Planet ERT-805 manual

Serial W AN Router ER T -805 User ’ s M an u al[...]

2 T rademarks Copyright  PLANET Technology Corp. 2004. Conten t s subject to revision w ithout prior no t ice. PLANET is a registered trademark o f PLANET Technology Corp. All o t her tradema r ks belon g to their respective o w ners. Disc l aim e r PLANET Technology does no t w arrant that the hard w are w ill w ork properly in all envi r onmen[...]

3 T A BLE OF CONTENTS Chapter 1 Introductio n ........................................................................................................... .1 1.1 C HECKLIST ........................................................................................................................ .1 1.2 A BOUT ER T -80 5 ................................[...]

4 4.7 X.2 5 P ROTOCOL ............................................................................................................. . 33 4.8 F RAME R ELAY P ROTOC OL ................................................................................................ . 37 Chapter 5 S e curi t y ...........................................................[...]

1 Chapter 1 I ntroduction 1.1 Checklist T han k y o u f or purcha s in g Pl a net ’ s E R T -805 En t erprise Se r i a l R o ute r . Be f ore c ontin u ing , pl e ase chec k the cont e n t s o f y our p ac k age f or f oll o wi n g p ar t s: Ø E R T -805 Se r i a l W AN Router Ø P o w er Cord Ø DB9 ad a pter Ø RJ-45 to RJ-4 5 m od e m cable ?[...]

2 Ø E R T -805 sup p or t s SNMP a nd can be m anag e d b y u s ing SNM P m anage m ent software 1.3 Pr o duct Fea t ure Ø Su p port PP P , F R , X.25 , H D LC, L APB, SD L C, SLI P an d S t u n Ø Co m plies w i t h I EEE8 0 2.3 1 0Base- T , IEEE 8 02 . 3u 10 0 Base- T X S t andard Ø One seri a l WAN port, on e RJ-45 10 / 10 0 Mb p s L AN p o r[...]

3 P o w er In p ut 100 ~ 2 4 0 V AC (+/- 1 0%); 5 0/60 H z ( +/-3%) a uto-sensi n g P o w er Consu m ption 10 w a tts / 3 4B T U Di m ensions 217 x 1 35 x 4 3 m m (1U height) W eight 1 Kg T e m perature 0 to 50 d egr e e C (o p era t in g ) -20 to 70 d egr e e C (stora g e) Hu m idi t y 10 ~ 90 % RH ( n on-con d e n sing) Reg u la t o r y FCC, CE c[...]

4 Chapter 2 HARDWARE I NSTALLATION 2.1 Pack a ge Co n tents Ite m includes wit h ER T -80 5 serial r outer. Ø E R T -805 Se r i a l W AN Router Ø P o w er Cord Ø DB9 t o RJ-45 c h an g er Ø Console ca b le Ø Quic k Ins t alla t io n Guide an d CD-ROM 2.2 ERT-805 outlook 2.2. 1 Front Pa n el P WR 100 SYN C A S Y NC E n t e r p ri s e W A N R ou[...]

5 Green blink This indicator light blink w hen packe t s is transmit LNK/ ACT Green This indicator light green w hen port is connec t ed Green This indicator light green w hen port is connect w ith serial port Serial Blink This indicator light blink w hen packe t s is transmit Green blink Configu r ation p r ocess Console Ligh t s O f f Not in con [...]

6 2.3 Installation r equi r e m ents & Physical Installati o n T o install th e ER T -805 se r ial ro u ter, t he f oll o wing is r e quir e d: Ø An Et h ernet d e vice , h u b or s w itch w ith a f ree MDI-X RJ-45 i n ter f ace Ø One Ca t ego r y 3 , 4, 5, EIA 5 68A str a i g ht U T P ca b le wi t hin 10 0 m eters Ø T he a s y nchro n ous m[...]

7 A v a il a ble co n nection is as tables b e l o w: W A N Option W A N En c a p sulation RS-2 3 2 X.21 V . 2 4 V . 3 5 Lin k control (H D LC) or pp p Fr a m e-rel a y X.25 2.3.4 Power on the device E R T -805 accep t s p o wer i np ut f r o m 100 to 2 40 V AC, 50 / 60 H z p o wer source. Be f ore connect t he p o w er c a bl e to t he r o ute r ,[...]

8 Chapter 3 Command Line Interface T his chapter describes t he basic co m m ands to access the rou t er thr o ugh c o nsol e inter f ace o r tel n et. Be no t ed i f y ou w a nt to l o gin t o E R T -805 thr o ugh t h e telnet, t hen e n ab l e p ass w ord m u st be con f igur e . T he user can i n put s y s t e m c o m m and con f iguri n g s y s[...]

9 ERT_805> ? disable Turn off privileged commands, enter GUEST user mode enable Turn on privileged commands exit Exit from the EXEC help Description of the interactive help system logout Exit from the EXEC pad Open a X.29 PAD connection ping Send echo messages ppp Start IETF Point-to-Point Protocol (PPP) schedule Schedule one task show Show runn[...]

10 clockrate 48000 ! ERT_805(config-serial0/0)# 3.4 Ctrl- Z , Ctrl - C and exit T o exit f r o m the con f iguration m ode direc t l y to privile g e m ode, y o u sh o ul d t y p e Ct rl-Z or Ctrl- C or t y p e exit. C trl-C c a n b e av a ila b l e i n o the r occasi on s .For exa m pl e i t ca n sto p th e curren t opera t i o n t h at h asn ’ [...]

