Avocent Network Router Cyclades PR2000 User Manual

Cyclades-PR2000

Installation Manual

Access Router

Cyclades Corporation

Cyclades-PR2000

Table of Contents

CHAPTER 1 HOW TO USE THIS MANUAL ........................................................................................................ 7

Installation Assumptions .................................................................................................................................... 8

Text Conventions................................................................................................................................................ 8

Icons................................................................................................................................................................... 9

Cyclades Technical Support and Contact Information ..................................................................................... 10

CHAPTER 2 WHAT IS IN THE BOX .................................................................................................................. 12

CHAPTER 3 USING CYROS MENUS ............................................................................................................... 14

Connection Using the Console Cable and a Computer or Terminal ................................................................ 14

Special Keys ................................................................................................................................................. 16

The CyROS Management Utility ...................................................................................................................... 17

CHAPTER 4 STEP-BY-STEP INSTRUCTIONS FOR COMMON APPLICATIONS........................................... 19

Example 1 Connection to an Internet Access Provider via Modem................................................................ 19

Example 2 A LAN-to-LAN Example Using Frame Relay ................................................................................ 27

Example 3 Link Backup................................................................................................................................... 35

CHAPTER 5 CONFIGURATION OF THE ETHERNET INTERFACE ................................................................ 41

The IP Network Protocol .................................................................................................................................. 41

IP Bridge ....................................................................................................................................................... 43

Other Parameters............................................................................................................................................. 44

CHAPTER 6 THE SWAN AND ASYNC INTERFACES ...................................................................................... 45

CHAPTER 7 NETWORK PROTOCOLS............................................................................................................. 48

Table of Contents

Cyclades-PR2000

The IP Protocol................................................................................................................................................. 49

The Transparent Bridge Protocol ..................................................................................................................... 51

CHAPTER 8 DATA-LINK PROTOCOLS (ENCAPSULATION) ........................................................................... 52

PPP (The Point-to-Point Protocol) ................................................................................................................... 52

CHAR ............................................................................................................................................................... 54

PPPCHAR ........................................................................................................................................................ 55

HDLC................................................................................................................................................................ 55

Frame Relay..................................................................................................................................................... 55

X.25 .................................................................................................................................................................. 60

X.25 with PAD (Packet Assembler/Disassembler)........................................................................................... 63

CHAPTER 9 ROUTING PROTOCOLS .............................................................................................................. 64

Routing Strategies............................................................................................................................................ 64

Static Routing ............................................................................................................................................... 64

Dynamic Routing .......................................................................................................................................... 64

Static Routes .................................................................................................................................................... 65

RIP Configuration ............................................................................................................................................. 68

OSPF................................................................................................................................................................ 69

OSPF Configuration on the Interface ........................................................................................................... 70

OSPF Global Configurations ........................................................................................................................ 72

BGP-4 Configuration ........................................................................................................................................ 76

CHAPTER 10 CYROS, THE OPERATING SYSTEM......................................................................................... 87

Creation of the host table ................................................................................................................................. 87

Table of Contents

Cyclades-PR2000

Creation of user accounts and passwords....................................................................................................... 87

IP Accounting ................................................................................................................................................... 89

CHAPTER 11 NAT (NETWORK ADDRESS TRANSLATION) .......................................................................... 90

Types of Address Translation ....................................................................................................................... 92

CHAPTER 12 RULES AND FILTERS ................................................................................................................ 96

Configuration of IP Filters................................................................................................................................. 96

Traffic Rule Lists............................................................................................................................................. 105

CHAPTER 13 IPX (INTERNETWORK PACKET EXCHANGE) .......................................................................111

Enabling IPX................................................................................................................................................... 112

Configuring the Ethernet Interface ................................................................................................................. 112

Configuring Other Interfaces .......................................................................................................................... 112

PPP..............................................................................................................................................................112

Frame Relay ................................................................................................................................................113

X.25 .............................................................................................................................................................113

Routing ........................................................................................................................................................... 113

The SAP (Service Advertisement Protocol) Table ......................................................................................... 114

CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATION ................................................................. 115

APPENDIX A TROUBLESHOOTING ............................................................................................................... 120

What to Do if the Login Screen Does Not Appear When Using a Console. .................................................. 120

What to Do if the Router Does Not Work or Stops Working. ......................................................................... 121

Testing the Ethernet Interface ........................................................................................................................ 122

Table of Contents

Cyclades-PR2000

Testing the WAN Interfaces............................................................................................................................ 123

APPENDIX B HARDWARE SPECIFICATIONS ............................................................................................... 126

General Specifications ................................................................................................................................... 126

External Interfaces ......................................................................................................................................... 127

The WAN Interfaces ................................................................................................................................... 127

The LAN Interface ...................................................................................................................................... 127

The Asynchronous Interface ...................................................................................................................... 128

The Console Interface ................................................................................................................................ 128

Cables ............................................................................................................................................................ 129

The Straight-Through Cable....................................................................................................................... 129

DB-25 - M.34 Adaptor................................................................................................................................. 130

The ASY/Modem Cable.............................................................................................................................. 131

The Cross Cable......................................................................................................................................... 131

DB-25 Loopback Connector ....................................................................................................................... 133

APPENDIX C CONFIGURATION WITHOUT A CONSOLE ............................................................................. 134

Requirements ................................................................................................................................................. 134

Procedure....................................................................................................................................................... 134

INDEX ................................................................................................................................................................ 135

Table of Contents

Cyclades-PR2000

CHAPTER 1 HOW TO USE THIS MANUAL

Three Cyclades manuals are related to the PR2000.

1 The Quick Installation Manual -- provided with the router,

2 The Installation Manual -- available electronically on the Cyclades web site,

3 The CyROS Reference Guide -- also available electronically on the Cyclades web site.

CyROS stands for the Cyclades Routing Operating System. It is the operating system for all Cyclades Power

Routers (PR1000, PR2000, PR3000, and PR4000). The CyROS Reference Guide contains complete information

about the features and configuration of all products in the PR line.

CyROS is constantly evolving, and the menus in this manual might be slightly different from the menus in the

router. The latest version of all three manuals (and the latest version of CyROS) can be downloaded from Cyclades’

web site. All manuals indicate on the second page the manual version and the corresponding version of CyROS.

This manual should be read in the order written, with exceptions given in the text.

Chapter 2 - What is in the Box - explains how the router should be connected.

Chapter 3 -Using Menus - describes CyROS menu navigation.

Chapter 4 -Step-by-Step Instructions for Common Applications - guide to configuration with detailed examples.

Chapters 5 to 9- Basic router configuration information for applications that do not fit any of the examples in

chapter 4.

Chapter 10 - CyROS - shows how to set router specific parameters and create lists of hosts and users.

Chapter 11 - Network Address Translation - describes CyROS’ NAT implementation.

Chapter 1 - How To Use This Manual

Cyclades-PR2000

Chapter 12 - Filters and Rules - demonstrates how to protect your router from undesired traffic.

Chapter 13 - IPX - presents the hidden menus available only in routers with IPX activated.

Chapter 14 - Virtual Private Network - describes CyROS’ VPN implementation.

Appendix A - Troubleshooting - provides solutions and tests for typical problems.

Appendix B - Hardware Specifications.

Appendix C - Configuration Without a Console.

Installation Assumptions

This Installation Manual assumes that the reader understands networking basics and is familiar with the terms and

concepts used in Local Area and Wide Area Networking.

Text Conventions

Common text conventions are used. A summary is presented below:

Chapter 1 - How To Use This Manual

Cyclades-PR2000

Convention

Description

CONFIG=>INTERFACE=>L A combination of menu items, with the last being either a menu item, a

parameter, or a command. In this example, L lists the interface configuration.

A variable menu item that depends on hardware options or a choice of

hardware or software options.

IP Address

Screen Text

A parameter or menu item referenced in text, without path prepended.

Screen Text

Simbols representing special keyboard keys.

Icons

Icons are used to draw attention to important text.

Icon

Meaning

Why

What is Wrong?

When an error is common, text with this icon will mention the symptoms and

how to resolve the problem.

Where Can I Find

CyROS contains many features, and sometimes related material must be

More Information? broken up into digestible pieces. Text with this icon will indicate the relevant

section.

Caution!

Not following instructions can result in damage to the hardware. Text with

this icon will warn when damage is possible.

Reminder.

Certain instructions must be followed in order. Text with this icon will explain

the proper steps.

Chapter 1 - How To Use This Manual

Cyclades-PR2000

Cyclades Technical Support and Contact Information

All Cyclades products include limited free technical support, software upgrades and manual updates.

These updates and the latest product information are available at:

http://www.cyclades.com

ftp://ftp.cyclades.com/pub/cyclades

Before contacting us for technical support on a configuration problem, please collect the information

listed below.

• The Cyclades product name and model.

• Applicable hardware and software options and versions.

• Information about the environment (network, carrier, etc).

• The product configuration. Print out a copy of the listing obtained by selecting INFO=>SHOW

CONFIGURATION=>ALL.

• A detailed description of the problem.

• The exact error or log messages printed by the router or by any other system.

• The Installation Guide for your product.

• Contact information in case we need to contact you at a later time.

In the United States and Canada, contact technical support by phone or e-mail:

Phone: (510) 770-9727 (9:00AM to 5:00PM PST)

Fax: (510) 770-0355

E-mail: [email protected]

Outside North America, please contact us through e-mail or contact your local Cyclades distributor or representative.

Chapter 1 - How to Use This Manual

Cyclades-PR2000

The mailing address and general phone numbers for Cyclades Corporation are:

Cyclades Corporation

Phone: + 01 (510) 770-9727

Fax: + 01 (510) 770-0355

41829 Albrae Street

Fremont, CA 94538

USA

Chapter 1 - How to Use This Manual

Cyclades-PR2000

CHAPTER 2 WHAT IS IN THE BOX

The Cyclades-PR2000 is accompanied by the following accessories:

Back Panel of PR2000

WAN 1

WAN 2

Cyclades - PR2000

DB-25

Male

Console Cable

Labeled “Conf”

Power Cable

To COM Port

of Computer

Cable

Labeled

“Paralelo”

Cable

Labeled

“Paralelo”

DB-25

Male

To Wall Outlet

DB-9

V.35

Adaptor

RS-232 Modem

with DB-25

Interface

V.35 DSU/CSU

with M.34

Interface

Gender Changer

Cyclades-PR2000

Quick Installation Manual

CD-Rom Containing

Documentation

Mounting Kit

FIGURE 2.1 CYCLADES-PR2000 AND CABLES

Chapter 2 - What is in the Box

Cyclades-PR2000

•

Quick Installation Manual

Installation Manual & Reference Guide (on CD)

Two straight-through cables

•

Console Cable

Mounting Kit

Power Source & Cable

Gender Changer

Two V.35 Adapters

Figure 2.1 shows which cables are used for each type of modem and how everything should be connected.

The pinout diagrams of these cables are provided in Appendix B of the Installation Manual. The RJ-45 to DB-

25 adapter cable, which must be purchased separately, is shown in Figure 2.2.

Back Panel of PR2000

Plug

Power

Asynch.

Console

Ethernet

WAN 1

WAN 2

Cyclades - PR2000

RJ-45 Male

RJ-45 TO DB-25

Adapter

DB-25 Male

RS-232 Modem

with DB-25

Interface

FIGURE 2.2 HOW TO CONNECT THE RJ-45 TO DB-25 ADAPTER CABLE

Chapter 2 - What is in the Box

Cyclades-PR2000

Chapter 3 Using CyROS Menus

This chapter explains CyROS menu navigation and special keys. There are four ways to interact with CyROS:

• Traditional menu interface using a console or Telnet session,

• CyROS Management Utility based on interactive HTML pages,

• SNMP (explained in the CyROS Reference Manual).

Connection Using the Console Cable and a Computer or Terminal

The first step is to connect a computer or terminal to the router using the console cable. If using a computer,

HyperTerminal can be used in the Windows operating system or Kermit in the Unix operating system. The

terminal parameters should be set as follows:

• Serial Speed: 9600 bps

• Data Length: 8 bits

• Parity: None

• Stop Bits: 1 stop bit

• Flow Control: Hardware flow control or none

[PR2000] login : super

[PR2000] Password : ****

Cyclades Router (Router Name) – Main Menu

1 – Config

4 – Debug

2 – Applications 3 – Logout

5 – Info 6 – Admin

Select Option ==>

FIGURE 3.1 LOGIN PROMPT AND MAIN MENU

Chapter 3 - Using CyROS Menus

Cyclades-PR2000

Once the console connection is correctly established, a Cyclades banner and login prompt should appear on

the terminal screen. If nothing appears, see the first section of the troubleshooting appendix for help. The

second step is to log in. The preset super-user user ID is “super” and the corresponding preset password is

“surt”. The password should be changed as soon as possible, as described in chapter 10 of the installation

manual and at the end of every example in chapter 4. The login prompts and main menu are shown in Figure

3.1.

All menus have the following elements:

• Title – In the example in Figure 3.1: “Main Menu”.

• Prompt – The text: “Select Option ==>”.

• Options –The menu options, which are selected by number.

• Router Name – The default is the name of the product. Each router can be renamed by the super user for

easier identification.

Menus can also be navigated using a short-cut method. This method must be activated first by choosing a

shortcut character (“+” in the example that follows) in the CONFIG =>SYSTEM =>ROUTER DESCRIPTION

menu. Typing 4+1+1 at the main-menu prompt, for example, is equivalent to choosing option 4 in the main

menu (Debug), then choosing option 1 in the debug menu (Trace), then choosing option 1 in the trace menu

(Driver Trace). In addition to menus, some screens have questions with letter choices. In the line below,

several elements may be identified:

lmi-type((A)NSI, (G)roup of four, (N)one )[ANSI]:

• Parameter description – The name of the parameter to be configured, in this case “lmi-type”.

• Options – Legal choices. The letter in parentheses is the letter that selects the corresponding option.

• Current value – The option in square brackets is the current value.

Pressing <Enter> without typing a new value leaves the item unchanged.

Chapter 3 - Using CyROS Menus

Cyclades-PR2000

Special Keys

These keys are used to end the input of a value.

These keys are used to cancel a selection or return to the previous menu. In

some isolated cases, this key jumps to the next menu in a series of menus at the

same level.

<Backspace> or <Ctrl+H

These keys have the expected effect of erasing previously typed characters.

When available, this option displays the current configuration. For example, in

the Ethernet Interface Menu, “L” displays the Ethernet configuration.

This key combination displays the same information as the L option, above, but

works like a toggle switch to allow display of one page of information at a time or

display the entire configuration without page breaks.

<Ctrl+L

<Ctrl+C

This key combination disables any traces activated in the Debug Menu.

On leaving a menu where a change in configuration was made, CyROS will ask whether or not the change is to

be saved:

(D)iscard, save to (F)lash, or save to (R)un configuration:

Selecting Discard will undo all changes made since the last time the question was asked. Saving to Flash

memory makes all changes permanent. The changes are immediately effective and are saved to the

configuration vector in flash memory. In this case, the configuration is maintained even after a router reboot.

Saving only to the Run configuration makes all changes effective immediately, but nothing is saved

permanently until explicitly saved to flash (which can be done with the option ADMIN =>WRITE

CONFIGURATION=>TO FLASH).

The menus and parameter lists are represented in this manual by tables. The first column contains the menu

item or the parameter, and the second column contains its description.

This menu interface is also available via Telnet if one of the interfaces has been connected and configured.

The menu interface is the same as that described earlier in this section. Using Telnet instead of a console for

the initial Ethernet configuration is discussed in Appendix C of the Installation Manual.

Chapter 3 - Using CyROS Menus

Cyclades-PR2000

The CyROS Management Utility

After one of the interfaces has been connected and configured, there is another way to interact with CyROS.

Type the IP address in the location field in an HTML browser of a PC connected locally or remotely through the

configured interface. A super-user ID and password will be requested (these are the same ID and password

used with the line-terminal interface). A clickable image of the router back panel will apear, as shown in Figure

3.2.

Cyros Management Utility

Firmware version: Cyclades-PR2000: CyROS V_2.0.0

Plug

Asynch.

Console

Ethernet

Power

WAN 1

WAN 2

Cyclades - PR2000

Configuration Menu Interface (Text Mode)

End HTTP session

FIGURE 3.2 CYROS MANAGEMENT UTILITY HOME PAGE

Chapter 3 - Using CyROS Menus

Cyclades-PR2000

The link Configuration Menu Interface will present an HTML version of the CyROS Main Menu, described

previously. Clicking on an interface will show its current status and some additional information. Clicking on

End HTTP Session will terminate the connection.

Chapter 3 - Using CyROS Menus

Cyclades-PR2000

CHAPTER 4 STEP-BY-STEP INSTRUCTIONS FOR COMMON APPLICATIONS

This chapter provides detailed examples that can be used as models for similar applications. Turn to the

example that is closest to your application, read the explanations, and fill in the blank spaces with parameters

appropriate to your system. At the end of the section, you should have listed all the parameters needed to

configure the router. At that point, read chapter 3 if you have not already, and configure your router with help

from later chapters of the Installation Manual, when needed.

Example 1 Connection to an Internet Access Provider via Modem

This section will guide you through a complete router installation for the connection of a LAN to an Internet

access provider via PPP. The configuration of NAT (Network Address Translation) will also be shown. Figure

4.1 shows the example system used in this section. Spaces have been provided next to the parameters

needed for the configuration where you can fill in the parameters for your system. Do this now before

continuing.

RS-232 Modem

_ _ _ _ _ _ _

Network IP:

192.168.0.0

Speed: 38.4k

_ _ _ _ _ _ _

Host

Network Mask:

255.255.255.0

_ _ _ _ _ _ _ _

PR2000

ETH0

192.168.0.30

_ _ _ _ _ _ _

Host

SWAN

192.168.0.11

192.168.0.10 _ _ _ _ _ _ _

192.168.0.1 _ _ _ _ _ _ _

FIGURE 4.1 CONNECTION TO ACCESS PROVIDER USING A SWAN INTERFACE AND A MODEM

Please read the entire example and follow the instructions before turning the router on. The router is

programmed to log the super user off after 10 minutes of inactivity. All data not explicitly saved to memory

is then lost. Collecting the data

configuring the router will likely cause delays and frustration.

while

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

STEP ONE

The first step is to determine the parameters needed to configure the Ethernet interface (ETH0). The

parameters in the Network Protocol Menu (IP) are shown in Figure 4.2. Fill in the blanks for your application in

the right-most column. These parameters will be entered into the router later, after all parameters have been

chosen. Each parameter in this menu is explained in more detail in chapter 5 of the Installation Manual.

CONFIG=>INTERFACE=>ETHERNET=>NETWORK PROTOCOL=>IP

Parameter

Example

Your Application

Active or Inactive

Active enables IP communication (IPX

and Transparent Bridge are not used in

this example).

Interface Numbered

/Unnumbered

Primary IP Address

Subnet Mask

Secondary IP

Address

Numbered

192.168.0.1

255.255.255.0

0.0.0.0 for none.

IP MTU

Use the preset value, 1500. This

determines whether or not a given IP

datagram is fragmented.

NAT

Local

ICMP Port

Incoming Rule List

Inactive

None, filters are not included in this

example.

Outgoing Rule List

Name

Proxy ARP

IP Bridge

None, filters are not included in this

example.

Inactive

FIGURE 4.2 ETHERNET NETWORK PROTOCOL MENU PARAMETERS

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

STEP TWO

No more parameters are necessary for the Ethernet interface. The other interface to be configured is the

SWAN. The SWAN physical media parameters are shown in Figure 4.3. Fill in the values for your application.

The SWAN configuration is described in more detail in chapter 6 of the Installation Manual.

