Patton 2800 - Manual - manualsarea.com

Page 2 - warrants all OnSite router components to be free from defects,; Patton Electronics; be liable for any damages incurred by; Patton Electronics; specifically disclaims all other

Patton Electronics Company, Inc. 7622 Rickenbacker Drive Gaithersburg, MD 20879 USA Tel: +1 (301) 975-1000 Fax: +1 (301) 869-9293 Support: +1 (301) 975-1007 URL: www.patton.com E-Mail: [email protected] Trademark Statement The term OnSite is a trademark of Patton Electronics Company. All other trad...

Page 3 - Summar y Table of Contents

3 Summar y Table of Contents 1 General information ...................................................................................................................................... 17 2 Hardware installation ..........................................................................................

Page 4 - Table of Contents

4 Table of Contents Summary Table of Contents ........................................................................................................................... 3 Table of Contents .................................................................................................................

Page 5 - Getting started with the OnSite Managed VPN Router

5 OnSite 2800 Series User Manual Table of Contents Installing the T1/E1 twisted pair cables ..............................................................................................34 Installing the E1 dual coaxial cables ............................................................................

Page 6 - VPN configuration

6 OnSite 2800 Series User Manual Table of Contents Configuring Channel-Group Timeslots ..........................................................................................................63 Configuring Channel-Group Encapsulation ...................................................................

Page 7 - Link scheduler configuration

7 OnSite 2800 Series User Manual Table of Contents Adding an ICMP filter rule to the current access control list profile ................................................................85 Adding a TCP, UDP or SCTP filter rule to the current access control list profile ..................................

Page 8 - Contacting Patton for assistance

8 OnSite 2800 Series User Manual Table of Contents Status LEDs .........................................................................................................................................................113 10 Contacting Patton for assistance ...............................................

Page 9 - OnSite 2800 Series factory configuration; Installation checklist; Introduction

9 OnSite 2800 Series User Manual Table of Contents Ethernet 10Base-T and 100Base-T ......................................................................................................................126 D Port pin-outs ..................................................................................

Page 10 - List of Figures

10 List of Figures 1 OnSite Managed VPN Router (2805 shown) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2 OnSite 2800 Series X.21, and V.35 connectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...

Page 11 - List of Tables

11 List of Tables 1 General conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2 Rear panel ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ...

Page 12 - About this guide; Audience; quality of service

12 About this guide This guide describes OnSite VPN router hardware, installation, and configuration. Audience This guide is intended for the following users: • Operators • Installers • Maintenance technicians Structure This guide contains the following chapters and appendices: • Chapter 1 on page 1...

Page 13 - Precautions; Warnings; Note

13 OnSite 2800 Series User Manual About this guide Precautions Notes, cautions, and warnings, which have the following meanings, are used throughout this guide to help you become aware of potential problems. Warnings are intended to prevent safety hazards that could result in per- sonal injury. Caut...

Page 14 - Safety when working with electricity

14 OnSite 2800 Series User Manual About this guide Safety when working with electricity The OnSite contains no user serviceable parts. The equipment shall be returned to Patton Electronics for repairs, or repaired by qualified service per-sonnel. Opening the OnSite case will void the warranty. Mains...

Page 15 - General observations; CAUTION

15 OnSite 2800 Series User Manual About this guide General observations • Clean the case with a soft slightly moist anti-static cloth • Place the unit on a flat surface and ensure free air circulation • Avoid exposing the unit to direct sunlight and other heat sources • Protect the unit from moistur...

Page 16 - Typographical conventions used in this document; General conventions; Table 1. General conventions; Convention; Go to Previous View; Futura type

16 OnSite 2800 Series User Manual About this guide Typographical conventions used in this document This section describes the typographical conventions and terms used in this guide. General conventions The procedures described in this manual use the following text conventions: Table 1. General conve...

Page 17 - Chapter 1; General information; Chapter contents

17 Chapter 1 General information Chapter contents OnSite Model 2800 Series overview ....................................................................................................................18 OnSite 2800 Series detailed description ............................................................

Page 18 - • General information; OnSite Model 2800 Series overview; The OnSite Model 2800 Series Managed VPN Router (see

OnSite Model 2800 Series overview 18 OnSite 2800 Series User Manual 1 • General information OnSite Model 2800 Series overview The OnSite Model 2800 Series Managed VPN Router (see figure 1 ) delivers secure, optimized communica- tions across unsecured IP networks between any enterprise headquarters a...

Page 19 - VPN tunneling for secure traversal of unsecured IP networks

OnSite Model 2800 Series overview 19 OnSite 2800 Series User Manual 1 • General information • VPN tunneling for secure traversal of unsecured IP networks • IPSec payload encryption with authentication header (AH, specified in RFC 2402) and encapsulating secu-rity payload (ESP, specified in RFC 2406)...

Page 20 - Ethernet WAN models.; figure 3

OnSite Model 2800 Series overview 20 OnSite 2800 Series User Manual 1 • General information Figure 3. OnSite 2800 Series 10Base-T Ethernet port connectors Ethernet WAN models. The following models come equipped with 10/100Base-T Ethernet ports only (see figure 3 ): • OnSite 2802 —Dual 10/100Base-T E...