11 tel n et. I f con f igures li k e bel o w , t he s y s t e m w ill o n l y ask f or p ass w ord w h en a n y o ne access. For exa m ple set the p as s w ord as “ 1234 ” . ERT805> enable ERT805# config t ERT805(config)# enable password 1234 ERT805(config)#line vty 0 4 ERT805 (con f ig-li n e)# lo g i n ERT805(config-line)# password cisco E[...]

12 Router Software Version 4.2c on Hex_1f73 (3805a) User Access Verification Username: rr Password: (type the password cisco) ERT805> 3.7 Pas s word E n cryption Securi t y is a m ost i m por t ant issue f or all t h e co m p a n y in th e w orld b ecause a ll th e s y s t e m is requir e p as s w ord t o pro t ec t i m por t ant in f or m ation[...]

13 crypto isakmp key 12345678 address 10.0.0.2 255.255.255.192 ! interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 ! interface serial 0/0 encapsulation ppp ip address 10.0.0.1 255.255.255.192 crypto map dynmap clockrate 48000 ! interface async 0/0 ! line vty 0 5 login password 7 wAVcXxom8sGSOA ! ip route 0.0.0.0 0.0.0.0 10.0.0.2 ! a[...]

14 Chapter 4 Router Communication Protocol 4.1 RIP- Router Information Pro to col T he routi n g in f or m ation Pr o tocol (R I P) is a dis t a nce-v e ctor protoc o l t h at us e d to e xchange routi n g in f or m ation be t we e n routers. R I P uses br o ad c ast User Da t a gra m Protoc o l (UDP) da t a p ac k e t s to exchange r o uti n g in [...]

15 conver g ence . W henever a router ch a nges t he m etric o f a route, it is r e q u ired t o s e nd u pda t e m e ssages al m ost i mm edia t e l y 4.1.1.5 RIP Command router rip – e na b l e rip in glob a l con f igu r ation m ode v ersion - T o speci f y a R I P versi o n us e d g lo b all y b y t h e router ( versi o n 1 an d 2) auto-summa[...]

16 Building configuration ... description fault service password-encryption service timestamps debug ! hostname ERT_805 ! enable password 7 3EDRIxtqRWCA ! username router password 7 65WeJR6evnrR3mP crypto ipsec transform-set transform-1 esp-3des esp-md5-hmac ! crypto map dynmap 1 ipsec-isakmp set transform-set transform-1 set peer 10.0.0.2 match ad[...]

17 network 10.0.0.0 network 192.168.99.0 ! line vty 0 5 login password 7 wAVcXxom8sGSOA ! ip route 0.0.0.0 0.0.0.0 10.0.0.2 ! access-list 100 per m it ip 192.168.99.0 0 . 0.0.255 192.168.98.0 0.0.0.255 ! end ERT_805# ERT_805# show ip route Codes: A--all O--ospf S--static R--rip C--connected E--egp T--tunnel o--cdp D--EIGRP [Distance/Metric] g<Gr[...]

18 Bind-interface – e na b le E I GR P protoc o l o n so m e int e r f ace Dis t ance – de f i n e a n a d m i nistrativ e d is t ance Distribute-list – f ilter ne t works in rou t in g u p dates M etric/e – m odi f y EI R E P r o uti n g m etrics and p ara m et e rs Pa s si v e-interfa ce - T o disable s e n d ing r ou t ing up d at e s on[...]

19 authentication pre-share group 1 hash md5 ! crypto isakmp key 12345678 address 10.0.0.2 255.255.255.192 ! interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 ! interface serial 0/0 encapsulation ppp ip address 10.0.0.1 255.255.255.192 crypto map dynmap ip hold-time eigrp 1 20 clockrate 48000 ! interface async 0/0 ! router eigrp 1 n[...]

20 in f or m ation be t we e n n o n- b ac k bone areas S tub area – t his ar e a d o n o t accept ro u ter t h at b elong t o extern a l a ut o no m ous s y s t e m (AS). T he routers in st u b ar e a u s e a d e f ault r o ute to r e ach o u t side au t ono m ous s y s t e m . T o t all y stubby area – T his area t h at d oes n ot acce p t ro[...]

21 are a area - id authentificat i on -speci f y ing the au t he n ti f ication t y p e is single a ut he nti f ication area area - id authentificat i on messa g e-digest -speci f y ing t he aut h en t i f icati o n t ype is C r y pt o gra p hic a ut h en t icati o n*/ area area - id stub [no-summar y ] - spe c i f y i n g t h e ar ea is stub area*[...]

22 Password: ERT_805# show run Building configuration ... service password-encryption service timestamps debug ! hostname router ! enable password level 15 7 aNTUS0QSfz8T ! interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 ! interface serial 0/0 encapsulation hdlc ip address 10.0.0.1 255.255.255.192 ip ospf priority 255 clockrate 48[...]

23 Ø PP P has a m etho d f or enc a p sula t in g m ulti-protoc o l d atagra m s Ø Lin k Contr o l P r otoc o l (L C P) es t ablishes, c o n f igures, au then t icates and testing t he da t a-lin k connection. Ø Ne t w or k Control Pro t ocol ( NCP) es t a blish a n d con f i gu re dif f erent ne t w or k -l a y er protocol. PP P pr o vi d es t [...]

24 enca p sulation ppp – enc a p sula t io n s t y le t o p p p s t y le (inter f ace co m m and) ppp authentication [ p ap | chap - e n able t h e P A P or C HA P a ut h en t ication userna m e user n a me p ass w ord p ass w ord [ca l lba c k-dialstring] – ad d th e user n a m e and p ass w or d o f the peer in t o t he local use r . C all b [...]

