Cyclades Access Router Cyclades-PR1000 manual

Cyclades-PR1000 Installation Manual Access Router Cyclades Corporation[...]

Cyclades-PR1000 Installation Manual V ersion 1.2 – May 2002 Copyright (C) Cyclades Corporation, 1998 - 2002 W e believe the information in this manual is accurate and reliable. However , we assume no responsibility , financial or otherwise, for any consequences of the use of this product or Installation Manual. This manual is published by Cyclade[...]

Cyclades-PR1000 T able of Contents T able of Contents CHAPTER 1 HOW TO USE THIS MANUAL .............................................................................................. ........ 7 Installation Assumptions ....................................................................................................... ........................... [...]

Cyclades-PR1000 T able of Contents Other Parameters ............................................................................................................... ............................ 44 CHAPTER 6 THE SWAN INTERF ACE .................................................................................................. .......... 45 CHAPTER 7 N[...]

Cyclades-PR1000 T able of Contents OSPF Global Configurations ..................................................................................................... ................. 72 CHAPTER 10 CYROS, THE OPERA TING SYSTEM ....................................................................................... 7 7 Creation of the host table ......[...]

Cyclades-PR1000 T able of Contents CHAPTER 14 VIRTUAL PRIV A TE NETWORK CONFIGURA TION ............................................................... 104 APPENDIX A TROUBLESHOOTING .................................................................................................... ......... 109 What to Do if the Login Screen Does Not Appear When U[...]

Cyclades-PR1000 7 Chapter 1 - How T o Use This Manual CHAPTER 1 HOW TO USE THIS MANUAL Three Cyclades manuals are related to the PR1000. 1 The Quick Installation Manual -- provided with the router , 2 The Installation Manual -- available electronically on the Cyclades web site, 3 The CyROS Reference Guide -- also available electronically on the Cyc[...]

Cyclades-PR1000 8 Chapter 1 - How T o Use This Manual Chapter 12 - Filters and Rules - demonstrates how to protect your router from undesired traffic. Chapter 13 - IPX - presents the hidden menus available only in routers with IPX activated. Chapter 14 - Virtual Private Network - describes CyROS’ VPN implementation. Appendix A - T roubleshooting [...]

Cyclades-PR1000 9 Chapter 1 - How T o Use This Manual Icons Icons are used to draw attention to important text. Icon Meaning Why What is Wrong? When an error is common, tex t with this ico n w ill mention the sym ptoms and how to resolv e the problem. Where Can I Find More Informa tion? CyROS contain s many feature s, and sometime s related materia[...]

Cyclades-PR1000 10 Chapter 1 - How to Use This Manual Cyclades T echnical Support and Contact Information All Cyclades products include limited free technical support, software upgrades and manual updates. These updates and the latest product information are available at: http://www .cyclades.com ftp://ftp.cyclades.com/pub/cyclades Before c ont act[...]

Cyclades-PR1000 11 Chapter 1 - How to Use This Manual The mailing address and general phone numbers for Cyclades Corporation are: Cyclades Corporation Phone: + 01 (510) 770-9727 Fax: + 01 (510) 770-0355 41829 Albrae Street Fremont, CA 94538 USA[...]

Cyclades-PR1000 Chapter 2 - What is in the Box 12 CHAPTER 2 WHA T IS IN THE BOX The Cyclades-PR1000 comes in two varieties, described below . Both models are accompanied by the following accessories: • Quick Installation Manual • Documentation CD containing the complete Installation Manual and the CyROS Reference Guide • Console Cable and Pow[...]

Chapter 2 - What is in the Box 13 Cyclades-PR1000 The V .35/RS-232 Model DB-25 Male DB-25 Male Back Panel of PR1000 or Straight- Through Cable Straight- Through Cable DB-25 Male RS-232 Modem with DB-25 Interface Console Cable Labeled “Conf” or “Console” T o COM Port of Computer Power Source T o W all Outlet V .35 DSU/CSU with M.34 Interface[...]

Cyclades-PR1000 Chapter 2 - What is in the Box 14 The X.21 Model DB-15 Male Back Panel of PR1000 DB-25 Male X.21 DSU/CSU with DB-15 Interface Console Cable Labeled “Conf” or “Console” T o COM Port of Computer Power Source T o W all Outlet X.21 Modem Cable 1 0 WAN O n/O ff Ethernet C onsole FIGURE 2.2 X.21 MODEL Figure 2.2 shows which cable [...]

Chapter 2 - What is in the Box 15 Cyclades-PR1000 Horizontal Surfaces The V elcro® strips should be used to attach the PR1000 more firmly to a horizontal surface. Remove the backing from the prickly V elcros® and attach them to the router as shown in the figure. Remove the backing from the fuzzy V elcros® and place them on the horizontal surface[...]

Cyclades-PR1000 Chapter 2 - What is in the Box 16 Next, place the PR1000 on the horizontal surface, aligning the fuzzy and prickly V elcros® as shown in Figure 2.4. Cyclades-PR1000 Horizontal Surface Where the PR1000 Will be Secured FIGURE 2.4 HOW TO ATT ACH THE PR1000 TO A HORIZONT AL SURF ACE V ertical Surfaces There are two slots in the base of[...]

Chapter 2 - What is in the Box 17 Cyclades-PR1000 184,8 mm or 7.27 in Screw Slot Cyclades-PR1000 V ertical Surface Where the PR1000 Will be Secured T wo 5mm Ø Screws with Nylon Fixings FIGURE 2.5 POSITIONING OF SCREWS[...]

