Manuals / Avocent / Computer Equipment / Network Router

Avocent Cyclades-PR2000 installation manual

Models: Cyclades-PR2000

1 136

Download 136 pages 56.31 Kb

Page 100

Cyclades-PR2000

Steps necessary to activate filtering on the exterior router in the example:

1There are two interfaces with two directions each. Filtering on link 1 requires the creation of two rule lists, called exterior_in and exterior_out. Create them using the menu CONFIG =>RULES LIST =>IP =>ADD RULE LIST and the following parameters:

Rule List Type = Filter Default Scope = Deny Linked Rule List Name = None

2Create the rules for each rule list in the order in which they should be evaluated. The order is important and mis-ordering the rules can cause unexpected results. This is done in the menu CONFIG =>RULES LIST =>IP =>CONFIGURE RULES. The parameters for rules 0 and 1 in the example are shown in Figure 12.4.

3Link the rule lists to the respective interface parameters in the menu CONFIG =>INTERFACE

=><INTERFACE> =>NETWORK PROTOCOL =>INCOMING/ OUTGOING RULE LIST NAME. exterior_in should be set as the incoming rule list name and exterior_out should be set as the outgoing rule list name.

Exterior_in, rule 0, allows a remote computer to connect to the bastion host using the TCP protocol on its SMTP port. Exterior_out, rule 0, allows the Bastion Server to RESPOND to the connection started by the remote computer. To send e-mail out, two more rules would be needed. If all the router needs to do is receive e-mail, the configuration is done. If not, other “holes” must be created in the deny ball.

Chapter 12 - Filters and Rules

100

Image 100

Avocent Cyclades-PR2000 installation manual Steps necessary to activate filtering on the exterior router in the example

