Manuals / 3Com / Computer Equipment / Network Router

3Com OfficeConnect Remote 812 manual Please also note the following, Enabling NAT

Models: OfficeConnect Remote 812

1 170

Download 170 pages 51.21 Kb

Page 59

The LAN workstation previously selected to receive all non-addressed packets from the remote workstation no longer receives them.

Intelligent PAT begins to forward all non-addressed packets sent by the remote workstation to the newly chosen “best guess” LAN workstation.

When a new communication pattern is detected, Intelligent PAT makes a new “best guess”, with the following results:

The “best guess” LAN workstation will continue to receive all non-addressed packets sent by this remote workstation until and unless a new (different) communication pattern is detected by Intelligent PAT.

Address Translation 6-23

Please also note the following:

Usethe following command to configure Intelligent PAT:

set vc <vc name> intelligent_pat_option <Enable/Disable>

Monitoring PAT The PAT configuration is displayed when viewing the remote site configuration using the show vc command. The Network Address Translation field should indicate “port (PAT)”. The PAT Default Address field will contain 0.0.0.0 if the option is disabled, or a valid workstation IP address on the local LAN if it is enabled. The static and/or dynamic address definitions are appended to the display only when configured.

When the remote site is active, current port mappings and address mappings are displayed with the following commands, respectively:

list nat vc <vc name> port list nat vc <vc name> addr

Network Address	NAT maps one private LAN IP address (one user) to one public (WAN) IP address.
Translation (NAT)	When using NAT, multiple users can access a single application at the same time.
Configuring NAT	When	you create a vc using QuickVC, you are asked if you want to enable PAT.

During QuickVC setup, you can:

Accept the default choice (YES) to enable nat_option PAT.

Choose not to enable PAT

If you simply use the add vc <vc name> command without specifying a NAT option, the default is NAT disabled (meaning that NAT, PAT, and Super NAT are not enabled).

Enabling NAT

To enable NAT, enter the following command:

set vc <vc name> nat_option nat

Image 59

3Com OfficeConnect Remote 812 manual Please also note the following, set vc vc name intelligentpatoption Enable/Disable

