Instruction/ maintenance manual of the product -PR4000 Cyclades
Go to page of 174
Cyclades-PR4000 Installation Manual Mid-range, Multi-protocol, Expandable Remote Access Server Cyclades Corporation.
Cyclades-PR4000 Installation Manual V ersion 2.2 – May 2002 Copyright (C) Cyclades Corporation, 1998 - 2002 We believe the information in this manual is accurate and reliable. However , we assume no responsibility , financial or otherwise, for any consequences of the use of this Installation Manual.
3 T able of Contents Cyclades-PR4000 T able of Contents CHAPTER 1 HOW TO USE THIS MANUAL .............................................................................................. .......... 8 Installation Assumptions .............................
Cyclades-PR4000 4 T able of Contents Example 2 Connection to an Internet Access Provider via Modem ................................................................ 3 7 CHAPTER 5 CONFIGURA TION OF THE ETHERNET INTERF ACE ...............................
5 T able of Contents Cyclades-PR4000 Frame Relay .................................................................................................................... ................................. 82 X.25 ...........................................
Cyclades-PR4000 6 T able of Contents CHAPTER 14 RULES AND FIL TERS .................................................................................................. ............ 123 Configuration of IP Filters ........................................
7 T able of Contents Cyclades-PR4000 General Specifications ......................................................................................................... .......................... 155 External Interfaces ..................................
Cyclades-PR4000 8 Chapter 1 - How T o Use This Manual CHAPTER 1 HOW TO USE THIS MANUAL Three Cyclades manuals are related to the PR4000. 1 The Quick Installation Manual -- provided with the router , 2.
Cyclades-PR4000 9 Chapter 1 - How T o Use This Manual Chapter 14 - Filters and Rules - demonstrates how to protect your router from undesired traffic. Chapter 15 - IPX - presents the hidden menus available only in routers with IPX activated. Chapter 16 - Virtual Private Network - describes CyROS’ VPN implementation.
Cyclades-PR4000 10 Chapter 1 - How T o Use This Manual T ext Conventions Common text conventions are used. A summary is presented below: Convent ion Description CONFIG=>INT ERFACE=>L A combination of menu items, with the last being either a menu item, a parameter, or a comma nd.
Cyclades-PR4000 11 Chapter 1 - How to Use This Manual Cyclades T echnical Support and Contact Information All Cyclades products include limited free technical support, software upgrades and manual updates. These updates and the latest product information are available at: http://www .
Cyclades-PR4000 12 Chapter 1 - How to Use This Manual The mailing address and general phone numbers for Cyclades Corporation are: Cyclades Corporation Phone: + 01 (510) 770-9727 Fax: + 01 (510) 770-03.
Chapter 2 - What is in the Box 13 Cyclades-PR4000 CHAPTER 2 WHA T IS IN THE BOX The following are included with the PR4000: • PR4000 Main Unit • Quick Installation Manual and Documentation CD • .
Cyclades-PR4000 Chapter 2 - What is in the Box 14 SW AN Expansion Card The PR4000 is often sold with a SW AN card in the expansion slot. The SWAN can be connected to a modem or DSU/CSU as shown in Figure 2.3. Cables are not included with the product. or Straight Cable DB-25 Male V .
Chapter 2 - What is in the Box 15 Cyclades-PR4000 Provisioning the T1/E1 Dialup Lines This section provides information useful when provisioning the T1 or E1 dialup trunk lines for use with the Cyclades- PR4000 Remote Access Server .
Cyclades-PR4000 Chapter 2 - What is in the Box 16 ISDN Switch T ype (ISDN-PRI only) Different switch vendors have different signaling protocol implementations. If you are in the US and are given a choice of ISDN switch types, select National ISDN 2, which is intended to be the US standard switch type.
Chapter 2 - What is in the Box 17 Cyclades-PR4000 Signaling Method and Dialing Method (T1 CAS-BR only) T1 with CAS signaling may require additional parameters. For Signaling Method, the selection may be MFR1, DTMF or no signaling. For Dialing Method, the selection may be wink-start or loop-start.
Cyclades-PR4000 Chapter 3 - Using CyROS Menus 18 Chapter 3 Using CyROS Menus This chapter explains CyROS menu navigation and special keys. There are four ways to interact with CyROS: • T raditional .
Chapter 3 - Using CyROS Menus 19 Cyclades-PR4000 [PR4000] login : super [PR4000] Password : **** Cyclades Router (Router Name) – Main Menu 1 – Config 2 – Applications 3 – Logout 4 – Debug 5 – Info 6 – Admin Select Option ==> FIGURE 3.
Cyclades-PR4000 Chapter 3 - Using CyROS Menus 20 Pressing <Enter> without typing a new value leaves the item unchanged. Special Keys <Enter > or <Ctrl+M> These k eys are used to end t he input of a valu e. <ESC> or <Ctrl+I> These keys ar e used to cancel a selection or r eturn to the previous menu.
Chapter 3 - Using CyROS Menus 21 Cyclades-PR4000 menu interface is the same as that described earlier in this section. Using T elnet instead of a console for the initial Ethernet configuration is discussed in Appendix C of the Installation Manual.
Cyclades-PR4000 Chapter 3 - Using CyROS Menus 22 CyROS Management Utility Global Remote Access T able Port Status Seq# 1 2 3 4 5 6 7 8 Slot #2 Port#1 Slot #2 Port#3 Slot #2 Port#6 Slot #2 Port#7 Slot .
Chapter 3 - Using CyROS Menus 23 Cyclades-PR4000 Clicking on one of the links in the Global RAS T able will provide more detailed information about the connection and the user .
Cyclades-PR4000 Chapter 3 - Using CyROS Menus 24 Returning to the CyROS Management Utility Home Page, clicking on a T1 or E1 port on the figure will display the channel details. There is a toggle button in the upper-right-hand corner which toggles between name and speed.
