Router Security, IP Router Filtering | Paradyne CSU, DSU, 9126-II

5. Configuring the FrameSaver SLV Router

Router Security

The router offers security via the following:

Filtering can be enabled or disabled for inbound and/or outbound traffic:

—Ethertype

—ICMP Message Type, Code

—IP Protocol Type: TCP, UDP, or ICMP

—TCP/UDP Ports

—IP Source/Destination IP Address Always enabled:

—Land Bug Prevention

—Smurf Attack Prevention

IP Router Filtering

Router filtering does not apply when the router is in bridge-only mode. By default, filtering is disabled on the router. Filtering provides security advantages on LANs by restricting traffic on the network. A filter consists of a set of rules applied to a specific interface to indicate whether a packet received or sent on that interface is forwarded or discarded.

Filters are configured in general router configuration mode, then applied to the Ethernet or frame relay network interface. Filters are applied to traffic in either the transmit or receive direction on that interface.

here is one filter access list per interface, per direction, with a maximum of

33 rules per list. For IP filters, all rules with a source host IP address are applied first; all rules with a destination host IP address are applied next. The remaining filters are applied in the order in which they were configured.

Bridge Filtering

Bridge filtering does not apply when the router is in router-only mode. When bridging is enabled, separate ethertype filters are applied to the Ethernet and frame relay interfaces. They are applied to traffic in either the transmit or receive direction on that interface, with one filter access list per interface, per direction.

here is a maximum of 16 rules per list. Each rule in the access list allows the user to filter a single ethertype or range of ethertypes.

MAC frames can be filtered based on the:

TSNAP Ethernet field in the 802.2 and 802.3 header. Protocol type field in the DIX Ethernet header.

For ethertype filters, the rules are applied in the order in which they were configured.

5-14

September 2002

9128-A2-GB20-80

Image 164

Paradyne CSU, DSU, 9126-II, 9128-II manual Router Security, IP Router Filtering, Bridge Filtering

