Models 2603, 2621, and 2635 IPLink Series High Speed Routers Getting Started Guide Important This is a Class A device and is intended for use in a light industrial environment. It is not intended nor approved for use in an industrial or residential environment. Sales Office: +1 (301) 975-1000 Technical Support: +1 (301) 975-1007 E-mail: support@patton.com WWW: www.patton.com Document Number: 03328U1-001 Rev.
Patton Electronics Company, Inc. 7622 Rickenbacker Drive Gaithersburg, MD 20879 USA Tel: +1 (301) 975-1000 Fax: +1 (301) 869-9293 Support: +1 (301) 975-1007 Web: www.patton.com E-mail: support@patton.com Copyright © 2008, Patton Electronics Company. All rights reserved. The information in this document is subject to change without notice. Patton Electronics assumes no liability for errors that may appear in this document.
Summary Table of Contents 1 General Information...................................................................................................................................... 17 2 Product Overview.......................................................................................................................................... 24 3 Initial Configuration .....................................................................................................................................
Contents Summary Table of Contents ......................................................................................................................... 3 Contents ......................................................................................................................................................... 4 List of Figures ............................................................................................................................................... 10 List of Tables ..........
Contents Models 2603, 2621, and 2635 Getting Started Guide Installing an interface cable on the IPLink 2635’s V.35 interface port .......................................................33 Installing the AC power cord ..........................................................................................................................34 Installing the Ethernet cable ............................................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide Contents Remote Site Configuration .................................................................................................................63 Central site configuration ...................................................................................................................66 7 Security .........................................................................................................................................................
Contents Models 2603, 2621, and 2635 Getting Started Guide Website Settings ..................................................................................................................................................101 Error Log.............................................................................................................................................................102 SNMP Daemon ......................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide Contents T1/E1 Interface ...................................................................................................................................................119 Protocol Support .................................................................................................................................................120 PPP Support...........................................................................................................
Contents 9 Models 2603, 2621, and 2635 Getting Started Guide
List of Figures 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 IPLink Series Router (Model 2635 shown) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Sync Serial Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 T1/E1 Application . . . . . . . . . . . . . . . . . . .
Models 2603, 2621, and 2635 Getting Started Guide 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 New Policy link to configuration webpage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Deleting a Security Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
List of Tables 1 2 3 4 5 6 7 8 9 10 11 General conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Status LED descriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 LMI Implementation on the IPLink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
About this guide This guide describes installing and configuring Patton Electronics IPLink Series High Speed Routers.
Models 2603, 2621, and 2635 Getting Started Guide About this guide Precautions Notes, cautions, and warnings, which have the following meanings, are used throughout this guide to help you become aware of potential problems. Warnings are intended to prevent safety hazards that could result in personal injury. Cautions are intended to prevent situations that could result in property damage or impaired functioning. Note A note presents additional information or interesting sidelights.
Models 2603, 2621, and 2635 Getting Started Guide About this guide Safety when working with electricity • This device contains no user serviceable parts. The equipment shall be WARNING • • • • • returned to Patton Electronics for repairs, or repaired by qualified service personnel. Mains Voltage: Do not open the case the when the power cord is attached. Line voltages are present within the power supply when the power cords are connected.
Models 2603, 2621, and 2635 Getting Started Guide About this guide Factory default parameters IPLink Series High Speed Routers have the following factory default parameters. • Ethernet IP address: 192.168.200.10/24 • WAN Connection: PPP Bridged • Ethernet and serial connections • MDI (LAN connector) • Model 2621 (X.21)—DB-15 port (DTE) • Model 2635 (V.35)—DB-25 port (DCE, DTE when using special V.35 cable) • Model 2603/T—T1 configuration. RJ-48C (100-ohm) interface • Model 2603/K—E1 configuration.
Chapter 1 General Information Chapter contents IPLink Series High Speed Routers overview ..........................................................................................................18 General attributes ............................................................................................................................................18 Ethernet .............................................................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide 1 • General Information IPLink Series High Speed Routers overview The IPLink Series of gateway routers/bridges combine full set of high-speed IP routing features and WAN access via PPP/IP/FR protocols. All IPLink routers come with an auto-sensing full-duplex 10/100Base-T Ethernet port, MDI-X cross-over switch, console port, and internal or external power supply.
Models 2603, 2621, and 2635 Getting Started Guide 1 • General Information Ethernet • Auto-sensing full-duplex 10Base-T/100Base-TX Ethernet. • Standard RJ-45 connector • Built-in MDI-X cross-over switch. • IEEE 802.1d transparent learning bridge • 2 IP address/subnets on Ethernet interface. Protocol support • Complete internetworking with IP (RFC 741), TCP (RFC 793), UDP (RFC 768), ICMP (RFC 950), ARP (RFC 826). • IP router with RIP (RFC 1058), RIPv2 (RFC 2453) • Up to 64 static routes.
Models 2603, 2621, and 2635 Getting Started Guide 1 • General Information • Logging via SYSLOG, and VT-100 console. Console port set at 9600 bps 8/N/1 settings no flow control. Security • Packet filtering firewall for controlled access to and from LAN/WAN. Support for 255 rules in 32 filter sets. 16 individual connection profiles. • DoS Detection/protection. Intrusion detection, Logging of session, blocking and intrusion events and RealTime alerts. Logging or SMTP on event.
