Patton electronic 2800 user manual Applications overview

Page 23

OnSite 2800 Series User Manual

1 • General information

 

 

Note For LED descriptions, refer to chapter 9, “LEDs status and monitor- ing” on page 112.

Applications overview

Patton’s OnSite managed VPN routers deliver the features you need for secure, optimized communication over non-secured IP networks. Combining VPN tunneling, standard IPSec encryption, and firewall capabili- ties with Patton’s powerful quality of service technology, OnSite VPN routers deliver private, prioritized net- working for business, government, and military applications.

Banking, insurance, retail, utilities, railroads, or government, any organization with more than one site can benefit from the security and traffic-shaping advantages of the OnSite family of VPN routers. As traffic traverses unsecured networks, VPN tunneling with standard IPSec encryption plus firewall capabilities preserve data security and integrity. Meanwhile, OnSite’s ToS/Qos traffic-shaping and prioritization prevent critical information getting blocked or impeded by less important traffic while enhancing the quality of real-time applications such as voice and video.

OnSite 2800 Series Serial WAN models provide dual 10/100Base-T Ethernet ports with a selection of various synchronous serial WAN ports: V.35, X.21, or T1/E1. The two Ethernet ports provide full-featured IP routing plus Ethernet and IP-layer QoS services. The sync-serial port provides WAN access by means of a leased-line connection to the network. OnSite 2800 Series Ethernet WAN models provide one or four Ethernet LAN ports in addition to the Ethernet WAN interface. The following sections show some typical applications for the OnSite 2800 Series.

This chapter describes typical applications for which the OnSite 2800 Series series is uniquely suited.

Branch-Office virtual private network over Frame Relay service

Featuring VPN tunneling combined with built-in frame-relay support and a selection of standard serial inter- faces on-board, the OnSite 2800 Series offers the remote-branch office a secure, private and prioritized net- work connection to another location over virtually any available network service and any standard WAN interface.

Figure 6. Branch-office virtual private network over a Frame-Relay service network

Figure 6 shows a branch-to-branch VPN connection through a frame-relay service network as delivered on serial lines. The OnSite 2800 Series can support a similar scenario with network service delivered via V.35 or