Contents

Installation Manual Access RouterCyclades-PR2000 Cyclades CorporationFCC Warning Statement Cyclades-PR2000 Installation ManualCanadian DOC Notice Special Keys Table of ContentsIP Bridge OSPF Configuration on the Interface OSPF Global ConfigurationsThe IP Protocol Static RoutingCreation of user accounts and passwords DB-25 Loopback Connector Table of ContentsThe WAN Interfaces The LAN InterfaceCHAPTER 1 HOW TO USE THIS MANUAL Installation Assumptions Text ConventionsConvention DescriptionIcons IconCyclades Technical Support and Contact Information Cyclades Corporation Chapter 1 - How to Use This ManualPhone + 01 510 Fax + 01 510 41829 Albrae Street Fremont, CA USA Cyclades-PR2000DB-25 CHAPTER 2 WHAT IS IN THE BOXBack Panel of PR2000 Quick Installation Manual Back Panel of PR2000Chapter 3 Using CyROS Menus Connection Using the Console Cable and a Computer or TerminalPR2000 login super PR2000 Password ConfigAll menus have the following elements Special Keys The CyROS Management Utility Cyros Management UtilityChapter 3 - Using CyROS Menus Cyclades-PR2000Example 1 Connection to an Internet Access Provider via Modem CHAPTER 4 STEP-BY-STEP INSTRUCTIONS FOR COMMON APPLICATIONSSpeed 38.4k Network MaskParameter ExampleYour Application FIGURE 4.2 ETHERNET NETWORK PROTOCOL MENU PARAMETERSSTEP TWO ParameterExample Your ApplicationParameter ExampleYour Application FIGURE 4.4 SWAN NETWORK PROTOCOL IP MENU PARAMETERSParameter ExampleYour Application FIGURE 4.5 PPP ENCAPSULATION MENU PARAMETERSParameter ExampleYour Application ParameterSTEP SEVEN ParameterExample Your ApplicationInstructions for creating a backup of the configuration file Instructions for listing the configurationExample 2 A LAN-to-LAN Example Using Frame Relay Central OfficesRemote Site’s 100.130.130.1Parameter ExampleYour Application FIGURE 4.10 ETHERNET NETWORK PROTOCOL MENU PARAMETERSParameter ExampleYour Application DSU/CSU, the Clock Source is ExternalParameter ExampleYour Application FIGURE 4.12 SWAN NETWORK PROTOCOL IP MENU PARAMETERSsending end must be using the same header ParameterExample Your ApplicationFIGURE 4.14 DLC CONFIGURATION MENU PARAMETERS ParameterExample Your ApplicationParameter ExampleYour Application FIGURE 4.15 STATIC ROUTE MENU PARAMETERSInstructions for creating a backup of the configuration file Instructions for listing the configurationCyclades-PR2000 Chapter 4 - Step-by-Step InstructionsExample 3 Link Backup FIGURE 4.16 PRIMARY AND SECONDARY BACKUP LINKS BETWEEN TWO LANSParameter ExampleYour Application ParameterParameter ExampleYour Application ParameterThis parameter has no effect for link backup. For load This parameter has no effect for link backup. For loadParameter ExampleFIGURE 4.21 STATIC BACKUP ROUTE PARAMETERS ParameterExample Your ApplicationInstructions for creating a backup of the configuration file Instructions for listing the configurationCHAPTER 5 CONFIGURATION OF THE ETHERNET INTERFACE The IP Network ProtocolParameter DescriptionDescription ParameterIncoming IP Accounting IP Bridge FIGURE 5.1 IP BRIDGE EXAMPLEParameter Other ParametersDescription CHAPTER 6 THE SWAN AND ASYNC INTERFACES ParameterDescription the Clock Source is always ExternalSTEP TWO Parameter DescriptionConfig CHAPTER 7 NETWORK PROTOCOLSParameter The IP ProtocolDescription Description ParameterDetailed Incoming IP Accounting The Transparent Bridge Protocol ParameterDescription For the Spanning Tree Algorithm, a priority is given to each link in the router and toCHAPTER 8 DATA-LINK PROTOCOLS ENCAPSULATION PPP The Point-to-Point ProtocolApplies when Enable Van Jacobson IP Header Compression is Yes . This ParameterDescription ParameterLCP Link Control Protocol messages are normally exchanged to monitor the status of CHAR communication. When Start is used, a connection is attempted as soon as the lineParameter DescriptionPPPCHAR HDLCFrame Relay Traffic Control based on Data Link ConnectionParameter end must be using the same header type NLPID or SNAP as the router on the receiving endDescription DLCI 200.1.1.1Router 200.1.1.1200.1.1.2 200.1.1.4 200.1.1.3Parameter DescriptionX.25 Switch / DCEX.25 FIGURE 8.2 PUBLIC X.25 NETWORK EXAMPLEParameter