Cyclades-PR1000 Chapter 2 - What is in the Box 18 Place the center of the screw slots over the screws and slide the router down so the screws hold the router in place as shown in Figure 2.6. Cyclades-PR1000 V ertical Surface Where the PR1000 Will be Secured 12 FIGURE 2.6 HOW TO ATT ACH THE PR1000 TO A VERTICAL SURF ACE Note that the PR1000 can be h[...]

Chapter 3 - Using CyROS Menus 19 Cyclades-PR1000 Chapter 3 Using CyROS Menus This chapter explains CyROS menu navigation and special keys. There are three ways to interact with CyROS: • T raditional menu interface using a console or T elnet session, • CyROS Management Utility based on interactive HTML pages, • SNMP (explained in the CyROS Ref[...]

Cyclades-PR1000 Chapter 3 - Using CyROS Menus 20 Once the console connection is correctly established, a Cyclades banner and login prompt should appear on the terminal screen. Pressing <ESC> during the boot process will temporarily halt initialization and present several options: IP address of the router , IP address of the boot server , boot[...]

Chapter 3 - Using CyROS Menus 21 Cyclades-PR1000 Special Keys <Ente r> or <Ctrl+M> T hese ke ys are u sed to end the i nput of a val ue. <ESC> or <Ctrl+I> These k e ys are u sed to can cel a sel ectio n or retur n to th e pre vious m enu. In some isol ated c ases, thi s k ey fo rwards y ou to the n ext menu in a se ries of m[...]

Cyclades-PR1000 Chapter 3 - Using CyROS Menus 22 The CyROS Management Utility After one of the interfaces has been connected and configured, there is another way to interact with CyROS. T ype the IP address in the location field in an HTML browser of a PC connected locally or remotely through the configured interface. A super-user ID and password w[...]

Chapter 3 - Using CyROS Menus 23 Cyclades-PR1000 The link Configuration Menu Interface will present an HTML version of the CyROS Main Menu, described previously . Clicking on an interface will show its current status and some additional information. Clicking on End HTTP Session will terminate the connection.[...]

Cyclades-PR1000 24 Chapter 4 - Step-by-Step Instructions CHAPTER 4 STEP-BY-STEP INSTRUCTIONS FOR COMMON APPLICA TIONS This chapter provides detailed examples that can be used as models for similar applications. Turn to the example that is closest to your application, read the explanations, and fill in the blank spaces with parameters appropriate to[...]

Cyclades-PR1000 25 Chapter 4 - Step-by-Step Instructions Please read the entire example and follow the instructions bef ore turnin g the router on. The router is programmed to lo g the super u ser off a fter 10 minutes of inactivity. All data not explicitly saved to memory is then lost. Collecting the data while configuring the router will likely c[...]

Cyclades-PR1000 26 Chapter 4 - Step-by-Step Instructions Parameter Examp le Your Appl ication IP fragmentation - Ignore Bit DF Yes NAT Local ICMP Port Inactive Incoming Rule List None, filters are not included in this example. Outgoing Rule List Name None, filters are not included in this example. Proxy AR P Inacti ve IP Bridge Inactive FIGURE 4.2 [...]

Cyclades-PR1000 27 Chapter 4 - Step-by-Step Instructions STEP THREE The network protocol parameters, shown in Figure 4.4, are similar to those for the Ethernet interface. Fill in the parameters for your network in the right-most column. Menu CONFIG=>INT ERFACE=>SWAN=>NETWORK PROTOCOL=>IP Parameter Example Your Application Active or Inac[...]

Cyclades-PR1000 28 Chapter 4 - Step-by-Step Instructions STEP FOUR The Encapsulation parameters for PPP are less straight-forward. Many of them are based on decisions that cannot be shown in a diagram. Fortunately , the choices made here will mostly affect the performance of the link, rather than whether it works or not. Fill in the parameters appr[...]

Cyclades-PR1000 29 Chapter 4 - Step-by-Step Instructions STEP FIVE Since a modem is used in the example, the dial-out table must be configured. This is done as shown in Figure 4.6. Menu CONFIG=>SYSTEM=>MODEMS=>DIAL OUT TABLE=>ADD Parameter Ex ample Your Ap plicati on IP Address Type in any valid IP address not on the local network. Init[...]

Cyclades-PR1000 30 Chapter 4 - Step-by-Step Instructions STEP SIX T wo static routes must be added to tell the router that all traffic not intended for the local LAN should be sent to the Access Provider . Chapter 9 of the Installation Manual explains static routes and other routing methods available in CyROS. Fill in the spaces in Figures 4.7 and [...]

Cyclades-PR1000 31 Chapter 4 - Step-by-Step Instructions Menu CONFIG=>STATIC ROUT ES=>IP=>ADD ROUTE Parameter Ex ample Your Ap plicati on Destination I P Address Type in the word "DEFAULT". Gateway or Int erface Gateway Gateway IP address Use the same value as for Destination IP Address in t he previous table. Metric 1 Is This a [...]

Cyclades-PR1000 32 Chapter 4 - Step-by-Step Instructions Menu CONFIG =>SECURITY =>NAT =>LOCAL ADDRESS =>ADD RANGE Parameter Example Your Application First IP Address 192.168.0.10 Last IP Address 192.168.0.30 FIGURE 4.10 NA T LOCAL ADDRESS RANGE MENU PARAMETERS The factory preset values for all other NA T parameters are appropriate for t[...]

Cyclades-PR1000 33 Chapter 4 - Step-by-Step Instructions Example 2 A LAN-to-LAN Example Using Frame Relay This section will guide you through a complete router installation for the connection of two LANs via Frame Relay . Figure 4.1 1 shows the example system used in this section. Spaces have been provided next to the parameters needed for the conf[...]