Chapter 3 - Using CyROS Menus 25 Cyclades-PR4000 Operating the Front-Panel Display The Cyclades logo appears on the front-panel display (shown in Figure 3.
Cyclades-PR4000 Chapter 3 - Using CyROS Menus 26 Modem Overview The status of each connection can be displayed by modem or by interface. Modem Order This menu item presents a screen with one box for each modem. Each row corresponds to a Modem board. When 64 modems are present, the screen will appear as in Figure 3.
Chapter 3 - Using CyROS Menus 27 Cyclades-PR4000 Slot/Link Order This menu item presents a screen with one box per T1/E1 channel. Figure 3.8 shows two lines with 30 channels each. The box on the upper left is the first channel, the upper right is the eighth channel, and so forth for as many channels as are configured.
Cyclades-PR4000 Chapter 3 - Using CyROS Menus 28 Interface Overview This screen presents the status of each E1/T1 interface and indicates which modem has been allocated to each channel.
Chapter 3 - Using CyROS Menus 29 Cyclades-PR4000 IP Traf fic After choosing the interface desired, a bar graph showing bytes per second or packets per second is displayed. It is a snapshot of the last 10 minutes of IP traffic through the interface (TX for transmitted and RX for received), with a refresh every minute.
Cyclades-PR4000 Chapter 4 - Step-By-Step Instructions for Common Applications 30 CHAPTER 4 STEP-BY-STEP INSTRUCTIONS FOR COMMON APPLICA TIONS This chapter provides detailed examples that can be used as models for similar applications.
Cyclades-PR4000 Chapter 4 - Step-By-Step Instructions for Common Applications 31 T1/E1 Remote IP Address Assigned on Connection PC Radius Server PC Network T erminator IP Address: 100.130.130.200 __________ Key: Pinocchio _______ LAN ISDN-BRI Line IP Address: 100.
Cyclades-PR4000 Chapter 4 - Step-By-Step Instructions for Common Applications 32 STEP ONE The first step is to determine the parameters needed to configure the Fast Ethernet interface (ETH0). The parameters in the Network Protocol Menu (IP) are shown in Figure 4.
Cyclades-PR4000 Chapter 4 - Step-By-Step Instructions for Common Applications 33 line using the controller . Both CAS and CCS signaling are explained. Which one is used will depend on the services offered by the telephone system.
Cyclades-PR4000 Chapter 4 - Step-By-Step Instructions for Common Applications 34 STEP THREE It is likely that not just anyone should have access to your LAN. A Radius or T acacs server can be used to authenticate the username and password of the incoming connection request.
Cyclades-PR4000 Chapter 4 - Step-By-Step Instructions for Common Applications 35 STEP FOUR The RAS Wizard can be used to set up a PPP Remote Access Server using modems or DSU/CSUs and dial-up lines. The wizard can be used for one port or a range of ports.
Cyclades-PR4000 Chapter 4 - Step-By-Step Instructions for Common Applications 36 At this point, you should create a back-up of the configuration file (in binary) and print out a listing of the configuration. Instructions for creating a back-up of the configuration file: Use the menu option ADMIN =>WRITE CONFIGURA TION =>TO FTP SERVER.
Cyclades-PR4000 37 Chapter 4 - Step-by-Step Instructions Example 2 Connection to an Internet Access Provider via Modem This section will guide you through a complete router installation for the connection of a LAN to an Internet access provider via PPP .
Cyclades-PR4000 38 Chapter 4 - Step-by-Step Instructions STEP ONE The first step is to determine the parameters needed to configure the Ethernet interface (ETH0). The parameters in the Network Protocol Menu (IP) are shown in Figure 4.7. Fill in the blanks for your application in the right-most column.
Cyclades-PR4000 39 Chapter 4 - Step-by-Step Instructions STEP TWO No more parameters are necessary for the Ethernet interface. The other interface to be configured is the SW AN in slot 1. The SW AN physical media parameters are shown in Figure 4.8. Fill in the values for your application.
Cyclades-PR4000 40 Chapter 4 - Step-by-Step Instructions Para mete r Exampl e Your Appl icat ion Secondary IP Address 0. 0.0.0 for none Enable Dynamic Local I P Address Yes, because the IP a d dress of the SWAN interface will be assigned dynamicall y.
Cyclades-PR4000 41 Chapter 4 - Step-by-Step Instructions STEP FOUR The Encapsulation parameters for PPP are less straight-forward. Many of them are based on decisions that cannot be shown in a diagram. Fortunately , the choices made here will mostly affect the performance of the link, rather than whether it works or not.
Cyclades-PR4000 42 Chapter 4 - Step-by-Step Instructions STEP FIVE A static route must be added to tell the router that all traffic not intended for the local LAN should be sent to the Access Provider . Chapter 12 of the Installation Guide explains static routes and other routing methods available in CyROS.
Cyclades-PR4000 43 Chapter 4 - Step-by-Step Instructions STEP SEVEN NA T parameters will now be determined for routing outside of the local LAN. Network Address Translation maps the local IP addresses, registered in the local address range menu below , to the one global IP address assigned by the access provider .
Cyclades-PR4000 44 Chapter 4 - Step-by-Step Instructions Instructions for creating a back-up of the configuration file. Use the menu option ADMIN =>WRITE CONFIGURA TION =>TO FTP SERVER. Fill in the IP address of the computer where the configuration file should be saved, the file name, the directory name, and the user account information.
Chapter 5 - Configuration of the Ethernet Interface 45 Cyclades-PR4000 CHAPTER 5 CONFIGURA TION OF THE ETHERNET INTERF ACE The PR4000 has one Ethernet 10/100Base-T interface, provided in a standard RJ-45 modular jack, which should be connected to an Ethernet hub or switch.