Contents

FrameSaver SLV Warranty, Sales, Service, and Training Information Copyright 2002 Paradyne Corporation All rights reservedDocument Feedback Trademarks Contents September ConfigurationTProceduresConfiguration Options Configuring the FrameSaver SLV Router Iii Security and Logins Operation and Maintenance Troubleshooting Lamp Test Setting Up NetScout Manager Plus for FrameSaver Devices Setting Up Network Health for FrameSaver DevicesMenu HierarchyT Vii Viii Snmp MIBs and Traps, and Rmon Alarm DefaultsRouter CLI TCommands, Codes, and Designations Router Command Line Summaries and Shortcuts Connectors, Cables, and Pin Assignments Technical Specifications Equipment List Index Section Description Purpose and Intended AudienceDocument Organization Xii Section Description Document Number Document Title Product-Related DocumentsXiii Conventions Used Xiv About the FrameSaver SLV System Overview CSU/DSU-Specific Features Router-Specific Features About the FrameSaver SLV FrameSaver Diagnostic and SLM Feature Sets FrameSaver Diagnostic Feature Set Through 120 Connections PVCs Dedicated Management FrameSaver SLV Feature RouterMaximum Number of PVCs and Management PVCs Supported About the FrameSaver SLV About the FrameSaver SLV Additional FrameSaverTSLV 9126-II and 9128-II Features Additional FrameSaver SLV 9128-II Features FrameSaver SLM Feature Set OpenLane SLM System NetScout Manager Plus and NetScout Probes User Interface and Basic Operation Procedure Logging On If your login was Hen Main Menu Select Screen Work Areas Screen Format Description Press Navigating the ScreensKeyboard Keys Function Keys For the screen Select Function Press Enter to Switching Between Screen Areas Selecting from a Menu Entering Information Screen ContentsSelecting a Field Navigating the Router’s CLI CLI Keyboard Keys Configuration Procedures Basic Configuration Configuration Menu Isdn Configuration Option Areas Configuration Option Area Description Accessing and Displaying Configuration Options Main Menu → Configuration Changing Configuration Options Configuration → PVC Connections Saving Configuration Options Configuration Options Configuration Options Easy Install Screen Example Using the Easy Install FeatureMain Menu → Easy Install Using RIP with FrameSaver SLV CSU/DSUs Configuration → Data Ports→ Dlci Records If the selection is Enter Entering System Information and Setting the System ClockMain Menu → Control→ System Information Setting Up the Modem Setting Up Call Directories for Trap Dial-OutMain Menu → Control→ Modem Call Directories Valid characters include For Setting Up to Use the Modem PassThru Feature Auto-Configuration Screen Example Setting Up Auto-ConfigurationMain Menu → Auto-Configuration Selecting a Frame Relay Discovery Mode Main Menu → Auto-Configuration→Frame Relay Discovery ModeDiscovery Mode Configuration Description Only applies to models with Discovery Mode Configuration Description Automatically Removing a Circuit Main Menu → Configuration → Isdn → Physical Setting Up Dial BackupSetting Up the DBM Physical Interface Setting Up Automatic Backup Configuration If you select Then Following prompt When Appears If you select Remove Alternate DestinationsFrom PVCs Delete unused Modifying Isdn Link Profiles Main Menu → Configuration → Isdn → Link ProfilesFor Originating a Backup Call For Answering a Backup Call Restricting Automatic Backup and Configuring Backup Timers Main Menu → Configuration → Auto-Backup Criteria Configuring the DBM Interface to Send Snmp Traps Assigning DLCIs to a Backup Group PVC Backup Over the Network Interface Setting Up Back-to-Back OperationChanging Operating Mode Main Menu → Control→ Change Operating Mode Configuration Option Tables Configuring the Overall System Configuring Frame Relay and LMI for the System CSU/DSUsMain Menu → Configuration → System → Frame Relay and LMI System Frame Relay and LMI Options 1 System Frame Relay and LMI Options 2 System Frame Relay and LMI Options 3 LMI Status Enquiry N1 Possible Settings 1, 2, 3, 4LMI Heartbeat T1 Possible Settings 5, 10, 15, 20, 25 System Frame Relay and LMI Options 4 Configuring Class of Service Definitions Field Setting After RfcCodePoints Selected Class of Service Definitions Class of Svc NameMeasure Latency & Availability Code Points Assigned Code Point Definitions Code Point DefinitionsCode Pnt Name Configuring Service Level