25 hostname router ! enable password level 15 7 aNTUS0QSfz8T ! username ERT-805 password 7 SBFV4NgG60tV ! interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 ! interface serial 0/0 encapsulation ppp ip address 10.0.0.1 255.255.255.192 ppp authentication chap clockrate 48000 ! interface async 0/0 ! line vty 0 4 login password 7 hd3cpRj[...]

26 ip address 192.168.98.63 255.255.255.0 ! interface serial 0/0 encapsulation ppp ip address 10.0.0.2 255.255.255.192 ppp authentication chap ! interface async 0/0 ! line vty 0 4 login password 7 o2EUq2a6AFiY4D ! ip route 192.168.99.0 255.255.255.0 10.0.0.1 ! end P AP e xample outer# show run Building configuration ... service password-encryption [...]

27 interface async 0/0 ! line vty 0 4 login password 7 hd3cpRj4s14LeA ! ip route 192.168.98.0 255.255.255.0 10.0.0.2 ! end router# ERT-805# show run Building configuration ... service password-encryption service timestamps debug ! hostname ERT-805 enable password 7 5EVbxkwzBvfT ! username router password 7 qBjbURagjK0L ! interface fastethernet 0/0 [...]

28 ! ip route 192.168.99.0 255.255.255.0 10.0.0.1 ! end ERT-805# 4.5 HD L C Proto c ol Onl y wh e n t h e inter f ace o p erates in t h e s y n c hron o us m ode, can it b e e ncaps u la t ed with HDLC. enca p sulation hd l c – en c a p sul a ti o n with h d lc t y p e router# show run Building configuration ... service password-encryption servic[...]

29 end router# router# debug hdlc s0/0 router# 03:59.544 %serial0/0 Hdlc Port debug turn on 04:01.399 serial0/0 HDLC O(len=162):CDP 01 b4 cc 27 00 01 00 0a 72 6 f 75 74 65 04:01.399 72 00 02 00 11 00 00 00 01 01 01 cc 00 04 0a 00 00... 04:03.094 serial0/0 HDLC I(len=22):lmi peer_seq=155,local's=159 04:03.753 %HDLC serial0/0 Keepalive 04:03.753[...]

30 router# no 05:13.094 serial0/0 HDLC I(len=22):lmi peer_seq=162,local's=166de 05:13.753 %HDLC serial0/0 Keepalive 05:13.753 serial0/0 HDLC O(len=22):lmi local_seq=167,peer's=162 4.6 SNA 4.6.1 Introduction S w itch- t o-Switch Protoc o l ( SSP) is a protoc o l s p eci f ie d in t he D LSw s t an d ard t h at routers use to es t a b lis h[...]

31 sdlc ro l e – es t a b lish r o le o f the in t er f ace sdlc-lar g est-fra me - S e t t h e lar g est I- f r a m e si z e t hat c an b e sent or receiv e d b y t he desi g nat e d SDLC s t a ti o n sdlc s i mul t aneous [full-datemode | h alf-da t amode] - full-datemode is e na b le t he pri m a r y s t atio n to s e nd d a t a t o a nd recei[...]

32 hostname RouterA ! source-bridge ring-group 2000 dlsw local-peer peer-id 150.150.10.2 dlsw remote-peer 0 TCP 150.150.10.1 ! interface serial 8 IP address 150.150.10.2 255.255.255.192 clockrate 56000 ! interface tokening 0 no Ip address ring-speed 16 source-bridge 500 1 2000 source-bridge spanning Configuration for Router B hostname RouterB ! dls[...]

33 4.7 X.25 Pr o toco l T he X.25 protoc o l is de f in e s the co n nection b e t w e en d a t a ter m inal eq u ip m ent (D T E) a n d circuit-ter m inati n g e q uip m e nt (DCE). X . 25 is the proto c ol o f p o int- t o-p o int in t eraction b e t w e en D T E and D C E e q u ip m ent. D T E usuall y r e f ers to the h ost or ter m inal a t t [...]

34 t y p es o f VC, which is per m ane n t virtu a l circ u it (PVC) a nd s w itc h virtu a l circuit (SVC). T he dif f erent be t w e en PV C a n d SV C is PVC is per m anen t ly esta b lish e d co n nections u sed f or f requent a nd c o nsisten t da t a trans f ers and n ot us e call setup and c a ll clear. enca p sulation x25 [d c e | d te] –[...]

35 X. 2 5 f a c il i t y f a c ilit y -n u m b er wi ndow s i ze in- s i z e out-si z e Requ e st re ver s e c h arging while ini tiatin g a ca ll X. 2 5 f a c il i t y f a c ilit y -n u m b er re ver se Requ e st t h rough p u t -le ve l negoti a tio n w hile initiating a ca ll X. 2 5 f a c ilit y f acilit y -n u m b er t h rou g hpu t i n out Net[...]

36 x25 address 8 7 65 4 321 x25 m ap ip 10. 1 .1. 2 1 23 456 7 8 cloc k rate 9600 Router2 ： inter f ace seri a l 1 enca p sula t io n x25 d t e ip add r ess 10.1 . 1.2 25 5. 255 . 0.0 x25 address 1 2 34 5 678 x25 m ap ip 10. 1 .1. 1 8 76 543 2 1 A c c e ss p a c ket s w itching net w ork s1: 1 4.1 . 1.1/ 24 x1 2 1:1 4 111 Ro u ter1 X25 s 1:14 . 1[...]