CONFIG=>INTERFACE=>SWAN=>PHYSICAL

Parameter

Mode

Speed

Example

Asynchronous

38.4k

Your Application

FIGURE 4.3 SWAN PHYSICAL MENU PARAMETERS

STEP THREE

The network protocol parameters, shown in Figure 4.4, are similar to those for the Ethernet interface. Fill in the

parameters for your network in the right-most column.

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

CONFIG=>INTERFACE=>SWAN=>NETWORK PROTOCOL=>IP

Parameter

Active or Inactive

Example

Your Application

Active enables IP communication (IPX and

Transparent Bridge are not used in this

example).

Interface Unnumbered/

Numbered

Primary IP Address

0.0.0.0 (This number will be assigned by the

Access Provider dynamically.)

255.0.0.0

Subnet Mask

Secondary IP Address

IP MTU

0.0.0.0 for none

Use the preset value, 1500. This determines

whether or not a given IP datagram is

fragmented.

NAT

because the IP address of

Global Assigned

the SWAN interface will be assigned

dynamically.

Enable Dynamic Local IP Yes, because the IP address of the SWAN

Address interface will be assigned dynamically.

Remote IP Address Type Any

Remote IP Address

ICMP Port

0.0.0.0

Inactive

Incoming Rule List Name None, filters are not included in this example.

Outgoing Rule List Name None, filters are not included in this example.

Routing of Broadcast

Messages

Inactive

FIGURE 4.4 SWAN NETWORK PROTOCOL (IP) MENU PARAMETERS

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

STEP FOUR

The Encapsulation parameters for PPP are less straight-forward. Many of them are based on decisions that

cannot be shown in a diagram. Fortunately, the choices made here will mostly effect the performance of the

link, rather than whether it works or not. Fill in the parameters appropriate for your system, consulting chapter

8 of the Installation Manual for more information if necessary.

CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION=>PPP

Parameter

MLPPP

Example

Your Application

PPP Inactivity

Timeout

None so that the connection is never

broken.

Enable Van Jacobson No

IP Header

Compression

Disable LCP Echo

Requests

Edit ACCM

No Value. This will depend on the

modem used.

Time Interval to Send Use the preset value, one.

Config Requests

Enable Predictor

Compression

Connection Type

Dial-Out

FIGURE 4.5 PPP ENCAPSULATION MENU PARAMETERS

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

STEP FIVE

A static route must be added to tell the router that all traffic not intended for the local LAN should be sent to the

Access Provider. Chapter 9 of the Installation Manual explains static routes and other routing methods

available in CyROS. Fill in the spaces in Figure 4.6 with the values for your application.

CONFIG=>STATIC ROUTES=>IP=>ADD ROUTE

Parameter

Example

Your Application

Destination IP Address

Gateway or Interface

Type in the word "DEFAULT".

, because the IP addresses

Interface

are not known at configuration time.

Interface

Slot 1 (SWAN) in the example.

Is This a Backup Route?

OSPF Advertises This

Static Route

FIGURE 4.6 STATIC ROUTE MENU PARAMETERS

STEP SIX

NAT must now be activated. There are two varieties of NAT: Normal and Expanded. This example uses the

Normal NAT Mode. The other mode is explained in the chapter on NAT in the Installation Manual.

Menu CONFIG =>SECURITY =>NAT =>GENERAL

Parameter

Nat Status

Nat Mode

Disable Port Translation

Example

Enabled

Normal

Your Application

FIGURE 4.7 NAT GENERAL PARAMETERS

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

STEP SEVEN

NAT parameters will now be determined for routing outside of the local LAN. Network Address Translation

maps the local IP addresses, registered in the local address range menu below, to the one global IP address

assigned by the access provider. Local IP addresses not indicated in this menu will be discarded.

Menu CONFIG =>SECURITY =>NAT =>LOCAL ADDRESS =>ADD RANGE

Parameter

Example

Your Application

First IP Address

Last IP Address

192.168.0.10

192.168.0.30

FIGURE 4.8 NAT LOCAL ADDRESS RANGE MENU PARAMETERS

The factory preset values for all other NAT parameters are appropriate for this example.

STEP EIGHT

Now that the parameters have been defined, enter into each menu described above, in the order presented

(read chapter 3, Using Menus, if you have not done so already). Set the parameters in each menu according

to the values you wrote in the figures above. Save the configuration to flash memory at each step when

requested — configurations saved in run memory are erased when the router is turned off. If you saved part of

the configuration to run memory for some reason, save to flash memory now using the menu option ADMIN

=>WRITE CONFIGURATION =>TO FLASH.

STEP NINE

The Ethernet interface can be tested as described in the troubleshooting appendix. The SWAN interface can

be tested in a similar manner. At this point, you should create a backup of the configuration file (in binary) and

print out a listing of the configuration.

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

Instructions for creating a backup of the configuration file.

Use the menu option ADMIN =>WRITE CONFIGURATION =>TO FTP SERVER. Fill in the IP address of the

computer where the configuration file should be saved, the file name, the directory name, and the user account

information. This configuration file can later be downloaded with the ADMIN =>LOAD CONFIGURATION

=>FTP SERVER option.

Instructions for listing the configuration.

The menu option INFO =>SHOW CONFIGURATION =>ALL will list to the terminal screen the configuration of

the router. This can be saved in a text file and/or printed on a printer.

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

Example 2 A LAN-to-LAN Example Using Frame Relay

This section will guide you through a complete router installation for the connection of two LANs via Frame

Relay. Figure 4.9 shows the example system used in this section. Spaces have been provided next to the

parameters needed for the configuration where you can fill in the parameters for your system. Do this now

before continuing.

Network IP: 100.130.130.0

Central Office's

LAN

Network IP: 15.0.0.0

_ _ _ _ _ _ _

Mask :255.255.255.0

_ _ _ _ _ _ _ _

Mask: 255.255.255.0

_ _ _ _ _ _ _ _

Remote Site’s

LAN

PR2000

ETH0

PR2000

200.240.230.2

_ _ _ _ _ _ _ _

SWAN

100.130.130.1

_ _ _ _ _ _ _ _

_ _ _ 128 Kbps

Connection

Public

200.240.230.1

_ _ _ _ _ _ _ _

Frame Relay

Network

V.35 DSU/CSU

_ _ _ _ _ _ _ _

Network IP: 200.240.230.0 _ _ _ _ _ _ _ _

Mask :255.255.255.240 _ _ _ _ _ _ _ _

FIGURE 4.9 CENTRAL OFFICE AND REMOTE SITE CONNECTED USING SWAN INTERFACES

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

STEP ONE

The first step is to determine the parameters needed to configure the Ethernet interface (ETH0). The

parameters in the Network Protocol Menu (IP) are shown in Figure 4.10. Fill in the blanks for your application in

the right-most column. These parameters will be entered into the router later, after all parameters have been

chosen. Each parameter in this menu is explained in more detail in chapter 5 of the Installation Manual.

CONFIG=>INTERFACE=>ETHERNET=>NETWORK PROTOCOL=>IP

Parameter

Example

Your Application

Active or Inactive

Active enables IP communication (IPX and

Transparent Bridge are not used in this

example).

Interface Unnumbered

Primary IP Address

Subnet Mask

Numbered

100.130.130.1

255.255.255.0

Secondary IP Address

IP MTU

0.0.0.0 for none.

Use the preset value, 1500. This determines

whether or not a given IP datagram is

fragmented.

NAT

Global, because NAT is not being used in this

example.

ICMP Port

Inactive

Incoming Rule List

None, filters are not included in this example.

Outgoing Rule List Name None, filters are not included in this example.

Proxy ARP

IP Bridge

Inactive

FIGURE 4.10 ETHERNET NETWORK PROTOCOL MENU PARAMETERS

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

STEP TWO

No more parameters are necessary for the Ethernet interface. The other interface to be configured is the

SWAN in slot 1. The SWAN physical media parameters are shown in Figure 4.11. Fill in the values for your

application. The SWAN configuration is described in more detail in chapter 6 of the Installation Manual.

CONFIG=>INTERFACE=>SWAN=>PHYSICAL

Parameter

Mode

Example

Synchronous.

Your Application

Clock Source

When the interface is connected to a

DSU/CSU, the Clock Source is External.

V.35 in the example because the DSU/CSU

is V.35. The type of cable is detected by the

router, so if the correct cable is connected to

the DSU/CSU the router will choose this

value as the default.

Media for SWAN Cable

FIGURE 4.11 SWAN PHYSICAL MENU PARAMETERS

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

STEP THREE

The network protocol parameters, shown in Figure 4.12, are similar to those for the Ethernet interface. Fill in

the parameters for your network in the right-most column.

CONFIG=>INTERFACE=>SWAN=>NETWORK PROTOCOL=>IP

Parameter

Example

Your Application

Active or Inactive

Active enables IP communication (IPX and

Transparent Bridge are not used in this

example).

Interface Unnumbered/

Numbered

Primary IP Address

Subnet Mask

200.240.230.2

255.255.255.240 is the mask in the

example.

Secondary IP Address

IP MTU

0.0.0.0 for none.

Use the preset value, 1500. This

determines whether or not a given IP

datagram is fragmented.

Global, because NAT is not being used in

this example.

NAT

ICMP Port

Inactive

Incoming Rule List

None, filters are not included in this

example.

Outgoing Rule List Name None, filters are not included in this

example.

Routing of Broadcast

Messages

Inactive

FIGURE 4.12 SWAN NETWORK PROTOCOL (IP) MENU PARAMETERS

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

STEP FOUR

The Encapsulation parameters for Frame Relay are less straight-forward. Many of them are based on

decisions that cannot be shown in a diagram. Fortunately, the choices made here will mostly effect the

performance of the link, rather than whether it works or not. Fill in the parameters appropriate for your system,

consulting chapter 8 of the Installation Manual for more information if necessary.

CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION=>FRAME RELAY

Parameter

Example

Your Application

SNAP IP

Inactive for the example. The router on the

sending end must be using the same header

type (NLPID or SNAP) as the router on the

receiving end.

LMI

ANSI for the example. This must also be

the same as the router on the receiving end.

Ten seconds, the interval between the LMI

Status Enquiry messages.

T391

N391

N392

N393

CIR

Six.

Three.

Four. This value must be larger than N392.

90 percent. 100 minus this number is the

percentage of total bandwidth that may be

discarded if the network is congested.

Inactive. Traffic control will not be covered

in this example

Bandwidth Reservation

FIGURE 4.13 FRAME RELAY ENCAPSULATION MENU PARAMETERS

At the end of the parameter list shown above, the DLCI menu appears. Choosing Add DLCI will lead to the

parameters shown in Figure 4.14. The <ESC> key used at any time during the Frame Relay encapsulation

parameter list will also bring up the DLCI menu. A DLCI entry must be created for every remote Frame Relay

network to be contacted. In the example, only one is shown.

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

CONFIG=>INTERFACE=>SWAN=>ENCAPSULATION=>FRAME RELAY=><ESC>=>ADD DLCI

Parameter

DLCI Number

Example

Your Application

Sixteen. This number is supplied by the

Public Frame Relay network provider.

Frame Relay Address Map

which maps one IP address to this

Static,

DLCI.

IP Address

200.240.230.1

Enable Predictor

Compression

Yes, if Cyclades routers are used on both

ends of the link and Predictor Compression

is enabled on both routers. This feature is

effective only for links running at speeds

under 2 Mbps.

Number of Bits for

Compression

Sixteen when both routers are of the PR

line. Ten must be used if the other router is

a PathRouter.

FIGURE 4.14 DLC CONFIGURATION MENU PARAMETERS

STEP FIVE

Now that the central office’s LAN has been defined, a route must be added to tell the router that the remote

site’s LAN is at the other end of the line. Creating a static route is the simplest way to do this. Chapter 9 of the

Installation Manual explains static routes and other routing methods available in CyROS. Fill in the spaces in

Figure 4.15 with the values for your application.

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

CONFIG=>STATIC ROUTES=>IP=>ADD ROUTE

Parameter

Example

Your Application

Destination IP Address

Subnet Mask

Gateway or Interface

Gateway IP Address

Metric

15.0.0.0

255.255.255.0

gateway

200.240.230.1

One -- number of routers between router

being configured and the destination IP

address.

Is This a Backup Route?

OSPF Advertises This

Static Route

FIGURE 4.15 STATIC ROUTE MENU PARAMETERS

STEP SIX

Now that the parameters have been defined, enter into each menu described above, in the order presented

(read chapter 3, Using Menus, if you have not done so already). Set the parameters in each menu according

to the values you wrote in the figures above. Save the configuration to flash memory at each step when

requested — configurations saved in run memory are erased when the router is turned off. If you saved part of

the configuration to run memory for some reason, save to flash memory now using the menu option ADMIN

=>WRITE CONFIGURATION =>TO FLASH. Be sure to change the superuser password using the menu

option CONFIG =>SECURITY => USERS =>MODIFY. The user ID, super, can remain the same, but the

password must be changed to avoid unauthorized access.

STEP SEVEN

The Ethernet interface can be tested as described in the troubleshooting appendix. The SWAN interface can

be tested in a similar manner. At this point, you should create a backup of the configuration file (in binary) and

print out a listing of the configuration.

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

Instructions for creating a backup of the configuration file.

Use the menu option ADMIN =>WRITE CONFIGURATION =>TO FTP SERVER. Fill in the IP address of the

computer where the configuration file should be saved, the file name, the directory name, and the user account

information. This configuration file can later be downloaded with the ADMIN =>LOAD CONFIGURATION

=>FTP SERVER option.

Instructions for listing the configuration.

The menu option INFO =>SHOW CONFIGURATION =>ALL will list to the terminal screen the configuration of

the router. This can be saved in a text file and/or printed on a printer.

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

Example 3 Link Backup

This example shows the configuration of a backup link, with a swan connection to a public Frame Relay

Network providing the primary link and a SWAN with a PPP connection providing the secondary link. Figure

4.16 shows the networks used in this example. It is assumed that the routers are already connected to LANs

and that the SWAN interfaces have already been configured and are working. The use of a SWAN to connect

to a Frame Relay network is described in example 2 and a connection using PPP is shown in example 1.

Please read the entire example and follow the instructions before turning the router on. The router is

programmed to log the super user off after 10 minutes of inactivity. All data not explicitly saved to

memory is then lost. Collecting the data while configuring the router will likely cause delays and

frustration.

Network Address:

200.206.206.40

_ _ _ _ _ _ _ _ _

Modem or

DSU/CSU

PR2000

SWAN 1

Frame Relay

Network

SWAN 2

IP Address:

100.200.200.1

_ _ _ _ _ _ _ _

PR2000

Modem or

DSU/CSU

IP Address:

100.200.200.2

_ _ _ _ _ _ _ _

Primary Link

Bandwidth: 64 kbps _ _ _ _ _

Modem or

DSU/CSU

PPP

Modem or

DSU/CSU

Secondary (Backup) Link

Bandwidth: 64 kbps _ _ _ _ _

FIGURE 4.16 PRIMARY AND SECONDARY (BACKUP) LINKS BETWEEN TWO LANS

Spaces have been provided next to the parameters needed for the configuration for you to fill in the parameters

for your system. Do this now before continuing.

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

STEP ONE

The bandwidth used by CyROS for multilink circuit calculations is that given in the traffic control menu, rather

than the actual physical bandwidth available. If this bandwidth value is not set, the preset value (zero) will be

used and the multilink circuit will not function. The bandwidth for both links (SWAN 1 and SWAN 2 in the

example) should also have been set when the interface was configured. If not, the multilink circuit will not work.

Since the bandwidth was probably not set when the link was configured, you should make sure the value is the

desired one.

CONFIG=>INTERFACE=>SWAN 1=>TRAFFIC CONTROL=>GENERAL

Parameter

Bandwidth (bps)

IP Traffic Control List

Example

64000

None

Your Application

CONFIG=>INTERFACE=>SWAN 2=>TRAFFIC CONTROL=>GENERAL

Parameter

Bandwidth (bps)

IP Traffic Control List

Example

64000

None

Your Application

FIGURE 4.17 TRAFFIC CONTROL PARAMETERS

STEP TWO

Now, the primary link (Slot 1) and the secondary link (Slot 3) must be registered as a multilink circuit. First, a

multilink circuit is created and assigned an identifier. This is done in the CONFIG =>MULTILINK menu. Then,

the two links are added to the multilink circuit. The parameters used in the example for the two interfaces in

this multilink circuit are shown in Figures 4.18 and 4.19.

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

CONFIG=>MULTILINK=>MULTILINK CIRCUIT NUMBER=>ADD/MODIFY INTERFACE

Parameter

Slot N

Example

SWAN 1

Main

Your Application

Type of Interface

Time to Activate

Backup After This

Link Goes Down

Time to Deactivate

Backup After This

Link Returns

FIGURE 4.18 ADDITION OF THE PRIMARY (MAIN) LINK

CONFIG=>MULTILINK=>MULTILINK CIRCUIT NUMBER=>ADD/MODIFY INTERFACE

Parameter

Example

Your Application

Slot N

SWAN 2

Type of Interface

Time to Activate

Backup After This

Link Goes Down

Time to Deactivate

Backup After This

Link Goes Up

Cost

Backup

Zero, since this link IS the backup. (A

backup can itself have a backup, but

this is not done in this example.)

, since this link

the backup.

Zero

One. Indicates the relative priority of

this backup link, which is unnecessary

since this example has only one.

FIGURE 4.19 ADDITION OF THE SECONDARY (BACKUP) LINK

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

STEP THREE

Up to this point, the configuration can be used either for link back up or for load back up. This example shows

link back up, but parameters applicable to load back up will be mentioned when they appear. Complete

information on the multilink circuit concept is provided in chapter 4 of the CyROS Reference Guide.

CONFIG=>MULTILINK=>MULTILINK CIRCUIT NUMBER=>CIRCUIT ATTRIBUTES

Parameter

Example

Your Application

Criterion for Traffic

Distribution

For load

This parameter has no effect for link backup.

backup,

distribution is performed randomly, and the

Optimal

packet is forwarded to the interface with the lesser load.

Address Based distribution is used when the receiver cannot

reorder packets, and all packets to a certain IP address must

be sent through the same interface. This distribution method is

not recommended unless absolutely necessary.

Bandwidth Upper

Limit

Zero for link backup. For load backup, this defines when load

backup should activate the backup link. It is measured as a

percentage of the bandwidth defined in step four.

Time to Activate

Time until

This parameter does not appear for link backup.

Backup if Above Limit backup is activated after main link bandwidth exceeds limit

defined in last parameter.

For load

This parameter has no effect for link backup.

Bandwidth Lower

Limit

backup, this defines when load backup should deactivate the

backup link. It is measured as a percentage of the bandwidth

defined in step four.

Time to Deactivate

Time until

This parameter does not appear for link backup.

Backup if Below Limit backup is deactivated after main link bandwidth exceeds limit

defined in last parameter.

FIGURE 4.20 MULTILINK CIRCUIT ATTRIBUTES

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

STEP FOUR

Now, a static backup route must be created for the secondary link. It is assumed that a route of some sort

(static, RIP, etc.) already exists for the primary link. The static route parameters for the example secondary link

are shown in Figure 4.21. Fill in the parameters for your system.

CONFIG=>STATIC ROUTES=>IP=>ADD ROUTE

Parameter

Example

Your Application

Destination IP Address

Subnet Mask

200.206.206.0

255.255.255.0

Gateway or Interface

Gateway IP Address

Metric

Gateway

100.200.200.2

Is This a Backup Route?

OSPF Advertises This

Static Route

Yes

No, OSPF not used in this example.

If using OSPF, see chapter 12 of the

Installation Manual for guidance.

