180
- Describing the Xsr's PIM-SM V2 Features
  183
  - Phase 1: Building a Shared Tree
    184
  - Phase 2: Building Shortest Path Tree between Sender & RP
    184
  - Phase 3: Building Shortest Path Tree between Sender & Receiver
    185
  - Neighbor Discovery and DR Election
    186
  - PIM Register Message
    187
  - PIM Join/Prune Message
    187
  - Bootstrap & Rendezvous Point
    187
  - Assert Processing
    187
  - Source-Specific Multicast
    188
  - PIM SM over Frame Relay
    188
- PIM Configuration Examples
  189
Chapter 8: Configuring PPP

191
- Overview
  191
- PPP Features
  191
  - Link Control Protocol (LCP)
    192
  - Network Control Protocol (NCP)
    192
  - Authentication
    193
    
    Challenge Handshake Authentication Protocol (CHAP)
    193
    
    Microsoft Challenge Handshake Protocol (MS-CHAP)
    193
    
    Password Authentication Protocol (PAP)
    193
  - Link Quality Monitoring (LQM)
    194
  - Multilink PPP (MLPPP)
    194
  - Multi-Class MLPPP
    195
    
    MLPPP Packet Fragmentation and Serialization Transmission Latency
    196
    
    Fragment Interleaving over the Link
    197
    
    Multilink Head Format Negotiation
    197
    
    Events and Alarms
    198
  - IP Control Protocol (IPCP)
    198
    
    IP Address Assignment
    199
  - PPP Bandwidth Allocation/Control Protocols (BAP/BAPC)
    199
- Configuring PPP with a Dialed Backup Line
  200
- Configuring a Synchronous Serial Interface
  200
- Configuring a Dialed Backup Line
  201
- Configuring MLPPP on a Multilink/Dialer Interface
  203
  - Multilink Example
    203
- Configuring BAP
  204
  - Dual Xsrs: One Router Using Dod with Call Request
    204
    
    XSR1 Configuration
    204
    
    XSR2 Configuration
    205
  - Dual Xsrs: BAP Using Call/Callback Request
    206
    
    XSR1 Configuration
    206
    
    XSR2 Configuration
    206
Chapter 9: Configuring Frame Relay

209
- Overview
  209
  - Virtual Circuits
    209
  - Dlcis
    209
  - Dtes
    210
  - Dces
    210
- Frame Relay Features
  211
  - Multi-Protocol Encapsulation
    211
  - Address Resolution
    212
  - Dynamic Resolution Using Inverse ARP
    212
- Controlling Congestion in Frame Relay Networks
  212
- Link Management Information (LMI)
  215
- Sub-Interfaces
  215
- FRF.12 Fragmentation
  216
  - End-To-End Fragmentation
    216
  - User Configuration Commands
    216
    
    Displaying Statistics
    217
    
    Map-Class Configuration
    217
    
    Show Running Configuration
    217
  - Reports and Alarms
    217
  - Clear Statistics
    217
- Interconnecting Via Frame Relay Network
  218
- Configuring Frame Relay
  222
Chapter 10: Configuring Dialer Services

223
- Overview of Dial Services
  223
  - Dial Services Features
    223
- Asynchronous and Synchronous Support
  224
  - AT Commands on Asynchronous Ports
    224
  - V.25Bis over Synchronous Interfaces
    224
  - DTR Dialing for Synchronous Interfaces
    225
  - Time of Day Feature
    225
  - Typical Use for Dial Services
    225
  - Ethernet Backup
    225
  - Dialer Profiles
    226
- Implementing Dial Services
  226
  - Dialer Interface
    227
  - Dialer Strings
    227
  - Dialer Pool
    227
  - Addressing Dialer Resources
    227
  - Configuring Encapsulation
    228
  - ISDN Callback
    228
  - Configuring the Dialer Interface
    232
    
    Creating and Configuring the Dialer Interface
    232
    
    Configuring the Map Class
    233
    
    Configuring the Physical Interface for the Dialer Interface
    233
  - Sample Dialer Configuration
    233
  - Configuring ISDN Callback
    234
    
