Manuals / 3Com / Computer Equipment / Network Router

3Com OfficeConnect Remote 812 ppp authentication pap, ip local pool L2TP 192.168.200.3, Parameter

Models: OfficeConnect Remote 812

1 170

Download 170 pages 51.21 Kb

Page 49

ppp authentication pap

Setting Up a Virtual Private Network (VPN) Tunnel 6-13

ppp authentication pap

6Ensure RIP and IP Pool configuration parameters are set to the following values:

RIP Configuration

router rip ver 2

network 192.180.3.0

IP Pool for L2TP Tunnel

ip local pool L2TP 192.168.200.3 192.168.200.10

At this point, your L2TP tunnel should be fully operational and ready for use.

Debugging an L2TP If your L2TP tunnel has not been successfully established, or if it is not operating as Tunnel on a Cisco Router expected, use the following debug commands to identify and correct the

problem(s) you are experiencing:

Debug vpdn command:

Parameter	Used to Debug
error	VPDN Protocol errors
event	VPDN event
l2tp-sequencing	L2TP sequencing
l2x-data	L2F/L2TP data packets
l2x-errors	L2F/L2TP protocol errors
l2x-events	L2F/L2TP protocol events
l2x-packets	L2F/L2TP control packets
Debug ppp command:
Parameter	Used to Debug
authentication	CHAP and PAP authentication
bap	BAP protocol transactions
cbcp	Callback Control Protocol negotiation
compression	PPP compression
error	Protocol errors and error statistics
multilink	Multilink activity
negotiation	Protocol parameter negotiation
packet	Low-level PPP packet dump
tasks	PPP background tasks

To configure encryption parameters using the OCR 812 web configurator, see the

Online User’s Guide.

Image 49

3Com OfficeConnect Remote 812 ppp authentication pap, RIP Configuration router rip ver network IP Pool for L2TP Tunnel