Verification Options Service Level Verification Options 1SLV Type Available Settings Standard, COS 1-COS SLV Sample Interval secs Service Level Verification Options 2 Dlci Down on SLV TimeoutSLV Timeout Error Event Threshold SLV Timeout Clearing Event Threshold SLV Packet Size bytes Service Level Verification Options 3SLV Latency Clearing Event Threshold Configuring General System Options Main Menu → Configuration → System→ GeneralTest Timeout General System Options 1 General System Options 2 System Alarm Relay General System Options 3 Configuring Physical Interfaces Configuring the Network InterfaceMain Menu → Configuration → Network→ Physical Network Physical Interface Options 1 Line Build Out LBO Possible Settings 0.0, -7.5, -15 Network Physical Interface Options 2Bit Stuffing Transmit Timing Network Initiated Dclb Possible Settings Disable, V.54&ANSI Network Physical Interface Options 3Network Initiated PLB Ansi Performance Report Messages Network Physical Interface Options 4 Circuit Identifier Configuring a User Data Port CSU/DSUs Main Menu → Configuration → Data Ports→ PhysicalPort Use Possible Settings Frame Relay, Synchronous Data Data Port Physical Interface Options 1 Data Port Physical Interface Options 2 Max Port Rate KbpsPort Base Rate Kbps Transmit Clock Source Monitor DTR Data Port Physical Interface Options 3Monitor RTS Control Invert Transmit and Receive Data Data Port Physical Interface Options 4Port DTE Initiated Loopbacks Action on Network Yellow Alarm Data Port Physical Interface Options 5 Configuring the DSX-1 Interface Main Menu → Configuration → DSX-1DSX-1 Physical Interface Options 1 Interface Status DSX-1 Physical Interface Options 2 Send All Ones on DSX-1 Failure Configuring the Isdn DBM Interface Service Profile ID Spid 1 orIsdn BRI DBM Physical Interface Options Local Phone Number 1 or Local Phone Number Switch Type Possible Settings NI-2, ATT4ESS, ATT5ESS10. Isdn PRI DBM Physical Interface Options 1 10. Isdn PRI DBM Physical Interface Options 2 10. Isdn PRI DBM Physical Interface Options 3 Setting Up Isdn Link Profiles Main Menu → Configuration → Isdn → Isdn Link Profiles11. Isdn Link Profile Options 1 Link Name 11. Isdn Link Profile Options 2 Outbound Phone NumberInbound Calling ID 1 or Maximum Link Rate Kbps Assigning Time Slots/Cross Connections 11. Isdn Link Profile Options 3Caller Identification Method Alternate Outbound Phone Number Value Meaning Assigning Frame Relay Time Slots to the Network InterfaceFrame Relay Network Time Slot Assignment Screen Example Ntt Assigning DSX-1 Time Slots to the Network InterfaceTime Slot Assignment Rule DSX-1 to Network Time Slot Assignment Screen Example Ime Slot Assignment Rules DSX-1 Signaling Assignments and Trunk Conditioning RBS Idle PLAR3idle Synchronous Data Port Assignment Screen Example Sync Data Port Assignment Clearing Assignments Physical Interface Options LMI Configuring Frame Relay for an Interface13. Interface Frame Relay Options 1 13. Interface Frame Relay Options 2 Traffic PolicingLMI Parameters Frame Relay DS0s Base Rate 13. Interface Frame Relay Options 3 Dlci Number Manually Configuring Dlci Records14. Dlci Record Options 1 Committed Burst Size Bc Bits 14. Dlci Record Options 2CIR bps 14. Dlci Record Options 3 Excess Burst Size BitsDlci Priority Outbound Management Priority Backup Group Possible Settings A, B, C, . . . Z, None 14. Dlci Record Options 4 Configuring PVC Connections Main Menu → Configuration → PVC Connections15. PVC Connection Options 1 Source Dlci 15. PVC Connection Options 2 Source EdlciPrimary Destination Link Primary Destination Dlci 15. PVC Connection Options 3 Primary Destination EdlciAlternate Destination Link Alternate Destination Dlci 15. PVC Connection Options 4 Alternate Destination Edlci Configuring the IP Path List Main Menu → Configuration → IP Path List Static16. IP Path List Enter IP Address press ESC to abort ... FWD No Setting Up Management and Communication Options Configuring Node IP Information 17. Node IP Options 1 TS Access Management Link 17. Node IP Options 2 17. Node IP Options 3 TS Management Snmp Validation Configuring Management PVCs 18. Management PVC Options 1 Set DE 18. Management PVC Options 2Payload Managed 18. Management PVC Options 3 Primary Dlci 18. Management PVC Options 4 Primary Edlci Alternate Edlci 18. Management PVC Options 5Alternate Dlci 18. Management