FIGURE 4.21 STATIC BACKUP ROUTE PARAMETERS

STEP FIVE

Now that the parameters have been defined, enter into each menu described above, in the order presented

(read chapter 3, Using Menus, if you have not done so already). Set the parameters in each menu according

to the values you wrote in the figures above. Save the configuration to flash memory at each step when

requested — configurations saved in run memory are erased when the router is turned off. If you saved part of

the configuration to run memory for some reason, save to flash memory now using the menu option ADMIN

=>WRITE CONFIGURATION =>TO FLASH. Be sure to change the superuser password using the menu

option CONFIG =>SECURITY => USERS =>MODIFY. The user ID, super, can remain the same, but the

password must be changed to avoid unauthorized access.

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

STEP SIX

The multilink circuit can be tested by temporarily deactivating the interface on the primary link. This is done in

the ADMIN=> START/STOP INTERFACE menu by selecting the SWAN interface. If there is traffic, the backup

link should then take over, and the menu item INFO =>SHOW ROUTING TABLE will show that the backup link

is working. (To create traffic, try pinging a host in the destination network.) At this point, you should create a

backup of the configuration file (in binary) and print out a listing of the configuration.

Instructions for creating a backup of the configuration file:

Use the menu option ADMIN =>WRITE CONFIGURATION =>TO FTP SERVER. Fill in the IP address of the

computer where the configuration file should be saved, the file name, the directory name, and the user account

information. This configuration file can later be downloaded with the ADMIN =>LOAD CONFIGURATION

=>FTP SERVER option.

Instructions for listing the configuration:

The menu option INFO =>SHOW CONFIGURATION =>ALL will list to the terminal screen the configuration of

the router. This can be saved in a text file and/or printed on a printer.

Chapter 4 - Step-by-Step Instructions

Cyclades-PR2000

CHAPTER 5 CONFIGURATION OF THE ETHERNET INTERFACE

The PR2000 has one Ethernet 10Base-T interface, provided in a standard RJ-45 modular jack, which should be

connected to an Ethernet hub or switch. Use a standard 10Base-T straight-through cable (not included). When

the Ethernet link is correctly connected, the link LED will be lit. The menus for the Ethernet Interface are independent

of the speed of the link.

If your network uses 10Base2 (thin coaxial cable) or 10Base5 (thick coaxial cable), you will need a transceiver to

convert between the different Ethernet media. A crossover cable is required for direct connection to a computer

(an RJ-45 Ethernet pinout is provided in appendix B). Note: While Cyclades Power Routers work with most

standard RJ-45 cable/connectors, shielded Ethernet cables should be used to avoid interference with other

equipment .

The parameters in the encapsulation menu are preset at the factory and it is usually not necessary to change

them. The first step in the Ethernet configuration is to choose which network protocol to use and assign values to

the relevant parameters. Either IP, Transparent Bridge, or IPX (optional) must be activated. In this chapter, IP

Bridges are also described. Use the information provided below to set the parameters for the Ethernet interface.

The IP Network Protocol

Some parameters are explained in detail in later chapters. At this point, the preset values provided by the

operating system can be accepted and the interface will work at a basic level.

Network Protocol Menu CONFIG =>INTERFACE =>ETHERNET =>NETWORK PROTOCOL =>IP

Parameter

Description

Active or Inactive

Activates this interface.

Interface

Unnumbered interfaces are used for point-to-point connections.

Unnumbered

Assign IP From

Interface

Applies to Unnumbered interfaces. Applies the IP address of another router interface

to this one.

Primary IP Address

Subnet Mask

This table is continued.

Applies to Numbered interfaces. Address assigned to this interface.

Applies to Numbered interfaces. Subnet mask of the network.

Chapter 5 - Configuration of the Ethernet Interface

Cyclades-PR2000

Network Protocol Menu (Continued)

Parameter

Secondary IP

Address

Description

Applies to Numbered interfaces. Indicates a second (or third, etc. up to eight) IP

address that can be used to refer to this interface. This parameter and the next are

repeated until no value is entered.

Subnet Mask

IP MTU

Applies to

interfaces. Subnet mask of

Secondary IP Address

Numbered

Assigns the size of the Maximum Transmission Unit for the interface. This determines

whether or not a given IP datagram is fragmented.

NAT

Determines the type of IP address if NAT is being used. Use

otherwise. See

Global

chapter 11 or the examples in chapter 2 for details on how to configure NAT.

causes the router to send ICMP Port Unreachable messages when it receives

ICMP Port

Active

UDP or TCP messages for ports that are not recognized. This type of message is

used by some traceroute applications, and if disabled, the router might not be identified

in the traceroute output. However, there are security and performance reasons to

leave this option

Inactive

Incoming Rule List

Filter rule list for incoming packets. See chapter 12 for instructions on how this

parameter should be set.

Detailed Incoming IP Applies when a list is selected in the previous parameter. See explanation of IP

Accounting

Accounting in chapter 10. IP Accounting for a rule requires that the parameter

CONFIG =>RULES LIST=>IP=>CONFIGURE RULES=>ADD RULE=>ALLOW

ACCOUNT PROCESS also be Yes.

Outgoing Rule List

Name

Filter rule list for outgoing packets. See chapter 12 for instructions on how this

parameter should be set.

Detailed Outgoing IP Applies when a list is selected in the previous parameter. See explanation of Detailed

Accounting

Incoming IP Accounting.

Routing of Broadcast Activating this parameter causes the router to route broadcast messages from the LAN

Messages

to the WAN and vice-versa. An individual interface can be excluded by setting this

parameter to Inactive, without effecting the broadcast of messages on the other

interfaces.

Proxy ARP

Causes the router to answer ARP requests with its own MAC address for IP addresses

reachable on another interface.

Chapter 5 - Configuration of the Ethernet Interface

Cyclades-PR2000

IP Bridge

An IP Bridge is used to divide a network without subnetting. Whenever a subnetwork is created, two IP numbers

are lost — one describing the network and the other reserved for broadcast. This does not occur with an IP

Bridge.

200.240.240.9

200.240.240.3

200.240.240.2

200.240.240.1

ETH0

PR2000

Link 1

PR3000

ETH0

200.240.240.8

200.240.240.4

FIGURE 5.1 IP BRIDGE EXAMPLE

In Figure 5.1, an example of the use of an IP Bridge is given. From the available IP addresses, the range

200.240.240.4 to 200.240.240.8 is bridged to another physical location. The following parameters apply only for

IP Bridge.

Chapter 5 - Configuration of the Ethernet Interface

Cyclades-PR2000

Network Protocol Menu (Continued) -- (IP Bridge)

Parameter

Description

IP Bridge

Activates the IP Bridge functionality.

The following parameters apply only if IP Bridge is Active.

Initial IP Address to

be Bridged

Indicates the start of the range of IP addresses to be transferred to another physical

location. This and the next three parameters are repeated in case the bridge is to be

broken up into various sections. Up to 8 sections can be defined. In the example, this

value is 200.240.240.4.

Ending IP Address to Indicates the end of the range of IP addresses to be transferred to another physical

be Bridged

location. In the example, this value is 200.240.240.8.

Broadcast Over the

Link

Allows propagation of broadcast IP packets over this bridge.

Bridge Over Link

Indicates which link forms the other half of the bridge. In the example, link 1 is used.

Other Parameters

Transparent Bridge is covered in chapter 7 and IPX is covered in chapter 13. The parameters defined in the

Routing Protocol and Traffic Control Menus should be set after reading chapters 9 and 12, respectively. It is

probably best to complete the basic configuration of all router interfaces, then return to the routing protocol and

traffic control menus after general routing and traffic control strategies have been defined.

Chapter 5 - Configuration of the Ethernet Interface

Cyclades-PR2000

CHAPTER 6 THE SWAN AND ASYNC INTERFACES

This chapter describes how to configure a SWAN interface. The physical link should be set up as shown in

chapter 2, according to the type of modem or device at the other end of the connection and the type of SWAN

port. The async interface, provided on an RJ-45 connector, is the same as the SWAN interface except that the

synchronous option does not appear in the CONFIG =>INTERFACE =>SWAN =>PHYSICAL menu and the

only encapsulation option is PPP.

STEP ONE

The first step in the SWAN interface configuration is to define its physical characteristics. These parameters

are presented in the Physical Menu Table.

Physical Menu CONFIG=>INTERFACE=>SWAN=>PHYSICAL

Parameter

Description

Mode

Asynchronous or Synchronous. This parameter is determined by the mode of the

device at the other end of the connection.

Clock Source

Receive Clock

Applies for

. Whether this interface provides clock for the device at

Synchronous Mode

the other end of the cable or vice-versa. When the interface is connected to a modem,

the Clock Source is always External.

Applies for

. When this interface provides clock, it can either

Internal Clock Source

compare incoming messages with the clock it is generating (Internal) or with the clock

it receives from the sender along with the message (External). External is

recommended.

Speed

Applies for Internal Clock Source. Determines at which speed the data will be sent

across the line.

Media for SWAN

Cable

Type of cable -- RS-232, V.35 or X.21. Usually the type is cable is detected by the

router.

Chapter 6 - The SWAN and Async Interfaces

Cyclades-PR2000

STEP TWO

The second step is to choose a data-link protocol in the Encapsulation Menu. There are many encapsulation

options on this interface.

For synchronous communication:

• Frame Relay: the Frame Relay Protocol is based on frame switching and constructs a permanent virtual

circuit (PVC) between two or more points.

• X.25: The X.25 Protocol is generally used to connect to a public network. The router can act either as a

DTE or a DCE.

• HDLC: A proprietary alternative to PPP.

For synchronous or asynchronous communication:

• PPP: The PPP (Point-to-Point) protocol is used for leased and dial-up lines. Multilink PPP is also

provided.

Information on how to determine the values of the parameters for each data-link protocol is provided in chapter

STEP THREE

The third step is to set the Network Protocol parameters. Information for this step is provided in chapter 7.

Chapter 6 - The SWAN and Async Interfaces

Cyclades-PR2000

STEP FOUR

If PPP Encapsulation is being used, a type of authentication should be chosen. This is done in the

authentication menu.

Authentication Menu CONFIG=>INTERFACE=>SWAN=>AUTHENTICATION

Parameter

Description

Authentication Type

Local uses the list of users defined in CONFIG=> SECURITY=>USERS=>ADD.

uses either Radius or Tacacs to authenticate the user.

Server

is when this interface is considered to be the user and the

end of the

other

Remote

connection performs the authentication

Username

Password

Applies when Authentication Type is Remote. The username the remote device

expects to receive.

Applies when Authentication Type is Remote. The password the remote device

expects to receive.

Authentication Server Applies when

is . Indicates that either a Radius or Tacacs

Authentication Type Server

server is used for validation. The location and other parameters of the server must be

configured in CONFIG=> SECURITY. See section 4.3 of the CyROS Reference

Guide.

Authentication

Protocol

Applies when Authentication Type is Local or Server. Either PAP or CHAP or both can

be used for authentication.

STEP FIVE

The parameters defined in the Routing Protocol and Traffic Control Menus should be set after reading chapters

9 and 12, respectively. It is probably best to complete the basic configuration of all router interfaces, then

return to the routing protocol and traffic control menus after general routing and traffic control strategies have

been defined.

Chapter 6 - The SWAN and Async Interfaces

Cyclades-PR2000

CHAPTER 7 NETWORK PROTOCOLS

The second step in most interface configurations is to choose which network protocol to use and assign values

to the relevant parameters. At least one of IP, Transparent Bridge, or IPX (optional, and discussed in chapter

13) must be activated. Use the information provided below to set the parameters for each interface. The

Ethernet network protocol menu includes IP bridging and is explained in chapter 5. The SWAN Network

Protocol Menu is given in figure 7.1. Note that this menu varies slightly for each interface. Specific information

on the options for each interface is provided in the CyROS Reference Guide in the chapter for the interface.

Config

Interface

SWAN

Network Protocol

Active

Interface Unnumbered/Numbered

Assign IP from Interface

Primary IP address

Subnet Mask

Secondary IP Address

Subnet Mask

IP MTU

NAT

ICMP Port

Incoming Rule List Name

Detailed Incoming IP Accounting

Outgoing Rule List Name

Detailed Outgoing IP Accounting

Routing of Broadcast Messages

Transparent

Bridge

Status

Port Priority

Incoming Rule List Name

Outgoing Rule List Name

FIGURE 7.1 NETWORK PROTOCOL MENU TREE FOR THE SWAN INTERFACE

Chapter 7 Network Protocols

Cyclades-PR2000

The IP Protocol

If the preset values provided by the operating system are accepted, the interface will work at a basic level. The

most common options are explained in the following table.

Network Protocol (IP) Menu CONFIG=>INTERFACE=><LINK>=>NETWORK PROTOCOL=>IP

Parameter

Description

Active or Inactive

Interface Unnumbered

Activates this interface.

Unnumbered interfaces can be used for point-to-point connections.

Assign IP From Interface Applies to Unnumbered interfaces. Applies the IP address of another router

interface to this one.

Primary IP Address

Subnet Mask

Secondary IP Address

Applies to Numbered interfaces. Address assigned to this interface.

Applies to Numbered interfaces. Subnet mask of the network.

Applies to Numbered interfaces. Indicates a second (or third, etc. up to eight) IP

address that can be used to refer to this interface. This parameter and the next are

repeated until no value is entered.

Subnet Mask

Applies to

interfaces. Subnet mask of

Secondary IP Address

Numbered

Enable Dynamic Local IP The terminal connected through PAD assigns an IP address to the router for

Address purposes of their connection.

Remote IP Address Type The computer connected through PAD or PPP sends its IP address in the

negotiation package.

: The IP address sent must match the number set in the next parameter.

Fixed

: The IP address sent must be an address in the network set in the next

Same Net

parameter.

Any: The IP address can be any number that does not conflict with any local IP

address.

: Any IP address is accepted. This is not recommended.

None

Remote IP Address.

not

. Used in conjunction with the previous

None

Remote IP Address Type

parameter.

this table is continued

Chapter 7 Network Protocols

Cyclades-PR2000

Network Protocol (IP) Menu (Continued)

Parameter

Description

IP MTU

Assigns the size of the Maximum Transmission Unit for the interface. This

determines whether or not a given IP datagram is fragmented.

Determines the type of IP address if NAT is being used. Use Global otherwise.

See chapter 13 or the examples in chapter 4 for details on how to configure NAT.

Active causes the router to send ICMP Port Unreachable messages when it

receives UDP or TCP messages for ports that are not recognized. This type of

message is used by some traceroute applications, and if disabled, the router might

not be identified in the traceroute output. However, there are security and

performance reasons to leave this option Inactive.

NAT

ICMP Port

Incoming Rule List

Filter rule list for incoming packets. See chapter 14 for instructions on how this

parameter should be set.

Detailed Incoming IP

Accounting

Applies when a list is selected in the previous parameter. See explanation of IP

Accounting later in this chapter. IP Accounting for a rule requires that the

parameter CONFIG =>RULES LIST=>IP=>CONFIGURE RULES=>ADD RULE

=>ALLOW ACCOUNT PROCESS also be Yes.

Outgoing Rule List Name Filter rule list for outgoing packets. See chapter 14 for instructions on how this

parameter should be set.

Detailed Outgoing IP

Accounting

Applies when a list is selected in the previous parameter. See explanation of

Detailed Incoming IP Accounting

Routing of Broadcast

Messages

Activating this parameter causes the router to route broadcast messages from the

LAN to the WAN and vice-versa. An individual interface can be excluded by setting

this parameter to

interfaces.

, without effecting the broadcast of messages on the other

Inactive

Chapter 7 Network Protocols

Cyclades-PR2000

The Transparent Bridge Protocol

The Transparent Bridge Protocol can be used in conjunction with either IP or IPX. A detailed explanation of its

use appears in section 4.6 of the CyROS Reference Guide.

Transparent Bridge Menu CONFIG=>INTERFACE=>SWAN=>NETWORK PROTOCOL=>TRANSPARENT

BRIDGE

Parameter

Status

Description

Activates the Transparent Bridge on this interface.

Port Priority

For the Spanning Tree Algorithm, a priority is given to each link in the router and to

each router in the network. See CONFIG=>TRANSPARENT BRIDGE

=>SPANNING TREE in the CyROS Reference Guide for more information.

Incoming Rule List Name Transparent Bridge rule list name for incoming packets. Note: Rule lists for

Transparent Bridge and IP are created separately. See section 4.7 in the CyROS

Reference Guide for instructions on how this rule list is created.

Outgoing Rule List Name Filter rule list name for outgoing packets. See section 4.7 in the CyROS Reference

Guide for instructions on how this rule list is created.

Chapter 7 Network Protocols

Cyclades-PR2000

CHAPTER 8 DATA-LINK PROTOCOLS (ENCAPSULATION)

Each encapsulation option is presented in a separate section in this chapter. Not all data-link protocols are

available for all interfaces.

PPP (The Point-to-Point Protocol)

PPP is the only encapsulation option than can be either synchronous or asynchronous. It is important to choose

between them in CONFIG =>INTERFACE =><LINK> =>PHYSICAL before entering the Encapsulation menu.

The menu options depend on this choice. (Note: not all interfaces support both the synchronous and asynchronous

modes. In this case, there is no physical menu.)

The configuration of the PPP data-link protocol is confined to one menu, CONFIG =>INTERFACE =><LINK>

=>ENCAPSULATION =>PPP. Information about all the parameters appearing in this menu is provided in the

table below. Not all parameters will appear for all interfaces.

PPP Menu CONFIG =>INTERFACE =><LINK> =>ENCAPSULATION =>PPP

Parameter

Description

MLPPP

Enables Multilink PPP on this interface. MLPPP is described in the CyROS

Reference Guide for each interface that supports it.

Applies for MLPPP = Yes. Type of line used on this link.

Leased, Dial-in, etc.

Identification for This Bundle Applies for MLPPP = Yes and Dial-out or Leased. An integer value.

Total Number of lines for

This Bundle

Applies for MLPPP = Yes. Maximum number of links allowed in the bundle.

PPP Inactivity Timeout

Applies to asynchronous connections only. The connection is closed when data

does not pass through the line for this period of time.

Enable Van Jacobson IP

Header Compression

Allows the link to receive compressed packets. This type of compression is

useful for low-speed links and/or small packets. It is not recommended for fast

links, as it requires CPU time.

Transmit Compressed

Packets

Applies when

is . This

Enable Van Jacobson IP Header Compression Yes

parameter causes the link to send compressed packets.

Chapter 8 - Data-Link Protocols (Encapsulation)

Cyclades-PR2000

PPP Menu (Continued)

Parameter

Description

Disable LCP Echo

Requests

LCP (Link Control Protocol) messages are normally exchanged to monitor the status of

the link. Disabling these messages reduces traffic, but the link then has no way of

knowing if the other end is still connected.

Time Interval to Send Config Request messages are used to negotiate the parameters at the start of a PPP

Config Requests

connection. For a slow line, this time should be increased to allow the reply to return

to the sender. If not, the sender will assume it was lost and send another.

Applies to asynchronous connections only. Permits control character mapping

negotiation on asynchronous links. This is useful when you need to send a control

character as data (e.g. XON/XOFF, Crtl A, etc.) over an asynchronous link and do not

want it interpreted by the modem or other device in the middle. The map is built up

with the following commands.

Edit ACCM

– Resets the ACCM table toggle;

Clear

Toggle XON/XOFF – Add XON/XOFF control characters to the ACCM table;

Toggle Char – Add other control characters to the ACCM table, using their ASCII

value.

Typing the option once (for example, X), includes it in the table. Typing it again

excludes it from the table. More details are given in the CyROS Reference Guide.

Enables data compression using the Predictor algorithm. This feature should be

enabled only if Cyclades' equipment is being used on both ends of the connection

because there is no established standard for data compression interoperability. Data

compression is very CPU-intensive, making this feature effective only for links running

at speeds under 1Mbps. At higher speeds, the time necessary to compress data

offsets the gains in throughput achieved by data compression.