    Point-To-Multipoint with Multiple Neighbors
    234
    
    Point-To-Multipoint with One Neighbor
    234
    
    Point-To-Point with Different Calling/Called Numbers
    234
    
    Point-To-Point with Matched Calling/Called Numbers
    234
- Overview of Dial Backup
  235
  - Dial Backup Features
    235
- Sequence of Backup Events
  235
- Link Failure Backup Example
  236
- Configuring a Dialed Backup Line
  236
- Overview of Dial on Demand/Bandwidth on Demand
  239
- Dialer Interface Spoofing
  240
- Dialer Watch
  240
  - Dialer Watch Behavior
    241
  - Caveat
    242
- Answering Incoming ISDN Calls
  242
  - Incoming Call Mapping Example
    243
    
    Node a (Calling Node) Configuration
    243
    
    Node B (Called Node) Configuration
    244
    
    Node D (Calling Node) Configuration
    244
- Configuring Dod/Bod
  245
  - PPP Point-To-Multipoint Configuration
    246
    
    Node a (Calling Node) Configuration
    246
    
    Node B (Called Node) Configuration
    247
  - PPP Multipoint-To-Multipoint Configuration
    247
    
    Node a Configuration
    247
    
    Node B Configuration
    248
  - PPP Point-To-Point Configurations
    248
    
    Dial-In Routing for Dial on Demand Example
    249
    
    Dial-Out Routing for Dial on Demand Example
    249
  - PPP Point-To-Multipoint Configurations
    250
    
    Dial-In Router Example
    251
    
    Dial-Out Router Example
    251
  - MLPPP Point-To-Multipoint Configuration
    252
    
    Node a (Calling Node) Configuration
    252
    
    Node B (Called Node) Configuration
    253
  - MLPPP Point-To-Point Configurations
    253
    
    Dial-In Router Example
    253
    
    Dial-Out Router Example
    254
  - MLPPP Point-To-Multipoint Configurations
    254
    
    Dial-Out Router Example
    255
    
    Dial-In Router Example
    256
  - MLPPP Multipoint-To-Multipoint Configuration
    256
    
    Node a Configuration
    256
    
    Node B Configuration
    257
- Switched PPP Multilink Configuration
  257
  - Bandwidth-On-Demand
    257
    
    Node a (Calling Node) Configuration
    258
    
    Node C (Called Node) Configuration
    258
- Backup Configuration
  259
Chapter 11: Configuring Integrated Services Digital Network

265
- ISDN Features
  265
  - BRI Features
    266
  - PRI Features
    266
- Understanding ISDN
  266
  - Basic Rate Interface
    267
  - Primary Rate Interface
    267
  - B-Channels
    267
  - D-Channel
    267
  - D-Channel Standards
    268
  - D-Channel Signaling and Carrier Networks
    268
  - ISDN Equipment Configurations
    268
  - Bandwidth Optimization
    269
  - Security
    269
  - Call Monitoring
    270
  - ISDN Trace
    270
    
    Q921 Decoding
    270
    
    Trace Decoding
    270
    
    Q931 Decoding
    271
    
    Reference Parameters
    271
    
    BRI NI-1, DMS100 & 5ESS SPID Registration
    273
    
    Decoded Ies
    273
    
    Terminal Endpoint Identifier (TEI) Management Procedures
    273
- ISDN Configuration
  273
  - BRI (Switched) Configuration Model
    274
  - PRI Configuration Model
    276
  - Leased-Line Configuration Model
    278
- More Configuration Examples
  279
  - T1 Pri
    279
  - Isdn Bri
    279
  - BRI Leased Line
    280
  - BRI Leased PPP
    280
  - BRI Leased Frame Relay
    280
- ISDN (ITU Standard Q.931) Call Status Cause Codes
  280
Chapter 12: Configuring Quality of Service

283
- Overview
  283
- Mechanisms Providing Qos
  284
  - Traffic Classification
    284
    