PVC Options 6 Encapsulation Configuring General Snmp Management Name 1 Access19. General Snmp Management Options 1 Snmp Management 19. General Snmp Management Options 2 Configuring Telnet and/or FTP Session SupportName 2 Access Telnet Session Telnet Login Required20. Telnet and FTP Session Options 1 20. Telnet and FTP Session Options 2 Configuring Snmp NMS Security 21. Snmp NMS Security Options 1NMS IP Validation Number of Managers 22. Snmp Traps and Trap Dial-Out Options 1 Configuring Snmp Traps and Trap Dial-Out21. Snmp NMS Security Options 2 22. Snmp Traps and Trap Dial-Out Options 2 Enterprise Specific Traps Link Traps Possible Settings Disable, Up, Down, Both22. Snmp Traps and Trap Dial-Out Options 3 Possible Settings Network, Ports, DBM, All, None 22. Snmp Traps and Trap Dial-Out Options 4Dlci Traps on Interfaces Filter Selection Field Rmon Traps Dial-Out Delay TIme Min 22. Snmp Traps and Trap Dial-Out Options 5Trap Dial-Out Trap Disconnect 22. Snmp Traps and Trap Dial-Out Options 6 Alternate Dial-Out DirectoryLatency Traps IP SLV Availability Traps Configuring Ethernet Management 23. Ethernet Management Options 1 23. Ethernet Management Options 2 Proxy ARP Character Length Configuring the Communication Port24. Communication Port Options 1 Login Required 24. Communication Port Options 2Parity Stop Bits 24. Communication Port Options 3 24. Communication Port Options 4 RIP Configuring the Modem Port 10024. Communication Port Options 5 25. Modem Port Options 1 101 25. Modem Port Options 2 102 25. Modem Port Options 3 103 25. Modem Port Options 4 Configuring the Criteria for Automatic Backup Main Menu → Configuration → Auto Backup Criteria26. Auto Backup Criteria Options 1 104 26. Auto Backup Criteria Options 2 When Auto Backup AllowedBackup Allowed Day From nnnn Backup Allowed Day To nnnn 106 Configuring the FrameSaver SLV Router Ethernet FrameSaver SLV Router OverviewNetwork Interface Proxy ARP Address Resolution ProtocolIP Routing Interface Configuration Applications Supported by NAT Network Address TranslationIP Options Processing NAT Configuration Example NAT Mapping Public IP Addresses Private IP Addresses Save exit Napt Mapping Public IP Address Private IP Addresses Napt Configuration ExampleNetwork Address Port Translation Int ethernet 0 ip nat inside int serial 0.x ip nat outside Access-list 1 permit 10.1.3.0Ip nat inside source list 1 interface se 0.x overload NAT and Napt Configuration Example Ip nat inside source static 10.1.1.1 Dynamic Host Configuration Protocol Server Dhcp Server with NAT Configuration Example Public IP Addresses for NAT Private IP Addresses Dhcp Server at Remote Site Configuration Example Dhcp Relay Agent Bridge Filtering Router SecurityIP Router Filtering Provisioning the Router Interface IP FilteringLand Bug Prevention Smurf Attack Prevention Configuring the Router Using Terminal Emulation Security and Logins Limiting Access Controlling Asynchronous Terminal Access Set the configuration option Limiting Dial-In Access via the Modem Port Isdn Call Security Controlling Isdn AccessDisabling Isdn Access Controlling Telnet or FTP Access Limiting Telnet Access Limiting FTP Access Has a Level-1 login and Level-2 telnet access has Controlling Snmp Access Disabling Snmp Access Assigning Snmp Community Names and Access Levels Limiting Snmp Access Through IP Addresses Main Menu → Configuration →General Snmp Management → Snmp Management Enable Management and Communication → Field Enter Creating a LoginMain Menu → Control→ Administer Logins Modifying a Login Deleting a Login Largo Controlling Router CLI AccessAccess Levels Command Modes Changing Access Levels EnableEnable password password End Security and Logins September Operation and Maintenance Operation and Maintenance View this field To find Displaying System InformationMain Menu → Status → Identity Viewing LEDs and Control Leads Isdn DBM FrameSaverTM SLV FrameSaver SLV 9126 LEDs and Control Leads Main Menu → Status → Display LEDs and Control Leads Display LEDs & Control Leads Screen for a FrameSaver SLV FrameSaver SLV 9128-II LEDs and Control Leads Main Menu → Status → Display LEDs and Control Leads LED Descriptions General Status LEDs 1Label Indiction Color What It Means ALM General Status LEDs 2 ContdModel 9128-II Network, DSX, or PRI Interface LEDs Label Indication Color What It MeansUser Data Port LED CSU/DSUs Only