X.25 Menu CONFIG=INTERFACE=LINK=ENCAPSULATION =X.25Description Parameter X.25 Menu ContinuedDescription Parameter X.25 with PAD Packet Assembler/DisassemblerDescription Static Routing CHAPTER 9 ROUTING PROTOCOLS Routing StrategiesDynamic Routing Static Routes Network142.10.0.3 142.10.0.4Slot 192.168.100.1ETH0 A NetworkParameter Both Examples -- To access all hosts in Network 3, its mask, 255.255.255.0, is usedDescription Parameter RIP ConfigurationDescription OSPF AREAAN AUTONOMOUS SYSTEM AREA BackboneParameter OSPF Configuration on the InterfaceDescription are configured in CONFIG = INTERFACE =LINK =NETWORK PROTOCOL =IP Parameter OSPF Global ConfigurationsDescription Parameter DescriptionParameter DescriptionParameter DescriptionParameter only when Virtual Link Status is ActiveDescription BGP-4 Configuration Tele Popeye FIGURE 9.4 EXAMPLE SYSTEM WITH PR2000 IN AS 100 BEING CONFIGURED200.50.50.0 Parameter DescriptionParameter DescriptionParameter DescriptionCONFIG=IP=BGP4=NEIGHBOR=ADD continued Parameter esir dDescription ROUTE MAP Parameter Applies only for Access List Type equal to AS Path. Limits the search on AS number toDescription FIGURE 9.7 ROUTE MAP ASSOCIATED WITH AN ACCESS LIST Parameter Alters the weight used to determine the best path. This value replaces the importanceDescription Parameter DescriptionCHAPTER 10 CYROS, THE OPERATING SYSTEM Creation of user accounts and passwordsCreation of the host table User Name Password User Type Super, Usr, Auto, or PPPAuto IP Accounting 200.240.230.2 CHAPTER 11 NAT NETWORK ADDRESS TRANSLATION200.200.200.11 200.200.200.10 NAT Enabled NAT mode Expanded Port map translation Enabled UDP Timeout min DNS Timeout min TCP Timeout min TCP flags Timeout minNAT Global Addresses # address range 1 200.240.230.225 to NAT Local Addresses # address rangeTypes of Address Translation Menu Option DescriptionMenu Option DescriptionParameter DescriptionParameter DescriptionConfiguration of IP Filters CHAPTER 12 RULES AND FILTERSConfig Same as AddRule List FIGURE 12.1 THE RULES LIST MENU TREEFIGURE 12.2 FIREWALL EXAMPLE DENY Exterior RouterSteps necessary to activate filtering on the exterior router in the example FIGURE 12.4 OUTPUT FOR EXTERIOR ROUTER EXAMPLE Linkedexteriorout Destination IP OperatorFIGURE 12.4 OUTPUT FOR EXTERIOR ROUTER EXAMPLE CONTINUED PERMIT Interior RouterFilterlist Name slot1in FIGURE 12.6 OUTPUT FOR INTERIOR ROUTER EXAMPLEDestination Port Operator Traffic Rule Lists 3 Service Prioritization 11.11.11.0 FIGURE 12.8 OUTPUT SHOWING PARAMETERS FOR TRAFFIC RULE EXAMPLEDestination Port Page Port RequestsData Port AnyThe configured rules will appear as shown in the following listing CHAPTER 13 IPX INTERNETWORK PACKET EXCHANGE ETH0Slot FIGURE 13.1 IPX NETWORK EXAMPLEConfiguring Other Interfaces Configuring the Ethernet InterfaceEnabling IPX Frame Relay X.25Routing Value for the ExampleThe SAP Service Advertisement Protocol Table FIGURE 13.2 ROUTING TABLE FOR THE EXAMPLEPR3000 CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATIONPR4000 Page REMOTE SECURITY NETWORK LOCAL SECURITY NETWORKPR2000 REMOTE SECURITY NETWORKSTEP THREE Parameter DescriptionAPPENDIX A TROUBLESHOOTING What to Do if the Login Screen Does Not Appear When Using a ConsoleBoot Code step TestEvent What to Do if the Router Does Not Work or Stops WorkingCPU LED Morse code Testing the Ethernet Interface Testing the WAN Interfaces The next 4 columns indicate bytes and packets sent and received LEDs Cyclades - PR2000APPENDIX B HARDWARE SPECIFICATIONS General Specifications Power Requirements external DC adapterPhysical Specifications SafetyExternal Interfaces The WAN InterfacesThe LAN Interface ETHERNET PORTThe Asynchronous Interface ASYNCHRONOUS PORTThe Console Interface CONSOLE PORTCables The Straight-Through CableDB-25 - M.34 Adaptor FIGURE B.7 DB-25 - M.34 ADAPTOR - DB-25 FEMALE TO M.34 MALEThe ASY/Modem Cable The Cross CableSignal SignalFIGURE B.9 CROSS CABLE - DB-25 MALE TO DB-25 MALE DB-25 Loopback Connector FIGURE B.10 LOOPBACK CONNECTOR - DB-25 MALEAppendix B - Hardware Specifications Cyclades-PR2000Procedure APPENDIX C CONFIGURATION WITHOUT A CONSOLERequirements C Cables IndexCyclades Philippines