Technical data
Table Of Contents
- Preface
- Introduction
- Chapter 1. Advanced Topics
- Chapter 2. Planning For Router Configuration
- Important Terminology
- Collect your Configuration Information
- PPP Link Protocol (over ATM or Frame Relay)
- IP Routing Network Protocol
- IPX Routing Network Protocol
- Bridging Network Protocol
- RFC 1483 / RFC 1490 Link Protocols
- IP Routing Network Protocol
- IPX Routing Network Protocol
- Bridging Network Protocol
- MAC Encapsulated Routing: RFC 1483MER / RFC 1490MER Link Protocols
- IP Routing Network Protocol
- FRF8 Link Protocol
- IP Routing Network Protocol
- Dual Ethernet Router Configuration
- General Information
- Configuring the Dual Ethernet Router as a Bridge
- Configuring the Dual Ethernet Router for IP Routing
- Chapter 3. Configuring Router Software
- Configuration Tables
- Configuring PPP with IP Routing
- Configuring PPP with IPX Routing
- Configuring PPP with Bridging
- Configuring RFC 1483 / RFC 1490 with IP Routing
- Configuring RFC 1483 / RFC 1490 with IPX Routing
- Configuring RFC 1483 / RFC 1490 with Bridging
- Configuring MAC Encapsulated Routing: RFC 1483MER / RFC 1490MER with IP Routing
- Configuring FRF8 with IP Routing
- Configuring Mixed Network Protocols
- Configuring a Dual Ethernet Router for IP Routing
- Verify the Router Configuration
- Sample Configurations
- Sample Configuration 1 — PPP with IP and IPX
- Scenario
- Sample Configuration 1 — Diagram for Target Router (SOHO)
- Sample Configuration 1 — Tables For Target Router (SOHO)
- Sample Configuration 1 - Check the Configuration with the “list” Commands
- Information About Names And Passwords
- Sample Configuration 2 — RFC 1483 with IP and Bridging
- Scenario
- Sample Configuration 2 — Diagram for Target Router SOHO
- Sample Configuration 2 — Tables For Target Router (SOHO)
- Sample Configuration 2 - Check the Configuration with the “list” Commands
- Sample Configuration 3 — Configuring a Dual Ethernet Router for IP Routing
- Scenario
- Configuration Tables
- Chapter 4. Configuring Special Features
- Bridging Filtering and IP Firewall
- IP (RIP) Protocol Controls
- DHCP (Dynamic Host Configuration Protocol)
- General Information
- Manipulating Subnetworks and Explicit Client Leases
- Enabling/disabling a subnetwork or a client lease
- Adding subnetworks and client leases
- Setting the lease time
- Manually changing client leases
- Setting Option Values
- Concepts
- Commands for global option values
- Commands for specific option values for a subnetwork
- Commands for specific option values for a client lease
- Commands for listing and checking option values
- BootP
- About BootP and DHCP
- Enable/Disable BootP
- Use BootP to specify the boot server
- Defining Option Types
- Concepts
- Commands
- Configuring BootP/DHCP Relays
- Other Information
- NAT (Network Address Translation)
- Management Security
- Software Options Keys
- Encryption
- IP Filtering
- L2TP Tunneling - Virtual Dial-Up
- Introduction
- L2TP Concepts
- LNS, L2TP Client, LAC, and Dial User
- L2TP Client Example
- LNS and L2TP Client Relationship
- Tunnels
- Sessions
- Configuration
- Preliminary Steps to Configure a Tunnel
- Verification Steps
- Configuration Commands
- PPP Session Configuration
- Sample Configurations
- Simple L2TP Client Configuration Example
- Complete LNS and L2TP Client Configuration Example
- Configuration Process
- Chapter 5. Command Line Interface Reference
- Command Line Interface Conventions
- System Level Commands
- Router Configuration Commands
- Target Router System Configuration Commands (SYSTEM)
- Target Router Ethernet LAN Bridging and Routing (ETH)
- Remote Router Access Configuration (REMOTE)
- Asymmetric Digital Subscriber Line Commands (ADSL)
- Asynchronous Transfer Mode Commands (ATM)
- Dual Ethernet Router Commands (ETH)
- General information
- High-Speed Digital Subscriber Line Commands (HDSL)
