Download KMBE - RADProductsOnline, Buy RAD Products Online at Great Prices

INSTALLATION AND
OPERATION MANUAL
KMBE
Ethernet Bridge/Router Module
Kilomux-2100/2104
The Access Company
KMBE
Ethernet Bridge/Router Module
Kilomux-2100/2104
Installation and Operation Manual
Notice
This manual contains information that is proprietary to RAD Data Communications Ltd. ("RAD").
No part of this publication may be reproduced in any form whatsoever without prior written
approval by RAD Data Communications.
Right, title and interest, all information, copyrights, patents, know-how, trade secrets and other
intellectual property or other proprietary rights relating to this manual and to the KMBE and any
software components contained therein are proprietary products of RAD protected under
international copyright law and shall be and remain solely with RAD.
KMBE is a registered trademark of RAD. No right, license, or interest to such trademark is
granted hereunder, and you agree that no such right, license, or interest shall be asserted by
you with respect to such trademark. The RAD name, logo, logotype, and the terms EtherAccess,
TDMoIP and TDMoIP Driven, and the product names Optimux and IPmux, are registered
trademarks of RAD Data Communications Ltd. All other trademarks are the property of their
respective holders.
You shall not copy, reverse compile or reverse assemble all or any portion of the Manual or the
KMBE. You are prohibited from, and shall not, directly or indirectly, develop, market, distribute,
license, or sell any product that supports substantially similar functionality as the KMBE, based
on or derived in any way from the KMBE. Your undertaking in this paragraph shall survive the
termination of this Agreement.
This Agreement is effective upon your opening of the KMBE package and shall continue until
terminated. RAD may terminate this Agreement upon the breach by you of any term hereof.
Upon such termination by RAD, you agree to return to RAD the KMBE and all copies and portions
thereof.
For further information contact RAD at the address below or contact your local distributor.
International Headquarters
RAD Data Communications Ltd.
North America Headquarters
RAD Data Communications Inc.
24 Raoul Wallenberg Street
Tel Aviv 69719, Israel
Tel: 972-3-6458181
Fax: 972-3-6498250, 6474436
E-mail: [email protected]
900 Corporate Drive
Mahwah, NJ 07430, USA
Tel: (201) 5291100, Toll free: 1-800-4447234
Fax: (201) 5295777
E-mail: [email protected]
© 1988–2008 RAD Data Communications Ltd.
Publication No. 425-217-12/08
Glossary
10BaseT
10BaseT is a LAN protocol which allows stations to be attached via
twisted pair cable.
Address
A coded representation of the origin or destination of data.
Agent
In SNMP, this refers to the managed system.
Analog
A continuous wave or signal (such as human voice).
ARP (Address
Resolution Protocol)
ARP is a method for finding a host's Ethernet address from its
Internet address. The sender broadcasts an ARP packet containing
the Internet address of another host and waits for the second
host to send back its Ethernet address.
ARP is defined in RFC 826.
Asynchronous
Transmission
Asynchronous transmission is the sending of data units characterby-character. The characters are preceded by start bits and
followed by stop bits.
AWG
The American Wire Gauge System, which specifies wire width.
Balanced
A transmission line in which voltages on the two conductors are
equal in magnitude, but opposite in polarity, with respect to
ground.
Bandwidth
The range of frequencies passing through a given circuit. The
greater the bandwidth, the more information can be sent through
the circuit in a given amount of time.
Baud
Unit of signaling speed equivalent to the number of discrete
conditions or events per second. If each signal event represents
only one bit condition, baud rate equals bps (bits per second).
Bit
The smallest unit of information in a binary system. Represents
either a one or zero (“1” or “0”).
bps (Bits Per Second)
A measure of data transmission rate in serial transmission.
Bridge
A device interconnecting local area networks at the OSI data link
layer, filtering and forwarding frames according to media access
control (MAC) addresses.
Bridging
Bridging is the forwarding of traffic between network segments
based on data link layer information. These segments have a
common network layer address.
Broadcast
Broadcast is a transmission to multiple, unspecified recipients. On
an Ethernet network, a broadcast packet is a special type of
multicast packet which all nodes on the network are always willing
to receive.
Buffer
A storage device. Commonly used to compensate for differences
in data rates or event timing when transmitting from one device to
another. Also used to remove jitter.
Bus
A transmission path or channel. A bus is typically an electrical
connection with one or more conductors, where all attached
devices receive all transmissions at the same time.
Byte
A group of bits (normally 8 bits in length).
Carrier
A continuous signal at a fixed frequency that is capable of being
modulated with a second (information carrying) signal.
Channel
A path for electrical transmission between two or more points.
Also called a link, line, circuit or facility.
