Security, 125 | Patton electronic 3086 manual

Model 3086 G.SHDSL Integrated Access Device User Guide	6 • Security

After configuring the FTP portfilter, you can open an ftp session from Remote to Local, however you can issue ftp commands (e.g., login, cd, etc.) but transfer data (e.g., ls, dir, get, put commands). The portfilter allows an ftp control channel but does not allow the use of a secondary data channel for passing data by ftp.

To enable the ftp data channel, add a trigger which will open a secondary channel only when data is being passed. This prevents the need to open too many ports which offer a security risk.

1.From the Configuration Menu, > Configuration > Security > Firewall Trigger Configuration > New Trig- ger.

2.Set the parameters as follows:

–Transport Type = tcp

–Port Number Start = 21

–Port Number End = 21

–Allow Multiple Hosts = Block

–Max Activity Interval = 3000

–Enable Session Chaining = Block

–Enable UDP Session Chaining = Block

–Binary Address Replacement = Block

–Address Translation Type = none

3.Click on Apply.

You should now be able to use ftp commands to pass data between Remote and Local.

Security Triggers

125

Image 125

Patton electronic 3086 manual Security, 125

Contents

Shdsl Integrated Access Device Patton Electronics Company, Inc Contents Basic Application Configurations Contents Specialized Configurations 113 Contacting Patton for assistance 143 Cable Recommendations 157 Contents Page Structure About this guideAudience Precautions About this guide Factory default parametersSafety when working with electricity Mouse conventions Typographical conventions used in this documentGeneral conventions General Information Chapter contents Model 3086 G.SHDSL IAD overview Model 3086 G.SHDSL IAD overviewGeneral attributes Ethernet Shdsl CharacteristicsTDM Interface Protocol support Management PPP SupportATM Protocols Model Security WAN DSL Console port outlined in red Rear panel connectors and switchesPower connector Line port outlined in yellow RJ-11/4 DSL line port uses pins 2 and 3 of the RJ-11 portEthernet port outlined in green Product Overview Applications Overview Product Overview IP/FR and TDM Access Internet/Extranet AccessIP/FR and Voice over DSL Product Overview Metro Intranet Access Quick Start Installation What you will need Hardware installationInstalling the AC power cord Quick Start Installation Connecting network cables PC Configuration Web Operation and ConfigurationIP address Quick Start modification IP address has now been successfully changed Model 3086 menu structure is shown in on Model 3086 home page displays see Figure Model 3086 Menu Structure Basic Application Configurations Basic Application Configurations IPoA Routed RFC Introduction TDM Port Routed WAN Services Bridged WAN Services Rear panel power and interface connectors Connecting the 3086 serial port to a DCE Connecting the 3086 serial port to a DTEX.21 Ports Interfaces X.21 Ports Configuring the V.35 or X.21 port via DIP switches DIP switches location Switch Position Function Factory Default Selected Option Switch Bank S2 Switch Bank S3 T1 Interface Connection T1 Interface DIP Switch Configuration T1 Interface Configuration Data Rate kbps Figuration only Line Code The 3086 T1 interface uses B8ZS Web Interface Configuration E1 Interface Connection E1 Interface Description of S2 options follows the table E1/CRC S3-8 Setting Web Interface Configuration CLI configuration Using the 3086 as a simple modem TDM data over DSLCLI configuration Wait for configuration saved message… Saving configuration… Clear Error Counters Web browser configurationCircuit ID Intended DSL Data Rate Terminal Type Intended Serial Interface Data RateDSL Rate Number of i Bit TDM Plus Ethernet Traffic Selecting the DSL link speed Selecting PCM modeAssigning bandwidth to serial and Ethernet ports Central or Remote terminal Master/Slave Select between Annex a and Annex B To select Annex B type For 3086 a at the prompt typeFor 3086 B type Circuit ID Intended Serial Interface Data Rate Interface Type Model 3086 Remote Configuration Steps PPPoH Bridged Using the 3086 in Routed or Bridged applicationsTwo stand-alone units directly connected Ethernet extension Hdlc Pppoh Bridged Leave User name and Password blank. Click on Apply Model 3086 Central Configuration Steps PPPoH Bridged Network Extension HDLC-PPPoH Routed Model 3086 Remote Configuration Steps PPPoH Routed Model 3086 G.SHDSL Integrated Access Device User Guide Click on Configure Basic Application Configurations Model 3086 Central Configuration Steps PPPoH Routed Using the 3086 in Routed or Bridged applications Dslam Connections with remote CPE units Bridged application configurations to a DslamRFC 1483 Bridged Configuration Model 3086 Remote Configuration Steps RFC 1483 Bridged Model 3086 Central Configuration Steps RFC 1483 Bridged PPPoH Bridged Configuration Dslam Connections with remote CPE units Model 3086 Central Configuration Steps PPPoH Bridged Model 3086 Remote Configuration Steps PPPoA Bridged PPPoA Bridged RFC 2364 Configuration VPI = VCI = LLC header mode = off Hdlc header mode = off Model 3086 CentralConfiguration Steps PPPoA Bridged RFC 1483 Routed Routed application configurations to a DslamModel 3086 Remote Configuration Steps RFC 1483 Routed Model 3086 G.SHDSL Integrated Access Device User Guide Basic Application Configurations One IP interface was called ip1 with an IP address Model 3086 Central Configuration Steps RFC 1483 Routed Ip set interface ip1 ipaddress 192.168.100.2 Dslam Connections with remote CPE units Basic Application Configurations PPPoH