Ethernet Port LED Routers Only Control Lead Descriptions Additional Control Leads Label Indication What It MeansNetwork Interface User Data Port Device Messages Device Messages 1 What It Indicates What To DoSeen at an FTP Terminal Device Messages 2 What It Indicates What To Do See Changing Software on Device Messages 3 What It Indicates What To Do PVC Device Messages 4 What It Indicates What To Do Reset COM Port usage Device Messages 5 What It Indicates What To DoFrameSaver SLV II only Device Messages 6 What It Indicates What To Do Status Information Status Menu Example Last System Reset Date and Time System and Test Status MessagesMain Menu → Status → System and Test Status Self-Test Results Messages Change Operating Mode Health and Status MessagesHealth and Status Messages 1 What It Indicates Isdn PRI DBM only FrameSaver SLV 9126-II or Health and Status Messages 2 What It IndicatesFrame relay link 1,2 Health and Status Messages 3 What It Indicates Health and Status Messages 4 What It Indicates Framerelaylink 1,2 Series Access Carrier only Health and Status Messages 5 What It IndicatesPathIP Address Down Nnnn, framerelaylink 1,2 Health and Status Messages 6 What It Indicates Relay Network Assignments and an LMI failure is Configuration→ Time Slot Assignment → FrameHealth and Status Messages 7 What It Indicates Test Status Messages Test Status Messages 1 What It IndicatesDclb Active, framerelaylink 1 or Framerelaylink 1 ,3 Test Status Messages 2 What It Indicates LMI-Reported DLCIs Status Screen Example Network LMI-Reported DLCIs StatusMain Menu → Status→ LMI Reported DLCIs Tframe relay network, or IP Path Connection Status Screen Example IP Path Connection StatusMain Menu → Status→ IP Path Connection Status 11. IP Path Connection Status Field What It Indicates PVC Connection Status Screen Example PVC Connection StatusMain Menu → Status→ PVC Connection Status Edlci 12. PVC Connection Status 1 Field What It IndicatesMgmtPVCName 12. PVC Connection Status 2 Field Status What It Indicates Time Slot Assignment Status Displaying Network Time Slot AssignmentsMain Menu → Status→ Timeslot Assignment Status → Network Network Timeslot Assignment Status Screen Example Cross Connect Status Field bottom Indicates Displaying DSX-1 Time Slot AssignmentsMain Menu → Status→ Timeslot Assignment Status→ DSX-1 DSX-1 Timeslot Assignment Status Screen Example DBM Interface Status Screen Example DBM Interface StatusMain Menu → Status→ DBM Interface Status 13. DBM Interface Status 1 Field What It Indicates Invalid Call ID is displayed Link Name Disabled 13. DBM Interface Status 2 Field What It IndicatesAwarded and Being Delivered In Est Chnl-7 13. DBM Interface Status 3 Field What It Indicates Value is Call AwardedBeing Delivered In Est Chnl-7 Most Recent and Previous Cause Value Messages Make sure the network is Operation and Maintenance Normal class applies for this Correct number Operation and Maintenance IP Routing Table Main Menu → Status→ IP Routing TableIP Routing Table Screen Example 15. IP Routing Table Values 1 Column What It Indicates 15. IP Routing Table Values 2 Column What It Indicates TTL Performance Statistics Menu Performance StatisticsMain Menu → Status→ Performance Statistics Clearing Performance Statistics Service Level Verification Performance Statistics 17, SLV Performance Statistics for IP Enabled Dlci Verification Options, in , Configuration Options, must Verification Options, in , Configuration Options, over Service Definitions in , Configuration Options COS ID Size is changed, a new average is not available until a new 18. Dlci Performance Statistics 1 What It Indicates Dlci Performance StatisticsMain Menu → Status → Performance Statistics→ Dlci 18. Dlci Performance Statistics 2 What It Indicates Additional Performance Statistics for IP Enabled Dlci Frame Relay Performance Statistics Main Menu → Status → Performance Statistics→ Frame RelayFor FrameSaver units with an Isdn DBM 20. Frame Relay Performance Statistics 1 What It Indicates Frame Relay Errors 20. Frame Relay Performance Statistics 2 What It Indicates 20. Frame Relay Performance Statistics 3 What It Indicates Frame Relay LMI Frame Relay Hdlc Errors 20. Frame Relay Performance Statistics 4 What It Indicates To select intervals You must enter an interval or time on ESF Line Performance StatisticsMain Menu → Status → Performance Statistics→ ESF