Models 2603, 2621, and 2635 Getting Started Guide 1 • General Information Table 2. Status LED descriptions (Continued) T1/E1 Sync Serial Ethernet Link Green LOS Red TD Green RD Green TD Green RD Green CTS Green DTR Green Link Green 100M Green Tx Green Rx Green Solid green: connected Off: disconnected On: indicates a T1/E1 loss-of-frame condition. It also indicates that no T1/E1 signal is detected.
Models 2603, 2621, and 2635 Getting Started Guide 1 • General Information • Power input connector • Ethernet connector • MDI-X switch • WAN port (V.35, X.21, T1/E1) Power connector AC universal power supply. The IPLink Series router offers internal or external AC power supply options.
Models 2603, 2621, and 2635 Getting Started Guide IPLink Series High Speed Routers overview 1 • General Information 23
Chapter 2 Product Overview Chapter contents Introduction ..........................................................................................................................................................25 Applications Overview...........................................................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide 2 • Product Overview Introduction The IPLink Series Router operates as a bridge or a router and has two ports for communication: • The Ethernet port—Connects to the LAN side of the connection • The Serial port—Connects to local DTE devices (Model 2621 and 2635) • The T1/E1 port—Connects directly to T1/E1 lines (Model 2603) The router provides all layer 2 and layer 3 protocols required for end-to-end-link communication.
Models 2603, 2621, and 2635 Getting Started Guide 2 • Product Overview Applications Overview Patton’s IPLink Gateway routers deliver all the advanced features for secure, reliable, and high speed Internet data connections. They combine ease-of-use with powerful data routing to make shared Internet connectivity simple and easy.
Chapter 3 Initial Configuration Chapter contents Hardware installation ............................................................................................................................................28 What you will need .........................................................................................................................................28 Interface cable installation ..............................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide 3 • Initial Configuration Hardware installation If you are already familiar with IPLink Series Router installation and configuration, this chapter will enable you to finish the job quickly. Installation consists of the following: • Preparing for the installation (see section “What you will need”) • Installing the T1/E1 WAN, X.21, or V.
Models 2603, 2621, and 2635 Getting Started Guide 3 • Initial Configuration Installing an interface cable on the IPLink 2603’s T1/E1 interface port The IPLink Models 2603/K and 2603/T come with a selectable T1/E1 WAN interface (see figure 4). Located on the back of the IPLink, the T1 and E1 interfaces are presented on an RJ-48C connector with selectable line impedances of 100-ohms for T1 and 120-ohms for E1 lines (see figure 5).
Models 2603, 2621, and 2635 Getting Started Guide 3 • Initial Configuration RX connector (BNC) TX connector (BNC) RX TX 10/100 Crossover Power MDI-X Ethernet WAN Ethernet connector (RJ-45) WAN connector (RJ-48C) 10 /10 0 Po we r Cro ss RX ov Eth ern et er MD I-X TX W AN Figure 6. Rear view of the 2603/K showing location of Ethernet and WAN connectors The interface cable has been installed, go to section “Installing the AC power cord” on page 34.
Models 2603, 2621, and 2635 Getting Started Guide 3 • Initial Configuration Installing an interface cable on the IPLink 2621’s X.21 interface port The IPLink Model 2621 comes with an X.21 interface presented on a female DB-15 connector (see figure 7). This interface can be configured as a DTE (factory default), or as a DCE via internal configuration jumper.
Models 2603, 2621, and 2635 Getting Started Guide 3 • Initial Configuration When the local third party equipment is configured as DTE, the Model 3086 X.21 serial port can be configured as DCE, and a regular straight-through cable can then be used. Do the following to configure the X.21 port as a DCE: 1. Open the IPLink’s case by inserting a screwdriver into the slots and twist the screwdriver head slightly. The top half of the case will separate from the lower half of the case (see figure 8).
Models 2603, 2621, and 2635 Getting Started Guide 3 • Initial Configuration 4. Re-assemble the case. The interface cable has been installed, go to section “Installing the AC power cord” on page 34. Installing an interface cable on the IPLink 2635’s V.35 interface port The IPLink Model 2635 comes with a V.35 interface presented on a DB-25 female connector (see figure 10).
Models 2603, 2621, and 2635 Getting Started Guide Note 3 • Initial Configuration The IPLink comes with a V.35 cable configured as a tail-circuit. Use this cable to interconnect the IPLink’s V.35 port to a device configured as a DCE. 2635 IPLink Modem V.35 Use cable provided with 2635 IPLink 10 /100 Po we r Cr os so Et ve he rn et r MDI -X DCE X. 21 WIn AN terfa ce Figure 11.
Models 2603, 2621, and 2635 Getting Started Guide 3 • Initial Configuration Figure 12. Power connector location on rear panel (Model 2603/T shown) The IPLink router power supply automatically adjusts to accept an input voltage from 100 to 240 VAC (50/60 Hz). CAUTION Verify that the proper voltage is present before plugging the power cord into the receptacle. Failure to do so could result in equipment damage. 3.