Applications overview

23

Image 23
Contents Managed VPN Router Mailsupport@patton.com Summary Table of Contents Table of Contents Getting started with the OnSite Managed VPN Router VPN configuration LEDs status and monitoring 112 Cabling 124 OnSite 2800 Series factory configuration 132 List of Figures List of Tables Structure About this guideAudience Impaired functioning PrecautionsSafety when working with electricity General observations General conventions Typographical conventions used in this documentGeneral information Chapter contentsOnSite Managed VPN Router 2805 shown OnSite Model 2800 Series overviewOnSite 2800 Series model codes OnSite 2800 Series detailed descriptionDMZ Model code extensions OnSite 2800 Series power input connectorsOnSite 2800 Series rear-panel ports are described in table Ports descriptionsApplications overview Corporate multi-function virtual private network Corporate multi-function virtual private networkGeneral information Hardware installation Create a network diagram see section Network information on Planning the installationInstallation checklist IP related information Power sourceSite log Network informationLocation and mounting requirements Installing the VPN routerConnecting cables Installing the Ethernet cableConnecting an OnSite 2800 Series device to a hub Installing the serial WAN cableDCD Hardware installation Rear panel of 2803K/EUI Rear panel of 2803K/UI Pins not listed are not usedPower connector location on rear panel Connecting to external power sourceUI and EUI power supplies automatically adjust to accept an Getting started with the OnSite Managed VPN Router Introduction Configure IP addressTerminal emulation program settings 9600 bps No parity Bit Configure IP addressPower connection and default configuration All Ethernet interfaces are activated upon power-upChanging the IP address LoginSelect the context IP mode to configure an IP interface Stop bit No flow controlRespectively from the host ping Load configurationConnect the OnSite VPN Router to the network Load configuration Serial port configuration Disabling an interface Serial port configuration task listEnabling an interface Port Configuring the encapsulation for Frame RelayExample Configuring the serial encapsulation type Configuring the LMI type Enter Frame Relay modeEntering Frame Relay PVC configuration mode Configuring the keep-alive intervalBinding the Frame Relay PVC to IP interface Configuring the PVC encapsulation typeMode PVC Disabling a Frame Relay PVC Enabling a Frame Relay PVCCRC Displaying serial port informationDlci Displaying Frame Relay informationIntegrated service access Port Configure the serial interface settingsCheck that the Frame Relay settings are correct Configure the introduced PVCsT1/E1 port configuration Enable/Disable T1/E1 port T1/E1 port configuration task listConfiguring T1/E1 line-code Mode port e1t1 slot portConfiguring T1/E1 port-type Configuring T1/E1 clock-modeName prt-e1t1 slot/port# framing Configuring T1/E1 framingConfiguring T1/E1 line-build-out T1 only Configuring T1/E1 used-connector E1 onlyDefault short-haul Configuring T1/E1 application modeConfiguring T1/E1 LOS threshold Configuring T1/E1 encapsulationConfiguring Channel-Group Encapsulation Be used Mode port e1t1 slot portConfiguring Channel-Group Timeslots Mode channel-group group-nameDefault no encapsulation Configuring Hdlc CRC-TypeConfiguring Hdlc Encapsulation T1/E1 Configuration ExamplesExample 1 Frame Relay without a channel-group Example 4 PPP with a channel-group Example 2 Framerelay with a channel-groupExample 3 PPP without a channel-group VPN configuration Encryption AuthenticationCreating an IPsec transformation profile VPN configuration task listTransport and tunnel modes Creating an IPsec policy profile Procedure To create an IPsec policy profileNodecfg#profile ipsec-policy-man Creating/modifying an outgoing ACL profile for IPsec Displaying IPsec configuration information Configuration of an IP interface and the IP router for IPsecExample IPsec Debug Output Example Display IPsec transformation profilesExample Display IPsec policy profiles Debugging IPsecIPsec tunnel, DES encryption Sample configurationsOnSite configuration Cisco router configuration Cisco router configuration VPN configuration Access control list configuration Why you should configure access lists About access control listsWhat access lists do Features of access control lists When to configure access listsMapping out the goals of the access control list Access control list configuration task listNodepf-acl name#permit ip src src-wildcard any Src-wildcard Where the syntax isAny host src dest dest-wildcard any host dest Nodepf-acl name#permit icmp src src-wildcard anyType type type type code code cos group Nodepf-acl name#deny icmp src src-wildcardMsg name Where the syntax is as followingNodepf-acl name#deny tcp udp sctp src src Nodepf-acl name#permit tcp udp sctp src src-wildCard any host src eq port gt port lt port range Port lt port range from to cos group cos-rtp groupGroup-data Where the syntax is Debugging an access control list profile Unbind an access control list profile from an interfaceDisplaying an access control list profile Control list profile shall be debugged Denying a specific subnet ExamplesLink scheduler configuration Configuring access control lists Applying scheduling at the bottleneck Configuring quality of service QoSUsing traffic classes Priority Weighted fair queuing WFQIntroduction to Scheduling Hierarchy ShapingBurst tolerant shaping or wfq Some explanations Setting the modem rateQuick references Command cross reference Link scheduler configuration task listPacket classification Defining the access control list profileScenario with Web server regarded as a single source host Creating an access control listNodepf-acl name#permit ip any any Creating a service policy profileNodecfg#profile acl name Nodepf-acl name#permit ip host ip-address any traffic-classStructure of a Service-Policy Profile Specifying the handling of traffic-classes Defining fair queuing weightDefining the maximum queue length Specifying the type-of-service TOS fieldDefining the bit-rate Defining absolute priorityNodesrc name#set ip precedence value Specifying differentiated services codepoint Dscp markingSpecifying the precedence field Nodesrc name#set ip tos valueNodesrc name#set layer2 cos value Specifying layer 2 markingNodesrc name#set ip dscp value Nodesrc name#random-detect burst-tolerance Defining random early detectionDiscarding Excess Load Policy name in out Devoting the service policy profile to an interfaceNodeif-ip if-name#use profile service Displaying link scheduling profile information Enable statistics gatheringDisplaying link arbitration status Values defining detail of the queuing statistics LEDs status and monitoring Status LEDs Contacting Patton for assistance Patton Support Headquarters in the USA Warranty coverageContact information RMA numbers Out-of-warranty serviceReturns for credit Return for credit policyAppendix a Compliance information CE Declaration of Conformity SafetyCompliance Radio and TV Interference FCC PartIndustry Canada Notice Model 2803 only Authorized European RepresentativeFCC Part 68 Acta Statement Model 2803 only Appendix B Specifications PPP support Ethernet interfacesSync serial interface T1/E1 interface Model 2803 onlyOperating environment IP servicesDimensions ManagementInternal AC version Power supplyInternal power supply 100-240 VAC, 50/60 Hz, 200 mA Appendix C Cabling Serial console Connecting a serial terminalEthernet cross-over Ethernet 10Base-T and 100Base-TEthernet straight-through Appendix D Port pin-outs EIA-561 RJ-45 8-pin port RS-232 Console Port Console port, RJ-45, EIA-561 RS-232Serial port Ethernet 10Base-T and 100Base-T portSync serial port Ethernet ports are auto-detect MDI-X21 Female DB-15 connector Appendix E OnSite 2800 Series factory configuration OnSite 2800 Series factory configuration Appendix F Installation checklist Installation checklist
Related manuals
Manual 8 pages 44.23 Kb