Line ESF Line Performance Statistics Screen Example Lofc UAS Lofc DBM Call Performance Statistics 22. DBM Call Performance Statistics What It Indicates 23. Ethernet Performance Statistics What It Indicates Ethernet Performance StatisticsMain Menu → Status → Performance Statistics → Ethernet Trap Event Log Screen Example Trap Event LogMain Menu → Status → Trap Event Log Activating the Modem PassThru Feature Canceling Modem PassThru OperationMain Menu → Control→ Enable Modem PassThru to COM Main Menu → Control→ Disable Modem PassThru to COM Main Menu → Control→ Disconnect Modem Manually Disconnecting the ModemVerifying Modem Operation Forcing Backup Disruptive Isdn DBM Operation If the Result is Then Placing a Test Call NondisruptiveMain Menu→ Test→ Isdn Call/PVC Tests System Operational should appear Verifying That Backup Can Take PlaceVerifying Isdn Lines FTP File Transfers Command Definition Upgrading System Software If the message displayed is Then Upgrading Isdn BRI DBM Software Main Menu → Status→ Identity Main Menu → Control→ Select Software Release Determining Whether a Download Is CompletedChanging Software Transferring Collected Data If retrieving Hen Turning Off the System Alarm Relay Main Menu → Control→ System Alarm Relay Cut-Off Operation and Maintenance September Troubleshooting Problem Indicators Indicators SeeOperation and Maintenance Main Menu → Status → Display LEDs and Control LEDs Resetting the Unit By Cycling the Power Resetting the Unit and Restoring CommunicationResetting the Unit from the Control Menu Restoring Communication with an Improperly Configured Unit If selecting He following occurs Troubleshooting Management Link Feature LMI Packet Capture Utility Feature LMI Packet Capture Utility→ Display LMI Trace Log LMI Trace Log Example Menu → Control → Reset Device AlarmsAlarm Conditions 1 What It Indicates What To Do Alarm Conditions 2 What It Indicates What To Do Main Menu → Configuration → Isdn → Link ProfilesName IPAddress Alarm Conditions 3 What It Indicates What To Do Menu→ Configuration→LMI Down, frame relay Link Alarm Conditions 4 What It Indicates What To Do DTE Alarm Conditions 5 What It Indicates What To Do PathIP Address Alarm Conditions 6 What It Indicates What To Do Nnnn , frame relay Alarm Conditions 7 What It Indicates What To Do Troubleshooting Tables Device ProblemsDevice Problems 1 Symptom Possible Cause Solutions Viewing the Trap Event Log Device Problems 2 Symptom Possible Cause Solutions Improperly Configured Unit on Frame Relay PVC Problems Frame Relay PVC Problems Symptom Possible Cause Solutions Main Menu → Status → DBM Interface Status Isdn DBM ProblemsIsdn DBM Problems Symptom Possible Cause Solutions Tests Available Test Menu Example Test Timeout Feature DBM Tests When the status of a test is Only command available is Starting and Stopping a Test Aborting All Tests PVC Tests PVC Tests Screen Example PVC Loopback Main Menu → Test→ Network PVC TestMain Menu → Test→ Data Port PVC Tests Main Menu → Test→ Isdn Call/PVC Tests Send Pattern Monitor PatternNetwork PVC Tests/Data Port PVC Tests Isdn Call/PVC Tests Connectivity Test Call Physical Tests Physical Tests Screen Example LLB Line LoopbackMain Menu → Test→ Network Physical Tests Payload Loopback PLB Repeater Loopback RLB AIS DTE Loopback Main Menu → Test→ Data Port Physical TestsDSX Dtlb DTE Send Line Loopback Data Channel Loopbacks on a Frame Relay Link Send Remote Line Loopback Main Menu → Test→ Network Physical Tests/PRI Physical Tests Send and Monitor Pattern Tests Qrss IP Ping Test Ping Screen Example Ping Options 1 Target IP Address Inter-Ping Delay Ping Options 2Source IP Address Packet Size Ping Responses Field Possible Values Description Response TimeoutPing Options 3 IP Ping Test Procedure Main Menu → Test→ IP Ping Lamp Test Main Menu → Test→ Lamp Test His chapter includes Setting Up the OpenLane SLM System OpenLane Support of FrameSaver Devices Setting Up FrameSaver Support Ordering SLM Feature Set Activations To Find Your License Key Number Activation Certificate Administering and Managing SLM Activations Entering an Activation Certificate Checking Activation Certificate Status Scheduling Activations Checking the Status of Scheduled Activations Canceling Scheduled ActivationsAccessing and Printing the Certificate Summary Report 9128-A2-GB20-80 Setting Up NetScout Manager Plus for FrameSaver Devices 10-1 Alarms Preparation10-2 Properties Configuring NetScout Manager Plus 10-3 10-4 Verifying Domains and Groups 10-5 Correcting Domains and Groups 10-6 Property Description Setting 10-7 Adding SLV Alarms Using a Template 10-8 Editing Alarms 10-9 10-10 Adding SLV Alarms Manually 10-11 Paradyne 10-12Field Select or Enter Creating History Files 10-13 10-14 Change 1.3.6.1.2.1.10.32.2.1.6.