Page 21 - Model code extensions

OnSite Model 2800 Series overview 21 OnSite 2800 Series User Manual 1 • General information Figure 4. OnSite 2800 Series power input connectors Model code extensions A model-code extension indicates the type of power supply the Router model provides. The model-code con-ventions are: • UI stands for ...

Page 22 - Ports descriptions; Port; figure 2; WAN; figure 4; Console; figure 5

OnSite Model 2800 Series overview 22 OnSite 2800 Series User Manual 1 • General information Ports descriptions The OnSite 2800 Series rear-panel ports are described in table 2 . Figure 5. OnSite 2800 Series front panels Table 2. Rear panel ports Port Location Description 10/100 EthernetETH 0/0 (WAN)...

Page 23 - For LED descriptions, refer to chapter 9,; Applications overview

Applications overview 23 OnSite 2800 Series User Manual 1 • General information Note For LED descriptions, refer to chapter 9, “LEDs status and monitor- ing” on page 112. Applications overview Patton’s OnSite managed VPN routers deliver the features you need for secure, optimized communication over ...

Page 24 - The serial port with Frame Relay as the encapsulation protocol; Figure 7. Corporate multi-function virtual private network

Applications overview 24 OnSite 2800 Series User Manual 1 • General information X.21 serial interfaces, or an Ethernet WAN interface. For remote sites where PPP service is available, the 2800 Series also supports PPP network access over all the standard WAN interface options mentioned above. In this...

Page 25 - figure 7

Applications overview 25 OnSite 2800 Series User Manual 1 • General information In figure 7 , the blue pipes represent VPN connections for private traffic within the corporate intranet, while the green pipes represent the Internet traffic. The red pipe is a Frame Relay PVC transporting Internet traf...

Page 26 - Chapter 2; Hardware installation

26 Chapter 2 Hardware installation Chapter contents Planning the installation .......................................................................................................................................27 Installation checklist ................................................................

Page 27 - • Hardware installation; Planning the installation; for an example of what pre-installment checks you might need; Create a network diagram; on page 29 for more information); Verify power source reliability; on

Planning the installation 27 OnSite 2800 Series User Manual 2 • Hardware installation Planning the installation Before you start the actual installation, we strongly recommend that you gather all the information you will need to install and setup the device. See table 3 for an example of what pre-in...

Page 28 - Task

Planning the installation 28 OnSite 2800 Series User Manual 2 • Hardware installation Installation checklist The installation checklist (see table 3 ) lists the tasks for installing an OnSite 2800 Series VPN Router. Make a copy of this checklist and mark the entries as you complete each task. For ea...

Page 29 - Site log; Entry

Planning the installation 29 OnSite 2800 Series User Manual 2 • Hardware installation Site log Patton recommends that you maintain a site log to record all actions relevant to the system, if you do not already keep such a log. Site log entries should include information such as listed in table 4 . N...

Page 30 - Location and mounting requirements; Installing the VPN router; Mounting the VPN router; Connecting cables; WARNING

Installing the VPN router 30 OnSite 2800 Series User Manual 2 • Hardware installation Location and mounting requirements The OnSite VPN Router is intended to be placed on a desktop or similar sturdy, flat surface that offers easy access to the cables. Allow sufficient space at the rear of the chassi...

Page 31 - table 5; Figure 1. Connecting an OnSite 2800 Series device to a hub; Installing the serial WAN cable; Pin

Installing the VPN router 31 OnSite 2800 Series User Manual 2 • Hardware installation connected to the OnSite’s Ethernet ports (see table 5 for port pin-out listing) via a cable terminated with RJ-45 plugs. Note Pins not listed are not used. Figure 1. Connecting an OnSite 2800 Series device to a hub...

Page 32 - “Installing the E1 dual coaxial cables”

Installing the VPN router 32 OnSite 2800 Series User Manual 2 • Hardware installation • E1 (Dual coaxial connectos)—Model 2803, see section “Installing the E1 dual coaxial cables” on page 35 for details on installing the coaxial cables Installing the V.35 interface cable. The OnSite Model 2835 comes...

Page 33 - The OnSite Model 2821 comes with a V.35 interface presented on a DB-

Installing the VPN router 33 OnSite 2800 Series User Manual 2 • Hardware installation The router’s V.35 interface is wired as a DTE. No DCE configuration is possible. If you are directly connect-ing the router’s V.35 interface to third-party equipment that cannot be configured as a DCE, you must use...

Page 34 - The signal pin-outs for the Model 2821 X.21 interface are shown in; Installing the T1/E1 twisted pair cables.; The PRI is usually connected to a PBX or switch (local exchange

Installing the VPN router 34 OnSite 2800 Series User Manual 2 • Hardware installation The signal pin-outs for the Model 2821 X.21 interface are shown in table 6 . The the router’s X.21 interface is wired as a DCE. No DTE configuration is possible. The router’s X.21 inter-face requires a cable with a...

Page 35 - Pins not listed are not used.; Installing the E1 dual coaxial cables.

Installing the VPN router 35 OnSite 2800 Series User Manual 2 • Hardware installation Note Pins not listed are not used. Installing the E1 dual coaxial cables. If the PBX or switch connection provides dual coaxial cables for the E1 connection, the transmit cable from the PBX/switch connects to the R...

