Manuals / Avocent / Computer Equipment / Network Router

Avocent Cyclades-PR2000 installation manual Permit, Interior Router

Models: Cyclades-PR2000

1 136

Download 136 pages 56.31 Kb

Page 103

Image 103

Cyclades-PR2000

Interior Router

If an interior router exists in the network, the administrator may decide to use a Default Scope of Permit. In this case, all undesired traffic must be excluded by a rule in the rule list. In Figure 12.5, a conceptual equivalent of the interface is shown.

All packets except those which fall into the holes in the ball will be allowed entry in to or out of the network.

PERMIT

World ofPo s si b l e

Stop	a
	P

Forged Packets	c
Forged Packets	e
	k
	t
	s

Don’t Allow

Access to News

PERMIT

Stop Telnets

From the Outside

(Except Bastion Host)

PERMIT

FIGURE 12.5 PERMIT DEFAULT SCOPE

Chapter 12 - Filters and Rules

103

Page 103

Image 103

Avocent Cyclades-PR2000 installation manual Permit, Interior Router

Contents

Cyclades Corporation Installation ManualAccess Router Cyclades-PR2000FCC Warning Statement Cyclades-PR2000 Installation ManualCanadian DOC Notice Special Keys Table of ContentsIP Bridge Static Routing OSPF Configuration on the InterfaceOSPF Global Configurations The IP ProtocolCreation of user accounts and passwords The LAN Interface DB-25 Loopback ConnectorTable of Contents The WAN InterfacesCHAPTER 1 HOW TO USE THIS MANUAL Text Conventions Installation AssumptionsIcon ConventionDescription IconsCyclades Technical Support and Contact Information Cyclades-PR2000 Cyclades CorporationChapter 1 - How to Use This Manual Phone + 01 510 Fax + 01 510 41829 Albrae Street Fremont, CA USADB-25 CHAPTER 2 WHAT IS IN THE BOXBack Panel of PR2000 Back Panel of PR2000 Quick Installation ManualConfig Chapter 3 Using CyROS MenusConnection Using the Console Cable and a Computer or Terminal PR2000 login super PR2000 PasswordAll menus have the following elements Special Keys Cyros Management Utility The CyROS Management UtilityCyclades-PR2000 Chapter 3 - Using CyROS MenusNetwork Mask Example 1 Connection to an Internet Access Provider via ModemCHAPTER 4 STEP-BY-STEP INSTRUCTIONS FOR COMMON APPLICATIONS Speed 38.4kFIGURE 4.2 ETHERNET NETWORK PROTOCOL MENU PARAMETERS ParameterExample Your ApplicationYour Application STEP TWOParameter ExampleFIGURE 4.4 SWAN NETWORK PROTOCOL IP MENU PARAMETERS ParameterExample Your ApplicationFIGURE 4.5 PPP ENCAPSULATION MENU PARAMETERS ParameterExample Your ApplicationParameter ParameterExample Your ApplicationYour Application STEP SEVENParameter ExampleInstructions for listing the configuration Instructions for creating a backup of the configuration file100.130.130.1 Example 2 A LAN-to-LAN Example Using Frame RelayCentral Offices Remote Site’sFIGURE 4.10 ETHERNET NETWORK PROTOCOL MENU PARAMETERS ParameterExample Your ApplicationDSU/CSU, the Clock Source is External ParameterExample Your ApplicationFIGURE 4.12 SWAN NETWORK PROTOCOL IP MENU PARAMETERS ParameterExample Your ApplicationYour Application sending end must be using the same headerParameter ExampleYour Application FIGURE 4.14 DLC CONFIGURATION MENU PARAMETERSParameter ExampleFIGURE 4.15 STATIC ROUTE MENU PARAMETERS ParameterExample Your ApplicationChapter 4 - Step-by-Step Instructions Instructions for creating a backup of the configuration fileInstructions for listing the configuration Cyclades-PR2000FIGURE 4.16 PRIMARY AND SECONDARY BACKUP LINKS BETWEEN TWO LANS Example 3 Link BackupParameter ParameterExample Your ApplicationParameter ParameterExample Your ApplicationExample This parameter has no effect for link backup. For loadThis parameter has no effect for link backup. For load ParameterYour Application FIGURE 4.21 STATIC BACKUP ROUTE PARAMETERSParameter ExampleInstructions for listing the configuration Instructions for creating a backup of the configuration fileDescription CHAPTER 5 CONFIGURATION OF THE ETHERNET INTERFACEThe IP Network Protocol ParameterDescription ParameterIncoming IP Accounting FIGURE 5.1 IP BRIDGE EXAMPLE IP BridgeParameter Other ParametersDescription the Clock Source is always External CHAPTER 6 THE SWAN AND ASYNC INTERFACESParameter DescriptionSTEP TWO Description ParameterCHAPTER 7 NETWORK PROTOCOLS ConfigParameter The IP ProtocolDescription Description ParameterDetailed Incoming IP Accounting For the Spanning Tree Algorithm, a priority is given to each link in the router and to The Transparent Bridge ProtocolParameter DescriptionParameter CHAPTER 8 DATA-LINK PROTOCOLS ENCAPSULATIONPPP The Point-to-Point Protocol Applies when Enable Van Jacobson IP Header Compression is Yes . ThisDescription ParameterLCP Link Control Protocol messages