Models 2603, 2621, and 2635 Getting Started Guide 3 • Initial Configuration ay tew Ga uter ink Ro ipL ss ce 3 60 Ac l 2 AN de ed W Moh Spe le so n Co t ne er Eth AN W P o w e r L in k F ra m T e D R D L in k 1 0 0 T M x R x Hig Model 2603 ipLink Gateway High Speed WAN Access Router r e nk am Li Fr TD RD e ow P WAN M nk 0 Li 10 Tx Rx Power LED WAN Link WAN TD LED LED WAN Frame LED Console Ethernet Ethernet Ethernet Tx Link LED LED WAN RD Ethernet LED 100M LED Ethernet Rx LED Co
Models 2603, 2621, and 2635 Getting Started Guide 3 • Initial Configuration 7. A message will display, “Login Successful.” By typing the character “?”, all the commands will be displayed. Login: superuser Password: ********* Login successful --> 8. Any commands’ parameters may be seen by entering the command followed by a space and a question mark.
Models 2603, 2621, and 2635 Getting Started Guide 3 • Initial Configuration 2. Enter the IPLink router’s IP address into the URL or Address field of the browser. To see the IPLink Series router home page, refer to the following Figures. Model 2603 is shown in figure 14. Model 2621 in figure 15. Model 2635 in figure 16. Figure 14. Model 2603 home page Figure 15.
Models 2603, 2621, and 2635 Getting Started Guide 3 • Initial Configuration Figure 16.
Chapter 4 Ethernet LAN Port Chapter contents Introduction ..........................................................................................................................................................41 LAN Connections ...........................................................................................................................................41 Ethernet Port .............................................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide 4 • Ethernet LAN Port Introduction The Ethernet LAN interface/port can be configured with two IP addresses, a primary and a secondary IP address. The configuration web page is found by following the path -> Services Configuration (in the Configuration Menu) -> LAN -> ‘Change default LAN port IP address’ (button on the main window).
Models 2603, 2621, and 2635 Getting Started Guide 4 • Ethernet LAN Port Figure 18. Basic Ethernet port attributes For additional statistical parameters and a few configurable parameters, click on the hyperlink View advanced attributes... (See figure 19.) Figure 19. Advanced Ethernet port attributes The three configurable parameters are all either ‘true’ or ‘false.’ • Auto Negotiation: the autonegotiation can be enabled (default) or disabled.
Models 2603, 2621, and 2635 Getting Started Guide 4 • Ethernet LAN Port • Full Duplex Mode: the default value is ‘true’ for Full Duplex operation. Setting it to ‘false’ configures the Ethernet port to operate only in half-duplex mode. Rarely do these parameters require a change from their default operation. Figure 20.
Chapter 5 Serial Port Configuration Chapter contents WAN Serial Port Configuration ............................................................................................................................45 Serial Interface ................................................................................................................................................45 Variables ..............................................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide 5 • Serial Port Configuration WAN Serial Port Configuration The IPLink Series routers use a sync.-serial interface (X.21, V.35) or a T1/E1 interface for connection to standard WAN services. Below are the configuration options for the WAN interface. Serial Interface The serial interface configuration menus allow the user to configure the serial interface for HDLC based connections.
Models 2603, 2621, and 2635 Getting Started Guide 5 • Serial Port Configuration Web Interface Configuration The following screen capture shows the variables available to configure the X.21 serial interface. Figure 21. Model 2621 X.21 serial port configuration parameters The next figure shows the Model 2635 (V.35) serial port configuration parameters. Figure 22. Model 2635 V.
Models 2603, 2621, and 2635 Getting Started Guide 5 • Serial Port Configuration Figure 23. Model 2603 T1/E1 WAN port configuration parameters Configuring the IPLink Series 2603 for T1 Operation Web Configuration. Launch Netscape, Internet Explorer or similar web browser, type the IP address of the 2603, enter username superuser and password superuser. From the main page click on the T1/E1 > Configuration. (See figure 24.) Figure 24.
Models 2603, 2621, and 2635 Getting Started Guide 5 • Serial Port Configuration Time Slot Select. For a T1 using all 24 time slots enter 1-24, for fractional T1 enter in any format for example: 1,2,3,5; or 1-5,10-24. Any entry for timeslots above 24 will return an invalid-selection message. Line Options: Fractional T1 Line Code: The 2603 uses B8Zs and AMI. B8Zs is the most widely used. Line Build Out: Select from 100 0dB, 100 Ohm -7.5dB, 100 Ohm -15dB, and – 22.5dB.
Models 2603, 2621, and 2635 Getting Started Guide 5 • Serial Port Configuration Time Slot Select. For unframed E1 service (Clear Channel) go to the “Line Option” parameter and select “Clear Channel E1 (G.703).” For a full framed E1 enter 1-31, for partially filled E1 enter the range of timeslots using the format for example: 1,2,3,5; or 1-5,10-31. Any entry for timeslots above 31 will return and invalid selection message. Line Options: Choose from Clear Channel E1(G.703) or Channelized E1(G.703/G.704).