Cyclades-PR4000 Chapter 5 - Configuration of the Ethernet Interface 46 Network Protocol Menu (Continued) Parameter Des cription Sec ondary IP Address App lies t o Numb ered interfaces. Indicates a second (or third, etc. up to eight) IP address that can be us ed to refer to this interface.
Chapter 5 - Configuration of the Ethernet Interface 47 Cyclades-PR4000 IP Bridge An IP Bridge is used to divide a network without subnetting. Whenever a subnetwork is created, two IP numbers are lost — one describing the network and the other reserved for broadcast.
Cyclades-PR4000 Chapter 5 - Configuration of the Ethernet Interface 48 In Figure 5.1, an example of the use of an IP Bridge is given. From the available IP addresses, the range 200.240.240.4 to 200.240.240.8 is bridged to another physical location. The following parameters apply only for IP Bridge.
Chapter 6 - Configuration of the SW AN Interface 49 Cyclades-PR4000 CHAPTER 6 THE SW AN INTERF ACE This chapter describes how to configure a SW AN interface. The physical link should be set up as shown in chapter 2, according to the type of modem or device at the other end of the connection and the type of SW AN port.
Chapter 6 - Configuration of the SW AN Interface 50 Cyclades-PR4000 STEP TWO The second step is to choose a data-link protocol in the Encapsulation menu.
Chapter 6 - Configuration of the SW AN Interface 51 Cyclades-PR4000 STEP FOUR If PPP Encapsulation is being used, a type of authentication should be chosen.
Cyclades-PR4000 Chapter 7 - The E1 and T1 Interfaces, Without Signaling 52 CHAPTER 7 THE E1 AND T1 INTERF ACES, WITHOUT SIGNALING The menus relating to configuration of the E1 and T1 interfaces without signaling are given in this chapter . T1 is a standard used in the United States, Canada, and Japan.
Cyclades-PR4000 Chapter 7 - The E1 and T1 Interfaces, Without Signaling 53 The controller parameters are explained in the table that follows. Controller Menu CONFIG=>CONTROLLER=>T1/E1 Parameter Des cription Frame Mode T1 : ESF (E xte n d ed S up er Fr am e, t he m o st co m mon) a nd D4 ar e th e opti o n s .
Cyclades-PR4000 Chapter 7 - The E1 and T1 Interfaces, Without Signaling 54 STEP ONE The first step in the T1/E1 configuration is the assigning of channel groups, performed in the channel groups menu shown in Figure 8.1. A brief description of the add group menu parameters is given in the table.
Cyclades-PR4000 Chapter 7 - The E1 and T1 Interfaces, Without Signaling 55 Encapsulation Network Protocol [menu shown in a later figure] Routing Protocol [menu shown in a later figure] T raffic Contro.
Cyclades-PR4000 Chapter 7 - The E1 and T1 Interfaces, Without Signaling 56 For channelized T1/E1: • PPP and HDLC. The Encapsulation options are described in chapter 10. STEP FOUR The Network Protocol Menu parameters must be set next. A description of these parameters appears in chapter 9.
57 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 CHAPTER 8 THE E1 AND T1 INTERF ACES, WITH SIGNALING T wo varieties of signaling are available. The older mode, called CAS, and the newer mode, called CCS (which is used for ISDN-PRI).
58 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 Controller Menu CONFIG=>CONTROLLER=>T1/E1 Parameter Des cription Frame Mode T1 : ESF (E xte n d ed S up er Fr am e, t he m o st co m mon) a nd D4 ar e t h e op ti o n s. E1 : CRC 4 (t he m os t c om m on ) and No n- CRC 4 ar e t h e op ti o n s .
59 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 The CCS Signaling Mode (ISDN-PRI) ISDN, the Integrated Services Digital Network, was intended to be a digital upgrade to the current analog telephone system. The ISDN discussed in this chapter is N-ISDN, where the N is for Narrow Band.
60 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 After the channel groups are defined, the ISDN line and channels must be configured.
61 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 The general ISDN options are explained first. ISDN General Menu CONFIG=>INTERF ACE=>T1/E1(ISDN-PRI)=>ISDN Parameter Des cription Main Phone # Principal phone number assigned to the I SDN trunk line.
62 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 The CAS Signaling Mode A typical application that uses CAS Signaling is shown in Figure 8.4. PC PC Integrated RAS Remote Users Analog Line Analog Line CAS Line Application Server Router T elephone Network FIGURE 8.
63 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 Encapsulation Network Protocol Routing Protocol Signaling T raffic Control Bandwidth IP T raffic Control List Config Interface E.
64 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 Channel Menu CONFIG=>INTERF ACE=>T1/E1=> <CHANNEL> Menu Option Description Encapsulation Determ ines the data-link layer protoco l to be used fo r this comm unication link.
65 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 ISDN Modem Server LAN PR4000 MC PPP End Point Discriminator 1 1:22:33:44:55:66 MC PPP IP Address (Ethernet IP Address): 200.200.200.1 MC PPP End Point Discriminator 1 1:22:33:44:55:66 MC PPP IP Address (Ethernet IP Address): 200.
66 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 The info menu items INFO=> SHOW MCPPP LINKS and INFO=> SHOW MCPPP NEIGHBORS provide information about the PPP connections and the other RASs forming the circuit. The tool DEBUG=> MESSAGE TRACE=> MCPPP may be useful in discovering MCPPP problems.
67 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 Multilink PPP (MLPPP) is similar in functionality to the Multichassis feature. The primary difference is that all physical links reside in the same RAS/Router . It is similar to the CyROS Multilink capability described in section 4.
68 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 Configuration of Multilink PPP (with an extension to Multichassis Multilink PPP) includes the following steps: STEP ONE The first four parameters in the PPP Menu must be defined.
