Sie sind auf Seite 1von 284

RuggedRouter

RX1000/RX1100 User Guide

RuggedRouter RX1000/RX1100 User Guide RuggedCom Inc. 30 Whitmore Road, Woodbridge, Ontario, Canada L4L 7Z4 Web:

RuggedCom Inc. 30 Whitmore Road, Woodbridge, Ontario, Canada L4L 7Z4

Tel:

(905) 856-5288

Fax:

(905) 856-1995

Toll Free: (888) 264-0006

RUGGEDROUTER

USER GUIDE

FOR USE WITH RX1000/RX1100 PRODUCTS

Version 1.12.6 – May 14 th , 2008

RuggedCom

30 Whitmore Road

Woodbridge, Ontario Canada L4L7Z4

Tel:

(905) 856-5288

Fax:

(905) 856-1995

Toll Free: (888) 264-0006

Disclaimer

RuggedCom Inc. makes no warranty of any kind with regard to this material.

RuggedCom shall not be liable for errors contained herein or for consequential damages in connection with the furnishing, performance, or use of this material.

Warranty

Five (5) years from date of purchase, return to factory. For warranty details, visit www.ruggedcom.com or contact your customer service representative.

COPYRIGHT © Apr 2008 RuggedCom Inc.

ALL RIGHTS RESERVED

This document contains proprietary information, which is protected by copyright. All rights are reserved.

The RuggedRouter includes components licensed under the GPL and BSD style licenses. The full licences of such are included in an associated document.

No part of this document may be photocopied, reproduced or translated to another language without the prior written consent of RuggedCom Inc.

Linux® is the registered trademark of Linus Torvalds in the U.S. and other countries.

Gauntlet® is the registered trademark of Teltone Corporation.

About this User Guide

About this User Guide

This guide is concerned with aiding the user in the configuration and operation of the

RuggedRouter

management interfaces. Specifically, this guide details aspects of:

Accessing the User Interfaces

Security

Configuring the router

Status determination

Performance measurement

Uploading and downloading files

Dealing with alarms

This guide also details operation of the RX1100 Gauntlet security appliance.

This guide is intended solely for the purpose of familiarizing the reader with the ways

that the RuggedRouter

ADSL, DDS and Frame Relay as well as act as a Serial server and time synchronization device.

using the RuggedCom command line, setup menu and web

can be used to support Routing over Ethernet, T1/E1, T3

Applicable Firmware Revision

This guide is applicable to RuggedRouter

ROX 1.12.6 software revision.

Who Should Use This User Guide

This guide is to be used by network technical support personnel who are familiar with the operation of networks. Others who might find the book useful are network and system planners, system programmers and line technicians.

How To Use This User Guide

Each chapter has been prepared with a feature description, an application section and a description of the default mode of operation. It is recommended that you use this guide along with the following applicable documents.

RuggedRouter

Rugged MediaConverter

RuggedCom Fiber Guide

Gauntlet Command and Control Center (CCC) User Manual,

Gauntlet Virtual Polling Controller (VPC) User Manual

Gauntlet System Installation Manual

Gauntlet System Best Practices

Installation Guide

Installation Guide

RuggedRouter

User Guide

Document Conventions

This publication uses the following conventions:

Note: Means reader take note. Notes contain helpful suggestions or references to materials not contained in this guide.

Helpful Hint This type of note often indicates useful shortcuts or methods employed by other RuggedCom customers.

Quick Start Recommendations

The following description is included to aid those users experienced with communications equipment that may wish to attempt to configure the router without fully reading the guide.

1.

Locate/mount the chassis in its final resting place and apply power.

2.

The router can be configured through its web management interface, or for advanced users, through ssh. The default Ethernet addresses for ports one through four are 192.168.1.1 through 192.168.4.1. Two shell accounts, rrsetup and root, are provided. Both accounts have a default password of “admin”. The web management interface uses the root account password. The rrsetup account provides a shell that configures such items as passwords, addresses, date/time and services offered by the router. The root account provides a full shell.

3.

Attach a PC running terminal emulation software to the RS232 port and apply power to the chassis (default baud rate, data bits, parity - “38400 8 n 1”, no hardware/software flow control). Set the terminal type to VT100. Press ENTER to obtain a login prompt.

Initial Configuration Before Attaching To The Network

4.

Login as the rrsetup user with password “admin”.

5.

Change the root and rrsetup passwords from the shell. Record the passwords in a secure manner. If Radius authentication will be employed, configure at least one authentication server address.

6.

Configure the router’s hostname, IP address, subnet mask, and gateway addresses for the built-in Ethernet ports.

7.

For an RX1100 router, the Gauntlet Security application may be configured with the passphrase allocated to the network the network address of the Command and Control Center (CCC). Note that you must also configure and activate the firewall before using the Gauntlet.

8.

Ensure that the date, time and timezone fields are correctly set.

9.

If Web or SSH services will not be used, these can be disabled from the setup shell.

About this User Guide

10. All further configuration is accomplished through the web management interface. Attach the configuring host to one of the Ethernet ports configured above. Point your web browser at the address for that port, use https and specify a port number of 10000, e.g. https://192.168.1.1:10000 (or otherwise if configured in step 4). Login with the root user and password (configured above). If radius authentication is configured and a server is available, you may also login via a radius user.

Basic Web Based Configuration

11. Change the router password from the System menu, Change Password sub- menu.

12. If you are using the web management interface you may wish to restrict the allowed users to a specific subnet. This can be done in the Webmin menu, Webmin Configuration, IP Access Control sub-menu.

13. If you are planning to SSH in to the router you may wish to restrict the allowed

This can be done in the Servers menu, SSH Server,

users to a specific subnet. Networking sub-menu.

