Enterasys Networks XSR-3150 manual Security, Frame Relay

Page 26

System Description

Security

•Stateful inspection firewall engine

•FTP, H.323, and RPC (SUN and Microsoft) ALG support

•Application commands for FTP, SMTP, & HTTP

•Firewall logging and authentication

•Firewall interaction with NAT & VPN

•Standard and Extended Access Control Lists

•Denial of Service (DoS) protection

•AAA for firewall, Console, Telnet, SSHv2, PPP and VPN users

•AAA per-interface configuration

•AAA debugging

•Dynamic Firewall configuration

•Onboard URL filtering

PPP

•Sync and asynchronous communications modes accepted

•Authentication of peer entities via Password Authentication Protocol (PAP)

•Challenge Handshake Authentication Protocol (CHAP)

•Microsoft Challenge Handshake Authentication Protocol (MS-CHAP)

•IP Address can be assigned from remote device, and the device will support IP address assignment to a remote device. Pools can be configured locally or from a separate server (DHCP).

•Multilink PPP (MLPPP): RFC-1990

•Multi-Class MLPPP: RFC-2686

•Point-to-Point Protocol over Ethernet (PPPoE) and sub-interface monitoring

•Remote Auto Install over PPP

Frame Relay

•DTE support for User Network Interface (UNI) over Frame Relay PVC connections

•10-bit DLCI addressing using a 2-byte DLCI header

•Per DLCI IP QoS support

•Rate enforcement (CIR) with automatic rate fallback via traffic/adaptive shaping when the network is congested. Automatically restores normal rates when congestion removed

•Congestion control: Backward and Forward Explicit Congestion Notification (BECN/FECN)

•Standard LMIs: ILMI, ANSI Annex D, CCITT Annex A and:

•Auto option for LMI detection/adaptation

•None option for directly connecting XSRs

1-6 Overview

Image 26

Contents PeditionSecurity Router VersionPage Enterasys Networks, Inc Minuteman Road Andover, MA Regulatory Compliance Information Industry Canada Notices Product Safety Supplement to Product Instructions Vcci Notice N826 Enterasys Networks, Inc. Firmware License Agreement Page Page Contents BRI Leased Line BRI Leased Frame Relay BRI Switched Line Appendix a Specifications IndexXiv Contents of the Guide About This GuideBold/En negrilla Getting Help FTPXviii Overview System DescriptionHardware Features Typical XSR-3150 TopologyXSR-3150 Industry-common CLI Software FeaturesOperating System IP ProtocolIP Routing Snmp and Statistics GatheringSecurity Frame RelayDynamic Host Configuration Protocol Dhcp Integrated Services Digital Network Isdn BRI/PRIQuality of Service QoS Virtual Private Network VPNGRE over IPSec Asynchronous Digital Subscriber Line Adsl Dial ServiceDial Backup Dial-on-Demand/Bandwidth-on-Demand DoD/BoDInstallation Overview Unpack the XSR from the shipping box. Remove accessoriesInstallation Overview Verifying Your Shipment Installation Site SuggestionsIntroduction Installing NIM Cards and Rack Mounting Removing XSR CoverXSR Fastening Rack Brackets Installing a CompactFlash Memory Card CompactFlash Card InstallationCompactFlash Card for the Adsl NIM Formatting the CompactFlash CardConnecting Cables 315011 Connecting High Speed Serial Connector 13 Connecting Adsl Connector 15 Attaching GigabitEthernet Connector 17 Attaching Ethernet LAN NIM Connector 19 Connecting Dual Internal Power Supply Cords Software Configuration Initializing XSR SoftwareInitializing XSR Software Opening a COM Console Session Optional Configuring Remote Auto InstallConfiguring RAI for Frame Relay Remote Auto Install Attempting Forever Configuring RAI for Dhcp over LAN Configuring RAI over AdslPppoe limit max-sessions Setting User Name, Privilege and Password Configuring the XSR Name and User InformationSetting the Clock PRI Configuration Configuring the LAN PortsConfiguring the WAN Ports BRI Configuration BRI Leased LineBRI Switched Line BRI Leased Frame RelayPPPoA Adsl ConfigurationPPPoE Firewall Sample Configuration IPoAXSR Setting Up RIP Routing Complete LAN and WAN interface configurationConfigure Ospf Routing Configuring Frame Relay Point to Point NetworksSetting Up an Snmp Community String, Traps and V3 Values Configuring Message Logging and Severity Level Viewing Your Configuration Connecting Remotely via the WebWeb Product Version Window LAN-PPP Services Sample Configuration PstnXSRconfig-controllerT1-1/0#no shutdown Configure LAN Interface Frame Relay WAN Link with PPP Backup Sample ConfigurationConfigure Users and Passwords Configure Quality of ServiceConfigure WAN/Frame Relay Port XSRconfig-pmap-cpriority-policy#priority high 30XSRconfig#interface serial 1/0.2 multipoint Apply QoSConfigure DHCP/BOOTP Relay Configure Ospf RoutingConfigure More Access Lists Configure the Dial Backup ConnectionConfigure Snmp Generate Master Encryption Key VPN Site-to-Site Sample ConfigurationConfigure Access Control Lists Configure Crypto Maps Set Up IKE Phase I SecurityConfigure IKE Policy for Remote Peer Create a Transform SetConfiguring VPN at Interface Mode and Setting Up RIP VPN Sample Configuration with Network Extension Mode Configuring Authentication AAAEnable Network Address Translation Create the Isakmp IKE global peer XSR Rebooting Characteristics Initialization OutputReboot Triggers Power-Up RebootBootrom Monitor Mode Commands Power-up Error ConditionsXSR-3150 bu btXSR300012.fls Verifying btXSR300012.fls file Copy Del DirFfc Remove RenameFTP Bootrom Monitor Mode Commands Specifications System SpecificationsCable, CompactFlash and Accessory Specifications WANXSR Getting Started Guide A-3 COM Console Port COMGigabitEthernet Ports Mini-GBIC Fiber, Copper PortRegulatory/Safety Compliance Copper/Fiber-optic Ethernet NIMsPort Serial NIM Card Port 21 DTEFigure A-8 EIA-232/530 DTE Pin Assignments Figure A-9 EIA-449 DTE Pin Assignments Figure A-10 Combined V.35/EIA-232/530 DTE Pin Assignments Figure A-11 DTE Pin Assignments T1/E1/ISDN PRI NIM Card Ports T1/E1/ISDN PRIBalun for E1 or PRI NIM Cards Figure A-14 Balun for E1 or PRI ConnectionInstalling Shunt/Terminal Strip Grounding Shunt for E1 NIM CardsT3/E3 NIM Card Figure A-17 1-Port T3/E3 NIM CardPort BRI-S/T Isdb NIM Card Ports Termination Shunt for the Isdn BRI-S/T NIM CardXSR Getting Started Guide A-17 Port BRI-U NIM Card Ports Figure A-21 Isdn BRI-U NIM Card RJ-49C ports shownPort Adsl NIM Card Port Figure A-23 Adsl NIM CardT1/E1 Drop & Insert D&I NIM Figure A-25 T1/E1 D&I NIM CardCompactFlash Memory Card LED BehaviorTX LED Index Index-2