are normally exchanged to monitor the status of Description CHARcommunication. When Start is used, a connection is attempted as soon as the line ParameterTraffic Control based on Data Link Connection PPPCHARHDLC Frame RelayParameter end must be using the same header type NLPID or SNAP as the router on the receiving endDescription 200.1.1.1 DLCI200.1.1.4 200.1.1.3 Router200.1.1.1 200.1.1.2Description ParameterFIGURE 8.2 PUBLIC X.25 NETWORK EXAMPLE X.25Switch / DCE X.25Parameter X.25 Menu CONFIG=INTERFACE=LINK=ENCAPSULATION =X.25Description Parameter X.25 Menu ContinuedDescription Parameter X.25 with PAD Packet Assembler/DisassemblerDescription Static Routing CHAPTER 9 ROUTING PROTOCOLS Routing StrategiesDynamic Routing 142.10.0.4 Static RoutesNetwork 142.10.0.3A Network Slot192.168.100.1 ETH0Parameter Both Examples -- To access all hosts in Network 3, its mask, 255.255.255.0, is usedDescription Parameter RIP ConfigurationDescription AREA Backbone OSPFAREA AN AUTONOMOUS SYSTEMParameter OSPF Configuration on the InterfaceDescription are configured in CONFIG = INTERFACE =LINK =NETWORK PROTOCOL =IP Parameter OSPF Global ConfigurationsDescription Description ParameterDescription ParameterDescription ParameterParameter only when Virtual Link Status is ActiveDescription BGP-4 Configuration Tele Popeye FIGURE 9.4 EXAMPLE SYSTEM WITH PR2000 IN AS 100 BEING CONFIGURED200.50.50.0 Description ParameterDescription ParameterDescription ParameterCONFIG=IP=BGP4=NEIGHBOR=ADD continued Parameter esir dDescription ROUTE MAP Parameter Applies only for Access List Type equal to AS Path. Limits the search on AS number toDescription FIGURE 9.7 ROUTE MAP ASSOCIATED WITH AN ACCESS LIST Parameter Alters the weight used to determine the best path. This value replaces the importanceDescription Description ParameterCHAPTER 10 CYROS, THE OPERATING SYSTEM Creation of user accounts and passwordsCreation of the host table User Name Password User Type Super, Usr, Auto, or PPPAuto IP Accounting 200.240.230.2 CHAPTER 11 NAT NETWORK ADDRESS TRANSLATION200.200.200.11 200.200.200.10 NAT Local Addresses # address range NAT Enabled NAT mode Expanded Port map translation EnabledUDP Timeout min DNS Timeout min TCP Timeout min TCP flags Timeout min NAT Global Addresses # address range 1 200.240.230.225 toTypes of Address Translation Description Menu OptionDescription Menu OptionDescription ParameterDescription ParameterCHAPTER 12 RULES AND FILTERS Configuration of IP FiltersFIGURE 12.1 THE RULES LIST MENU TREE ConfigSame as Add Rule ListFIGURE 12.2 FIREWALL EXAMPLE Exterior Router DENYSteps necessary to activate filtering on the exterior router in the example Destination IP Operator FIGURE 12.4 OUTPUT FOR EXTERIOR ROUTER EXAMPLELinked exterioroutFIGURE 12.4 OUTPUT FOR EXTERIOR ROUTER EXAMPLE CONTINUED Interior Router PERMITFilterlist Name slot1in FIGURE 12.6 OUTPUT FOR INTERIOR ROUTER EXAMPLEDestination Port Operator Traffic Rule Lists 3 Service Prioritization 11.11.11.0 FIGURE 12.8 OUTPUT SHOWING PARAMETERS FOR TRAFFIC RULE EXAMPLEDestination Port Page Port Any PortRequests DataThe configured rules will appear as shown in the following listing FIGURE 13.1 IPX NETWORK EXAMPLE CHAPTER 13 IPX INTERNETWORK PACKET EXCHANGEETH0 SlotConfiguring Other Interfaces Configuring the Ethernet InterfaceEnabling IPX Value for the Example Frame RelayX.25 RoutingFIGURE 13.2 ROUTING TABLE FOR THE EXAMPLE The SAP Service Advertisement Protocol TablePR3000 CHAPTER 14 VIRTUAL PRIVATE NETWORK CONFIGURATIONPR4000 Page REMOTE SECURITY NETWORK REMOTE SECURITY NETWORKLOCAL SECURITY NETWORK PR2000STEP THREE Description ParameterTest APPENDIX A TROUBLESHOOTINGWhat to Do if the Login Screen Does Not Appear When Using a Console Boot Code stepEvent What to Do if the Router Does Not Work or Stops WorkingCPU LED Morse code Testing the Ethernet Interface Testing the WAN Interfaces The next 4 columns indicate bytes and packets sent and received Cyclades - PR2000 LEDsSafety APPENDIX B HARDWARE SPECIFICATIONS General SpecificationsPower Requirements external DC adapter Physical SpecificationsETHERNET PORT External InterfacesThe WAN Interfaces The LAN InterfaceCONSOLE PORT The Asynchronous InterfaceASYNCHRONOUS PORT The Console InterfaceThe Straight-Through Cable CablesFIGURE B.7 DB-25 - M.34 ADAPTOR - DB-25 FEMALE TO M.34 MALE DB-25 - M.34 AdaptorSignal The ASY/Modem CableThe Cross Cable SignalFIGURE B.9 CROSS CABLE - DB-25 MALE TO DB-25 MALE Cyclades-PR2000 DB-25 Loopback ConnectorFIGURE B.10 LOOPBACK CONNECTOR - DB-25 MALE Appendix B - Hardware SpecificationsProcedure APPENDIX C CONFIGURATION WITHOUT A CONSOLERequirements Index C CablesCyclades Philippines