14. The router's local hostname may configured in the System Menu, System Hostname sub-menu.

15. The router may be configured to log to a remote server by the Maintenance

See the chapter “Maintaining The Router” for

menu, System Logs sub-menu. more details.

16. The router's DNS settings may configured in the DNS Clients sub-menu. You may also specify the IP addresses of frequently used hosts. See the chapter “Configuring Networking” for more details.

Physical Interface Related

17. Ethernet port parameters may be changed in the Networking menu, Ethernet sub-menu. The Ethernet Interfaces sub-menu will configure the IP address, subnet mask, gateway address, proxy arping and media type of each interface. See the chapter “Configuring Ethernet Interfaces” for more details.

18. If your router is equipped with T1/E1 WAN interfaces, the Networking menu,

sub-menu will allow you to configure them with Frame Relay or PPP

T1/E1

connections.

See the chapter “Configuring Frame Relay/PPP And T1/E1” for

more details.

19. If your router is equipped with T3 WAN interfaces, the Networking menu, T3 sub-menu will allow you to configure them with Frame Relay or PPP connections. See the chapter “Configuring Frame Relay/PPP And T3” for more details.

20. If your router is equipped with DDS interfaces, the Networking menu, DDS sub- menu will allow you to configure them with Frame Relay or PPP connections. See the chapter “Configuring Frame Relay/PPP And DDS” for more details.

21. If your router is equipped with ADSL interfaces, the Networking menu, ADSL sub-menu will allow you to configure them. See the chapter “Configuring PPPoE On ADSL” for more details. If you wish to use PPPOE with an external ADSL modem, the Networking menu, Ethernet sub-menu will configure it.

RuggedRouter

User Guide

22. If your router is equipped with an embedded modem, the Networking menu, Modem sub-menu will allow you to configure it with PPP or incoming console connections. See the chapter “Configuring PPP And Modem” for more details.

23. If your router is equipped with Serial Interfaces, the Servers menu, Serial Protocols sub-menu will allow you to configure them with an operating protocol. See the chapter “Configuring Serial Protocols” for more details.

24. If your router is equipped with a Precision Time Protocol Card, the Servers menu, IRIGB sub-menu will allow you to enable and configure its output ports. See the chapter “Configuring IRIGB” for more details.

Additional Configuration

25. You may wish to configure a backup interface to use in the event of a failure of your default gateway interface. This can be done in the Networking menu, Network Configuration, End To End Backup sub-menu.

26. If you are planning to connect your router to the Internet, configure the firewall and then activate it. This can be done in the Networking menu, Shorewall Firewall sub-menu.

27. The router provides a default event logging configuration. You can modify this configuration through the Maintenance menu, System Logs sub-menu. Remote logging can be activated here.

28. The routers SSH and Web Management interfaces are enabled by default. The routers DHCP server, IPsec VPN server, NTP server, OSPF/RIP protocol, VRRP protocol and firewall are disabled by default. To changes these services visit the System menu, Bootup and Shutdown sub-menu.

29. You can install static IP and Multicast routings for Ethernet and WAN interfaces via the Networking menu, Network Configuration, Routing and Default Route and Static Multicast Routing sub-menus.

30. You can configure the NTP server through the Servers menu, NTP Server sub- menu. See the chapter “Configuring NTP” for more details.

31. You can configure SSH through the Servers menu, SSH Server sub-menu. SSH can be set-up to issue a login banner from this menu. See the chapter “Configuring SSH” for more details.

32. Traffic prioritization can be configured on the network interfaces through the

See the chapter “Traffic

Networking menu, Traffic Prioritization sub-menu Prioritization” for more details.

33. SNMP is disabled by default. You can configure SNMP by following the instructions in the Appendix on SNMP. You may allow read and write access, set community names, enable traps and program the router to issue traps with a specific client address.

34. If your router is an RX1100 you may configure and activate the Snort Intrusion Detection system and the Gauntlet Security Appliance. If you decide to forward daily email summaries you must configure a mail forwarder in the Maintenance menu Miscellaneous sub-menu Outgoing Mail sub-menu.

About this User Guide

35. When your routers configuration is stable, it is recommended that the configuration should be uploaded from the router and stored as a backup. The Maintenance menu Backup And Restore sub-menu will be useful.

36. Should you need to transfer files to or from the router, the Maintenance menu Upload/Download Files sub-menu will be useful.

37. Further

optimizing

concerns

such

as

ensuring

robustness,

measuring

and

performance are dealt with by reading the guide fully.