    Describing the Class Map
    285
    
    Describing the Policy Map
    285
  - Queuing and Services
    286
    
    Describing Class-Based Weight Fair Queuing
    286
    
    Configuring CBWFQ
    287
    
    Configuring Priority Queues
    287
    
    Describing Priority Queues
    287
    
    Measuring Bandwidth Utilization
    287
  - Describing Traffic Policing
    288
    
    Configuring Traffic Policing
    288
  - Class-Based Traffic Shaping
    289
  - Traffic Shaping Per Policy-Map
    290
  - Differences between Traffic Policing and Traffic Shaping
    291
  - Traffic Shaping and Queue Limit
    291
  - Congestion Control & Avoidance
    292
    
    Describing Queue Size Control (Drop Tail)
    292
    
    Describing Random Early Detection
    292
    
    Describing Weighted Random Early Detection
    293
  - Configuration Per Interface
    294
  - Suggestions for Using Qos on the XSR
    295
- Qos and Link Fragmentation and Interleaving (LFI)
  295
  - Configuring Qos with MLPPP Multi-Class
    295
  - Configuring Qos with FRF.12
    296
- Qos with VLAN
  296
- Qos on Input
  299
- Qos on VPN
  299
- Qos Policy Configuration Examples
  306
  - Simple Qos on Physical Interface Policy
    306
  - Qos for Frame Relay Policy
    307
  - Qos with MLPPP Multi-Class Policy
    308
  - Qos with FRF.12 Policy
    309
  - Qos with VLAN Policy
    310
  - Input and Output Qos Policy
    310
  - Input Qos on Ingress to the Diffserv Domain Policy
    311
Chapter 13: Configuring ADSL

313
- Overview
  313
- Features
  313
  - PDU Encapsulation Choices
    314
    
    PPP over ATM
    314
    
    PPP over Ethernet over ATM (Routed)
    315
    
    Routed IP over ATM
    316
  - ADSL Limitations
    317
  - ADSL Hardware
    317
    
    NIM Card
    317
    
    ADSL on the Motherboard
    318
    
    DSP Firmware
    318
  - ADSL Data Framing
    318
  - ATM Support
    318
    
    Virtual Circuits
    318
    
    Class of Service
    319
    
    OAM Cells
    319
    
    Performance Monitoring
    319
  - DSLAM Compatibility
    319
  - Access Concentrator Restrictions
    319
  - Inverse ARP
    320
  - Qos
    320
  - Snmp
    320
- Configuration Examples
  320
  - Pppoe
    320
  - Pppoa
    321
  - Ipoa
    322
Chapter 14: Configuring the Virtual Private Network

323
- VPN Overview
  323
  - Internet Security Issues
    323
  - How a Virtual Private Network Works
    324
- Ensuring VPN Security with Ipsec/Ike/Gre
  324
  - GRE over Ipsec
    326
  - Defining VPN Encryption
    327
- Describing Public-Key Infrastructure (PKI)
  327
  - Digital Signatures
    327
  - Certificates
    328
  - Machine Certificates for the XSR
    328
  - CA Hierarchies
    329
  - Certificate Chains
    329
  - RA Mode
    330
  - Pending Mode
    331
  - Enroll Password
    331
  - CRL Retrieval
    331
  - Renewing and Revoking Certificates
    331
- DF Bit Functionality
  331
- VPN Applications
  332
  - NAT Traversal
    333
  - Site-To-Site Networks
    333
  - Site-To-Central-Site Networks
    333
    
    Client Mode
    334
    
    Network Extension Mode (NEM)
    334
    
    Network Extension Mode (NEM)
    335
  - Remote Access Networks
    335
  - Using OSPF over a VPN Network
    336
    
    Configuring OSPF over Site-To-Central Site in Client Mode
    336
    
    OSPF Commands
    336
    
    Configuring OSPF over Site-To-Central Site in Network Extension Mode
    338
    
    Client
    339
    
    Configuring OSPF with Fail over (Redundancy)
    339
    
    Server 1
    339
- XSR VPN Features
  340
  - Server 1
    340
  - Server 2
    340
  - Client
    340
  - Limitations
    340
- VPN Configuration Overview
  342
  - Master Encryption Key Generation
    342
  - ACL Configuration Rules
    343
    