Routed Ip set interface ip1 ipaddress 192.168.100.2 Dslam Connections with remote CPE units Basic Application Configurations Model 3086 Central Configuration Steps PPPoH Routed Basic Application Configurations Basic Application Configurations PPPoA Routed RFC Model 3086 Remote-Client Configuration Steps PPPoA Routed Chap User Namefred Passwoodfredspass Click on Configure Basic Application Configurations Dslam Connections with remote CPE units Model 3086 Central-Server Configuration Steps PPPoA Routed 100 101 102 Local IP Magic Number MRU 103 104 105 106 107 Model 3086 Remote Configuration Steps IPoA RoutedIPoA Routed RFC 108 109 110 111 Model 3086 Central Configuration Steps IPoA RoutedVPI0 VCI700 WAN IP address Click on Apply 112 Specialized Configurations Router IP ConfigurationsRIP and RIPv2 Static Route Dhcp Server and Relay 115 Specialized Configurations 116 DNS Client 117 DNS Relay Mode IP Configurations Security 120 Configuring the IAD 121 Configuring the security interfacesSecurity 122 Deleting a Firewall Policy Firewall Portfilters Enabling the FirewallFirewall Policies Firewall policy named item0 is now deleted 124 Security Triggers 125 126 Scan Attack Block DurationDefault = 86400 secondsIntrusion Detection System IDS 127 Intrusion Detection System IDS NAT Network Address Translation 130 Enabling NAT 131 Global address pool and reserved mapNAT Network Address Translation 132 Monitoring Status 134 Status LEDs Diagnostics Configuration Software UpgradesProcedure Ping Operating Local Analog Loopback LAL-Serial Port Loop DiagnosticsOperating Remote Digital Loopback RDL-DSL Loop 137 138 T1/E1 DiagnosticsNetwork Loop 139 T1/E1 Local Loop 140 QRSS-BIT Error Rate Diagnostics T1/E1 connection Status AlarmsTransceiver Status FDL statistics T1 only 142 BIT Error Rate V.52 Diagnostics Contacting Patton for assistance Out-of-warranty service Warranty coverageContact information Returns for credit RMA numbers Return for credit policyShipping instructions Contacting Patton for assistancePage Appendix a Compliance information Compliance SafetyRadio and TV Interference FCC Part CE Declaration of Conformity FCC Part 68 Acta Statement Authorized European RepresentativeIndustry Canada Notice 149 150 Appendix B Specifications Shdsl Characteristics General CharacteristicsEthernet 152 T1/E1 Interface 3086/RIK and RIT models only Sync Serial Interface64K/G.703 Port 3086/RIF Model Protocol Support ATM Protocols PPP SupportManagement 154 Power and Power Supply Specifications DimensionsSecurity Compliance Standard Requirements 156 Appendix C Cable Recommendations Ethernet Cable DSL CableAdapter Foot 3 m, RJ-11/RJ-11 refer to RJ-11non-shielded port on Appendix D Physical Connectors RJ-45 shielded 10/100 Ethernet port Assuming the MDI-X switch is in the out positionRJ-11 non-shielded port RJ-45 non-shielded RS-232 console port EIA-561 35 DB-25 Female Connector 35 M/34 ConnectorPhysical Connectors Serial port 21 DB-15 Connector E1/T1 RJ-48C Connector Power inputIEC 320 connector two prong 162 163 Appendix E Command Line Interface CLI Operation Produces a list of numbered transport objects CLI TerminologyLocal VT-100 emulation Remote Telnet Command Line Interface CLI Operation Using the ConsoleThen 165 Setting user passwords Administering user accountsAdding new users Following information is returned Controlling login access Changing user settingsControlling user access Shdsl Commands 168 To establish the DSL linkFor CPE remote unit 169 170 Appendix F Interworking Functions Information Interworking Functions Information ManagementType Default Value nomaintenance LMI Configuration OptionsFrame Relay Local Management Interface 173 T391Value Default Value MgtAutoStart Default Value FalseT392Value Default Value FullReportCycle Default Value Show current configuration CLI Configuration MethodsCommand lmi show Set configuration variable Web Configuration Methods Frame Relay Service Interworking FRF.8FRS Configuration Options DE Mapping 177 Translation ModeFecn Mapping 178 FRS Name Command frs set group # variable value CLI Configuration MethodShow one of the eight groups Set variable attributes on a specified group 180 Set variable attributes on a specified channelFRS Overview Screen 181 Group/Channel Level Configuration Screen 182 FRN Configuration OptionsFrame Relay Network Interworking FRF.5 183 Port Level Configuration Options 184 Channel Level Configuration Options List all ports available to the system CLI Configuration Methods for Port Level ManagementShow detailed information about a specific port 185 Configuration Management of the Channel Level Variables Command frn set port# variable valueUnderstanding the Channel Level View 186 187 Set Configuration Variables associated with the ChannelsCommand frn set port# channel # variable value 188 Port Level Information Screen 189 Channel Level Information ScreenPacket Information Screen Frame Relay Ethernet Based Operations Frame Relay Configuration OptionsFrame Relay CLI Configuration Options Delete the specified transport Clear all Frame Relay TransportsList all active Frame Relay Channels 191 Web Based Configuration of the Frame Relay Channel Serial Interface ConfigurationConfiguration Variables Available Clock Mode 193 Show current configuration settingsGain help about the Serial Interface Ping commands from the CLI Interface Web Interface ConfigurationsPing and Trace Route 194 Define Usage ip traceroute Trace Route from the CLI InterfaceStart Trace Route ip traceroute start 195 Backup Configuration Backup and Restore FeaturesRestore Configuration Ping and traceroute from the web interface