Manuals / Enterasys Networks / Computer Equipment / Network Router

Enterasys Networks XSR-3020 VPN Site-to-Site Sample Configuration, Configure SNMP, Central Site

Models: XSR-3020

1 110

Download 110 pages 4.16 Kb

Page 70

Configure SNMP

VPN Site-to-Site Sample Configuration

Configure SNMP

The previously configured ACL will be applied to all SNMP requests. Stricter ACLs can be written if tighter security controls are required.

XSR(config)#snmp-server community toMonitor1 ro 26

+Adds an SNMP community with read-only privileges attached to ACL 26

XSR(config)#snmp-server community toConfigure1 rw 26

+Adds another SNMP community with read-write privileges attached to ACL 26

XSR(config)#snmp-server enable traps

+Enables traps to be transmitted

XSR(config)#snmp-server contact support@enterasys.com

+Specifies contact information for the management server

XSR(config)#snmp location “HQ 2nd floor”

+Specifies the server locationr

XSR(config)#snmp-server host 192.168.2.101 traps trapCommunity

+Specifies management station to send traps to

XSR(config)#snmp-server host 192.168.2.102 traps trapCommunity

+Specifies another management station to send traps to

VPN Site-to-Site Sample Configuration

The following VPN topology, shown in Figure 3-5, configures a central site XSR to connect over IPSec tunnels with a remote ANG-1105 and two XSRs.

Figure 3-5 VPN Site-to-Site Topology

	Central Site		112.16.72.2
	Central Site	112.16.244.9
		112.16.244.9
112.16.1.221		ANG-1105	Branch Sites
		XSR
			112.16.76.2
XSR	Firewall	112.16.244.7
	112.16.244.10	XSR
	Gateway IP address	XSR
	for all remote sites		112.16.80.2
			112.16.80.2
		112.16.244.5

The following script configures the VPN topology shown in Figure 3-5.

3-26 Software Configuration

Image 70

Enterasys Networks XSR-3020 manual VPN Site-to-Site Sample Configuration, Configure SNMP, Central Site, Branch Sites

