Bridge / Router USER AND SYSTEM ADMINISTRATION · PDF fileBasic Frame Relay Configuration 46 Auto Learning the Frame Relay Configuration 47 Basic Leased Line Configuration 50 Bridge

Perle P840Bridge / Router

USER AND SYSTEMADMINISTRATION GUIDE

Part number 5500083-15

© Copyright 2003 Perle Systems Ltd.

Federal Communications Commission (FCC)Note: This equipment has been tested and found to comply with the limitsfor a Class A digital device, pursuant to Part 15 of the FCC Rules. Theselimits are designed to provide reasonable protection against harmfulinterference when the equipment is operated in a commercial environment.This equipment generates, uses, and can radiate radio frequency energyand, if not installed and used in accordance with the instruction manual,may cause harmful interference to radio communications. Operation ofthis equipment in a residential area is likely to cause harmful interference inwhich case the user will be required to correct the interference at his ownexpense.

Warning: The user is cautioned that modifications to this equipment canvoid the authority granted by the FCC to operate the equipment.

1.This equipment complies with Part 68 of the FCC rules. On the bottomof this equipment is a label that contains, among other information, theFCC registration number and ringer eqivalence number (REN) for thisequipment. If requested, this information must be provided to thetelephone company.

2. Applicable USOC jack required: RJ49C

3. If the terminal equipment P840 causes harm to the telephone network,the telephone company will notify you in advance that temporarydiscontinuance of service may be required. But if advance notice is notpractical, the telephone company will notify the customer as soon aspossible. Also, you will be advised of your right to file a complaint withthe FCC if you believe it to be necessary.

4. The telephone company may make changes to its facilities, equipment,pertains or procedures that could affect the operation of the equipment.If this happens, the telephone company will provide advance notice inorder for you to make the necessary modifications in order to maintainuninterrupted service.

5. The following repairs may be made by the customer: none.

Canadian Emissions Standard ICES-003This digital apparatus does not exceed the Class A limits for radio noise emissionsfrom digital apparatus as set out in the interference-causing equipment standardentitled “Digital Apparatus”, ICES-003 of the Department of Communications.

Cet appareil numérique respecte les limites de bruits radioélectriques applicablesaux appareils numériques de Classe A prescrites dans la norme sur le matérielbrouilleur: “Appareils Numériques”, NMB-003 édictée par le ministre desCommunications.

Canadian ISDN ApprovalThe ISDN-S/T interface of this device is intended for direct connection to theS/T jack of an NT-1 unit and therefore does not require CommunicationsCanada certification. The P840 should only be connected to CommunicationsCanada approved NT-1 units.

Statements for ISDN U ModuleNOTICE: The Canadian Department of Communications label identifies

certified equipment. This certification means that the equipment meetscertain telecommunications network protective, operational and safetyrequirements. The Department does not guarantee the equipment willoperate to the user’s satisfaction.

Before installing this equipment, users should ensure that it ispermissible to be connected to the facilities of the localtelecommunication company. The equipment must also be installedusing an acceptable method of connection. The customer should beaware that compliance with the above conditions may not preventdegradation of service in some situations.

Repairs to certified equipment should be made by an authorizedCanadian maintenance facility designated by the supplier. Any repairs oralteration made by the user to this equipment, or equipmentmalfunctions, may give the telecommunications company cause torequest the user to disconnect the equipment.

Users should ensure for their own protection that the electrical groundconnections of the power utility, telephone lines and internal metallicwater pipe system, if present, are connected together. This precautionmay be particularly important in rural areas.

CAUTION: Users should not attempt to make such connections themselves, but shouldcontact the appropriate electric inspection authority, or electrician, asappropriate.

Using This Manual

This Installation and Applications Guide provides the basic informationrequired to initially set up and configure the P840 router. This guide isorganized into the following sections:

“Installation” provides instructions for installing the P840.

“Typical Applications & How to Configure Them” providessimple configuration examples for typical applications in which the P840might be used. The applications described in this document are forexample only and provide a method of quick configuration of the P840.For more complete information on all of the configuration parametersavailable, please refer to the P840 PPP Menu Reference Manual on theaccompanying CD-ROM.

“Introduction to Filtering” provides an introduction to the patternfiltering options of the P840. Several examples of typical pattern filtersare also provided.

”Menu Trees” provides a graphical tree type overview of the structureof the built-in menu system of the P840. All of the configuration isperformed using the options provided in the menu system. The MenuTree is like an index to the menu options.

“Configuration Pages” provides a place to note the currentconfiguration of the P840 for future reference. If a replacement unit isrequired, the configuration may be quickly modified to be the same as theexisting unit.

“Octet Locations on Ethernet Frames” provides a graphicalrepresentation of the various common Ethernet frames that the P840 willbridge or route. When defining a pattern filter, these frame displaysindicate the offset values to use in order to define the pattern filtercorrectly.

“Servicing Information” provides information on opening the caseand changing the straps.

Using the Electronic Reference Manual

The P840 Reference Manuals are provided as Adobe Acrobat PDF fileson the accompanying CD-ROM. The Menu Reference File is providedindividually for ease of configuration reference. The Adobe AcrobatReader is included on the CD-ROM.

The Adobe Acrobat Reader program is also available for most computeroperating platforms from Adobe on the Internet at: www.adobe.com.

The Reference Manual provides the following information:

Introduction to bridging, routing, and P840 features

Pin out references for the link modules

Pin out references for the link modules

List of event and alarm logs

Expanded description of programmable filtering

The P840 PPP Menu Reference Manual provides the followinginformation:

Complete description of the options for the built-in menu system.

Contents

SECTION 1 INSTALLATION 4Unpack the P840 Router 4Select a Site 4Identify the Connectors 5Configuring the Router 5Connect to the Console 5Make the LAN Connections 6Make the ISDN Link Connection 6Power Up the Router 7Login and Enter the Required Configuration 7Mandatory Configuration 8Identify the Status LEDs 9The NetWizard Graphical User Interface 10

SECTION 2 TYPICAL APPLICATIONS & HOW TOCONFIGURE THEM 12

Managing the P840 Using the Menus 13Conventions 14Bridging and Routing 15

Should You Bridge or Route? 15Bridging 16IP Routing 18

IP Addressing 19Masks 20IP Subnets 21IP Default Gateway 23IP Static Route 23

IPX Routing 25Novell Servers in Both Locations 25Novell Servers in One Location Only 26

PPP Overview 30PPP Link Configuration 30Numbered Links 30Unnumbered Links 31Multilink Operation 32

Configure Remote Site Profiles 33ISDN Connection Remote Site Profiles 34Frame Relay Remote Site Profiles 35Digital Leased Remote Site Profiles 35Configure Remote Site Profiles for PPPoE 36

Basic Configurations 40

Contents

Connection 40Basic ISDN Connections 42

“Quick Start” PPP ISDN Connections 44IPX Router Connection 45IP Router Connection 45

Basic Frame Relay Configuration 46Auto Learning the Frame Relay Configuration 47

Basic Leased Line Configuration 50Bridge Connection. 51IP Router Connection. 51IPX Router Connection 51

ADVANCED FEATURES 52Dynamic Host Configuration Protocol 52Network Address Translation and Port Translation 55Security 57

Configure PPP Security 57Configure Firewall 60Network Address Translation 64Filters 64

Compression 65Bandwidth On Demand 66QOS - Priority Queuing 68Simple Network Time Protocol (SNTP 70

SECTION 3 INTRODUCTION TO FILTERING 73MAC Address Filtering 73Pattern Filtering 74Popular Filters 77

Bridge 77IP & Related Traffic 77Novell IPX Frames 77NetBIOS &NetBEUI (Microsoft Windows) 77Banyan 77

IP Router 78NetBIOS over TCP 78Other interesting TCP Ports 78

APPENDIX A MENU TREES 79

Contents

APPENDIX B OCTET LOCATIONS ON ETHERNETFRAMES 82

Octet Locations on a Bridged TCP/IP Frame 83Octet Locations on a Bridged Novell Netware Frame 83ETHERNET Type Codes 84Octet Locations on an IP Routed TCP/IP Frame 85Octet Locations on an IPX Routed Novell Netware Frame 85Octet Locations on a Bridged XNS Frame 86

APPENDIX C SERVICING INFORMATION 87Opening the case 87Identifying the Internal Components 88Connecting to the ISDN-U Link Module 88To Clear a “Lost” Password 89Changing the Termination Straps on the ISDN Interface 89Connecting to the Console Connector 90

APPENDIX D SOFTWARE UPGRADES 91

4

SECTION 1INSTALLATION

The P840 is an ISDN Ethernet Bridge/Router that provides bridging,IP/IPX routing, and compression over a PPP ISDN connection andsupport an ISDN BRI interface via an integral ISDN-ST or ISDN-U linkmodule. The ISDN BRI interface supports two 64 Kbps B-channels.Two analog telephone connections are also available when the voice portmodule is included on a unit with voice support.

The following instructions provide a quick set-up guide for installation ofthe P840 Router:

Unpack the P840 RouterRough handling during shipment can damage electronic equipment. Asyou unpack the bridge/router, carefully check for signs of damage. Ifdamage is suspected, contact the shipper. Save the box and all packingmaterial to protect the bridge/router should it ever need to be moved orreturned for service.

Check the packing slip that identifies the components and the LANconnector. The connectors on the rear of the bridge/router provide allexternal connections to the P840 Router.

Select a SitePlace the bridge/router in a well-ventilated area. The site shouldmaintain normal office temperature and humidity levels. Air ventslocated on the rear of the bridge/router must have an inch or so ofclearance from any object.

Installation

5

Identify the ConnectorsEach unit is configured with both straight (MDI) and crossed over (MDI-X) 10BaseT LAN connectors; the P840 will auto-sense between the two.Only one connector may be used at a time.

The RJ-45 ISDN connector has its ISDN interface module factoryconfigured to either ISDN-U or ISDN-ST.

The PHONE connectors are used to connect to regular analog phonedevices (phones, fax machines, modems, etc.). The PHONE connectorsrequire the presence of the optional internal voice module.

Figure 1-1 Rear View of the P840 Router

Configuring the RouterThe P840 configuration may be set up either through the NetWizardGraphical User Interface or through the built in Menus system.

The NetWizard runs on one of the LAN computers. It is designed to leadthe user through the basic configurations required to get the Routerrunning.

The menu system operates through a console connection and allowsaccess to all configuration settings available on the Router.

Connect to the ConsoleConnection to the bridge/router operator’s console is made through theRJ-45 connector labeled CONSOLE on the back of the bridge/router. ARJ-45 cable and RJ-45 to DB9 (female) converter are provided forconnection to a DB9 (male) connector.

Connect the console port of the P840 Router to a computer running anasynchronous communication package or a standard asynchronousterminal. The bridge/router supports autobaud rates at 1200, 2400, 9600

Installation

6

or 19,200 bps. The bridge/router is managed through the use of “hotkey”Menus.

Appendix D provides the pinout information for the console connectorand the DB9 to RJ45 converter.

Make the LAN ConnectionsConnect the P840 Router to the LAN with the available LAN interfacecable.

The Router may be connected directly to a wiring hub or Ethernet switchby using the MDI LAN port and a standard 10BaseT cable.

The Router may be connected directly to a computer network card byusing the MDI-X LAN port and a standard 10BaseT cable.

Make the ISDN Link ConnectionThe ISDN-ST interface of the Router Bridge/Router provides a RJ-45connector to connect to the RJ-45 connector of the NT1 provided withyour ISDN service.

The ISDN-U interface of the Router Bridge/Router provides anintegrated NT1 with a RJ-45 connector to connect directly with yourISDN service.

Once the bridge/router has established communications with its partneracross the WAN, the “Link” LED(s) will turn green.

Note: Bridge/Router database changes and statistics viewing may be done remotelyby establishing Telnet connections to a partner bridge/router across theWAN. This is accomplished by selecting the “Connect” option. The“Connect” option is found under the Telnet Access Menu.

Installation

7

Power Up the RouterOnce the LAN and Link connections are made and the console isconnected to a terminal, you are ready to power-up the P840 Router.Connect the DC power cord from the supplied power supply to the backof the P840 Router and plug the power supply into the AC wall outlet.

Observe the LEDs as the bridge/router powers up. The LEDs will gothrough a flashing pattern as the power-up diagnostics are performed.After the power-up diagnostics are finished, the Power LED will go fromred to green.