37 x25 m ap ip 14. 1 .1. 2 14 1 1 2 Set up net w ork w ith PVC Router1 ： inter f ace seri a l 1 enca p sula t io n x25 ip add r ess 14.1 . 1.1 25 5. 255 . 255 . 0 x25 address 14 1 1 1 x25 ltc 3 x25 pvc 1 ip 14. 1 .1.2 x25 pvc 2 ip 14. 1 .1.3 Router2 ： inter f ace seri a l 1 enca p sula t io n x25 ip add r ess 14.1 . 1.2 25 5. 255 . 255 . 0 x25 [...]

38 T he f r a m e rel a y s w itch , w h ich is respo n ds o n e or m ore LMI t y p es. T here are thr ee dif f erent LMI t y p es: cisco, an s i a nd q93 3 a. enca p sulation frame-rel ay – e nca p sulation f ra m e rel a y t y p e o n seri a l inter f ac e frame-rel a y map ip proto c ol a ddress dlci [br o adc a st | gate wa y -do w n | interf[...]

39 S1:192.1.1.2 / 24 S1:192.1.1.1 / 24 E1:142.10.2. 7/24 E1:142.10.3. 7/24 142.10.2.6/ 24 142.10.3.6/ 24 FR 142.10.4.6/ 24 S1:192.1.1.3 / 24 E1:142.10.4. 7/24 16 17 16 16 host_a host_ c host_b Router1 Router3 Router2 Figure 2-1 Configuration Example (1) Route r 1 C o n f igura t io n: Router1>enable Router1#conf term Router1 (config)#interface s[...]

40 Router2#conf term Router2 (config)#interface s1 Router2 (config-if)#enca fram Router2 (config-if)#no sh Router2 (config-if)#Ip addr 192.1.1.2 255.255.255.0 Router2 (config-if)#fram first-dlci 16 Router2 (config-if)#fram map IP 192.1.1.1 16 Router2 (config-if)#exit Router2 (config)#int e1 Router2 (config-if)#no shut Router2 (config-if)#Ip addr 14[...]

41 Chapter 5 Security 5.1 Access-list T he purpose f or access-list is p ac k et f ilteri n g to co n trol , w h ich p ac k e t s m ove thro u gh the ne t wor k . Such control c a n h el p li m it ne t w o r k tr a f f ic and restrict ne t wor k use b y cer t ai n user or d e vice. Access-list is use as a p ac k et f ilt e r , t h is f uncti o n h [...]

42 ip address 10.0.0.2 255.255.255.192 ip access-group 1 out clockrate 48000 ! interface async 0/0 ! router rip network 192.168.98.0 network 10.0.0.0 ! line vty 0 4 login password 7 o2EUq2a6AFiY4D ! ip route 0.0.0.0 0.0.0.0 10.0.0.1 ! access-list 1 permit host 192.168.98.62 access-list 1 permit host 192.168.98.63 access-list 1 permit host 192.168.9[...]

43 enable password 7 5EVbxkwzBvfT ! username router password 7 qBjbURagjK0L ! interface fastethernet 0/0 ip address 192.168.98.63 255.255.255.0 ! interface serial 0/0 encapsulation ppp ip address 10.0.0.2 255.255.255.192 ip access-group 100 out clockrate 48000 ! interface async 0/0 ! router rip network 192.168.98.0 network 10.0.0.0 ! line vty 0 4 l[...]

44 5.2 NAT – Ne t w o rk A d dress Tran s lation I P add r ess de p le t ion is a m ain pro b le m that f acing in t he p ublic n et w or k . N A T (networ k address transla t i o n) is a s o lu t i o n t ha t all o w s t he I P ne t wor k o f a n org a niza t i o n to ap p ear f ro m the ou t side t o use dif f erent I P address t h en it o w n [...]

45 St atic N A T Configuratio n ERT-805# show run Building configuration ... service password-encryption service timestamps debug ! hostname ERT-805 ! enable password 7 5EVbxkwzBvfT ! username router password 7 qBjbURagjK0L ! interface fastethernet 0/0 ip address 192.168.98.63 255.255.255.0 ip nat inside ! interface serial 0/0 encapsulation ppp ip [...]

46 ERT-805# Figure of st a t i c N A T e x a m p le resu l t ERT-805# show ip nat translations Total 1 NAT translations Pro Inside Local Inside Global Outside Global TTL --- 192.168.98.62:0 10.0.1.1:0 ERT-805# D y nami c N A T Configurat i on ERT-805# show run Building configuration ... service password-encryption service timestamps debug ! hostnam[...]

47 ip address 10.0.1.1 255.255.255.192 secondary ip nat outside ip access-group 1 out clockrate 48000 ! interface async 0/0 ! router rip network 192.168.98.0 network 10.0.0.0 ! line vty 0 4 login password 7 o2EUq2a6AFiY4D ! ip nat pool overload 10.0.1.1 10.0.1.1 netmask 255.255.255.192 ip nat inside source list 1 pool overload overload ! access-lis[...]

48 cr y pto i p s e c s e curi t y - as s ociation lifetime [ k ilo b y t e s | seconds ] – to m odi f y t he ti m e value whe n neg o ti a ti n g I p sec securi t y . cr y pto map m ap-na m e m ap nu m ber [ i p sec-i s akmp | i p sec-manual] – creat e a cr y pto m ap e n t r y . I p sec-isak m p is used to establish t h e I p sec securi t y f[...]