Chapter 6 WAN Services Chapter contents WAN Services .......................................................................................................................................................51 Configuring the IPLink Series 2603 for E1 Operation ..............................................................................51 Web Configuration .............................................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services WAN Services Configuring the IPLink Series 2603 for E1 Operation Web Configuration. Launch Internet Explorer or similar web browser, type the IP address of the 2603, enter username superuser and password superuser. From the main page click on the T1/E1 > Configuration. (See figure 26.) Figure 26. E1 port configuration Time Slot Select.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services Once all options have been selected, click on the Configure and Activate button at the bottom of the screen. Additionally, save the configuration by going to the System Configuration > Save menu. This concludes the E1 interface configuration via the web browser, go to section “WAN Service Configuration” on page 52 for instructions on router/bridge and WAN service configuration.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services Figure 28. WAN services’ options 4. In the Description field, enter the description you wish. This is a mandatory field. Without a description, you cannot create the WAN service. Verify the settings to be: • Interface = 1 • LLC header mode = dialout • LLC header mode = off • HDLC header mode = on • No authentication • Leave User name and Password blank. Click on Create. Central Site Configuration.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services 1. Bring up the web-page management system on your browser by entering the IP address of the IPLink 2. On the Menu, go to Services Configuration, then to WAN. Delete the factory default WAN services already defined. 3. Click on Create a new service in the main window, select PPP bridged and click on the Continue button. 4. In the Description field, enter the description you wish, for example, PPP Bridged.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services 3. Click on Create a new service in the main window, select “PPP routed” and click on the Continue button. In the Description field, enter the description you wish. In this example, it is called PPP Routed. • Description: PPP Routed • Interface: 1 • WAN IP address: 192.168.164.2 255.255.255.255 • LLC Header Mode: off • HDLC Header Mode: ON • No authentication • Username: [blank] • Password: [blank] Figure 30.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services 6. Click on Create. Figure 31. Edit IP address of WAN port 7. Click on Services Configuration > IP Routes > Create new Ip V4 Route. Create the gateway to the remote router by entering the WAN IP address of the remote router, in this example, enter 192.168.164.3 in the Gateway field. (See figure 32.) 8. Click the Update button. Figure 32. Configuring the gateway The other fields should be: • Destination: 0.0.0.0 • Gateway: 192.168.164.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services Figure 33. PPP link status Central Site Configuration. If the router at the ISP or Central site is another IPLink series, follow the instructions below. If not, consult your third party router user manual for configuration. See the web pages for the desktop above. Some configurable parameters are different although the process is the same. Configure the IP address of the Ethernet port (interface ip1) to be 192.168.172.3/24.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services • Username: [blank] • Password: [blank] Click on the Create button. 4. Go to Services Configuration > WAN > Edit... (for PPP routed) > Edit ‘IP Interface’ > Ipaddr: [enter the WAN IP Address and Mask, in this example = 192.168.164.3 and 255.255.255.255]. 5. Click on Create. 6. Go to Configuration Menu > Configuration > IP Routes > Click on Create new Ip V4 Route. 7.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services LMI Configuration Options. The Frame Relay Local Management Interface is configurable through either the CLI or web interface on the IPLink Series. The following variables are available for configuration. • managementType: (Default Value: no_maintanence) the managementType variable defines the LMI protocol that will be used from the table above. The following options are available.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services All LMI configuration variables are contained under the “LMI Management” window found through the Services Configuration >LMI Management link. The following screen shows the configuration variables available. Figure 34. LMI Configuration webpage Frame Relay Configuration The Frame Relay service can be configured for either bridged or routed applications.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services Frame Relay bridged This application shows configuration for two IPLink units in bridged mode. If using a third party router at the Central site, review the router’s configuration for connection to a remote bridge. Remote Site Configuration. First configure the IP address of the Ethernet port (interface ip1) via the command line (CLI) for 192.168.200.2/24. The PC must be on the same subnet for configuring the IPLink via the web pages. 1.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services • Encapsulation type: Bridged Ether (Defines the RFC 1490 encapsulation type to be used by the channel. In some instances you may need to choose another type. Consult your service provider.) • RX Max PDU: 8192 Receive side max PDU, default 8192 (normally not changed from default) • TX Max PDU: 8192 Transmit side max PDU, default 8192(normally not changed from default) • Channel segment size.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services 4. Enter the description for the circuit in the Description field. This is a mandatory field. Without a description you cannot create a WAN service. 5. Click on Create a new service in the main window, select Frame relay bridged and click on the Configure button. 6. Click along the following path: Services Configuration > WAN > ‘Edit...’ Then click on Edit ‘Frame Relay Channel’.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services 2. On the Menu, go to Services Configuration, then to WAN. Delete the factory default WAN services already defined. 3. Click on Create a new service in the main window, select “Frame Relay routed” and click on Continue. 4. Enter the description for the circuit in the Description field. This is a mandatory field. Without a description you cannot create a WAN service. (See figure 38.) Figure 38.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services Figure 39. Frame Relay Channel - Routed configuration Edit Frame Relay Channel Enter the appropriate information in the following fields: • Dlci: Consult with your service provider for the DLCI number required, in this example use 45. • Encapsulation Method: Defines the RFC1490 encapsulation type that will be used by the channel. Chose the encapsulation method best suited for your network.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services • Cost: 1 • Interface: frame-0 Figure 40. IP route for Frame Relay routed application 12. Click on the Update button. This concludes the configuration of the remote site. Be sure to save the configuration in non-volatile memory by System Configuration > Save > Click on Save in the main window. Central site configuration.
Models 2603, 2621, and 2635 Getting Started Guide 6 • WAN Services – Enable NAT on this interface. In this example leave this option blank 5. Click the Create button. 6. Go to System Configuration > WAN > Edit (for Frame Relay Routed service) > Edit ‘IP Interface’ 7. Enter the WAN IP Address, in this example = 192.168.164.3, and click on the Create button. 8.
Chapter 7 Security Chapter contents Introduction ..........................................................................................................................................................69 Configuring the router ..........................................................................................................................................69 Configuring the security interfaces.........................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security Introduction Security provides the ability to setup and enforce security policies. The policies define the types of traffic permitted to pass through a gateway, either inbound, outbound, or both, and from which origins the traffic may be allowed to enter. Within the security configuration is a stateful firewall. A stateful firewall utilizes a security mechanism to maintain information concerning the packets it receives.