Cyclades-PR1000 34 Chapter 4 - Step-by-Step Instructions STEP ONE The first step is to determine the parameters needed to configure the Ethernet interface (ETH0). The parameters in the Network Protocol Menu (IP) are shown in Figure 4.12. Fill in the blanks for your application in the right-most column. These parameters will be entered into the rout[...]

Cyclades-PR1000 35 Chapter 4 - Step-by-Step Instructions STEP TWO No more parameters are necessary for the Ethernet interface. The other interface to be configured is the SW AN in slot 1. The SW AN physical media parameters are shown in Figure 4.13. Fill in the values for your application. The SW AN configuration is described in more detail in chap[...]

Cyclades-PR1000 36 Chapter 4 - Step-by-Step Instructions STEP THREE The network protocol parameters, shown in Figure 4.14, are similar to those for the Ethernet interface. Fill in the parameters for your network in the right-most column. Menu CONFIG=>I NTERFACE=>SWAN=>NETWORK PROTOCOL=>I P Parameter Example Your Application Active or In[...]

Cyclades-PR1000 37 Chapter 4 - Step-by-Step Instructions STEP FOUR The Encapsulation parameters for Frame Relay are less straight-forward. Many of them are based on decisions that cannot be shown in a diagram. Fortunately , the choices made here will mostly affect the performance of the link, rather than whether it works or not. Fill in the paramet[...]

Cyclades-PR1000 38 Chapter 4 - Step-by-Step Instructions At the end of the parameter list shown above, the DLCI menu appears. Choosing Add DLCI will lead to the parameters shown in Figure 4.16. The <ESC> key used at any time during the Frame Relay encapsulation parameter list will also bring up the DLCI menu. A DLCI entry must be created for [...]

Cyclades-PR1000 39 Chapter 4 - Step-by-Step Instructions STEP FIVE Now that the central office’ s LAN has been defined, a route must be added to tell the router that the remote site’ s LAN is at the other end of the line. Creating a static route is the simplest way to do this. Chapter 9 of the Installation Manual explains static routes and othe[...]

Cyclades-PR1000 40 Chapter 4 - Step-by-Step Instructions STEP SEVEN The Ethernet interface can be tested as described in the troubleshooting appendix. The SW AN interface can be tested in a similar manner . At this point, you should create a backup of the configuration file (in binary) and print out a listing of the configuration. Instructions for [...]

Chapter 5 - Configuration of the Ethernet Interface 41 Cyclades-PR1000 CHAPTER 5 CONFIGURA TION OF THE ETHERNET INTERF ACE The PR1000 has one Ethernet 10/100Base-T interface, provided in a standard RJ-45 modular jack, which should be connected to an Ethernet hub or switch. Use a standard 10/100Base-T straight-through cable (not included). When the [...]

Cyclades-PR1000 Chapter 5 - Configuration of the Ethernet Interface 42 Network Protocol Menu (Continued) Parameter Description Secondary IP Address Applies to Numbered interfaces. Indicates a second (or third, etc. up to eight) IP address that can be used to refer to this interface. This parameter and t he next are repeated until no value is entere[...]

Chapter 5 - Configuration of the Ethernet Interface 43 Cyclades-PR1000 IP Bridge An IP Bridge is used to divide a network without subnetting. Whenever a subnetwork is created, two IP numbers are lost — one describing the network and the other reserved for broadcast. This does not occur with an IP Bridge. PR1000 PR3000 ETH0 ETH0 200.240.240.1 200.[...]

Cyclades-PR1000 Chapter 5 - Configuration of the Ethernet Interface 44 In Figure 5.1, an example of the use of an IP Bridge is given. From the available IP addresses, the range 200.240.240.4 to 200.240.240.8 is bridged to another physical location. The following parameters apply only for IP Bridge. Network Protocol Menu (Continued) -- (IP Bridge) P[...]

Chapter 6 - Configuration of the SW AN Interface 45 Cyclades-PR1000 CHAPTER 6 THE SW AN INTERF ACE This chapter describes how to configure a SW AN interface. The physical link should be set up as shown in chapter 2, according to the type of modem or device at the other end of the connection and the type of SW AN port. STEP ONE The first step in the[...]

Chapter 6 - Configuration of the SW AN Interface 46 Cyclades-PR1000 STEP TWO The second step is to choose a data-link protocol in the Encapsulation menu. There are many encapsulation options on this interface. For synchronous communication: • Frame Relay: the Frame Relay Protocol is based on frame switching and constructs a permanent virtual circ[...]

Chapter 6 - Configuration of the SW AN Interface 47 Cyclades-PR1000 STEP FOUR If PPP Encapsulation is being used, a type of authentication should be chosen. This is done in the authentication menu. Authentication Menu CONFIG=>INTERF ACE=>SW AN=>AUTHENTICA TION Param eter Descr ipt ion Authentic ation T ype Local uses t he lis t of us ers d[...]

Cyclades-PR1000 Chapter 7 Network Protocols 48 CHAPTER 7 NETWORK PROTOCOLS The second step in most interface configurations is to choose which network protocol to use and assign values to the relevant parameters. At least one of IP , T ransparent Bridge, or IPX (optional, and discussed in chapter 13) must be activated. Use the information provided [...]

Chapter 7 Network Protocols 49 Cyclades-PR1000 The IP Protocol If the preset values provided by the operating system are accepted, the interface will work at a basic level. The most common options are explained in the following table. Network Protocol (IP) Menu CONFIG=>INTERF ACE=><LINK>=>NETWORK PROTOCOL=>IP Parameter Description[...]