Enter at least one <RETURN> (up to three if necessary) in order for therouter to determine the baud rate of the terminal used for the console(i.e., autobaud). The following information will now be seen on theconsole connected to the router :

Terminals supported:ansi, avt, ibm3101, qvt109, qvt102, qvt119, tvi925,tvi950, vt52, vt100, wyse-50, wyse-vp, teletype

Enter terminal type:

Select the terminal type being used if listed and enter its name (in lowercase) at the prompt, or choose the terminal type teletype if your terminalis not listed. This terminal type operates in scroll mode and may be usedsuccessfully until a custom terminal definition is created.

Login and Enter the RequiredConfiguration

At the login screen type a 1 and the default password to enter the menusystem of the P840 Router. The default password is “BRIDGE” (casesensitive) and should be changed if security is desired.

With the options of the built-in menu system, the Router may beconfigured to operate within your environment.

Refer to the P840 PPP Menu Reference Manual file for your operatingsoftware on the accompanying CD-ROM for a complete description ofall the Menu Options.

Installation

8

Mandatory ConfigurationThe P840 requires a minimum amount of mandatory configuration inorder to operate. The following table identifies the configurationparameters that must be defined for proper operation under theoperational states shown in the table.

Mandatory ConfigurationBridge IP Router IPX RouterNone IP Address none

IP RoutingIP Forwarding

PPP ISDN

ISDN Switch TypeDirectory NumbersRemote Site Profile

The configuration options required for proper initial operation aredescribed in Section 2: Typical Applications and How to ConfigureThem.

Refer to Section 2 for details on configuring the P840. Also refer to theP840 PPP Menu Reference Manual file on the accompanying CD-ROMfor a complete description of all the Menu Options.

Other options may be changed depending on specific installationconfigurations. Refer to the menu tree in Appendix A for a reference ofthe menu structure and options.

Installation

9

Identify the Status LEDs The meanings of the four 3-color Light Emitting Diodes (LEDs) on thefront of the Router are found in the following chart.

Figure 1-2 Front View of the P840 RouterGreen Bridge/Router is running and has passed power-up diagnostics

Green (flashing) Bridge/Router is in BOOT mode and is programming the flashRed Bridge/Router is powered up but has failed power-up diagnostics

Yellow Bridge/Router is decompressing the software into the RAMYellow (flashing) Bridge/Router is in BOOT mode

Power

Green LAN is connected and forwardingRed Bridge/Router is NOT connected to the LAN

Yellow LAN is connected and NOT forwarding: i.e. Listening, Learning, or Blocking

LAN

Off LINK is idleGreen LINK is up with a data connection

Green (flashing) Voice call is upYellow LINK is negotiating connection: line answered

Yellow (flashing) Voice call off hook with dial tone oron hook incoming call ringing

Red Software failureLINK 1

Off LINK is Disabled or ISDN call is downGreen LINK is up with a data connection

Green (flashing) Voice call is upYellow LINK is negotiating connection: line answered

Yellow (flashing) Voice call off hook with dial tone oron hook incoming call ringing

Red Software failureLINK 2

POWER LINK 1 LINK 2LAN

Installation

10

The NetWizard Graphical UserInterface

The NetWizard router setup assistant comes on the CD-ROM packagedwith this router.

The NetWizard is a standalone Java applet that communicates with theRouter through the LAN connection.

The NetWizard will run on computer operating systems with Javasupport. It has been tested on the following platforms: Windows 95, 98and NT, Mac OS 8, UNIX, and Linux. The minimum recommended PCsystem is a Pentium 100 MHz CPU, 32 MB of memory and a 256 colorVGA monitor; the minimum recommended Macintosh system is a G3.

The network connections and power cord should be properly attached tothe router and the router powered up.

Software Installation:Put the CD in the CD-ROM drive. For systems that support autoplay(Windows 95/98/NT) the CD Introduction page will automatically comeup on your browser. For all other systems, use the Internet browser ofyour choice to open the INDEX.HTM file in the root directory of theCD-ROM. Click on the NetWizard Installation icon to start theNetWizard installation. A page listing the installer operating platformsavailable will appear, Choose the installer for your operating system (the“Recommended installer” display bar will show which installation isrecommended for your system). Download the Installer to your machine.After the download is complete, go to the location where “install” wassaved and start the program (click on the “view instructions” link in thebrowser to get specific tips on steps required for your operating system).

The Install Anywhere setup window will appear; select the language youwish to use for the NetWizard, then click on OK and follow theinstallation steps.

When the NetWizard program is started, the first window that appears isthe Launchpad application. This is a small program that searches the localnetwork for any Routers and displays a listing of those found. Select the

Installation

11

one you wish to configure and proceed by clicking on the NetWizardbutton.

Follow the steps on the NetWizard through the configuration of therouter.

Configuration Note:If the NetWizard is to be installed on a WindowsNT system, the usermust log in as "Administrator".

If the NetWizard is to be installed on a Linux system, the user must log inas "root" or an account with superuser privileges.

Note:If you accidently set the Router to have an incorrect IP address, theNetWizard may not be able to find the Router again. If this occurs, youwill have to use the console menu system to reset the router. Please seepage 1.2 for how to connect the console and page 2.2 on using themenus.

After logging onto the console, select option 3 Diagnostics from theMain menu, then option 2 Full Reset to clear all settings on the router totheir default values.

You may then resume using the NetWizard to set up the router.

Applications

12

SECTION 2TYPICAL APPLICATIONS & HOW TO

CONFIGURE THEM

The P840 is a flexible Ethernet Bridge/Router that supports PPP ISDNcircuits. This section will describe how to set up the P840 networkingfunctions.

The P840 may be configured as a simple Ethernet bridge, an Ethernet IProuter, an Ethernet IPX router, or a combination of the three. Whenoperating the P840 as a combination bridge/router simply configure eachof the components separately.

Note: The configuration options described within this section are only for initial setup and configuration purposes. For more complete information on all of theconfiguration parameters available, please refer to the P840 PPP MenusReference Manual PDF file on the accompanying CD-ROM

Important: The P840 uses FLASH memory to store the configurationinformation. Configuration settings are stored to FLASH memoryafter there has been 30 seconds of idle time. Idle time is when thereis no selection or modification of the value in the built-in menusystem. If you wish to store a configuration immediately, enter “=”to jump to the main menu, then select option “6” to save theconfiguration.

Applications

13

Managing the P840 Using the Menus

This section describes the minimum configuration parameters requiredwhen setting up the P840. Each of the configuration scenarios requiressetting of operational parameters on the P840. The built-in menu systemof the P840 is used to configure the unit.

The Router menu system operates on a “hotkey” principle; navigatingaround the menu system is done by typing the number associated withthe desired option; the P840 acts on the choice immediately (no need tohit the “enter” key).

The menu system consists of different menu levels each containing newconfiguration options. Navigation back out of a nested menu is easilyaccomplished by pressing the “tab” key. The tab key takes you to theprevious menu level. If you wish to move from your current menulocation directly to the main menu simply press the equals “=” key.

When choosing menu options that will toggle between values, simplypressing the number associated with that option will cause the optionsvalue to change. Each successive selection of the option will cause theoption’s value to change again.

Some menu options require input from the operator. When selecting anoption that requires a value, the menu system will display the range ofvalues acceptable and a prompt symbol “>”. Enter the new value at theprompt symbol and press enter. Should you make an error in enteringthe new value, the <BACKSPACE> key (for most terminals) deletes themost recently entered characters.

Applications

14

ConventionsThroughout this section, P840 menu options are shown that are requiredfor the various configuration choices. The appropriate menu options areshown in each instance in the following format:

Configuration Option NameLocation: Main

Sub-Menu Name Sub-Menu Name

Option Name

The configuration option is shown as well as the optionslocation within the menu system. The character indicatesthat a sub-menu level must be chosen. The option name inwhich a configuration parameter is to be set is shown in italics.

The keyboard graphic in the left margin indicates that this isinformation that the user will have to enter for configuration.

The note icon is used to indicate information on configuration and set up ofthe Router.

Configuration Note: The Configuration Note is used to indicate that theremay be a difference in configuration between the various operational modesof the Router.

The information icon is used to indicate that more information is availableon this subject. The information is usually located within another documentas specified.

Applications

15

Bridging and Routing

Should You Bridge or Route?When connecting two Local Area Networks together, the first questionto ask is should I bridge or route? The decision to bridge or to route maybe decided by how the existing networks have been already set up.

Bridging should be used when the network consists of non-routableprotocols or routable protocols using the same network numbers. Someprotocols can only be bridged; some of the more well known areNetBEUI (used by Microsoft Windows 3.11, Windows ’95, Windows ’98,and Windows NT), and LAT (used by Digital Equipment Corp.).

If your IPX or IP network address is the same at both locations, bridgingis simpler and requires less configuration. If the locations are to berouted together, the network numbers will have to be different in bothcases, this could require extensive reconfiguration.

IPX routing should be used if the two locations are already set up withdifferent IPX network numbers. Routing IPX will minimize the numberof SAP and RIP messages being sent across the WAN.

IP routing should be used if the two locations are already set up withdifferent IP network numbers or if you wish to divide your one IPnetwork number into two sub-networks.

In some cases both bridging and routing may be required. Routing maybe required for IP information and bridging may be required forNetBEUI.

Applications

16

BridgingAn Ethernet bridge intelligently forwards LAN traffic to remotelyconnected LANs across the Wide Area Network (WAN).

WAN connection

LAN #1 LAN #2

Figure 2-1 Bridged Local Area NetworksEthernet bridges simply forward information based on Ethernet MACaddresses. If a LAN packet is destined for a device located on a remoteLAN, the bridge will forward that packet to the remote LAN. If a LANpacket is destined for a device located on the local LAN, the bridge willignore the packet.

Ethernet bridges also communicate to each other using what is called theSpanning Tree Protocol (STP). STP is used to prevent loops in anetwork which cause LAN traffic to be re-broadcast again and againcausing network congestion.

The P840 is pre-configured to operate as an Ethernet bridge compatiblewith the IEEE 802.1d Spanning Tree Protocol definitions. This meansthat without configuration modifications, the P840 will bridge Ethernettraffic to its partner bridges when the Wide Area Network (WAN)connection has been established (see section 1, page 3 for WANconnection set-up).

Applications

17

The P840 also is pre-configured as an IPX router. This means that ifyou wish to bridge IPX traffic instead of routing it, you must disable theIPX routing function of the P840. Once IPX routing has beendisabled, all IPX traffic will be bridged between partner bridges on theWAN.

To set up a bridge between two LANs:

− Connect each Router to the LAN it will be serving

− Connect the WAN interface of each Router to the equipmentsupplied by the service provider

− Configure the remote site profile of the partner router if necessary(see section C)

− Establish the WAN connection

Applications

18

IP RoutingAn Ethernet IP router is used to intelligently route Internet Protocol (IP)LAN traffic to remotely connected LANs across the WAN.

WAN connection

TCP/IP Computers TCP/IP Computers

LAN #1

IP Network Address199.169.1.0

IP Network Address199.169.2.0

Router IP Address 199.169.2.12

Router IP Address 199.169.1.10

LAN #2

Figure 2-2 IP Routed Local Area NetworksIP routers forward IP frames based upon their IP destination address andan internal routing table. The router maintains the internal routing tablewith the remote network IP addresses and the remote partner IP routersassociated with those networks. When an IP frame is received from thelocal LAN, the destination IP address is examined and looked up in therouting table. If destination IP network is found in the routing tables, theIP router sends the IP frame to the remote partner Router that isconnected to the appropriate remote IP network. If no explicit routeentry is found in the routing table, the IP frame is sent to the DefaultGateway.

Applications

19

IP AddressingDevices on an IP network are located by their IP addresses, which is a 32bit number divided into four 8 bit fields. The IP address identifies boththe network and the host device (also known as a node) on that network.The address is usually written as the four decimal values for the fields(between 0 and 255) separated by decimal points; for example196.65.43.21.

The high order field defines the IP class of the address. There are threecommonly used classes of IP address:

A: 1 to 127

B: 128 to 191

C: 192 to 223

For class A addresses, only the first 7 bits of the high order fieldrepresents the network address, so there can be 127 networks. Theremaining three fields are the host portion of the address there can beover 16 million (224) host devices on each class A network.

Class B uses the first two fields for network addresses and can addressapproximately 16,000 networks. The two low order fields allowapproximately 65,000 host addresses (216) for each network.

Applications

20

Class C Uses three high order fields to address over 2 million networks,the low order field is used to address up to 254 hosts.