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security Figure 41. PPP routed WAN service for Security Firewall example 6. Click on Edit in the WAN Connections webpage, and then click on the Edit ‘Ip Interface’ hyperlink. 7. In the Edit Ip Interface webpage, enter the fields as follows and click on the Create button. (See figure 42.) Ipaddr: 192.168.101.1 Mask: 255.255.255.0 Figure 42.
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security 3. Enter 192.168.101.2 in the box adjacent to Gateway. 4. Leave Destination and Netmask both as 0.0.0.0 because this is the gateway default route. 5. Click on the Update button. 6. Seeing the green check mark under Valid indicates the IP addresses of the WAN service and the gateway are properly configured. (See figure 43.) Figure 43.
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security Figure 44. Security configuration home page 2. Go to the third section (Security Interfaces) on the Security Interface Configuration webpage. Click on the hyperlink Add interface... 3. Select ‘ip1’ beside the Name pull-down menu, and select ‘internal’ beside the Interface Type pull-down menu. Click on Create. (See figure 45.) Figure 45. Define ‘ip1’ interface as Internal 4. Again, click on the hyperlink Add interface...
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security Figure 46. Define ‘ppp-0’ interface as External Configuring Security Policies Continue the previous example by defining security policies. We will add only one Firewall policy, called etoi, signifying an external-to-internal policy between the external and internal interfaces. 1. Go to the last section on the Security Interface Configuration webpage called ‘Policies, Triggers and Intrusion Detection.
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security Deleting a security Policy To delete a security policy, go to the table of ‘Current Security Policies’ and click on the Delete button for the selected security policy. Figure 49. Deleting a Security Policy Enabling the Firewall At this point, both security and the firewall can be enabled and the network is secure.
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security Protocol Number Abbreviation 6 8 9 17 46 47 89 92 94 TCP EGP IGP UDP RSVP GRE OSPFIGP MTP IPIP This example continues to allow pings over the firewall: 1. From the Configuration Menu, > Configuration > Security > Security Policy Configuration... > Port Filters... > Add Raw IP Filter 2. Enter 1 (for ICMP) in the Protocol Number field. 3. Set both Inbound and Outbound for Allow. (See figure 50.) 4. Click on Create. Figure 50.
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security 4. Set Inbound as Block, but Outbound as Allow. (See figure 51.) 5. Click on Create. Figure 51. Configuring TCP port filter for FTP After configuring the FTP portfilter, you can open an ftp session from Remote to Local, however you can issue ftp commands (e.g., login, cd, etc.). Because the trigger to permit transfer of data via FTP has not been defined, no data can be transferred.
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security Figure 52. Adding trigger for FTP data transfer You should now be able to use FTP commands to pass data between Remote and Local.
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security Intrusion Detection System (IDS) The security feature in the IPLink Router provides protection from a number of attacks. Some attacks cause a host to be blacklisted (i.e., no traffic from that host is accepted under any circumstances) for a period of time. Other attacks are simply logged. The subsequent table is a summary of the attacks detected.
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security – Victim Protection Block Duration:Default = 600 seconds (10 minutes). Sets the duration of the block in seconds. – Maximum TCP Open Handshaking Count:Default = 100 Sets the maximum number of unfinished TCP handshaking sessions per second that are allowed by a firewall before a SYN Flood is detected. SYN Flood is a DOS attack.
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security Introduction to NAT The basic steps for configuring NAT are: 1. Enable NAT between the internal and external interfaces of the firewall. 2. Create global addresses which will be added to the global pool of IP addresses on the WAN interface. 3. Create a reserved mapping between a global IP address and the IP address of an internal PC. A Global Address Pool is a pool of addresses seen from the outside network.
Models 2603, 2621, and 2635 Getting Started Guide 7 • Security Click on Add Global Address Pool button. Figure 53. NAT Global Address Pool configuration 4. Next, create a reserved mapping between a global IP address from the global pool and a PC on the side of the internal interface (’ip1’). In this example, 10.10.19.11. 5. Click on the hyperlink Add Reserved Mapping... 6. Set the parameters to the following values (See figure 54.): – Global IP Address: 100.100.100.101 – Internal IP address: 10.10.19.
Chapter 8 DHCP and DNS Configuration Chapter contents Introduction ..........................................................................................................................................................83 Services and features normally associated with each other ................................................................................83 DHCP Server .....................................................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide 8 • DHCP and DNS Configuration Introduction The routers offer a DHCP Server, DHCP Relay capability, and DNS Relay incorporated into the IPLink. Of the two DHCP features, only one can be enabled at a time-either DHCP server or DHCP relay. DNS relay can hold two DNS server IP addresses in memory so the DNS relay can forward DNS queries and responses between the host user and the DNS server.
Models 2603, 2621, and 2635 Getting Started Guide 8 • DHCP and DNS Configuration Table 4. Features and services matrix The feature in this column [...
Models 2603, 2621, and 2635 Getting Started Guide 8 • DHCP and DNS Configuration Figure 55. DHCP Server web page The server needs to have a subnet of IP addresses which will be allocated when a DHCP client makes a request. Define the subnet by clicking on the hyperlink Create new Subnet... The next webpage, ‘Create new DHCP Server subnet’ has four sections. • Parameters for this subnet: defines the subnet and netmask, the origin of the subnet, maximum lease time, and default lease time.