    Configuring Acls
    343
  - Selecting Policies: Ike/Ipsec Transform-Sets
    344
    
    Configuring Policy
    345
    
    Security Policy Considerations
    345
  - Creating Crypto Maps
    346
    
    Configuring Crypto Maps
    346
  - Authentication, Authorization and Accounting Configuration
    347
    
    AAA Commands
    348
    
    Configuring AAA
    348
  - PKI Configuration Options
    349
    
    Configuring PKI
    350
  - PKI Certificate Enrollment Example
    350
  - Interface VPN Options
    353
    
    VPN Interface Sub-Commands
    354
- Configuring a Simple VPN Site-To-Site Application
  354
- Branch Office
  354
- Configuring the VPN Using EZ-Ipsec
  356
  - EZ-Ipsec Configuration
    357
- Configuration Examples
  358
  - XSR with VPN - Central Gateway
    358
  - Remote Access
    359
  - GRE Tunnel for OSPF
    362
    
    Tunnel A: XSR-3250 VPN GRE Site-To-Site Tunnel
    362
    
    Tunnel B: XSR-1805 VPN GRE Site-To-Site Tunnel
    364
  - Xsr/Cisco Site-To-Site Example
    366
    
    Cisco Configuration
    366
    
    XSR Configuration
    367
- Interoperability Profile for the XSR
  368
  - Scenario 1: Gateway-To-Gateway with Pre-Shared Secrets
    368
  - Scenario 2: Gateway-To-Gateway with Certificates
    371
Chapter 15: Configuring DHCP

375
- Overview of DHCP
  375
- Features
  375
  - DHCP Server Standards
    376
- How DHCP Works
  376
- DHCP Services
  377
- DHCP Client Services
  380
  - Router Option
    380
  - Parameter Request List Option
    380
  - DHCP Client Interaction
    380
    
    Secondary Address Caveats
    380
    
    Interaction with Remote Auto Install (RAI)
    381
  - DHCP Client Timeouts
    381
- DHCP CLI Commands
  382
- DHCP Set up Overview
  383
  - Configuring DHCP Address Pools
    383
  - Configuring DHCP - Network Configuration Parameters
    383
- Configuration Steps
  383
- DHCP Server Configuration Examples
  385
  - Manual Binding with Class Example
    385
  - Pool with Hybrid Servers Example
    385
  - Manual Binding Example
    385
  - BOOTP Client Support Example
    386
  - DHCP Option Examples
    386
Chapter 16: Configuring Security on the XSR

387
- Features
  387
  - Access Control Lists
    387
    
    ACL Violations Alarm Example
    388
  - Packet Filtering
    388
  - Land Attack
    388
  - Smurf Attack
    389
  - Fraggle Attack
    389
  - IP Packet with Multicast/Broadcast Source Address
    389
  - Spoofed Address Check
    389
  - SYN Flood Attack Mitigation
    389
  - Fragmented and Large ICMP Packets
    389
    
    Fragmented ICMP Traffic
    389
    
    Large ICMP Packets
    390
    
    Ping of Death Attack
    390
  - Spurious State Transition
    390
- General Security Precautions
  390
- AAA Services
  391
  - Connecting Remotely Via SSH or Telnet with AAA Service
    392
- Firewall Feature Set Overview
  395
  - Reasons for Installing a Firewall
    395
  - Types of Firewalls
    396
    
    ACL and Packet Filter Firewalls
    396
    
    ALG and Proxy Firewalls
    397
    
    Stateful Inspection Firewalls
    398
- XSR Firewall Feature Set Functionality
  398
  - Stateful Firewall Inspection (SFI)
    398
  - Filtering Non-TCP/UDP Packets
    398
  - Application Level Commands
    399
  - Application Level Gateway
    399
  - On Board URL Filtering
    400
  - Denial of Service (Dos) Attack Protection
    401
  - Alarm Logging
    402
  - Alarms
    402
  - Authentication
    403
  - Firewall and NAT
    404
  - Firewall and VPN
    404
  - Acls and Firewall
    404
  - Dynamic Reconfiguration
    404
- Firewall CLI Commands
  405
- Firewall Limitations
  408
- Pre-Configuring the Firewall
  409
- Steps to Configure the Firewall
  409
- Configuration Examples
  410
  - XSR with Firewall
    410
  - XSR with Firewall, Pppoe and DHCP
    412
  - XSR with Firewall and VPN
    413
  - Firewall Configuration for RADIUS Authentication and Accounting
    419
  - Firewall Configuration for VRRP
    419
  - Configuring Simple Security
    420
  - RPC Policy Configuration
    421
Appendix A: Alarms/Events, System Limits, and Standard ASCII Table