Contents

X-Pedition Security Router VersionXSR-3020 Getting Started Guide Page Enterasys Networks, Inc 50 Minuteman Road Andover, MA Regulatory Compliance Information Federal Communications Commission FCC NoticeClass A ITE Notice Industry Canada NoticesR & TTE Directive Declaration Clase A. Aviso de ITEProduktsicherheit Product SafetySeguridad del Producto Electromagnetic Compatibility EMCSupplement to Product Instructions Declaration of Conformity VCCI NoticeBSMI EMC Statement - Taiwan Manufacturer’s Name Enterasys Networks, IncIndependent Communications Authority of South Africa Australian TelecomFederal Information Processing Standard FIPS Certification VPN Consortium InteroperabilityCAREFULLY READ THIS LICENSE AGREEMENT Enterasys Networks, Inc. Firmware License AgreementBEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT You and Enterasys agree as follows5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed Program i was developed solely at private expense ii contains “restricted computer software” submitted with restricted rights in accordance with section 52.227‐19 a through d of the Commercial Computer Software‐Restricted Rights Clause and its successors, and iii in all respects is proprietary data belonging to Enterasys and/or its suppliers. For Department of Defense units, the Program is considered commercial computer software in accordance with DFARS section 227.7202‐3 and its successors, and use, duplication, or disclosure by the U.S. Government is subject to restrictions set forth herein 11. ASSIGNMENT. You may not assign, transfer or sublicense this Agreement or any of Your rights or obligations under this Agreement, except that You may assign this Agreement to any person or entity which acquires substantially all of Your stock assets. Enterasys may assign this Agreement in its sole discretion. This Agreement shall be binding upon and inure to the benefit of the parties, their legal representatives, permitted transferees, successors and assigns as permitted by this Agreement. Any attempted assignment, transfer or sublicense in violation of the terms of this Agreement shall be void and a breach of this Agreement Chapter 3 Software Configuration ContentsChapter 2 Hardware Installation About This GuideConfiguring the WAN Ports Appendix A Specifications IndexPage About This Guide Contents of the GuideConventions Used in This Guide Bold/En negrilla Italics/It áli caGetting Help Page Overview System DescriptionHardware Features Figure 1-1 Typical XSR-3020 TopologyFigure 1-2 XSR-3020 Industry-common CLI Software FeaturesOperating System IP ProtocolIP Routing SNMP and Statistics GatheringSecurity Frame RelayDynamic Host Configuration Protocol DHCP Integrated Services Digital Network ISDN - BRI/PRIQuality of Service QoS Virtual Private Network VPNGRE over IPSec Asynchronous Digital Subscriber Line ADSL Dial ServiceDial Backup Dial-on-Demand/Bandwidth-on-Demand DoD/BoDInstallation Overview Installation Overview 1-12 OverviewIntroduction Hardware InstallationInstallation Site Suggestions Verifying Your ShipmentInstalling NIM Cards and Rack Mounting Figure 2-1 Removing XSR CoverFigure 2-2 Removing NIM Slot Cover Figure 2-3 Attaching NIM card to Motherboard3020 Figure 2-4 Fastening Rack BracketsFigure 2-5 Attaching XSR to Rack 3020Figure 2-6 Typical CompactFlash Card Installing a CompactFlash Memory CardCompactFlash Card Installation Figure 2-7 Removing CompactFlash Cover PlateFormatting the CompactFlash Card CompactFlash Card for the ADSL NIMFigure 2-8 Installing CompactFlash Card Figure 2-9 Connecting Serial COM Console Cable Connecting CablesFigure 2-10 Attaching T1/PRI or BRI Port Connector ALARM Figure 2-11 Connecting High Speed Serial ConnectorFigure 2-12 Attaching T3/E3 BNC Connectors ENABLE3020 Figure 2-13 Connecting ADSL ConnectorFigure 2-14 Attaching T1 Drop & Insert Connector NIM1Link TX G Figure 2-15 Attaching Ethernet ConnectorFigure 2-16 Inserting Mini-GBIC Module ETH33020 Figure 2-17 Attaching Ethernet LAN NIM ConnectorFigure 2-18 Attaching Ethernet Fiber LAN NIM Connector 3020LINE Figure 2-19 Connecting Power Supply Cord100~125V~1 200~240V~0.25ASoftware Configuration Initializing XSR SoftwareETHERNET Activity LEDs blink when frames pass on the LAN Opening a COM Console Session Optional Configuring Remote Auto InstallConfiguring RAI for Frame Relay Characteristics” on pageXSRconfig-ifS1/0.1#exit XSRconfigexit Configuring RAI for DHCP over LAN Configuring RAI over ADSLPage Setting User Name, Privilege and Password Configuring the XSR Name and User InformationSetting the Clock 3. Enter hostname your XSR