Models 2603, 2621, and 2635 Getting Started Guide 8 • DHCP and DNS Configuration Figure 56. DHCP server configuration web page Parameters for the DHCP Server subnet Four parameters are in the section for defining the DHCP subnet. (See figure 57.) Figure 57. DHCP Server subnet parameters The first two parameters are applicable when you will define the subnet. • Subnet value: It is necessary to enter the selected value here and the ‘Subnet mask’ if you do not ‘Get subnet from IP interface.
Models 2603, 2621, and 2635 Getting Started Guide 8 • DHCP and DNS Configuration The third parameter is • Get subnet from IP interface: If you use this option, then you will not enter any values in the first two parameters. Should you define another subnet and also select ‘Get subnet from IP interface,’ the IPLink uses the ‘Get subnet from IP interface’ as the ruling parameter and sets ‘Subnet value’ and ‘Subnet mask’ appropriately, overriding your initial selection.
Models 2603, 2621, and 2635 Getting Started Guide 8 • DHCP and DNS Configuration Figure 59. Example based on default range of IP address pool DNS server option information When a client requests an IP address from a DHCP server, the server can also send the IP addresses of the primary and secondary DNS servers’ IP addresses. The IPLink can accomplish this in one of two ways, neither really having an advantage over the other.
Models 2603, 2621, and 2635 Getting Started Guide 8 • DHCP and DNS Configuration Default gateway option information The IPLink is the gateway all client traffic when Use local host as default gateway is checked (see figure 61). Additional option information You may wish to provide additional information to the clients on the DHCP subnet. Click on the hyperlink Create new DHCP option... to access the configuration webpage.
Models 2603, 2621, and 2635 Getting Started Guide 8 • DHCP and DNS Configuration • Edit DHCP server list: The IP addresses of DHCP servers can be updated, reset, or deleted from the list. • Add new DHCP server: the IP addresses of the DHCP servers are added to the DHCP relay list in this section. In the first section of the DHCP Relay webpage, click on the Enable button on the DHCP Relay webpage. Figure 62.
Models 2603, 2621, and 2635 Getting Started Guide 8 • DHCP and DNS Configuration Figure 63. DHCP Relay server list DNS Relay The DNS Relay webpage contains a configurable list of DNS server IP addresses. The IPLink’s DNS Relay forwards DNS queries from a client to a pre-defined DNS server and DNS server responses to the client. You can configure the DNS Relay for two IP addresses. These are for access to primary and secondary DNS servers.
Models 2603, 2621, and 2635 Getting Started Guide 8 • DHCP and DNS Configuration Figure 65. DNS Relay configuration webpage You can change the IP address of the DNS servers on the DNS Relay webpage (see figure 66) by modifying the IP address requiring the change and clicking on the Update button. To delete the IP address of a DNS server, check the ‘Delete?’ box, then click on the Update button. Figure 66.
Chapter 9 IP Services Chapter contents IP Services .............................................................................................................................................................94 WEB Server ....................................................................................................................................................94 CLI Configuration .......................................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide 9 • IP Services IP Services Certain System Services can be enabled or disabled. They are DNS Relay, FTP, TFTP, SNMP, and the WEB Server. The importance of disabling any of these services is an issue of security. If you are not using a particular service, it is best to disable it. By disabling it, the associated port is not active, which means it is not available to abuse with the intent of unauthorized access. Figure 67.
Models 2603, 2621, and 2635 Getting Started Guide 9 • IP Services Associated Ports for the different System (IP) Services This section is for information purposes only. Consult the table to identify which ports are associated with the different System (IP) Services. Table 5.
Chapter 10 System Configuration Chapter contents Introduction ..........................................................................................................................................................97 Authentication.......................................................................................................................................................97 Alarm .......................................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide 10 • System Configuration Introduction The System Configuration item on the Configuration Menu opens to provide access to twelve (12) different items. They are: • Authentication: allows you to control access to the IPLink’s console and web configuration pages. • Alarm: shows the Alarm Table and CPU Usage Settings. You can configure the alarm severity for each of the alarms and enable/disable the Alarm Error Log.
Models 2603, 2621, and 2635 Getting Started Guide 10 • System Configuration • creating a Username • defining the Password • give the user ability to configure the IPLink or read-only authority • add a comment useful to the administrator Figure 69. Creating new user Alarm Access the configuration and status of the alarms. Figure 70. Alarm Management web-page All IPLinks have the ‘PP over Threshold’ and ‘NP over Threshold’ alarms. The Model 2603 has additional alarms for the T1/E1 WAN port.
Models 2603, 2621, and 2635 Getting Started Guide 10 • System Configuration remain. Only by clicking on the Reset button can you clear the alarm and reset the Time and Count parameters. The parameter definitions are: • Alarm Severity: there are five categories of severity-Critical, Major, Minor, Informational, and Ignore. • Time: the time that the last alarm occurred. • Count: the number of instances the alarm has occurred.
Models 2603, 2621, and 2635 Getting Started Guide 10 • System Configuration Update To upgrade the IPLink to another software version, select the software image by clicking on the Browse button. The software is a ‘.tar’ file. (See figure 73.) After selected, the software is downloaded to the IPLink. Wait until the upload has completed. The best way to monitor when the IPLink reboots is to view the process from the RS-232 console port. Figure 73.