69 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 Channel ISDN Menu CONFIG=>INTERF ACE=>T1/E1(ISDN-PRI)=> <CHANNEL> =>ISDN or Channel Signaling Menu CONFIG=>INTERF ACE=>T1/E1(CAS)=> <CHANNEL> =>SIGNALING Parameter Des cription Conn e cti on T yp e Ap pli es on l y fo r ISDN .
70 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 Authentication Menu CONFIG =>INTERF ACE =>T1/E1=> <CHANNEL> =>AUTHENTICA TION Parameter Des cription Aut hen tica tion Ty pe Local uses the list of users de fined in CONFIG=> SECUR ITY=>USERS=>ADD.
71 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 T1/E1 <Channel> TS Profile RAS Profile LAN-to-LAN Profile Copy From Channel Username Phone # Digital Modem Profile ID Remo.
72 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 Wizards Menu CONFIG =>INTERF ACE =>T1/E1 => <CHANNEL> =>WIZARDS Menu Items Description TS Profile Used to c reate a local host Termin al Server. For CCS, the onl y parameter is the Us ern ame .
73 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 The parameters automatically configured by the RAS wizard are shown in Figure 8.
74 Chapter 8 - The E1 and T1 Interfaces, With Signaling Cyclades-PR4000 The parameters automatically set by the Lan-to-Lan wizard are shown in Figure 8.
Chapter 9 Network Protocols 75 Cyclades-PR4000 CHAPTER 9 NETWORK PROTOCOLS The second step in most interface configurations is to choose which network protocol to use and assign values to the relevant parameters. At least one of IP , T ransparent Bridge, or IPX (optional, and discussed in chapter 15) must be activated.
Cyclades-PR4000 Chapter 9 Network Protocols 76 The IP Protocol If the preset values provided by the operating system are accepted, the interface will work at a basic level.
Chapter 9 Network Protocols 77 Cyclades-PR4000 Network Protocol (IP) Menu (Continued) Param eter Description IP MTU Assigns the size of the Maximum Trans mission Unit for the inte rfac e. This determines whether or not a giv en IP datagram is fragmented.
Cyclades-PR4000 Chapter 9 Network Protocols 78 The T ransparent Bridge Protocol The T ransparent Bridge Protocol can be used in conjunction with either IP or IPX.
Chapter 10 - Data-Link Protocols (Encapsulation) Cyclades-PR4000 79 CHAPTER 10 DA T A-LINK PROTOCOLS (ENCAPSULA TION) Each encapsulation option is presented in a separate section in this chapter . Not all data-link protocols are available for all interfaces.
Chapter 10 - Data-Link Protocols (Encapsulation) Cyclades-PR4000 80 PPP Menu (Continued) Parameter Descri ption Disabl e LCP Echo Requests LCP (Link C ontrol Protocol ) messages are n ormally exchanged to monito r the status of the l ink.
Chapter 10 - Data-Link Protocols (Encapsulation) Cyclades-PR4000 81 CHAR The configuration of the CHAR data-link protocol is confined to one menu, CONFIG =>INTERF ACE =><LINK> =>ENCAPSULA TION =>CHAR. Informa tion about all the parameters appearing in this menu is provided in the table below .
Chapter 10 - Data-Link Protocols (Encapsulation) Cyclades-PR4000 82 PPPCHAR The configuration of the PPPCHAR protocol is contained in the menu CONFIG =>INTERF ACE =><LINK> =>ENCAPSULA TION =>PPPCHAR. The parameters for PPPCHAR are a combination of those for PPP and CHAR.
Chapter 10 - Data-Link Protocols (Encapsulation) Cyclades-PR4000 83 STEP ONE The first step is to set the general Frame Relay parameters, those applying to all DLCs. This is done in the Frame Relay Menu. The parameters are shown in the table below . Most of these depend on the standards used by the Frame Relay Network Provider .
Chapter 10 - Data-Link Protocols (Encapsulation) Cyclades-PR4000 84 STEP TWO After configuring the general parameters, each DLC must be defined. An example will be used to demonstrate the procedure. A public Frame Relay network connecting offices in São Paulo, Rio de Janeiro, Salvador , and Recife is shown in Figure 1 1.
Chapter 10 - Data-Link Protocols (Encapsulation) Cyclades-PR4000 85 Rio de Janeiro Network: 192.168.201.0 Recife Network: 192.168.202.0 São Paulo Network: 192.168.200.0 Salvador Network: 192.168.203.0 Router Router Router Router 200.1.1.1 200.1.1.4 200.
Chapter 10 - Data-Link Protocols (Encapsulation) Cyclades-PR4000 86 Add DLCI Menu CONFIG=>INTERF ACE =><LINK> =>ENCAPS =>FRAME RELA Y => <ESC> =>ADD DLCI Parameter Descri ption DLCI N umber Used to i dentify t he DLC. This number is su pplied by the Public Fra me Relay network provider.
Chapter 10 - Data-Link Protocols (Encapsulation) Cyclades-PR4000 87 T o edit the DLCI table, use the list command (CONFIG=>INTERF ACE=><LINK>=>ENCAPSULA TION =>FRAME RELA Y=>L) to discover the number CyROS has assigned to each table entry .
Chapter 10 - Data-Link Protocols (Encapsulation) Cyclades-PR4000 88 STEP ONE First, the general X.25 protocol parameters are set in the X.25 Menu. A detailed description of the X.25 parameters and their values for the example is provided in the table below .
Chapter 10 - Data-Link Protocols (Encapsulation) Cyclades-PR4000 89 X.25 Menu (Continued) Parameter Descri ption Layer 3 W indow Size The layer 3 (packet) level wi ndow repres ents the number of sequentiall y numbered pack ets that can be sent b efore an ackno wledgement must be recei ved.