designationConfiguring the WAN Ports Configuring the LAN PortsPRI Configuration BRI Leased Line BRI ConfigurationBRI Leased Frame Relay BRI Switched Line PPPoE ADSL ConfigurationPPPoA Firewall Sample Configuration IPoAFigure 3-1 XSR with Firewall Topology Setting Up RIP Routing Setting Up RIP Routing3-14 Software Configuration Configure OSPF Routing Configuring Frame Relay Point to Point NetworksSetting Up an SNMP Community String, Traps and V3 Values Viewing Your Configuration Configuring Message Logging and Severity Level7. Optional. For SNMPv3, enter snmp-server user username group name Product Version Connecting Remotely via the WebFigure 3-2 Initial Web Access Window X-Pedition ProductsFigure 3-3 Web Product Version Window Figure 3-4 Sample LAN-PPP Services Configuration LAN-PPP Services Sample ConfigurationBackup Site Hostname branch2 Frame Relay WAN Link with PPP Backup Sample Configuration Configure LAN Interface Configure Users and PasswordsConfigure Quality of Service Configure WAN/Frame Relay Port Configure More Access Lists Configure OSPF RoutingApply QoS Configure DHCP/BOOTP Relay Configure the Dial Backup ConnectionCentral Site VPN Site-to-Site Sample ConfigurationConfigure SNMP Branch SitesConfigure IKE Policy for Remote Peer Configure Access Control ListsSet Up IKE Phase I Security Generate Master Encryption KeyConfiguring VPN at Interface Mode and Setting Up RIP Configure Crypto MapsCreate a Transform Set VPN Sample Configuration with Network Extension Mode Configuring Authentication AAAeth0 10.11.11.1/24 Figure 3-6 VPN Topology with NEM, EZ-IPSec and Internet AccessGigabitEthernet 1 172.16.10/24 Gigabitethernet 2 26.26.26.10/24Create the ISAKMP IKE global peer XSR Rebooting Characteristics Initialization OutputBoot Type Reboot TriggersTable 1 Reboot Triggers CausePower-Up Reboot Power-up Error ConditionsTable 1 Reboot Triggers continued Reload Command from the CLIBootrom Monitor Mode Commands Page copy Page remove renameThis command shows network values with the following sample output This command shows the bootrom version with sample output below Bootrom Monitor Mode Commands 3-42 Software ConfigurationTable A-1 XSR Hardware Specifications SpecificationsSystem Specifications CategoryTable A-2 XSR Cabling/Accessory Guide Cable, CompactFlash and Accessory SpecificationsTable A-1 XSR Hardware Specifications continued ConnectorCable, CompactFlash and Accessory Specifications Table A-2 XSR Cabling/Accessory Guide continuedConnector Part DescriptionSignal COM Console PortFigure A-1 COM Port Pinouts Signal GigabitEthernet PortsMini-GBIC Fiber, Copper Port Figure A-2 GigaBitEthernet Port Pinouts EthSignal Regulatory/Safety ComplianceCopper/Fiber-optic Ethernet NIMs Figure A-3 Copper Ethernet NIMJ2 - J5 DB-15 type male connector 2/4-Port Serial NIM Card PortJ1 68-pin male SCSI II type connector Figure A-6 High Speed Serial NIM PortFigure A-8 J1 68-pin male SCSI II type connectorJ2 - J5 DB-25 type male RxD2+connector EIA-232/530 DTE Pin AssignmentsFigure A-9 J2 - J5 DB-37 type male connectorJ1 68-pin male SCSI RD2+II type connector EIA-449 DTE Pin AssignmentsJ2. J4 DB-25-type male connector Pins not shown are unused J1 68-pin male SCSI III-type connectorJ3, J5 V.35-type male connector Figure A-10 Combined V.35/EIA-232/530 DTE Pin AssignmentsFigure A-11 J1 68-pin male SCSI II type connectorJ2 - J5 V.35 type male connector V.35 DTE Pin AssignmentsSignal T1/E1/ISDN PRI NIM Card PortsRegulatory/Safety Compliance Figure A-12 4-Port T1/E1/ISDN PRI NIM Card RJ-48C ports shownFigure A-14 Balun for E1 or PRI Connection Balun for E1 or PRI NIM CardsGrounding Shunt for E1 NIM Cards Figure A-15 Sample Grounding ShuntInstalling Shunt/Terminal Strip Figure A-16 Installing a Grounding Shunt on the E1 NIM CardRegulatory/Safety Compliance T3/E3 NIM CardFigure A-17 1-Port T3/E3 NIM Card Figure A-18 ISDN BRI-S/T NIM Card RJ-45 ports shown 1/2-Port BRI-S/T NIM Card PortsSignal Figure A-19 ISDN BRI-S/T -NIM PinoutsFigure A-20 Installing a Termination Shunt on BRI-S/T NIM Card Termination Shunt for the ISDN BRI-S/T NIM CardInstalling Shunt/Terminal Strip Receive Pair TerminationSignal 1/2-Port BRI-U NIM Card PortsRegulatory/Safety Compliance Figure A-21 ISDN BRI-U NIM Card RJ-49C ports shownSignal 1-Port ADSL NIM Card PortRegulatory/Safety Compliance Figure A-23 ADSL NIM CardSignal T1/E1 Drop & Insert D&I NIMRegulatory/Safety Compliance Figure A-25 T1/E1 D&I NIM CardFigure A-27 CompactFlash Memory Card CompactFlash Memory CardLED Behavior Figure A-28 XSR LEDsState Table A-3 LED Description continuedFunction Index how to attach the Ethernet serial cable