Cyclades-PR1000 Chapter 7 Network Protocols 50 Network Protocol (IP) Menu (Continued) Parameter Description IP MTU Assigns the si ze of the Maximum Tr ansm ission U nit for the in terface. This determines whether or no t a given IP datagram is fragmented. IP Fragmentation - Ignore Bit DF When this parame ter is set to No, th e DF (Do Not Fragment) [...]

Chapter 7 Network Protocols 51 Cyclades-PR1000 The T ransparent Bridge Protocol The T ransparent Bridge Protocol can be used in conjunction with either IP or IPX. A detailed explanation of its use appears in section 4.6 of the CyROS Reference Guide. T ransparent Bridge Menu CONFIG=>INTERF ACE=>SWAN=>NETWORK PROTOCOL=>TRANSP ARENT BRIDGE[...]

Chapter 8 - Data-Link Protocols (Encapsulation) Cyclades-PR1000 52 CHAPTER 8 DA T A-LINK PROTOCOLS (ENCAPSULA TION) Each encapsulation option is presented in a separate section in this chapter . Not all data-link protocols are available for all interfaces. PPP (The Point-to-Point Protocol) PPP is the only encapsulation option than can be either syn[...]

Chapter 8 - Data-Link Protocols (Encapsulation) Cyclades-PR1000 53 PPP Menu (Continued) Parameter Description Disable LCP Echo Requests LCP (Link Control Pro tocol) messages a re normally exchanged to monitor the status of the lin k. Disabling these messages redu ce s traffic, but th e link the n has no w ay of knowing if the o ther end is still co[...]

Chapter 8 - Data-Link Protocols (Encapsulation) Cyclades-PR1000 54 HDLC This data-link protocol is a proprietary alternative to PPP . It has only one parameter , the HDLC Keepalive Interval . This is the time interval between transmission of Keepalive messages. The receiver of these messages must send keepalive messages with the same frequency or w[...]

Chapter 8 - Data-Link Protocols (Encapsulation) Cyclades-PR1000 55 Parameter Description Enc apsu lati on Type RFC1490 - IETF is the standard u sed by most equipment. The Cisco option should be used when the PR is communicating w ith a rou ter con figured to u se the default Cisco standard. SNAP IP Indicate s that the Sub-Network Access Pro tocol s[...]

Chapter 8 - Data-Link Protocols (Encapsulation) Cyclades-PR1000 56 STEP TWO After configuring the general parameters, each DLC must be defined. An example will be used to demonstrate the procedure. A public Frame Relay network connecting offices in São Paulo, Rio de Janeiro, Salvador , and Recife is shown in Figure 1 1.1. Each router will have a r[...]

Chapter 8 - Data-Link Protocols (Encapsulation) Cyclades-PR1000 57 Data link connections are defined in the Add DLCI menu, which appears at the end of the Frame Relay parameter list. It can be reached by passing through all parameters or by using the <ESC> key at any point in the parameter list. Rio de Janeiro Network: 192.168.201.0 Recife Ne[...]

Chapter 8 - Data-Link Protocols (Encapsulation) Cyclades-PR1000 58 Add DLCI Menu CONFIG=>INTERF ACE =><LINK> =>ENCAPS =>FRAME RELA Y => <ESC> =>ADD DLCI Parameter Description DLCI Number Used to identify the DLC. Thi s num ber i s supplied by the Public Frame Relay netw ork provider. The DLCIs are stored in a table w h[...]

Chapter 8 - Data-Link Protocols (Encapsulation) Cyclades-PR1000 59 T o edit the DLCI table, use the list command (CONFIG=>INTERF ACE=><LINK>=>ENCAPSULA TION =>FRAME RELA Y=>L) to discover the number CyROS has assigned to each table entry . It will not be the same as the DLCI. DTE DTE Router Router Modem Modem Modem X.25 Modem S[...]

Chapter 8 - Data-Link Protocols (Encapsulation) Cyclades-PR1000 60 X.25 A Cyclades Router can act either as a DTE (Data-terminal Equipment) connected to a public X.25 network or as a DTE or DCE (Data circuit-terminating Equipment) as part of a private X.25 network. The first case is discussed in this chapter . The second case is described in the Cy[...]

Chapter 8 - Data-Link Protocols (Encapsulation) Cyclades-PR1000 61 X.25 Menu (Continued) Parameter Description Number of Virtual Circuits Indicates the max imum num ber of v irtual circui ts (total o f PVCs and SVCs) allowed on this in terface. The maximum is 128. Number of Permanent Virtual Circuits Indicates the number of permanent v irtual circu[...]

Chapter 8 - Data-Link Protocols (Encapsulation) Cyclades-PR1000 62 STEP TWO The next step is to create a static routing table associating each remote X.121 address with an IP address or a TCP Socket location. This is done in the Add DTE menu, which appears at the end of the X.25 parameter list. It can be reached by passing through all X.25 paramete[...]

Cyclades-PR1000 Chapter 9 - Routing Protocols 63 CHAPTER 9 ROUTING PROTOCOLS Routing Strategies Routing can be done either statically or dynamically . Static Routing Static routing is recommended when the network contains a small number of routers and other equipment. When a system is simple and without redundant links, static routing is the simple[...]

Cyclades-PR1000 Chapter 9 - Routing Protocols 64 10.0.0.0 Mask: 255.0.0.0 Router 1 10.0.0.1 10.0.0.2 10.0.0.3 192.168.100.2 192.168.100.3 192.168.100.1 142.10.0.2 142.10.0.1 142.10.0.3 142.10.0.4 Router 2 142.10.0.0 Mask: 255.255.0.0 192.168.100.0 Mask: 255.255.255.0 A B E C D F Network 2 Network 3 Network 1 FIGURE 9.1 ST A TIC ROUTING EXAMPLE 1 In[...]