CHAP
The Challenge Handshake Authentication Protocol CHAP is an
authentication protocol used by Point to Point Protocol (PPP)
servers to validate the identity of remote clients. CHAP periodically
verifies the identity of the client by using a three-way handshake
based on a shared secret (client user’s password).
Clock
A term for the source(s) of timing signals used in synchronous
transmission.
Compression
Any of several techniques that reduce the number of bits required
to represent information in data transmission or storage, thereby
conserving bandwidth and/or memory.
Congestion
A state in which the network is overloaded and starts to discard
user data (frames, cells or packets).
Congestion Control
A resource and traffic management mechanism to avoid and/or
prevent excessive situations (buffer overflow, insufficient
bandwidth) that can cause the network to collapse. In ATM
networks, congestion control schemes may be based on fields
within the ATM cell header (CLP, EFCI within the PTI) or may be
based on a more sophisticated mechanism between the ATM endsystem and ATM switches. The ATM Forum has developed a
mechanism based on rate control for ABR-type traffic. In Frame
Relay networks, congestion is handled by the FECN, BECN and DE
bits.
Data
Information represented in digital form, including voice, text,
facsimile and video.
Data Link Layer
Layer 2 of the OSI model. The entity, which establishes, maintains,
and releases data-link connections between elements in a
network. Layer 2 is concerned with the transmission of units of
information, or frames, and associated error checking.
Default Gateway
Default Gateway is a routing table entry which is used to direct
packets addressed to hosts or networks not explicitly listed in the
routing table.
Diagnostics
The detection and isolation of a malfunction or mistake in a
communications device, network or system.
Digital
The binary (“1” or “0”) output of a computer or terminal. In data
communications, an alternating, non-continuous (pulsating) signal.
DLCI (Data Link Control
Identifier)
DLCI is a channel number which is attached to data frames to tell
the network how to route the data in Frame Relay Networks.
DNS (Domain Name
System)
DNS is a general-purpose distributed, replicated, data query
service chiefly used on Internet for translating hostnames into
Internet IP addresses.
DNS is defined in STD 13, RFCs 1034 and 1035.
Dynamic Station
A dynamic station is a host which is added automatically to an ARP
or LAN table.
E3
The European standard for high speed digital transmission,
operating at 34 Mbps.
Encapsulation
Encapsulating data is a technique used by layered protocols in
which a low level protocol accepts a message from a higher level
protocol, then places it in the data portion of the lower-level
frame. The logistics of encapsulation require that packets traveling
over a physical network contain a sequence of headers.
Ethernet
A local area network (LAN) technology which has extended into
the wide area networks. Ethernet operates at many speeds,
including data rates of 10 Mbps (Ethernet), 100 Mbps (Fast
Ethernet), 1,000 Mbps (Gigabit Ethernet), 10 Gbps, 40 Gbps, and
100 Gbps.
Firewall
A firewall system controls access to or from a protected network
(i.e., a site). It implements a network access policy by forcing
connections to pass through the firewall, where they can be
examined and evaluated.
Frame
A logical grouping of information sent as a link-layer unit over a
transmission medium. The terms packet, datagram, segment, and
message are also used to describe logical information groupings.
Frame Relay
An efficient packet switching technology providing high speed
frame or packet transmission with minimum delay and efficient
bandwidth utilization over virtual circuits. The link layer handles
much of the network layer functionality. It has less protocol
overhead than X.25.
FXO (Foreign Exchange
Office)
A voice interface, emulating a PBX extension, as it appears to the
CO (Central Office) for connecting a PBX extension to a
multiplexer.
FXS (Foreign Exchange
Subscriber)
A voice interface, emulating the extension interface of a PBX (or
subscriber interface of a CO) for connecting a regular telephone
set to a multiplexer.
Gateway
Gateways are points of entrance and exit from a communications
network. Viewed as a physical entity, a gateway is that node that
translates between two otherwise incompatible networks or
network segments. Gateways perform code and protocol
conversion to facilitate traffic between data highways of differing
architecture.
Interface
A shared boundary, defined by common physical interconnection
characteristics, signal characteristics, and meanings of exchanged
signals.
IP Address
Also known as an Internet address. A unique string of numbers
that identifies a computer or device on a TCP/IP network. The
format of an IP address is a 32-bit numeric address written as four
numbers from 0 to 255, separated by periods (for example,
1.0.255.123).
IP Mask
he IP mask is a unique 4 byte (32 bit) value that allow the
recipient of IP packets to distinguish between different host IDs.
IP/IPX Routing
IP/IPX Routing is the process, performed by a router, of selecting
the correct interface and next hop for a packet being forwarded.
Routing is done in order to send a packet to a specific destination.