IP addresses within a private network may be assigned arbitrarily,however, if that network is to interconnect with the global Internet, it isnecessary to obtain a registered IP address.

For example, a small company is connected to the Internet; they areassigned a single class C IP network address (199.169.100.0). Thisnetwork address allows the company to define up to 255 host addresseswithin their network.

MasksThe portion of the IP address to use as the network address is specifiedby using a mask; a mask is the contiguous number of bits to be used forthe network address all set to 1. When the mask is logically ANDed withan IP address, the result is the network address. The mask is specified byentering the mask size as the number of bits in the mask. For thestandard Class A, B and C Internet addresses, the mask sizes would be 8,16 and 24 respectively.

Networks are not restricted to the above standard sizes; the mask (andhence the network address it specifies) may be any number of bits from 8to 32. This gives much more flexibility to match the size of the two fieldsof the IP address to the number of networks and hosts to be serviced.

Applications

21

IP SubnetsAn IP network may be divided into smaller networks by a process calledsub-netting. A subnet is specified using some of the high order bits of thehost field of the IP address for sub-network addressing. The portion ofthe IP address to be used as the subnet address is defined by using asubnet mask.

If the company in the example above (Class C IP address 199.169.100.0)decides to split their network into two LANs to reduce the load on theirnetwork, the original IP network address may be sub-netted into two ormore smaller IP networks consisting of a smaller number of hostaddresses in LAN. This allows each of the sites to be a smaller IPnetwork and to be routed together to allow inter-networkcommunication.

The subnet mask size is the number of bits in the subnet mask. In theabove figure the subnet mask size would be 26 (24 bits for the class Cnetwork address and 2 subnet bits). The subnet size is the number ofsubnet bits - in the above figure, the subnet size would be 2. The subnetmask size for the above example networks will be 26 and the resultingmask is 255.255.255.192:

In this example, specifying a subnet mask size of 26 will produce a subnetsize of 2 bits. Two bits gives 4 possible sub-network addresses from theoriginal IP network address. Two of the resulting sub-networks will haveeither all zeros or all ones as the subnet address; under standard subnets,these addresses are reserved for network functions and hence are invalidaddresses. So setting a subnet mask size of 26 will generate two sub-networks with up to 62 host addresses each (64 potential addresses minus

Applications

22

the all zero and all one addresses). The new IP sub-network addresseswill be: 199.169.100.64 and 199.169.100.128.

Original IP Network Address 199.169.100.0

Subnet IP Network Address199.169.100.64

Router IP Address199.169.100.65Subnet Mask Size 26

Host IP Address199.169.100.66




Router IP Address199.169.100.129Subnet Mask Size 26

Subnet IP Network Address199.169.100.128Subnet Mask is

255.255.255.192

IP Computers IP ComputersLAN #1 LAN #2

Figure 2-3 Defining an IP Subnet MaskDevices on LAN#1 will have addresses from 199.169.100.65 to199.169.100.126, devices on LAN#2 will have addresses from199.169.100.129 to 199.169.100.254.

To configure the P840 to route between the newly created sub-networks,the following parameters must be defined on each router.

1. IP AddressLocation: Main

Configuration LAN Set up

LAN IP Set up IP Address / Mask199.169.100.64 / 26 for Route#1

199.169.100.128 / 26 for Route#2

Applications

23

IP Default GatewayAn IP default gateway is an IP router that is resident on the local IPnetwork that this Router is connected to and is used to route IP framesfor destination networks that do not exist in the routing table. When anIP frame is received that is destined for a network that is not listed in therouting table of the Router, the Router will send the IP frame to thedefault gateway. If the device originating the IP frame is on the sameLAN as the Router, the Router will then send an ICMP redirect messageto the originating device. Any future IP frames for that destinationnetwork will then be sent directly to the default gateway instead of theRouter.

A default gateway may be configured if there are a large number of routesthat will pass through another router to a larger network. An example ofthis would be a router that is used to connect to the Internet. All of therouters on the LAN would have the Internet access router as the defaultgateway.

IP Static RouteWith its default settings, the P840 will automatically learn the routes toother devices on the network through RIP messages. In some instances itmay be desirable to have a predetermined or static route that will alwaysbe used to reach certain devices, such as when one specific router is to beused to reach a remote site network. The static route will haveprecedence over all learned RIP routes even if the cost of the RIP learnedroutes is lower.

Edit Static RouteLocation: Main

Configuration IP Routing Set up

IP Routes Edit Route

Route IP Address Next Hop Cost Add

Each static IP route is defined in the Edit Route menu. Thedestination network IP address is specified when you first

Applications

24

enter the menu and then the IP address of the next hop routeand the cost may be defined.

Once static IP routes are defined, they may be viewed withthe Show Static Routes command from the IP Routes menu.

Configuration Note: When the IP routing protocol is set to none, static routeswill be used to route traffic. The subnet mask size must also be definedwhen creating a static route entry. The subnet mask is required to allow astatic route to be created to a different IP network address. See the previoussection for an explanation of subnet masks.

Applications

25

IPX RoutingThe P840 is pre-configured to operate as an IPX router when installed in anIPX network. The Router will learn the IPX network numbers from thelocal LAN and when the WAN connections are established, the Router willroute the IPX frames to the appropriate destination IPX network.

The IPX routing scenario may consist of one of the two followingconfigurations. The first configuration consists of Novell servers located oneach of the LAN segments to be connected. The second configurationconsists of Novell servers located on only one of the LAN segments to beconnected. The Router will need to be configured differently in the secondconfiguration with Novell servers located on only one of the LAN segments.

Novell Servers in Both LocationsAn Ethernet IPX router is used to intelligently route Novell IPX LAN trafficto remotely connected LANs across the WAN.

WAN connection

Novell Server Novell Server Novell IPX ClientNovell IPX Client

LAN #1

IPX Network Address1512


LAN #2

Figure 2-4 IPX Routed Local Area Networks (Servers on both sides)IPX routers forward IPX frames based upon their IPX destination addressand an internal routing table. The router maintains the internal routing tablewith the remote network IPX addresses and the remote partner IPX routersassociated with those networks. When an IPX frame is received from thelocal LAN, the destination IPX address is examined and looked up in therouting tables. Once the destination IPX address is found in the routingtables, the IPX router sends the IPX frame to the remote partner Router thatis connected to the appropriate remote IPX network.

Applications

26

To configure the P840 to be an IPX router when both LAN segmentscontain Novell servers, the IPX network numbers are learned automaticallyfrom the routing information and service announcements sent by theservers. The Router will automatically assign the IPX network numbers andproceed to route the IPX frames to the appropriate destination network.

When two IPX LAN segments with Novell servers on each segment are to beconnected together with IPX routers, you must ensure that the IPX networknumbers on each of the Novell servers is unique. If the IPX network numbersare the same, the IPX routers will not operate.

Once the WAN connections have been established to the remote partnerRouters, the IPX router portion of the Routers will begin to build their routingtables according to the IPX frames they receive from the network. Manualentries may be made in the routing tables by adding static IPX routes.

Novell Servers in One Location OnlySome Novell LAN installations require that a remote LAN that consists ofonly Novell IPX clients be connected to a central LAN that contains theNovell servers and some more clients. In this configuration, the Routerlocated at the remote site must be configured with the appropriate IPXnetwork numbers. The IPX network number must be configured manuallybecause there is no Novell server at the remote site. The Router must act asa Novell server to supply the proper IPX network number to the clients onthe remote site LAN.

In the following diagram, the Router connected to LAN #2 must beconfigured with IPX network number 1500 using the appropriate frametype. The clients connected to LAN #2 must also be running with the sameframe type as defined on the Router. After the Routers have established theWAN connection, the IPX routing procedures will cause the names of theservices located on LAN #1 to be stored in the services table on the Routeron LAN #2. When one of the clients on LAN #2 starts up, it will look for aserver on the local LAN and the Router will respond with the list of serversthat are located on the central LAN.

Applications

27

WAN connection

Novell Server Novell Client Novell IPX ClientNovell IPX Client

LAN #1


IPX Network Address1500 - defined on router

LAN #2

Figure 2-5 IPX Routed Local Area Networks (Servers on one side)

The following steps must be performed on the Router connected to LAN#2.

IPX Routing DisabledLocation: Main

Configuration IPX Routing Set up

IPX Routing

Disabling IPX routing allows the IPX frame types to bemodified.

Configuration Note: IPX Routing does not need to be disabled in order tochange the defined network numbers on a PPP Router.

Applications

28

IPX Frame TypesLocation: Main


Configure LAN Networks Ethernet-II Frames RAW 802.3 Frames IEEE 802.2 Frames 802.2 SNAP Frames

Define the appropriate IPX network number for theappropriate frame type. Note that IPX network numbersmust be unique. If more than one frame type is to be used,each frame type must have a unique IPX network number.There must be no duplicate IPX network numbers withinyour entire IPX routed network, they must all be unique. TheIPX network numbers may be any value from 0 toFFFFFFFF HEX.

IPX Routing EnabledLocation: Main


IPX Routing

IPX routing must be re-enabled to allow the Router to operate asan IPX router with the newly defined IPX network numbers.

All Router routers connected to the same WAN must have IPXrouting enabled for IPX routing to take place between the LANs.When a number of Router routers are connected on the sameWAN and one of the Routers has IPX routing disabled, all of theRouters will become bridges only for IPX frames.

Applications

29

IPX Forwarding EnabledLocation: Main


IPX Forwarding

IPX forwarding must be re-enabled to allow the Router toforward IPX frames onto the WAN to the partner IPXRouter routers.

Configuration Note: The IPX Forwarding function enables or disables theforwarding of IPX traffic when IPX routing is enabled. When IPXforwarding is disabled, all IPX traffic across the WAN links will beblocked. While IPX forwarding is disabled, the Router will still operate asan IPX router and maintain its routing and server tables.

The configuration options described here are only for initial setup and configuration purposes. For more complete informationon all of the configuration parameters available please refer tothe P840 PPP Menu Reference Manual file on the accompanyingCD-ROM.

Applications

30

PPP OverviewPoint to Point Protocol (PPP) is a connection protocol that allowscontrol over the set-up and monitoring of network communications. It isused in procedures for user authentication (name and password),connection management (spoofing, bandwidth on demand, multilink),and compression.

PPP Link ConfigurationA PPP connection between two routers may use a number of NetworkControl Protocols for communication. An IP router connection will usethe Internet Protocol Control Protocol (IPCP) for all IPcommunications. An IPX router connection will use the Internet PacketExchange Control Protocol (IPXCP) for all IPX communications.

In order to establish an IPCP or IPXCP link connection between twoPPP routers, either a numbered link or an unnumbered link connectionmust be established. The two types of link connections are available toallow for greater flexibility between vendors products.

Numbered LinksA numbered link assigns a network address (either IP or IPX) to bothends of the WAN connection. In a numbered link configuration, theWAN connection may be viewed as another LAN network with the twoPPP routers simply routing information between their local LANs andthe common connected WAN network.

Because the WAN is considered to be a separate network, each of thestations on that network must be assigned a network address. If anumbered IP link is to be established, then each WAN interface must beassigned an IP address on a unique IP network. The WAN IP networkaddress must be different from the two existing networks that are beingconnected together with the PPP routers.

If a numbered IPX link is to be established, then each WAN interfacemust be assigned an IPX node address on a unique IPX network number.The WAN IPX network address must be different from the two existingnetworks that are being connected together with the PPP routers.

The IP address of the local WAN link is defined as the Local IPAddress within the remote site profile settings and the direct dial portionof the Quick Start menu. The IP address of the WAN link of the remotePPP router is defined as the Peer IP Address within the remote siteprofile settings and the direct dial portion of the Quick Start menu. TheWAN IP network number is defined by defining a subnet mask size to

Applications

31

use when defining the local IP address. The size of the subnet mask willdetermine the IP network number used.

The IPX node address of the local WAN link is defined as the LocalIPX Node within the remote site profile settings. The IPX address ofthe WAN link of the remote PPP router is defined as the Peer IPXNode within the remote site profile settings. The WAN IPX networknumber is defined with the IPX Net option in the remote site profilesettings.

Configuration Note: When making a direct dial connection within the QuickStart menu, only IP numbered and IPX unnumbered links are allowed.For different types of connections, a remote site profile should be configuredwith the appropriate IPCP and IPXCP settings defined.

Unnumbered LinksAn unnumbered link does not use network addressing on the WAN link.The WAN connection is roughly equivalent to an internal connectionwith each of the two end point routers operating as half of a completerouter that is connected between the two endpoint LANs.