@IFN.@DLCI to Installing the User-Defined History Files Dvuhist -f Dallas51 3 config 30 60 Dallas51k.udhDvuhist -f Dallas51 301 3 config 30 60 Dallas301.udh 10-15 Monitoring a DLCI’s History Data 10-16 10-17 Monitoring the Agent Using NetScout Manager Plus 10-18 10-19 Traffic Statistics Protocol Statistics Statistical Windows Supported10-20 Setting Up Network Health for FrameSaver Devices 11-1 Installation and Setup of Network Health 11-2 Discovering FrameSaver Elements 11-3 Configuring the Discovered Elements 11-4 Grouping Elements for Reports 11-5 About Service Level Reports Generating Reports for a GroupAbout At-a-Glance Reports 11-6 Reports Applicable to SLV Devices About Trend ReportsPrinted Reports 11-7 11-8 11-9 FrameSaver SLV Plus At-a-Glance Report 11-10 Menu Hierarchy Menus Status Easy Install Menu Hierarchy September Snmp MIBs and Traps, and Rmon Alarm Defaults MIB Support Downloading MIBs and Snmp Traps System Group mib-2 Interfaces Group mib-2FrameSaver Unit’s sysDescr system FrameSaver Unit’s sysObjectID system Frame Relay Logical Layer NAM Profile Link Name FR DTE T1 FR NAM FR Service T1 FR NAMNetScout Indexes to the Interface Table ifTable Rmon Logical Layer IfName of the interfaceNumber Dlci number ALL Number Dlci number DTE Standards Compliance for Snmp Traps Examples Trap authenticationFailure Trap warmStartTable B-3. warmStart Trap What It Indicates Possible Cause Variable-Binding Traps linkUp and linkDown Physical Sublayer PRIMIB Strings BRI Logical Link Sublayer Traps enterprise-Specific Xxx.xxx.xxx.xxx , COS nn Nnnn ’ ‘Path xxx.xxx.xxx.xxx Up That the secondary clock source Traps RMON-Specific Trap dialControl Standard Dial Control MIB Rmon Alarm and Event Defaults Event DefaultsEventIndex EventDescription EventType EventCommunity Dial Control Extension MIB Physical Interface Alarm Defaults Rising Event Operation Frame Relay Link Alarm Defaults Snmp MIBs and Traps, and Rmon Alarm Defaults Dlci Alarm Defaults Paradyne Area MIB FR DTE MIB RFC Dlci Alarm Defaults NetScout Area OID Rx Dlci Link Object ID Cross-References Numeric Order 6.1.2.1.2.2.1 6.1.2.1.2.10.32.2.16.1.2.1.16.12.2.1 MIB Rmon II RFC 6.1.4.1.1795.2.24.2 6.1.4.1.1795.2.24.2.6.9.4Dlci CIR CIR Dlci EIR 6.1.4.1.1795.2.24.2.6.9.4.7.1 6.1.4.1.1795.2.24.2.6.9.4.4.26.1.4.1.1795.2.24.2.6.9.4.5.2.1 6.1.4.1.1795.2.24.2.6.9.4.10.3.1 6.1.2.1.10.18.9.1 6.1.2.1.10.32.2.1 6.1.4.1.1795.2.24.2.6.9.4 6.1.4.1.1795.2.24.2.6.9.4 CLI Commands Convention MeaningX.x Xxxxxxxxxxxx Router CLI Commands, Codes, and Designations Pager Command Access Control CommandsTable C-1. Pager Command Table C-2. Access Control Commands Configuration Commands Table C-3. Configuration CommandsConfigure terminal factory Example configure terminal Interface Commands Table C-4. Interface Commands 1Command Mode config, config-if, config-subif Example interface serial 132.53.4.2 Table C-4. Interface Commands 2 Encapsulation encapsulation-type encapsulation-protocolExample ip address 132.53.4.2 Example encapsulation frame-relay ietf Table C-4. Interface Commands 3 No ip unnumbered nullNo frame-relay interface-dlci dlci-num Example ip unnumbered IP Routing Commands Table C-5. IP Routing CommandsNo ip routing No ip multicast-routing Example bridge crb 1 route ip Bridge CommandsTable C-6. Bridge Commands 1 Table C-6. Bridge Commands 2 Command Mode config-if, config-subifNo bridge-group bridge-group Example no bridge-group ARP Commands Table C-7. ARP CommandsArp timeout time No arp timeout time Example arp timeout NAT Commands Table C-8. NAT Commands 1Example ip nat translation timeout No ip nat inside outside Table C-8. NAT Commands 2 Ip nat pool pool-name start-ip-addr end-ip-addrNetmask netmask prefix-length / prefix-length No ip nat pool pool-namestart-ip-addr end-ip-addr From previous Table C-8. NAT Commands 3Clear ip nat translation Dhcp Server Commands Table C-9. Dhcp Server Commands 1No service dhcp No ip dhcp pool pool-name Table C-9. Dhcp Server Commands 2 Default-router