Enable Predictor

Compression

Number of Bits for

Compression

Applies when Predictor Compression Enabled. Sixteen is fastest, but 10 must be used

if the router on the other end is a PathRouter, for compatibility.

Connection Type

Applies to asynchronous connections only. NT-Serial Cable is a direct connection to a

Windows NT computer. This is necessary because NT requires a negotiation before

the beginning of the PPP negotiation. Direct is used for other connections using

cables or leased lines.

Chapter 8 - Data-Link Protocols (Encapsulation)

Cyclades-PR2000

CHAR

The configuration of the CHAR data-link protocol is confined to one menu, CONFIG =>INTERFACE =><LINK>

=>ENCAPSULATION =>CHAR. Information about all the parameters appearing in this menu is provided in the

table below. Not all parameters will appear for all interfaces.

CHAR Encapsulation Menu CONFIG=>INTERFACE =><LINK>=>ENCAPSULATION =>CHAR

Parameter

Description

Device Type

Determines whether a Terminal, Printer, or Socket device will be connected to this

port.

TCP Keep Alive Timer

Terminal Type

Switch Session

Character Code

Escape Session

Character Code

Username

The delay between Keep Alive messages sent by TCP.

For a

is generally used. For a

is generally used.

terminal ANSI

printer dumblp

Applies for Terminal Device. Control character used to switch sessions. 1 is Ctrl-A,

2 is Ctrl-B, etc. The value 254 disables this option.

Applies for Terminal Device. Control character used while in a telnet session, to

return to the router menu without closing the session.

Applies for a Terminal Device. Must be entered into the local user table first. See

chapter 16. If this parameter is left blank, the user will have to enter a username

Wait for or Start a

Connection

Applies for

is used when the remote application will start the

Socket Device Wait

communication. When Start is used, a connection is attempted as soon as the line

is considered operational.

Destination Hostname

Applies for Socket Device. The remote hostname to which the socket will be

connected, if the previous parameter was start. This name must have been defined

in the host table. See chapter 16.

Filter Null Char after CR Applies for Socket Device. Interprets a CR NULL sequence, received on a TCP

Char connection, as CR (only).

Idle Timeout in Minutes Applies for

. The connection is broken if no traffic passes in this time.

Socket Device

DTR ON Only if Socket Applies for Socket Device. If False, the Data Terminal Ready line is switched on

Connection Established when the router is booted.

Device Attached to This Applies for Socket Device. Yes if the device attached to the socket will echo the

Port Will Send ECHO

chacters sent to it.

Chapter 8 - Data-Link Protocols (Encapsulation)

Cyclades-PR2000

PPPCHAR

The configuration of the PPPCHAR protocol is contained in the menu CONFIG =>INTERFACE =><LINK>

=>ENCAPSULATION =>PPPCHAR. The parameters for PPPCHAR are a combination of those for PPP and

CHAR. See the tables describing the PPP and CHAR options for guidance in configuring this protocol.

HDLC

This data-link protocol is a proprietary alternative to PPP. It has only one parameter, the HDLC Keepalive Interval.

This is the time interval between transmission of Keepalive messages. The receiver of these messages must

send keepalive messages with the same frequency or will be considered inoperative.

Frame Relay

FR supports multiple connections over a single link. Each data link connection (DLC) has a unique DLCI (data

link connection identifier). This allows multiple logical connections to be multiplexed over a single channel.

These are called Permanent Virtual Circuits (PVCs). The DLCI has only local significance and each end of the

logical connection assigns its own DLCI from the available local numbers.

Traffic Control based on Data Link Connection

Traffic Control as described in chapter 12 can also be performed on a Frame Relay interface for each permanent

virtual connection. The parameters in the Add DLCI menu are used in the same manner as those described in

chapter 12. More details are available in the CyROS Reference Guide.

STEP ONE

The first step is to set the general Frame Relay parameters, those applying to all DLCs. This is done in the Frame

Relay Menu. The parameters are shown in the table below. Most of these depend on the standards used by the

Frame Relay Network Provider.

Chapter 8 - Data-Link Protocols (Encapsulation)

Cyclades-PR2000

The Local Management Interface (LMI) Protocol provides services not available in simple Frame Relay. It is used

for controlling the connection between the user and the network. It monitors this link, maintains the list of DLCs,

and sends status messages about the PVCs. A separate virtual circuit is created to pass this information (DLCI

0).

Frame Relay Menu CONFIG=>INTERFACE=><LINK>=>ENCAPSULATION =>FRAME RELAY

Parameter

Description

SNAP IP

Indicates that the Sub-Network Access Protocol should be used. The router on the sending

end must be using the same header type (NLPID or SNAP) as the router on the receiving end.

See the CyROS Reference Guide for more information.

LMI

Selects the Local Management Interface specification to be used.

ANSI Group of Four

(defined by the vendors that first implemented Frame Relay), Q933a (defined by ITU-T), and

None (used for a dedicated FR connection without a network).

T391

N391

Interval between the LMI Status Enquiry messages.

Full Status Polling Counter. Full Status Enquiry messages are sent every N391-th LMI Status

Enquiry message.

N392

Error Threshold. The network counts how many events occur within a given period and

considers an interface inactive when the number of events exceeds a threshold. N393 is the

number of events to be considered and N392 the number of errors within this period. If N392

of the last N393 events are errors, the interface is deemed inactive. A successful event is the

receipt of a valid Status Enquiry message

N393

CIR

Monitored Events Count. See the description of N392. This value must be larger than N392.

Committed Information Rate, in percentage of total bandwidth (bandwidth defined in

CONFIG=>INTERFACE=>SWAN =>TRAFFIC CONTROL =>GENERAL =>BANDWIDTH).

Traffic above this rate may be discarded if the network is congested.

Bandwidth

Enables traffic control per DLCI. Traffic control options appear in the Add DLCI Menu.

Reservation

Chapter 8 - Data-Link Protocols (Encapsulation)

Cyclades-PR2000

STEP TWO

After configuring the general parameters, each DLC must be defined. An example will be used to demonstrate the

procedure.

A public Frame Relay network connecting offices in São Paulo, Rio de Janeiro, Salvador, and Recife is shown in Figure

11.1. Each router will have a routing table pairing destination network with router interface and gateway. A Frame

Relay Address Map is also created (either statically or dynamically) to associate each DLCI with the destination

router IP.

For the router in Salvador, the Frame Relay address map will look like this:

DLCI

200.1.1.1

200.1.1.4

200.1.1.3

Data link connections are defined in the Add DLCI menu, which appears at the end of the Frame Relay parameter

list. It can be reached by passing through all parameters or by using the <ESC> key at any point in the parameter

list.

Chapter 8 - Data-Link Protocols (Encapsulation)

Cyclades-PR2000

São Paulo

Network: 192.168.200.0

Rio de Janeiro

Network: 192.168.201.0

Router

200.1.1.1

200.1.1.4

200.1.1.2

200.1.1.3

Router

Salvador

Network: 192.168.203.0

Recife

Network: 192.168.202.0

FIGURE 8.1 PERMANENT VIRTUAL CIRCUITS BETWEEN OFFICES

Chapter 8 - Data-Link Protocols (Encapsulation)

Cyclades-PR2000

Add DLCI Menu CONFIG=>INTERFACE =><LINK> =>ENCAPS =>FRAME RELAY =><ESC> =>ADD DLCI

Parameter

Description

DLCI Number

Used to identify the DLC. This number is supplied by the Public Frame Relay network

provider. The DLCIs are stored in a table which can be seen with the command.

Frame Relay Address Determines the method used for mapping the remote IP address to the Permanent

Map

Virtual Circuit. Static maps one IP address to this DLCI. Inverse ARP maps the IP

address dynamically, in a manner similar to the ARP table.

IP Address

Applies when Frame Relay Address Map is Static. Provides the IP address to be used

for static address mapping.

Enable Predictor

Compression

Enables data compression using the Predictor algorithm. This feature should be

enabled only if Cyclades' equipment is being used on both ends of the connection

because there is no established standard for data compression interoperability. Data

compression is very CPU-intensive, making this feature effective only for links running

at speeds under 1Mbps. At higher speeds, the time necessary to compress data

offsets the gains in throughput achieved by data compression.

Number of Bits for

Compression

Applies when

Sixteen is fastest, but 10 must be

Predictor Compression Enabled.

used if the router on the other end is a PathRouter, for compatibility.

DLCI Priority Level

This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD

RULE=>FLOW PRIORITY LEVEL. See the section on traffic control in chapter 16.

Reserved Bandwidth This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD

RULE=>RESERVED BANDWIDTH. Defines what percentage of the total bandwidth

on an interface will be set aside for this DLC. See the section on traffic control in

chapter 16.

Bandwidth Priority

Level

This is the equivalent of CONFIG=>RULES LIST=>IP =>CONFIGURE RULES=>ADD

RULE=>BANDWIDTH PRIORITY LEVEL. See the section on traffic control in chapter

16.

To edit the DLCI table, use the list command (CONFIG=>INTERFACE=><LINK>=>ENCAPSULATION

=>FRAME RELAY=>L) to discover the number CyROS has assigned to each table entry. It will not be the

same as the DLCI.

Chapter 8 - Data-Link Protocols (Encapsulation)

Cyclades-PR2000

Modem or

DSU/CSU

Router / DTE

Switch / DCE

X.25

FIGURE 8.2 PUBLIC X.25 NETWORK EXAMPLE

X.25

A Cyclades Router can act either as a DTE (Data-terminal Equipment) connected to a public X.25 network or as

a DTE or DCE (Data circuit-terminating Equipment) as part of a private X.25 network. The first case is discussed

in this chapter. The second case is described in the CyROS Reference Guide. Both Permanent Virtual Circuits

(PVCs) and Switched Virtual Circuits (SVCs) can be defined. A PVC requires that two DTEs be permanently

connected.

STEP ONE

First, the general X.25 protocol parameters are set in the X.25 Menu. A detailed description of the X.25 parameters

and their values for the example is provided in the table below.

Chapter 8 - Data-Link Protocols (Encapsulation)

Cyclades-PR2000

X.25 Menu CONFIG=>INTERFACE=><LINK>=>ENCAPSULATION =>X.25

Parameter

Description

X.121 (Local DTE) Address Address assigned to this interface (provided by the public X.25 Network

Provider). Can be up to 15 digits.

Switch Mode Active

Causes the Router to act as a switch.

Applies when Switch Mode is Active.

Incoming Calls Received

Over the Other X.25 Links

With Unknown Destination

DTE Can be Forwarded

Through This Link

Suppress Calling Address

This parameter must be chosen according to the

Public X.25 Network:

guidelines given by the Public X.25 Network provider. When activated, the

sender's Local DTE address is not included in the Call Request Message.

Time until connection is automatically terminated by the router if there is no

traffic.

Inactivity Timeout

Configure as DTE or DCE As mentioned above, the router can act either as the recipient of information

), or as the passer-on of information ( ). Both

(

DTE

routers are DTEs.

DCE Public X.25 Network:

Number of Virtual Circuits

Indicates the maximum number of virtual circuits (total of PVCs and SVCs)

allowed on this interface. The maximum is 64.

Number of Permanent

Virtual Circuits

Indicates the number of permanent virtual circuits that will be connected through

this interface. This maximum is also 64.

Layer 3 Window Size

The layer 3 (packet) level window represents the number of sequentially

numbered packets that can be sent before an acknowledgement must be

received. This number may be negotiated if the Window Size Facility is utilized

(see last parameter in this table).

Layer 2 Window Size

this table continued

The layer 2 (frame) level window represents the number of sequentially

numbered frames that can be sent before an acknowledgement must be

received. The frame numbers are independent of the packet numbers.

Chapter 8 - Data-Link Protocols (Encapsulation)

Cyclades-PR2000

X.25 Menu (Continued)

Parameter

Description

Packet Size

The packet size to be sent across the interface. This number may be negotiated

if the Packet Size Facility is utilized (see last parameter in this table).

Number of times an information frame can be resent, without response, before

the link is considered down.

Number of Retries N2

Time the frame level waits for an acknowledgement for a given frame before re-

sending it.

Time that can elapse, after receiving a frame, until the router must send an

acknowledgement.

T21

T23

Call Request response Timer. After this time has elapsed, the DTE sends a

Clear message.

Clear Request response Timer. After this time has elapsed, the DTE retransmits

the Clear message.

Negotiable Facilities

Send Facility

Initiates facility negotiation during virtual circuit creation.

Determines which facilities are negotiated during virtual circuit creation:

Packet

is part of the

is part of the flow control parameters negotiation,

size

throughput class negotiation, and

Throughput

(Level 3 Window Size, above) is

N3 Window

part of the flow control parameters negotiation.

Chapter 8 - Data-Link Protocols (Encapsulation)

Cyclades-PR2000

STEP TWO

The next step is to create a static routing table associating each remote X.121 address with an IP address or a

TCP Socket location. This is done in the Add DTE menu, which appears at the end of the X.25 parameter list. It

can be reached by passing through all X.25 parameters or by using the <ESC> key at any point in the parameter

list.

X.25 Add DTE Menu CONFIG=>INTERFACE=><LINK>=>ENCAPSULATION =>X.25=><ESC>=>Add DTE

Parameter

Description

Type of Logical Address IP Address or TCP Socket. Users that intend to use the TCP Socket option should

see the CyROS Reference Guide.

IP Address

X.121(DTE) Address

VC Number

Applies for IP Address Type. IP Address of remote DTE device.

Address of remote DTE device.

Number assigned to this circuit, if it is a PVC. For SVCs, the value should be zero.

Enable Predictor

Compression

Applies for

. Enables data compression using the Predictor

IP Address Type

algorithm. This feature should be enabled only if Cyclades' equipment is being used

on both ends of the connection because there is no established standard for data

compression interoperability. Data compression is very CPU-intensive, making this

feature effective only for links running at speeds under 1Mbps. At higher speeds,

the time necessary to compress data offsets the gains in throughput achieved by

data compression.

Number of Bits for

Compression

Applies when

. Sixteen is fastest, but 10 must be

Predictor Compression Enabled

used if the router on the other end is a Cyclades PathRouter, for compatibility.

X.25 with PAD (Packet Assembler/Disassembler)

PAD acts as a protocol converter, allowing a user to access the packet-switched network via a serial terminal.

This asynchronous connection is then converted into synchronous communication with the router and the network

beyond (using the telnet application available in the router). Please see the CyROS Reference Guide for information

about this Encapsulation option.

Chapter 8 - Data-Link Protocols (Encapsulation)

Cyclades-PR2000

CHAPTER 9 ROUTING PROTOCOLS

Routing Strategies

Routing can be done either statically or dynamically.

Static Routing

Static routing is recommended when the network contains a small number of routers and other equipment. When

a system is simple and without redundant links, static routing is the simplest option. Even with some redundant

links, a multilink circuit can be created for semi-dynamic routing behavior. Multilink circuits are described in

section 4.4 of the CyROS Reference Guide.

Dynamic Routing

Dynamic routing is recommended when the network contains a large number or routers with redundant links

between them. RIP and OSPF are currently available in the Power Router line. RIP is simpler to configure and

is appropriate for systems that are stable (links do not go down often). OSPF is more complicated to configure,

requires much more CPU, and is not necessarily available in all equipment in a network. A mixture of RIP, OSPF,

and static routes is often used.

BGP-4 is a dynamic routing protocol used to route packets on the Internet. It is used in addition to the protocols

RIP and OSPF or static routing.

Chapter 9 - Routing Protocols

Cyclades-PR2000

Static Routes

Routers used in very small or simple networks may use static routes as the primary routing method. When RIP or

OSPF are used, some static routes may still be needed. Configuration of static routes will be explained using two

examples.

Network 2

142.10.0.0

Mask: 255.255.0.0

142.10.0.3

142.10.0.2

142.10.0.4

192.168.100.0

Mask: 255.255.255.0

192.168.100.1

Router 2

Router 1

142.10.0.1

10.0.0.3

192.168.100.3

192.168.100.2

Network 3

10.0.0.0

Mask: 255.0.0.0

10.0.0.2

Network 1

10.0.0.1

FIGURE 9.1 STATIC ROUTING EXAMPLE 1

In the first example, three networks are connected by 2 routers. The routing table for router 1 will automatically

include servers A,B,C, and D, as they are direct links. A static route must be created for access to Network 3.

This type of route, a Gateway route, tells the router that any message not intended for hosts A, B, C or D should

be sent to Router 2. Details are given in the parameter table that follows.

Chapter 9 - Routing Protocols

Cyclades-PR2000

Router 2

Unnumbered

Interfaces

192.168.100.1

Slot 3

ETH0

Connection

Point-to-Point

Slot 1

Router 1

10.0.0.3

ETH0

Network 3

Network 1

FIGURE 9.2 STATIC ROUTING EXAMPLE 2

Figure 9.2 shows another static routing example to explain the Gateway or Interface parameter. Between the two

routers is a point-to-point connection. Another network could be created, but is not necessary. Both routers can

be assigned unnumbered interfaces, because everything that leaves one router is sent to the other.

To define static routes, enter the menu CONFIG =>STATIC ROUTES =>IP =>ADD ROUTE. A description of the

parameters in this menu, with the configuration for Router 1 in the examples above, is given in the table that

follows.

Chapter 9 - Routing Protocols

Cyclades-PR2000

Add Static Route Menu CONFIG =>STATIC ROUTES =>IP =>ADD ROUTE

Parameter

Destination IP

Address

Description

Address that route will lead to. To configure a default route, type "default" for this

parameter, otherwise enter 0.0.0.0 in both this and the next parameter.

-- for the static route between Router 1 and Network 3, the IP

Both Examples

address is 192.168.100.0.

-- To access all hosts in Network 3, its mask, 255.255.255.0, is used.

Subnet Mask

Both Examples

Gateway or Interface

-- the route is to a gateway.

-- the route is to an interface since unnumbered interfaces are being

Example 1

Example 2

used.

Gateway IP Address

Interface

Applies only when previous parameter is

. It must be an address visible to

Gateway

, it is 142.10.0.4.

the router. In

Example 1

Applies only when previous parameter is Interface. Select the port (Ethernet or slot

N) that will be unnumbered. In , it is Slot 1.

Example 2

Relative cost of this link. Generally measured in number of routers between two IP

addresses. -- 1.

Metric

Both Examples

Is This a Backup

Route?

Indicates that this route is used as a backup in a multilink circuit. See section 4.4 for

more information about multilink circuits.

OSPF Advertises

This Static Route

Static routes defined in the router can be advertised by OSPF. Both this parameter

and the parameter CONFIG=>IP=>OSPF=>GLOBAL=>ADVERTISE STATIC

ROUTES must be set to Yes for the route to be advertised.

External Metric

Applies when OSPF Advertises This Static Route is set to Yes. Defines the metric

that will be advertised by OSPF.

External Metric-Type

Applies when OSPF Advertises This Static Route is set to Yes. For Type 1, the total

metric of this route is composed of the internal metric (inside the autonomous system)

and the external metric (provided in the previous parameter). For Type 2, the total

metric of this route is the value provided in the previous parameter.

Chapter 9 - Routing Protocols

Cyclades-PR2000

RIP Configuration

CyROS supports three basic types of RIP:

1 RIP1 [RFC 1058]

2 RIP2 with broadcast (compatible with RIP1) [RFC 1723]

3 RIP2 with multicast [RFC 1723]

The primary difference between RIP1 and RIP2 is that only RIP2 advertises subnet masks and next hops. If the

network contains equipment that understands only RIP1 packets, then RIP1 or RIP2 with broadcast should be

used. See RFC 1723, item 3.3 for more details. If only RIP2 is used, RIP2 with multicast is recommended.

Unlike static routes RIP is configured on each interface rather than in a global menu. The menu is the same for all

interfaces and its parameters are presented in the table below.

