Black Box LR1114A-T1/E1 - Manuals

Black Box LR1114A-T1/E1 – Manual in PDF format online.

Manuals:

Manual

Manual Black Box LR1114A-T1/E1

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

Summary

Page 2 - FEDERAL COMMUNICATIONS COMMISSION

Black Box LR11xx Series Router Configurations Guide 2 FEDERAL COMMUNICATIONS COMMISSION AND CANADIAN DEPARTMENT OF COMMUNICATIONS RADIO FREQUENCY INTERFERENCE STATEMENTS This equipment generates, uses, and can radiate radio frequency energy and if not installed and used properly, that is, in strict ...

Page 5 - Contents

Contents 5 Contents DHCP R ELAY ........................................................................................ 13 DHCP Relay ...................................................................................... 13 Feature Overview .............................................................

Page 11 - ELAY

1 DHCP R ELAY 1.1DHCP Relay This application describes the functionality of the DHCP relay feature and includes CLI command examples. 1.1.1 Feature Overview Black Box DHCP relay feature eliminates the need for a DHCP server on every LAN, because DHCP requests can be relayed to a single remote DHCP s...

Page 15 - IGMP Configuration

2 C ONFIGURING I NTERNET G ROUP M ANAGEMENT P ROTOCOL 2.1IGMP Configuration Internet Group Management Protocol (IGMP) is enabled on hosts and routers that want to receive multicast traffic. IGMP informs locally-attached routers of their multicast group memberships. Hosts inform routers of the groups...

Page 19 - ILTERING; IP T; RAFFIC; IP Packet Filter Lists

3w F ILTERING IP T RAFFIC 3.1IP Packet Filter Lists Black Box systems can be configured for IP traffic filtering capabilities. IP traffic filtering allows creation of rule sets that selectively block TCP/IP packets on a specified interface. Filters are applied independently to all interfaces: Ethern...

Page 21 - IPSec Configurations

4 C ONFIGURING S ECURITY 4.1IPSec Configurations This guide provides information and examples on how to configure IPSec. There are three licenses that control access to the features: Basic VPN Management ( vpn_mgmt )—allows users to manage a remote Black Box router. Firewall ( firewall )—allows ...

Page 22 - Securely Over an IPSec Tunnel

Black Box LR11xx Series Router Configurations Guide 24 4.2 Example 1: Managing the Black Box LR1104A Securely Over an IPSec Tunnel The following example demonstrates how to manage a Black Box router through an IP security tunnel. Steps are presented for configuring the Black Box1 and Black Box2 rout...

Page 26 - Two Black Box Security Gateways

Black Box LR11xx Series Router Configurations Guide 28 Black Box1/configure/crypto/> exit Black Box1/configure> snmp Black Box1/configure/snmp> community public rw Black Box1/configure/snmp> exit Step 12: Display SNMP communities Blackbox>show snmp communities Community = public, priv...

Page 31 - Between Two Black Box Security Gateways

Example 3: Multiple IPSec Pro- 33 Step 11: After transit traffic is passed through the tunnel, display the IKE and IPSec SA tables. Use the show crypto ike sa all and show crypto ipsec sa all commands. 4.4 Example 3: Multiple IPSec Proposals: Tunnel Mode Between Two Black Box Security Gateways The f...

Page 33 - Example 4: IPSec remote access to corporate LAN

Example 4: IPSec remote access 35 Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2/proposal 2> encryption_algorithm aes256-cbc Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2/proposal 2> exit Black Box1/configure/crypto/ipsec/policy Black Box2 172.16.0.2> exit B...

Page 38 - Example 5: IPSec remote access to corporate LAN

Black Box LR11xx Series Router Configurations Guide 40 Black Box1> show firewall policy corp Advanced: S - Self Traffic, F - Ftp-Filter, H - Http-Filter, R - Rpc-Filter, N - Nat-Ip/Nat-Pool, L - Logging, E - Policy Enabled, M - Smtp-Filter Pri Dir Source Addr Destination Addr Sport Dport Proto Ac...