Chapter 10 - Data-Link Protocols (Encapsulation) Cyclades-PR4000 90 STEP TWO The next step is to create a static routing table associating each remote X.121 address with an IP address or a TCP Socket location. This is done in the Add DTE menu, which appears at the end of the X.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 91 CHAPTER 1 1 ROUTING PROTOCOLS Routing Strategies Routing can be done either statically or dynamically . Static Routing Static routing is recommended when the network contains a small number of routers and other equipment.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 92 Static Routes Routers used in very small or simple networks may use static routes as the primary routing method. When RIP or OSPF are used, some static routes may still be needed. Configuration of static routes will be explained using two examples.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 93 Unnumbered Interfaces Point-to-Point Connection Slot 1 ETH0 ETH0 Slot 3 Router 1 10.0.0.3 192.168.100.1 Router 2 A B E F Network 3 Network 1 FIGURE 12.2 ST A TIC ROUTING EXAMPLE 2 Figure 12.2 shows another static routing example to explain the Gateway or Interface parameter .
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 94 Add Static Route Menu CONFIG =>ST A TIC ROUTES =>IP =>ADD ROUTE Parameter Des cription Destinat ion IP Address Add ress that r oute will lead to. To configure a default route, type "default" for this parameter, oth erwise enter 0.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 95 RIP Configuration CyROS supports three basic types of RIP: 1 RIP1 [RFC 1058] 2 RIP2 with broadcast (compatible with RIP1) [RFC 1723] 3 RIP2 with multicast [RFC 1723] The primary difference between RIP1 and RIP2 is that only RIP2 advertises subnet masks and next hops.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 96 OSPF The OSPF (Open Shortest Path First) routing protocol is significantly more complicated than RIP . The determination of which protocol is better suited to a given network is beyond the scope of this manual.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 97 First, some definitions: • An Autonomous System (AS) is a portion of the network that will use a single routing strategy . It is made up of a backbone area and optionally of non-backbone areas. • OSPF Areas are sub-systems that have identical routing databases.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 98 OSPF Menu (continued) Ex terna l Me tri c Def ines th e metr ic th at wil l be adver tise d by OSPF.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 99 OSPF Global Configurations STEP THREE After completing the OSPF interface configuration for all interfaces (even those that will not use OSPF), navigate to the OSPF Menu, CONFIG=>IP=>OSPF . Enter into the OSPF Global Commands menu and set the parameters as indicated in the table below .
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 100 OSPF Global Commands (Continued) Parameter Des cription RIP External Metric - Ty pe Applie s when Advertise RIP routes is set to Yes .
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 101 Area Menu (continued) Area Range N Sta tus An Area Border Router (ABR) advertises link states f or all networks within the are a. The number of such advertisements can p otentia ll y be reduced by condensing different IP networks in t o a single range.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 102 STEP SIX It is not always possible to connect all areas directly to the backbone. When an area is connected to the backbone only through another area, two virtual links must be created. One from the backbone to the unattached area and one from the unattached area to the backbone.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 103 BGP-4 Configuration The BGP-4 routing protocol is used for routing on the Internet, performed between Autonomous Systems (ASs). An autonomous system is defined as: · A set of routers and networks under the same administration.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 104 The last option is to aggregate the addresses contained in the local autonomous system in order to present an aggregated route to the outside world. This is done in the last step. 8. Aggregate the addresses contained in the AS.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 105 CONFIG=>IP=>BGP4=>GLOBAL Parameter Descri ption BGP4 Protocol Activates the protocol. Local AS Numb er This number is ass igned by the se rvice provider .
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 106 STEP TWO The neighbor menu identifies the routers inside and outside the AS that will communicate with the router via BGP- 4.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 107 CONFIG=>IP=>BGP4=>NEIGHBOR=>ADD (continued) Keepalive In terval between keepalive mess ages sent to this neighbor. Connecti on Retry Time When a c onnection with this neighbor is br oken, the router try t o reconnect with frequency 1 divided by the Connection Retry Time.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 108 1 2 3 4 5 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PR3000 100.10.0.0/16 U n d e s i r e d R o u t e B a c k u p R o u t e P r t e e f e r r e d R o u FIGURE 12.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 109 STEP FOUR An access list needs at least one rule. The example in Figure 12.6 shows three access lists, each one with several rules. Each neighbor can be assigned up to 6 access lists, as seen in step 2.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 110 CONFIG=>IP=>BGP4=>ACCESS LIST=>CONFIGURE RULES=><ACCESS LIST NAME> =>ADD Parameter Descri ption Rule Status Enable s the rule. Scope See explanation of thi s parameter i n step 3.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 111 STEP SIX A route map can either apply to all routes not discarded by the access lists, as shown in Figure 12.6, or to routes filtered by a particular access list, as shown in Figure 12.7. Route Map Discarded Routes Discarded Routes Seq.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 112 CONFIG=>IP=>BGP4=>ROUTE MAP=>ADD Parameter Descri ption Route Map Number Id entifi es the route map Sequence Nu mber Identifies the seq uence within the route map . The numbers need not be consecuti ve.
Cyclades-PR4000 Chapter 1 1 - Routing Protocols 113 CONFIG=>IP=>BGP4=>AGGREGA TE ADDRESSES=>ADD Parameter Descri ption Number An ID for r eference. Address The aggre gated address. In the examp le, 200.50.50.0. Mask (bit len) The mask for the aggregated addr ess.
Cyclades-PR4000 Chapter 12 - CyROS, the Operating System 114 CHAPTER 12 CYROS, THE OPERA TING SYSTEM This chapter explains various operating system features that are not covered in other chapters: •.
Cyclades-PR4000 Chapter 12 - CyROS, the Operating System 115 Other users can be created and the user “usr” can be assigned a password. The password of the super user should be changed as soon as possible. The menu CONFIG=>SECURITY=>USERS allows addition, deletion, and modification of the list of users.