Contents

OfficeConnect Remote ADSL Router CLI User’s Guide ReleasePart Number 10043337 AA 5400 Bayfront Plaza 3Com CorporationSanta Clara, California 95052-8145ACCESSING THE CONFIGURATION INTERFACE Table of ContentsCLI COMMAND CONVENTIONS AND TERMINOLOGY CONFIGURATION METHODSMANUAL SETUP QUICKVC SETUPStarting QuickVC Setup IPX Routing Network Service PPPSetting Up a Virtual Private Network VPN Tunnel Setting Date and Time Using Network Time Protocol NTP Configuring IPX for Remote Site ConnectionsProviding TFTP Access Monitoring the DHCP RelayOFFICECONNECT REMOTE 812 SAMPLE CONFIGURATION CLI COMMAND DESCRIPTION disable securityoption snmp useraccess list ip addresses list accesslist processes list services B list snmp communities or list snmp trapcommunities B set system INPUT COUNTERS TCP COUNTERSTELNET FCC CLASS B STATEMENT FCC DECLARATION OF CONFORMITY 3COM CORPORATION LIMITED WARRANTY FCC CLASS A VERIFICATION STATEMENTPOSITIONAL HELP B Command Completion B Output PauseEstablishing Communications with the OfficeConnect Remote ACCESSING THE CONFIGURATION 1 INTERFACEIBM-PC Compatible Computers Macintosh Computerstelnet ipaddress UNIX-Based ComputersCommand Structure CLI COMMAND CONVENTIONS AND 2 TERMINOLOGYadd ip network is the command ParametersAbbreviation and CommandCompletion HelpConventions Command Language Terminology Page Quick Setup Instructions CONFIGURATION METHODSQuickVC Setup Instructions 3-2 CHAPTER 3 CONFIGURATION METHODS Manual Setup InstructionsCLI Quick Setup Script QUICK SETUPRestoring the OfficeConnect Remote 812 to an Unconfigured State ADSL Router Installation GuideQuick Setup Script Instructions Quick Setup ScriptDo you want to continue Quick Setup? Password ProtectionQuick Setup Management Information Quick Setup Identification InformationTELNET information Quick Setup IP Information4-4 CHAPTER 4 QUICK SETUP Quick Setup IPX Information Sample Identification Information Quick Setup Bridge InformationManagement Information TELNET ManagementSample Output Display as Quick Setup Executes Page CLI QuickVC Setup Script QUICKVC SETUPStarting QuickVC Setup OCR-DSL quickvc Network Service PPP CLI QuickVC Setup Script Service RFC Service PPPIPX Routing Network BridgingInformation Sample IdentificationSample Output Display as Quick Setup ExecutesPage Configuration Overview MANUAL SETUPRemote Site Remember to save your configuration using the save all command beforeManagement memoryConfiguring Network Service Information set vc vc name networkservice pppset vc vc name networkservice pppoa set vc vc name networkservice pppoeCurrently, the SVC capability is disabled in the OCR set vc vc name dynamicipaddressing dhcpclientset vc vc name atm categoryofservice unspecifed pcr cell rate Setting Up a Virtualset vc vc name atm categoryofservice constant pcr cell rate when transmitting data to the remote siteOn the Remote Private Network “Server” Side VPN Tunneling Overview Before You Begin Initiating a VPN TunnelOn the 812 ADSL Router “Client” Side VPN Tunnel disable tunnel commandEnabling and Disabling a list tunnel Use this command to list the name and status of tunnels To learn how to set up encryption using the CLI, see Configuring Authentication and EncryptionValues Encryption Configuring Windows 2000 Server to Support CHAP AuthenticationMICROSOFT56BIT NONE REQUIRED Router to Support Encryption for L2TP Tunnelsaaa authentication login cisco local Configuring a Cisco Router to Support Encryption for L2TP TunnelsValue Name ProhibitIpSec vpdn-group 1 accept-dialin protocol l2tp virtual-template peer default ip address pool L2TPterminate-from hostname OfficeConnect local name c7200 interface Ethernet1/2RIP Configuration router rip ver network IP Pool for L2TP Tunnel ppp authentication papDebug vpdn command error6-14 CHAPTER 6 MANUAL SETUP IP Routingenable ip RIP enable ip forwardingdisable ip RIP show ip routing settingsaddressselection negotiateset vc vc name The defaultrouteoption can only be enabled in one VC profileRemote Site 6-18 CHAPTER 6 MANUAL SETUP Configuring Static and Framed IP RoutesAddress Translation continues to run until a NAT port frees up For a vc added using QuickVC, NAT is enabled by defaultused Use the following command to configure PAT in a vc profile port 80, private port 80, and the private address of the LAN Server6-22 CHAPTER 6 MANUAL SETUP Intelligent PATPlease also note the following set vc vc