- General information about HDSL
- ISDN Digital Subscriber Line (IDSL)
- General information about IDSL
- Symmetric Digital Subscriber Line Commands (SDSL)
- General information about SDSL
- Dynamic Host Configuration Protocol Commands (DHCP)
- L2TP — Virtual Dial-Up Configuration (L2TP)
- Bridging Filtering Commands (FILTER BR)
- Save Configuration Commands (SAVE)
- Erase Configuration Commands (ERASE)
- File System Commands
- Chapter 6. Managing the Router
- Simple Network Management Protocol (SNMP)
- TELNET Remote Access
- Client TFTP Facility
- TFTP Server
- BootP Server
- Boot Code
- Manual Boot Menu
- Access Manual Boot Mode
- Option 1: Retry Start-up
- Option 2: Boot from FLASH Memory
- Option 3: Boot from Network
- Option 4: Boot from Specific File
- Option 5: Configure Boot System
- Option 6: Set Time and Date
- Option 7: Set Console Baud Rate
- Option 8: Start Extended Diagnostics
- Identifying Fatal Boot Failures
- Software Kernel Upgrades
- Backup and Restore Configuration Files
- FLASH Memory Recovery Procedures
- Recovering Passwords and IP Addresses
- Batch File Command Execution
- Chapter 7. Troubleshooting
- Appendix A. Network Information Worksheets
- Configuring PPP with IP Routing
- Configuring PPP with IPX Routing
- Configuring PPP with Bridging
- Configuring RFC 1483 / RFC 1490 with IP Routing
- Configuring RFC 1483 / RFC 1490 with IPX Routing
- Configuring RFC 1483 / RFC 1490 with Bridging
- Configuring RFC 1483MER / RFC 1490MER with IP Routing
- Configuring FRF8 with IP Routing
- Configuring a Dual Ethernet Router for IP Routing
- Appendix B. Configuring IPX Routing
- Index
97
• routers’ “receive” key and “sender” Tx key don't match.
• Different keys and key files may be used with different remote destinations.
• For maximum security, as shown in these examples, Telnet and SNMP access should be disabled and
Use the console port to view error messages and progress. If you see “Unknown protocol” errors, the PPP
CHAP used.
Sample Configuration
The sample configuration is the same as the one provided in the preceding PPP DES Encryption example, but
use the Diffie-Hellman encryption command instead of the PPP DES encryption commands.
Sample:
login admin
remote setEncryption DESE_1_KEY dh96.num SOHO
save
reboot
File Format for the Diffie-Hellman Number File
The file consists of 192 bytes, in binary format. There are two 96-byte numbers stored, with the most
significant byte in the first position. For example, the number 0x12345678 would appear
000000...0012345678.
The first 96 bytes form the modulus. In the equation x' = g^x mod n, n is the modulus. According to Diffie
and Hellman, the modulus should be prime, and (n-1)/2 should also be prime.
The second 96 bytes form the generator, or g in the above equation. The generator should be a primitive root
mod n.
The remaining pieces of the encryption key (x and y) are randomly generated at connection time, and will
change every time the device connects.
You should contact an encryption expert to obtain cryptographically sound generator and modulus pairs,
should you wish to change the default values.
Default Modulus
00000000: c9 b4 ed 33 ba 7f 00 9e - ce e0 83 5d a5 4c 19 25
00000010: e0 2d 99 44 e8 8d cd 16 - 02 0e 6c 26 6d 15 7c 95
00000020: 82 9a 8c 2b 19 d0 56 da - 9b 5b a9 cd cf fb 45 2b
00000030: c9 6a 3c 26 e5 b8 1a 25 - 07 b8 07 22 ed 15 8a 56
00000040: 8b f4 30 f2 28 fc 6b f1 - bf a4 3e 87 f0 be d6 1c
00000050: 33 92 b9 5e d1 b7 20 8c - 92 02 cb e5 26 45 02 1d
Default Generator
00000000: 90 f0 09 78 cc 23 79 a8 - 6c 23 a8 65 e0 dc 0f 6d
00000010: fb a7 26 e8 63 0a 21 67 - 5a f8 0f 59 84 09 5c da
00000020: ef af af fc d2 5f 83 e2 - a7 27 05 34 17 94 1a 4f
00000030: b2 87 76 97 e7 48 43 db - 62 29 70 9e 7f eb 2c 6e
00000040: 5d 25 1d a1 65 f0 b4 e6 - 47 4d 25 23 0b 20 b9 93
00000050: 27 f0 56 12 5a 97 f6 c5 - 31 b6 19 fc 67 22 93 f5