Cyclades-PR4000 Chapter 12 - CyROS, the Operating System 116 The super user has access to all menus. The usr user is shown a menu, upon sucessful login, with the items chosen in the user ’s profile. The pppauto user is connected directly to the user via PPP .
117 Cyclades-PR4000 Chapter 13 - NA T CHAPTER 13 NA T (NETWORK ADDRESS TRANSLA TION) NA T exists to convert local IP addresses into Internet “global” IP addresses. Internet IP addresses are assigned by Internet providers. Due to the explosion of the internet, these numbers are scarce.
118 Cyclades-PR4000 Chapter 13 - NA T There are two types of NA T available in CyROS -- Normal NA T and Expanded NA T . This chapter describes Expanded NA T .
119 Cyclades-PR4000 Chapter 13 - NA T NAT Sta tic Transla tion Tabl e # Gl oba l address / port local address / Port Protoco l 1 20 0.2 40.230.225 / 20 192.168.0.30 / 20 TPC 2 20 0.2 40.230.225 / 21 192.168.0.30 / 21 TPC 3 20 0.2 40.230.225 / 80 192.168.
120 Cyclades-PR4000 Chapter 13 - NA T An overview of the NA T menu is shown in the table below . NA T Menu CONFIG =>SECURITY =>NA T Menu Option Descript ion General Parameters for e nabling NAT and choosing the NAT Mode. Also includes port translation option.
121 Cyclades-PR4000 Chapter 13 - NA T STEP TWO The parameters in the T imeout Menu are explained in more detail below. The preset values should be appropriate for most applications.
122 Cyclades-PR4000 Chapter 13 - NA T STEP FOUR If static translations are to be performed, as described in the example, the parameters in the Static T ranslation Menu must be set.
123 Cyclades-PR4000 Chapter 14 - Filters and Rules CHAPTER 14 RULES AND FIL TERS There are four basic types of rules: 1 IP filter rules, 2 Radius rules (actually a combination of previously defined IP.
124 Chapter 14 - Filters and Rules Cyclades-PR4000 Config IP Rule List Name Rule Status Rule List T ype Default Scope Incoming Rule List Name Outgoing Rule List Name Linked Rule List Name N Add Rule L.
125 Cyclades-PR4000 Chapter 14 - Filters and Rules Exterior Router Interior Router Router Extension to Network Bastion Host ETH0 ETH0 192.168.0.2 192.168.0.3 10.0.0.0 172.16.0.0 192.168.0.1 Perimeter Network 192.168.0.0 Slot 1 Slot 1 FIGURE 12.2 FIREWALL EXAMPLE Figure 12.
126 Chapter 14 - Filters and Rules Cyclades-PR4000 Exterior Router The exterior router is the network’s first defense against attacks. For this reason, it is reasonable to prohibit all packets except for those explicitly allowed. This is done by choosing the Default Scope to be Deny .
127 Cyclades-PR4000 Chapter 14 - Filters and Rules Steps necessary to activate filtering on the exterior router in the example: 1 There are two interfaces with two directions each. Filtering on link 1 requires the creation of two rule lists, called exterior_in and exterior_out .
128 Chapter 14 - Filters and Rules Cyclades-PR4000 The configuration for “Let e-mail in” is shown in the following figure (obtained by selecting CONFIG =>RULES LIST =>IP =>L in the menus).
129 Cyclades-PR4000 Chapter 14 - Filters and Rules Filter_ list Name exte rio r_out Rule 0 Status En abled Scope Pe rmit Protoco l TCP Source IP Operat or Equal Source IP start 192.
130 Chapter 14 - Filters and Rules Cyclades-PR4000 Stop Forged Packets W o r l d o f P o s si b l e P a c k e t s Don’t Allow Access to News PERMIT PERMIT PERMIT Stop T elnets From the Outside (Except Bastion Host) FIGURE 12.
131 Cyclades-PR4000 Chapter 14 - Filters and Rules Rules L ists Rule Li st Name Rule Default List Link ed Status Scope Ty pe Rule List slot1_i n Enabled Pe rmit Filt er Filter_ list Name slot1_ in Rule 0 Status En abled Scope De ny Protoco l 0 Source IP Op erator Equal Source IP st art 10.
132 Chapter 14 - Filters and Rules Cyclades-PR4000 T raffic Rule Lists There are three kinds of traffic rules that can be configured in CyROS. The first two determine a division of bandwidth for traff.
133 Cyclades-PR4000 Chapter 14 - Filters and Rules The third determines which services have priority flowing through the router: 3 Service Prioritization. An Internet provider has three clients connected to the same router . Client A is larger and without traffic control would overwhelm the router to the exclusion of Clients B and C.
134 Chapter 14 - Filters and Rules Cyclades-PR4000 Rules L ists Rule Li st Name Rule Default List Link ed Status Sc ope Type Ru le List traffic _1 Enabled Traffic Filter_ list Name traffi c_1 Rule 0 Status En abled Flow pr iority 0 Rule ba ndwidth 50% Bandwid th priority 1 Protoco l 0 Source IP Op erator Equal Source IP st art 11.
135 Cyclades-PR4000 Chapter 14 - Filters and Rules Rule 1 Status En abled Flow Pr iority 0 Rule ba ndwidth 25% Bandwid th priority 2 Protoco l 0 Source IP Op erator Equa l Source IP st art 22.
136 Chapter 14 - Filters and Rules Cyclades-PR4000 prioritize the access to his web server . He also wants to prioritize e-mail sent by his SMTP server , but the priority should be lower . All other traffic should have the lowest priority . For web server access, the important flow direction is not the user requests, but rather the data requested.
137 Cyclades-PR4000 Chapter 14 - Filters and Rules The configured rules will appear as shown in the following listing. Note that for this type of traffic control, of the traf fic-specific parameters only Flow Priority is used. The Reserved Bandwidth and Bandwidth Priority parameters are not important.