Contents

Part Number 10043337 AA ReleaseOfficeConnect Remote ADSL Router CLI User’s Guide 95052-8145 3Com Corporation5400 Bayfront Plaza Santa Clara, CaliforniaCONFIGURATION METHODS Table of ContentsACCESSING THE CONFIGURATION INTERFACE CLI COMMAND CONVENTIONS AND TERMINOLOGYIPX Routing Network Service PPP QUICKVC SETUPMANUAL SETUP Starting QuickVC SetupSetting Up a Virtual Private Network VPN Tunnel Monitoring the DHCP Relay Configuring IPX for Remote Site ConnectionsSetting Date and Time Using Network Time Protocol NTP Providing TFTP AccessOFFICECONNECT REMOTE 812 SAMPLE CONFIGURATION CLI COMMAND DESCRIPTION disable securityoption snmp useraccess list processes list accesslist ip addresses list services B list snmp communities or list snmp trapcommunities B set system TELNET TCP COUNTERSINPUT COUNTERS Output Pause 3COM CORPORATION LIMITED WARRANTY FCC CLASS A VERIFICATION STATEMENTFCC CLASS B STATEMENT FCC DECLARATION OF CONFORMITY POSITIONAL HELP B Command Completion BMacintosh Computers ACCESSING THE CONFIGURATION 1 INTERFACEEstablishing Communications with the OfficeConnect Remote IBM-PC Compatible Computerstelnet ipaddress UNIX-Based ComputersParameters CLI COMMAND CONVENTIONS AND 2 TERMINOLOGYCommand Structure add ip network is the commandHelp CommandAbbreviation and CompletionConventions Command Language Terminology Page QuickVC Setup Instructions CONFIGURATION METHODSQuick Setup Instructions 3-2 CHAPTER 3 CONFIGURATION METHODS Manual Setup InstructionsADSL Router Installation Guide QUICK SETUPCLI Quick Setup Script Restoring the OfficeConnect Remote 812 to an Unconfigured StatePassword Protection Quick Setup ScriptQuick Setup Script Instructions Do you want to continue Quick Setup?Quick Setup Management Information Quick Setup Identification Information4-4 CHAPTER 4 QUICK SETUP Quick Setup IP InformationTELNET information Quick Setup IPX Information TELNET Management Quick Setup Bridge InformationSample Identification Information Management InformationSample Output Display as Quick Setup Executes Page Starting QuickVC Setup OCR-DSL quickvc QUICKVC SETUPCLI QuickVC Setup Script Network Service PPP CLI QuickVC Setup Script Bridging Service PPPService RFC IPX Routing Networkas Quick Setup Executes Sample IdentificationInformation Sample Output DisplayPage Configuration Overview MANUAL SETUPmemory Remember to save your configuration using the save all command beforeRemote Site ManagementConfiguring Network Service Information set vc vc name networkservice pppset vc vc name dynamicipaddressing dhcpclient set vc vc name networkservice pppoeset vc vc name networkservice pppoa Currently, the SVC capability is disabled in the OCRwhen transmitting data to the remote site Setting Up a Virtualset vc vc name atm categoryofservice unspecifed pcr cell rate set vc vc name atm categoryofservice constant pcr cell rateOn the 812 ADSL Router “Client” Side VPN Tunneling Overview Before You Begin Initiating a VPN TunnelOn the Remote Private Network “Server” Side Enabling and Disabling a disable tunnel commandVPN Tunnel list tunnel Use this command to list the name and status of tunnels Values Authentication and EncryptionTo learn how to set up encryption using the CLI, see Configuring Router to Support Encryption for L2TP Tunnels Configuring Windows 2000 Server to Support CHAP AuthenticationEncryption MICROSOFT56BIT NONE REQUIREDValue Name ProhibitIpSec Configuring a Cisco Router to Support Encryption for L2TP Tunnelsaaa authentication login cisco local interface Ethernet1/2 peer default ip address pool L2TPvpdn-group 1 accept-dialin protocol l2tp virtual-template terminate-from hostname OfficeConnect local name c7200error ppp authentication papRIP Configuration router rip ver network IP Pool for L2TP Tunnel Debug vpdn command6-14 CHAPTER 6 MANUAL SETUP IP Routingshow ip routing settings enable ip forwardingenable ip RIP disable ip RIPaddressselection negotiateRemote Site The defaultrouteoption can only be enabled in one VC profileset vc vc name 6-18 CHAPTER 6 MANUAL SETUP Configuring Static and Framed IP RoutesAddress Translation used For a vc added using QuickVC, NAT is enabled by defaultcontinues to run until a NAT port frees up Use the following command to configure PAT in a vc profile port 80, private port 80, and the private address of the LAN Server6-22 CHAPTER 6 MANUAL SETUP Intelligent PATset vc vc name natoption nat set vc vc name