RuggedRouter

User Guide

Table Of Contents

About this User Guide

1

Applicable Firmware Revision

1

Who Should Use This User Guide

1

How To Use This User Guide

1

Document Conventions

2

Quick Start Recommendations

2

Table Of Contents

6

Table Of Figures

18

Chapter 1 – Setting Up And Administering The Router

28

Introduction

28

Access Methods

28

Accounts And Password Management

28

Default Configuration

28

Accessing The RuggedRouter Command Prompt

29

From the Console Port

29

From SSH

29

The RuggedRouter Setup Shell

29

Configuring Passwords

30

Configuring IP Address Information

30

Setting The Hostname

31

Configuring Radius Authentication

31

Enabling And Disabling The SSH and Web Server

31

Enabling And Disabling The Gauntlet Security Appliance

32

Configuring The Date, Time And Timezone

32

Displaying Hardware Information

33

Restoring A Configuration

34

The RuggedRouter Web Interface

35

Using a Web Browser to Access the Web Interface

35

SSL Certificate Warnings

35

The Structure of the Web Interface

35

Using The LED Status Panel

37

Obtaining Chassis Information

38

Chapter 2 – Webmin Configuration

39

Introduction

39

Webmin Configuration Menu

39

IP Access Control

39

Ports And Addresses

40

Change Help Server

41

Logging

41

Authentication

42

Webmin Events Log

43

Chapter 3 – Configuring The System

45

Introduction

45

Table Of Contents

Bootup And Shutdown

45

Change Password Command

46

Scheduled Commands

46

Scheduled Cron Jobs

48

System Hostname

49

System Time

49

Chapter 4 – Configuring Networking

51

Introduction

51

Network Configuration

51

Core Settings

52

Dummy Interface

52

Routing And Gateways

53

Default Route Table

53

Configured Static Routes

53

Manually Entered Static Routes

54

Static Multicast Routing

55

DNS Client

56

Host Addresses

56

End To End Backup

56

Configuring End To End Backup

58

Current Routing & Interface Table

58

Chapter 5 – Configuring Ethernet Interfaces

59

Introduction

59

Ethernet Interface Fundamentals

59

LED Designations

59

VLAN Interface Fundamentals

59

VLAN Tag

59

RuggedRouter Functions Supporting VLANs

60

PPPoE On Native Ethernet Interfaces Fundamentals

60

Ethernet

61

Ethernet Interfaces

61

Editing Currently Active Interfaces

62

Virtual Interfaces

63

Virtual Lan Interfaces

63

Edit Boot Time Interfaces

63

PPPoE On Native Ethernet Interfaces

64

Edit PPPoE Interface

65

PPP Logs

66

Current Routes & Interface Table

66

Chapter 6 – Configuring Frame Relay/PPP And T1/E1

67

Introduction

67

T1/E1 Fundamentals

67

Frame Relay

67

Location Of Interfaces And Labeling

68

LED Designations

68

Included With T1E1

68

T1/E1

68

T1/E1 Network Interfaces

69

RuggedRouter

User Guide

Strategy For Creating Interfaces

69

Naming Of Logical Interfaces

70

Editing A T1/E1 Interface

71

T1 Settings

71

E1 Settings

71

Editing A Logical Interface (Frame Relay)

72

Frame Relay Link Parameters

72

Frame Relay DLCIs

73

Editing A Logical Interface (PPP)

73

T1/E1 Statistics

74

Link Statistics

74

Frame Relay Interface Statistics

75

PPP Interface Statistics

76

T1/E1 Loopback

77

Current Routes & Interface Table

78

Upgrading Software

78

Upgrading Firmware

78

Chapter 7 – Configuring Frame Relay/PPP And T3

79

Introduction

79

T3 Fundamentals

79

Location Of Interfaces And Labeling

79

LED Designations

79

T3 Configuration

80

T3 Network Interfaces

80

Naming Of Logical Interfaces

80

Editing A T3 Interface

81

Editing A Logical Interface (Frame Relay)

81

Editing A Logical Interface (PPP)

82

T3 Statistics

82

Current Routes & Interface Table

82

Upgrading Software

83

Chapter 8 – Configuring Frame Relay/PPP And DDS

85

Introduction

85

DDS Fundamentals

85

Location Of Interfaces And Labeling

85

LED Designations

85

DDS Configuration

86

DDS Network Interfaces

86

Naming Of Logical Interfaces

87

Editing A Logical Interface (Frame Relay)

87

Editing A Logical Interface (PPP)

88

DDS Statistics

88

Link Statistics

88

Frame Relay And PPP Interface Statistics

89

DDS Loopback

89

Current Routes & Interface Table

89

Upgrading Software

89

Chapter 9 – Configuring PPPoE/Bridged Mode On ADSL

91

Table Of Contents

Introduction

91

ADSL Fundamentals

91

PPPoE/Bridged Mode Fundamentals

91

Authentication, Addresses and DNS Servers

92

PPPoE MTU Issues

92

Bridged Mode

92

Location Of Interfaces And Labeling

92

LED Designations

92

ADSL Configuration

93

ADSL Network Interfaces

93

Editing A Logical Interface (PPPoE)

94

Editing A Logical Interface (Bridged)