When an IPCP link is set to unnumbered, the only configuration optionapplicable is Peer IP Address. The peer IP address in this case is the IPaddress of the remote PPP router, that is the IP address of its LANconnection. If the peer IP address is not specified, the Router willattempt to determine it when negotiating the IPCP connection.

When an IPXCP link is set to unnumbered, no addressing configurationis required. All of the IPX settings are negotiated during the IPXCPconnection.

Configuration Note: When making a direct dial connection within the QuickStart menu, only IP numbered and IPX unnumbered links are allowed.For different types of connections, a remote site profile should be configuredwith the appropriate IPCP and IPXCP settings defined.

Applications

32

Location: Main Configuration

WAN Set up Remote Site Set up

Edit Remote Site Protocol Set up

IP Parameters Peer IP address

Multilink OperationMultilink operation defines the use of more than one link to connectbetween two PPP routers. The MultiLink Operation option of theremote site profile for a connection is enabled by default.

When a multilink connection is established, the multilink (MP) optionswithin the PPP Set up and Advanced PPP Set up menus will determinethe operation of the multilink connection.

Applications

33

Configure Remote Site ProfilesRemote Site Profiles allow the Router to have different sets ofconfiguration parameters for each of the remote site routers that may becalled or that may call this Router. This allows complete control over theconfiguration of each possible connection.

Each remote site profile is assigned an identification number when it iscreated, whether it is created manually by the user editing the remote siteprofile or automatically under frame relay auto-learning. The remote siteis also named with an alias, which provides a more descriptive identifierfor the remote site profile. For example, a remote site profile may becreated with a name that describes the location of the remote router or auser name on an incoming connection. The alias may be up to 16characters long and must begin with an alphabetic character (blanks andthe character ”!” are not allowed).

There can be up to 40 remote site profiles. The ID numbers are assignedautomatically in ascending order as the site profiles are created.

ID numbers 41, 42 and 43 are templates for creating remote site profileswith ISDN, Frame Relay or Leased Line connections respectively. Atemplate may have its parameters set to match common networkconfigurations and then be used to quickly set up a number of similarnew sites. In addition to the reserved templates, you can use any remotesite as a template to create a new site.

The remote site profile allows the definition of various connectionparameters: Circuit set-up, Bridge and Routing protocol configurations,activation criteria and security.

The following steps must be performed on the P840 in order to define anew remote site profile.

Remote Site Profile ID & AliasLocation: Main

Configuration WAN Set up

Remote Site Set up Edit Remote Site

The remote site alias must be entered. The remote site profile is thencreated, an ID number is automatically assigned to it and the remote siteprofile is opened for editing. If a remote site profile already exists, either

Applications

34

the ID number or the alias may be provided to access the site profile forediting.

Now that the remote site profile is created, a link number must beassigned as the primary link number. The primary link number is the linkinterface that the Router will use to attempt to establish a connection tothe remote site PPP router.

Primary Link Number Location: Main



Connection Set up Primary Link Number

ISDN Connection Remote Site ProfilesThe ISDN call parameters for each of the remote sites that may be calledfrom this router must be defined. The Router must know what ISDNphone number to dial when a connection to this remote site is requiredand what security parameters to use when establishing a connection.

When this Router receives an ISDN connection it will prompt the callingdevice for a user name and password (PPP access security); when thename and password have been authenticated, the user name is used tosearch the remote site profile entries to find a match. Once a match isfound, the configuration parameters defined within that remote siteprofile are used to finish establishing the PPP connection.

Configuration Note: The remote site profile alias, user name of the security entry,and the user name defined on the partner PPP router must all be the same for aconnection to be established.

Applications

35

Remote Site ISDN Phone NumberLocation: Main



Connection Set up ISDN Call Set up

ISDN Number

The ISDN number defined here is the ISDN phone number of theremote site ISDN PPP router. This is the ISDN phone number that willbe dialed to establish a connection to this remote site profile.

Frame Relay Remote Site ProfilesWhen frame relay is activated on the P840 it is set by default toautomatically query the frame relay service to auto-learn the requiredparameters and automatically set up remote site profiles for eachconnection. See Frame Relay Configuration in the following section formore details.

Digital Leased Remote Site ProfilesAs a leased line provides a dedicated line directly to a single remotesite, the default settings will likely be all that is necessary to connect tothis site.

If necessary, the Bridge, IP, IPX and Compression settings may need tobe configured within their parameter menus to match the partner router.

Applications

36

Configure Remote Site Profiles for PPPoE

Remote Site Profiles allow for the router to be configured to support PPPover Ethernet (PPPoE) client on the router. The PPPoE feature on thePerle routers provide a PPPoE client support on Ethernet interfaces to abridging DSL modem to the Internet. This feature will create a PPPtunnel to an ISP located somewhere on the ATM network side of thexDSL modem. This feature eliminates the hassle and potential error ofrunning a PPPoE client on each LAN workstation that requires Internetaccess.

The following steps must be performed in order for the router to beconfigured for PPPoE connection. The remote site set-up for the PPPoEshould refer to the section for Configure Remote Site Profiles for LeasedLine PPP as the initial guideline for setting up a remote site configurationfor PPP. Afterwards the following steps transform the PPP remote siteconnection to a unique PPPoE remote site configuration.

Location: Main

Configuration

WAN Set-Up Remote Site Set-up

Edit Remote Site Connection Set-up

Primary Link LAN

The Auto-Call field will be automatically setup to be enabled when aLAN interface is selected as the primary link. This will allow the PPPoEconnection to be established automatically upon boot-up of the router.

To verify that PPPoE is enabled for this remote connection, view theread-only parameter

Applications

37

Location: Main

ConfigurationWAN Set-UP

Remote Site Set-UpEdit Remote SiteProtocol Set-Up

PPPoEenabled

When setting up your PPPoE link with your ISP provider, one global IPaddresses will be provided that should be used for the PPPoE remotesite configuration. By enabled the NAT feature on the remote siteconfiguration allows you to maintain only one global IP addresses for allPC workstation on your internal LAN.

Location: Main

Configuration WAN Set-up

Remote Site Set-Up Edit Remote Site

Protocol Set-Up IP Set-up

NAT enabled enabled

Access to some web pages is a common problem experienced whenrunning a PPPoE client on a router. By design, PPPoE packets cansupport a maximum MTU of up 1492 bytes. Normally when aconnection is established over common PPP, the TCP protocolnegotiates its maximum data size using the mss option (default 1460). Bydefault, most Windows PCs have their TCP mss option set to 1460 bytes.Since PPPoE requires an additional 8 bytes of header data, the TCP mssoption should decrease to 1452 bytes. Therefore when configuring therouter for PPPoE, the remote site NAT configuration automatically

Applications

38

adjust its TCP mss option to 1452 to accommodate this requirement. Toverify this value has been adjusted:

Location: Main

Configuration

WAN Set-UpRemote Site Set-up

Protocol Set-UpIP Parameters

NAT Advanced Set-upTCP mss

enabledTCP mss value

1452

Normally your ISP provider will provide you with an outgoing usernameand password and to authenticate with their services. The PPPoE remotesite configuration needs to have the security section configured with thisISP parameters to authenticate the PPPoE connection.

Location: Main

Configuration

WAN Set-UpRemote Site Set-Up

Security Set-UpOutgoing Username

ISP provided usernameOutgoing PAP password

ISP provided passwordOutgoing CHAP password (if required by ISP)

ISP chap password

To ensure that network traffic is routed to the PPPoE connection, therouter must be configured to have the default IP gateway setup to yournewly created PPPoE remote site connection.

Applications

39

Location: Main

Configuration

IP Routing Set-upGateway

PPPoE remote site alias

Applications

40

Basic ConfigurationsThe P840 may be configured to handle the two BRI B-channels as bothswitched circuit ISDN links, as both Digital-Leased links (Digital-Leasedis also known as Super-digital, ADSL-lite or monopole) or as one of eachtype. In addition, each Digital-Leased link may be set for either FrameRelay or PPP operation. The types of service available should be dicussedwith your service provider.

ConnectionThe software controls used to determine when to attempt aconnection to a remote site may be any one of the following methods:

IP Address Connect: Defining a remote site profile within theIP Address connect table and enabling IP Address Connect will causea call to be made when a packet for this IP address is routed. This isthe most common connection method.

Location: Main


IP Address Connect Edit IP Address Entry

ID # for this entryIP address of remote site Remote site ID or alias

Location: Main


IP Address Connect IP Address Connect

enabled

Applications

41

Manual Call: The system operator may use the Manual Calloption of the Remote Site Set up menu to initiate aconnection attempt.

Location: Main


Remote Site Set up Manual Call

Remote site ID or alias to call

Auto Call: Enabling the Auto-Call option within the Edit RemoteSite menu of this remote site profile causes the Router to attempt toestablish a connection to this remote site profile each time the Routerstarts up.

Location: Main



Connection Set up Auto call

enabled

Applications

42

Basic ISDN ConnectionsThe default settings of the P840 configure it for ISDN routing (ratherthan Digital_Leased). It may establish WAN connections to otherbridge/routers via ISDN (Integrated Services Digital Network)connections. Either 1 or 2 ISDN B-channels (2 B-channels per ISDNBRI interface) may be used.

Before the P840 can establish an ISDN connection to another router, theISDN information must be defined. The ISDN switch type must bedefined for the ISDN interface, and the phone numbers must be defined.The following diagram shows three routers connected together, with twoISDN B-channels being configured on one unit and one channel on theother units.

Figure 2-6 Basic ISDN ConfigurationThe following steps must be performed to configure the P840 for switchedISDN operation:

Switch TypeLocation: Main


Switch Type

ISDNWAN connections

ISDN phone numbersassigned from theISDN circuit provider.

555-1201

555-1101

555-1202555-1301 PPP ISDN

IP Router

Applications

43

Ten ISDN switch types are available: net3, ni-1, ni-2,dms-100, 5ess-pp, 5ess-mp, tph1962, kdd, sweden, orntt. Note that if your routers are located withindifferent ISDN jurisdictions, the ISDN switch type maybe different on each of the units.

Directory Numbers & SPIDsLocation: Main


Link Set up ISDN Set up

Directory Number 1 SPID 1 Directory Number 2 SPID 2

The directory number(s) will be the ISDN phone numbersused to establish a call between the routers. The SPIDs areused to register the ISDN interface with the central switch.

Configuration Note: For most European installations, the switch type will beNET3 which only requires one directory number. The Router willoperate without putting in the directory number for a NET3 switch, butit is recommended that it be entered,

Most North American installations use the switch type NI-1 and musthave the two directory numbers entered, as well as two SPID (ServiceProfile Identifiers) values. For an NI-1 switch type, enter only the localportion of the directory number unless the area code is required for localcalls. The SPID must be set to the exact number given by the ISDNservice provider.

Once the ISDN switch type and directory numbers have beenconfigured, the Router must be reset for the new values to take effect andfor the ISDN BRI interface to register with the central switch.

Applications

44

Soft ResetLocation: Main

Diagnostics Soft Reset

Once the Router has restarted it is ready to establish ISDNconnections.

With the ISDN numbers and switch type defined, an ISDN call may beplaced to another properly configured bridge/router. The calls may beplaced manually or automatically. The automatic call features availableare Auto-Call or IP Address Connect. An Auto-Call connection isestablished each time the Router starts up. An IP Address Connect call isestablished to a specifically configured remote Router when certain IPtraffic is received from the local LAN.

“Quick Start” PPP ISDN ConnectionsThe PPP P840 provides a “Quick Start” menu option that allows you toenter the basic configuration parameters required to establish a manualdirect dial ISDN connection to another PPP IP/IPX router. Once theconnection is established and is working properly, the Router should beconfigured with a remote site profile entry for that router. Once theremote site profile is created, ISDN calls may be placed automaticallyeach time the Router starts up (Auto-Call) or automatically dependingupon the time of day activation schedule or upon receiving IP framesfrom the local LAN destined for the IP network connected to thatparticular PPP router.

When establishing a direct dial connection from the “Quick Start” menu,the Bridging, IP and IPX configuration is partially predetermined. The IPconnection requires the configuration of the local IP address of thisRouter. The IPX connection is an unnumbered connection that does notrequire any configuration. Each of the IP or IPX functions may also bedisabled before the manual dial ISDN call is made.

The first step to a direct dial connection is to define the switch type andnumbers as shown on the previous two pages (basic ISDNconfiguration). Once the ISDN configuration has been entered and theRouter has been reset, a direct dial may be made to a remote site Bridgeor IP/IPX PPP router.