Cyclades-PR1000 Chapter 9 - Routing Protocols 65 Unnumbered Interfaces Point-to-Point Connection Slot 1 ETH0 ETH0 Slot 3 Router 1 10.0.0.3 192.168.100.1 Router 2 A B E F Network 3 Network 1 FIGURE 9.2 ST A TIC ROUTING EXAMPLE 2 Figure 9.2 shows another static routing example to explain the Gateway or Interface parameter . Between the two routers is[...]

Cyclades-PR1000 Chapter 9 - Routing Protocols 66 Add Static Route Menu CONFIG =>ST A TIC ROUTES =>IP =>ADD ROUTE Param eter Descr ipt ion Destination IP Addr ess Address that route will lead to. T o configure a default rou te, type "defa ult" for this param eter, other wise e nt er 0.0. 0.0 in both t his a nd th e n ext pa ramet [...]

Cyclades-PR1000 Chapter 9 - Routing Protocols 67 RIP Configuration CyROS supports three basic types of RIP: 1 RIP1 [RFC 1058] 2 RIP2 with broadcast (compatible with RIP1) [RFC 1723] 3 RIP2 with multicast [RFC 1723] The primary difference between RIP1 and RIP2 is that only RIP2 advertises subnet masks and next hops. If the network contains equipment[...]

Cyclades-PR1000 Chapter 9 - Routing Protocols 68 OSPF The OSPF (Open Shortest Path First) routing protocol is significantly more complicated than RIP . The determination of which protocol is better suited to a given network is beyond the scope of this manual. An example network using OSPF is given in Figure 9.3. Router 0 Router 1 Router 2 Router 3 [...]

Cyclades-PR1000 Chapter 9 - Routing Protocols 69 First, some definitions: • An Autonomous System (AS) is a portion of the network that will use a single routing strategy . It is made up of a backbone area and optionally of non-backbone areas. • OSPF Areas are sub-systems that have identical routing databases. An area generally has no knowledge [...]

Cyclades-PR1000 Chapter 9 - Routing Protocols 70 OSPF Configuration on the Interface STEP TWO Contrary to most other protocols in CyROS, OSPF must first be configured on each interface, then configured in the CONFIG =>IP =>OSPF menu. Enter into each interface and set the parameters listed in the table. OSPF Menu CONFIG =>INTERF ACE => &[...]

Cyclades-PR1000 Chapter 9 - Routing Protocols 71 OSPF Menu (Continued) Param eter Descr ipt ion Retransm it Inte rval in Sec onds* Time in sec onds b et ween link -state advertis ement retran smissio ns for adjace ncies belongi ng t o this in terfac e. Hello Interval in Seconds* T ime in sec onds b et ween th e hello packets on thi s int erf ace. D[...]

Cyclades-PR1000 Chapter 9 - Routing Protocols 72 OSPF Global Configurations STEP THREE After completing the OSPF interface configuration for all interfaces (even those that will not use OSPF), navigate to the OSPF Menu, CONFIG=>IP=>OSPF . Enter into the OSPF Global Commands menu and set the parameters as indicated in the table below . OSPF Gl[...]

Cyclades-PR1000 Chapter 9 - Routing Protocols 73 OSPF Global Commands (Continued) Param eter Descr ipt ion Transit A re a ID I D of the OSP F Are a s andwich ed bet wee n this r outer an d the backbo ne. In the fi gur e, area 2 is t he are a use d to li nk Rou ter 8 w ith t he B ackbo ne. T his I D has t he form of a n IP address. Neighbor's I[...]

Cyclades-PR1000 Chapter 9 - Routing Protocols 74 STEP FOUR The next step is to define the areas created in step two. This is done in the OSPF Area Menu. Area Menu CONFIG =>IP =>OSPF =>AREA Param eter Descr ipt ion Area ID Has the f ormat of an IP a ddress , but is n ot l inked to an y IP a ddress i n the s ystem. Us e the CO NF IG=>IP=&[...]

Cyclades-PR1000 Chapter 9 - Routing Protocols 75 STEP FIVE The CONFIG =>IP =>OSPF =>NEIGHBORS menu is required if the router uses OSPF over non-broadcast multi- access interfaces such as X.25 and Frame Relay . If this is the case, set the parameters described in the following table. Neighbors Menu CONFIG=>IP =>OSPF =>NEIGHBORS Par[...]

Cyclades-PR1000 Chapter 9 - Routing Protocols 76 STEP SIX It is not always possible to connect all areas directly to the backbone. When an area is connected to the backbone only through another area, two virtual links must be created. One from the backbone to the unattached area and one from the unattached area to the backbone. If this occurs in th[...]

Cyclades-PR1000 Chapter 10 - CyROS, the Operating System 77 CHAPTER 10 CYROS, THE OPERA TING SYSTEM This chapter explains various operating system features that are not covered in other chapters: • creation of the host table • creation of user accounts and passwords • IP Accounting Creation of the host table CyROS allows identification of hos[...]

Cyclades-PR1000 Chapter 10 - CyROS, the Operating System 78 Other users can be created and the user “usr” can be assigned a password. The password of the super user should be changed as soon as possible. The menu CONFIG=>SECURITY=>USERS allows addition, deletion, and modification of the list of users. The parameters are: • User Name, ?[...]

Cyclades-PR1000 Chapter 10 - CyROS, the Operating System 79 The super user has access to all menus. The usr user is shown a menu, upon sucessful login, with the items chosen in the user ’s profile. The pppauto user is connected directly to the user via PPP . No menu appears. The auto user is connected via telnet directly to the host specified as [...]