95

ADSL Statistics

96

Current Routes & Interface Table

96

Upgrading Software

96

Chapter 10 – Configuring PPP and Modem

97

Introduction

97

Modem Fundamentals

97

PPP Mode Fundamentals

97

Authentication, Addresses and DNS Servers

97

When the Modem Connects

97

LED Designations

97

Modem Main Menu

98

Modem Configuration

98

Modem PPP Client Connections

100

Modem PPP Client

100

Modem PPP Server

101

Modem Incoming Call Logs

102

Modem PPP Logs

102

Modem PPP Connection Logs

103

Current Routes & Interface Table

103

Chapter 11 – Configuring The Firewall

105

Introduction

105

Firewall Fundamentals

105

Stateless vs Stateful Firewalls

105

Linux® netfilter, iptables And The Shoreline Firewall

105

Network Address Translation

106

Port Forwarding

107

Shorewall Quick Setup

107

ShoreWall Terminology And Concepts

108

Zones

108

Interfaces

108

Hosts

109

Policy

109

Masquerading And SNAT

110

Rules

111

Configuring The Firewall And VPN

113

Route Based Virtual Private Networking

113

Policy Based Virtual Private Networking

113

RuggedRouter

User Guide

Virtual Private Networking To A DMZ

114

Firewall Main Menu

114

Network Zones

116

Network Interfaces

117

Network Zone Hosts

119

Default Policies

119

Masquerading

120

Firewall Rules

121

Static NAT

122

Actions When Stopped

123

Chapter 12 – Configuring An IPsec VPN

125

Introduction

125

VPN Fundamentals

125

IPsec Modes

125

Policy Vs Route Based VPNs

126

Supported Encryption Protocols

126

Public Key And Pre-shared Keys

127

X509 Certificates

127

NAT Traversal

127

Other Configuration Supporting IPSec

128

The Openswan Configuration Process

128

IPsec and Router Interfaces

128

VPN Main Menu Before Key Generation

128

VPN Main Menu

129

Server Configuration

130

Public Key

131

Preshared Keys

131

List Certificates

132

VPN Connections

132

IPsec VPN Connection Details

132

Left/Right System's Settings

134

Export Configuration

134

Showing IPsec Status

135

IPSec X.509 Roaming Client Example

136

Select A Certificate Authority

136

Generate X.509 Certificates

137

VPN Networking Parameters

137

Client Configuration

137

Router IPSec Configuration

137

Firewall IPSec Configuration

138

Ethernet Port Configuration

139

Chapter 13 – Configuring Dynamic Routing

141

Introduction

141

Quagga, RIP and OSPF

141

RIP Fundamentals

141

OSPF Fundamentals

142

Link State Advertisements

142

Key OSPF And RIP Parameters

143

Network Areas

143

Table Of Contents

Router-ID

143

Hello Interval and Dead Interval

143

Active/Passive Interface Default

143

Redistributing Routes

144

Link Detect

144

Configuring OSPF Link Costs

144

OSPF Authentication

144

RIP Authentication

144

OSPF And Antispoofing

145

Administrative Distances

145

OSPF And VRRP Example Network

146

Area And Subnets

146

VRRP Operation

146

Dynamic Routing

147

Enable Protocols

148

Core

148

Core Global Parameters

148

Core Interface Parameters

149

View Core Configuration

149

OSPF

150

OSPF Global Parameters

150

OSPF Interfaces

152

OSPF Network Areas

153

OSPF Status

153

View OSPF Configuration

153

RIP

154

RIP Global Parameters

154

RIP Key Chains

155

RIP Interfaces

156

RIP Networks

157

RIP Status

157

View RIP Configuration

157

Chapter 14 – Configuring Link Backup

159

Introduction

159

Link Backup Fundamentals

159

Path Failure Discovery

159

Use Of Routing Protocols And The Default Route

160

Link Backup Main Menu

160

Link Backup Configuration

160

Edit Link Backup Configuration

161

Link Backup Logs

162

Link Backup Status

162

Test Link Backup

162

Chapter 15 – Configuring VRRP

165

Introduction

165

VRRP Fundamentals

165

The Problem With Static Routing

165

The VRRP Solution

165

VRRP Terminology

166

RuggedRouter

User Guide

VRRP Main Menu

168

VRRP Configuration

168

Editing A VRRP Instance

169

Viewing VRRP Instances Status

170

Chapter 16 – Configuring Traffic Prioritization

171

Introduction

171

Traffic Prioritization Fundamentals

171

Priority Queues

171

Filters

171

TOS Prioritization

172

Included With Traffic Prioritization

172

Prioritization Example

173

Traffic Prioritization Main Menu

174

Interface Prioritization Menu

174

Prioritization Queues

175

Prioritization Filters

175

Prioritization Transmit Queue Length

176

Prioritization Statistics

176

Chapter 17 – Configuring Generic Routing Encapsulation

177

Introduction

177

GRE Fundamentals

177

GRE Main Menu

178

GRE Configuration Menu

178

Chapter 18 – Network Utilities

181

Introduction

181

Network Utilities Main Menu

181

Ping Menu

182

Traceroute Menu

182

Host Menu

183

Trace Menu

183

Tcpdump A Network Interface

183

Frame Relay Link Layer Trace A WAN Interface

184

Serial Trace A Serial Server Port

185

Interface Statistics Menu

185

Current Routing & Interface Table

186

Interface Status

187

Chapter 19 – Configuring Serial Protocols

189

Introduction

189

Serial IP Port Features

189

LED Designations

189

Serial Protocols Applications

190

Character Encapsulation

190

RTU Polling

190

Broadcast RTU Polling

190

Serial Protocols Concepts And Issues

191

Host And Remote Roles

191

Use Of Port Redirectors

191

Table Of Contents

Message Packetization

191

Use of Turnaround Delays

192

Serial Protocols Main Menu

192

Assign Protocols Menu

193

Port Settings Menu

193

RawSocket Menu

194

Serial Protocols Statistics Menu

195

Protocol Specific Packet Error Statistics

195

Serial Protocols Trace Menu

196

Serial Protocols Sertrace Utility

197

Chapter 20 – Configuring GOOSE Tunnels

199

Introduction

199

IEC61850 GOOSE Fundamentals

199

Layer 2 Tunnel Daemon Details

199

Layer 2 Tunnels Main Menu

200

General Configuration Menu

201

GOOSE Tunnels Menu

201

GOOSE Statistics Menu

202

Activity Trace Menu

203

Chapter 21 - Configuring The DHCP server

205

Introduction

205

DHCP Fundamentals

205

DHCP Network Organizations

205

DHCP Client Options

205

Option 82 Support with Disable NAK

207

Example DHCP Scenarios And Configurations

208

Single Network With Dynamic IP Assignment

208

Single Network With Static IP Assignment

208

Single Network With Option82 Clients On One Switch