ip-address No default-router ip-addressDomain-name domain-name No domain-name domain-name Dns-server ip-address No dns-server ip-address Table C-9. Dhcp Server Commands 3 Network network-num Dhcp Relay Agent Commands Table C-10. Dhcp Relay Agent CommandsNo ip dhcp-server ip-address Example ip dhcp relay max-clients Filter access-list Commands Table C-11. Filter Commands 1Access-list access-list-num permit deny No access-list access-list-numpermit deny Table C-11. Filter Commands 2 For Extended IP Access Lists Example access-list 200 permit 0x200 range Table C-11. Filter Commands 3For Protocol Type Access Lists Table C-11. Filter Commands 4 No ip access-group access-list-1-199numin out Diagnostic Commands Table C-12. Diagnostic Commands 1 Table C-12. Diagnostic Commands 2 Traceroute protocol dest-ipsource source-ip length bytes Show Commands Table C-13. Show Commands 1Show configuration Show arp Table C-13. Show Commands 2 Show configuration saved unsavedShow frame-relay map Show interface intf-type intf-num .sub-intf-num Table C-13. Show Commands 3 Show ip dhcp binding ip-addressShow ip nat translations Show ip route ip-address Show spanning-tree Table C-13. Show Commands 4Show ip traffic Ethernet Type Codes Table C-14. Ethernet Type Codes Hex 1 Description Table C-14. Ethernet Type Codes Hex 2 Description All 3 n = Destination unreachable Protocol and Port DesignationsIcmp Designations All 5 n = All redirects TCP Port Designations UDP Port Designations Router Command Line Summaries Shortcuts CLI Summaries Intf-type intf-num .sub-intf-num Show Command SummaryTable D-1. Show Commands Function Access Control and System Level Command Summary Table D-2. Access Control and System Level Commands Function CLI Command Summary Table D-3. CLI Commands 1Clear counters intf-type intf-num .sub-intf-num Dns-serverip-address Table D-3. CLI Commands 2 Encapsulation encapsulation-type encapsulation-protocol CLI Command Default Settings Connectors, Cables, and Pin Assignments Rear Panels Connectors, Cables, and Pin Assignments Model COM Port Connector Signal Direction Pin #Pin # Signal Direction COM Port for 9126 and 9128-II 25-Position COM Port-to-PC Cable Feature No -F2-550 COM Port for 9128-II Carrier MountCOM Port Non-Keyed Position Modular Plug DB9 Socket Position Modular Plug DB25 Plug COM Port-to-Terminal/Printer Cable Feature No -F2-540COM Port Non-Keyed COM Port AUX Port Signal DB25 Pin # Direction RJ45 Pin # COM Port AUX Port Signal DB25 Pin # DirectionCOM Port-to-Router Cables Cisco 2500 Series Router RJ45 Jack 3COM Router DB9 Socket COM Port Console Port Signal DB25 Pin # Direction DB9 Pin #COM Port AUX Port Signal RJ45 Pin # Direction COM Port AUX Port Signal RJ45 Pin # Direction DB25 Pin # Gender Adapter/Changer LAN Adapter Converter and CablePlug-to-Modular Jack Converter Com Port Position DB25 Plug DTR RTS DTE Port Connector Direction Pin Socket Standard V.35 Straight-through Cable Standard V.35 Crossover CableMM NN Pin DSX-1 Connector DSX-1 Adapter Feature No -F1-560Function Circuit Direction Pin Number Position DB15 Modular Plug Socket Unkeyed DSX-1 Port for 1-Slot 9128-II 15-Position Function Circuit Line # Pin # T1 Network Cable Feature No -F1-500T1 Mass Termination Cable Feature No -F1-500 Plug Unkeyed Ethernet Port ConnectorCanadian T1 Line Interface Cable Feature No -F1-510 Isdn Modular Cable Modem ConnectorIsdn DBM Connector Connectors, Cables, and Pin Assignments September Table F-1. NAM Technical Specifications 1 Criteria Physical DimensionsApprovals Physical Environment Table F-1. NAM Technical Specifications 2 Criteria Table F-1. NAM Technical Specifications 3 Criteria Isdn PRI DBM InterfaceB8ZS Ethernet Port Power Consumption Dissipation Ethernet Port FrameSaver Isdn BRI DBM InterfaceBRI, NI-1 Heat Dissipation Max AC Power RequirementsTypical Power Consumption Switch Compatibility Service SupportedSwitched Network Interface Standards Compliance Line Build-Out LBO Framing FormatCoding Format Model/Feature EquipmentDescription Number FrameSaver SLV Units Equipment List Isdn PRI DBM FrameSaver SLM Feature Set Upgrade Optional FeaturesPower Supplies NMS Products Series Access Carrier 9128-II NAM only Description Part Number Feature Number Cables Index IN-1 CLI IN-2Becn IN-3 Dhcp IN-4 DBM EIR IN-5EER IN-6 IP SLV IN-7LAN LOS IN-8LOF IN-9 NMS IN-10 OID IN-11 Port IN-12 IN-13 IN-14 IN-15 IN-16