80 Cyclades-PR1000 Chapter 1 1 - NA T CHAPTER 1 1 NA T (NETWORK ADDRESS TRANSLA TION) NA T exists to convert local IP addresses into Internet “global” IP addresses. Internet IP addresses are assigned by Internet providers. Due to the explosion of the internet, these numbers are scarce. Certain ranges of IP addresses are reserved for internal us[...]

81 Cyclades-PR1000 Chapter 1 1 - NA T • T wo servers that are accessed via the same global IP address, assigned statically . There are two types of NA T available in CyROS -- Normal NA T and Expanded NA T . This chapter describes Expanded NA T . A description of Normal NA T appears in Chapter 4 of the CyROS Reference Guide. What is the difference[...]

82 Cyclades-PR1000 Chapter 1 1 - NA T NAT Static Translation Table # Global address / port local address / Port Protocol 1 200.240.230.225 / 20 192.168.0.30 / 20 TPC 2 200.240.230.225 / 21 192.168.0.30 / 21 TPC 3 200.240.230.225 / 80 192.168.0.31 / 80 TPC T ypes of Address Translation In dynamic address translation , a pool of global IP addresses i[...]

83 Cyclades-PR1000 Chapter 1 1 - NA T An overview of the NA T menu is shown in the table below . NA T Menu CONFIG =>SECURITY =>NA T Menu Option Description General Parameters for enabl ing NAT and choosing the NAT Mode. Also in cludes port translation op tion. Global Address The first and last IP addre sses in the range. In the example, these[...]

84 Cyclades-PR1000 Chapter 1 1 - NA T STEP TWO The parameters in the T imeout Menu are explained in more detail below . The preset values should be appropriate for most applications. T imeout and Options Menu CONFIG =>SECURITY =>NA T =>TIMEOUT AND OPTIONS Parameter Description UDP Timeout Inactivity time required before a UDP translation i[...]

85 Cyclades-PR1000 Chapter 1 1 - NA T STEP FOUR If static translations are to be performed, as described in the example, the parameters in the Static T ranslation Menu must be set. A brief explanation of each parameter is given in the table. Static T ranslation Menu CONFIG =>SECURITY =>NA T =>ST A TIC TRANSLA TION => ADD ENTRY Parameter[...]

86 Chapter 12 - Filters and Rules Cyclades-PR1000 CHAPTER 12 RULES AND FIL TERS There are four basic types of rules: 1 IP filter rules, 2 Radius rules (actually a combination of previously defined IP filter rules), 3 traffic control rules, and 4 transparent bridge rules (similar to IP filter rules, but for applications that use a transparent bridge[...]

87 Cyclades-PR1000 Chapter 12 - Filters and Rules Config IP Rule List Name Rule Status Rule List T ype Default Scope Incoming Rule List Name Outgoing Rule List Name Linked Rule List Name N Add Rule List Rules List Insert as Rule Number Rule Status Scope Rule Priority Level Reserved Bandwidth Bandwidth Priority Level Protocol Source IP Operator IP A[...]

88 Chapter 12 - Filters and Rules Cyclades-PR1000 Exterior Router Interior Router Router Extension to Network Bastion Host ETH0 ETH0 192.168.0.2 192.168.0.3 10.0.0.0 172.16.0.0 192.168.0.1 Perimeter Network 192.168.0.0 Slot 1 Slot 1 FIGURE 12.2 FIREWALL EXAMPLE Figure 12.2 will be used to show how both an exterior router and an interior router woul[...]

89 Cyclades-PR1000 Chapter 12 - Filters and Rules Exterior Router The exterior router is the network’s first defense against attacks. For this reason, it is reasonable to prohibit all packets except for those explicitly allowed. This is done by choosing the Default Scope to be Deny . Thus, ALL desired traffic must be expressly allowed by the rule[...]

90 Chapter 12 - Filters and Rules Cyclades-PR1000 Steps necessary to activate filtering on the exterior router in the example: 1 There are two interfaces with two directions each. Filtering on link 1 requires the creation of two rule lists, called exterior_in and exterior_out . Create them using the menu CONFIG =>RULES LIST =>IP =>ADD RULE[...]

91 Cyclades-PR1000 Chapter 12 - Filters and Rules Rules Lists Rule List Name Rule Default List Linked Status Scope Type Rule List exterior_in Enabled Deny Filter exterior_out Enabled Deny Filter --------------------------------------------------------------------- --------- FILTER_LIST NAME: exterior_in ## PROT OP Source IP Address OP SRC PORT CNX [...]

92 Chapter 12 - Filters and Rules Cyclades-PR1000 Interior Router If an interior router exists in the network, the administrator may decide to use a Default Scope of Permit . In this case, all undesired traffic must be excluded by a rule in the rule list. In Figure 12.5, a conceptual equivalent of the interface is shown. All packets except those wh[...]

93 Cyclades-PR1000 Chapter 12 - Filters and Rules The configuration for “Stop forged packets” is shown in the following listing: Rules Lists Rule List Name Rule Default List Linked Status Scope Type Rule List Slot1_in Enabled Permit Filter -------------------------------------------------------------------------------- FILTER_LIST NAME: Slot1_i[...]

94 Chapter 12 - Filters and Rules Cyclades-PR1000 1 T raffic Shaping (the division of bandwidth is strictly adhered to), 2 Bandwidth Reservation (the division with the larger priority can steal bandwidth from the others), An example showing the first two types is given in figure 12.6. Network of Client A 50% or more of total bandwidth 25% or less o[...]

