Streszczenie treści zawartej na stronie nr. 1
Software Release 2.3.1
For Rapier Switches,
AR300 and AR700 Series Routers, and
AR800 Series Modular Switching Routers
Introduction ...................................................................................................... 2
Hardware Platforms .......................................................................................... 2
Rapier i Series ............................................................................................. 2
Hot Swapping Network Service Modules ..
Streszczenie treści zawartej na stronie nr. 2
2 Release Note Introduction Allied Telesyn International announces the release of Software Release 2.3.1 on the AR300 and AR700 Series routers, Rapier Series layer 3 switches, and AR800 Series modular switching routers. This release note describes software features that are new since Software Release 2.2.2. It should be read in conjunction with the Quick Install Guide, Quick Start Guide, User Guide, Hardware Reference and Software Reference for your router or switch. These documents can be
Streszczenie treści zawartej na stronie nr. 3
Software Release 2.3.1 3 Hot Swapping Network Service Modules In routers and switches that have NSM bays, this release allows the following NSMs to be hot swapped, so that they can be installed and uninstalled without powering down the entire router or switch: AT-AR040 NSM with 4 PIC slots (NSM-4PIC) AT-AR041 NSM with 8 BRI S/T WAN ports (NSM-8BRI) AT-AR042 NSM with 4 BRI S/T WAN Ports (NSM-4BRI) The following PIC cards can be hot swapped if they are in NSM bays: AT-AR021(S) PIC BRI (S
Streszczenie treści zawartej na stronie nr. 4
4 Release Note files, feature licences and other files. (If this happens, FLASH memory may need to be cleared completely, leaving no functioning software to run the router.) Hot swap an NSM out of an NSM bay Follow these steps to hot swap an NSM, or PICs in an NSM-4PIC, out of an NSM bay. 1. Prepare the NSM bay for hot swap. Look at the “Swap” and “In use” LEDs beside the NSM bay. If the “In Use” LED is lit, press the “Hot Swap” switch slowly using a pointed object such as a pencil tip. The
Streszczenie treści zawartej na stronie nr. 5
Software Release 2.3.1 5 Software Features The following features are available on all routers and switches supported by this release, unless otherwise stated: Major features NSM Hot Swap software support for models with NSM bays (“NSM Hot Swap Software Support” on page 6) Domain Name Server Enhancements (IP) (“Domain Name Server Enhancements” on page 7) Configurable Telnet Server Port Number (“Telnet Server Port Number” on page 9) Up and down triggers for Ethernet interfaces (“Trig
Streszczenie treści zawartej na stronie nr. 6
6 Release Note NSM Hot Swap Software Support When a card is hot-swapped out of a bay, its interface instances become dormant. They stay dormant until either another card of the same type is hot- swapped into the bay, in which case they are reactivated, or a card of a different type is hot-swapped into the bay, in which case they are destroyed. Dormant interfaces are included in the SHOW INTERFACE command output and in the SNMP interfaces MIB, marked as swapped out. In other router or switch
Streszczenie treści zawartej na stronie nr. 7
Software Release 2.3.1 7 Figure 2: Example output from the SHOW INTERFACE command for a specific interface. Interface.................. bri0 ifIndex.................. 3 ifMTU.................... 1712 ifSpeed.................. 144000 ifAdminStatus............ Up ifOperStatus............. Swapped out ifLinkUpDownTrapEnable... Disabled TrapLimit................ 20 Interface Counters ifInOctets .................. 52190 ifOutOctets ................. 52190 ifInUcastPkts .......
Streszczenie treści zawartej na stronie nr. 8
8 Release Note If the DNS servers have already been configured, the configuration information can be set using the command: SET IP DNS [DOMAIN={ANY|domain-name}] {INTERFACE=interface| [PRIMARY=ipadd] [SECONDARY=ipadd]} For example, to add or set the IP addresses of the default primary and secondary name servers to 192.168.20.1 and 192.168.20.2 respectively, use the commands: ADD IP DNS PRIMARY=192.168.20.1 SECONDARY=192.168.20.2 SET IP DNS PRIMARY=192.168.20.1 SECONDARY=192.168.20.2 To set th
Streszczenie treści zawartej na stronie nr. 9
Software Release 2.3.1 9 Automatic Nameserver Configuration The primary and secondary name server’s addresses can either be statically configured as above, or learned dynamically over an interface. Name servers can be learned via DHCP over an Ethernet interface or via IPCP over a PPP interface. The interface is specified using the command: ADD IP DNS [DOMAIN={ANY|domain-name}] INTERFACE=interface If no nameservers have been manually configured, and nameserver configuration is assigned to an
Streszczenie treści zawartej na stronie nr. 10
10 Release Note SET TRIGGER=trigger-id [INTERFACE[=interface]] EVENT={UP| DOWN|FAIL|ANY} [CIRCUIT=miox-circuit] [CP={APPLE|ATCP|BCP| CCP|DCP|DNCP|IPCP|IPXCP|LCP}] [DLCI=dlci] [AFTER=hh:mm] [BEFORE=hh:mm] [{DATE=date|DAYS=day-list}] [NAME=name] [REPEAT={YES|NO|ONCE|FOREVER|count}] [TEST={YES|NO|ON| OFF|TRUE|FALSE}] The INTERFACE parameter defines an interface (link) trigger and specifies the interface to monitor. The EVENT parameter is required for an INTERFACE trigger. The INTERFACE paramet