Cyclades-PR4000 Chapter 15 - IPX 138 CHAPTER 15 IPX (INTERNETWORK PACKET EXCHANGE) IPX is an alternative to IP , proprietary to Novell. When IPX is activated, many new menus appear to allow configuration of this type of network.
Cyclades-PR4000 Chapter 15 - IPX 139 Enabling IPX The first step is to activate the IPX feature in the router . This is accomplished using the menu option ADMIN =>ENABLE FEA TURES => IPX. The IPX protocol must also be activated in the menu CONFIG =>IPX => GENERAL.
Cyclades-PR4000 Chapter 15 - IPX 140 The parameter Send SAP Update can be set to Demand, Periodic, or None. This parameter affects both SAP and RIP . Periodic causes the router to send these messages every minute, while choosing Demand will cause the router to send messages only when a message request is received.
Cyclades-PR4000 Chapter 15 - IPX 141 The routing table is displayed by the menu option INFO => SHOW ROUTING T ABLE => IPX. For the example, and using only the static route created above, the routing table appears as in Figure 13.
Cyclades-PR4000 Chapter 16 - Virtual Private Network Configuration 142 CHAPTER 16 VIRTUAL PRIV A TE NETWORK CONFIGURA TION The Virtual Private Network utility can be used on any link using IP routing. It is used to provide greater security between two or more networks connected through a public communications network.
Cyclades-PR4000 Chapter 16 - Virtual Private Network Configuration 143 An example showing a local security network and two remote security networks is shown in Figure 14.
Cyclades-PR4000 Chapter 16 - Virtual Private Network Configuration 144 ETH0 PR3000 Router RSG3 - Remote Security Gateway Router IP Address: 190.190.190.1 Link 2 IP: 190.190.190.1 Link 1 0.70.70.1 IP: 7 .16.0.0 IP:172 0.0.0.0 IP: 1 Link 1 IP: 50.50.50.
Cyclades-PR4000 Chapter 16 - Virtual Private Network Configuration 145 STEP THREE Use the menu item INFO =>SHOW ROUTING T ABLE to confirm that the other Remote Security Gateways (RSGs), and all the networks included in the Remote Security Networks, are reachable.
Cyclades-PR4000 Chapter 16 - Virtual Private Network Configuration 146 STEP SIX Now , the Remote Security Networks must be defined. This is done in the CONFIG =>SECURITY =>VPN =>REMOTE IP NETWORKS =>ADD NETWORK menu.
Cyclades-PR4000 Appendix A - T roubleshooting 147 APPENDIX A TROUBLESHOOTING What to Do if the Login Screen Does Not Appear When Using a Console. 1 Check the configuration of the terminal. The correct values are given in chapter 2. 2 Check to see if the router booted correctly .
Cyclades-PR4000 Appendix A - T roubleshooting 148 What to Do if the Router Does Not Work or Stops W orking. 1 Check that the cables are connected correctly and firmly . 2 Confirm that the Link LED is lit for the (Fast) Ethernet Port being used, indicating proper Ethernet cable termination.
Cyclades-PR4000 Appendix A - T roubleshooting 149 4 Make sure any external modem, DSU/CSU, or interface equipment is properly connected and that the interface configuration is correct. Many cables have the same connector , but are not interchangeable.
Cyclades-PR4000 Appendix A - T roubleshooting 150 Pinging the router from a host on the network should give similar results. If the test fails, confirm that the link LED on the front panel is lit and that the IP Address and Subnet Mask parameters in the Network Protocol menu are correct for the network to which the router is attached.
Cyclades-PR4000 Appendix A - T roubleshooting 151 Use of a Cross Cable for T esting T1/E1 Ports and Modems T wo tests can be performed with the cross cable: one tests the two T1/E1 ports while the other tests the 2 ports and the modems. The pin diagram of the cross cable is shown in Appendix B.
Cyclades-PR4000 Appendix A - T roubleshooting 152 Let the test run for at least 1 minute. If both slots show no errors, the test was sucessful. How to T est the Modems 1. In the CyROS main menu, choose the following menu options: DEBUG=> HARDW ARE TEST=>DSP TEST .
Cyclades-PR4000 Appendix A - T roubleshooting 153 * * * DPS T EST RES ULTS * * * Errored Seconds: first l ine->0; second li ne->0 link Slot Ou t In Tx Tx Time RXErr TX NOK Conn DSP DSP PCKts By .
Cyclades-PR4000 Appendix A - T roubleshooting 154 Let the test run for a while. After typing <ESC> to end the tests, CyROS will compile a summary of the data similar to the following: * * * * * F I N A L S T A T I S T I C S * * * * * DSP Bo ard number 1 : DSP N .
Cyclades-PR4000 Appendix B - Hardware Specifications 155 APPENDIX B. HARDW ARE SPECIFICA TIONS General Specifications The Cyclades-PR4000 power requirements, environmental conditions and physical specifications are listed in the table below . Powe r R equ irements In put vol tag e ra nge 1 15 t o 230 VAC.
Cyclades-PR4000 Appendix B - Hardware Specifications 156 External Interfaces Console Port An RS-232 DTE port is provided for communication with a configuration terminal. A maximum speed of 1 15.2kbps is supported on this port. Use a straight-through cable to connect to DCE devices (modems, for example).
Cyclades-PR4000 Appendix B - Hardware Specifications 157 Ethernet Port The PR3000 Ethernet port meets IEEE I802.3 physical specifications. It provides a single Ethernet interface and supports 10Base-T (Unshielded T wisted Pair) on a standard RJ-45 female connector .
Cyclades-PR4000 Appendix B - Hardware Specifications 158 T1 and E1 Both the T1 and E1 interfaces use an 8-pin RJ-48C female connector . T1/E1 Int erface Pin Signal 1R X T I P 2R X R I N G 3N . C . 4T X T I P 5T X R I N G 6N . C . 7N . C . 8N . C . FIGURE B.