423
- Recommended System Limits
  423
- System Alarms and Events
  425
- Shutdown Command
  433
- Firewall and NAT Alarms and Reports
  436
- Standard ASCII Character Table
  441
Appendix B: XSR SNMP Proprietary and Associated Standard Mibs

443
- Etsyssrvclvlmetrictable
  443
- Etsyssrvclvlownertable
  444
- Etsyssrvclvlhistorytable
  444
- Etsyssrvclvlnetmeasuretable
  445
- Etsyssrvclvlaggrmeasuretable
  446
- BGP V4 MIB Tables
  447
  - General Variables Table
    447
  - BGP V4 Peer Table
    447
  - BGP-4 Received Path Attribute Table
    449
  - BGP-4 Traps
    450
- Firewall MIB Tables
  451
  - Global Interface Operations
    451
  - Monitoring Objects
    452
    
    Policy Rule Table Totals Counters
    452
    
    Policy Rule True Table
    452
    
    Session Totals Counters
    452
    
    Session Totals Table
    452
    
    Authenticated Address Counters
    453
    
    Authenticated Addresses Table
    453
    
    IP Session Counters
    453
    
    IP Session Table
    453
    
    DOS Attacks Blocked Counters
    454
    
    DOS Attacks Blocked Table
    454
- VPN MIB Tables
  454
  - Etsysvpnikepeer Table
    455
  - Etsysvpnikepeerproposals Table
    455
  - Etsysvpnikeproposal Table
    456
  - Etsysvpnipsecpolicy Table
    456
  - Etsysvpnintfpolicy Table
    456
  - Etsysvpnipsecpolicyrule Table
    457
  - Etsysvpnipsecpolproposals Table
    457
  - Etsysvpnipsecproposal Table
    458
  - Etsysvpnipsecproptransforms Table
    458
  - Etsysvpnahtransform Table
    458
  - Etsysvpnesptransform Table
    459
  - Etsysvpnipcomptransform Table
    459
- Ipcidrroutetable for Static Routes
  460
- Host Resources MIB Objects
  460
- Enterasys Configuration Management MIB
  461
- Enterasys Configuration Change MIB
  462
- Enterasys SNMP Persistence MIB
  463
- Enterasys Syslog Client MIB
  464
- Service Level Reporting MIB Tables
  443

Enterasys Categories

Switch

Network Router Network Hardware Wireless Access Point Software

More Enterasys Manuals

Enterasys Security Router X-PeditionTM Manuals

Enterasys Security Router X-PeditionTM User Manual (466 pages)

Table of Contents

Chapter 1: Overview

Chapter 2: Managing the XSR

Chapter 3: Managing LAN/WAN Interfaces

Chapter 4: Configuring T1/E1 & T3/E3 Interfaces

Chapter 5: Configuring IP

Chapter 6: Configuring the Border Gateway Protocol

Chapter 7: Configuring PIM-SM and IGMP

Chapter 8: Configuring PPP

Chapter 9: Configuring Frame Relay

Chapter 10: Configuring Dialer Services

Chapter 11: Configuring Integrated Services Digital Network

Chapter 12: Configuring Quality of Service

Chapter 13: Configuring ADSL

Chapter 14: Configuring the Virtual Private Network

Chapter 15: Configuring DHCP

Chapter 16: Configuring Security on the XSR

Appendix A: Alarms/Events, System Limits, and Standard ASCII Table

Appendix B: XSR SNMP Proprietary and Associated Standard Mibs

Related Products

Enterasys Categories