49 cr y pto i s akmp k e y ke y string address p e er-address – con f igure p r eshare d au t h e ntica t io n ke y cr y pto i s akmp pol ic y prio r i t y – t o de f i n e I n terne t K e y exchang e (IKE) p o li c y - hash - encr y ption - group - authentication - lifetime sho w cr y pto i p s e c s a – s ho w s current co n nections an d i[...]

50 match address 100 ! crypto isakmp policy 1 authentication pre-share group 1 hash md5 ! crypto isakmp key 12345678 address 10.0.0.2 255.255.255.192 ! interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 ! interface serial 0/0 encapsulation ppp ip address 10.0.0.1 255.255.255.192 crypto map dynmap clockrate 48000 ! interface async 0/0[...]

51 ! hostname router ! enable password 7 7JDUhlA4A907 ! username scott password 7 phTLTNmZFcwY3D crypto ipsec transform-set transform-1 esp-3des esp-md5-hmac ! crypto map dynmap 1 ipsec-isakmp set transform-set transfrom-1 set peer 10.0.0.1 match address 100 ! crypto isakmp policy 1 authentication pre-share group 1 hash md5 ! crypto isakmp key 1234[...]

52 router# router# debug crypto isakmp router# 22:34.011 Crypto ISAKMP debugging is on router# term router# terminal m router# terminal monitor router# 23:03.993 IPSEC: SEND KEEYALIVE ON PEER 10.0.0.2 23:03.993 recv msg type=331, msg=08 0a 00 00 01 0a 00 00 02 23:03.993 recv Ipsec Msg 23:03.994 recv DPD req 23:03.994 creat a DPD struct 23:03.994 se[...]

53 router# show crypto ipsec sa interface: serial0/0 Crypto map tag:dynmap, local addr:10.0.0.1 Local ident (addr/mask/prot/port):192.168.99.0/255.255.255.0/0/0 Remotel ident (addr/mask/prot/port):192.168.98.0/255.255.255.0/0/0 PERMIT,flags={origin_is_acl,} Current Peer:10.0.0.2 #pkts encaps:1160 ,pkts encrypts:1160, pkts digest:1160 #pkts decaps:1[...]

54 Configure I p se c M anual bet w een routers Router 2 Router 1 eth: 1 92 . 168 . 98 . 63 s0/0 1 0.0 . 0.2 s0/0 10.0 . 0.1 et h :1 9 2.1 6 8.9 9 .64 Router 1 con f i g uration ERT-805# show run Building configuration ... service password-encryption service timestamps debug ! hostname ERT-805 ! enable password level 15 7 EJketQjD8uBh ! crypto ipse[...]

55 ! router rip network 192.168.98.0 network 10.0.0.0 ! line vty 0 4 login password 7 iFEdTlElgPbW4D ! ! access-list 100 permit ip 192.168.98.0 0.0.0.255 192.168.99.0 0.0.0.255 ! end Router 2 con f i g uration ERT-805# router# show run Building configuration ... service password-encryption service timestamps debug ! hostname router ! enable passwor[...]

56 ip address 192.168.99.64 255.255.255.0 ! interface serial 0/0 encapsulation ppp ip address 10.0.0.1 255.255.255.192 crypto map dynmap ! interface async 0/0 ! router rip network 192.168.99.0 network 10.0.0.0 ! line vty 0 4 login password 7 hd3cpRj4s14LeA ! ip route 0.0.0.0 0.0.0.0 10.0.0.2 ! access-list 100 permit ip 192.168.99.0 0.0.0.255 192.16[...]

57 match address 100 ! crypto map mm 1 ipsec-isakmp dynamic dy crypto isakmp policy 1 authentication pre-share hash md5 ! crypto isakmp key 1234 address 10.0.0.2 255.255.255.192 ! interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 ip address 192.168.99.64 255.255.255.0 ! interface serial 0/0 encapsulation ppp ip address 10.0.0.1 255.[...]

58 Building configuration ... service password-encryption service timestamps debug ! hostname ERT-805 ! enable password 7 uh4a5s35v9i6 ! crypto ipsec transform-set scott esp-des ah-md5-hmac ! crypto map mm 1 ipsec-isakmp set transform-set scott set peer 10.0.0.1 match address 100 ! crypto isakmp policy 1 authentication pre-share hash md5 ! crypto i[...]

59 ! ip route 0.0.0.0 0.0.0.0 serial 0/0 ! access-list 100 permit ip 192.168.98.0 0.0.0.255 192.168.99.0 0.0.0.255 ! end ERT-805# router# show crypto ipsec sa interface: serial0/0 Crypto map tag:dynmap, local addr:10.0.0.1 Local ident (addr/mask/prot/port):192.168.99.0/255.255.255.0/0/0 Remotel ident (addr/mask/prot/port):192.168.98.0/255.255.255.0[...]

60 crypto map: dynmap no sa timing: IV size: 8 bytes replay detection support: Y outbound pcp sas: router# GRE Examp l e Router 1 ERT-805> enable Password: ERT-805# show run Building configuration ... service password-encryption service timestamps debug ! hostname ERT-805 ! enable password 7 at1a2V/tbD6b ! crypto ipsec transform-set marc esp-3de[...]

61 ! interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 ! interface serial 0/0 encapsulation hdlc ip address 130.0.1.2 255.255.0.0 tunnel 10.0.0.1 10.0.0.2 ip address 10.0.0.1 255.0.0.0 secondary crypto map mm clockrate 128000 ! interface async 0/0 ! router rip version 1 network 192.168.99.0 network 10.0.0.0 ! line vty 0 31 ! access-[...]