If security is required for the direct dial connection refer to the ConfigurePPP Security section for information on setting the security passwordsand user names for PPP.

Applications

45

IPX Router ConnectionTo establish an IPX PPP direct dial connection, enter the ISDN phonenumber of the remote site PPP router in the manual dial option. Refer tothe Configure as an Ethernet IPX Router, section 2.1.3 for moreinformation on IPX configuration required.

Manual DialLocation: Main

Quick Start Direct Dial

ISDN number

Enter the ISDN phone number of the remote site IPX PPProuter and an ISDN call will be placed.

IP Router ConnectionTo establish an IP PPP direct dial connection, the IP addresses must besupplied for this device before the ISDN call may be placed. Refer to theConfigure as an Ethernet IP Router, section 2.1.2 for more informationon the IP configuration required.

IP AddressLocation: Main


IP Address

This is the IP address and subnet mask size for the link of thisRouter in the numbered IP connection.

Manual DialLocation: Main


ISDN number

Enter the ISDN phone number of the remote site IP PPP router and anISDN call will be placed.

Applications

46

Basic Frame Relay ConfigurationThe P840 may be configured to route frame relay packets over DigitalLeased service (also known as Super-digital, ADSL-lite or monopole) onone or both BRI channels.

If a link on the P840 is configured for frame relay, it will communicateover WAN connections to other frame relay units via Frame RelayPermanent Virtual Circuits (PVC). From 1 to 40 PVC’s may be definedto connect to other frame relay units. Before the P840 can establish aPVC connection to another frame relay router, at least one PVC must bedefined. The P840 is pre-configured to query the frame relay service toauto-learn the required parameters; they may also be set manually.

The DLCI (Data Link Connection Identifier) number for the PVC isassigned by the frame relay service provider. The PVC must be definedon the physical link on the P840. The following diagram shows threeP840 units connected together with a PVC being configured on eachunit. The configuration of the PVCs within the frame relay cloud iscontrolled by the frame relay service provider.

Figure 2 - 8 Frame Relay configuration

Frame Relay PVCWAN connections

DLCI numbersassigned for thesePVCs from theframe relay provider.51 52

55

Applications

47

The link must be set to operate in Digital-Leased mode:

Set link to Digital-LeasedLocation: Main


Link Set up Logical ISDN type

Digital-Leased

Frame Relay must then be enabled:

Frame Relay enableLocation: Main


Link Set up Frame Relay

enabled

The router will request confirmation of the change, enter “yes”.

Auto Learning the Frame Relay ConfigurationUnder the default frame relay settings, the P840 is configured to querythe frame relay service to auto-learn the LMI type and the PVC DLCInumbers. This auto-learn function allows the P840 to be plugged intothe frame relay service and auto-learn the PVC configuration to becomeoperational without further configuration. (Manual configuration is alsoallowed by modifying the options within each Remote Site Profile and theindividual link configuration menus. Please see the P840 PPP MenusManual on the accompanying CD-ROM for information on manualconfiguration).

When the P840 first starts up it will query the frame relay service todetermine the LMI type. Once the LMI type is determined, the PVCconfigurations will be known from the full status enquiry messages. Ifthe DLCI numbers of the PVC’s on your service are determined duringthis learning process, the P840 will automatically create a remote siteprofile for each PVC. The automatically created remote site profiles willbe named “LinkxDLCIyyy” where x is the physical link number the PVCis on and yyy is the DLCI of the PVC.

Applications

48

If during this learning process the maximum number of remote sites (40)has been reached, the P840 will prompt you that there are no remote sitesavailable. A new remote site cannot be auto-created unless one of theexisting remote sites is manually deleted.

Within each of the remote site profiles automatically created, Bridging, IProuting, and IPX routing are all set to “enabled”. Because each of theseoptions are enabled by default and the automatically created remote siteprofiles will establish a PVC connection to the remote site routers, theP840 will bridge and IPX route data without any user configuration.Because an IP router requires an IP address, the P840 must be configuredwith an IP address before IP routing is fully operational.

To configure an IP address for the P840, use the IP address option.

IP AddressLocation: Main

Configuration LAN Set-up

LAN IP Set-up IP Address / Subnet mask size

If security is required for the PVC connection refer to the Configure PPPSecurity section for information on setting the security passwords anduser names for PPP.

By default, PPP is disabled for each of the newly created remote siteprofiles. If PPP encapsulation is desired, for example to use security, thePPP encapsulation option should be set to “enabled”. By default, whenPPP encapsulation is enabled multilink is also enabled.

Applications

49

PPP EncapsulationLocation: Main

Configuration WAN Set-Up

Remote Site Set-Up Edit Remote Site Connection Set-up

PPPenable

The configuration options described here are only for initial set up andconfiguration purposes. For more complete information on all of theconfiguration parameters available please refer to the P840 PPP MenusReference Manual file on the accompanying CD-ROM.

Applications

50

Basic Leased Line ConfigurationThe P840 may be configured to route PPP packets over Digital-Leasedservice (also known as Super-digital, ADSL-lite or monopole) on one orboth BRI channels. The P840 in Digital-Leased mode will operate as aPPP leased line bridge/router if the frame relay function is disabled. Theleased line P840 establishes PPP (Point to Point Protocol) WANconnections to other PPP leased line P840s or to other vendor’s PPPleased line routers via direct leased line connections.

The following diagram that shows a P840 and another vendor’s unitconnected together with a direct leased line connection.

Figure 2 - 9 Basic PPP Leased Line Configuration

The link must be set to operate in Digital-Leased mode:

Set link to Digital-LeasedLocation: Main


Link Set up Logical ISDN type

Digital-Leased

To run PPP leased line, frame relay must be disabled:

Frame Relay disableLocation: Main


Link Set up Frame Relay

disabled

The router will request confirmation of the change, enter “yes”.

PPP IP Router

Applications

51

Bridge Connection.As soon as the above configuration is set, the P840 will attempt toestablish the link connection to the remote site PPP router.

The Bridge connection does not require any configuration for operation.

IP Router Connection.If IP traffic is to be routed, the IP address of the P840 must be set.

Local IP AddressLocation: Main

Configuration LAN Set-up

LAN IP Set-up IP Address / Subnet mask size

Once the local IP address has been configured, the P840 will attempt toestablish the link connection to the remote site PPP router.

The IP connection is an unnumbered connection that requires only theconfiguration of the IP address of this P840.

IPX Router ConnectionAs soon as the above configuration is set, the P840 router will attempt toestablish the link connection to the remote site PPP router.

The IPX connection is an unnumbered connection that does not requireany configuration.

If security is required for the connection, refer to the Configure PPPSecurity section for information on setting the security passwords anduser names for PPP.

The configuration options described here are only for initial set up andconfiguration purposes. For more complete information on all of theconfiguration parameters available please refer to the P840 PPP MenusReference Manual file on the accompanying CD-ROM.

Applications

52

ADVANCED FEATURES

Dynamic Host Configuration ProtocolThe P840 uses Dynamic Host Configuration Protocol (DHCP) to allowusers in a small office environment to be added and removed from anetwork with all of the network information (i.e. IP address, DNS, subnetmask, etc.) being configured automatically. DHCP configures devices(DHCP clients) from a central DHCP server. It is designed to allocatenetwork addresses to a number of hosts on the Router’s LAN and supplythe minimal configuration needed to allow hosts to operate in an IP network.

The following steps must be performed on the P840 to configure it as aDHCP server.

DHCP ServicesLocation: Main

ConfigurationApplications Set up

DHCP Set up DHCP Services

Server

DHCP Services options which are available are none,relay and server. Set to server to enable this device asa DHCP Server.

IP Address PoolLocation: Main

Configuration Applications Set up

DHCP Set up Server IP address pool

IP address poolFirst IP Address/

number of addresses

Applications

53

The IP address pool option requires setting the first IP addressin the range that is to be used for the devices attached to theDHCP Server. The number of addresses to be assigned mustalso be specified, to a maximum of 253.

With the DHCP Services and IP Address Pool defined, devices may beattached to the network (up to the maximum specified) and they will beautomatically configured.

Configuration Note: When setting up a router as a DHCP server that willhave both a DNS server on the internal network and a remote connectionto another DNS server (for example, through an ISP), then the localDNS server should be set as the primary DNS and the external DNSserver as the secondary DNS.

DNS Set-UpLocation: Main


DHCP Set upDNS set-up

Primary DNS -IP address local DNS server

Secondary DNS-IP address external DNS server

Applications

54

Figure 2-10 Local + External DNS Server Configuration

The configuration options described here are only for initial set up andconfiguration purposes. For more complete information on all of theconfiguration parameters available please refer to the P840 PPP MenuReference Manual on the accompanying CD-ROM.

Internet ServiceProvider

Local DNS Server

(Primary)

External DNS Server(Secondary)

Applications

55

Network Address Translation and Port Translation

The P840 provides support for Network Address Translation (NAT).Network Address Translation is a technique that translates private IPaddress on a private network to valid global IP addresses for access to theInternet. Network Address Port Translation (NAPT) translates both theIP address and the port number. The advantage of port translation isthat more than one private IP address can be translated to the sameglobal IP address. Port translation allows data exchanges initiated fromhosts with private IP addresses to be sent to the Internet via the Routerusing a single global IP address. A global IP address must be assigned tothe WAN link upon which NAPT is enabled for port translation to work.The global IP address will be assigned by the ISP.

To use NAPT, the private network addresses of the services that will beavailable globally must be assigned:

NAT ExportsLocation: Main


NAT Exports Edit Services

enter the private network IP address of each service offered

Applications

56

Then NAT (Network Address Translation) is enabled:

NAT EnableLocation: Main



Protocol Set up IP Parameters

NAT EnabledEnabled

Figure 2-11 NAPT Configuration

Internet ServiceProvider

Private Network

Addresses:

Global IPAddress:

199.87.65.43

NAPT mapping:1.1.1.2 = 199.87.65.43 (25)1.1.1.3 = 199.87.65.43 (23)1.1.1.4 = 199.87.65.43 (80)

e-mailserver1.1.1.2

telnetserver1.1.1.3

WWWserver1.1.1.4

1.1.1.6

1.1.1.8

Local DNS Server

(Primary)

Applications

57

SecurityThe Router provides a number of means of providing security onincoming and outgoing traffic on a network. These methods includeaccess authentication, firewall limiting access to only designated deviceaddresses, private network address translation (NAT) and filtering forboth incoming and outgoing traffic.

Configure PPP SecurityThe PPP P840 provides support for both PAP and CHAP security accessauthentication. An outgoing user name, PAP password , and CHAP secretare defined that the Router will use when responding to an authenticationrequest from a remote site PPP router.

The security option in the “Quick Start” menu allows you to quickly definethe security level to be used for PPP authentication.

SecurityLocation: Main

Quick Start Security level

When choosing the security option you may choose none, PAPor CHAP.

The cold start defaults for the security user name and passwords are asfollows. These defaults will exist when the Router is first started before anyconfiguration is entered, and after a Full Reset has been performed. Thesedefault values are also set when the Router is placed in TFTP Network loadmode for upgrading the operating software via TFTP transfers. Care shouldbe taken when upgrading a group of Routers that have security levels set.Default outgoing user name for each remote site when it is defined is the sameas the default device name. Default PAP password and CHAP secret areboth set to “BRIDGE”.

Applications

58

The complete security configuration for both incoming and outgoing calls isdefined within the Security menu of the WAN Set up section.

Security LevelLocation: Main


Security Set up Security Level

The security level defines the type of security that this Routerwill request when a remote site PPP router attempts toestablish a PPP connection. The security may defined asnone, PAP, or CHAP.

When a security level is defined on this Router, an entry for each remotesite PPP router that may be connected to this Router must be placed inthe security database. The security database is used to store the usernames and passwords of the remote site PPP routers.

Remote Site Security Parameters EntryLocation: Main


Edit Remote Site Security Parameters

Outgoing User Name Incoming PAP Password

Outgoing PAP Password

or Incoming CHAP Secret Outgoing CHAP Secret

The outgoing entries in the security database define the usernames and passwords/secrets that this Router will send inresponse to an authentication request is sent from the remotepartner router. The incoming entries define thepasswords/secrets that this Router expects to receive from theremote partner in response to authentication requests.

Applications

59

For a pair of partner routers with security enabled, the outgoing user name inthe security parameters entry of one router must match the remote site alias inthe partner router’s remote sites table.