Page 36 - Connecting to external power source; Do not connect the power cord to the power outlet at this time.; Figure 7. Power connector location on rear panel

Installing the VPN router 36 OnSite 2800 Series User Manual 2 • Hardware installation Connecting to external power source The VPN Router comes with one of the following power supply options as best-suited to the expected installa-tion environment: • 120/140VAC internal power supply (designated by th...

Page 37 - “Contacting Patton for assistance”

Installing the VPN router 37 OnSite 2800 Series User Manual 2 • Hardware installation 3. Verify that the AC power cord included with your VPN Router is compatible with local standards. If it is not, refer to chapter 10, “Contacting Patton for assistance” on page 114 to find out how to replace it wit...

Page 38 - Chapter 3; Getting started with the OnSite

38 Chapter 3 Getting started with the OnSite Managed VPN Router Chapter contents Introduction ..........................................................................................................................................................39 1. Configure IP address ............................

Page 39 - • Getting started with the OnSite Managed VPN Router; Figure 9; Figure 9. Steps for setting up a new OnSite VPN Router; Configure IP address; do not

Introduction 39 OnSite 2800 Series User Manual 3 • Getting started with the OnSite Managed VPN Router Introduction This chapter leads you through the basic steps to set up a new OnSite VPN Router. Figure 9 show the main steps for setting up a new OnSite VPN Router. Figure 9. Steps for setting up a n...

Page 40 - Configure IP address; Power connection and default configuration; table 9; Figure 10. Connecting to the terminal

1. Configure IP address 40 OnSite 2800 Series User Manual 3 • Getting started with the OnSite Managed VPN Router 1. Configure IP address Power connection and default configuration First the OnSite VPN Router must be connected to the mains power supply with the power cable. Wait until the Run LED sto...

Page 41 - Login

1. Configure IP address 41 OnSite 2800 Series User Manual 3 • Getting started with the OnSite Managed VPN Router • 1 stop bit • No flow control Login Accessing your OnSite VPN Router via the local console port (or via a Telnet session) causes the login screen to display. Type the factory default log...

Page 42 - Connect the OnSite VPN Router to the network; Figure 11. Connecting the OnSite VPN Router to the network; Respectively from the host:; Load configuration; in the root directory of the TFTP server.

2. Connect the OnSite VPN Router to the network 42 OnSite 2800 Series User Manual 3 • Getting started with the OnSite Managed VPN Router 2. Connect the OnSite VPN Router to the network Depending whether you connect the OnSite VPN Router to a host directly or via a hub or switch either straight-throu...

Page 44 - Chapter 4; Serial port configuration

44 Chapter 4 Serial port configuration Chapter contents Introduction ..........................................................................................................................................................45 Serial port configuration task list .........................................

Page 45 - • Serial port configuration; Disabling an interface; shutdown; CLOSED; show port serial

Introduction 45 OnSite 2800 Series User Manual 4 • Serial port configuration Introduction This chapter provides an overview of the serial port and describes the tasks involved in its configuration through the OnSite router, it includes the following sections: • Serial port configuration task list • ...

Page 46 - no shutdown; State; Enabling an interface; down

Serial port configuration task list 46 OnSite 2800 Series User Manual 4 • Serial port configuration Note Use the no shutdown command to enable the serial interface after the configuration procedure. This procedure describes how to shut down a serial interface Mode: Administrator execution Example: D...

Page 47 - Configuring the encapsulation for Frame Relay; encapsulation; Encapsulation; Step

Serial port configuration task list 47 OnSite 2800 Series User Manual 4 • Serial port configuration Example: Enabling an interface The example shows how to enable the built-in serial interface on slot 0 and port 0 of an OnSite router. Check that State is set to OPENED in the command output of show p...

Page 48 - Enter Frame Relay mode; ansi; Group of 4; itu; node

Serial port configuration task list 48 OnSite 2800 Series User Manual 4 • Serial port configuration Transmit Edge : normalPort Type : DTECRC Type : CRC-16Max Frame Length: 2048Recv Threshold : 1Encapsulation : framerelay Enter Frame Relay mode This section describes how to configure Frame Relay on t...

Page 49 - Configuring the keep-alive interval; no keepalive; keepalive

Serial port configuration task list 49 OnSite 2800 Series User Manual 4 • Serial port configuration 2800(cfg)#port serial 0 02800(prt-ser)[0/0]#framerelay2800(frm-rel)[0/0]#lmi-type ansi Configuring the keep-alive interval A keep-alive interval must be set to configure the LMI. By default, this inte...

Page 50 - Configuring the PVC encapsulation type

Serial port configuration task list 50 OnSite 2800 Series User Manual 4 • Serial port configuration Mode: Frame Relay Example: Entering Frame Relay PVC configuration mode The following example enters the configuration mode for PVC with the assigned DLCI of 1 for Frame Relay over the serial interface...

Page 51 - wan; Figure 12. IP interface; name; router

Serial port configuration task list 51 OnSite 2800 Series User Manual 4 • Serial port configuration Frame Relay PVC. If serial Frame Relay PVC shall be used as WAN access, a suitable name for the logical IP interface could be wan as in figure 12 below. Figure 12. IP interface wan is bound to PVC 1 o...