RIP Menu CONFIG =>INTERFACE =><LINK> =>ROUTING PROTOCOL =>RIP

Parameter

Description

Send RIP

Listen RIP

RIP2 Authentication

Causes the router to transmit RIP messages.

Causes the router to accept RIP messages.

Applies if RIP2 was chosen in the first two options. Activates RIP message

authentication with a password.

RIP2 Authentication

Password

Applies if

transmitted RIP messages.

is . Password used for both received and

RIP2 Authentication Active

Chapter 9 - Routing Protocols

Cyclades-PR2000

OSPF

The OSPF (Open Shortest Path First) routing protocol is significantly more complicated than RIP. The determination

of which protocol is better suited to a given network is beyond the scope of this manual. An example network

using OSPF is given in Figure 9.3.

AREA 1

Router 2

AREA 0

(Backbone)

Router 0

To Another

Autonomous System

Router 1

Link 1

Router 5

Router 3

Router 6

Router 4

AREA 2

AN AUTONOMOUS SYSTEM

Area Border

Routers:

R3, R6, R8

Virtual

Link

Router 7

AREA 3

AS Boundary

Router: R5

Router 8

Router 9

FIGURE 9.3 OSPF EXAMPLE

Chapter 9 - Routing Protocols

Cyclades-PR2000

First, some definitions:

• An Autonomous System (AS) is a portion of the network that will use a single routing strategy. It is made up

of a backbone area and optionally of non-backbone areas.

• OSPF Areas are sub-systems that have identical routing databases. An area generally has no knowledge of

the routing databases of other areas.

• The Backbone connects areas and contains any routers not contained in another area.

• An Area Border Router connects areas and contains a separate database for each area it is contained in.

• An Autonomous System Boundary Router (ASBR) connects Autonomous Systems. The other Autonomous

System does not necessarily need to use OSPF.

STEP ONE

If using OSPF for the first time, sketch the network and determine which routers will make up the backbone and

each area. Determine if each router is an area border router or an autonomous system boundary router.

OSPF Configuration on the Interface

STEP TWO

Contrary to most other protocols in CyROS, OSPF must first be configured on each interface, then configured in

the CONFIG =>IP =>OSPF menu. Enter into each interface and set the parameters listed in the table.

OSPF Menu CONFIG =>INTERFACE =><LINK> =>ROUTING PROTOCOL =>OSPF

Parameter

OSPF on This

Interface

Description

Activates OSPF. Enable Inactive is used to temporarily disable the OSPF protocol

without erasing the parameters set below. This is useful when OSPF is first configured,

as the general parameters must be set afterwards in CONFIG=>IP =>OSPF and OSPF

cannot function without them.

Parameters that apply only when OSPF on This Interface is Disabled.

Advertise This Non- Causes the router to include this interface in its advertisements through other interfaces

OSPF Interface

(as an external route).

This table is continued.

Chapter 9 - Routing Protocols

Cyclades-PR2000

OSPF Menu (continued)

External Metric

Defines the metric that will be advertised by OSPF.

External Metric Type For Type 1, the total metric of this route is composed of the internal metric (inside the

autonomous system) and the external metric (provided in the previous parameter). For

, the total metric of this route is the value provided in the previous parameter.

Type 2

Parameters that apply only when

is .

OSPF on This Interface Enable Enable Inactive

Area ID

Identifies the area to which the interface belongs. Areas are created here, then later

defined in CONFIG=>IP=>OSPF =>AREA. Has the format of an IP address, but is not

linked to any IP address in the system. Small OSPF networks will typically have only

one area (the backbone area represented by 0.0.0.0).

Router Priority

Priority used by OSPF in multicast networks to elect the designated router. A priority of

1 will make this router the most likely to be chosen. A priority of 2 will make it second

most likely. Set it to 0 (zero) if this router should never be the designated router.

Estimated transit time in seconds to route a packet through this interface. Use the

preset value (1) or increase the number for slow links

Transit Delay in

Seconds

Retransmit Interval * Time in seconds between link-state advertisement retransmissions for adjacencies

belonging to this interface.

Hello Interval *

Dead Interval *

Poll Interval *

Time in seconds between the hello packets on this interface.

Inactivity time (seconds) before a neighbor router is considered down.

Time in seconds between the hello packets sent to an inactive, non-broadcast, multi-

access neighbor.

Password *

Metric

String of up to 8 characters used to authenticate OSPF packages. The use of this

password is enabled in CONFIG=>IP=>OSPF=>AREA=>AUTHENTICATION TYPE

Defines the cost for normal service. For consistent routing, this parameter should be

determined in the same manner for all routers in the OSPF Area. Normally, metric cost

is defined as an inverse function of interface throughput (e.g. 1 for 100Mbps, 10 for

10Mbps, 65 for T1, 1785 for 56kbps, etc).

Advertise Secondary Causes the router to advertise additional addresses assigned to this interface. These

IP Address are configured in CONFIG => INTERFACE =><LINK> =>NETWORK PROTOCOL =>IP.

* Inside a given area, these 4 parameters should be the same for all routers.

Chapter 9 - Routing Protocols

Cyclades-PR2000

OSPF Global Configurations

STEP THREE

After completing the OSPF interface configuration for all interfaces (even those that will not use OSPF), navigate

to the OSPF Menu, CONFIG=>IP=>OSPF. Enter into the OSPF Global Commands menu and set the parameters

as indicated in the table below.

OSPF Global Commands Menu CONFIG =>IP =>OSPF =>GLOBAL

Parameter

OSPF Protocol

Router ID

Description

Enables OSPF on all interfaces.

Assigns a unique ID to the router for use by the OSPF protocol. It must be one of the

router's IP addresses.

AS Boundary Router An Autonomous System Boundary Router (ASBR) can convert external routes into

OSPF routes. Which external routes is determined through the following parameters.

In the figure, only Router 5 is an ASBR.

The following parameters apply only to

Autonomous System Boundary Routers

Originate Default

Gateway

Router will advertise itself as the Default Gateway (DG).

Default Gateway

External Metric

Default Gateway

Applies when Originate Default Gateway Advertisement is set to Yes. Defines the

metric that will be advertised by OSPF.

Applies when Originate Default Gateway Advertisement is set to Yes. For Type 1, the

External Metric-Type total metric of this route is composed of the internal metric (inside the autonomous

system) and the external metric (provided in the previous parameter). For Type 2, the

total metric of this route is the value provided in the previous parameter.

Advertise RIP Routes Routes learned through the RIP protocol will be converted to OSPF as external routes.

RIP External Metric

Applies when Advertise RIP routes is set to Yes. Defines the metric that will be

advertised by OSPF.

This table is continued.

Chapter 9 - Routing Protocols

Cyclades-PR2000

OSPF Global Commands (Continued)

Parameter

Description

RIP External Metric- Applies when Advertise RIP routes is set to Yes. For Type 1, the total metric of this

Type

route is composed of the internal metric (inside the autonomous system) and the

external metric (provided in the previous parameter). For Type 2, the total metric of

this route is the value provided in the previous parameter.

Advertise Non-OSPF A router can have both OSPF and non-OSPF interfaces. This option causes the router

interfaces

to advertise when these non-OSPF interfaces are up or down. When OSPF is

disabled on an interface, the parameter CONFIG=>INTERFACE =>

<LINK>

=>ROUTING PROTOCOL =>OSPF =>ADVERTISE THIS NON-OSPF INTERFACE

must also be set to Yes for the interface to be advertised.

Advertise Static

Routes

Static routes defined in the router will be converted to OSPF. Note that static routes

can be configured individually as advertised or not in the parameter

CONFIG=>STATIC ROUTES=>IP=>ADD ROUTE=>OSPF ADVERTISES THIS

STATIC ROUTE. Both parameters must be

for the route to be advertised.

Yes

STEP FOUR

The next step is to define the areas created in step two. This is done in the OSPF Area Menu.

Area Menu CONFIG =>IP =>OSPF =>AREA

Parameter

Description

Area ID

Has the format of an IP address, but is not linked to any IP address in the system. Use

the CONFIG=>IP=>OSPF=>L option to see which areas have been defined, and use

the area ID here.

Authentication Type

Simple password authentication can be used in OSPF. The authentication type should

be the same for all routers in an OSPF Area. If used, the password for each interface

is set in CONFIG=>INTERFACE=><INTERFACE>=>ROUTING PROTOCOL =>OSPF

=>PASSWORD.

This table is continued.

Chapter 9 - Routing Protocols

Cyclades-PR2000

Area Menu (continued)

Area Range N Status An Area Border Router (ABR) advertises link states for all networks within the area.

The number of such advertisements can potentially be reduced by condensing

different IP networks into a single range.

Area Range N Net

Address

Applies when Area Range N Status is Active.

Sets the network IP address for the range.

Area Range N Mask Applies when Area Range N Status is Active.

Sets the network IP mask for the range.

STEP FIVE

The CONFIG =>IP =>OSPF =>NEIGHBORS menu is required if the router uses OSPF over non-broadcast multi-

access interfaces such as X.25 and Frame Relay. If this is the case, set the parameters described in the following

table.

Neighbors Menu CONFIG=>IP =>OSPF =>NEIGHBORS

Parameter

Description

Interface

Link for which neighbors will be defined. In the OSPF example, consider link 1 of

Router 3.

Neighbor's IP

The router ID of the neighboring router. For Router 3, link 1, use the router ID of router

Neighbor's Status

includes link in OSPF database.

Enable

Enable Inactive leaves link in OSPF database, but router at end of link (Router 1 in this

case) no longer passes OSPF information.

Disable deactivates neighbor link and erases Neighbor’s IP.

Neighbor's Priority

Priority used by OSPF in multicast networks to elect the designated router. A priority of

1 will make this router the most likely to be chosen. A priority of 2 will make it second

most likely. Set it to 0 (zero) if this router should never be the designated router. An

example can be seen in Area 1 in the figure -- Router 1 should never be the

Designated Router because it does not have a direct link to Router 2. Either Router 0

or Router 3 should be chosen.

Chapter 9 - Routing Protocols

Cyclades-PR2000

STEP SIX

It is not always possible to connect all areas directly to the backbone. When an area is connected to the backbone

only through another area, two virtual links must be created. One from the backbone to the unattached area and

one from the unattached area to the backbone. If this occurs in the network containing the router, enter the Virtual

Links Menu to configure this link. In the table listing the parameters, the link between Area 3 (router 8) and the

backbone is used as an example.

Virtual Links Menu CONFIG =>IP =>OSPF =>VIRTUAL LINKS

Parameter

Description

Transit Area ID

ID of the OSPF Area sandwiched between this router and the backbone. In the figure,

area 2 is the area used to link Router 8 with the Backbone. This ID has the form of an

IP address.

Neighbor's ID

Virtual Link Status

Router ID of router at end of virtual link. In the example, this will be Router 6.

Activates the virtual link.

Parameters available only when Virtual Link Status is Active.

Transit Delay in

Seconds

Estimated transit time in seconds to route a packet from Router 8 to Router 6. Use the

preset value (1) or increase the number for slow links.

Retransmit Interval in Time in seconds between link-state advertisement retransmissions for adjacencies

Seconds*

belonging to this interface.

Hello Interval in

Seconds*

Time in seconds between the hello packets on this interface.

Dead interval in

Seconds*

Inactivity time (seconds) before a neighbor router is considered down.

Password*

String of up to 8 characters used to authenticate OSPF packages. The use of this

password is enabled in CONFIG

=>IP=>OSPF=>AREA=>AUTHENTICATION TYPE.

* Inside a given area, these 4 parameters should be the same for all routers. In the example virtual link, they

should be the same as those used for the backbone.

Chapter 9 - Routing Protocols

Cyclades-PR2000

BGP-4 Configuration

The BGP-4 routing protocol is used for routing on the Internet, performed between Autonomous Systems (ASs).

An autonomous system is defined as:

· A set of routers and networks under the same administration.

· An interconnected network, where no router is reachable solely through a path exterior to the AS

Each AS is identified by a 16-bit AS number. This number is supplied by the service provider.

Steps

1. Complete the Global Parameters

2. Register the neighbors of the autonomous system, the routers with which this router exchanges information.

At this point, the BGP-4 protocol is up and running. All remaining steps are fine tuning to improve performance

and reduce the size of the routing table.

If some routes that might be received are undesired, they can be filtered as they enter (or leave) so that they are

not placed in the routing table (or are not propagated to other autonomous systems).

This requires the following three steps:

3. Create an Access List

4. Add rules to the Access List

5. Return to the Neighbor configuration and match each list to the neighbor it should be applied to.

In some cases, a route should be accepted, but with changes determined by policies defined by the system

administrator. In this case, a route map should be created indicating which of the path attributes of the incoming

(or outgoing) message should be changed. This route map can be associated with a filter so that only specific

rules will be altered. The steps are the following:

6. Create a route map/sequence pair

7. Edit the neighbor definition to link it to the new route map

Chapter 9 - Routing Protocols

Cyclades-PR2000

The last option is to aggregate the addresses contained in the local autonomous system in order to present an

aggregated route to the outside world. This is done in the last step.

8. Aggregate the addresses contained in the AS.

The steps defined above will now be clarified.

STEP ONE

The global parameters apply to the router’s AS. Classless Inter-Domain Routing (CIDR) Address notation is used

instead of the normal IP Address and Subnet mask notation. Both are shown in Figure 9.4.

AS 100

200.50.51.0

255.255.255.0

200.50.51.0 / 24

AS 747

PR3000

100.100.100.1

200.200.200.1

..................................

100.100.100.2

Tele Popeye

200.50.50.0

255.255.255.0

200.50.50.0 / 24

AS 310

PR3000

200.200.200.2

..................................

Tele Brutus

FIGURE 9.4 EXAMPLE SYSTEM WITH PR2000 IN AS 100 BEING CONFIGURED

Chapter 9 - Routing Protocols

Cyclades-PR2000

CONFIG=>IP=>BGP4=>GLOBAL

Parameter

Description

BGP4 Protocol

Local AS Number

Router Identifier

Cluster Identifier

Default Local

Preference

Activates the protocol.

This number is assigned by the service provider.

Usually the same as the Router ID, one of the interface IP addresses

Only used when this router is used as a router reflector.

Value of the attribute "local pref" used by IBGP.

Accept Connections

From All Peers

Advertise Direct

Routes

Allows BGP connections from neighbors that have not been specified in the Neighbors

Menu.

Allows the removal of the interface routes from the list of routes to be advertised. In

the example these would be 100.100.100.1, 200.200.200.1 and the LAN interface IP

address.

Advertise Static

Routes

Allows the removal of static routes from the list of routes to be advertised.

Advertise RIP Routes Allows the removal of routes learned via RIP from the list of routes to be advertised.

Advertise OSPF

Routes

Allows the removal of routes learned via OSPF from the list of routes to be advertised.

The BGP network menu allows registration of the IP Addresses contained in the AS. This will mark these routes

as IGP instead of EGP or incomplete in the path origin attribute.

CONFIG=>IP=>BGP4=>BGP NETWORK=>ADD

Parameter

Description

Network Address

Network IP address of network to be added.

Network Mask (bitlen) Mask in CIDR format.

Chapter 9 - Routing Protocols

Cyclades-PR2000

STEP TWO

The neighbor menu identifies the routers inside and outside the AS that will communicate with the router via BGP-

4. Each update message exchanged between routers contains path attributes. How these path attributes are

manipulated by the router when routes are received or sent to each neighbor is determined here.

CONFIG=>IP=>BGP4=>NEIGHBOR=>ADD

Parameter

Description

Name

A string to facilitate identification of the Neighbor. In the example above, the names

Popeye and Brutus could be used.

IP Address

The IP address at the other end of the connection. For AS 747, the value is

100.100.100.2.

Description

Another string to identify the Neighbor.

AS Number

The AS number assigned to the neighbor.

Source IP Address

When this number is set, the protocol accepts TCP/BGP connections only when the

destination IP is this value. For Popeye, the value would be 100.100.100.1.

Causes the router to not initiate BGP connections with this neighbor.

Passive

Transparent-AS

causes the router to NOT include its own AS number in the "AS Path" path

Yes

attribute for update messages sent to this neighbor.

causes the router to NOT alter the "NextHop" path attribute for update messages

Transparent-NextHop

NextHop Self

Yes

sent to this neighbor.

Yes causes the router to change the NextHop path attribute for update messages sent

to this neighbor. The value is replaced by the Source IP Address set above.

Route Reflector Client Indicates that this router is a route reflector and the neighbor is a route reflector client.

Weight

Indicates the relative importance of the routes received from this neighbor. Routes

with greater weights are chosen over routes with lesser weights.

When set, indicates the maximum number of routes that the router will accept in a

single update message from this router.

When a message is not received from this neighbor for the holdtime, the neighbor is

considered inactive.

Maximum-Prefix

Holdtime

This table is continued.

Chapter 9 - Routing Protocols

Cyclades-PR2000

CONFIG=>IP=>BGP4=>NEIGHBOR=>ADD (continued)

Keepalive

Connection Retry

Time

Interval between keepalive messages sent to this neighbor.

When a connection with this neighbor is broken, the router try to reconnect with

frequency 1 divided by the Connection Retry Time.

Start Time

Time delay before router tries to connect

Incoming Distribution Applies a distribution access list to update messages received from this neighbor.

Access List Name

Outgoing Distribute

Access List Name

Incoming Filter

Access List Name

Outgoing Filter

Applies a distribution access list to update messages sent to this neighbor.

Applies a filter access list to update messages received from this neighbor.

Applies a filter access list to update messages sent to this neighbor.

Access List Name

Incoming Community Applies a filter access list to update messages received from this neighbor.

Access List Name

Outgoing Community Applies a filter access list to update messages sent to this neighbor.

Access List Name

Incoming Route Map Applies a route map to update messages received from this neighbor.

Number

Outgoing Route Map Applies a route map to update messages sent to this neighbor.

Number

Neighbor Alias

Address

Additional address used by the other router.

STEP THREE

Figure 9.5 shows an example of a route that could be filtered out. The preferred route from 5 to 1 is through 4, with

6 serving as a reliable backup. Any route received from neighbor 2 which includes 5 will probably be a duplicate

of the equivalent route received from 4. In order to reduce the size of the routing table, all routes received from 2

than contain 5 can be filtered out of incoming update messages.

Chapter 9 - Routing Protocols

Cyclades-PR2000

PR3000

100.10.0.0/16

FIGURE 9.5 MULTIPLE ROUTES CONTAINING AS 5

CONFIG=>IP=>BGP4=>ACCESS LIST=>ADD

Parameter

Description

Access List Name

Access List Type

Name assigned to list, to indicate which interface and direction it applies to.

The AS Path type allows filtering by AS number; the Dist BGP type allows filtering by

IP address and the Community BGP type allows filtering by community. In the figure,

the filtering can be done based either on AS 5 or the address 100.10.0.0/16

Enables the rule.

Rule Status

Default Scope

If the default of the list is permit, the default of each rule must be deny and the

corresponding rule must define which routes must be discarded. If the default of the

list is deny, the default of each rule must be permit and the corresponding rule must

define which routes will be accepted (with all others being discarded).

Chapter 9 - Routing Protocols

Cyclades-PR2000

STEP FOUR

An access list needs at least one rule. The example in Figure 9.6 shows three access lists, each one with several

rules. Each neighbor can be assigned up to 6 access lists, as seen in step 2.

Discarded

Routes

Discarded

Routes

Discarded

Routes

BGP-4

Message From

Tele Popeye

Route Map

Access list

popeye_comm

type Community

Access list

popeye_dist

type Distribution

Access list

popeye_path

type AS Path

FIGURE 9.6 UPDATE MESSAGE ARRIVING FROM TELE POPEYE PASSING THROUGH 3 FILTERS AND A

ROUTE MAP

An update message arriving from the neighbor called Popeye in step 2 will pass through the filters assigned to it

in the Neighbor Menu. The figure shows the case where the scope of the list is permit and that of the rules is deny.