Models 2603, 2621, and 2635 Getting Started Guide 10 • System Configuration Figure 75. Saving or reloading previously saved configuration files Restart From this webpage, you can do a soft reboot of the IPLink or restore the IPLink to factory defaults. To restore to factory defaults, click on the box for Reset to factory default settings. (see figure 76.) Then click on the Restart button. No warning is given before beginning the reboot process.
Models 2603, 2621, and 2635 Getting Started Guide 10 • System Configuration Error Log The Error Log webpage shows recent configuration errors and provides for the configuration of the Syslog. (See figure 78.) Two parameters are configurable for the Syslog. • Syslog Host: enter the IP address of the Syslog (Default = 0.0.0.0) • Syslog Facility: select the type of syslog facility (Default = disabled)s Click on the Update button to activate the selected parameters. Default value is a disabled Syslog.
Models 2603, 2621, and 2635 Getting Started Guide 10 • System Configuration Figure 79. SNMP Daemon configuration The Trap Table identifies the IP address of the SNMP trap along with its password. System Tools The System Tools webpage provides two utilities for testing network connectivity. The two utilities are ‘ping’ and ‘traceroute.’ Enter the IP address of the device to ‘ping’ or ‘traceroute’ and click on the appropriate button. The example in shows a successful ping of a PC. Figure 80.
Chapter 11 SNTP Client Configuration Chapter contents Introduction ........................................................................................................................................................105 Configuring the SNTP Client .............................................................................................................................105 SNTP Client Mode Configuration Parameters ..........................................................................................
Models 2603, 2621, and 2635 Getting Started Guide 11 • SNTP Client Configuration Introduction The Simple Network Time Protocol (SNTP) Client webpage contains the configurable parameters for either setting up the SNTP client or, in the abscence of an SNTP server, setting the internal clock. If you plan the use of an SNTP server, you will configure the ‘SNTP Client Mode Configuration Parameters’ and ‘SNTP Client General Configuration Parameters.
Models 2603, 2621, and 2635 Getting Started Guide 11 • SNTP Client Configuration SNTP Client General Configuration Parameters The general configuration parameters for the SNTP client are for selecting your timezone and setting the polling parameters for the client’s transmit packets. • Current Timezone: select the appropriate time zone and click on the Set New Timezone button. The next three parameters configure the polling and synchronization process.
Models 2603, 2621, and 2635 Getting Started Guide 11 • SNTP Client Configuration Figure 83. Configuration of the internal system calendar clock After entering the system clock values, click on the Set Clock button to save in volatile memory. If the IPLink is rebooted, either soft or by power-cycling, the Clock Setting returns to its default value.
Chapter 12 System Status Chapter contents System Status.......................................................................................................................................................109 Port Connection Status .................................................................................................................................109 LAN Status .......................................................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide 12 • System Status System Status A quick but thorough summary of the IPLink’s status is provided on this webpage, but it also has links to the detailed webpages for the key subsystems of the IPLink. The webpage is divided into six (6) sections: • Port Connection Status: connection status of the Ethernet port and a link to the ‘Ethernet Port Configuration’ webpage.
Models 2603, 2621, and 2635 Getting Started Guide 12 • System Status LAN Status There are two hyperlinks, LAN Settings... and DHCP Server Settings..., which go to the ‘LAN Connections’ and ‘DHCP Server’ webpages, respectively. The other parameters shown in LAN Status are as follows: • Local IP address: the IP address of the Ethernet port. • LAN subnet mask: the subnet mask of the Local IP address. • Act as Local DHCP Server: indicates ‘Yes’ or ‘No’ as to whether the DHCP server is enabled or disabled.
Models 2603, 2621, and 2635 Getting Started Guide 12 • System Status Status LEDs The LEDs indicate the status of the Power, the WAN, Sync Serial port, and the Ethernet connection. All LED indicators will present the same looking profile (e.g., clear) when unlit due to being single color, water clear, high efficiency LEDs. Table 6.
Chapter 13 Contacting Patton for assistance Chapter contents Introduction ........................................................................................................................................................113 Contact information............................................................................................................................................113 Patton support headquarters in the USA ................................................................................
Models 2603, 2621, and 2635 Getting Started Guide 13 • Contacting Patton for assistance Introduction This chapter contains the following information: • “Contact information”—describes how to contact PATTON technical support for assistance. • “Warranty Service and Returned Merchandise Authorizations (RMAs)”—contains information about the RAS warranty and obtaining a return merchandise authorization (RMA). Contact information Patton Electronics offers a wide array of free technical services.
Models 2603, 2621, and 2635 Getting Started Guide 13 • Contacting Patton for assistance Out-of-warranty service Patton services what we sell, no matter how you acquired it, including malfunctioning products that are no longer under warranty. Our products have a flat fee for repairs. Units damaged by lightning or other catastrophes may require replacement.
Appendix A Compliance information Chapter contents Compliance .........................................................................................................................................................116 EMC .............................................................................................................................................................116 Safety .........................................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide A • Compliance information Compliance EMC • FCC Part 15, Class A • EN55022, Class A • EN55024 Safety • UL60950-1/CSA C22.2 No. 60950-1 • IEC/EN 60950-1 • AS/NZS 60950-1 PSTN Regulatory • These devices are not intended for connection to the PSTN.
Models 2603, 2621, and 2635 Getting Started Guide A • Compliance information Authorized European Representative D R M Green European Compliance Services Limited.