IPX (Internetwork
Packet Exchange)
IPX is a network layer protocol used in Novell NetWare file server
operating system.
ISDN (Integrated
Services Digital
Network)
ISDN is a set of communications standards allowing a single wire
or optical fiber to carry voice, digital network services and video.
ISDN is intended to eventually replace the telephone system.
Jitter
The deviation of a transmission signal in time or phase. It can
introduce errors and loss of synchronization in high speed
synchronous communications.
Laser
A device that transmits an extremely narrow and coherent beam
of electromagnetic energy in the visible light spectrum. Used as a
light source for fiber optic transmission (generally more expensive,
shorter lived, single mode only, for greater distances than LED).
Latency
The time between initiating a request for data and the beginning
of the actual data transfer. Network latency is the delay
introduced when a packet is momentarily stored, analyzed and
then forwarded.
Leased Lines
A leased line is a private telephone circuit permanently connecting
two points, normally provided on a lease by a local PTT.
Loading
The addition of inductance to a line in order to minimize amplitude
distortion. Used commonly on public telephone lines to improve
voice quality, it can make the lines impassable to high speed data,
and baseband modems.
Loopback
A type of diagnostic test in which the transmitted signal is
returned to the sending device after passing through all or part of
a communications link or network.
MAC (Media Access
Control)
MAC is the lower sublayer of the data link layer. MAC is the
interface between a node's Logical Link Control and the network's
physical layer. The MAC differs for various physical media.
MAC Address
The MAC Address is the hardware address of a device connected
to a shared network medium.
Manager
An application that receives Simple Network Management Protocol
(SNMP) information from an agent. An agent and manager share a
database of information, called the Management Information Base
(MIB). An agent can use a message called a traps-PDU to send
unsolicited information to the manager. A manager that uses the
RADview MIB can query the RAD device, set parameters, sound
alarms when certain conditions appear, and perform other
administrative tasks.
Mask
A mask is a filtering aid that is used to define classes of
addresses. By defining classes, any packet can be judged as to
whether it should pass the filter or not.
MTU (Maximum
Transmit Unit)
The Maximum Transmission Unit is the largest frame length which
may be sent on a physical medium.
MultiCast
MultiCast is an Ethernet addressing scheme used to send packets
to devices of a certain type or for broadcasting to all nodes.
Multiplexer
At one end of a communications link, a device that combines
several lower speed transmission channels into a single high speed
channel. A multiplexer at the other end reverses the process.
Sometimes called a mux. See Bit Interleaving/Multiplexing.
Network
(1) An interconnected group of nodes. (2) A series of points,
nodes, or stations connected by communications channels; the
collection of equipment through which connections are made
between data stations.
Network Layer
A layer in the OSI reference model. The network layer provides
address resolution and routing protocols. Address resolution
enables the network layer to determine a unique network address
for a node. Routing protocols allow data to flow between
networks and reach their proper destination. Examples of network
layer protocols are Address Resolution Protocol (ARP), Datagram
Delivery Protocol (DDP), Internet Control Message Protocol (ICMP),
Interior Gateway Protocol (IGP), Internet Protocol (IP),
Internetwork Packet Exchange (IPX) and Packet Layer Protocol
(PLP).
NetBEUI (NetBIOS
Extended User
Interface)
NetBEUI is the network transport protocol used by all of Microsoft
network systems and IBM LAN Server based systems.
NCP (NetWare Core
Protocol)
NCP is a Novell trademark for the protocol used to access Novell
NetWare file and print service functions. NCP uses an underlying
IPX or IP transport protocol.
Parity
Parity is an extra bit added to a byte or word to reveal errors in
storage (in RAM or disk) or transmission. Even/odd parity means
that the parity bit is set so that there are an even/odd number of
one bits in the word, including the parity bit. Odd parity means
that the parity bit is set so that there are an odd number of one
bits in the word, including the parity bit.
Node
A point of interconnection to a network.
Packet
An ordered group of data and control signals transmitted through
a network, as a subset of a larger message.
Packet Switching
A data transmission technique, which divides user information into
discrete data envelopes called packets, and sends the information
packet by packet.
PAP
The Password Authentication Protocol is a simple authentication
protocol used by a point to point protocol (PPP) to authenticate
users to a network server. This protocol transmits unencrypted
ASCII messages over the network and is considered unsecure. It is
used if the server does not support a stronger protocol such as
CHAP.
parameters
Parameters are often called arguments, and the two words are
used interchangeably. However, some computer languages such as
C define argument to mean actual parameter (i.e., the value), and
parameter to mean formal parameter. In RAD CLI, parameter
means formal parameter, not value.
Polling
See Multidrop.