208

Multiple Subnets On Separate VLANs Using Option82 On One Switch

209

DHCP Server Main Menu

212

DHCP Shared Network Configuration

213

DHCP Subnet Configuration

214

DHCP Group Configuration

215

DHCP Host Configuration

215

DHCP Pool Configuration

216

Chapter 22 – Configuring NTP

217

Introduction

217

NTP Fundamentals

217

The NTP Sanity Limit

218

NTP And The Precision Time Protocol Card

218

Included With NTP

218

NTP Server Main Menu

219

Generic Options

219

Servers Configuration

220

Peers Configuration

220

Viewing The NTP Status

221

Viewing The NTP Log

221

RuggedRouter

User Guide

Viewing The GPS Status

222

Viewing The GPS Log

222

Chapter 23 – Configuring SSH

223

Introduction

223

SSH Fundamentals

223

Included With SSH

223

SSH Main Menu

224

Authentication

224

Networking

225

Access Control

225

Chapter 24 – Configuring IRIGB And IEEE1588

227

Introduction

227

IEEE1588 Fundamentals

227

PTP Network Roles

227

PTP Master Election

227

Synchronizing NTP from IEEE1588

228

IRIGB Fundamentals

228

IRIGB Output Formats

228

Reference Clocks

229

How The Router Selects A Reference Clock

229

GPS Cable compensation

229

IRIGB/IEEE1588 Main Menu

230

General Configuration

230

IRIGB Configuration

231

IEEE1588 Configuration

231

IRIGB Status

232

IEEE1588 Status

232

IRIGB Log

233

Chapter 25 – Configuring The Snort IDS

235

Introduction

235

Snort Fundamentals

235

Which Interfaces To Monitor

235

Snort Rules

235

Alerting Methods

236

Performance And Resources

236

Snort IDS Main Menu

236

Global Configuration

236

Interfaces

236

Rulesets

237

Rule Lookup by SID

238

Network Settings

238

PreProcessors

238

Alerts & Logging

239

Edit Config File

239

Chapter 26 – Maintaining The Router

240

Introduction

240

Alert System

240

Table Of Contents

Alert Menu

240

Alert Configuration

241

Alert Filter Configuration

242

Alert Definition Configuration

242

Change Alert Definition

243

Gauntlet Security

245

What And How Gauntlet Protects

245

Gauntlet And The Firewall

245

Gauntlet Status Menu

246

Upgrading Gauntlet

246

Backup And Restore

247

General Configuration

248

Archive History

249

Archive Backup

249

Archive Restore

250

Archive Difference Tool

251

SNMP Configuration

252

SNMP Configuration Main Menu

253

System Configuration

253

Network Addressing Configuration

253

Access Control

254

Trap Configuration

256

MIB Support

257

Radius Authentication

258

Radius Authentication Configuration

259

Edit Radius Server Parameters

259

Outgoing Mail

260

Chassis Parameters

261

System Logs

262

Syslog Factory Defaults

262

Remote Logging

263

Upgrade System

265

RuggedRouter Software Fundamentals

265

When A Software Upgrade Requires A Reboot

266

Automatic Upgrade

266

Upgrade to RX1100

267

Change Repository Server

267

Automatic Upgrading

268

Upgrading All Packages

268

Installing A New Package

269

Pre-upgrade/Post-upgrade scripts

269

Uploading And Downloading Files

271

Chapter 27 – Security Considerations

272

Introduction

272

Security Actions

272

Appendix A – Setting Up A Repository

274

Repository Server Requirements

274

Initial Repository Setup

274

Upgrading The Repository

275

RuggedRouter

User Guide

Setting Up The Routers

275

An Alternate Approach

275

Upgrading Considerations

276

Appendix B – Downgrading Router Software

277

Appendix C – Installing Apache Web Server On Windows

278

Appendix D – Installing IIS Web Server On Windows

280

Appendix E – Radius Server Configuration

281

FreeRadius

281

Windows Internet Authentication Service

281

Index

285

Table Of Figures

Table Of Figures

Figure 1: RuggedRouter Setup Main Menu

29

Figure 2: RuggedRouter Setup Password Change Menu

30

Figure 3: RuggedRouter Interfaces Setup Menu

30

Figure 4: RuggedRouter DNS Client Menu

30

Figure 5: Radius Server Configuration menu

31

Figure 6: Gauntlet Setup Menu

32

Figure 7: RuggedRouter Date/Time/Timezone Menu

32

Figure 8: RuggedRouter Hardware Information Menu

33

Figure 9: Selecting a configuration to reload

34

Figure 10: Selecting a previously made configuration

34

Figure 11: Signing On To The Router With A Web Browser

35

Figure 12: RuggedRouter Web Interface Main Menu Window

36

Figure 13: LED Status Panel

37

Figure 14: Meaning of LEDs

38

Figure 15: Webmin Configuration Menu

39

Figure 16: Webmin Configuration Menu, IP Access Control

39

Figure 17: Webmin Configuration Menu, Ports and Addresses

40

Figure 18: Webmin Configuration Menu, Change Help Server

41

Figure 19: Webmin Configuration Menu, Logging

41

Figure 20: Webmin Configuration Menu, Authentication

42

Figure 21: Webmin Events Log

43

Figure 22: Bootup and Shutdown, Part 1

45

Figure 23: Bootup and Shutdown, Part 2

46

Figure 24: System Menu Change Password Command

46

Figure 25: Scheduled Commands

46

RuggedRouter

User Guide

Figure 26: Scheduled Commands Displaying a Command

47

Figure 27: Webmin Scheduled Cron Jobs

48

Figure 28: Creating a Cron Job

48

Figure 29: Scheduled Cron Jobs menu displaying cron jobs

49

Figure 30: System Hostname

49

Figure 31: System Time

49

Figure 32: Network Configuration Menu

51

Figure 33: Core Networking Settings

52

Figure 34: Dummy Interface

52

Figure 35: Routing And Gateways

53

Figure 36: Static Multicast Routing

55

Figure 37: DNS Client

56

Figure 38: Host Addresses

56

Figure 39: End To End Backup Example

57

Figure 40: End To End Backup

58

Figure 41: Ethernet Menu

61

Figure 42: Current and Boot Time Ethernet Configuration

61

Figure 43: Editing a Network Interface

62

Figure 44: Creating an Virtual Interface

63

Figure 45: Creating an Virtual Lan Interface

63

Figure 46: Editing a Boot Time Interface

63

Figure 47: List PPPoE Interfaces

64

Figure 48: Editing a PPPoE Interface

65

Figure 49: Display PPP Logs

66

Figure 50: T1/E1 Trunks And Interfaces

68

Figure 51: T1/E1 Network Interfaces Initial Configuration

69

Figure 52: T1/E1 Network Interfaces After Channel Creation

69

Table Of Figures

Figure 53: T1/E1 Network Interfaces After Interface Creation

70

Figure 54: Edit T1 Interface

71

Figure 55: Edit Logical Interface (Frame Relay)