Appendix B Specifications Chapter contents General Characteristics ........................................................................................................................................119 Ethernet ..............................................................................................................................................................119 Sync Serial Interface ................................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide B • Specifications General Characteristics • Compact low-cost router/bridge • 10/100 Ethernet • Unlimited host support. • Comprehensive hardware diagnostics, works with any operating system, easy maintenance and effortless installation. • Built-in web configuration. • Setup allows for standard IP address and unique method for entering an IP address and mask WITHOUT use of a console connection. Default IP address of 192.168.200.10/24.
Models 2603, 2621, and 2635 Getting Started Guide B • Specifications Protocol Support • Complete internetworking with IP (RFC 741), TCP (RFC 793), UDP (RFC 768), ICMP (RFC 950), ARP (RFC 826). • IP Router with RIP (RFC 1058), RIPv2 (RFC 2453), • Up to 64 static routes with user selectable priority over RIP/OSPF routes. • Built-in ping and traceroute facilities. • Integrated DHCP Server (RFC 2131). Selectable general IP leases and user specific MAC/IP parings. Selectable lease period.
Models 2603, 2621, and 2635 Getting Started Guide B • Specifications Security • Packet filtering firewall for controlled access to and from LAN/WAN. Support for 255 rules in 32 filter sets. 16 individual connection profiles. • DoS Detection/protection. Intrusion detection, Logging of session, blocking and intrusion events and RealTime alerts. Logging or SMTP on event. • Password protected system management with a username/password for console and virtual terminal.
Appendix C Cable Recommendations Chapter contents Ethernet Cable ....................................................................................................................................................123 Adapter................................................................................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide C • Cable Recommendations Ethernet Cable Ethernet cable (P/N 10-2500) (refer to “RJ-45 shielded 10/100 Ethernet port” on page 125) CAUTION The interconnecting cables shall be acceptable for external use and shall be rated for the proper application with respect to voltage, current, anticipated temperature, flammability, and mechanical serviceability.
Appendix D IPLink Physical Connectors Chapter contents RJ-45 shielded 10/100 Ethernet port...................................................................................................................125 RJ-45 non-shielded RS-232 console port (EIA-561)............................................................................................125 Serial port....................................................................................................................................................
Models 2603, 2621, and 2635 Getting Started Guide D • IPLink Physical Connectors RJ-45 shielded 10/100 Ethernet port Assuming the MDI-X switch is in the out position. Table 7. Ethernet Port (MDI-X switch in out position) Pin No. Signal Name Direction 1 2 3 4 5 TX+ TXRX+ from IPLink from IPLink to IPLink 6 7 8 RX- to IPLink RJ-45 non-shielded RS-232 console port (EIA-561) The RS-232 serial control port of the IPLink is configured to operate as a DCE. Table 8. RS-232 Control Port Pin No.
Models 2603, 2621, and 2635 Getting Started Guide D • IPLink Physical Connectors Serial port V.35 (M/34 and DB-25 Connector) The Model 2635 has a DB-25 connector for the V.35 interface. table 9 provides the pinouts for the M/34 and DB-25 connectors. Table 9. V.35 pinout for M/34 & DB-25 connectors M/34 DB-25 Pin No. Pin No.
Models 2603, 2621, and 2635 Getting Started Guide D • IPLink Physical Connectors X.21 (DB-15 Connector) The X.21 interface in the Model 2621 may be configured for either DTE or DCE. Default is DCE. Table 10. X.21 Interface (Model 2621) Pin No.
Models 2603, 2621, and 2635 Getting Started Guide D • IPLink Physical Connectors E1/T1 (RJ-48C Connector) The T1/E1 transmit signals are not polarity sensitive, even though they have the traditional designation of Tip and Ring. Table 11. T1/E1 Port Pin No. Signal 1 2 3 4 5 6 7 8 Receive (Ring) Receive (Tip) Shield (Receive) Transmit (Ring) Transmit (Tip) Shield (Transmit) RX RX TX TX 1 2 3 4 5 6 7 8 Figure 86.
Appendix E Command Line Interface (CLI) Operation Chapter contents Introduction ........................................................................................................................................................130 CLI Terminology ................................................................................................................................................130 Local (VT-100 emulation) .......................................................................................
Models 2603, 2621, and 2635 Getting Started Guide E • Command Line Interface (CLI) Operation Introduction The modem configuration and status can also be view and modified through the console, which is accessible through the RS-232 serial port or through a Telnet session over Ethernet. CLI Terminology In order to use the CLI commands, you need to understand the following CLI terms: • Transport: A transport is a layer 2 session and everything below it.
Models 2603, 2621, and 2635 Getting Started Guide E • Command Line Interface (CLI) Operation By entering a keyword followed by a space and “?” the options available will print immediately without pressing enter. The previously entered commands are reprinted on the next lines.
Models 2603, 2621, and 2635 Getting Started Guide ip interface ip1 list secondaryipaddresses E • Command Line Interface (CLI) Operation Secondary IP addresses for interface: ip1 ID | IP Address -----|--------------------------------------- In this example there was not a secondary IP address. Now save the entire configuration in nonvolatile FLASH memory with the following command.
Models 2603, 2621, and 2635 Getting Started Guide Note E • Command Line Interface (CLI) Operation No check is made for any current password which may have been set for the user. If you wish to change the password for another user, enter the command: user change This command logs you into the system as another user. You can then use the user password command to change the password for this user. Note Changing to another user means that you lose all superuser privileges.