Port
The physical interface to a computer or multiplexer, for connection
of terminals and modems.
PPP (Point to Point
Protocol)
PPP is the protocol defined in RFC 1661, the Internet standard for
transmitting network layer datagrams (e.g. IP packets) over serial
point-to-point links.
PPP is designed to operate both over asynchronous connections
and bit-oriented synchronous systems, it can configure
connections to a remote network dynamically, and test that the
link is usable. PPP can be configured to encapsulate different
network layer protocols (such as IP, IPX, or AppleTalk) by using the
appropriate network.
prompt
One or more characters in a command line interface to indicate
that the computer is ready to accept typed input.
Protocol
A formal set of conventions governing the formatting and relative
timing of message exchange between two communicating
systems.
PSTN (Public Switched
Telephone Network)
PSTN is the collection of interconnected systems operated by the
various telephone companies and administrations (PTTs) around
the world.
RFC (Request for
Comment)
RFC is a numbered Internet informational documents and
standards widely followed by commercial software and freeware in
the Internet and UNIX communities.
RIP (Routing
Information Protocol)
RIP is the companion protocol to IPX for exchange of routing
information in a Novell network. It is not related to the Internet
protocol of the same name.
RIP-2
Routing information protocol used to discover agents and the
routes that IP packets must traverse. This is done automatically
using periodic broadcasts. RIP-2 also supports IP subnets.
Router
An interconnection device that connects individual LANs. Unlike
bridges, which logically connect at OSI Layer 2, routers provide
logical paths at OSI Layer 3. Like bridges, remote sites can be
connected using routers over dedicated or switched lines to create
WANs.
Routing
The process of selecting the most efficient circuit path for a
message.
SAP
SAP is the OSI term for the component of a network address
which identifies the individual application on a host which is
sending or receiving a packet.
Serial Transmission
A common mode of transmission, where the character bits are
sent sequentially one at a time instead of in parallel.
Single Mode
Describing an optical wave-guide or fiber that is designed to
propagate light of only a single wavelength (typically 5-10 microns
in diameter).
SLIP (Serial Line Internet
Protocol)
SLIP is software allowing the IP, normally used on Ethernet, to be
used over a serial line, e.g. an RS-232 serial port connected to a
modem. It is defined in RFC 1055.
SNMP (Simple Network
Management Protocol)
SNMP is the Internet standard protocol, defined in STD 15, RFC
1157, developed to manage nodes on an IP network.
SOCKS
SOCKS is a security package that allows a host behind a firewall to
use finger, FTP, Telnet, Gopher, and Mosaic to access resources
outside the firewall while maintaining the security requirements.
Space
In telecommunications, the absence of a signal. Equivalent to a
binary 0.
Spoofing
Spoofing is a technique used to reduce network overhead,
especially in wide area networks (WAN). Some network protocols
send frequent packets for management purposes. These can be
routing updates or keep-alive messages. In a WAN this can
introduce significant overhead, due to the typically smaller
bandwidth of WAN connections.
Spoofing reduces the required bandwidth by having devices, such
as bridges or routers, answer for the remote devices. This fools
(spoofs) the LAN device into thinking the remote LAN is still
connected, even though it's not. The spoofing saves the WAN
bandwidth, because no packet is ever sent out on the WAN.
SPX (Sequenced Packet
Exchange)
SPX is a transport layer protocol built on top of IPX. SPX is used in
Novell NetWare systems for communications in client/server
application programs, e.g. BTRIEVE (ISAM manager).
Static Station
A static station is a host which is added manually to an ARP or LAN
table.
Stop Bit
Stop Bits mark the end of a unit of transmission (normally a byte
or character). In serial communications, where each bit of the
message is transmitted in sequence, stop bits are extra "1" bits
which follow the data and any parity bit.
Synchronous
Transmission
Transmission in which data bits are sent at a fixed rate, with the
transmitter and receiver synchronized.
T1
A digital transmission link with a capacity of 1.544 Mbps used in
North America. Typically channelized into 24 DS0s, each capable of
carrying a single voice conversation or data stream. Uses two pairs
of twisted pair wires.
TCP (Transmission
Control Protocol)
TCP is the most common transport layer protocol used on Ethernet
and the Internet.
TCP is built on top of Internet Protocol (IP) and is nearly always
seen in the combination TCP/IP (TCP over IP). It adds reliable
communication, flow-control, multiplexing and connectionoriented communication. It provides full-duplex, process-toprocess connections.
TCP is defined in STD 7, RFC 793.
TCP/IP stack
(Transmission Control
Protocol over Internet
Protocol)
TCP/IP stack is the standard Ethernet protocols incorporated into
4.2BSD UNIX. While TCP and IP specify two protocols at specific
layers, TCP/IP is often used to refer to the entire DoD protocol
suite based upon these, including Telnet, FTP, UDP and RDP.