Streszczenie treści zawartej na stronie nr. 11
Software Release 2.3.1 11 IP Security (IPsec) Source Interface and Enhancements A source interface can now be specified for tunnelled IPsec traffic. The performance of IPsec is also enhanced, and more simultaneous IPsec tunnels are supported, because of the increase in ENCO channels. A new SRCINTERFACE parameter has been added to the SET and CREATE IPSEC POLICY commands. The SRCINTERFACE parameter specifies which interface on the router will be used as the source interface for tunnelled IP
Streszczenie treści zawartej na stronie nr. 12
12 Release Note OSPF on Demand OSPF on demand circuits allow data link connections to be closed when not carrying application traffic. A new parameter, DEMAND, has been added to the following commands to support this feature: ADD OSPF INTERFACE [DEMAND={ON|OFF|YES|NO|TRUE|FALSE}] SET OSPF INTERFACE [DEMAND={ON|OFF|YES|NO|TRUE|FALSE}] For example, to set the OSPF interface ppp0 to a demand circuit over the point- to-point link, use the command: SET OSPF INTERFACE=PPP0 DEMAND=ON The DEMAND param
Streszczenie treści zawartej na stronie nr. 13
Software Release 2.3.1 13 Figure 3: Example of dial-on-demand ISDN before configuring OSPF on demand. ISDN Router B Router A RIP on demand or static routes Router C OSPF routing Figure 4: Example of dial-on-demand ISDN after configuring OSPF on demand. ISDN Router B Router A OSPF on demand Router C OSPF routing For more information, see the Open Shortest Path First (OSPF) chapter of your switch or router’s Software Reference. The latest Software Reference can be downloaded from the support sit
Streszczenie treści zawartej na stronie nr. 14
14 Release Note Paladin Firewall Enhancements The existing firewall NAT performs address translation for traffic passing between a pair of interfaces. With Software Release 2.3.1, firewall rules can also be configured which selectively perform address translation on sessions passing through an interface, based on the properties of the session (protocol, ports, IP addresses). In addition to standard NAT and enhanced NAT rules, it is possible to configure reverse NAT (translates destination a
Streszczenie treści zawartej na stronie nr. 15
Software Release 2.3.1 15 Reverse NAT This translates the addresses of public side devices to addresses suitable for the private side of the firewall (destination address will be translated for outbound packets, source address for inbound packets). Double NAT This translates both the public and private side source and destination addresses. Enhanced NAT This translates many private or public side addresses into a single global or local address. If it is applied to a private interface t
Streszczenie treści zawartej na stronie nr. 16
16 Release Note additional rules can be added to allow or deny access based on IP addresses, port numbers, day of the week, or time of day. Each rule for a specific interface in a policy is processed in order, starting with the lowest numbered rule and proceeding to the highest numbered rule, or until a match is found. These rules, created with the ADD FIREWALL POLICY RULE command, are based on IP address, port, protocol, date and time. In addition, the processing of ICMP packets, IP packet
Streszczenie treści zawartej na stronie nr. 17
Software Release 2.3.1 17 translates both the public and private side source and destination addresses. ENHANCED NAT defined for a private interface will translate the private side source address (specified using the IP parameter) and protocol dependent ports to a single source address (specified by the GBLIP parameter), suitable for the public side of the Firewall. ENHANCED NAT defined for a public interface will translate the public side source address (specified using the GBLREMOTEIP pa
Streszczenie treści zawartej na stronie nr. 18
18 Release Note Table 2: Required parameters for Firewall NAT rules. Parameters NAT Rule Direction IP REMOTEIP GBLIP GBLREMOTEIP NATMASK Type Standard I T S X X OTXX Standard IT S X T subnet OTXT a EnhancedITX X OTXX Reverse I S T X S X OS S X T X Reverse I S T* X S T* subnet OS* S X T T* Double I T T* S S X OS* S T T X Double I T T* S S T* subnet OS* S* T T T* a. If the rule is applied to a public interface, the result will be reverse enhanced NAT. Key to table: Direction I = in. The rule is
Streszczenie treści zawartej na stronie nr. 19
Software Release 2.3.1 19 redirection any web traffic from the user’s PC or laptop can be redirected to the ISP's web server. This forces the user to arrange payment for using the service before being able to browse to any other site. With appropriate supporting “deny” rules, all other traffic types from the user’s PC can be blocked until payment has been made. The following gives a simple example of how a system such as this would be configured. The ISP has a switch configured with a firew
Streszczenie treści zawartej na stronie nr. 20
20 Release Note Figure 5: Using enhanced NAT in an IPsec tunnel with different IPsec and default gateways. LAN 1 LAN 2 192.168.2.0 subnet 192.168.1.1 - 192.168.1.100 F I R E Internet NAT W Default A gateway L L IPsec tunnel Private interface: 192.168.2.100 IPsec gateway 192.168.1.53 Apparent source host FW-FG1 Standard NAT To translate the source address of traffic received on the private interface eth0 and destined for addresses in the range 210.25.4.1-210.25.4.99 to the global subnet 210.2