Page 52 - Enabling a Frame Relay PVC

Serial port configuration task list 52 OnSite 2800 Series User Manual 4 • Serial port configuration Enabling a Frame Relay PVC After binding Framerelay PVC to an ip interface it must be enabled for packet processing. This procedure acti-vates the PVC by opening the bound ip interface. This procedure...

Page 53 - Check the PVC 1 status by using

Serial port configuration task list 53 OnSite 2800 Series User Manual 4 • Serial port configuration 2800(frm-rel)[0/0]#pvc 12800(pvc)[1]#shutdown Check the PVC 1 status by using show running-config and verify that the entry shutdown occurs in the con- figuration part responsible for this PVC. 2800(p...

Page 54 - Displaying Frame Relay information

Serial port configuration task list 54 OnSite 2800 Series User Manual 4 • Serial port configuration Displaying Frame Relay information Since Frame Relay configuration for the serial interface is complex and requires many commands, it is helpful to list the frame relay configuration on screen. This p...

Page 55 - Integrated service access

Serial port configuration task list 55 OnSite 2800 Series User Manual 4 • Serial port configuration Figure 13. Typical Integrated Service Access Scenario with dedicated PVCs Integrated service access The example in figure 13 shows a typical integrated service access scenario, where different service...

Page 56 - Enter the configuration mode.

Serial port configuration task list 56 OnSite 2800 Series User Manual 4 • Serial port configuration Figure 14. IP Context with logical IP interfaces bound to Ethernet port, serial port PVC 1 and PVC 2 The related IP, serial interface and Frame Relay configuration procedure is listed below. Where nec...

Page 57 - Configure the introduced PVCs.

Serial port configuration task list 57 OnSite 2800 Series User Manual 4 • Serial port configuration 5. Configure the introduced PVCs. 2800(frm-rel)[0/0]#pvc 12800(pvc)[1]#encapsulation rfc14902800(pvc)[1]#bind interface external router2800(pvc)[1]#no shutdown2800(pvc)[1]#pvc 22800(pvc)[2]#encapsulat...

Page 58 - Chapter 5; T1/E1 port configuration

58 Chapter 5 T1/E1 port configuration Chapter contents Introduction ..........................................................................................................................................................59 T1/E1 port configuration task list ...........................................

Page 59 - • T1/E1 port configuration

Introduction 59 OnSite 2800 Series User Manual 5 • T1/E1 port configuration Introduction This chapter provides an overview of the T1/E1 WAN port, their characteristics and describes the configura-tion tasks. The model 2803 has a T1/E1 WAN port on the rear panel of the unit. The T1 version (Model 280...

Page 61 - Configuring T1/E1 framing; T1 mode formats are:

T1/E1 port configuration task list 61 OnSite 2800 Series User Manual 5 • T1/E1 port configuration Configuring T1/E1 framing Four framing formats are available for selection on the T1/E1 port. Unframed can only be used if the encapsu- lation is set for hdlc . All other currently available upper layer...

Page 62 - Configuring T1/E1 application mode; Loss Of Signal threshold; Configuring T1/E1 encapsulation; hdlc; Create a Channel-Group

T1/E1 port configuration task list 62 OnSite 2800 Series User Manual 5 • T1/E1 port configuration Configuring T1/E1 application mode The T1/E1 port can be configured to work in either short-haul or in long-haul mode. Short-haul is the default application and should be used for transmission distances...

Page 63 - tion; timeslots; sulation hdlc; no encapsulation

T1/E1 port configuration task list 63 OnSite 2800 Series User Manual 5 • T1/E1 port configuration tion “Configuring T1/E1 encapsulation” .) On creating a new channel-group the channel-group configuration mode is immediately entered. To remove an existing channel-group the ‘no’ form of the command ha...

Page 64 - Configuring HDLC CRC-Type

T1/E1 port configuration task list 64 OnSite 2800 Series User Manual 5 • T1/E1 port configuration ration mode the encapsulation must be set to ‘hdlc’ as well followed by configuring at least one timeslot per the ‘timeslots’ command. Mode: port e1t1 <slot> <port> Mode: channel-group <g...

Page 65 - Example 1: Frame Relay without a channel-group

T1/E1 port configuration task list 65 OnSite 2800 Series User Manual 5 • T1/E1 port configuration Example 1: Frame Relay without a channel-group port e1t1 0 0 port-type e1 framing crc4 encapsulation hdlc hdlc encapsulation framerelay framerelay lmi-type itu pvc 100 encapsulation rfc1490 bind interfa...

Page 66 - Example 2: Framerelay with a channel-group

T1/E1 port configuration task list 66 OnSite 2800 Series User Manual 5 • T1/E1 port configuration Example 2: Framerelay with a channel-group port e1t1 0 0 port-type e1 framing crc4 encapsulation channelized channel-group myGroup timeslots 13-17 encapsulation hdlc hdlc encapsulation framerelay framer...

Page 67 - Chapter 6

67 Chapter 6 VPN configuration Chapter contents Introduction ..........................................................................................................................................................68 Authentication ......................................................................

Page 68 - • VPN configuration; Authentication; RFC

Introduction 68 OnSite 2800 Series User Manual 6 • VPN configuration Introduction This chapter describes how to configure the VPN connections between two OnSite routers or between an OnSite and a third-party device. A virtual private network (VPN) is a private data network that uses the public telec...