Telnet
The virtual terminal protocol in the Internet suite of protocols. It
lets users on one host access another host and work as terminal
users of that remote host. Instead of dialing into the computer,
the user connects to it over the Internet using Telnet. When
issuing a Telnet session, it connects to the Telnet host and logs in.
The connection enables the user to work with the remote machine
as though a terminal was connected to it.
TFTP (Trivial File
Transfer Protocol)
A simplified version of the File Transfer Protocol that transfers
files but does not provide password protection or user-directory
capability.
Throughput
The amount of information transferred through the network
between two users in a given period, usually measured in the
number of packets per second (pps).
Traffic Management
Set of actions and operations performed by the network to
guarantee the operability of the network, exercised in the form of
traffic control and flow control.
UDP (User Datagram
Protocol)
UDP is an Internet standard network layer, transport layer and
session layer protocols which provide simple but unreliable
datagram services. It adds a checksum and additional
process-to-process addressing information. UDP is a
connectionless protocol which, like TCP, is layered on top of IP.
UDP is defined in STD 6, RFC 768.
WAN (Wide Area
Network)
A WAN is a network, usually constructed with serial lines,
extending over distances greater than one kilometer.
Contents
Chapter 1. Introduction
1.1
1.2
1.3
1.4
1.5
1.6
Overview.................................................................................................................... 1-1
Versions ................................................................................................................. 1-1
Features .................................................................................................................... 1-1
Bridging .................................................................................................................. 1-2
IP Routing ............................................................................................................... 1-2
IPX Routing ............................................................................................................. 1-2
Address Translation (Single IP) and Firewall ............................................................. 1-2
Solid Firewall .......................................................................................................... 1-3
Applications ............................................................................................................... 1-3
Basic Bridging ......................................................................................................... 1-3
Routing Between Central and Remote Offices ......................................................... 1-3
Dual Link Applications ............................................................................................. 1-4
Physical Description ................................................................................................... 1-5
LEDs ....................................................................................................................... 1-5
Connectors ............................................................................................................. 1-5
Jumpers .................................................................................................................. 1-5
Functional Description................................................................................................ 1-6
Management .......................................................................................................... 1-6
Configuration Parameters ....................................................................................... 1-6
Technical Specifications.............................................................................................. 1-6
Chapter 2. Installation and Setup
2.1
2.2
2.3
Installation ................................................................................................................. 2-1
Rear Panel .............................................................................................................. 2-1
Internal Settings ..................................................................................................... 2-2
Module Installation ................................................................................................. 2-3
Cable Connections .................................................................................................. 2-4
Control Connector .............................................................................................. 2-4
Operating Indications ................................................................................................. 2-4
Normal Indications .................................................................................................. 2-4
Initial Setup ............................................................................................................... 2-5
Connecting to the Terminal ..................................................................................... 2-5
Setting a Password ................................................................................................. 2-5
Changing and Deleting the Password ...................................................................... 2-6
Chapter 3. Operation
3.1
3.2
3.3
KMBE
KMBE General Configuration ....................................................................................... 3-1
KMBE Bridge or Router Configuration ......................................................................... 3-2
Configuring KMBE as a Bridge .................................................................................. 3-2
Configuring KMBE as a Router ................................................................................. 3-3
Menus and Screens .................................................................................................... 3-3
The Main Menu ....................................................................................................... 3-3
Quick Setup ............................................................................................................ 3-3
Security Setup ........................................................................................................ 3-3
Advanced Menu ...................................................................................................... 3-3
View ....................................................................................................................... 3-3
Diagnostic Tools ..................................................................................................... 3-3
Exit ......................................................................................................................... 3-3
i
Table of Contents
Installation and Operation Manual
Chapter 4. Configuration
4.1
4.2
4.3
Quick Setup Menu ...................................................................................................... 4-1
Principles of Operation ........................................................................................... 4-1
Quick Setup Example ............................................................................................... 4-1
Link Mode .......................................................................................................... 4-1
Routing .............................................................................................................. 4-2
WAN IP Address ................................................................................................. 4-2
Host IP Setup ..................................................................................................... 4-2
Security Setup .................................................................................................... 4-3
Security Setup............................................................................................................ 4-3
Enabling Telnet Access ............................................................................................ 4-4
Enabling SNMP Access ............................................................................................. 4-5
Enabling/Disabling the Solid Firewall ........................................................................ 4-5
Advanced Setup ......................................................................................................... 4-6
Setup Menu ............................................................................................................ 4-7
Host Parameters ................................................................................................ 4-7
Routing/Bridging Menu ..................................................................................... 4-11
Interface Parameters ........................................................................................ 4-20
Access Control (Security) .................................................................................. 4-26
WAN Economy Menu ........................................................................................ 4-28
Factory Default Options ................................................................................... 4-36
Device Control Menu ............................................................................................. 4-36
Software Download.......................................................................................... 4-37
Device Configuration Parameters Upload/Download .......................................... 4-39
Reset Options .................................................................................................. 4-40
Control Other Device ........................................................................................ 4-40
Terminal Type .................................................................................................. 4-40
Chapter 5. Troubleshooting and Diagnostics
5.1
5.2
Error Messages .......................................................................................................... 5-1
Technical Support ...................................................................................................... 5-2
Appendix A. Boot Manager
ii
KMBE
Chapter 1
Introduction
1.1
Overview
KMBE is based on the MBE family of standalone bridges and IP/IPX routers for the
small office. KMBE is a Kilomux-2100/2104 I/O module that can be used for
various bridging and routing functions, connecting one or two Ethernet LANs via
the Kilomux’s main links. Quick setup and advanced configuration menus provide
on-screen instructions that guide you through the configuration procedures.