name intelligentpatoption Enable/DisableEnabling NAT set vc vc name natoption nat6-24 CHAPTER 6 MANUAL SETUP Configuring NAT Static and Dynamic Mappingslist nat vc vc name port port add nat dynamic vc vc name publicpoolstart ip address count numberlist nat vc vc name addr AND / ORRemote DHCP Configuring the DHCP Modeset dhcp server mask ip address set dhcp server startaddress ip address endaddress ip addressset dhcp server lease seconds set dhcp server router ip addressset dhcp mode relay Configuring the DHCPshow dhcp server counters list dhcp server leasesshow dns settings enable dnstimeout set dnsIPX Routing Access Listslist dns servers Configuring IPX for Remote Site Connections Enabling IPX Routing Configuring IPX for the LAN6-32 CHAPTER 6 MANUAL SETUP add ipxroute vc vc name ipxnet ipx network address metric number Configuring IPX Static and Framed Routesdelete ipx service name type hex number Configuring IPX Static and Framed Servicesadd ipxservice vc vc name hops number 6-34 CHAPTER 6 MANUAL SETUPBridging Configuring IPX RIP and SAPset ipx network network name set ipx network network nameBridging IP Traffic Configuring Bridging for the Remote Site ConnectionsConfiguring Bridging for the LAN 6-36 CHAPTER 6 MANUAL SETUPset bridge forwarddelay seconds show ip settingsAdvanced Bridging Options set bridge agingtime secondsSimultaneous Bridging and Routing set vc vcname macrouting enableset bridge firewall discardroutedprotocols Setting Date and Time AdministrationSystem set bridge firewall fwdunicastonlyset enable ntp Network Time Protocol CLI Commandsset disable ntp For example set date 01-JAN-1998set secondaryserver ipnameoraddr set timeout secondsset pollinginterval seconds set retransmissions numberNTP Servers clock.psu.edu set system name name location location contact contact show systemlist users delete user namelist tftp clients Setting Password ProtectionAfter logging in to the CLI, you can exit the CLI with the command exit cliData Filtering Overview OfficeConnect Remote 812 Filtering Capabilities6-46 CHAPTER 6 MANUAL SETUP Filter Classes The OCR 812 supports three filter classes Command Line Creating Filters UsingCreating Filters OverviewProtocol Rules IP 1 ACCEPT src-addr=xxx 2 ACCEPT dst-addr=yyy 999 DENY The OR operation can be implemented by successive rulesLENGTH - The number of bytes in the packet to compare to the value IP Source and Destination Port Filtering Using CLI IP Source and Destination Network Filtering Using CLIIP Protocol Filtering Using CLI IP RIP Packet Filtering Using CLIIPX Source and Destination Host Filtering Using CLI IPX Source and Destination Network Filtering Using CLIIPX Source and Destination Socket Number Filtering Using CLI IPX SAP Packet Filtering Using CLI IPX RIP Packet Filtering Using CLIBridge / Generic Filtering Using CLI IPX 1 ACCEPT src-socket = 999 DENYCreating Filter Files Using CLImemory Assigning Filters Interface Using CLI Applying Filters Usingby entering the CLI command set interface eth1 filteraccess off VC/Remote Site FiltersFilter List Using CLI Using CLIManaging Filters VPN TunnelRemoving a Filter from an Interface Using CLIVC/Remote Site Profile Deleting a Packet Filter6-60 CHAPTER 6 MANUAL SETUP Sample Configuration OFFICECONNECT REMOTE 812 SAMPLE A CONFIGURATIONOCR 812 features OverviewGlobal Configuration Configuring theenable securityoption remoteuser administration add user root password !rootadd ipx network ipx address 10 frame ethernetii enable yes add dns server * vc Internet enable dnsdisable bridge spanningtree add bridge network bridge set dhcp server dns1 192.168.200.254 dns2set vc Internet defaultrouteoption enable enable vc Internet set vc Internet sendname internet-user sendpassword 1a2b3cset vc Internet iprouting listen set vc corp-net iprouting both set vc corp-net ipxaddress 0 ipxrouting all enable vc corp-netConfiguring the Sample Network A-5 Page CLI Commands CLI Command Descriptionadd access vcblknetbiosprimaryaddress ipaddress secondaryaddress ipaddress vcname vcname add framedroute vc name add ip defaultrouteiproute ipaddress metric number metricadd ip network networkname address ipxaddress interface eth1 enabled yesaddress ipnetaddress frame ETHERNETII SNAP LOOPBACK interface eth1 gateway gatewayaddr metric hopcounttype servicetype add ipx service servicenameadd ipx route ipxnetaddress gateway ipxhostaddress metric metricnumber ticks