Cyclades-PR4000 Appendix B - Hardware Specifications 159 Cables Please refer to chapter 2, What is in the Box , to see which cables are provided with the PR4000 and which cables are optional.
Cyclades-PR4000 Appendix B - Hardware Specifications 160 Cross Cable DB-25 Male DB-25 Male Pin Pin Signal Signal 1 2 12 20 25 23 21 13 1 3 PGnd RxD 14 TxD V .35 - (A) RxClk RxD V .35 - (A) 20 DTR DTR 25 13 18 6 DSR DSR 6 3 14 2 TxD RxD PGnd TxD 12 TxD V .
Cyclades-PR4000 Appendix B - Hardware Specifications 161 Router-MD / V .35 Cable 1 4 5 6 7 8 11 12 13 14 16 18 19 21 23 25 1 5 7 9 13 10 15 2 17 4 16 3 24 11 6 19 -A -C -D -E -B -F -S -P -T -R -A A -Y -W -U -V -X PGnd RTS CTS DSR Gnd DCD TxD/V .35 (B) TxD/V .
Cyclades-PR4000 Appendix B - Hardware Specifications 162 DB-25 to M.34 Adapter DB-25 Female Signal PGnd RTS CTS DSR Gnd DCD TxD/V .35 (B) TxD/V .35 (A) RxD/V .35 (B) RxD/V .35 (A) TxClk_DTE/V .35 (B) TxClk_DTE/V .35 (A) TxClk_DCE/V .35 (B) DTR TxClk_DCE/V .
Cyclades-PR4000 Appendix B - Hardware Specifications 163 Cross Cable for T esting the T1/E1 Ports Please see appendix A for a description of the use of this cable. 4 TxT ip 5 TxRing 1 RxT ip 2 RxRing RxT ip 1 RxRing 2 TxT ip 4 TxRing 5 RJ-48C RJ-48C Loopback Cable FIGURE B.
Cyclades-PR4000 Appendix B - Hardware Specifications 164 ISO 21 10 Standard Cable 1 4 5 6 7 8 11 12 13 14 16 18 19 21 23 25 1 4 5 6 7 8 14 2 16 3 12 15 11 24 17 9 -A -C -D -E -B -F -S -P -T -R -A A -Y -W -U -V -X PGnd RTS CTS DSR Gnd DCD TxD/V .35 (B) TxD/V .
Cyclades-PR4000 Appendix B - Hardware Specifications 165 E1 / DB-15 Cable E1/DB15 RJ-45 M Pin 1 2 4 5 ale DB-15 Male Pin 3 11 1 9 E1/DB15 B. 10 PINOUT OF THE E1 / DB-15 CABLE - RJ-45 MALE TO DB-15 MAL.
Appendix C - Configuration Without a Console Cyclades-PR4000 166 APPENDIX C CONFIGURA TION WITHOUT A CONSOLE When a terminal or PC is not available for use as a console, the router has a special feature that allows configuration of the Ethernet interface from any PC on the LAN.
167 Appendix D - Installation of Additional Digital Modems Cyclades-PR4000 APPENDIX D INST ALLA TION OF ADDITIONAL DIGIT AL MODEMS The purpose of this appendix is to describe the correct procedure for the installation of the digital modem board in the PR4000.
Cyclades-PR4000 168 Appendix D - Installation of Additional Digital Modems Step Four: Attach the wrist-strap to your wrist. . Step Five: Remove the PR4000’s cover . Be careful to not touch any components inside the PR4000’ s case, as they also can be damaged by static electricity .
169 Appendix D - Installation of Additional Digital Modems Cyclades-PR4000 Step Six: Open the clamps on the slot where the board will be installed, as shown in the figure.
Cyclades-PR4000 170 Appendix D - Installation of Additional Digital Modems Step Eight: Insert the board carefully into the slot, aligning the indentations in the board with the guides of the slot. Forcing the board or pushing it in at an angle can damage the board and the slot.
171 Appendix D - Installation of Additional Digital Modems Cyclades-PR4000 Step T en: Replace the PR4000’s cover and replace the screws. Now you can remove the wrist-strap. Step Eleven: Reconnect the PR4000’s cables, including the console cable. Start up the terminal program used to access the PR4000.
Cyclades-PR4000 172 Index Index B Bandwidth Reservation 132 C Cables console 13 SW AN 14 CAS Signaling Mode 62 CCS Signaling Mode 59 Connection to an Internet Access Provider 37 Cyclades ftp site 1 1 telephones 1 1 CyROS menus 18 what is.
173 Index Cyclades-PR4000 R Radius Server 34 Reserved IP Addresses 1 17 RIP interface configuration 95 Routing Protocol RIP , see RIP Rules Lists 123 Run Configuration 20 S Saving Changes to flash 20 .
Cyclades Corporation 41829 Albrae Street Fremont, CA 94538 - USA Phone: (510) 770-9727 Fax: (510) 770-0355 www .cyclades.com Cyclades South America Phone: 55-1 1-5033-3333 Fax: 55-1 1-5033-3388 www .cyclades.com.br Cyclades Germany Phone: +49 (0)81 22 90 99-90 Fax: +49 (0)81 22 90 999-33 www .
An important point after buying a device Cyclades Cyclades-PR4000 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Cyclades Cyclades-PR4000 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Cyclades Cyclades-PR4000 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Cyclades Cyclades-PR4000 you will learn all the available features of the product, as well as information on its operation. The information that you get Cyclades Cyclades-PR4000 will certainly help you make a decision on the purchase.
If you already are a holder of Cyclades Cyclades-PR4000, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Cyclades Cyclades-PR4000.
However, one of the most important roles played by the user manual is to help in solving problems with Cyclades Cyclades-PR4000. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Cyclades Cyclades-PR4000 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center