Page 69 - Transport and tunnel modes; VPN configuration task list; Creating an IPsec transformation profile; Example: Create an IPsec transformation profile; optional

VPN configuration task list 69 OnSite 2800 Series User Manual 6 • VPN configuration Transport and tunnel modes The mode determines the payload of the ESP packet and hence the application: • Transport mode: Encapsulates only the payload of the original IP packet, but not its header, so the IPsec peer...

Page 70 - Creating an IPsec policy profile

VPN configuration task list 70 OnSite 2800 Series User Manual 6 • VPN configuration Creating an IPsec policy profile The IPsec policy profile supplies the keys for the encryption and/or the authenticators for the authentication, the security parameters indexes (SPIs), and IP address of the peer of t...

Page 71 - Configure; ual; Creates the IPsec policy profile name; “Authentication”; on page 68 and; “Encryption”; Sets the IP address of the peer; Selects tunnel or transport mode

VPN configuration task list 71 OnSite 2800 Series User Manual 6 • VPN configuration Mode: Configure Use no in front of the above commands to delete a profile or a configuration entry. Step Command Purpose 1 node (cfg)#profile ipsec-policy-man- ual name Creates the IPsec policy profile name 2 node (p...

Page 72 - Creating/modifying an outgoing ACL profile for IPsec; “Access control list configuration”

VPN configuration task list 72 OnSite 2800 Series User Manual 6 • VPN configuration Example: Create an IPsec policy profile The following example defines a profile for AES-encryption at a key length of 128. 2800(cfg)#profile ipsec-policy-manual ToBurg2800(pf-ipsma)[ToBurg]#use profile ipsec-transfor...

Page 73 - Configuration of an IP interface and the IP router for IPsec; out

VPN configuration task list 73 OnSite 2800 Series User Manual 6 • VPN configuration Configuration of an IP interface and the IP router for IPsec The IP interface that provides connectivity to the IPsec peer, must now activate the outgoing ACL profile con-figured in the previous section. Furthermore,...

Page 74 - Debugging IPsec; show; ations

VPN configuration task list 74 OnSite 2800 Series User Manual 6 • VPN configuration Example: Display IPsec transformation profiles 2800(cfg)#show profile ipsec-transform IPSEC transform profiles: Name: AES_128 ESP Encryption: AES-CBC, Key length: 128 Example: Display IPsec policy profiles 2800(cfg)#...

Page 75 - Sample configurations; Swap ‘inbound’ and ‘outbound’ settings

Sample configurations 75 OnSite 2800 Series User Manual 6 • VPN configuration IN MANUAL ToBurg Tunnel no200.200.200.1 - 1111 - - AES-CBC 1283622/unlimited 19047/unlimited OUT MANUAL ToBurg Tunnel no200.200.200.1 - 2222 - - AES-CBC 1282857/unlimited 19047/unlimited Sample configurations The following...

Page 76 - Cisco router configuration; encryption; at 256 bit key length, AH authentication with HMAC-

Sample configurations 76 OnSite 2800 Series User Manual 6 • VPN configuration ipaddress 200.200.200.2 255.255.255.252 use profile acl VPN_In in use profile acl VPN_Out out context ip router route 0.0.0.0 0.0.0.0 200.200.200.1 0 route 172.16.0.0 255.255.0.0 WAN 0 Cisco router configuration crypto ips...

Page 79 - Chapter 7; Access control list configuration

79 Chapter 7 Access control list configuration Chapter contents Introduction ..........................................................................................................................................................80 About access control lists ..........................................

Page 80 - • Access control list configuration; This chapter includes the following sections:; About access control lists; What access lists do; Why you should configure access lists

Introduction 80 OnSite 2800 Series User Manual 7 • Access control list configuration Introduction This chapter provides an overview of IP Access Control Lists and describes the tasks involved in configuring them through the OnSite router. This chapter includes the following sections: • About access ...

Page 81 - prevented from accessing the Human Resources network.

About access control lists 81 OnSite 2800 Series User Manual 7 • Access control list configuration For example, access lists can allow one host to access a part of your network, and prevent another host from accessing the same area. In figure 15 host A is allowed to access the Human Resources networ...

Page 82 - deny ip any any; permit; profile acl; Access control list configuration task list; Mapping out the goals of the access control list

Access control list configuration task list 82 OnSite 2800 Series User Manual 7 • Access control list configuration • All access control lists have an implicit deny ip any any at the end. A packet that does not match the criteria of the first statement is subjected to the criteria of the second stat...

Page 83 - host

Access control list configuration task list 83 OnSite 2800 Series User Manual 7 • Access control list configuration Before you begin to enter the commands that create and configure the IP access control list, be sure that you are clear about what you want to achieve with the list. Consider whether i...

Page 84 - Profile access control list; “Link scheduler

Access control list configuration task list 84 OnSite 2800 Series User Manual 7 • Access control list configuration Mode: Profile access control list Where the syntax is: If you place a deny ip any any rule at the top of an access control list profile, no packets will pass regardless of the other ru...

Page 85 - The command; or; deny; ICMP access of control list entry.; code

Access control list configuration task list 85 OnSite 2800 Series User Manual 7 • Access control list configuration Adding an ICMP filter rule to the current access control list profile The command permit or deny are used to define an ICMP filter rule. Each ICMP filter rule represents an ICMP access...