Versions
You can order KMBE with the following LAN interfaces:
•
AUI
•
Thin coax
•
UTP (10BaseT).
1.2
Features
The KMBE module has the following principle features:
Routing
•
Bridging
•
IP, IPX, and IP+IPX Routing
•
Single IP Address Translation
•
Supports static nets and multi-nets
•
Supports IP fragmentation
Configuration and Control
KMBE
•
Supports Telnet allowing configuration and control of the device over WAN
and LAN
•
An SNMP agent provides management by RADview or any other standard
SNMP management station
•
Fast configuration from a terminal emulator and via Telnet or SNMP
management
•
Dual image Flash enables downloading two software versions
Kilomux-2100/2104
Features
1-1
Chapter 1 Introduction
•
Installation and Operation Manual
Software downloading is available by TFTP
Security
•
Solid firewall protection
•
PAP/CHAP authentication
•
Undesired access to KMBE via Telnet or SNMP can also be blocked or
password protected
Other
•
Supports PPP Protocol
•
Supports 10Base2, 10Base5, or 10BaseT LAN interface
•
Supports dual link applications
•
Hot-swappable plug-in module.
Bridging
KMBE supports standard proprietary functionality. Because bridging is the KMBE
default, you can use KMBE as a bridge with little or no configuration.
IP Routing
KMBE is an IP router that supports:
•
Static IP net configuration
•
Dynamic IP net learning using the RIP and RIP-2 protocols
•
CIDR topologies
•
Multiple IP nets on the LAN or WAN interfaces
•
Numbered and unnumbered I/F
•
IP fragmentation.
IPX Routing
In addition to IP routing, KMBE also supports IPX routing and includes support for
RIP and SAP.
Address Translation (Single IP) and Firewall
KMBE includes a feature called Single IP. Single IP, designed by RAD, translates IP
addresses. Single IP can be enabled or disabled. When enabled, KMBE allows
users in a Small Office to connect to the Intranet quickly and transparently.
Connection is via a synchronous link. Single IP also protects all Small Office users
from hackers on the Intranet.
Normally, a LAN requires a complete statically assigned, unique and legal subnet
in order to connect to the Intranet. Single IP allows an entire Small Office to
1-2
Features
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 1 Introduction
connect to the Corporate Intranet using only one dynamically or statically
assigned IP address.
Solid Firewall
The Solid Firewall feature prevents access from the Intranet into the Small Office
LAN. This feature makes the Small Office LAN invisible to outside users. The Solid
Firewall feature is a simple and foolproof way of protecting security sensitive
Small Offices (e.g. doctors and lawyers) from Intranet hackers.
1.3
Applications
This section gives four examples of the applications KMBE can be used in.
Basic Bridging
Two KMBEs can be used opposite each other in a bridging application. The KMBE
connected to the larger network or to a network with connections to other
networks, is the Main KMBE. The KMBE connected to the smaller network is the
Remote KMBE, see Figure 1-1.
Figure 1-1. Bridging Application
Routing Between Central and Remote Offices
You can use the KMBE as a router to connect a central office to a remote office.
This application allows you to:
KMBE
•
Use data compression
•
Setup firewall protection
•
Supply Internet access to all of the remote offices through only one Internet
connection.
Kilomux-2100/2104
Applications
1-3
Chapter 1 Introduction
Installation and Operation Manual
Figure 1-2. Routing Application with IP+IPX Data Compression
Figure 1-3. Routing Application with a Firewall
Dual Link Applications
In a dual link application, KMBE can work with both Kilomux main links
simultaneously, connecting two remote LANs to a central LAN and therefore
provides a cost-effective and simple solution for corporate applications. KMBE
can also operate opposite another KMBE module, see Figure 1-4.