62 ! crypto map mm 1 ipsec-isakmp set transform-set marc set peer 10.0.0.1 match address 100 ! crypto isakmp policy 1 authentication pre-share hash sha ! crypto isakmp key 1234 address 10.0.0.1 255.0.0.0 ! interface fastethernet 0/0 ip address 192.168.98.63 255.255.255.0 ip nat inside ! interface serial 0/0 encapsulation hdlc ip address 130.0.1.1 2[...]

63 access-list 1 permit 192.168.98.62 0.0.0.255 access-list 100 permit ip 10.0.0.0 0.0.0.255 192.168.99.61 0.0.0.255 ! end router# ERT-805# show ip route Codes: A--all O--ospf S--static R--rip C--connected E--egp T--tunnel o--cdp D--EIGRP, EX--EIGRP external, O--OSPF, IA--OSPF inter area N1--OSPF NSSA external type 1, N2--OSPF NSSA external type 2 [...]

64 Ø Nei g hbor r o uter aut h en t ica t ion Ø Even lo g ging CBAC uses t i m eout an d th r esholds to d eter m ine ho w long t o m anage in f or m ation f or a session a n d when to dr o p t he sessi o n t h at con n ec t s is f ail e d. C BA C is o n l y c hec k w i t h T C P an d UD P b u t n o t I C M P . T he f oll o w ing exa m ple is sh [...]

65 sho w ip inspect interfa c e – sh o w in t er f ace con f igura t ion with inspec t io n rule a n d access-list sho w ip inspect se s sion – dis p l a y t he curren t sessi o n th a t h a v e b e en es t a blish e d debug ip inspect e v en t s – dis p l a y t h e in f or m ation ab o ut CBAC even t s debug ip inspect ob j ect- c reation ?[...]

66 ip route 0.0.0.0 0.0.0.0 10.0.0.1 ip inspect audit-trail ip inspect max-incomplete low 100 ip inspect max-incomplete high 120 ip inspect one-minute low 100 ip inspect one-minute high 120 ip inspect tcp synwait-time 50 ip inspect name test http ip inspect name test ftp ip inspect name test udp ip inspect name test tcp ip inspect name test smtp ip[...]

67 25:54.379 CBAC: RCV TCP packet 192.168.99.61:21=>192.168.98.62:1412 serial0/0 25:54.569 CBAC: RCV TCP packet 192.168.98.62:1412=>192.168.99.61:21 fastethern 25:54.569 et0/0 25:58.813 CBAC: RCV TCP packet 192.168.98.62:1412=>192.168.99.61:21 fastethern 25:58.813 et0/0 25:58.850 CBAC: RCV TCP packet 192.168.99.61:21=>192.168.98.62:1412[...]

68 29:37.201 CBAC: delete a session table (40235) 29:40.059 CBAC: delete a session table (40232) 29:45.059 CBAC: delete a session table (40230) 29:58.059 CBAC: delete a host session table 29:58.059 CBAC: delete a session table (40236) 5.5 Radius Secu r ity (AAA) AA A ( A uth e nticati o n Au t horization A ccount i ng) is t he w a y that all o w s [...]

69 router# show run Building configuration ... service password-encryption service timestamps debug ! hostname router ! enable password 7 St3Yuxw1NBTq ! aaa authentication ppp scott radius aaa accounting network scott start-stop radius username scott password 7 1clZ5Mnm-XEu ! interface fastethernet 0/0 ip address 192.168.99.64 255.255.255.0 ! inter[...]

70 radius-server host 192.168.99.63 ! end router# Router 2 ERT-805> enable Password: ERT-805# show run Building configuration ... service password-encryption service timestamps debug ! hostname ERT-805 ! enable password 7 uh4a5s35v9i6 ! interface fastethernet 0/0 ip address 192.168.98.63 255.255.255.0 ! interface serial 0/0 encapsulation ppp ip [...]

71 ip route 0.0.0.0 0.0.0.0 serial 0/0 ! end ERT-805# C H AP Examp l e Router 1 router# show run Buil d i n g con f igu r ation . . . service password-enc r y p ti o n service t i m es ta m p s debu g ! hostna m e router ! ena b le p assword 7 S t3 Y u x w1NB T q ! aaa authentication ppp s c ott radius aaa accounting net w ork s cott s t art-stop r[...]

72 ! li n e v t y 0 4 login p ass w ord 7 k d W L6UX P kdPV/B ! ip ro u te 0 .0. 0 .0 0 .0 . 0.0 serial 0 /0 radius-server key 7 DRjQtY26F/tc radius- s er v er d ea d time 2 radius- s er v er retransmit 4 radius- s er v er host 19 2 .1 6 8.99 . 63 acct-port 1 646 auth-port 1645 ! end router# Router 2 ERT-805> enable Password: Password: ERT-805# [...]

73 ! interface async 0/0 ! router rip network 10.0.0.0 network 192.168.98.0 ! line vty 0 4 login password 7 3Z4SNtmYpBT6BC ! ip route 0.0.0.0 0.0.0.0 serial 0/0 ! end ERT-805# Debug radi u s 13:51.914 #Line serial0/0 Protocol Up 13:51.921 Radius: Send to 192.168.99.63:1646, Accounting_Request, id 0xfe, len 13:51.921 52 13:51.922 Attri b ute type: A[...]

74 Chapter 6 QOS Quali t y o f service (QOS) is use to i m prove t h e n et w or k e f f icien c y . E R T -805 pr o vi d es so m e di f f erent QOS, w h ich are CAR , Polic y - base d R o uting, W eight f air que u i n g a n d class- m ap 6.1 CAR – C o m m itted A c ce s s Rate CAR (Co m m itted Access Rate) is a ll o w s user t o li m it the o [...]