intelligentpatoption Enable/DisablePlease also note the following Enabling NAT6-24 CHAPTER 6 MANUAL SETUP Configuring NAT Static and Dynamic MappingsAND / OR add nat dynamic vc vc name publicpoolstart ip address count numberlist nat vc vc name port port list nat vc vc name addrRemote DHCP Configuring the DHCP Modeset dhcp server router ip address set dhcp server startaddress ip address endaddress ip addressset dhcp server mask ip address set dhcp server lease secondslist dhcp server leases Configuring the DHCPset dhcp mode relay show dhcp server countersset dns enable dnsshow dns settings timeoutlist dns servers Access ListsIPX Routing 6-32 CHAPTER 6 MANUAL SETUP Enabling IPX Routing Configuring IPX for the LANConfiguring IPX for Remote Site Connections add ipxroute vc vc name ipxnet ipx network address metric number Configuring IPX Static and Framed Routes6-34 CHAPTER 6 MANUAL SETUP Configuring IPX Static and Framed Servicesdelete ipx service name type hex number add ipxservice vc vc name hops numberset ipx network network name Configuring IPX RIP and SAPBridging set ipx network network name6-36 CHAPTER 6 MANUAL SETUP Configuring Bridging for the Remote Site ConnectionsBridging IP Traffic Configuring Bridging for the LANset bridge agingtime seconds show ip settingsset bridge forwarddelay seconds Advanced Bridging Optionsset bridge firewall discardroutedprotocols set vc vcname macrouting enableSimultaneous Bridging and Routing set bridge firewall fwdunicastonly AdministrationSetting Date and Time SystemFor example set date 01-JAN-1998 Network Time Protocol CLI Commandsset enable ntp set disable ntpset retransmissions number set timeout secondsset secondaryserver ipnameoraddr set pollinginterval secondsNTP Servers clock.psu.edu delete user name show systemset system name name location location contact contact list userslist tftp clients Setting Password ProtectionAfter logging in to the CLI, you can exit the CLI with the command exit cli6-46 CHAPTER 6 MANUAL SETUP OfficeConnect Remote 812 Filtering CapabilitiesData Filtering Overview Filter Classes The OCR 812 supports three filter classes Overview Creating Filters UsingCommand Line Creating FiltersProtocol Rules IP 1 ACCEPT src-addr=xxx 2 ACCEPT dst-addr=yyy 999 DENY The OR operation can be implemented by successive rulesLENGTH - The number of bytes in the packet to compare to the value IP RIP Packet Filtering Using CLI IP Source and Destination Network Filtering Using CLIIP Source and Destination Port Filtering Using CLI IP Protocol Filtering Using CLIIPX Source and Destination Socket Number Filtering Using CLI IPX Source and Destination Network Filtering Using CLIIPX Source and Destination Host Filtering Using CLI IPX 1 ACCEPT src-socket = 999 DENY IPX RIP Packet Filtering Using CLIIPX SAP Packet Filtering Using CLI Bridge / Generic Filtering Using CLImemory Using CLICreating Filter Files Assigning Filters VC/Remote Site Filters Applying Filters UsingInterface Using CLI by entering the CLI command set interface eth1 filteraccess offVPN Tunnel Using CLIFilter List Using CLI Managing FiltersDeleting a Packet Filter an Interface Using CLIRemoving a Filter from VC/Remote Site Profile6-60 CHAPTER 6 MANUAL SETUP Overview OFFICECONNECT REMOTE 812 SAMPLE A CONFIGURATIONSample Configuration OCR 812 featuresadd user root password !root Configuring theGlobal Configuration enable securityoption remoteuser administrationset dhcp server dns1 192.168.200.254 dns2 add dns server * vc Internet enable dnsadd ipx network ipx address 10 frame ethernetii enable yes disable bridge spanningtree add bridge network bridgeset vc Internet iprouting listen set vc Internet sendname internet-user sendpassword 1a2b3cset vc Internet defaultrouteoption enable enable vc Internet Configuring the Sample Network A-5 set vc corp-net ipxaddress 0 ipxrouting all enable vc corp-netset vc corp-net iprouting both Page vcblknetbios CLI Command DescriptionCLI Commands add accessprimaryaddress ipaddress secondaryaddress ipaddress vcname vcname metric add ip defaultrouteadd framedroute vc name iproute ipaddress metric numbergateway gatewayaddr metric hopcount address ipxaddress interface eth1 enabled yesadd ip network networkname address ipnetaddress frame ETHERNETII SNAP LOOPBACK interface eth1gateway ipxhostaddress metric metricnumber ticks ticknumber add ipx service servicenametype servicetype add ipx route ipxnetaddressadd