Perle Systems P840 User Manual

Perle P840Bridge/Router with VPNReference ManualAll Software VersionsPart number 5500063-12© copyright 2002 by Perle Systems Ltd.

Introduction10Address PurgingTo achieve this routine housekeeping, the filter table contains the LAN addresses, along with their LAN portidentifier, a

Introduction11P840 Router Feature DefinitionsTelnetA Telnet LAN station or another P840 router has the ability to connect to the Operator Interface of

Introduction1201234567GraphicDatabasePost ScriptASCII C SourceSpreadsheetBinaryPre-compressedFile TypeCompression RatioFigure 1 —3 Typical Compression

Introduction13WAN TopologiesThe P840 router may be connected to other P840 routers in two configurations: Multipoint or PPP Multilink. The WANrouting

Introduction14To set up a Bandwidth on Demand installation, you must choose the throughput level that will be required for activating thestand-by link

152 ISDN Connection ManagementP840 ISDN Connection ManagementIn the world of ISDN the ability to decrease connection time is a financial bonus in th

ISDN Connection Management16Auto-Call (Time-of-Day Connections)An Auto-Call connection is an ISDN connection that is established each time the P840 a

ISDN Connection Management17Address ConnectAn Address Connect connection is an ISDN connection that is established to a specific destination P840depen

ISDN Connection Management18CombinationA combination of the Address Connect and Auto-Call options may be configured when a semi-permanent connectionis

ISDN Connection Management19Protocol AwarenessFor Connection Management to be effective, each of the P840s must be aware of the protocols used within

21 IntroductionThe P840 RouterThe P840 router provides IP routing combined with a protocol transparent bridge. This bridge/router combination is of

ISDN Connection Management20P840 Session Participation (Spoofing)While an ISDN call is up and connected, all traffic within the sessions will be consi

ISDN Connection Management21Termination ProcessWhen the P840 has determined that there are no sessions active on an ISDN call, the P840 will attempt t

223 Interfaces ReferencePinout InformationConsole ConnectorThe console connector on the P840 is a DCE interface on a RJ45 pinout. The supplied DB9

234 Event LogsThe P840 router generates event logs for various functions performed by the bridge/router. All of the event logs are storedin the int

Event Logs24Completed BCP negotiation with <remote site alias>Generated when the Bridging Control Protocol negotiation has been completed with t

Event Logs25ISDN link has had no traffic for longer than specified by the idle timer and has been disconnected.Incorrect password from <IP address&

Event Logs26LCP X authenticating peer with PAPGenerated when this device is using PAP to authenticate the peer (remote) device.LCP X establishingGener

Event Logs27Restoring boot DNLDSEG configurationGenerated upon entering Network Load Mode to initialize specific configuration information required fo

Event Logs28Station address table has been filledGenerated when the station address table is filled. This event is not regenerated until the table si

Event Logs29Alarm logs:* Bad internal block checksum detectedGenerated when power up diagnostics finds a fault in the internal block of the EEPROM.* C

Introduction3IP Routing and the P840 RouterThe P840 router may be used to route between subnets within the same network or between different networks.

Event Logs30* Closing remote site X (usage limit)Generated due to reaching usage limit for this 24 hour period.* Config. erase failedGenerated when, d

Event Logs31* DHCP server – out of addresses in IP poolGenerated when the last address from the DHCP IP Address pool has been assigned to a device.* D

Event Logs32* FTP server added to firewallThe IP address of the FTP server added to the table of services available through the firewall.* FTP server

Event Logs33* Link X Disconnect: YGenerated when the disconnect of an ISDN call is completed. This event is generated on both sides of theISDN call.

Event Logs34Code Description055056057058063065Incoming calls barred within CUGCall waiting not subscribedBearer capability not authorizedBearer capabi

Event Logs35* Link X downGenerated when a WAN link goes down.* Link X down to <remote site alias>Generated when a PPP ISDN call to a remote site

Event Logs36* Local DNS server added to firewallThe IP address of the Local DNS server added to the table of services available through the firewall.*

Event Logs37* Old download method! Load in \”*.all\” fileGenerated when an attempt is made to load a *.fcs or *.lda format program file into hardware

Event Logs38* Running in System Load modeGenerated when entering System Load Mode in preparation for a download of code to be burned into flash. * SEC

Event Logs39* Unable to bind UDP Boot P server portGenerated as a result of an internal device error. Try resetting the device. If this is unsuccessfu

Introduction4The Complete IP ConnectionThe following are the steps that a frame of data will take when being transmitted from an originating station o

Event Logs40 PPP Security logs:CHAP authentication failure so terminate link.Generated when the CHAP authentication sent by this router in response to

415 Programmable FilteringProgrammable filtering gives the network manager the ability to control under what conditions Ethernet frames are forwarde

Filtering42Security—“Filter if Destination”Filter if Destination is a function that allows you to filter an Ethernet frame based on the destination of

Filtering43Security—“Filter if Source”Filter if Source is a function that allows you to filter an Ethernet frame if the source address of the frame eq

Filtering448 The bridge/router will prompt you for the LAN that the station is located on; enter the name of the partnerbridge/router LAN (LAN345678,

Filtering455 From the MAC ADDRESS FILTERS MENU, enter a 1.This will place you at the first EDIT MAC ADDRESS FILTER MENU screen.At the prompt enter the

Filtering464 From the MAC ADDRESS FILTERS MENU, make sure that the Filter Operation is currently set to“negative”.This will cause the MAC Address Filt

Filtering47Pattern Filter OperatorsThe following operators are used in creating Pattern filters and will be discussed further in the following pages.

Filtering48In Local Area Networks there may be many different Network and Transport layer protocols that coexist on the same physicalmedia. TCP/IP, D

Filtering49In this case, whenever a frame is received, the frame will be filtered if the protocol type is NOT equal to 0800 (IP).Only one filter patte

Introduction5IP Header DetailsEvery IP header has common fields of information. The layout of the information is always the same. Refer to the follo

Filtering50Transport Control Protocol / Internet Protocol (TCP/IP)The previous example showed how to filter all Ethernet frames that contained an IP p

Filtering51DECDEC uses protocol types 6000 to 600F, and although some are undefined, a simple filter mask can be created to filterall DEC traffic.Filt

Filtering52General RestrictionsBridge Filter Masks may be created to generally restrict access for various purposes. Some of these purposes may be to

Filtering53Mask CombinationsMask combinations may be required to ensure that a frame is sufficiently qualified before the decision to filter ismade.

Filtering54IP Router Pattern FilteringPattern filtering may be used on any portion of the IP frame. IP pattern filtering behaves the same as bridge p

556 Frame FormatsThis appendix provides octet locations for the various portions of three of the common Ethernet frames. When creatingpattern filte

Frame Formats56ETHERNET TYPE CODESType Code Description0800 DOD IP0801 X.75 Internet0804 Chaosnet0805 X.25 Level 30806 ARP0807 XNS Compatibility6001 D

Frame Formats57Octet Locations on an IP Routed TCP/IP Frame

Frame Formats58Octet Locations on a Bridged XNS Frame

Introduction6Source RoutingSource routing is used to predetermine the path that the IP frame must travel through the network. There are twotypes of s

Introduction7PingThe “ping” message is actually a query status message that may be sent to devices on the LAN to query theiroperation status. The pin

Introduction8Bridging and the P840 RouterThe bridge portion of the P840 router is an Ethernet Media Access Control (MAC) level bridge providing an eff

Introduction9ForwardingOnce the initial learning process is complete, the bridge/router enters a forwarding mode and examines frames thatmay need to b