Page 45 - IPS; EC

5 IPS EC S PECIFICATIONS 5.1IPSec Appendix This appendix provides information about IPSec supported protocols and modes, encryption algorithms and block sizes, and Black Box IPSec and IKE default values. IPSec Supported Protocols and Algorithms The following tables provide supported protocol and alg...

Page 49 - ORWARDING

6 F ORWARDING IP T RAFFIC 6.1IP Multiplexing IP Multiplexing is a method for the transparent forwarding of IP packets between LAN and WAN interfaces. LAN to WAN forwarding is accomplished through a Proxy ARP process. A Black Box system maps a unique MAC address to each WAN link then responds with th...

Page 50 - Addressing in IP Multiplexing Networks

Black Box LR11xx Series Router Configurations Guide 52 Figure 13 Proxy ARP and Packet Forwarding 1 Router 1 broadcasts an ARP request for 200.1.1.1. 2 Black Box 1 recognizes that router 200.1.1.1 is reachable via its WAN interface, based on a configured IP route. 3 Black Box 1 Proxy ARPs, responding...

Page 53 - Pros and Cons of Different IP Addressing Schemes; 0 Routing Considerations for IP Multiplexing

IP Multiplexing 55 6.1.8 Secondary Addressing – 29 Bit This approach utilizes a 29-bit subnet for each remote connection. Within each 29-bit subnet is the POP router secondary, the Black Box WAN addressing, and the remote router secondary. 6.1.9 Pros and Cons of Different IP Addressing Schemes The f...

Page 55 - IP M; ULTIPLEXING; HDLC; ONFIGURATIONS; Connecting a Black Box Router to a Router/CSU

7 IP M ULTIPLEXING HDLC C ONFIGURATIONS 7.1Connecting a Black Box Router to a Router/CSU via HDLC The following diagram details a single T1 connection between a Black Box and a remote router/CSU combination. Secondary IP addressing is used for IP multiplexing. Figure 15 IP Multiplexing Application T...

Page 57 - PPP; AND; MLPPP; Configuring Multiple PPP and MLPPP Bundles

8 IP M ULTIPLEXING PPP AND MLPPP C ONFIGURATIONS 8.1Configuring Multiple PPP and MLPPP Bundles The following figure shows a Black Box LR1104A at the main site communicating with three remote sites. Site 1 utilizes a Black Box LR1114A communicating over a 4 x T1 WAN bundle. Site 2 utilizes a Black Bo...

Page 59 - Configure the Black Box LR1104A at the Main Site

Configuring Multiple PPP and 61 8.1.1 Configure the Black Box LR1104A at the Main Site MainLR1104A/configure> interface ethernet 0 MainLR1104A/configure/interface/ethernet> ip addr 200.1.1.2 255.255.255.0 MainLR1104A/configure/interface/ethernet> exit MainLR1104A/configure> module ct3 1 ...

Page 64 - Firewall Configuration Examples; DMZ; CORP

Black Box LR11xx Series Router Configurations Guide 66 10.2 Firewall Configuration Examples 10.2.1 Basic Firewall Configuration Figure 18 illustrates the basic elements of a firewall. Refer to this illustration in the configuration example below. Figure 18 Basic Firewall Configuration A typical and ...

Page 72 - NAT Configurations; NAT Configuration Examples

Black Box LR11xx Series Router Configurations Guide 74 10.2.2 Packet Reassembly To configure the firewall to perform IP reassembly of oversized packets that have been fragmented, enter: 10.3 NAT Configurations Network Address Translation (NAT) was defined to serve two purposes: Allowed LAN adminis...