ticknumbertype servicetype ipxnet ipxaddress metric hopcount ticks ticknumberadd ipxservice vc name add ipxroute vc nameservertype servertype socket socketnumber enabled YES data “string” add network service servicename statusCLI Commands B-7 add networkservice CLIaccess servertype TELNETD socket Add network service exampleaddress ipaddress access RO RW closeactiveconnections TRUE FALSEipnameoraddr add snmp trapcommunity nameaddress ipaddress add tunneladd vc name add user namearp output outputfilename ipnameoraddr enabled yesdelete pat tcp vc delete ipx route ipxnetaddress delete ipx service servicenamevcname type servicetypepublicpoolstart ipaddress publicaddress ipaddresstunnelname entriesdisable ip network DISABLEDIAL bridge forwardinginterfacename interface settings command disable snmpauthentication traps output outputfilenetworks ENABLEHANGUP using list network servicesinterfacename interfacename interface settings commandHISTORY HELPKILL LISTmgmt - unknown, but filtering information exists Interface - eth1, DA1 or loopback If Name - eth1, DA1 or loopbackCLI Commands B-19 Prot - LOCAL or RIP trapcommunities not list access More or CR PAUSED COMMANDSContinue printing QuitPING timeout timeoutvalueRENAME RESOLVEset command history numerical range idle timeout minutes forwarddelay secondsSAVE set bridgeset dhcp relay server1 enabled YES NOset dhcp relay server2 address IPaddressset dhcp server set dns cachesize number numberretries number timeout secondsDNS1 IPaddress DNS2 IPaddressset interface interfacename filteraccess ON OFF inputfilter filtername outputfilter filternameroutingprotocol NONE RIPV1 RIPV2 B-28 APPENDIX B CLI COMMAND DESCRIPTION CLI Commands B-29 routerid routeridrippacketsize number ripupdateinterval number rip BOTH DISABLE LISTEN RESPONDONLY SEND ripagemultiplier numbersap BOTH DISABLE LISTEN RESPONDONLY SEND sapagemultiplier number sapupdateinterval numberpoolmembers number set network service adminnameSets parameters for configured network services Sets parameters for dynamic IPX networksAuthentication Options A VPN tunnel can only be configured for MSCHAPv1 by using the CLIFor in-depth information about CHAP and PAP, see RFC NONE REQUIRED address IPaddress access RO RWMPPE Options set system transmitauthenticationname namename “name” location “location”sessiontimeout seconds password passwordset user username message “message”defaultrouteoption enable disable bridging enable disableidletimeout seconds ip enable disableCLI Commands B-37 set vc vcname atm categoryofservice Unspecified UBR Variable VBRset number pcr numberSets ATM parameters for VCs Errored seconds since last link down Total time since system reboot hours, minutes, secondsTotal errored seconds in 15 minutes Total errored seconds in previous 15 minutesFields Base Aging Time - time to age out a known MAC address, defaultHistory Depth Current Prompt OCR-DSL Local Prompt OCR-DSL settings SPECIFIC ERROR COUNTERS show dns counters show dns settings show filter filternameProblems with Name Server - internal server error INPUT COUNTERS ICMP COUNTERSOUTPUT COUNTERS show interface Displays show interface interfacename countersINPUT COUNTERS OUTPUT COUNTERSIP Dynamic Address Pool Begin - start of IP address range Fragments Needing Reassembly - # of fragmented datagramsIP Dynamic Address Pool Size - size of IP address range settingsOUTPUT COUNTERS show ipx counters show ipx network networkname countersINPUT COUNTERS counters show ipx ripsettings settingsDynamic Address Pool Begin - starting IPX address show ipx sapsettings Default Gateway - default IPX router addressname settings vcname settingsvcname counters name countersSETTINGS for PPP BUNDLE 1 COMPRESSION SETTINGS for PPP BUNDLESETTINGS for PPP LINK 1 Operational Status - opened or not openedINPUT COUNTERS show snmp counters Displays many SNMP statisticsSystem Location - modify using set system System Contact - modify using set systemSystem Descriptor - for example OUTPUT COUNTERSTCP COUNTERS TCP SETTINGSINPUT COUNTERS OUTPUT COUNTERSTELNET CommandsVERIFY verify filterCommand Features CLI Exit CommandsB-58 APPENDIX B CLI COMMAND DESCRIPTION CommentsINDEX Server Input and Output filters contrasted Static Services Passwords Page Page Page STANDARD WARRANTY SERVICE 3Com Corporation LIMITED WARRANTYHARDWARE SOFTWAREFCC DECLARATION OF CONFORMITY FCC CLASS B STATEMENTThe Interference Handbook ModelDescription