1-4
Applications
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 1 Introduction
Figure 1-4. Dual Link Application for KMBE
1.4
Physical Description
KMBE modules are designed for installation in any I/O slot of a Kilomux-2100 or
Kilomux-2104 chassis. Installation procedures for KMBE are provided in Chapter 2
of the Installation and Operation Manual.
LEDs
The LED indicators on the rear panel show the operating status of KMBE. Various
indicators display LAN activity, configuration mode, alert conditions, and
readiness of the system. For a description of the rear panel, see Rear Panel
section in Chapter 2.
Connectors
The LAN connector, located on the rear panel, is available in different interfaces
according to your needs.
Jumpers
You need to set the internal jumpers of KMBE according to the specific conditions
of use. For more information on setting the jumpers, see Internal Settings section
in Chapter 2.
KMBE
Kilomux-2100/2104
Physical Description
1-5
Chapter 1 Introduction
1.5
Installation and Operation Manual
Functional Description
You can configure KMBE to function as a bridge or router.
Management
An SNMP agent provides management by RADview or any other standard SNMP
management station. For more information, see SNMP Manager Table in Chapter 6.
Configuration Parameters
KMBE supports Telnet, allowing configuration and control of the device over WAN
and LAN. You can also perform fast configuration from a terminal emulator. For
more information, see Initial Setup in Chapter 3.
1.6
LAN Interface
Technical Specifications
Standard
Conforms to Ethernet/IEEE 802.3
Type
• 10Base2 with coax connector
• 10BaseT with RJ-45 connector
• AUI with 15-pin, D-type female
Control Port
General
Interface
RS-232/V.24
Connector
RJ-45
Data Rates
1.2 to 9.6 kbps
Data Format
8 bit, no parity
Bandwidth Allocated on
Kilomux Main Link
9.6 to 1280 kbps
Data Buffer Size
256 kb
Protocol
HDLC based
Panel Control
Reset
Diagnostics
• Local module loopback
• Remote module loopback
• Internal BER test
• Auto self-test
1-6
Technical Specifications
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Indicators
Chapter 1 Introduction
LAN ERR (red)
Lights momentarily when an error is
detected on the LAN interface
LINK ERR (red) (Per Link A&B)
• Flashes when the relevant main link between
the local and remote KMBE/N is disconnected
• Lights momentarily when an error is detected
on a packet received from the relevant link
LAN TX (yellow)
Lights momentarily when packets are
transmitted toward the LAN
LAN RX (yellow)
Lights momentarily when packets are
received from the LAN
READY (green)
• Lights when KMBE/N is ready to forward
packets
• Flashes when KMBEs are synchronized but no
workstation has requested
MAIN (green)
Lights when KMBE/N is configured for
connection to the main LAN
REM (green)
Lights when the KMBE/N is configured for
connection to the remote LAN
UTP (green)
Lights when 10BaseT interface is connected
to the LAN (on modules with UTP interface
only)
Power
Consumption
KMBE
Kilomux-2100/2104
1.1W
Technical Specifications
1-7
Chapter 1 Introduction
1-8
Technical Specifications
Installation and Operation Manual
KMBE
Kilomux-2100/2104
Chapter 2
Installation and Setup
This chapter provides information on the functions of the rear panel indicators
and connectors of the KMBE module, and instructions for performing the internal
settings, physical installation, and cable connections to this module.
Caution
The KMBE module contains components sensitive to electrostatic discharge (ESD).
To prevent ESD damage, always hold the module by its sides, and do not touch
the module components or connectors.
2.1
Installation
Rear Panel
The rear panels of the three models of KMBE modules are shown in Figure 2-1.
The module rear panel includes several indicators, a RESET push-button and the
LAN connector. Their functions are explained in Table 2-1.