Page 77 - Multipath Multicast

11 M ULTIPATH M ULTICAST C ONFIGURATIONS 11.1Multipath Multicast The multicast multipath feature allows load balancing on multicast traffic across equal cost paths. Equal cost multipath routing is useful when multiple equal cost routes to the same destination exist. These routes can be discovered an...

Page 78 - Multipath Commands

Black Box LR11xx Series Router Configurations Guide 80 11.2Multipath Commands The following table lists the multipath commands: When multipath is disabled, Black Box selects the nexthop address with lowest ip address. For equal cost routes the nexthops are stored in the increasing (ascending) order ...

Page 79 - ONFIGURING; NAT; Network Address Translation

12 C ONFIGURING NAT 12.1Network Address Translation Network Address Translation (RFC 1631) is commonly known as NAT. This application discusses NAT and provides a technical explanation and configuration examples. Features: Dynamic Address/Port Translation Static Address/Port Translation Forwar...

Page 83 - NAT C; ONFIGURATION; NAT Configurations; NAT Configuration Examples

13 NAT C ONFIGURATION E XAMPLES 13.1 NAT Configurations Network Address Translation (NAT) was defined to serve two purposes: Allowed LAN administrators to create secure, private, non-routable IP networks behind firewalls Stretched the number of available IP addresses by allowing LANs to use one ...

Page 87 - VPN; Secure Remote Access Using IPSec VPN

14 R EMOTE A CCESS VPN S 14.1 Secure Remote Access Using IPSec VPN The corporate network no longer has a clearly defined perimeter inside secure building and locked equipment closets. Increasingly, companies have a need to provide remote access to their corporate resources for the employees on the m...

Page 88 - Configuration Examples

Black Box LR11xx Series Router Configurations Guide 90 14.2.2 Remote Access: Mode Configuration The other method to achieve IPSec remote access in Black Box is the mode configuration method. This method makes the VPN client an extension of the LAN being accessed by the VPN client. The remote client ...

Page 90 - IPSec Remote Access Mode Configuration Group

Black Box LR11xx Series Router Configurations Guide 92 14.5 IPSec Remote Access Mode Configuration Group Method The following example demonstrates how to configure a Black Box router to be an IPSec VPN server using mode-configuration method. The client could be any standard mode config enabled IPSec...

Page 93 - Routing Information Protocol; Configuring RIP for Ethernet 0 and WAN 1 Interfaces; Displaying All Configured RIP Interfaces

15 N ETWORKING WITH R OUTING I NFORMATION P ROTOCOL 15.1Routing Information Protocol 15.1.1Configuring RIP for Ethernet 0 and WAN 1 Interfaces LR1114A> configure terminal LR1114A/configure> router rip LR1114A/configure/router rip> interface ethernet0 LR1114A/configure/router rip/interface e...

Page 95 - Static Routing Configuration

16 C ONFIGURING S TATIC R OUTES 16.1 Static Routing Configuration All Black Box systems support IP routing utilizing static routes. The following diagram shows a remote Black Box “A” connected over an MLPPP bundle to the main Black Box “B”. Black Box B in turn routes to the customer router. Figure 3...

Page 97 - OSPF Routing Protocol; Configuring interface bundle Dallas

17 C ONFIGURING O PEN S HORTEST P ATH F IRST R OUTING 17.1 OSPF Routing Protocol The following example shows a Black Box LR1114A connected to a router over a single T1 link. IP addresses 10.10.10.0, 20.20.20.0, and 30.30.30.0 are assigned to area 760. Figure 33 Configuring OSPF Between a Black Box L...

Page 98 - Configuring ospf interface parameters

Black Box LR11xx Series Router Configurations Guide 100 17.1.4Configuring ospf LR1114A/configure> router routerid 10.10.10.1 LR1114A/configure> router ospf LR1114A/configure/router/ospf> area 760 LR1114A/configure/router/ospf/area 760> exit 17.1.5Configuring ospf interface parameters LR1...

