Hypertec ISDN 10T Router manual Rip, IPX Spoofing

Page 19

Concepts and Principles of Operation

RIP

Novel IPX also uses Routing Information Protocol (RIP) as a routing protocol. Although it is similarly named to the IP equivalent, it uses a different protocol. IPX RIP broadcasts packets to the network every 60 seconds to inform other IPX routers or servers about its network. Upon receiving an IPX RIP packet, a router adds one to the hop count of each router advertised and broadcasts a RIP packet to other networks it is connected to.

SAP

Netware Servers such as file servers use SAP protocols to advertise their service throughout the network. A router such as Hypertec ISDN 10T Router listens to the SAP packets from servers to learn what services are available in the local network. Routers also exchange SAP packets so that the router can learn what services are available at the remote networks. With that global knowledge, the router is able to respond the “find nearest server” request for the remote IPX networks.

IPX Spoofing

A Netware server regularly send a “keep alive” message to a logged -in client every 3-5 minutes for connectivity verification. If a client fails to respond within the allowed limit, the server closes the client’s connection. The IPX “keep alive” packets tend to keep the dial-up connection on line. To minimize the un-necessary dial-up connection time, Hypertec ISDN 10T Router is equipped with an IPX spoofing function which will return the “keep alive” on behalf of the remote Netware clients for a pre-configured period. A dial-up call may be triggered by the “keep alive” packets only after the spoofing timer expires.

PPP

The Point-to-Point Protocol (PPP) is the de-facto standard as the link encapsulation protocol for Internet Access. PPP consists of a suite of protocols including LCP, PAP, CHAP, IPCP and other related protocols. Link Control Protocol (LCP) is used to negotiate the link parameters, such as what authentication protocol to use. LCP is specified in RFC 1570. Password Authentication Protocol (PAP), and Challenge Authentication Protocol (CHAP) are used to inform the remote site (eg. ISP) about which router is connecting to it. CHAP and PAP are specified in RFC 1334. IPCP is used to negotiate IP specific parameters such IP address. IPCP is specified in RFC 1332.

PAP/CHAP

When a CHAP authentication connection to the ISP is attempted, the remote router or access server sends a CHAP packet to HyperRoute. The CHAP packet "challenges" Hypertec Router to respond. The challenge packet consists of an ID, a random number, and the host name of the remote router. The required response consists of an encrypted version of the ID, a secret password, and the random number of the local name. When the remote router or access server receives the response, it verifies the secret password by performing the same encryption operation as indicated in the response and looking up the required host/user name. Hypertec Router and the remote router must agree on the identical secret passwords. By transmitting this response, the secret password is never transmitted in clear text, preventing other devices from stealing it and gaining illegal access to the system. Without the proper response, the remote will reject the PPP connection request.

If PAP authentication is enabled, when attempting to connect to the ISP or remote router, it is necessary to send an authentication request including the user name and password. If the user name and password are accepted, the ISP or the remote router sends an authentication acknowledgment to conclude the authentication process.

There is a configuration choice of two sets of authentication protocol and password. One set for Internet connection and one set for Intranet connections. Each set consists of two pairs of authentication configuration. The Dial-out authentication password pair is applied to the PPP connection initiated by Hypertec ISDN 10T Router. The call-in authentication-password pair is applied to the PPP connection initiated from the remote end. The dial-out authentication protocol (none, PAP, CHAP) specifies the authentication protocol that Hypertec ISDN 10T Router will insist on when initiating a PPP connection. The remote end is supposed to accept the specified authentication protocol for the PPP negotiation to proceed. The setting of “either” as the call-in authentication protocol allows

12

Page 18 Page 20
Image 19
Page 18 Page 20
Contents Hypertec Isdn 10T Router Introduction Contents Hypertec Isdn 10T Router Internet/Intranet EthernetRouter Software Analog ServicesSecurity Network ManagementHypertec Isdn 10T Router Packing List About this ManualGeneral Hardware InstallationInstallation Software Installation Installing the Hypertec Isdn 10T Router NMSInstalling EasyWeb Uninstalling NMSInstalling EasyWeb if there is no installed Http server Installing EasyWeb if there is an installed Http serverIsdn Overview Example using the Microsoft Personal web server on Win95Interface Type National Isdn Variants Default Setting Isdn Switch VariantsPhysical Interface Isdn Permanent Nailed Circuit Service Profile Identifiers SPIDsService type Number of channels 56K/64K Rate AdaptionBridging Data Communication ServicesRouting IP Address, Un-Numbered, or Numbered Internet and Intranet Connection ProfilesIP Address and Subnet Mask Routing TableUnnumbered Isdn Link Dynamic IP address AssignmentIPX Frame Type IPX AddressIPX Spoofing RIPF1 F1 F2 F2 Packet Multilink PPPBandwidth on Demand Dial on DemandCallback Packet Filtering, IP Access ListData Compression Calling Line Identification ClidNAT Ordering the Isdn Line Line Provisioning ServiceVoice Preemption IntroductionSwitch type Isdn Service Isdn Switches and Services SupportedCapability Packages Using Isdn Order CodesCapability Isdn Service Package Provisioning the Isdn LineSolution Set Isdn Service Solution SetsNational Isdn 1 & National Isdn Switch Feature ValueMultiple Subscriber Numbering MSN More Information Terminal TypesIntroduction General NMS Menu Structure Configura NMS Windows LoginExample Sub-Menu window NMS System Menus Required Information NMS ToolbarDescription Source Required or Optional Logging Into NMS Starting NMSLocal Router Name Quick Configuration MenuLocal IP Mask Network Address Translation EnableDial-out Authentication Dial-out PasswordPhone Number Isdn Switch TypeLocal Ethernet Sub-menu Call-in AuthenticationCall-in Password Local MenuIP Address Switch TypeChannel Alarm Threshold Device NameLocal Isdn Window Route Table Phone 1 UsagePhone 2 Usage Data UsageARP Proxy Access ListRIP Protocol Gateway Address Local Dhcp Sub-menuIP Address Pool Start Address, End Address Subnet MaskLease Duration Dhcp EnableData Service Domain NameInternet PPP Window Remote Router NameUtil Ave IntervalIdle IP Address of Remote Ethernet Remote Snmp EnableIP Enable Internet IP Sub-menuIP Mask of Isdn Line IP Mask of Remote EthernetLocal End IP Address of Isdn Line Remote End IP Address of Isdn LineTelnet Server Starting PortFTP Server Http ServerCalling Num Clid12, Intranet PPP Window Encapsulation Protocol 13, Intranet IP Window Intranet IP MenuIntranet IPX Menu 14, Intranet IPX Window IPX SAP Table SpoofingAge IPX Route Table15, Snmp Window Snmp MenuLocation Trap EnableDescription NameBroadcasts ErrorsB2 Channel Status DiscardsChannel Status B1 Channel StatusB1 Utilisation Error FramesChannels Up Time Channels In UseTrap History Trouble ShootingDetail Log Enable Clear Trap ListManaging the Hypertec Router from a Console Isdn Data Call SuccessPPP Attempts PPP Success20, Console Login Screen Managing the Hypertec Router from a Browser 21, Console Quick Config ScreenRouter Isdn Express Route Troubleshooting Monitor the status of the B channel LEDs Monitor the status of the D channel LEDMonitor the status of the Ethernet LEDs If your are unable to make voice call IndexIf your are unable to make a data call Index Spid SPID-1 SPID-2 Product Warranty
Top Page Image Contents