Page 86 - Where the syntax is as following:; Keyword

Access control list configuration task list 86 OnSite 2800 Series User Manual 7 • Access control list configuration Where the syntax is as following: If you place a deny ip any any rule at the top of an access-list profile, no packets will pass regardless of the other rules you defined. Example: Cre...

Page 87 - range

Access control list configuration task list 87 OnSite 2800 Series User Manual 7 • Access control list configuration The same effect can also be obtained by using the simpler message name option. See the following example. 2800(cfg)#profile acl WanRx2800(pf-acl)[WanRX]#deny icmp any any msg echo2800(...

Page 88 - Create TCP or UDP access control list entries

Access control list configuration task list 88 OnSite 2800 Series User Manual 7 • Access control list configuration Where the syntax is: Example: Create TCP or UDP access control list entries Select the access-list profile named WanRx and create the rules for: Permitting any TCP traffic to host 193....

Page 89 - use

Access control list configuration task list 89 OnSite 2800 Series User Manual 7 • Access control list configuration Binding and unbinding an access control list profile to an IP interface The command use is used to bind an access control list profile to an IP interface. This procedure describes how ...

Page 90 - show profile acl; Debugging an access control list profile; debug acl

Access control list configuration task list 90 OnSite 2800 Series User Manual 7 • Access control list configuration Unbind an access control list profile from an interface. 2800(cfg)#context ip router2800(cfg-ip)[router]#interface wan2800(cfg-if)[wan]#no use profile acl in Note When unbinding an acc...

Page 91 - Interface; level

Access control list configuration task list 91 OnSite 2800 Series User Manual 7 • Access control list configuration Mode: Interface Where the syntax is: Example: Debugging access control list profiles The following example shows how to enable debugging for incoming traffic of access control lists on...

Page 92 - Examples; Denying a specific subnet; Figure 16. Deny a specific subnet on an interface; lan

Examples 92 OnSite 2800 Series User Manual 7 • Access control list configuration Examples Denying a specific subnet Figure 16 shows an example in which a server attached to network 172.16.1.0 shall not be accessible from outside networks connected to IP interface lan of the OnSite device. To prevent...

Page 93 - Chapter 8

93 Chapter 8 Link scheduler configuration Chapter contents Introduction ..........................................................................................................................................................94 Configuring access control lists .........................................

Page 94 - • Link scheduler configuration; Configuring access control lists; “Access control list con-

Introduction 94 OnSite 2800 Series User Manual 8 • Link scheduler configuration Introduction This chapter describes how to use and configure the OnSite Quality of Service (QoS) features. Refer to 7, “Access control list configuration” on page 79 for more information on the use of access control list...

Page 95 - Supporting dedicated bandwidth; Context

Configuring quality of service (QoS) 95 OnSite 2800 Series User Manual 8 • Link scheduler configuration Figure 17. IP context and related elements Configuring quality of service (QoS) In the OnSite 2800, the link scheduler enables the definition of QoS profiles for network traffic on a certain inter...

Page 96 - Introduction to Scheduling

Configuring quality of service (QoS) 96 OnSite 2800 Series User Manual 8 • Link scheduler configuration can be used to mark a specific packet type for the other network nodes. By default the traffic-class tag is empty. Refer to figure 18 on page 96 when using the ACL to classify traffic. It illustra...

Page 97 - Shaping

Configuring quality of service (QoS) 97 OnSite 2800 Series User Manual 8 • Link scheduler configuration Each traffic-class is in fact assigned a relative weight, which is used to share the bandwidth among the currently active classes. Patton recommends that you specify the weight as percent which is...

Page 98 - Quick references; Setting the modem rate

Quick references 98 OnSite 2800 Series User Manual 8 • Link scheduler configuration Figure 19. Example of Hierarchical Scheduling Quick references The following sections provide a minimal “standard” link scheduler configuration for the case where a (DSL/cable) modem link is shared for all traffic. Y...

Page 99 - Command cross reference; Link scheduler configuration task list; Defining the access control list profile; Table 10. Command cross reference

Link scheduler configuration task list 99 OnSite 2800 Series User Manual 8 • Link scheduler configuration • “modem-512” is the title of the profile which is referred to when installing the scheduler • “rate-limit 512” allows no more than 512 kbit/sec to pass which avoids queueing in the modem. • “he...

Page 100 - Displaying link scheduling profile information (see page 110); Figure 20. Elements of link scheduler configuration

Link scheduler configuration task list 100 OnSite 2800 Series User Manual 8 • Link scheduler configuration • Displaying link scheduling profile information (see page 110) • Enable statistics gathering (see page 110) Figure 20. Elements of link scheduler configuration Defining the access control list...

Page 101 - —All other packets that originate from the OnSite itself.; default; —All traffic that has not otherwise been labeled.

Link scheduler configuration task list 101 OnSite 2800 Series User Manual 8 • Link scheduler configuration Some types of packets you do not have to tag with ACL. Voice and data packets from of for the OnSite itself are automatically tagged with predefined traffic-class names: Predefined internal cla...

Page 102 - Webserver

Link scheduler configuration task list 102 OnSite 2800 Series User Manual 8 • Link scheduler configuration Mode: Configure Example: Defining the access control list profile In the example below a new access control list profile named Webserver is created. In addition an IP access con- trol list entr...