Page 99 - Installing Licenses

18 C ONFIGURING G ENERIC R OUTING E NCAPSULATION 18.1 Configuring GRE Generic Routing Encapsulation (GRE) is a standards-based (RFC1701, RFC2784) tunneling protocol that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link between routers ...

Page 100 - GRE Configuration Examples

Black Box LR11xx Series Router Configurations Guide 102 To install the advanced VPN and firewall license and use all the security features available in this release, enter: 18.3 GRE Configuration Examples This example explains how to configure a basic GRE tunnel as shown in Figure 36. Blackbox/confi...

Page 103 - Configuring GRE Site to Site with IPSec

Configuring GRE Site to Site with 105 Step 5: Configure the Cisco side: 18.4 Configuring GRE Site to Site with IPSec This example extends the first example by adding encryption to the tunnel. Step 1:Prepare the WAN link: Step 2: Configure the tunnel: Step 3: Configure the routes: Step 4: Define the ...

Page 104 - Configuring GRE Site to Site with IPSec and OSPF

Black Box LR11xx Series Router Configurations Guide 106 Step 5: Check the status of the tunnel by entering: Blackbox> show ip interface tunnel t0 Step 6:Validate the tunnel configuration by entering: Blackbox> show crypto ipsec policy all Or enter: Blackbox> show crypto ike policy all 18.5 ...

Page 105 - OSPF

19 C ONFIGURING OSPF AND F RAME R ELAY 19.1 OSPF - Frame Relay The following example shows OSPF running between a Black Box LR1112A and a router over a serial T1 link with back-to-back Frame Relay. Figure 37 OSPF Over a Single T1 with Frame Relay Area 760 Tasman 6300 Router 10.10.10.0/24 .1 .2 .1 30...

Page 106 - Configuring interface bundle Dallas

Black Box LR11xx Series Router Configurations Guide 108 19.1.1Configuring the host name LR1112A> configure terminal LR1112A/configure> hostname LR1112A 19.1.2Configuring interface ethernet 0 LR1112A/configure> interface ethernet 0 LR1112A/configure/interface/ethernet0> ip address 10.10.1...

Page 107 - PIM Configuration

20 C ONFIGURING P ROTOCOL I NDEPENDENT M ULTICASTING R OUTING 20.1 PIM Configuration Protocol Independent Multicast (PIM) protocols route multicast packets to multicast groups. PIM is protocol independent because it can leverage whichever unicast routing protocol is used to populate unicast routing ...

Page 115 - Multicast Traceroute Facility

21 MTRACE C ONFIGURATION 21.1 Multicast Traceroute Facility With multicast distribution trees, tracing from a source to a multicast destination is difficult, since the branch of the multicast tree on which the destination lies is unknown. The technique used by the traceroute tool to trace unicast ne...

Page 123 - IRTUAL; LAN T; AGGING; Managing Traffic with VLAN Tagging

23 V IRTUAL LAN T AGGING 23.1 Managing Traffic with VLAN Tagging Figure 41 Aggregation Using VLAN Tagging The illustration above shows two customers connected to an aggregation/IP services router using a Black Box LR1104A. All packets coming into the Black Box LR1104A on the single T1 bundle are tag...

Page 129 - WAN I; NTERFACE; T1 Interface Configuration

25 WAN I NTERFACE C ONFIGURATIONS 25.1 T1 Interface Configuration Black Box systems are available with T1 WAN interfaces. Consult the Black Box System Installation Guide for details on WAN interface types, cabling, and pinouts. This document outlines the configuration of module parameters (Layer 1) ...

Page 131 - LAN F; Managing VLAN Traffic

26 V IRTUAL LAN F ORWARDING 26.1 Managing VLAN Traffic Figure 43 VLAN Forwarding: Multi-Tenant Internet Access The example above shows each multi-tenant customer represented as a separate VLAN on the Ethernet switch. The connection in the customer office can be routed or bridged, depending on whethe...