72

Figure 56: Edit Logical Interface (PPP)

73

Figure 57: T1/E1 Link Statistics

74

Figure 58: Frame Relay Statistics

75

Figure 59: PPP Link Statistics

76

Figure 60: T1/E1 Loopback Menu

77

Figure 61: T1/E1 Loopback

77

Figure 62: T3 Trunks And Interfaces

80

Figure 63: T3 Network Interfaces Initial Configuration

80

Figure 64: T3 Network Interfaces Initial Configuration

80

Figure 65: Edit T3 Interface

81

Figure 66: Edit T1 Interface

81

Figure 67: Edit Logical Interface (Frame Relay)

82

Figure 68: Edit Logical Interface (PPP)

82

Figure 69: DDS Trunks And Interfaces

86

Figure 70: DDS WAN Interfaces

86

Figure 71: DDS WAN Interfaces after logical interface assignment

86

Figure 72: Edit Logical Interface (Frame Relay), single DLCI

87

Figure 73: Edit Logical Interface (Frame Relay), multiple DLCIs

87

Figure 74: Edit Logical Interface (PPP)

88

Figure 75: DDS Link Statistics

88

Figure 76: ADSL Interfaces

93

Figure 77: ADSL WAN Interfaces

93

Figure 78: Edit Logical Interface (PPPoE)

94

Figure 79: Edit Logical Interface (Bridged)

95

RuggedRouter

User Guide

Figure 80: ADSL Link Statistics

96

Figure 81: Modem Interface

98

Figure 82: Edit Modem Configuration

98

Figure 83: Configure Modem PPP Client

100

Figure 84: Configure Modem PPP Client

100

Figure 85: Configure Modem PPP Server

101

Figure 86: Incoming Call Logs

102

Figure 87: PPP Logs

102

Figure 88: PPP Connection Logs

103

Figure 89: Starting Shorewall Firewall Menu

114

Figure 90: Shorewall Firewall Menu

115

Figure 91: Firewall Network Zones

116

Figure 92: Firewall Network Interfaces

117

Figure 93: Editing a Firewall Network Interfaces

117

Figure 94: Firewall Zone Hosts

119

Figure 95: Firewall Default Policies

119

Figure 96: Editing A Firewall Default Policy

120

Figure 97: Firewall Masquerading And SNAT

120

Figure 98: Editing A Masquerading Rule

120

Figure 99: Firewall Rules

121

Figure 100: Editing A Firewall Rule

121

Figure 101: Static NAT

122

Figure 102: Creating a Static NAT Entry

122

Figure 103: Actions When Stopped

123

Figure 104: IPsec VPN Configuration Menu Before Key Generation

128

Figure 105: IPsec VPN Configuration Menu Before After Generation

129

Figure 106: IPsec VPN Configuration After Connections Have Been Created

130

Table Of Figures

Figure 107: Server Configuration

130

Figure 108: Show Public Key

131

Figure 109: Preshared Keys

131

Figure 110: List Certificates

132

Figure 111: Editing A VPN Connection, Part 1

132

Figure 112: Editing A VPN Connection, Part 2

134

Figure 113: IPsec Status

135

Figure 114: End To End Backup Example

136

Figure 115: OSPF And VRRP Example

146

Figure 116: Dynamic Routing Menu

147

Figure 117: Enable Protocols Menu

148

Figure 118: Core Menu

148

Figure 119: Core Global Parameters

148

Figure 120: Core Interface Parameters

149

Figure 121: OSPF Menu

150

Figure 122: OSPF Global Parameters

150

Figure 123: OSPF Interfaces

152

Figure 124: Network Areas

153

Figure 125: RIP Menu

154

Figure 126: RIP Global Parameters

154

Figure 127: RIP Interfaces

156

Figure 128: RIP Networks

157

Figure 129: Link Backup Main Menu

160

Figure 130: Link Backup Main Menu

160

Figure 131: Link Backup Configuration

160

Figure 132: Link Backup Configuration

161

Figure 133: Link Backup Log

162

RuggedRouter

User Guide

Figure 134: Link Backup Status

162

Figure 135: Test Link Backup

162

Figure 136: VRRP Example

166

Figure 137: VRRP Main Menu

168

Figure 138: VRRP Configuration

168

Figure 139: VRRP Instance

169

Figure 140: VRRP Instances Status

170

Figure 141: Traffic Prioritization Main Menu

174

Figure 142: Interface Prioritization Menu

174

Figure 143: Prioritization Queue Configuration

175

Figure 144: Prioritization Filter Configuration

175

Figure 145: Prioritization Statistics

176

Figure 146: VRRP Example

177

Figure 147: GRE Main Menu

178

Figure 148: GRE Tunnel Configuration Menu

178

Figure 149: Network Utilities Main Menu

181

Figure 150: Ping Menu

182

Figure 151: Traceroute Menu

182

Figure 152: Host Menu

183

Figure 153: Tcpdump Menu

183

Figure 154: Frame Relay Trace Menu

184

Figure 155: Serial Server Port Trace Menu

185

Figure 156:

Interface Statistics Menu

185

Figure 157: Current Routing & Interface Table

186

Figure 158: Serial Protocols Server Main Menu

192

Figure 159: Assign Protocols Menu

193

Figure 160: Port Settings Menu

193

Table Of Figures

Figure 161: Raw Socket Menu

194

Figure 162: Serial Protocols Statistics Menu

195

Figure 163: Serial Protocols Trace Menu

196

Figure 164: Layer 2 Tunnels Main Menu

200

Figure 165: General Configuration Menu

201

Figure 166: GOOSE Menu

201

Figure 167: GOOSE Menu

201

Figure 168: GOOSE Statistics Menu

202

Figure 169: Activity Trace Menu

203

Figure 170: DHCP Server Menu

212

Figure 171: DHCP Shared Network Configuration

213

Figure 172: DHCP Subnet Configuration

214

Figure 173: DHCP Group Configuration

215

Figure 174: DHCP Host Configuration

215

Figure 175: DHCP Pool Configuration

216

Figure 176: NTP Server

219

Figure 177: NTP Generic Options

219

Figure 178: NTP Server List

220

Figure 179: NTP Status

221

Figure 180: NTP Log

221

Figure 181: GPS Status

222

Figure 182: GPS Log

222

Figure 183: SSH Server

224

Figure 184: SSH Server Authentication Menu

224

Figure 185: SSH Server Networking

225

Figure 186: SSH Server Access Control

225

Figure 187: IRIGB/1588 Main Menu

230

RuggedRouter

User Guide

Figure 188: IRIGB/IEEE1588 General Configuration menu

230

Figure 189: IRIGB Configuration menu

231

Figure 190: IEEE1588 Configuration Menu

231

Figure 191: IRIGB GPS Status

232

Figure 192: IEEE1588 Status

232

Figure 193: IRIGB GPS Status

233

Figure 194: Snort Main Menu part 1

236

Figure 195: Snort Main Menu part 2

236

Figure 196: Snort Main Menu part 3

237

Figure 197: Snort Ruleset Edit

237

Figure 198: Snort Network Settings

238

Figure 199: Snort Preprocessors

238

Figure 200: Snort Alerts

239

Figure 201: Alert Main Menu

240

Figure 202: Alert Configuration Menu

241

Figure 203: Alert Filter Configuration Menu

242

Figure 204: Alert Definition Configuration Menu

242

Figure 205: Change Alert Definition Menu

243

Figure 206: Gauntlet Security Appliance Menu

246

Figure 207: System Backup And Restore

247

Figure 208: General Configuration Setup

248

Figure 209: Archive History

249

Figure 210: Archive Backup

249

Figure 211: Archive Backup, Complete

249

Figure 212: Archive Restore Menu

250

Figure 213: Start Restore

250

Figure 214: Archive Differences Menu

251

Table Of Figures

Figure 215: Archive Differences List

251

Figure 216: Show Difference for selected file between two targets

252

Figure 217: SNMP Main Configuration page

253

Figure 218: System Configuration page

253

Figure 219: Network Addressing Configuration page, Client Address

253

Figure 220: Network Addressing Configuration page, Addresses to listen on

254

Figure 221: Access Control page, SNMP V1 and V2c

254

Figure 222: Access Control page, SNMP V3

255

Figure 223: Trap Configuration page, Trap Options

256

Figure 224: Trap Destinations V1 and V2c

256

Figure 225: Trap Destinations V3

256

Figure 226: Radius Authentication Main Menu

259

Figure 227: Radius Authentication Server Parameters

259

Figure 228: Radius Authentication Main Menu

260

Figure 229: Chassis Parameters Menu

261

Figure 230: System Logs

262

Figure 231: Changing a Syslog entry to remote log

263

Figure 232: Software Upgrade System

265

Figure 233: Upgrade to RX1100

267

Figure 234: Change Repository Server

267

Figure 235: Automatic Upgrade

268

Figure 236: Upgrading All Packages

268

Figure 237: Installing A New Package

269

Figure 238: Upload/Download menu

271

Figure 239: Apache Default Web Page

278

Figure 240: Installing IIS

280

Figure 241: IAS Window - Edit Remote Access Policy

282

RuggedRouter

User Guide

Figure 242: IAS Window - Edit Profile

282

Figure 243: IAS Window – Add Attribute

283

Figure 244: IAS Window – Multivalued Attribute Information

283

Figure 245: IAS Window – Vendor-Specific Attribute Information

283

Figure 246: IAS Window – Configure VSA (RFC compliant)

284

Chapter 1 – Setting Up And Administering The Router

Chapter 1 – Setting Up And Administering The Router

Introduction

This chapter familiarizes the user with the RuggedCom Serial Console interface, the

RuggedRouter

describes the following procedures:

Setup script and signing on to the Web interface. This chapter

Running the Setup Script

Signing on the Web Interface

Signing on to the Command Prompt

Restoring the default configuration

Access Methods

You can access the router through the console, Ethernet ports, WAN ports and the modem port.

Accounts And Password Management

The router provides an “rrsetup” account which provides a shell that quickly configures such items as passwords, addresses, date/time and services offered by the router. It is very useful to sign-in to this shell first, harden the router, and configure network addresses in order that the router be reachable from the network through Web Management. The rrsetup password should be changed, recorded securely and restricted to qualified personnel.

The root account provides a superuser capability for SSH shell access and the Web server. The password should be changed, recorded securely and restricted to qualified personnel.

The root and rrsetup accounts may be also be managed through radius authentication.

The Web management agent can be accessed through the root account. It may also be accessed through a number of radius accounts via radius authentication. This offers the advantage of attributing actions in logs to the specific user, as opposed to the root user.

Default Configuration

Your RuggedRouter

is shipped from the factory with the following defaults:

Ethernet ports are enabled and have an address of 192.168.X.1 where X is the port number,

WAN and modem ports are disabled,

IRIG-B output ports are disabled,

Setup account “rrsetup”, password “admin”,

Superuser account “root”, password “admin”,

SSH and Web Management interfaces are enabled by default. All other services (including Serial Protocol Server, DHCP server, NTP server, End to

RuggedRouter

User Guide

End Backup Server, VPN Server, NFS, OSPF/RIP protocol and firewall) are disabled by default.