Each rule causes routes to be discarded until finally the shortened message arrives at the route map (if one has

been configured for this neighbor).

Chapter 9 - Routing Protocols

Cyclades-PR2000

CONFIG=>IP=>BGP4=>ACCESS LIST=>CONFIGURE RULES=><ACCESS LIST NAME>=>ADD

Parameter

Rule Status

Scope

Description

Enables the rule.

See explanation of this parameter in step 3.

Rule AS Position

Applies only for Access List Type equal to AS Path. Limits the search on AS number to

a particular position in the route. For the example in Figure 12.5, Any would be the

correct choice because AS 5 will appear in the middle or the beginning of the route.

Rule AS Number

Applies only for

equal to AS Path. Applies the rule to routes

Access List Type

containing this AS number, with the restriction given in the preceding parameter.

Applies only for equal to Dist BGP. filters rules that match the

Rule Distr. Search

Type

Rule Distr. Address

Access List Type

Exact

IP Address/Mask pair exactly. Refine matches more specific routes.

Applies only for Access List Type equal to Dist BGP. Applies the rule to routes with

this IP number and the mask defined in the next parameter.

Rule Distr. Mask

Bitlen

Applies only for Access List Type equal to Dist BGP. The shortened mask that is used

with the IP address defined in the previous parameter.

Community

Applies only for Access List Type equal to Community BGP. Applies this rule to the

community number entered or to well-known communities defined in RFC 1997, BGP

Communities.

STEP FIVE

Each access list can be applied to more than one interface. The access list parameters in the Neighbor Menu for

the appropriate neighbor should be set now, since the access lists did not exist during step two.

Chapter 9 - Routing Protocols

Cyclades-PR2000

STEP SIX

A route map can either apply to all routes not discarded by the access lists, as shown in Figure 9.6, or to routes

filtered by a particular access list, as shown in Figure 9.7.

Discarded

Routes

Discarded

Routes

BGP-4

Message From

Tele Popeye

Access list

popeye_comm

type Community

Access list

popeye_dist

type Distribution

Access list

popeye_path

type AS Path

Route Map

FIGURE 9.7 ROUTE MAP ASSOCIATED WITH AN ACCESS LIST

In figure 9.7, the access list popeye_path is associated with sequence 2 of Route Map 1. Instead of the access list

causing the disposal of the routes that match its rules, it causes the application of the route map.

Chapter 9 - Routing Protocols

Cyclades-PR2000

CONFIG=>IP=>BGP4=>ROUTE MAP=>ADD

Parameter

Description

Route Map Number

Sequence Number

Match List Name

Weight

Identifies the route map

Identifies the sequence within the route map. The numbers need not be consecutive.

Associates an access list with this sequence, as shown in the figure above.

Alters the weight used to determine the best path. This value replaces the importance

assigned to the route by the weight parameter in the neighbor configuration.

Origin, Set Nexthop, These parameters modify the path attributes with the same name in the update

Set Metric, Set Local message.

Preference, Set

Atomic Aggregate,

Set Aggregate AS

number, Set AS Path,

AS Path Prepend,

AS Path AS-SET

STEP SEVEN

The neighbor definition should now be changed again to include the new route map. This is done in the Neighbor

Menu described in step 2.

STEP EIGHT

This last step permits aggregation of networks inside the AS to simplify routing tables. In the example in Figure

9.4, the two networks can be aggregated to form one network with the IP address/Mask of 200.50.50.0/23.

Chapter 9 - Routing Protocols

Cyclades-PR2000

CONFIG=>IP=>BGP4=>AGGREGATE ADDRESSES=>ADD

Parameter

Number

Description

An ID for reference.

Address

Mask (bitlen)

AS Set

The aggregated address. In the example, 200.50.50.0.

The mask for the aggregated address. In the example, 23.

causes the route to be tagged with the AS Set path attribute. Otherwise, the AS

Yes

Sequence path attribute is assigned.

Summary Only

Yes removes all more specific routes, leaving only the aggregated form. No maintains

both the individual and aggregated routes.

Chapter 9 - Routing Protocols

Cyclades-PR2000

CHAPTER 10 CYROS, THE OPERATING SYSTEM

This chapter explains various operating system features that are not covered in other chapters:

• creation of the host table

• creation of user accounts and passwords

• IP Accounting

Creation of the host table

CyROS allows identification of hosts by name. In the menu CONFIG =>SYSTEM=>HOSTS, each host is

assigned a number (1 to 32), and a host name (a maximum of 8 characters). The IP address to be associated

with this host name and the port to be used for telnet is then requested. This host name can be used in

aplications like ping and telnet, and in some other configuration menus.

Another way to identify hosts by name is to configure access to a DNS Server. This is done in the menu

CONFIG =>IP =>DNS CLIENT. The domain name where the router is located and two DNS Server IP

addresses are the only parameters.

Creation of user accounts and passwords

Four users are preset:

1 super with the password surt,

2 usr with no password,

3 auto with no password, and

4 pppauto with no password

Chapter 10 - CyROS, the Operating System

Cyclades-PR2000

Other users can be created and the user “usr” can be assigned a password. The password of the super user

should be changed as soon as possible. The menu CONFIG=>SECURITY=>USERS allows addition, deletion,

and modification of the list of users. The parameters are:

• User Name,

• Password,

• User Type: Super, Usr, Auto, or PPPAuto,

• User Status: Disabled or Enabled,

• Hosts 1 through 4 (the host names entered here must already exist in the host table).

• Automatic login name for hosts 1 through 4 (only for user of type auto)

Then the main menu items for this user are determined:

• Telnet,

• Ping,

• Traceroute,

• PPP,

• SLIP.

Lastly, any restrictions as to how the user may log in are defined:

• Console,

• Terminal,

• PPP Terminal,

• Telnet,

• PAD Terminal.

The super user has access to all menus. The usr user is shown a menu, upon sucessful login, with the items

chosen in the user’s profile. The pppauto user is connected directly to the user via PPP. No menu appears.

The auto user is connected via telnet directly to the host specified as host 1 in the user profile. If an automatic

Chapter 10 - CyROS, the Operating System

Cyclades-PR2000

(though a password may be necessary, depending on the remote host configuration).

IP Accounting

IP Accounting is used to count the total number of packets allowed (or not) to pass through an interface.

Statistics are given for packets that meet the criterions defined in a rule. (Traffic Rules are not supported). To

see all packets, a special rule list permitting everything can be defined. Rules are described in chapter 12.

Two versions of the IP account table are available for viewing. The result of INFO =>SHOW ACCOUNT TABLE

=>SUMMARY is shown below for four filter rules.

IP Accounting Table

Interface Direction Filter List Rule Bytes Packets

Ethernet

slot 3

Outgoing

Incoming

Outgoing

Incoming

generic

swan3out

swan3in

24876 3072

49254 3358

21362 3223

32563 3131

slot 3

Detailed information can be accessed via SNMP.

To use IP Accounting, two parameters must be set. When a rule is created, the parameter CONFIG =>RULES

LIST =>IP =>CONFIGURE RULES =>ADD RULE =>ALLOW ACCOUNT PROCESS must be Yes. Additionally,

when applying a rule to an interface, the parameter CONFIG =>INTERFACE =>ETHERNET =>NETWORK

PROTOCOL =>IP =>DETAILED INCOMING /OUTGOING IP ACCOUNTING must also be Enabled.

Chapter 10 - CyROS, the Operating System

Cyclades-PR2000

CHAPTER 11 NAT (NETWORK ADDRESS TRANSLATION)

NAT exists to convert local IP addresses into Internet “global” IP addresses. Internet IP addresses are

assigned by Internet providers. Due to the explosion of the internet, these numbers are scarce. Certain ranges

of IP addresses are reserved for internal use only — they may not have a direct connection to the Internet (for

reference, they are 10.0.0.0 - 10.255.255.255, 172.16.0.0 - 172.16.255.255, and 192.168.0.0 -

192.168.255.255). These are used as local IP addresses. Figure 11.1 shows an example of the utility of NAT:

Networks

192.168.0.0 &

200.200.200.0

Global Address Range

- Network: 200.240.230.224

- Mask: 255.255.255.240

ftp

Server

192.168.0.30

Host

200.240.230.2

200.200.200.11

200.200.200.10

WWW

Server

192.168.0.31

PR2000 With

Expanded NAT

192.168.0.5

Router Ethernet Port

Primary IP Address: 192.168.0.1

Secondary IP Address: 200.200.200.1

FIGURE 11.1 NAT EXAMPLE

In this example, the company has:

• 14 global IP addresses available for NAT, 200.240.230.225 to 200.240.230.238,

• Two networks connected to the router via the Ethernet Interface, one of which will be translated,

• Two servers that are accessed via the same global IP address, assigned statically.

Chapter 11 - NAT

Cyclades-PR2000

There are two types of NAT available in CyROS -- Normal NAT and Expanded NAT. This chapter describes

Expanded NAT. A description of Normal NAT appears in Chapter 4 of the CyROS Reference Guide.

What is the difference between Expanded and Normal Mode NAT? The Normal Mode is a previous

implementation of NAT used in the Power Router line. It has been maintained for backward

compatibility. Expanded NAT provides static translation not only from one IP address to another, but

from one IP address/port pair to another IP address/port pair.

As a preview, after configuring the router as shown in the example, CONFIG =>SECURITY =>NAT =>L will

display:

NAT Enabled

NAT mode Expanded

Port map translation Enabled

UDP Timeout (min) 5

DNS Timeout (min) 1

TCP Timeout (min) 1440

TCP flags Timeout (min) 1

NAT Global Addresses

address range

200.240.230.225 to 200.240.230.238

NAT Local Addresses

address range

192.168.0.0

255.255.255.0

translated

Chapter 11 - NAT

Cyclades-PR2000

NAT Static Translation Table

# Global address / port

local address / Port

Protocol

TPC

1 200.240.230.225 /

2 200.240.230.225 /

3 200.240.230.225 /

192.168.0.30

192.168.0.31

TPC

Types of Address Translation

In dynamic address translation, a pool of global IP addresses is loosely related to a pool of local IP

addresses. Mapping of one onto the other is done dynamically whenever a computer on the local network

requests a connection to the external network. When the connection is broken, the global IP address is

returned to the pool. Hosts connected via dynamic address translation must initiate all connections with the

external network.

In static address translation, one global IP address (or global IP address / port pair) is permanently associ-

ated with one local IP address (or global IP address / port pair). In the example, the web server is connected to

one of the global IP addresses for services on port 80, reducing the IP address pool to 13. Static address

translation is used when the connection with the external network is to be initiated from either side — external

or internal.

Translation may be done in two ways:

1 Address translation only – each global address is assigned to a single local address when necessary. In

the example, there are only 13 global addresses available and more than 13 hosts . With this type of

translation, only 13 servers can connect to the Internet at any given time.

2 Port and address translation — the UDP/TCP port and local IP address are translated as a pair. With this

type of translation, only ONE global address is needed. All hosts can be mapped to the same global IP

address. This can be used in our example to allow all hosts in the 192.168.0.0 network access to the

Internet at the same time.

Chapter 11 - NAT

Cyclades-PR2000

An overview of the NAT menu is shown in the table below.

NAT Menu CONFIG =>SECURITY =>NAT

Menu Option

Description

General

Parameters for enabling NAT and choosing the NAT Mode. Also includes port

translation option.

Global Address

Local Address

Static Translation

Timeout

The first and last IP addresses in the range. In the example, these numbers are

200.240.230.225 and 200.240.230.238.

The local network IP address and network mask, and whether or not the network should

be translated. In the example, these numbers are 192.168.0.0 and 255.255.255.0.

Defines a static translation between a global IP address/port pair and a local IP

address/port pair. In the example, three such pairs are defined.

Definition of inactivity timeouts for UDP, DNS, and TCP dynamic NAT translations.

STEP ONE

The first step in the configuration of NAT is to enable NAT and choose the NAT Mode (Normal or Extended).

Only the extended mode is discussed in this chapter. The normal mode is a previous version of NAT

maintained for backwards compatability. See chapter 4 of the CyROS Reference Guide for information about

the Normal Mode.

NAT Menu CONFIG =>SECURITY =>NAT =>GENERAL

Menu Option

NAT Status

NAT Mode

Description

Enables NAT.

Provides a choice between the previous NAT version (the Normal Mode) and the new

Extended NAT version.

Disable Port

Translation

Disables/enables NAT with port translation. If this parameter is changed while the router

is in use, all the active translations are destroyed, and their entries are removed from the

translation table.

Chapter 11 - NAT

Cyclades-PR2000

STEP TWO

The parameters in the Timeout Menu are explained in more detail below. The preset values should be

appropriate for most applications.

Timeout and Options Menu CONFIG =>SECURITY =>NAT =>TIMEOUT AND OPTIONS

Parameter

Description

UDP Timeout

Inactivity time required before a UDP translation is removed from the translation table.

An entry is created in the translation table the first time a UDP packet passes through the

interface. Five minutes is a reasonable time.

DNS Timeout

TCP Timeout

Inactivity time required before a DNS translation is removed from the translation table.

Inactivity time required before a TCP translation is removed from the translation table.

This time should be relatively long, because under normal conditions TCP connections

are formally disconnected with FIN (No more data from sender) or RST (Reset

Connection) flags.

TCP Flags Timeout Inactivity time required, after the receipt of a FIN, RST, or SYN (Synchronize sequence

numbers) flag, before a TCP translation is removed from the translation table. This time

can be relatively short, because after the TCP connection has been closed, there is no

further need for its address translation.

STEP THREE

The next step is to define the global address range to which the local addresses will be translated. This is done

in the menu CONFIG =>SECURITY =>NAT =>GLOBAL ADDRESSES =>ADD RANGE. The First IP Address

in the example in Figure 11.1 is 200.240.230.225, while the Last IP Address is 200.240.230.238.

The local address ranges must also be entered into the router in the menu CONFIG =>SECURITY =>NAT

=>LOCAL ADDRESSES =>ADD RANGE. Here, the Network IP Address (192.168.0.0 in the example) and

Network Mask (255.255.255.0 in the example) are entered. Since this range is to be translated, the parameter

Should This Range be Translated should be set to Yes. In the example, the network 200.200.200.0 is not to be

translated. This can be configured by adding a new range and setting the translation parameter to No, or by

simply not adding the range.

Chapter 11 - NAT

Cyclades-PR2000

STEP FOUR

If static translations are to be performed, as described in the example, the parameters in the Static Translation

Menu must be set. A brief explanation of each parameter is given in the table.

Static Translation Menu CONFIG =>SECURITY =>NAT =>STATIC TRANSLATION => ADD ENTRY

Parameter

Description

Global IP Address One of the addresses assigned by the Internet access provider and included in one of

the NAT global address ranges.

Protocol

TCP, UDP, ICMP, or any protocol.

Global Port

The port to be translated on the WAN side. When a request comes in on port 80 for IP

200.240.230.225 in the example, it is sent to the server with IP 192.168.0.31, port 80

The IP address of the server (on the LAN, in the example) which is translated to an

Internet IP address.

The port to be translated on the LAN side. When a request comes in on port 80 for IP

200.240.230.225 in the example, it is sent to the server with IP 192.168.0.31, port 80.

Local IP Address

Local Port

STEP FIVE

After the NAT menu parameters have been set, the NAT property in the Network Protocol Menu of each

interface must be configured. In the example, the IP Address of the Ethernet interface is not assigned

dynamically. The parameter CONFIG =>INTERFACE =>ETHERNET =>NETWORK PROTOCOL =>IP=>NAT -

DYNAMIC ADDRESS ASSIGNMENT should be set to Inactive. The IP address of the interface connecting the

router to the Internet is also assigned by the super user in the example, rather than dynamically. The

parameter CONFIG =>INTERFACE =>SWAN =>NETWORK PROTOCOL =>IP=>NAT - DYNAMIC ADDRESS

ASSIGNMENT would also be set to Inactive.

After NAT has been configured and is running, the menu option INFO =>SHOW STATISTICS =>NAT will show

Network Address Translation Statistics.

Chapter 11 - NAT

Cyclades-PR2000

CHAPTER 12 RULES AND FILTERS

There are four basic types of rules:

1 IP filter rules,

2 Radius rules (actually a combination of previously defined IP filter rules),

3 traffic control rules, and

4 transparent bridge rules (similar to IP filter rules, but for applications that use a transparent bridge).

IP filter rules and traffic control rules will be covered in detail in this chapter. See section 4.7 of the CyROS

Reference Guide for more information about all four types of rules.

As an introduction, the Rules List Menu Tree is presented in Figure 12.1. First, a rule list is created and

named. Second, rules are added to the list and defined.

Configuration of IP Filters

IP Filter rules are a very important part of a network’s firewall. They permit packets into or out of the network

depending on the source and destination IP addresses, the source and destination ports, the protocol used,

and the ACK bit for TCP packets. The Syslog can be used to monitor the packets that meet the rules applied in

this menu.

Chapter 12 - Filters and Rules

Cyclades-PR2000

Config

Rules List

Add Rule List

Rule List Name

Rule Status

Rule List Type

Default Scope

Edit Rule List

Same as Add

Rule List

Incoming Rule List Name

Outgoing Rule List Name

Linked Rule List Name N

Configure Rules

Rule List Name

Add Rule

Insert as Rule Number

Rule Status

Scope

Rule Priority Level

Reserved Bandwidth

Bandwidth Priority Level

Protocol

Source IP Operator

IP Address Start Mask

IP Address Start

IP Address End

Destination IP Operator

IP Address Start Mask

IP Address Start

IP Address End

Source Port Operator

Source Port Start

Source Port End

Destination Port Operator

Destination Port Start

Destination Port End

Allow TCP connections

Allow Account Process

Delete Rule

Edit Rule

Rule to delete

Same Parameters as Add Rule

Clear Rule List

FIGURE 12.1 THE RULES LIST MENU TREE

Chapter 12 - Filters and Rules

Cyclades-PR2000

Exterior Router

ETH0

Perimeter Network

192.168.0.0

Slot 1

192.168.0.1

192.168.0.2

172.16.0.0

Router

Slot 1

Interior Router

192.168.0.3

ETH0

Bastion

Host

10.0.0.0

Extension to Network

FIGURE 12.2 FIREWALL EXAMPLE

Figure 12.2 will be used to show how both an exterior router and an interior router would be configured using

the filters available in CyROS.

Chapter 12 - Filters and Rules

Cyclades-PR2000

Exterior Router

The exterior router is the network’s first defense against attacks. For this reason, it is reasonable to prohibit all

packets except for those explicitly allowed. This is done by choosing the Default Scope to be Deny. Thus, ALL

desired traffic must be expressly allowed by the rules in the rule list.

Let

e-mail in

Let

e-mail out

DENY

Let Telnet

Connections Out

FIGURE 12.3 DENY AS DEFAULT SCOPE

In Figure 12.3, a conceptual equivalent of the interface is shown. All packets except those which fall into the

holes in the ball will be denied entry in to or out of the network.

Chapter 12 - Filters and Rules

Cyclades-PR2000

Steps necessary to activate filtering on the exterior router in the example:

1 There are two interfaces with two directions each. Filtering on link 1 requires the creation of two rule lists,

called exterior_inand exterior_out. Create them using the menu CONFIG =>RULES LIST =>IP

=>ADD RULE LIST and the following parameters:

Rule List Type = Filter

Default Scope = Deny

Linked Rule List Name = None

2 Create the rules for each rule list in the order in which they should be evaluated. The order is important

and mis-ordering the rules can cause unexpected results. This is done in the menu CONFIG =>RULES

LIST =>IP =>CONFIGURE RULES. The parameters for rules 0 and 1 in the example are shown in Figure

12.4.