75 Violate- a ction • continue – Eval u ates t he o ther rate - li m it • drop – Dro p s t he pac k et • transmit – S e nds sho w interface ra t e-limit – dis p l a y in f or m ation a b out CAR f or an in t er f ace Configuration E x ample router# show run Building configuration ... service password-encryption service timestamps debu[...]

76 password 7 3Z4SNtmYpBT6BC ! ip route 0.0.0.0 0.0.0.0 serial 0/0 ! access-list 100 permit tcp any any eq www access-list 101 permit tcp any any eq ftp ! end router# router# show interface s0/0 rate-limit Output matches: access-group 100 params: 9600 bps, 24000 limit, 32000 extended limit conformed 3582 packets, 219373 bytes; action: transmit exce[...]

77 6.2 Policy - based Routing PB R (poli c y - b ased r o uting) is all o w s user m anu a l l y t o d e f ined poli c y tha t h o w to r e ceived pac k e t s should b e rou t ed a nd also all o w s user t o iden t i f y p ac k e t s usin g several attributes to speci f y t he next hop t o w h ich t he pac k et should b e sent. route-map m ap-na m [...]

78 router rip version 2 network 10.0.0.0 network 192.168.98.0 ! line vty 0 4 login password 7 k2CZPVdrqEggyC ! route-map richard match ip address 1 set interface serial 0/0 set ip next-hop 10.0.0.1 ! access-list 1 permit 192.168.98.62 0.0.0.255 ! end router# 6.3 Class - map a nd policy - map Class- m ap c o m m and is a g lo b al co m m and whic h [...]

79 a n y – m atch a n y p ac k ets match input-interface – s peci f y a n inpu t i n ter f ace to m atch match cl a ss-map c lass- m ap n a m e – speci f y th e tra ff ic class as a m atch criterio n . match ip rtp l o w er bo u nd o f UDP des t i n ation pr o t – c on f igure c lass- m ap that use rtp pr o tocol port as m atch criterion ma[...]

80 enable password 7 wonRBhc01DcE ! class-map match-any test match access-group 101 match protocol ip tcp 80 match input-interface serial 0/0 ! class-map match-any test1 match access-group 102 match protocol ip tcp 80 match input-interface serial 0/0 ! policy-map richard class test bandwidth percent 60 queue-limit 2 ! class test1 bandwidth percent [...]

81 login password 7 k2CZPVdrqEggyC ! ip route 192.168.99.0 255.255.255.0 10.0.0.1 ! access-list 1 permit 192.168.98.62 0.0.0.255 access-list 101 permit ip host 192.168.98.62 any access-list 102 permit ip host 192.168.98.63 any ! end router# router# show policy-map interface s0/0 serial0/0 Service-policy output: marc Class-map: test (match-any) 1376[...]

82 Weighted Fair Queueing Output Queue: Conversation Bandwidth 40 (%) Max Thresh 2 (packets) (pkts matched/bytes matched) 0/0 Class-map: class-default (match-all) 137 packets, 8713 bytes 5 minute offered rate 153 bps, drop rate 0 bps Match any router# router# show class-map Class Map match-any class-default (id 0) Match any Class Map match-any test[...]

83 pac k ets in a q ue u e f or tra n s m ission. ER T -805 is pr o vides f our di ff erent t y p es o f q ueu e th a t is FIFO (de f ault in a ll rou t er), W FQ ( W eighed f air q u e u ing), priori t y q u e u ing an d custo m que u ing. 6.4.1 FIFO- First IN First Out T he tra f f ic f or FIFO is tran sm itted i n t h e o r der rec e ive d , w i[...]

84 inter f ace a s y n c 0 / 0 ! router rip network 192.168.98.0 network 10.0.0.0 ! line vty 0 4 login password 7 kdWL6UXPkdPV/B ! ip route 0.0.0.0 0.0.0.0 serial 0/0 router# show queueing fair Current fair queue configuration: Interface Discard Dynamic Reserved threshold queue count queue count serial0/0 64 2 0 router# show queue s0/0 Weighted Fai[...]

85 priori t y qu e ui n g b ased on p rotocol t y p e priori t y -l i st list nu m ber interfa ce inter f ace t y p e in t erface no [high | medium | n ormal | lo w ] – Es t ablish p r iori t y qu e uing fo r all traf f ic entering on a n i n c o m ing inter f ace priori t y -l i st list nu m ber default [high | medium | normal | lo w ] - Assign [...]

86 interface async 0/0 ! router rip network 10.0.0.0 network 192.168.98.0 ! line vty 0 5 login password 7 tF4VZx7eRx5VcC ! ip route 0.0.0.0 0.0.0.0 10.0.0.1 ! access-list 100 permit tcp host 192.168.99.61 host 192.168.98.62 access-list 100 permit ip any any priority-list 2 protocol ip high tcp 80 priority-list 2 protocol ip high list 100 priority-l[...]

87 2 low limit 30 router# router# show queue s0/0 Priority Queueing, priority-list 2 router# router# show int s0/0 serial0/0 is administratively up, line protocol is up Hardware is RT800-E Encapsulation PPP, loopback not set, keepalive set (10 sec) LCP Open IPCP Open, CCP Closed, CDP Open, MPLSCP Close Queueing strategy: priority-list 2 Output queu[...]