Accessing The RuggedRouter

From the Console Port

Command Prompt

Attach a terminal (or PC running terminal emulation software) to the RS232 port on the rear of the chassis. The terminal should be configured for 8 bits, no parity operation at 38.4 Kbps. Hardware and software flow control must be disabled. Select a terminal type of VT100.

Once the terminal is connected, pressing <CR> will prompt for the user to login as and that user's password. Sign-in as either the rrsetup or root user. The router is shipped with default passwords of “admin” for either of these accounts.

From SSH

Use an SSH agent running the version 2 protocol.

accounts of the router at one of its IP addresses described above. The router is

shipped with default passwords of “admin” for either of these accounts.

SSH to either the rrsetup or root

The RuggedRouter Setup Shell

Signing-in as the rrsetup user will automatically enter the configuration shell shown below. Quitting the shell (with cancel, or by entering escape) will cause the connection to close.

or by entering escape) will cause the connection to close. Figure 1: RuggedRouter Setup Main Menu

Figure 1: RuggedRouter Setup Main Menu

The shell provides a number of configuration commands, described below.

Configuring Passwords

The Change Passwords command changes the rrsetup and root account passwords. These passwords should be changed before installing the router on the network.

Chapter 1 – Setting Up And Administering The Router

Figure 2: RuggedRouter Setup Password Change Menu

The Router Figure 2: RuggedRouter Setup Password Change Menu Configuring IP Address Information The Change Port

Configuring IP Address Information

The Change Port IP Address command configures port IP addresses and gateways.

Address command configures port IP addresses and gateways. Figure 3: RuggedRouter Interfaces Setup Menu Each port

Figure 3: RuggedRouter Interfaces Setup Menu

Each port number X has a default address of 192.168.X.1 and a mask of

255.255.255.0.

The Configure Default Gateway Settings command configures the default gateway.

The Configure DNS Client Settings command configures the DNS server address. If the router is part of a domain, enter the domain name in the “Search Domain” field.

enter the domain name in the “Search Domain” field. Figure 4: RuggedRouter DNS Client Menu Setting

Figure 4: RuggedRouter DNS Client Menu

Setting The Hostname

The Set Hostname command sets the hostname, shown in shell prompts and Web Management.

Configuring Radius Authentication

The Set Radius Authentication command configures the address of a Radius server, if available.

RuggedRouter

User Guide

RuggedRouter User Guide Figure 5: Radius Server Configuration menu The Hostname/IP and Port Number fields

Figure 5: Radius Server Configuration menu

The Hostname/IP and Port Number fields configures the server location.

The Shared Secret field configures the unique password used by this server.

The time Timeout field selects the maximal time to wait before trying the next server.

The entry, created for both LOGIN and PPP Login, can be changed from the web interface.

Enabling And Disabling The SSH and Web Server

By default SSH and Web Management are enabled. The Disable SSH and Disable Web Management commands allows these services to be disabled. The servers will be immediately stopped. If access to the shell has been made through ssh the session will continue, but no new sessions will be allowed.

Upon disabling the services, the titles in the main menu will change to Enable SSH and Enable Web Management to reflect the disabled state. Enabling a service automatically restarts it.

Chapter 1 – Setting Up And Administering The Router

Enabling And Disabling The Gauntlet Security Appliance

The Gauntlet security Appliance requires a pass phrase unique to your network. menu will configure it.

This

phrase unique to your network. menu will configure it. This Figure 6: Gauntlet Setup Menu Configuring

Figure 6: Gauntlet Setup Menu

Configuring The Date, Time And Timezone

The Set The Date, Time And Timezone command allows these parameters to be set.

And Timezone command allows these parameters to be set. Figure 7: RuggedRouter Date/Time/Timezone Menu Once set,

Figure 7: RuggedRouter Date/Time/Timezone Menu

Once set, the router will account for Daylight Savings time.

RuggedRouter

User Guide

Displaying Hardware Information

The Display Hardware Information command describes commissioned hardware.

Information command describes commissioned hardware. Figure 8: RuggedRouter Hardware Information Menu 32

Figure 8: RuggedRouter Hardware Information Menu

Chapter 1 – Setting Up And Administering The Router

Restoring A Configuration

The Restore A Previous Configuration command provides a means to restore a previously taken snapshot of the configuration of the router.

Note: The router will reboot immediately after restoring configuration.

The user is first prompted to select either the factory default configuration or a previously made archive.

Note: Restoring the factory defaults will reset IP addresses and may make the router impossible to reach from the network.

may make the router impossible to reach from the network. Figure 9: Selecting a configuration to

Figure 9: Selecting a configuration to reload

Initially, your RuggedRouter will have no previously saved configurations. The factory defaults will always be available.

The factory defaults will always be available. Figure 10: Selecting a previously made configuration Once a

Figure 10: Selecting a previously made configuration

Once a configuration is selected the archive will be restored. After the configuration is restored, the router will reboot immediately.

RuggedRouter

User Guide

The RuggedRouter

Web Interface

The RuggedCom Web interface is provided by an enhanced version of the popular Webmin interface.

Using a Web Browser to Access the Web Interface

Start a web browser session and open a connection to the router by entering a URL that specifies its hostname or IP address (e.g. https://179.1.0.45:10000). Once the router is contacted, start the login process by clicking on the “Login” link. The resulting page should be similar to that presented below.

resulting page should be similar to that presented below. Figure 11: Signing On To The Router

Figure 11: Signing On To The Router With A Web Browser