ipxroute vc name ipxnet ipxaddress metric hopcount ticks ticknumbertype servicetype add ipxservice vc nameCLI Commands B-7 add network service servicename statusservertype servertype socket socketnumber enabled YES data “string” closeactiveconnections TRUE FALSE Add network service exampleadd networkservice CLIaccess servertype TELNETD socket address ipaddress access RO RWadd tunnel add snmp trapcommunity nameipnameoraddr address ipaddressenabled yes add user nameadd vc name arp output outputfilename ipnameoraddrtype servicetype delete ipx route ipxnetaddress delete ipx service servicenamedelete pat tcp vc vcnameentries publicaddress ipaddresspublicpoolstart ipaddress tunnelnamebridge forwarding DISABLEdisable ip network DIALoutput outputfile disable snmpinterfacename interface settings command authentication trapsnetworks ENABLEinterfacename interface settings command using list network servicesHANGUP interfacenameLIST HELPHISTORY KILLmgmt - unknown, but filtering information exists CLI Commands B-19 If Name - eth1, DA1 or loopbackInterface - eth1, DA1 or loopback Prot - LOCAL or RIP trapcommunities not list access Quit PAUSED COMMANDSMore or CR Continue printingRESOLVE timeout timeoutvaluePING RENAMEset bridge forwarddelay secondsset command history numerical range idle timeout minutes SAVEaddress IPaddress enabled YES NOset dhcp relay server1 set dhcp relay server2DNS2 IPaddress set dns cachesize number numberretries number timeout secondsset dhcp server DNS1 IPaddressroutingprotocol NONE RIPV1 RIPV2 filteraccess ON OFF inputfilter filtername outputfilter filternameset interface interfacename B-28 APPENDIX B CLI COMMAND DESCRIPTION CLI Commands B-29 routerid routeridsapupdateinterval number rip BOTH DISABLE LISTEN RESPONDONLY SEND ripagemultiplier numberrippacketsize number ripupdateinterval number sap BOTH DISABLE LISTEN RESPONDONLY SEND sapagemultiplier numberSets parameters for dynamic IPX networks set network service adminnamepoolmembers number Sets parameters for configured network servicesFor in-depth information about CHAP and PAP, see RFC A VPN tunnel can only be configured for MSCHAPv1 by using the CLIAuthentication Options MPPE Options address IPaddress access RO RWNONE REQUIRED location “location” transmitauthenticationname nameset system name “name”message “message” password passwordsessiontimeout seconds set user usernameip enable disable bridging enable disabledefaultrouteoption enable disable idletimeout secondsCLI Commands B-37 pcr number categoryofservice Unspecified UBR Variable VBRset vc vcname atm set numberSets ATM parameters for VCs Total errored seconds in previous 15 minutes Total time since system reboot hours, minutes, secondsErrored seconds since last link down Total errored seconds in 15 minutesFields Base Aging Time - time to age out a known MAC address, defaultHistory Depth Current Prompt OCR-DSL Local Prompt OCR-DSL settings Problems with Name Server - internal server error show dns counters show dns settings show filter filternameSPECIFIC ERROR COUNTERS OUTPUT COUNTERS ICMP COUNTERSINPUT COUNTERS OUTPUT COUNTERS show interface interfacename countersshow interface Displays INPUT COUNTERSsettings Fragments Needing Reassembly - # of fragmented datagramsIP Dynamic Address Pool Begin - start of IP address range IP Dynamic Address Pool Size - size of IP address rangeINPUT COUNTERS show ipx counters show ipx network networkname countersOUTPUT COUNTERS settings show ipx ripcounters settingsDefault Gateway - default IPX router address show ipx sapDynamic Address Pool Begin - starting IPX address settingsname counters vcname settingsname settings vcname countersOperational Status - opened or not opened SETTINGS for PPP BUNDLESETTINGS for PPP BUNDLE 1 COMPRESSION SETTINGS for PPP LINK 1INPUT COUNTERS show snmp counters Displays many SNMP statisticsOUTPUT COUNTERS System Contact - modify using set systemSystem Location - modify using set system System Descriptor - for exampleOUTPUT COUNTERS TCP SETTINGSTCP COUNTERS INPUT COUNTERSverify filter CommandsTELNET VERIFYCommand Features CLI Exit CommandsB-58 APPENDIX B CLI COMMAND DESCRIPTION CommentsINDEX Server Input and Output filters contrasted Static Services Passwords Page Page Page SOFTWARE 3Com Corporation LIMITED WARRANTYSTANDARD WARRANTY SERVICE HARDWAREModelDescription FCC CLASS B STATEMENTFCC DECLARATION OF CONFORMITY The Interference Handbook