88 Queu e- ke yw ord ke yw ord-value E xp lain Frag m en t s NULL A n y fr ag m en ts ip p ac ke t List Lis t -n u m b er Assig n s t r a ff i c p ri o riti es ac c o rding to a sp e c i fied l i s t . Lt B y te-cou n t S peci f ies a less-than c o unt . T he priori t y l e vel assig n ed goes in t o effect w h e n a p ac k et size is less th a n t[...]

89 Configuration E x ample router# show run Building configuration ... service password-encryption service timestamps debug ! hostname router ! enable password 7 Pl2cGlY8liD4 ! interface fastethernet 0/0 ip address 192.168.98.63 255.255.255.0 ! interface serial 0/0 encapsulation ppp ip address 10.0.0.2 255.255.255.192 custom-queue-list 10 ! interfa[...]

90 queue-list 10 default 5 queue-list 10 protocol ip 1 list 1 ! end router# router# show int s0/0 serial0/0 is administratively up, line protocol is up Hardware is RT800-E Encapsulation PPP, loopback not set, keepalive set (10 sec! IPCP Open, CCP Closed, CDP Open, MPLSCP Close Queueing strategy: custom-queue-list 2 Output queues: (queue #: size/max[...]

91 router# show queueing custom Current custom queue configuration: List Queue Args 10 5 default 10 1 protocol ip tcp port 80 10 2 interface serial0/0 10 3 protocol ip 10 1 protocol ip list 1 10 4 byte-count 115200 limit 10 router#[...]

92 Appendix A Upgrade firmware Pl e ase f oll o w t he st e p s to u pgra d e f ir m w are: 1. Find and d o wnload the la te st f ir m w are f r o m PLA N ET W e b site. 2. Con n ect Cons o le port t o E R T -805 Seri a l WAN Route r 3. Cha n ge t o D PS- m ode a n d run m rc o m 32.exe (this pro g ra m can be f ou n d in t h e C D -ROM m enu, dire[...]

93 T hen press enter s t ill see t he Input File Name , t y p e in th e f ile ’ s n a m e and press enter a g a in ] 10 . T hen press 3 to res t art Ro u ter N o w , the E R T -805 is wi t h t h e f ir m w are f ile just d o wnlo a ded.[...]

94 Appendix B Router Dialing E R T -805 is support dial-up fr o m m od e m w hi c h i s all o w user to re m ote to o f fice fr o m o t her place. And the comm a nds are: P h y s i cal-l a y e r a s ync – c o n f igure serial in t er f ace as a n a s y nc in t er f ace a s y nc mode [dedi c ated | i nteracti v e ] – s p eci f y li n e m ode f o[...]

95 ip route 12.0.0.0 255.0.0.0 10.1.1.2 dialer- list 1 protocol ip permit Con f igu r ing r o uter R ou t er 2 int s1 encap ppp ip address 10.1.1.2 255.0.0.0 physical-layer async async mode dedicate line flowcontrol hardware line cd normal line speed 9600 dialer in-band line i nact i ve- ti m er 60 dialer- list 1 protocol ip permit[...]

96 Appendix C Cables / Pin-assignment for ERT-805 C.1 V .35 DTE – CB-ERTV35-MT Pin to ERT-805 Description Pin to device Description 21 MODE_1 18 MODE_0 GND 25 MODE_DCE 1 Shield A Shield_GND 08 B_DCD/DCD+ Twisted pair no. 1 < — F RLSD 7 GND+ B GND 03 I_RXD/TXD+ Twisted pair no. 9 < — R RD+ 16 I_RXD/TXD – < — T RD – 02 O_TXD/RXD+[...]

97 03 I_RXD/TXD+ Twisted pair no. 3 < — P SD+ 16 I_RXD/TXD – < — S SD – 02 O_TXD/RXD+ Twisted pair no. 5 — > R RD+ 14 O_TXD/RXD – — > T RD – 05 I_CTS/RTS+ Twisted pair no. 2 < — C RTS 06 I_DSR/DTR+ < — H DTR 04 O_RTS/CTS Twisted pair no. 4 — > D CTS 20 O_DTR/DSR+ — > E DSR 17 I_RXC/TXCE+ Twisted pair [...]

98 12 GND GND C.4 V .24 DCE – CB-ERT232-FC Pin to ERT-805 Description Pin to device Description 21 MODE_1 18 MODE_0 25 MODE_DCE GND 1 Shield 1 Shield_GND 08 B_DCD/DCD+ Twisted pair no. 1 — > 8 CD 7 GND 7 GND 03 I_RXD/TXD+ Twisted pair no. 3 < — 2 TXD 16 GND GND 02 O_TXD/RXD+ Twisted pair no. 5 — > 3 RXD 14 GND GND 05 I_CTS/RTS+ Twi[...]

99 14 O_TXD/RXD- 9 TXD- 05 I_CTS/RTS+ Twisted pair no. 2 < — 5 INDIC A T ION+ 06 I_DSR/DTR+ < — 12 INDIC A T ION- 04 O_RTS/CTS Twisted pair no. 4 — > 3 CON T ROL+ 20 O_DTR/DSR+ — > 10 CON T ROL- 17 I_RXC/TXCE+ Twisted pair no. 8 < — 6 T IMING+ 09 I_RXC/TXCE- <- 13 T IMING- Twisted pair no. 6 — > — > Twisted pai[...]

100 C.7 RJ-45 Con s o l e Cab l e T he ping out o f the RJ-4 5 console ca b le b u n dl e d in t he p ac k age is as f oll o w ing: 1 … … …… … …… … ……… …… ..8 2 … ……… … …… …… ………… ..7 3 … ……… … …… …… ……… …… 6 4 … ……… … …… …… ………… ..5 5 … …?[...]