95 Cyclades-PR1000 Chapter 12 - Filters and Rules An Internet provider has three clients connected to the same router . Client A is larger and without traffic control would overwhelm the router to the exclusion of Clients B and C. The administrator decides to divide the flow out of the router (to the Internet) into three portions: 50% guaranteed fo[...]

96 Chapter 12 - Filters and Rules Cyclades-PR1000 Rules Lists Rule List Name Rule Default List Linked Status Scope Type Rule List traffic_1 Enabled Traffic Filter_list Name traffic_1 Rule 0 Status Enabled Flow priority 0 Rule bandwidth 50% Bandwidth priority 1 Protocol 0 Source IP Operator Equal Source IP start 11.11.11.0 Source IP Mask 255.255.255[...]

97 Cyclades-PR1000 Chapter 12 - Filters and Rules Rule 1 Status Enabled Flow Priority 0 Rule bandwidth 25% Bandwidth priority 2 Protocol 0 Source IP Operator Equal Source IP start 22.22.22.0 Source IP Mask 255.255.255.0 Destination IP Operator None Source Port Operator None Destination Port Operator None Rule 2 Status Enabled Flow Priority 0 Rule b[...]

98 Chapter 12 - Filters and Rules Cyclades-PR1000 An example showing the third type of traffic control is given in Figure 12.8. The network administrator wants to prioritize the access to his web server . He also wants to prioritize e-mail sent by his SMTP server , but the priority should be lower . All other traffic should have the lowest priority[...]

99 Cyclades-PR1000 Chapter 12 - Filters and Rules The configured rules will appear as shown in the following listing. Rules Lists Rule List Name Rule Default List Linked Status Scope Type Rule List web_access Enabled Traffic Filter_list Name web_access Rule 0 Rule 1 Status Enabled Status Enabled Flow priority 1 Flow Priority 2 Rule bandwidth 0% Rul[...]

Cyclades-PR1000 Chapter 13 - IPX 100 CHAPTER 13 IPX (INTERNETWORK PACKET EXCHANGE) IPX is an alternative to IP , proprietary to Novell. When IPX is activated, many new menus appear to allow configuration of this type of network. IP and IPX can both be active in the router simultaneously , and an interface can have both IP and IPX traffic passing th[...]

Cyclades-PR1000 Chapter 13 - IPX 101 Enabling IPX The first step is to activate the IPX feature in the router . This is accomplished using the menu option ADMIN =>ENABLE FEA TURES => IPX. The IPX protocol must also be activated in the menu CONFIG =>IPX => GENERAL. In this menu, the Internal Network Number (the unique number assigned to [...]

Cyclades-PR1000 Chapter 13 - IPX 102 The parameter Send SAP Update can be set to Demand, Periodic, or None. This parameter affects both SAP and RIP . Periodic causes the router to send these messages every minute, while choosing Demand will cause the router to send messages only when a message request is received. Frame Relay Frame Relay parameters[...]

Cyclades-PR1000 Chapter 13 - IPX 103 The routing table is displayed by the menu option INFO => SHOW ROUTING T ABLE => IPX. For the example, and using only the static route created above, the routing table appears as in Figure 13.2. Destination Interface/ Subinterface/ Remote address hops ticks Type 00000001 0 1 PrimaryNet 00A0B000 Ethernet 0 [...]

Cyclades-PR1000 Chapter 14 - Virtual Private Network Configuration 104 CHAPTER 14 VIRTUAL PRIV A TE NETWORK CONFIGURA TION The Virtual Private Network utility can be used on any link using IP routing. It is used to provide greater security between two or more networks connected through a public communications network. The basic concepts are present[...]

Cyclades-PR1000 Chapter 14 - Virtual Private Network Configuration 105 An example showing a local security network and two remote security networks is shown in Figure 14.2. The PR1000 in the local security network will be configured step by step. (Which network is considered local and which network is considered remote depends on the router being c[...]

Cyclades-PR1000 Chapter 14 - Virtual Private Network Configuration 106 .................................. ETH0 PR3000 Router RSG3 - Remote Security Gateway Router IP Address: 190.190.190.1 Link 2 IP: 190.190.190.1 Link 1 0.70.70.1 IP: 7 .16.0.0 IP:172 0.0.0.0 IP: 1 Link 1 IP: 50.50.50.1 IP Network IP:10..255.255.0 Router IP Address: 20.20.20.1 PR20[...]

Cyclades-PR1000 Chapter 14 - Virtual Private Network Configuration 107 STEP THREE Use the menu item INFO =>SHOW ROUTING T ABLE to confirm that the other Remote Security Gateways (RSGs), and all the networks included in the Remote Security Networks, are reachable. In the example, this would require that all of the following appear in RSG3’s rou[...]

Cyclades-PR1000 Chapter 14 - Virtual Private Network Configuration 108 STEP SIX Now , the Remote Security Networks must be defined. This is done in the CONFIG =>SECURITY =>VPN =>REMOTE IP NETWORKS =>ADD NETWORK menu. The IP address and network mask must be defined for all remote devices to be included in the remote network for VPN commu[...]

Cyclades-PR1000 Appendix A - T roubleshooting 109 APPENDIX A TROUBLESHOOTING What to Do if the Login Screen Does Not Appear When Using a Console. 1 Check the configuration of the terminal. The correct values are given in chapter 2. Is the PC’s COM port enabled? Is the Console cable being used? See Chapter 2 for instructions on which cables go whe[...]

Cyclades-PR1000 Appendix A - T roubleshooting 110 What to Do if the Router Does Not Work or Stops Working. 1 Check that the cables are connected correctly and firmly (see chapter 2, What is in the Box, for correct cable connection information). 2 Confirm that the Link LED is lit, indicating proper Ethernet cable termination. If it is not lit, check[...]