Page 103 - Creating a service policy profile

Link scheduler configuration task list 103 OnSite 2800 Series User Manual 8 • Link scheduler configuration Figure 22. Structure of a Service-Policy Profile The template shown above specifies an arbiter with three inputs which we call “sources”: x, y and “default”. The traffic-class “default” stands ...

Page 104 - At a some point the source traffic-class; share; exit; Leaves the service-policy profile mode

Link scheduler configuration task list 104 OnSite 2800 Series User Manual 8 • Link scheduler configuration At a some point the source traffic-class default must be listed. This class must be present, because it defines how packets, which do not belong to any of the traffic-classes listed in the prof...

Page 105 - Defining the bit-rate; rate; Defining absolute priority; priority; Defining the maximum queue length; set ip tos; no

Link scheduler configuration task list 105 OnSite 2800 Series User Manual 8 • Link scheduler configuration Mode: Source Defining the bit-rate The command rate is used with shaper link arbitration to assign the (average) bit-rate to the selected source. When enough bandwidth is available each source ...

Page 106 - Specifying the precedence field; set ip precedence; Specifying differentiated services codepoint (DSCP) marking

Link scheduler configuration task list 106 OnSite 2800 Series User Manual 8 • Link scheduler configuration The type-of-service (TOS) byte in an IP header specifies precedence (priority) and type of service (RFC791, RFC1349). The precedence field is defined by the first three bits and supports eight ...

Page 107 - set ip dscp; set layer2 cos

Link scheduler configuration task list 107 OnSite 2800 Series User Manual 8 • Link scheduler configuration “traffic-class” number called. With OnSite you can inspect the DSCP value in the ACL rules and modify the DSCP value with the link scheduler set ip dscp command. Note When configuring service d...

Page 108 - Defining random early detection; police; Command

Link scheduler configuration task list 108 OnSite 2800 Series User Manual 8 • Link scheduler configuration Defining random early detection The command random-detect is used to request random early detection (RED). When a queue carries lots of TCP transfers that last longer than simple web requests, ...

Page 109 - Devoting the service policy profile to an interface; use profile service-policy; policy; in

Link scheduler configuration task list 109 OnSite 2800 Series User Manual 8 • Link scheduler configuration Devoting the service policy profile to an interface Any service policy profile needs to be bound to a certain IP interface to get activated. According the terminol-ogy of OnSite a service polic...

Page 110 - Displaying link arbitration status; interface; Displaying link scheduling profile information; show profile service-policy; Enable statistics gathering; debug queue statistics

Link scheduler configuration task list 110 OnSite 2800 Series User Manual 8 • Link scheduler configuration 2800>enable2800#configure2800(cfg)#context ip router2800(ctx-ip)[router]#interface wan2800(if-ip)[wan]#use profile service-policy Voice_Prio out Displaying link arbitration status The show s...

Page 111 - form of the command.; Source; Optional Value

Link scheduler configuration task list 111 OnSite 2800 Series User Manual 8 • Link scheduler configuration The command has optional values (in the range of 1 to 4) that define the level of detail (see table 13 ). Note The debug features offered by OnSite require the CPU resources of your OnSite rout...

Page 112 - Chapter 9; LEDs status and monitoring; Status LEDs

112 Chapter 9 LEDs status and monitoring Chapter contents Status LEDs ........................................................................................................................................................113

Page 113 - • LEDs status and monitoring; This chapter describes OnSite gateway router front panel LEDs.; Figure 24. Examples of OnSite 2800 Series front panels; If an error occurs, all LEDs will flash once per second.

Status LEDs 113 OnSite 2800 Series User Manual 9 • LEDs status and monitoring Status LEDs This chapter describes OnSite gateway router front panel LEDs. Figure 24 shows OnSite 2800 Series LEDs. LED definitions are listed in table 14 on page 113. Figure 24. Examples of OnSite 2800 Series front panels...

Page 115 - 0 • Contacting Patton for assistance; Patton Support Headquarters in the USA; EST; Warranty Service and Returned Merchandise Authorizations (RMAs); Warranty coverage

Introduction 115 OnSite 2800 Series User Manual 10 • Contacting Patton for assistance Introduction This chapter contains the following information: • “Contact information”—describes how to contact Patton technical support for assistance. • “Warranty Service and Returned Merchandise Authorizations (R...

Page 116 - Returns for credit; Patton Electronics Company

Warranty Service and Returned Merchandise Authorizations (RMAs) 116 OnSite 2800 Series User Manual 10 • Contacting Patton for assistance Out-of-warranty service Patton services what we sell, no matter how you acquired it, including malfunctioning products that are no longer under warranty. Our produ...

Page 117 - Appendix A; Compliance information

117 Appendix A Compliance information Chapter contents Compliance .........................................................................................................................................................118 EMC ............................................................................

Page 118 - A • Compliance information; Compliance; EMC; CE Declaration of Conformity; CE; loaded from the Patton website at

Compliance 118 OnSite 2800 Series User Manual A • Compliance information Compliance EMC • FCC Part 15, Class A • EN55022, Class A • EN55024 Safety • UL 60950-1/CSA C22.2 N0.60950-1 • IEC/EN60950-1 • AS/NZS 60950-1 PSTN Regulatory • ACTA Part 68 (Model 2803) • CS03 (Model 2803) • AS/ACIF S016 (Model ...