The configuration options described here are only for initial set up andconfiguration purposes. For more complete information on all of theconfiguration parameters available, please refer to the PPP ISDN MenusReference Manual file on the accompanying CD-ROM.

Applications

60

Configure FirewallThe P840 provides Firewall security for restricting access between any twonetworks connected through the router. Firewalls are set up on a perconnection basis for the LAN and remote sites. The direction of filtering isfrom the perspective of the Router; incoming traffic is from the network inquestion to the Router, outgoing is from the Router to the network. Thedirection of filtering may be set to incoming, outgoing, both or none. Oncethe direction of filtering for a connection has been set, holes may be createdin the firewall to allow specified traffic through. Normally, the LAN firewallis used for restricting intranet traffic (connections within the corporatenetwork) and remote site firewalls are used to limit access from less trustedsources, such as the Internet or dial-up ISDN links.

Figure 2-12 Sample Firewall ApplicationThe above diagram shows a corporate head office network, which isconnected to the Internet with a P840. There is also a branch office at aremote site connected with a Digital Leased link. The administrator atthe corporate head office wishes to set up an IP firewall to alloweveryone on the Internet to have access to the corporate FTP and Webservers and nothing else. The administrator also wishes to allow all of theTCP traffic from the branch office network to have access to the headoffice. Anyone in the corporation may have unrestricted access to theInternet.

Internet

Router with firewall enabled.

Corporate HeadOffice Network195.100.1.0

Branch Office Network195.100.2.0

Any other networkany IP address

Main FTP server: 195.100.1.12Main Web server: 195.100.1.20

Applications

61

The following steps must be performed on the P840 to set up the firewallsupport as desired.

First the firewall on the ISP connection (remote site 1) of the WAN is setup. The firewall option is set to “inbound” to have this WAN firewallfilter traffic from the ISP to the Router while allowing unrestricted accessout to the Internet.

Firewall WAN Remote Site Filter directionLocation: Main


Firewall Set up WAN Firewall Set up

enter ID# 1 for ISP remote site Firewall

inbound

The firewall on the Internet connection is set up to protect the entirecorporate network, including the branch office, from unauthorized traffic.

Then the entries are made in the “Designated Servers” menu to allowInternet access to the FTP and Web servers on the corporate network.

FTP & WWW Designated ServersLocation: Main


Firewall Set up WAN Firewall Set up

ID# 1 for ISP remote site Designated Servers

FTP Server— 195.100.1.12

WWW (HTTP) Server— 195.100.1.20

When defining a designated server you will be prompted forthe IP address of that device. Adding an entry to thedesignated servers list allows you to quickly setup a firewallentry without having to figure out TCP port values.

Applications

62

Next, the LAN firewall is set up to restrict access to the LAN. Thefirewall option is set to “outbound” to have the LAN firewall filter trafficfrom the Router.

Firewall LAN Filter DirectionLocation: Main


Firewall Set up LAN Firewall Set up

Firewall Outbound

Then an entry is placed in the firewall table to allow devices in the branchoffice remote site to have unlimited TCP access to devices in the head office.

Firewall Table EntryLocation: Main


Firewall Set up LAN Firewall Set up Edit Firewall Entry

filter ID # 1 Dest IP Address

— 195.100.1.0 Destination Mask

— 255.255.255.0 Source IP Address

— 195.100.2.0 Source Mask

— 255.255.255.0 Protocol Type

— TCP entry direction

—outbound

Finally, holes are provided in the LAN firewall to allow Internet access tothe FTP and WWW servers.

Applications

63

FirewallLocation: Main


Firewall Set up LAN Firewall Set up

Designated Servers FTP Server

— 195.100.1.12 WWW (HTTP) Server

— 195.100.1.20

The configuration options described here are only for initial set up andconfiguration purposes. For more information on all of the configurationparameters available please refer to the Menu Reference Manual file on theaccompanying CD-ROM.

Applications

64

Network Address TranslationUsing private addresses on a network and NAT/NAPT for interactionsover a WAN connection hides the internal address from the rest of theworld. Access is restricted to only those services that are specificallydesignated to be available.

FiltersThe programmable filtering functions available on the P840 provide avery powerful means of controlling traffic flow to and from a network.Please see section 3 Introduction to Filtering for details on how to setup various filtering operations.

Applications

65

CompressionCompressing data allows data throughput rate considerably greater thanthe physical line rate. The actual rate achieved will depend on howcompressible the specific data is. Generally, graphics and databasescompress up to 600%, text 400 to 500%, binary codes about 200%.

Enable compressionLocation: Main



Protocol Set up CCP parameters

Compression Enabled

Applications

66

Bandwidth On DemandThe Router may be set to activate its secondary link when the load on theprimary link exceeds a user-defined threshold.

Set the traffic loads for enabling and disabling thesecondary circuitLocation: Main



Threshold up thresholdup stability timer

down thresholddown stability timer

The up and down stability timers are the delay times that theprimary link must be above the threshold before the secondary isactivated or below threshold before it is brought down. Thisprevents activation or deactivation of the secondary link due tomomentary peaks or drops in traffic.

Applications

67

Bandwidth Allocation Control Protocol (BACP) may be used to negotiatethe link activation between partner routers (BACP must be used if thepartner router is not another Router).

Enable BACPLocation: Main



Protocol Set up BACP Set up

BACP enable call mode

local or partner

Call mode determines which router originates the call to bring upthe second link.

If BACP is not used, the partner Routers will use proprietarynegotiations to determine which router is to activate the secondlink.

Applications

68

QOS - Priority QueuingPriority Queuing (PQ) allows the users to configure the router to allowspecific traffic bound for an outgoing interface to be prioritized into high,medium, normal and low queues. Packets sent to the high priority queueare serviced first, followed by the packets on the medium queue and soon. The router can configure outbound traffic to specific queues basedupon protocol, addresses and incoming interfaces.

To enable Priority Queuing you must configure a Priority list whichcontains the criteria items for the outbound packets. Each packet will becompared to item #1 in the Priority List and then progress down the listof items in order until a match is found. When a match is found, thecomparison search will stop and the packet will be given the priorityconfigured for that item. Thus more specific priority criteria should bedefined at the beginning of the list.

To define item criteria within a Priority List:

Location: MainConfiguration

QOS SetupPriority Queuing

Edit Priority ListEdit Items

Once the Priority List is defined, the Priority List can be assigned to aRemote Site interface or the LAN interface.

Applications

69

To assign a Priority List to a LAN interface


Lan Set-upQOS Setup

Queuing StrategyPriorityPriority List Number

To assign a Priority List to a Remote Site Connection


Wan Set-up Remote Site Set-up

Edit Remote Site Protocol Set-up

QOS SetupQueuing Strategy

PriorityPriority List Number

Applications

70

Simple Network Time Protocol (SNTP)

The Simple Network Time Protocol (SNTP) feature on the Perle Routerssupport the client side of the protocol as described in RFC 2030. Therouter will be able to obtain its time from a NTP or SNTP server andthen can be synchronized amongst other network devices. Additionally,the router can also be configured to support various time variationsfeatures such as local time zone and adjustments for daylight savingstime.

When the Perle router has SNTP enabled it will periodically send NTPpackets to the NTP/SNTP server which will respond with the networktime. The router will synchronize its internal clock with the responsefrom the NTP/SNTP server. The method in which the router sends orreceives the NTP packets from the NTP/SNTP server is configurable inthree modes: unicast, multicast and anycast.

In unicast mode, the router will have to be configured with the IPAddress of the NTP server and will periodically send a request packet tothe NTP server. The NTP server will then respond directly to this requestwith the current time. The Perle router supports a primary and asecondary IP Address for NTP servers.

In multicast mode, the router does not initiate the request packets butwaits to receive the periodic broadcasts from the NTP server with thecurrent time. Once the router receives an NTP packet from the server, itwill then synchronize its internal clock with the current time.

In anycast mode, the router will send out a request packet as a broadcaston the LAN to get a response from any NTP server. When the firstresponse is received from an NTP server, the internal clock of the routeris synchronized. The router will learn the IP Address of the NTP serverthat responded and then operate in unicast mode.

The Perle router supports time variation feature of local time zones anddaylight savings time regardless if the internal clock is synchronized withan NTP server. The local time zone feature allows the router to offset theinternal clock by a configurable time from the UTC time. Theconfigurable time zone off set can be specified in hours (0 to 23) andminutes (0 to 59) and can also be specified by a specific name up to 4characters.

Adjustments to the internal clock for daylight saving time (Summer-time)can be enabled and specified for one time within the year or recurringyear after year. Configuration parameters allow the router to enable

Applications

71

Summer-time each year by specifying the month, week, day and hour forthe begin and end Summer-time.

To enable SNTP on the router and setup for unicast mode to directlyobtain the time from a specific NTP server implement the followingsteps.

Location:

ConfigurationApplication Set-up

SNTP Set-upSNTP Client

enableMode

unicastPrimary IP Address

IP Address (XXX.XXX.XXX.XXX)Secondary IP Address

IP Address (XXX.XXX.XXX.XXX)Version

3

The time zone and daylight savings time configuration is setup within thedevice setup menu. To configure for Eastern Standard Time (EST) andhave daylight saving time implemented for this year only, implement thefollowing steps:

Location:

ConfigurationAccess Set-up

Device Set-upTime Zone Setup

Hours Offset5

Minutes Offset0

Name

Applications

72

ESTSummer Time Setup

Summer Timeenabled

Summer Time Modedate

Summer Time StartYearMonthDateTime

Summer Time EndYearMonthDateTime

Offset 60

Introduction to Filtering

73

SECTION 3INTRODUCTION

TO FILTERING

The P840 provides programmable filtering which gives you the ability tocontrol under what conditions Ethernet frames are forwarded to remotenetworks. There are many reasons why this might need to beaccomplished, some of which are security, protocol discrimination,bandwidth conservation, and general restrictions.

Filtering may be accomplished by using two different methods. The firstmethod is to filter or forward frames based solely on their source ordestination MAC address. This method of filtering is useful when bridgingbetween LANs and for providing remote access security in any type ofnetwork. The Ethernet MAC (Media Access Control) address is checkedagainst the addresses in the filtering list and the frame is filtered orforwarded accordingly.

The second method of filtering is pattern filtering where each frame ischecked against a filter pattern. The filter pattern may be defined toperform a check of any portion of the Ethernet frame. Separate filterpatterns may be defined for bridged frames, IP routed frames, and IPXrouted frames.

For more information on filtering, please refer to the ProgrammableFiltering section of the P840 reference manual file. The PDF file is locatedon the accompanying CD-ROM.

MAC Address FilteringMAC address filtering is provided by three built-in functions.

The first function is “Filter if Source”; the second is “Filter if Destination.”The third function allows you to change the filter operation from“positive” to “negative.” The positive filter operation causes frames withthe specified MAC addresses to be filtered. The negative filter operationcauses frames with the specified MAC addresses to be forwarded.

You may easily prevent any station on one segment from accessing aspecific resource on the other segment; for this, “positive” filtering and theuse of “Filter if Destination” would be appropriate. If you want to


74

disallow a specific station from accessing any service, “Filter if Source”could be used.

You may easily prevent stations on one segment from accessing all but aspecific resource on the other segment; for this, “negative” filtering and theuse of “Forward if Destination” would be appropriate. If you want todisallow all but one specific station from accessing any service on the othersegment, the use of “Forward if Source” could be used.

Pattern FilteringPattern filtering is provided in three separate sections: Bridge Pattern Filters,IP Router Pattern Filters, and IPX Router Pattern Filters. When the Routeris operating as an IP/IPX Bridge/Router, each of the frames received fromthe local LAN is passed on to the appropriate internal section of the Router.The IPX frames are passed on to the IPX router, the IP frames are passedon to the IP router, and all other frames are passed on to the bridge.Different pattern filters may be defined in each of these sections to providevery extensive pattern filtering on LAN traffic being sent to remote LANs.

Pattern filters are created by defining an offset value and a pattern matchvalue. The offset value determines the starting position for the patternchecking. An offset of 0 indicates that the pattern checking starts at thebeginning of the data frame. An offset of 12 indicates that the patternchecking starts at the 12th octet of the data frame. When a data frame isexamined in its HEX format, an octet is a pair of HEX values with offsetlocation 0 starting at the beginning of the frame. Please refer to Appendix C -Octet Locations on Ethernet Frames for more information on octet locations indata frames.

The pattern match value is defined as a HEX string that is used to matchagainst the data frame. If the HEX data at the appropriate offset location inthe data frame matches the HEX string of the filter pattern, there is apositive filter match. The data frame will be filtered according to the filteroperators being used in the filter pattern.