Cyclades-PR1000 Appendix A - T roubleshooting 111 T esting the Ethernet Interface After configuring the Ethernet interface, return to the main menu using the <ESC> key as many times as is necessary . Save the configuration to flash memory (the operating system will ask how to save the configuration on the way back to the main menu). The simpl[...]

Cyclades-PR1000 Appendix A - T roubleshooting 112 current values of the interface parameters. T esting the W AN Interface The WAN interface can be tested using ping as described in the previous section. If the ping is not successful, check the routing table to see if a route to the destination exists (INFO =>SHOW ROUTING T ABLE). The menu items [...]

Cyclades-PR1000 Appendix A - T roubleshooting 113 Power 100BT Link TX RX CPU TX RX GP Col FIGURE A.3 LED PANEL[...]

114 Cyclades-PR1000 Appendix B - Hardware Specifications APPENDIX B HARDW ARE SPECIFICA TIONS General Specifications The Cyclades-PR1000 power requirements and environmental restrictions are listed in Figure B.1. Power Requirements (externa l DC adapter) Input voltage range 90-264 VAC, 0.5A Input frequency range 50-60 Hz, single phase Maximum input[...]

Appendix B - Hardware Specifications 115 Cyclades-PR1000 External Interfaces The W AN Interface The W AN interface is provided on a DB-25 female connector . The pinout diagram is not shown here, as it depends on which protocol (RS-232, V .25 or X.21) is configured. Please see the pinout diagrams for the cables used for each protocol to determine th[...]

116 Cyclades-PR1000 Appendix B - Hardware Specifications The Console Interface 1 8 CONSOLE POR T Pin RS-23 2 Sig nal 1R T S 2D T R 3T X 4G r o u n d 5C T S 6R X 7 DCD 8D S R FIGURE B.4 CONSOLE INTERF ACE - RJ-45 FEMALE[...]

Appendix B - Hardware Specifications 117 Cyclades-PR1000 Cables The Straight-Through Cable 2 3 4 5 6 7 8 15 17 20 22 24 2 3 4 5 6 7 8 15 17 20 22 24 TxD RxD RTS CTS DSR Gnd DCD TxClk_DTE RxClk DTR RI TxClk_DCE TxD RxD RTS CTS DSR Gnd DCD TxClk_DTE RxClk DTR RI TxClk_DCE Pin DB-25 Male DCE / DTE DB-25 Male Cyclades Router Signal Straight-Through Cab[...]

118 Cyclades-PR1000 Appendix B - Hardware Specifications The DB-25 to M.34 Adapter DB-25 Female Signal PGnd RTS CTS DSR Gnd DCD TxD/V .35 (B) TxD/V .35 (A) RxD/V .35 (B) RxD/V .35 (A) TxClk_DTE/V .35 (B) TxClk_DTE/V .35 (A) TxClk_DCE/V .35 (B) DTR TxClk_DCE/V .35 (A) RxClk V .35 (A) RxClk V .35 (B) Male Retention Screw Female Retention Screw Female[...]

Appendix B - Hardware Specifications 119 Cyclades-PR1000 The X.21 Modem Cable Pin # 1 2 4 6 7 9 11 15 17 19 22 24 Cyclades-PR1000 (DB25) X.21 Equipament (DB15) Signal CGND CLK- IND- RxD- GND CTL- TxD- CLK+ IND+ RxD+ CTL+ TxD+ Signal CGND CLK- IND- RxD- GND CTL- TxD- CLK+ IND+ RxD+ CTL+ TxD+ Pin # 1 6 5 4 8 3 2 13 12 11 10 9 FIGURE B.6 X.21 MODEM CA[...]

120 Cyclades-PR1000 Appendix B - Hardware Specifications The Loop-Back Connector The pin-out diagram for this connector is provided for reference. This connector would only be used for testing the W AN interface. 2 3 4 5 8 20 11 13 12 14 15 17 24 16 19 25 18 21 23 FIGURE B.8 LOOP-BACK CONNECTOR - DB-25 MALE[...]

Cyclades-PR1000 Appendix C - Configuration Without a Console 121 APPENDIX C CONFIGURA TION WITHOUT A CONSOLE When a terminal or PC is not available for use as a console, the router has a special feature that allows configuration of the Ethernet interface from any PC on the LAN. The router “adopts” the destination IP address of the first non- UD[...]

Cyclades-PR1000 Index 122 B Bandwidth Reservation 94 Boot Messages 109 C Cables 13 with a DB-25 connector 1 10 Connection to an Internet Access Provider 24 Cyclades ftp site 10 telephones 10 CyROS menus 19 E Ethernet testing the interface 1 1 1 F Flash Memory 21 Frame Relay 33 DLCI 38 H Hot Keys esc - moving between menus 21 L - list current config[...]

Cyclades-PR1000 Index 123 T T echnical Support 10 T elephone Numbers 10 T raffic Rule Lists 93 T raffic Shaping 94 T roubleshooting 109 U Using CyROS menus 19 V V ersion of CyROS newest, via ftp 7 of manual newest, via ftp 7[...]

Cyclades Corporation 41829 Albrae Street Fremont, CA 94538 - USA Phone: (510) 770-9727 Fax: (510) 770-0355 www .cyclades.com Cyclades South America Phone: 55-1 1-5033-3333 Fax: 55-1 1-5033-3388 www .cyclades.com.br Cyclades Germany Phone: +49 (0)81 22 90 99-90 Fax: +49 (0)81 22 90 999-33 www .cyclades.de Cyclades UK Phone: +44 1724 277179 Fax: +44 [...]