Page 119 - Authorized European Representative; D R M Green

Authorized European Representative 119 OnSite 2800 Series User Manual A • Compliance information Authorized European Representative D R M Green European Compliance Services Limited. Oakdene House, Oak Road Watchfield, Swindon, Wilts SN6 8TD, UK FCC Part 68 (ACTA) Statement (Model 2803 only) This equ...

Page 120 - Appendix B; Specifications

120 Appendix B Specifications Chapter contents Ethernet interfaces ...............................................................................................................................................121 Sync serial interface ...................................................................

Page 121 - B • Specifications; Ethernet interfaces; Line Rate; PPP support

Ethernet interfaces 121 OnSite 2800 Series User Manual B • Specifications Ethernet interfaces 10/100Base-TX Ethernet WAN port 4-port 10/100Base-TX Ethernet LAN switch (Model 2805) 10/100Base-TX Ethernet LAN port (all other models) All ports full duplex, autosensing, auto-MDIX 10/100 Full Duplex/Auto...

Page 122 - IP services; Operating temperature; System

IP services 122 OnSite 2800 Series User Manual B • Specifications PPP, PAP, CHAP, LCP, IPCP IP services IPv4 router; RIPv1, v2 (RFC 1058 and 2453) Programmable static routes ICMP redirect (RFC 792); Packet fragmentation DiffServe/ToS set or queue per header bits Packet Policing discards excess traff...

Page 123 - Power supply; Internal AC version; VDC Version with External Power Adapter (Model 2805)

Power supply 123 OnSite 2800 Series User Manual B • Specifications Power supply Internal AC version Internal power supply 100–240 VAC, 50/60 Hz, 200 mA 12VDC version with External AC Power Adapter (Models 2802, 2821, 2835) Uses external AC Adaptor which provides 12VDC via barrel type connector AC Ad...

Page 124 - Appendix C; Cabling

124 Appendix C Cabling Chapter contents Introduction ........................................................................................................................................................125 Serial console ...............................................................................

Page 125 - C • Cabling; Figure 25. Connecting a serial terminal; See section

Introduction 125 OnSite 2800 Series User Manual C • Cabling Introduction This section provides information on the cables used to connect the OnSite to the existing network infrastruc-ture and to third party products. Serial console The OnSite can be connected to a serial terminal over its serial con...

Page 126 - the different connections.

Ethernet 10Base-T and 100Base-T 126 OnSite 2800 Series User Manual C • Cabling Ethernet 10Base-T and 100Base-T Ethernet devices (10Base-T/100Base-T) are connected to the OnSite over a cable with RJ-45 plugs. Use a cross-over cable to a host, or a straight cable to a hub. See figure 26 (host) and fig...

Page 128 - Appendix D

128 Appendix D Port pin-outs Chapter contents Introduction ........................................................................................................................................................129 Console port, RJ-45, EIA-561 (RS-232) ..................................................

Page 129 - Refer to; Signal Name

Introduction 129 OnSite 2800 Series User Manual D • Port pin-outs Introduction This section provides pin-out information for the ports of the OnSite router. Console port, RJ-45, EIA-561 (RS-232) The RS-232 serial console port of the OnSite is configured to operate as a DCE. View the image in figure ...

Page 130 - Sync serial port

Ethernet 10Base-T and 100Base-T port 130 OnSite 2800 Series User Manual D • Port pin-outs Ethernet 10Base-T and 100Base-T port The Ethernet ports are auto-detect MDI-X. Note Pins not listed are not used. Sync serial port V.35 serial port Table 16. RJ-45 socket Pin Signal Direction 1 TX+ from OnSite ...

Page 131 - Pins not labeled are not used.; Frame Ground

Sync serial port 131 OnSite 2800 Series User Manual D • Port pin-outs X.21 serial port Note Pins not labeled are not used. Table 18. X.21 Female DB-15 connector X.21 Interface Pin-Out Pin Signal 1 Frame Ground 2 TD-a 3 CNTRL-a 4 RD-a 5 IND-a 6 SET-a 8 Signal Ground 9 TD-b 10 CNTRL-b 11 RD-b 12 IND-b...

Page 132 - Appendix E

132 Appendix E OnSite 2800 Series factor y configuration Chapter contents Introduction ........................................................................................................................................................133

Page 133 - E • OnSite 2800 Series factory configuration

Introduction 133 OnSite 2800 Series User Manual E • OnSite 2800 Series factory configuration Introduction The factory configuration settings for the OnSite 2800 Series devices are as follows: #----------------------------------------------------------------## 2800 Series # R3.xx BUILDxxxxx # 2005-01...

Page 134 - Appendix F

134 Appendix F Installation checklist Chapter contents Introduction ........................................................................................................................................................135

Page 135 - F • Installation checklist

Introduction 135 OnSite 2800 Series User Manual F • Installation checklist Introduction This appendix lists the tasks for installing an OnSite 2800 Series Managed VPN Router (see table 19 ). Make a copy of this checklist and mark the entries as you complete each task. For each OnSite 2800 Series Rou...

Patton 2800 - Manual

Table of Contents:

Summary

Other Patton Models