3 Link the rule lists to the respective interface parameters in the menu CONFIG =>INTERFACE

=><INTERFACE> =>NETWORK PROTOCOL =>INCOMING/ OUTGOING RULE LIST NAME. exterior_in

should be set as the incoming rule list name and exterior_out should be set as the outgoing rule list name.

Exterior_in, rule 0, allows a remote computer to connect to the bastion host using the TCP protocol on

its SMTP port. Exterior_out, rule 0, allows the Bastion Server to RESPOND to the connection started

by the remote computer. To send e-mail out, two more rules would be needed. If all the router needs to do is

receive e-mail, the configuration is done. If not, other “holes” must be created in the deny ball.

Chapter 12 - Filters and Rules

100

Cyclades-PR2000

The configuration for “Let e-mail in” is shown in the following figure (obtained by selecting CONFIG =>RULES

LIST =>IP =>L in the menus):

Rules Lists

Rule List Name Rule

Default List

Linked

Rule

Status

Scope

Type

List

exterior_in

exterior_out

Enabled Deny

Filter

Filter_list Name exterior_in

Rule 0

Status

Enabled

Scope

Protocol

Permit

TCP

Source IP Operator

None

Destination IP Operator Equal

Destination IP start

Destination IP Mask

Source Port Operator

Source Port Start

Destination Port

Operator

192.168.0.3

255.255.255.255

Greater than

1023

Equal

Destination Port Start SMTP

TCP connections allowed Y

Account Process allowed N

FIGURE 12.4 OUTPUT FOR EXTERIOR ROUTER EXAMPLE

Chapter 12 - Filters and Rules

101

Cyclades-PR2000

Filter_list Name exterior_out

Rule 0

Status

Enabled

Scope

Protocol

Permit

TCP

Source IP Operator

Source IP start

Source IP Mask

Equal

192.168.0.3

255.255.255.255

Destination IP Operator None

Source Port Operator

Source Port Start

Destination Port

Operator

Equal

SMTP

Greater than

Destination Port Start 1023

TCP connections allowed N

Account Process allowed N

FIGURE 12.4 OUTPUT FOR EXTERIOR ROUTER EXAMPLE (CONTINUED)

Chapter 12 - Filters and Rules

102

Cyclades-PR2000

Interior Router

If an interior router exists in the network, the administrator may decide to use a Default Scope of Permit. In this

case, all undesired traffic must be excluded by a rule in the rule list. In Figure 12.5, a conceptual equivalent of

the interface is shown.

All packets except those which fall into the holes in the ball will be allowed entry in to or out of the network.

Stop

Forged Packets

PERMIT

Don’t Allow

Access to News

PERMIT

Stop Telnets

From the Outside

(Except Bastion Host)

PERMIT

FIGURE 12.5 PERMIT DEFAULT SCOPE

Chapter 12 - Filters and Rules

103

Cyclades-PR2000

The configuration for “Stop forged packets” is shown in the following listing:

Rules Lists

Rule List Name Rule

Default

Scope

List

Type

Linked

Rule

Status

List

slot1_in

Enabled

Permit

Filter

Filter_list Name slot1_in

Rule 0

Status

Enabled

Scope

Deny

Protocol

Source IP Operator

Source IP start

Source IP Mask

Equal

10.0.0.0

255.0.0.0

Destination IP Operator None

Source Port Operator None

Destination Port Operator None

TCP connections allowed

Account Process allowed

FIGURE 12.6 OUTPUT FOR INTERIOR ROUTER EXAMPLE

Slot1_in, rule 0, prohibits any incoming packets with source IP addresses of the internal network. Since

the addresses used for internal networks cannot be routed on the Internet, they cannot be valid unless there is

a leak of traffic through another router to the perimeter network.

Imagine that, as shown in the figure, the network is expanded and another range of IP addresses is used (not a

sub-network). Rule 0in the list Slot1_inwill not protect this network. Either another rule can be added to

this list, or the new router can filter packets into its area (or both).

Chapter 12 - Filters and Rules

104

Cyclades-PR2000

Traffic Rule Lists

There are three kinds of traffic rules that can be configured in CyROS. The first two determine a division of

bandwidth for traffic flowing out of the router:

1 Traffic Shaping (the division of bandwidth is strictly adhered to),

2 Bandwidth Reservation (the division with the larger priority can steal bandwidth from the others),

An example showing the first two types is given in figure 12.6.

Network of

Client A

50% or more

of total bandwidth

INTERNET

Link 3

Link 0

11.11.11.1

Link 2

33.33.33.1

25% or less

of total bandwidth

Link 1

22.22.22.1

25% or less

of total bandwidth

Client C

Client B

FIGURE 12.7 TRAFFIC RULE EXAMPLE 1

Chapter 12 - Filters and Rules

105

Cyclades-PR2000

The third determines which services have priority flowing through the router:

3 Service Prioritization.

An Internet provider has three clients connected to the same router. Client A is larger and without traffic control

would overwhelm the router to the exclusion of Clients B and C. The administrator decides to divide the flow

out of the router (to the Internet) into three portions: 50% guaranteed for Client A, and the rest divided equally

between Clients B and C. Since he does not want to limit Client A needlessly, the bandwidth Client A uses can

be increased on demand if the total bandwidth is not being used up by the other two clients. This is Bandwidth

Reservation.

The two clients with 25% bandwidth each are given lesser, but equal priorities. They can not share bandwidth

or steal it from Client A. However, each has the right to 25% of the total bandwidth on link 3 if it is needed.

This is Traffic Shaping.

Note that this rule list is applied to link 3, and not separately on links 0-2.

Steps for this configuration.

1 Create a Traffic Rule list traffic_1. This is done in the CONFIG =>RULES LIST =>IP => ADD RULE LIST

menu with the Rule List Type set to Traffic.

2 Create rules for each of the three source IP addresses. This is done in the CONFIG =>RULES LIST =>IP

=>ADD RULE menu. The parameters for each rule are shown in Figure 12.7. Of the traffic parameters,

only the Reserved Bandwidth and Bandwidth Priority parameters are important in this example. Flow

Priority is not used.

3 Enter into the configuration for link 3 and change the parameter CONFIG =>INTERFACE =><INTERFACE>

=>TRAFFIC CONTROL =>GENERAL =>IP TRAFFIC CONTROL LIST = traffic_1.

Note that the bandwidth used for the percentage calculation is that set in CONFIG =>INTERFACE

=><INTERFACE> =>TRAFFIC CONTROL =>GENERAL =>BANDWIDTH, and not the actual bandwidth

available in the link.

Chapter 12 - Filters and Rules

106

Cyclades-PR2000

Rules Lists

Rule List Name Rule

Default List

Linked

Rule

Status Scope

Type

List

traffic_1

Enabled

Traffic

Filter_list Name traffic_1

Rule 0

Status

Enabled

Flow priority

Rule bandwidth

Bandwidth priority

Protocol

50%

Source IP Operator

Source IP start

Source IP Mask

Destination IP

Operator

Equal

11.11.11.0

255.255.255.0

None

Source Port Operator None

Destination Port

Operator

None

FIGURE 12.8 OUTPUT SHOWING PARAMETERS FOR TRAFFIC RULE EXAMPLE 1

Chapter 12 - Filters and Rules

107

Cyclades-PR2000

Rule 1

Status

Enabled

Flow Priority

Rule bandwidth

Bandwidth priority

Protocol

25%

Source IP Operator

Source IP start

Source IP Mask

Destination IP

Operator

Equal

22.22.22.0

255.255.255.0

None

Source Port Operator None

Destination Port

Operator

None

Rule 2

Status

Enabled

Flow Priority

Rule bandwidth

Bandwidth priority

Protocol

25%

Source IP Operator

Source IP start

Source IP Mask

Destination IP

Operator

Equal

33.33.33.0

255.255.255.0

None

Source Port Operator None

Destination Port

Operator

None

FIGURE 12.8 OUTPUT SHOWING PARAMETERS FOR TRAFFIC RULE EXAMPLE 1 (CONTINUED)

Chapter 12 - Filters and Rules

108

Cyclades-PR2000

An example showing the third type of traffic control is given in Figure 12.8. The network administrator wants to

prioritize the access to his web server. He also wants to prioritize e-mail sent by his SMTP server, but the

priority should be lower. All other traffic should have the lowest priority. For web server access, the important

flow direction is not the user requests, but rather the data requested. The traffic control rule must be placed on

link 2. In the case of e-mail, the important flow is the data leaving the e-mail server, and not the

acknowledgements back. This is also governed by link 2. (Note: flow control could be placed on the data

request packets and the SMTP acknowledgements by associating rules to link 1.)

E-mail Server

Port: Any

Web Server

PR2000

Link 2

Port: 80

Link 1

INTERNET

Port: 25 (SMTP)

Port: Any

E-mail Server

Web Client

FIGURE 12.9 TRAFFIC RULE EXAMPLE 2

Chapter 12 - Filters and Rules

109

Cyclades-PR2000

The configured rules will appear as shown in the following listing.

Rules Lists

Rule List Rule

Default List

Linked

Name

Status Scope

Type

Rule

List

web_access Enabled

Filter_list Name web_access

Rule 0

Traffic

Rule 1

Status

Enabled

TCP

None

Status

Enabled

Flow priority

Rule bandwidth

Bandwidth priority

Protocol

Source IP Operator

Destination IP

Operator

Flow Priority

Rule bandwidth

Bandwidth priority

Protocol

Source IP Operator

Destination IP

Operator

TCP

None

Source Port Operator Equal

Source Port Operator None

Source Port Start

Destination Port

Operator

Equal

Destination Port

Operator

None

Destination Port

Start

SMTP

FIGURE 12.10 OUTPUT SHOWING PARAMETERS FOR TRAFFIC RULE EXAMPLE 2

Note that for this type of traffic control, of the traffic-specific parameters only Flow Priority is used. The

Reserved Bandwidth and Bandwidth Priority parameters are not important. A system needing all three is

conceivable, but much too complicated to show in this manual.

Chapter 12 - Filters and Rules

110

Cyclades-PR2000

CHAPTER 13 IPX (INTERNETWORK PACKET EXCHANGE)

IPX is an alternative to IP, proprietary to Novell. When IPX is activated, many new menus appear to allow

configuration of this type of network. IP and IPX can both be active in the router simultaneously, and an

interface can have both IP and IPX traffic passing through it. IPX is not discussed in the other chapters of this

manual to avoid confusion for those who are using IP.

Server Named “Colombo”

Novell Network Management Station

Mac Address: 00: 60: 2E: 00: 11: 11

Internal Network Number: 00000003

IPX Network

Number: 00A0B000

PR2000

Static Route

ETH0

Internal Network

Number: 00000001

Slot 1

IPXWAN Network

Number: 00B0C000

PR3000

Windows Network with

Network Number: 00010001

....

Internal Network

Number: 00000002

Mac Address: 00: 60: 2E: 00: 11: 00

FIGURE 13.1 IPX NETWORK EXAMPLE

Chapter 13 - IPX

111

Cyclades-PR2000

Enabling IPX

The first step is to activate the IPX feature in the router. This is accomplished using the menu option ADMIN

=>ENABLE FEATURES => IPX. The IPX protocol must also be activated in the menu CONFIG =>IPX =>

GENERAL. In this menu, the Internal Network Number (the unique number assigned to the router) and the

Maximum Number of Hops must be defined. The maximum number of hops defines how many routers can be

on the path from this router to the destination of any packet sent through this interface.

Configuring the Ethernet Interface

The example in Figure 13.1 will be used to explain the remaining parameters that must be configured. The

Ethernet interface for the PR2000 is examined first. In the menu CONFIG =>INTERFACE => ETHERNET =>

ENCAPSULATION, the Ethernet interface must be activated. The MAC address should be correct, as it is

preset at the factory. For IPX, the Encapsulation parameter should be set according to the value used by the

servers on the network..

In the menu CONFIG =>INTERFACE => ETHERNET => NETWORK PROTOCOL => IPX, the protocol should

be activated and the LAN Network Number (00A0B000 in the example) set. All other parameters are explained

in chapter 5.

Configuring Other Interfaces

This stage depends on which board is occupying slot 1 and which encapsulation will be used. Each

encapsulation option will be discussed separately. Read the chapter describing the configuration for the

appropriate interface, consulting this section for details on IPX-specific parameters.

PPP

The parameters for the PPP data-link protocol are discussed in chapter 8. Only the parameters particular to

the IPX protocol will be described here. The are located in the CONFIG =>INTERFACE =><INTERFACE>

=>ENCAPSULATION =>PPP. The first parameter is the IPXWAN Network Number, shown in Figure 13.1 as

00B0C000. IPX Compression can be enabled, and if so the Number of Compression Slots determined. If

enabled, it must be used on both sides of the link (both routers in Figure 13.1) in order for the link to work.

Chapter 13 - IPX

112

Cyclades-PR2000

The parameter Send SAP Update can be set to Demand, Periodic, or None. This parameter affects both SAP

and RIP. Periodic causes the router to send these messages every minute, while choosing Demand will cause

the router to send messages only when a message request is received.

Frame Relay

Frame Relay parameters are explained in chapter 8. The IPX-protocol-specific parameters are the same as

those described in the preceding section, but are located in the menu CONFIG =>INTERFACE

=><INTERFACE> =>ENCAPSULATION =>FRAME RELAY => <ESC> => ADD DLCI.

X.25

X.25 is explained in chapter 8. The IPX-protocol-specific parameters are the same as those described in the

PPP section, but are located in the menu CONFIG =>INTERFACE =><INTERFACE> =>ENCAPSULATION

=>X25 => <ESC> => ADD DTE.

Routing

Routing can be done statically, by configuring static routes, or dynamically using RIP. RIP is described in

chapter 9. To create a static route, as shown in Figure 13.1, navigate to the menu CONFIG => STATIC

ROUTES => IPX =>ADD ROUTE. The parameters for the system shown in the example are the following:

Add IPX Static Route Menu CONFIG => STATIC ROUTES => IPX =>ADD ROUTE

Parameter

Value for the Example

Destination Network 00010001

Number

Interface

Slot 1

Next Hop Node

Number of Hops

Number of Ticks

00602e001100

1 (one router is between the router being configured and the network to be reached)

1 (related to the time necessary to reach the network)

Chapter 13 - IPX

113

Cyclades-PR2000

The routing table is displayed by the menu option INFO => SHOW ROUTING TABLE => IPX. For the example,

and using only the static route created above, the routing table appears as in Figure 13.2.

Destination Interface/ Subinterface/ hops ticks Type

Remote address

00000001

00A0B000

00010001

00B0C000

PrimaryNet

Connected

Static

Ethernet

Slot1 Node 00602E001100 1

Slot1

Connected

FIGURE 13.2 ROUTING TABLE FOR THE EXAMPLE

The SAP (Service Advertisement Protocol) Table

In Novell networks, a given server can provide various services. In order for the router to identify these

servers, their locations and services are entered into a SAP table in the router. This is done using the menu

CONFIG =>IPX => SAP TABLE. The parameters for each entry are shown in the table.

SAP Table Menu CONFIG =>IPX => SAP TABLE

Parameter

Description

Service Type

Service this server offers. ? provides a list of valid codes. For the server Columbo, in

the example, this code is 0166.

In the example, the name is Columbo.

00000003

Server Name

Service Network

Number

Server Node

Server Socket

Number

00602e001111

? provides a list of valid codes.

Number of Hops

Number of routers between this router and the server. 0 in the example.

Chapter 13 - IPX

114

Cyclades-PR2000

CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATION

The Virtual Private Network utility can be used on any link using IP routing. It is used to provide greater

security between two or more networks connected through a public communications network. The basic

concepts are presented in Figure 14.1. An IP datagram is sent by a device on the LAN. The message arrives

at the router. The router has two tables. One with all the IP addresses contained in the Local Security Network

and another with all the IP addresses in the Remote Security Networks. If the source IP address is contained

in the Local Security Network list and the destination IP address is contained in the Remote Security Network

list, the message is encrypted and encapsulated. The only destination address is that for the remote gateway

(defined in the Remote Security Network list). Upon arrival at the remote gateway, the packet is unwrapped

and sent to its destination.

Message

Local

Gateway

Remote

Gateway

IP Datagram

sent by user

Header

PR4000

Header

PR3000

Message

Source IP Address

Destination IP Address

IP Options and Data

Source IP Address

Destination IP Address

IP Options and Data

Public

Network

As sent by

local Gateway

As received by

remote Gateway

Header with destination:

remote security gateway

IP Address

Header with destination:

remote security gateway

IP Address

Conversion

performed by Router

with Cyclades’ VPN

Encrypted IP Datagram

FIGURE 14.1 CONVERSION PERFORMED BY CYCLADES’ VIRTUAL PRIVATE NETWORK UTILITY

Chapter 14 - Virtual Private Network Configuration

115

Cyclades-PR2000

An example showing a local security network and two remote security networks is shown in Figure 14.2. The

PR2000 in the local security network will be configured step by step. (Which network is considered local and

which network is considered remote depends on the router being configured.)

STEP ONE

The Virtual Private Network Utility must be Enabled in the ADMIN =>ENABLE FEATURES =>VPN menu before

it can be used. Navigate to this menu and enter the password supplied by Cyclades to activate VPN.

STEP TWO

Link 1 of the PR3000 (RSG3) should be fully configured and operational before beginning the VPN

configuration. Each router has an IP address (with optional secondary IP addresses) for each numbered

interface. In addition, each router has a Router IP Address which is one of the interface IP addresses. This

router IP address is used whenever a single IP address is needed to identify the router. It is critical that each

router being used as a remote security gateway have this parameter defined. It is NOT defined automatically.

Navigate to CONFIG =>IP =>ROUTER IP and confirm that this parameter has been defined and is set to the

value desired. An address that can be routed on the internet is generally used.

The Router IP Addresses for the other Remote Security Gateways (RSG1 and RSG2 in

Important!!

the example) must also be known before beginning the configuration of RSG3.

Chapter 14 - Virtual Private Network Configuration

116

Cyclades-PR2000

REMOTE SECURITY NETWORK 1

Router

IP:10..255.255.0

Link 1

IP: 50.50.50.1

RSG1

PR4000

LOCAL SECURITY NETWORK

IP: 10.0.0.0

Router IP Address:

9.9.9.1

RSG3 - Remote

Security Gateway

IP Network

Router

Link 1

IP: 70.70.70.1

Link 2

IP: 190.190.190.1

REMOTE SECURITY NETWORK 2

ETH0

Link 1

IP: 20.20.20.1

IP:172.16.0.0

PR3000

Router IP Address:

190.190.190.1

RSG2

PR2000

IP:192.168.0.0

Router IP Address:

20.20.20.1

FIGURE 14.2 VIRTUAL PRIVATE NETWORK EXAMPLE

Chapter 14 - Virtual Private Network Configuration

117

Cyclades-PR2000

STEP THREE

Use the menu item INFO =>SHOW ROUTING TABLE to confirm that the other Remote Security Gateways

(RSGs), and all the networks included in the Remote Security Networks, are reachable. In the example, this

would require that all of the following appear in RSG3’s routing table:

• RSG1 router IP address: 9.9.9.1

• Network connected to RSG1 that will be included in Remote Security Network 1: 10.255.255.0

• RSG2 router IP address: 20.20.20.1

• Network connected to RSG2 that will be included in Remote Security Network 2: 192.168.0.0

These IP addresses should appear as a destination or be contained in one of the destination networks listed in

the routing table. If an address is not in the routing table, add it following the instructions given in chapter 9 for

static routes.