75

The following operators are used in creating Pattern filters.

- offset Used in pattern filters to determine the starting positionto start the pattern checking.

Example: 12-80 This filter pattern will match ifthe packet information startingat the 12th octet equals the 80of the filter pattern.

| OR Used in combination filters when one or the otherconditions must be met.

Example: 10-20|12-80 This filter pattern will match ifthe packet information startingat the 10th octet equals the 20of the filter pattern or if thepacket information starting atthe 12th octet equals the 80 ofthe filter pattern.

& AND Used in combination filters when one and the otherconditions must be met.

Example: 10-20&12-80 This filter pattern will match ifthe packet information startingat the 10th octet equals the 20of the filter pattern and thepacket information starting atthe 12th octet equals the 80 ofthe filter pattern.

~ NOT Used in pattern filters to indicate that all packets notmatching the defined pattern will be filtered.

Example: ~12-80 This filter pattern will match ifthe packet information startingat the 12th octet does not equalthe 80 of the filter pattern.


76

( ) brackets Used in pattern filters to separate portions of filterpatterns for specific operators.

Example: 12-80&(14-24|14-32) This filter pattern will bechecked in two operations.First the section in brackets willbe checked and then the resultsof the first check will be used inthe second check using the firstportion of the filter pattern. Ifthe packet information startingat the 14th octet equals 24 or32, and the information at the12th octet equals 80, the filterpattern will match.


77

Popular FiltersSome of the more commonly used pattern filters are shown here.

BridgeBridge pattern filters are applied to Ethernet frames that are bridged only.When the Router is operating as a router, all routed frames will beunaffected by the bridge pattern filters.

IP & Related TrafficIP & Related Traffic

Forward only ~(12-0800|12-0806)Filter (12-0800|12-0806)

Novell IPX FramesNovell IPX Frames

EthernetII (12-8137)802.3 RAW (14-FFFF)

802.2 (14-E0E0)802.2 LLC (14-AAAA&20-8137)

NetBIOS &NetBEUI (Microsoft Windows)NetBIOS & NetBEUI (Microsoft Windows)

Filter (14-F0F0)Forward only ~(14-F0F0)

BanyanBanyan

(12-0BAD)(12-80C4)(12-80C5)


78

IP RouterIP router pattern filters are applied to IP Ethernet frames that are beingrouted. When the Router is operating as an IP router, all IP routedframes will be checked against the defined IP router pattern filters. IProuted frames are unaffected by the bridge pattern filters and the IPXrouter pattern filters.

NetBIOS over TCPNetBIOS over TCP

NETBIOS Name Service (22-0089)NETBIOS Datagram Service (22-008A)NETBIOS Session Service (22-008B)

Note: Uses the TCP Destination Port locationOther interesting TCP Ports

Other interesting TCP PortsDecimal Hex Usage

21 15 FTP23 17 Telnet25 19 SMTP69 45 TFTP

109 6D POP2110 6E POP3

79

APPENDIX AMENU TREES

The menu trees on the next few facing pages are a graphicalrepresentation of the hierarchy of the built-in menu system of the P840.The menus are shown with the options of the menus being displayedbelow the specific menu name.

Each of the menu options shown in the menu tree is explained in theaccompanying P840 menu reference files. The PDF files are located onthe accompanying CD-ROM.

Menu names are displayed in boxes. The numbers on the left side of theboxes indicate the menu option from the parent menu that this menucorresponds to. All menu options are listed with numbers indicating theiractual position within the menu system.

Menu Trees

ISDN Set-Up1]

1. Switch Type2. 3. 4. Directory number5. SPID 6.

Dial prefixDirectory number

SPID

21

1

Configuration

Quick Start

1. Terminal2. Show3. Add4. Remove

1. Terminal Set-Up menu2. Device Set-Up menu3. Telnet Set-Up menu4. Load FLASH Set-Up menu5. Console6. Hardware Status7. TFTP access

1. ISDN Set-Up menu2. Device Name3. Security Level4. IP Address5. Default Gateway6. Direct Dial7. Force Disconnect8. Link Stats9. Reset

Access Set-Up1]1]1] 2]2] 3] 4] 5]

1. Password2. Device Name3. Show Time4. Set Time5. Time Zone6. Summer Time

1. Telnet access2. Telnet3. Telnet port4. Show Names5. Add Name6. Remove Name

1. Console (ZMODEM)2. Network (TFTP)

Frame Relay menu options

1. Dump2. Restore

Terminal Set-Up Device Set-Up Telnet Set-Up Load FLASH Set-Up Console

1. IP routing menu2. NAT Advanced menu3. IP enabled4. NAT enabled5. Link IP address6. Peer IP address7. Private Route/Negotiate address8. VJ compression

1. IPX enabled2. Link IPX type3. IPX net4 Local IPX node5. Peer IPX node6. Static routes only7. IPX DMR enabled8. Force RIP update

1. Compression2. Extended sequence

1. Edit Remote Site menu

1. Advanced PPP Set-Up menu

1. Edit IP address entry2. IP address connect3. Show IP address entries4. Remove IP address entry5. Remote site summary

IP Address Connect

WAN Set-Up

Advanced PPP Set-Up

IP Parameters

IPX Parameters

CCP Parameters

1]

7]

ISDN Set-UpISDN Set-Up

Remote Site Set-Up

Link Set-Up

Group Set-Up

PPP Set-Up

2. Remote site summary3. Display learned summary3. Call summary4. Remove remote site5. Manual call6. Force disconnect

1. Physical link type2. Link operation3. Logical ISDN type4. ISDN set-up menu5. Group4. Frame Relay5. Frame Relay set-up menu6. Phantom Power detect7. Link B channel

2. Restart Timer3. Configure Count4. Failure Count5. Terminate Count

1. ACFC2. PFC3. Echo monitoring4. Quality protocol5. Quality interval6. MP encapsulation7. MP sequencing8. MP discriminator9. MP minimum

4]

3]

2]

6]

4]4]

3]

2]

3]

4]

1. Dial prefix2. Phantom power detect3. Force 56k4. Directory number5. SPID

1. Dial prefix2. Phantom power detect3. Force 56k4. Directory number5. SPID

1. Bridge set-up menu2. IP set-up menu3. IPX set-up menu4. QOS set-up

LAN Set-Up2]

Continued onnext page

MAIN

1. Usage limit2. Call limit3. Restart time

1. Activation intervals2. Display schedule3. Display time

2]

3]

1]

1. Connection set-up menu2. Activation menu3. Protocol set-up menu4. Security parameters menu5. Remote site alias6. Connection7. Primary connection8. Secondary connection9. Remote site type

Edit Remote Site1]

1. Bridge parameters menu2. IP parameters menu3. IPX parameters menu4. CCP parameters menu5. CMCP parameters menu6. BACP set-up menu7. Multilink8. QOS Set-Up9. PPPoE

Protocol Set-Up

1. Incoming PAP password2. Incoming CHAP secret3. Outgoing user name4. Outgoing PAP password5. Outgoing CHAP secret

Security Parameters

3]

4]

2. Bridge enabled3. Tinygram4. FCS preservation

Bridge Parameters1]

1. STP parameters menu 1. State2. Path cost3. Priority

1. Callback timer2. Redial timer3. Redial count

STP Parameters1]

1. Routing protocol2. RIP mode3. Triggered RIP4. Auto Default Route5. Link cost

1. Translation type2. Show address pool3. Dynamic IP pool4. Add static entry5. Remove static entry6. TCP mss enabled7. TCP mss value

IP Routing

NAT advanced

1]

2]

3. CMCP enabled4. Bridge traffic5. Disc after last6. Suspension timeout

CMCP Parameters5]

1. IP spoofing menu2. IPX spoofing menu

1. TCP idle2. TCP interval3. TCP retries4. TCP aging

IP Spoofing1]

1. IPX type202. IPX broadcast3. IPX idle4. IPX interval5. IPX retries6. IPX aging

IPX Spoofing2]

1. Default parameters menu2. Security level3. Request security4. CHAP challenges5. Caller ID security

1. Outgoing user name2. Outgoing PAP password3. Outgoing CHAP secret

Security Set-Up Default Parameters5]

Connection Set-Up

2. Primary link 3. Secondary link4. Auto-call

1]

1. Up threshold2. Up stability timer3. Down threshold4. Down stability timer

2]Activation

Threshold

1. Schedule2. Usage set-up3. Threshold set-up4. Inactivity timer5. Recovery timer

1. Advanced settings menu2. ISDN number3. Alternate ISDN #4. Group5. Wildcard6. Call you7. Call me8. Callback

ISDN call Set-UpAdvanced settings

Usage Set-Up

Schedule

1]1]

1. Force 56k2. Hunt Group #3. Add link4. Show Groups

1. Switch type

Menu Tree

BACP Set-Up6]

1. BACP2. Call mode3. Request number

QOS Set-Up8]

1. Queuing Strategy

8. Force disconnect9. Link summary

software release: 05P6.06.xx

1. State2. Path cost3. Priority

Bridge-STP Set-Up1. IP set-up2. LAN-NAT set-up3. IP address4. Routing protcol5. RIP mode6. Route cost

Secondary

LAN IP Set-Up

1. Translation type2. Show address pool3. Dynamic IP pool4. Add static entry5. Remove static entry6. NAT enable

LAN-NAT set-up2]

1]1. Edit Secondary2. Show Secondary Entry3. Remove Secondary Entry 1. Secondary IP

2. Mask Size3. Subnet Mask4. Routing Protocol5. RIP mode6. Private Route7. Route Cost

Secondary IP Set-UpEdit Secondary

1]

1. Ethernet-II frames2. RAW 802.3 frames3. IEEE 802.2 frames4. 802.2 SNAP frames5. Auto Learn6. Help

LAN IPX Set-Up1] 2] 3] 4]

1. Queuing Strategy

LAN QOS Set-Up

1. Auto learning 2. LMI type3. Polling interval4. Enquiry interval5. Error threshold6. Monitored events

4]

Menu Trees

81

Continued fromprevious page

1. Destination2. Status3. Remote site2. Next hop3. Type4. Cost5. Private6. Add/Remove

8. Status7. Network mask

1. IP Routes menu 1. Edit Static Route2. Default Gateway3. Show all Routes4. Show Static Routes5. Clear Static Routes

1. Edit Route 1. Edit Service

2. ARP Set-up menu3. IP routing4. IP forwarding5. ARP proxy

IP Routing Set-Up IP RoutesEdit Static Route

1]1]

1. Status2. Network3. Interface4. Hops5. Ticks

1. Status2. Server Name3. Service Type4. Interface5. Network6. Node7. Socket8. Hops

Edit Route Edit Service1]1]

6]

2. Convert Route3. Show Static Routes4. Clear Static Routes

2. Convert Service3. Show Static Services4. Clear Static Services

1. Static Routes menu2. Static Services menu3. IPX Routing4. IPX Forwarding5. Local Networks6. Show Routes7. Show Services8. Help

IPX Routing Set-UpStatic Routes Static Services

1]2]

7]

1. STP State2. Bridge Priority3. Forwarding Delay4. Message Age Timer5. Hello Time6. Show Bridge7. Show Ports

1. Spanning Tree menu 2. Bridge Forwarding3. Bridge Aging Timer4. Show Bridging Table5. Show Permanent Table6. Clear Bridging Table

Bridging Set-Up Spanning Tree1]5]

7

4

5

6

3

1. Show Alias2. Add Alias3. Remove Alias4. Show Pattern5. Add Pattern6. Remove Pattern7. Help



IP Router PatternFilters

Bridge PatternFilters

IPX Router PatternFilters

MAC Address Filters

2. Filter Operation3. Broadcast Address4. Show Bridging Table5. Show Permanent Table6. Clear Bridging Table

1. Edit MAC Address Filter

1. Status2. Location3. Filter If Source4. Filter If Destination5. Permanent6. Remove

Edit MACAddress Filter

1]

3]2] 4]Filter Set-Up

1. MAC Address Filters2. Bridge Pattern Filters3. IP Router Pattern Filters4. IPX Router Pattern Filters

1]8]

QOS Set-Up

1. Priority Queuing

9]

Priority Queuing

1. Edit List2. Show Priority List3. Remove Priority List4. Show Statistics5. Clear Statistics

1]

Edit Priority List

1. Edit Items2. Show Items3. Remove Items4. Default Priority5. Queue Limit Setup

1]

Queue Limit Setup

1. High2. 3. Normal4. Low

Medium

5]

Edit Item

1. Priority2. Selection3. Protocol Parameter

1]

1]

1]

2] 3]

1. Soft Reset2. Full Reset3. Heartbeat4. WAN trace

1. Trace link2. Real Time3. Capture4. End5. Data display6. Time

Diagnostics

1. Acknowledge alarm2. Show events3. Clear events4. Show security log5. Clear security log6. Show resumption log7. Clear resumption log

Network Events

Help

Logout

1. Extended Statistics2. Interval3. Clear All Statistics

1. Statistics set-up menu 2. Remote site information menu 3. LAN statistics menu 4. Link stats 5. Link summary 6. Interface stats 7. Interface status 8. Clear link & interface stats

Statistics1. Bridged traffic2. IP traffic3. IPX traffic4. Total LAN traffic5. LAN error6. Clear LAN statistics7. Clear LAN errors

Statistics Set-Up

WAN Trace

LAN Statistics

1.Common protocol stats2. PPP statistics3. Status4. Usage information5. Clear remote site stats

Remote SiteInformation

Menu Treesoftware release: 05P6.06.xx

1. ARP aging timer2. ARP retry timer3. Add4. Remove5. Show ARP table

ARP Set-Up2]

1. Designated servers menu2. Edit firewall entry menu

Clear statisticsShow firewall entriesRemove entry

3.Firewall4. Firewall statistics5. 6. 7.