STEP FOUR

The next step is to define the devices contained in the Local Security Network. Navigate to the menu CONFIG

=>SECURITY =>VPN =>LOCAL IP NETWORKS =>ADD NETWORK. Enter the Network IP address and mask

for all devices to be included in the local network for VPN purposes. In the example, the networks 10.0.0.0 and

172.16.0.0 must be added.

Traffic from other networks attached to the router will still be routed. The only difference is that the

messages will be forwarded without processing and encryption by the VPN software.

STEP FIVE

The Gateways (represented by RSG1 and RSG2 in the example) must be defined. The Router IP address for

each gateway is requested, along with a secret. This secret is not global, but rather applies to each pair of

RSGs. If RSG3 defines the secret for RSG1 as rumpelstiltskin, then RSG1’s secret for RSG3 must also be

rumpelstiltskin. It is critical that the Router IP Address (as described in step two) be used, and not the IP

address of the link connected to the IP network (unless the two IP addresses happen to be the same).

Chapter 14 - Virtual Private Network Configuration

118

Cyclades-PR2000

STEP SIX

Now, the Remote Security Networks must be defined. This is done in the CONFIG =>SECURITY =>VPN

=>REMOTE IP NETWORKS =>ADD NETWORK menu. The IP address and network mask must be defined for

all remote devices to be included in the remote network for VPN communication. The Remote Security

Gateway IP address (set in step five) must also be given for each network. In the example, the RSG IP

address for the network 10.255.255.0 is 9.9.9.1, and the RSG IP address for the network 192.168.0.0 is

20.20.20.1.

STEP SEVEN

The last step is to activate VPN and configure the VPN options. Be aware that after activating VPN on the local

network, data sent to the remote network will not be forwarded until VPN is configured and activated on that

network too. The VPN Options Menu parameters should be set using the guidelines given below. The options

should be defined identically for all Remote Security Gateways in a VPN.

VPN Options Menu CONFIG =>SECURITY =>VPN =>OPTIONS

Parameter

Description

Cyclades VPN Status Activates the Virtual Private Network. Warning: until VPN is activated on both ends of

a given tunnel, all traffic will halt.

Tunnel Keepalive

Timeout

Tunnel Keepalive

Retries

Keepalive messages are sent across each tunnel with this frequency, to make sure

that the router on the other end of the connection is operating.

If a keepalive message reply is not received, the router sends the request again this

number of times.

Tunnel Inactivity

Timeout

If no messages are passed for this time period (keepalive messages not included), the

tunnel will be disconnected.

Time Interval for VPN This is the time between retries (for either tunnel creation or keepalive requests that

Retries are not acknowledged).

Chapter 14 - Virtual Private Network Configuration

119

Cyclades-PR2000

APPENDIX A TROUBLESHOOTING

What to Do if the Login Screen Does Not Appear When Using a Console.

1 Check the configuration of the terminal. The correct values are given in chapter 2.

2 Check to see if the router booted correctly. Before the login screen appears, boot messages should

appear on the screen. If the system halts while booting, the last message on the screen should give an

indication of what went wrong.

3 While the router is booting, the LEDs labeled CPU, Tx, Rx and GP indicate the stage of the boot process,

as shown in Figure A.1. When the router has started up properly, the CPU LED blinks consistently one

second on, one second off.

Test CPU

Boot Code step

Off

Off Off On Boot Code CRC check

Off On Off Configuration vector load

Off On On DRAM test

On Off Off Flash memory - Configuration validation

On Off On Flash memory - Code validation

On On Off Interface cards detection

On On On Ethernet port detection

Off Off Off Real Time Clock test

Off Off On Boot code selection

Off On Off Load of the operating code

Off On On Control is being passed to the operating code

FIGURE A.1 ILLUMINATION OF LEDS WHILE ROUTER IS BOOTING.

Appendix A - Troubleshooting

120

Cyclades-PR2000

What to Do if the Router Does Not Work or Stops Working.

1 Check that the cables are connected correctly and firmly (see chapter 2, What is in the Box, for correct

cable connection information).

2 Confirm that the Link LED is lit, indicating proper Ethernet cable termination. If it is not lit, check both ends

of the Ethernet cable and the hub connection.

3 Confirm that the CPU LED is blinking consistently one second on, one second off. If this is not the case,

see figure A.2 for an interpretation of the blink pattern.

Event

CPU LED Morse code

S (short, short, short...)

L (long, long, long, ...)

Normal Operation

Flash Memory Error – Code

Flash Memory Error – Configuration S, L

Ethernet Error

S, S, L

No Interface Card Detected

Network Boot Error

Real-Time Clock Error

S, S, S, L

S, S, S, S, L

S, S, S, S, S, L

FIGURE A.2 CPU LED CODE INTERPRETATION

4 Make sure any external modem, DSU/CSU, or interface equipment is properly connected and that the

interface configuration is correct. Many cables, for example, have a DB-25 connector, but are not

interchangeable. Which cable is used for which type of modem is given in chapter 2.

Appendix A - Troubleshooting

121

Cyclades-PR2000

Testing the Ethernet Interface

After configuring the Ethernet interface, return to the main menu using the <ESC> key as many times as is

necessary. Save the configuration to flash memory (the operating system will ask how to save the

configuration on the way back to the main menu). The simplest way to test the link is by using the ping

application. From the main menu, choose APPLICATIONS =>PING. Enter the IP number of a host on the

network for the HOST parameter and accept the preset values for the rest of the parameters. The output on

the screen should appear as shown below.

Host [host00] : 200.246.93.37

packet size (number from 32 to 1600) [32] :

count (0 if forever or 1 to 30000) [5] :

interval in ms (20 to 60000) [1000] :

PING 200.246.93.37 (200.246.93.37): 32 data bytes

32 bytes from (200.246.93.37): icmp_seq=1 ttl=127 time=1.96 ms

32 bytes from (200.246.93.37): icmp_seq=2 ttl=127 time=1.02 ms

32 bytes from (200.246.93.37): icmp_seq=3 ttl=127 time=0.99 ms

32 bytes from (200.246.93.37): icmp_seq=4 ttl=127 time=0.99 ms

32 bytes from (200.246.93.37): icmp_seq=5 ttl=127 time=0.98 ms

--- 200.246.93.37 ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss

round-trip min/avg/max = 0.98/1.19/1.96 ms

Pinging the router from a host on the network should give similar results. If the test fails, confirm that the link

LED is lit and that the IP Address and Subnet Mask parameters in the Network Protocol menu are correct for

the network to which the router is attached. The command CONFIG =>INTERFACE =>ETHERNET =>L will

display the current values of the interface parameters.

Appendix A - Troubleshooting

122

Cyclades-PR2000

Testing the WAN Interfaces

The WAN interface can be tested using ping as described in the previous section. If the ping is not successful,

check the routing table to see if a route to the destination exists (INFO =>SHOW ROUTING TABLE). The

menu items INFO =>SHOW STATISTICS =>SWAN and INFO =>SHOW STATUS =>SWAN may also provide

useful information.

If the router does not seem to be working properly, and none of the above advice has located the problem, the

hardware interfaces should be tested. This will determine if the problem is hardware, software, or configuration

related.

This test will be between the two SWAN interfaces.

1 Connect the cable labeled “cross” between the two interfaces to be tested.

2 Choose DEBUG =>HARDWARE TESTS =>NEW RUN-IN from the menu. Test options for each interface

are shown. Choose Yes for the two SWAN RSV interfaces and No for all other tests. Let the test run for a

while. Pressing “G” will show the General Statistics Table (Figure A.3).

INTERFACE

STATUS

BYTES

PACKETS

REMOTE

Slt Prt Board H Lp E%% S Sent Recv Sent Recv Slt Prt Name

1 1 SWAN M 0 0.00 D 1512 1466 4

2 1 SWAN S 0 0.00 D 1833 1510 5

2 1 LOCAL

1 1 LOCAL

FIGURE A.3 GENERAL STATISTICS TABLE.

• The first three columns show which interfaces are being tested.

• The H column shows which board is master and which is slave.

• The LP column indicates how many test loops have been completed.

• The E%% column shows how many errors per 1000 packets have occurred.

Appendix A - Troubleshooting

123

Cyclades-PR2000

• The S column reveals the stage of the test at the time the table was created — D = data transfer, S =

synchronization.

• The next 4 columns indicate bytes and packets sent and received.

• The last three columns indicate the port with which the interface is communicating.

The test should be run until at least one test loop (LP = 1) has completed. More loops can be run if

errors appear, to determine if the errors repeat or are just an artifact of the test procedure. If there

is a hardware defect, the value in the E%% column will be large.

Below the General Statistics Table, the time in test and total errors are indicated. If an error occurs, typing “E”

will show an Error Table with information about the error. Typing “S” will show a Status Table, indicating the

profile being tested at the time “S” was pressed. This does not supply information that can be interpreted by a

user.

Appendix A - Troubleshooting

124

Cyclades-PR2000

LEDs

The LEDs on the PR1000’s case display the following information:

• Power - Lit when the PR1000 is turned on.

• 10BT - Lit when the Ethernet link is being used for a fast Ethernet connection.

• Col - Indicates collisions on the LAN.

• Link - Lit when the Ethernet link is correctly terminated.

• TX - Indicates transmission of data to the LAN.

• RX - Indicates data received from the LAN.

• CPU - A steady one second on, one second off blinking pattern indicates that the CPU is working correctly.

Other blinking patterns are described in Figure A.2.

• 1 - Indicates transmission of data through the SWAN 1 Port

• 2 - Indicates transmission of data through the Asynchronous Port

• 3 - Indicates transmission of data through the SWAN 2 Port

Cyclades - PR2000

Power

10BT Col. Link TX

CPU

Ethernet

System

FIGURE A.4 FRONT PANEL

Appendix A - Troubleshooting

125

Cyclades-PR2000

APPENDIX B HARDWARE SPECIFICATIONS

General Specifications

The Cyclades-PR2000 power requirements and environmental restrictions are listed in Figure B.1.

Power Requirements (external DC adapter)

Input voltage range

Input frequency range

Environmental Conditions

Operating temperature

Relative humidity

90-264 VAC, 13W

47/63 Hz, single phase

32º to 112º F (Oº to 44º Celsius)

5% to 95%, non-condensing

Altitude

Operating

10,000 feet max. (3000 m)

Physical Specifications

External dimensions

Safety

8.5"w x 8"D x 1.6"H

FCC Class A, CE class A

FIGURE B.1 GENERAL SPECIFICATIONS

Appendix B - Hardware Specifications

126

Cyclades-PR2000

External Interfaces

The WAN Interfaces

The WAN interfaces are provided on a DB-25 female connector. The pinout diagram is not shown here, as it

depends on which protocol (RS-232, V.25 or X.21) is configured. Please see the pinout diagrams for the

cables used for each protocol to determine the signals on the interface.

FIGURE B.2 SERIAL WAN INTERFACE - DB-25 FEMALE

The LAN Interface

ETHERNET PORT

Ethernet Signal

TPTX+

TPTX-

TPRX+

N.C.

TPRX-

N.C.

FIGURE B.3 10/100 BASE-T ETHERNET INTERFACE - RJ-45 FEMALE

Appendix B - Hardware Specifications

127

Cyclades-PR2000

The Asynchronous Interface

ASYNCHRONOUS PORT

Signal

RTS

DTR

TxD

Ground

CTS

RxD

DCD

DSR

FIGURE B.4 ASYNCHRONOUS INTERFACE - RJ-45 FEMALE

The Console Interface

CONSOLE PORT

RS-232 Signal

RTS

DTR

Ground

CTS

DCD

DSR

FIGURE B.5 CONSOLE INTERFACE - RJ-45 FEMALE

Appendix B - Hardware Specifications

128

Cyclades-PR2000

Cables

The Straight-Through Cable

Straight-Through Cable

DB-25 Male

Cyclades Router

DB-25 Male

DCE / DTE

Signal Pin

Pin Signal

TxD

RxD

RTS

CTS

DSR

Gnd

DCD

TxD

RxD

RTS

CTS

DSR

Gnd

DCD

TxClk_DTE 15

RxClk 17

DTR 20

15 TxClk_DTE

17 RxClk

20 DTR

RI 22

TxClk_DCE 24

22 RI

24 TxClk_DCE

FIGURE B.6 STRAIGHT-THROUGH CABLE - DB-25 MALE TO DB-25 MALE

Appendix B - Hardware Specifications

129

Cyclades-PR2000

DB-25 - M.34 Adaptor

Female

Retention

Screw

DB-25 Female

Signal Pin

M.34 Male

Pin Signal

PGnd

RTS

CTS

DSR

Gnd

PGnd

RTS

CTS

DSR

Gnd

DCD

Male

Retention

Screw

TxD/V.35 (B) 11

TxD/V.35 (A) 12

RxD/V.35 (B) 13

TxD (B)

TxD (A)

RxD (B)

RxD (A)

Female

Retention

Screw

RxD/V.35 (A) 14

TxClk_DTE/V.35 (B) 16

TxClk_DTE/V.35 (A) 18

TxClk_DCE/V.35 (B) 19

DTR 20

TxClk_DCE/V.35 (A) 21

RxClk V.35 (A) 23

RxClk V.35 (B) 25

AA TxClk_DTE (B)

TxClk_DTE (A)

TxClk_DCE (B)

DTR

TxClk_DCE (A)

RxClk (A)

RxClk (B)

FIGURE B.7 DB-25 - M.34 ADAPTOR - DB-25 FEMALE TO M.34 MALE

Appendix B - Hardware Specifications

130

Cyclades-PR2000

The ASY/Modem Cable

ASY/MODEM

PR2000

RJ-45 / 8 pins

Modem

(DB-25)

DB-25 Male

ASY/Modem

Cable

Signal Pin

Pin Signal

TxD

RxD

DTR

CTS

RTS

DCD

DSR

Gnd

TxD

RxD

DTR

CTS

RTS

DCD

DSR

Gnd

RJ-45

FIGURE B.8 ASY/MODEM CABLE - RJ-45 TO DB-25 MALE

The Cross Cable

Appendix B - Hardware Specifications

131

Cyclades-PR2000

Cross Cable

DB-25 Male

Signal Pin

DB-25 Male

Pin Signal

PGnd

TxD

RxD

RTS

CTS

PGnd

RxD

TxD

RTS

CTS

Gnd

DCD

Gnd

DCD

20 DTR

DSR

DTR

DSR

13 RxD V.35 + (B)

11 TxD V.35 + (B)

14 RxD V.35 - (A)

12 TxD V.35 - (A)

24 TxD V.35 - (A)

17 RxClk

RxD V.35 + (B)

TxD V.35 + (B)

TxD V.35 - (A)

RxD V.35 - (A)

TxClk_DTE (A)

RxClk

15 TxClk DCE

TxClk_DCE

TxClk_DTE V.35 + (B)

RxClk V.35 + (B)

TxClk DCE V.35 - (B)

TxClk_DTE V.35 - (A)

RxClk V.35 - (A)

TxClk DCE V.35 - (A)

19 TxClk_DCE V.35 + (B)

25 RxClk V.35 + (B)

16 TxClk DTE V.35 - (B)

21 TxClk_DCE V.35 - (A)

13 RxClk V.35 - (A)

18 TxClk DTE V.35 - (A)

FIGURE B.9 CROSS CABLE - DB-25 MALE TO DB-25 MALE

Appendix B - Hardware Specifications

132

Cyclades-PR2000

DB-25 Loopback Connector

DB-25 Male

FIGURE B.10 LOOPBACK CONNECTOR - DB-25 MALE

Appendix B - Hardware Specifications

133

Cyclades-PR2000

APPENDIX C CONFIGURATION WITHOUT A CONSOLE

When a terminal or PC is not available for use as a console, the router has a special feature that allows

configuration of the Ethernet interface from any PC on the LAN. The router “adopts” the destination IP address

of the first non-UDP packet received from the LAN and accepts the connection. (After configuration of the

Ethernet interface, with or without a console, the remaining configuration can be done via telnet.)

It is recommended that a console be used for the initial configuration of the router, due to the

hardware and software diagnostic messages given on the console screen. If a console is not

available, follow the instructions in this appendix to configure the Ethernet interface.

Requirements

The router must be set to the factory default. If the router is being moved from one location to another, the

configuration should be reset using the menu option ADMIN =>LOAD CONFIGURATION =>FACTORY

DEFAULTS before the router is moved.

Procedure

1 Edit the ARP table of the PC in the LAN and associate the MAC address of the router (affixed to the

underside of the router) to the IP address for the interface. In Unix and Microsoft Windows systems, the

command to manipulate the ARP table is something similar to arp -s <IP address> <MAC address>. In

Unix, type “man arp” for help. In Microsoft Windows, type “arp /?”for information about this

command.

2 Telnet to the IP address specified above. The router will receive the packet because of the modified ARP

table and use the IP address for its Ethernet interface.

3 The new IP address is saved only in run memory. The configuration must be explicitly saved to flash using

the menu option ADMIN =>WRITE CONFIGURATION =>TO FLASH. Do this now.

4 The Ethernet and other interfaces can now be configured using the telnet session established.

If the connection fails or if the link goes down before the IP address is saved to flash, a console must be used.

Appendix C - Configuration Without a Console

134

Cyclades-PR2000

Index

Hot Keys

esc - moving between menus

L - list current configuration 16

Backup Link

configuration 35

Bandwidth Reservation 105

Boot Messages 120

Open Shortest Path First, see OSPF

OSPF 69

areas 70

autonomous system 70

virtual links 75

IP Bridges 43

IP Filter Rules 96

Cables

parallel 13

Problem Resolution 120

Router MD/V.35 13

with a DB-25 connector 121

Connection to an Internet Access

Provider 19

Cyclades

ftp site 10

Lan-to-Lan 27

LEDs

CPU LED 120, 121

definitions 124

illumination while booting 120

link LED 121

Reserved IP Addresses 90

RIP

interface configuration 68

Routing Protocol

RIP, see RIP

telephones 10

CyROS menus 14

Load Backup 38

Rules Lists 96

Run Configuration 16

Memory, flash 16

Menu Navigation 14

Multilink Circuits 36

Ethernet

testing the interface 122

Saving Changes

to flash 16

to flash at a later time 16

to run configuration 16

Service Prioritization 106

SNMP

and IP accounting 89

Static Routes 24

SWAN Interface 45

Flash Memory 16

Frame Relay 27

DLCI 31

NAT 19, 90

Navigation 14

Network Address Translation,

see NAT

Hardware Tests 123

testing 123

Index

135

Cyclades Australia

Phone: +61 7 3279 4320

Fax: +61 7 3279 4393

www.au.cyclades.com

Cyclades South America

Phone: 55-11-5033-3333

Fax: 55-11-5033-3388

www.cyclades.com.br

Cyclades Corporation

41829 Albrae Street

Fremont, CA 94538 - USA

Phone: (510) 770-9727

Fax: (510) 770-0355

www.cyclades.com

Cyclades Italy

Phone: +39 329 0990451

Cyclades Philippines

Phone: (632) 813-0353

Fax: (632) 655-2610

www.ph.cyclades.com

Cyclades UK

Cyclades Germany

Phone: +49 (0)81 22 90 99-90

Fax: +49 (0)81 22 90 999-33

www.cyclades.de

Phone: +44 1724 277179

Fax: +44 1724 279981

www.uk.cyclades.com

Agilent Technologies TV Converter Box 5954 2664 User Manual
Airlink101 Network Router AWMB100 User Manual
Aiwa Satellite Radio FR C300 User Manual
Altinex Music Mixer MT109 102 User Manual
Aspire Digital Laptop 1620 User Manual
Ativa Paper Shredder DMC120D User Manual
Atlona Building Set AT PC530 User Manual
Audiovox Remote Starter PRO 2000S User Manual
Audiovox Stereo Amplifier AMP 602 User Manual
Disney Interactive Studios Video Games High School Musical Sing It for PlayStation 2 User Manual