1. LAN firewall setup menu2. WAN firewall setup menu3. Block src IP spoofing

Firewall Set-Up

LAN / WAN Firewall Set-Up

3]

1,2]

1. E-mail (SMTP) server2. POP 2/3 server3. FTP server4. WWW (HTTP) server5. Telnet server6. Local DNS7. Remote DNS8. Secondary local DNS9. Secondary remote DNS

Designated Servers1]

1. Dest IP address2. Destination mask3. Source IP address4. Source mask5. Protocol type6. Source port7. Destination port8. Description9. Entry direction

Edit Firewall Entry2]

NAT Exports Syslog4] 5]

1. Edit Services2. Router port3. Default export4. Show services5. Clear services

1. Syslog2. Syslog IP3. Events4. Security5. Activation6. Firewall

1. Other Services menu2. E-mail 3. POP 2/3 4. FTP5. WWW (HTTP)6. Telnet7. DNS

Edit Services

Other Services

1]

1]

1.Telnet2. TFTP3. SNMP

1.NAT port2. Status3. Host IP address4. Host port5. Description6. Remove

Router Port2]

Application Set-Up4]

1. Server IP pool address menu2.DNS setup menu3. NetBIOS setup menu4. DHCP services5. Relay destination6. ICMP echo verification7. Lease period8. Default Gateways

DHCP Set-Up2]

1. IP address pool2. Show address pool3. Add static address4. Remove static address

Server IP address pool1]

1. Send NetBIOS node type2. Send NetBIOS scope3. Send NetBIOS name srv4. NetBIOS node type5. NetBIOS scope Id6. NetBIOS name server

NetBIOS Setup3]

1. Primary DNS2. Secondary DNS3. Domain name

DNS Set-Up2]

1. SNMP set-up menu2. DHCP set-up menu3. Firewall set-up menu4. NAT exports5. Syslog6. Time to live7. Ping8. SNTP Setup menu 1. Write Access

2. Show Addresses3. Add Address4. Remove Address

Edit Community1]

SNMP Set-Up1. Edit Community menu 2. Message Size3. Show Communities4. Remove Community

1]

1. SNTP Client2Mode3. Primary Server IP Add4. Secondary Server IP Add5. Version6. Status

SNTP8]

Octet Locations on Ethernet Frames

82

APPENDIX BOCTET LOCATIONS

ON ETHERNET FRAMES

This appendix provides octet locations for the various portions of three of thecommon Ethernet frames. When creating pattern filters these diagrams willassist in the correct definition of the patterns. The offset numbers areindicated by the numbers above the frame representations.

Note the differences in the TCP/IP and Novell frames when bridging andwhen routing. When routing, the TCP/IP and Novell frames are examinedafter the Level 2 Ethernet portion of the frame has been stripped from thewhole data frame. This means that the offset numbers now start from 0 at thebeginning of the routed frame and not the bridged frame.

Some of the common Ethernet type codes are also shown here. The Ethernettype codes are located at offset 12 of the bridged Ethernet frame.


83

Octet Locations on aBridged TCP/IP Frame

Octet Locations on aBridged Novell Netware Frame


84

ETHERNET Type CodesType Code Description

0800 DOD IP0801 X.75 Internet0804 Chaosnet0805 X.25 Level 30806 ARP0807 XNS Compatibility6001 DEC MOP Dump/Load6002 DEC MOP Remote Console6003 DEC DECNET Phase IV Route6004 DEC LAT6005 DEC Diagnostic Protocol6006 DEC Customer Protocol6007 DEC LAVC, SCA8035 Reverse ARP803D DEC Ethernet Encryption803F DEC LAN Traffic Monitor809B Appletalk80D5 IBM SNA Service on Ether80F3 AppleTalk AARP (Kinetics)

8137-8138 Novell, Inc.814C SNMP


85

Octet Locations on anIP Routed TCP/IP Frame

Octet Locations on anIPX Routed Novell Netware Frame


86

Octet Locations on aBridged XNS Frame

Servicing Information

87

APPENDIX CSERVICING INFORMATION

Opening of the case is only to be performed byqualified service personnel.

WARNING !Before servicing ensure that appliance coupler is disconnected.

Always disconnect the power cord from the rear panel of therouter.

Geraetesteckvorrichtung trennen vor den Wartung.

Opening the case1) Remove power from the router and remove the other cabling.

2) Turn the router over and place it on a flat, cushioned surface.

3) Remove the two Phillips head screws that fasten the case together.

4) Hold the two halves of the case together and turn the router right sideup.

5) Lift off the top half of the case.


88

Identifying the Internal ComponentsThe major components of concern and the jumper strap positions are shownin the following illustration.

Figure C-1 Top Internal View of the Router Router

Connecting to the ISDN-U Link ModuleThe connection to the central office is made with the RJ45 ISDNconnector on the rear panel. Pins 4 and 5 are used for the connection.These pins are polarity insensitive.


89

To Clear a “Lost” Password1) Remove power from the router.2) Remove the case cover.3) Remove the jumper strap on pins 3-6 of W1.4) Re-attach the power to the router and wait for Power LED to go

green.5) Remove power from the router.6) Re-install the jumper strap on pins 3-6 of W1.7) Install the case cover8) Power up the router.9) Log into the router using the default password “BRIDGE” and

change the password as desired.

Changing the Termination Straps on theISDN Interface

The ISDN ST interface module has two configurable straps that controlwhether the ISDN connector is set to terminated or unterminated.

Straps W3 and W4 are set to the TERM position by default. The TERMposition is used when the router is the only ISDN device connected to theISDN circuit.

Setting W3 and W4 to be open (unterminated) allows this router to be part ofa daisy-chain connection to the ISDN circuit.


90

Connecting to the Console ConnectorThe console connector on the P840 is a DCE interface on a RJ45pinout. The supplied DB9 to RJ45 converter should be used toconnect to the DB9 connector of a DTE terminal. This connectionwill then provide access to the built-in menu system.

If the console interface is to be connected to a modem or other DCEdevice, a standard RS-232 crossover converter should be used.

The following table illustrates the console pinouts.

RJ45 connectoron unit (DCE)

DB9 connector on converter (DCE)

RS-232signal name

2 6 CTS

3 4 DTR

4 5 GND

5 2 RxD

6 3 TxD

7 8 DSR

8 1 CD

Figure C-2 Rear View of the Console Connector

91

APPENDIX DSOFTWARE UPGRADES

Procedures for performing a Console ZMODEM Flash Load toupgrade the operating software of the router:1) Save the current configuration of the router (Main menu: option 6).

2) Execute the Console (ZMODEM) command from the Load FLASHSet-Up menu.

3) Confirmation is required. Enter “yes” to proceed.

4) After the router restarts, the router will be in receive ZMODEM mode.The router will display the following messages on the console port: System startup

Receiving ZMODEM ...**B0100000023be50

5) Start the ZMODEM transfer and send the file “###.all” from theOperational/Boot Code directory on the CD-ROM.

6) Once the ZMODEM transfer is complete, the router will verify the file“###.all” in memory, program and verify the FLASH, clear theconfiguration to default values (except the password), and then reset.After the reset, the router will operate normally using the newlyupgraded software. A byte status message will be displayed on theconsole port during the programming of the FLASH.

On the rare occasion that during the programming of the FLASHsomething happens to the router (power hit or hardware reset), causing theFLASH to become corrupted, the router will restart in ZMODEM receivemode only. If the router does not start in ZMODEM receive mode, referto Appendix D: Servicing Information for recovery procedure.

The ZMODEM Load Flash operation may be aborted by aborting theZMODEM transfer and then entering 5 control-X characters “^X” fromthe console keyboard. After the control-X characters are sent, the routerwill display a limited menu system. Choose the Abort Load option fromthe Load FLASH Set-Up menu. This will cause the router to reset andreturn to normal operations operating from the existing software.

92

If the ZMODEM transfer operation needs to be restarted after it has beencanceled or after loading the first file, simply choose the Console(ZMODEM) option from the Load FLASH Set-Up menu once again.

Considerations:When the router is placed in Console load BOOT mode, theLAN interface and the WAN interface will be disabled. Therouter will only accept information from the consolemanagement port.

The BOOT code of the Router may be upgraded by performing a load ofthe “###.all” file from the Operational/Boot Code directory on the CD-ROM.


93

Procedures for performing a TFTP Flash Load to upgrade theoperating software of the router:

1) Execute the Network (TFTP) command from the Load FLASH Set-Up menu.

2) Enter “none” to connect locally or enter the remote site ID number oralias to connect to a remote site.

3) Start the TFTP application to be used for transfers to the router. TheIP address of the router may be found in the Internet Set-Up menu.).

4) Put the file “###.all” for this router from the Operational/Boot Codedirectory on the CD-ROM to the router. (Any router not in NetworkLoad BOOT mode will respond with an access violation error.)

5) The router will verify the file “###.all” in memory, program and verifythe FLASH, clear the configuration to default values (except: IPAddress, IP Routing state, IP Forwarding state, WAN Environment,Link 1 & 2 State, Password and connection data for the remote site, ifapplicable), and then reset. After the reset, the router will operatenormally using the newly upgraded software.

The router may take up to two (2) minutes to program and verify theFLASH. The console will not respond during this time.

To check on the router’s current state during this process, get the file“status.txt” from the router. This file will report the router’s state: both themode and version if no errors have occurred, or an error message.

On the rare occasion that during the programming of the FLASHsomething happens to the router (power hit or hardware reset), causing theFLASH to become corrupted, the router will restart in ZMODEM receivemode only. If the router does not start in ZMODEM receive mode, referto Appendix D: Servicing Information.

The TFTP Load Flash operation may be aborted by re-connectingto the console of the router and choosing the Abort Load optionfrom the Load FLASH Set-Up menu. This will cause the router to

94

reset and return to normal operations operating from the existingsoftware.

In the following diagram of a cluster of routers, when upgrading thethree Router routers in the diagram, the upgrade order should beRouter C, then Router B, and finally Router A.

A TFTP software load to Router C would be performed as follows:

- Using TFTP, get config.txt from each router and save.

- Telnet to Router C. Enter the ID or alias of Router B in theNetwork (TFTP) option to put Router C in Network Loadmode. When Router C restarts in Network Load mode, theconnection to “Router B” will be re-established only ifautocall is enabled on router B.

The TFTP transfer of the upgrade code may now be performedfrom the PC to Router C. OnceRouter C has completed programming the flash and has restartedin operational mode, the connection to Router B will be re-established only if autocall is enabled on router B.

Once router C is operating with the new software, the PC may beused to reload the config.txt file back to Router C.

Repeat for Router B, then again for Router A. Perform the RouterB upgrade using the ID or alias of Router A. Router A upgradeswould not require a remote site ID as the PC used for TFTPtransfers is located on the same LAN as Router A.


95

Router A

PC used forTFTP transfers

Link 1

Link 2Router B

Router C

Bridge / Router USER AND SYSTEM ADMINISTRATION · PDF fileBasic Frame Relay Configuration 46 Auto Learning the Frame Relay Configuration 47 Basic Leased Line Configuration 50 Bridge

Documents