KMBE
MAIN
KMBE
REM
5
ERR
LINK A
LINK B
4
6
5
7
4
MAIN
3
2
RDY
LAN
ERR
8
3
9
2
TX
LAN
ERR
RDY
1
11
6
4
8
3
2
RX
TX
8
LAN
ERR
RDY
C
T
R
L
10
1
RESET
7
LAN
9
THIN
COAX
A
U
I
REM
5
ERR
LINK A
LINK B
7
RX
C
T
R
L
10
RESET
MAIN
6
LAN
RX
C
T
R
L
1
REM
ERR
LINK A
LINK B
LAN
TX
KMBE
9
10
RESET
UTP
12
11
11
Figure 2-1. KMBE Rear Panel Versions
KMBE
Kilomux-2100/2104
Installation
2-1
Chapter 2 Installation and Setup
Installation and Operation Manual
Table 2-1. KMBE Module, Functions of Rear Panel Components
Item
Indicator
Function
1
RESET push-button
Resets the KMBE module, and starts the initialization process
2
READY Indicator (green)
Lights steadily when the KMBE module is ready to forward packets
3
LAN TX Indicator (yellow)
Lights to indicate that packets are transmitted to the LAN
4
ERR LINK A Indicator (red)
Lights steadily when the link between the local and remote KMBE
modules is disconnected
Lights momentarily for each error detected in a packet received
from link A
5
MAIN Indicator (green)
Lights to indicate that the KMBE module is configured for operation
in the local mode
6
REM Indicator (green)
Lights to indicate that the KMBE module is configured for operation
in the remote mode
7
ERR LINK B Indicator (red)
Lights steadily when the link between the local and remote KMBE
modules is disconnected
Lights momentarily for each error detected in a packet received
from link B
8
LAN RX Indicator (yellow)
Lights to indicate that packets are received from the LAN
9
LAN ERR Indicator (red)
Lights momentarily during connection to the LAN
Lights steadily if connection to the LAN failed
10
CONTROL connector
RJ-45 connector, used for connection of an optional ASCII terminal
used for KMBE configuration, monitoring and diagnostics
11
LAN Connector
Connection to the local LAN
Connector type depends on the KMBE module model
12
LAN Connection Indicator
(green – only for UTP)
Lights when the KMBE UTP interface is connected to the local LAN
Internal Settings
All KMBE modules have one user-selectable jumper, designated WTCH-DOG. The
KMBE modules include additional jumpers, which are factory-set and should not
be moved. The WTCH-DOG jumper allows maintenance personnel to disable the
KMBE watchdog circuit during maintenance.
Figure 2-2 shows the location of the jumper. The jumper has two positions:
•
ON - The watchdog circuit is enabled. This is the setting required for normal
operation
•
OFF - The watchdog circuit is disabled.
The default setting is ON.
2-2
Installation
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 2 Installation and Setup
FUSE F1
JP6
OFF
WTCH-DOG
ON
WTCH- DOG
JUMPER-JP6
OFF
ON
WATCHDOG
DISABLED
WATCHDOG
ENABLED
STN-HUB SWITCH
(UTP INTERFACE ONLY)
STN
STN
FOR KMBE CONNECTED
DIRECTLY TO LAN
HUB
HUB
FOR KMBE CONNECTED
TO HUB
FUSE F3
FUSE F2
Figure 2-2. Module KMBE, Internal Settings
KMBE modules with thin Ethernet and AUI interfaces do not have additional
jumpers, as all of their remaining functions are programmable. The KMBE module
with UTP interface, however, has one additional switch, designated STN/HUB,
located on the LAN interface card. Figure 2-2 also identifies the location of this
switch. The switch is located on the printed circuit side of the module.
The STN/HUB switch controls the connection of the internal transmit and receive
pairs to the external UTP pairs to allow direct connection, without cross cables.
Table 2-2 shows the switch settings.
Table 2-2. STN/HUB Switch Settings
Switch Setting
Receive
Transmit
STN (Station)
Pins 1, 2
Pins 3, 6
HUB
Pins 3, 6
Pins 1, 2
The correct position of the switch depends on the wiring used in your particular
network. In general:
•
Set the switch to STN if the KMBE module connects directly to the LAN (this
interchanges the connections of the receive and transmit pairs).
•
Set the switch to HUB if the KMBE module connects to an Ethernet hub.
Factory setting is HUB.
Module Installation
The KMBE module can be inserted into, or removed from, an operating chassis
(hot-swappable).
Refer to the system installation plan and insert the module in the assigned I/O
slot of the Kilomux chassis.
The module is ready to start operating as soon as it is plugged into an operating
Kilomux chassis. For module configuration instructions, see Chapter 3.
KMBE
Kilomux-2100/2104
Installation
2-3
Chapter 2 Installation and Setup
Installation and Operation Manual
Cable Connections
Identify the cable intended for connection to the LAN connector of this module,
and connect the cable to the module connector on the rear panel.
Note
For the KMBE module with UTP interface, verify that the LAN receive and transmit
pairs are properly connected in accordance with the wiring conventions used in
your system.
Control Connector
The CONTROL connector is an RJ-45 connector wired as follows:
Table 2-3. Control Connector Pinout
Pin
Note
Designation
Direction
Function
1, 2
Internal Test
–
Reserved
3
Not Connected
–
–
4
SG
–
Signal Ground
5
TXD
OUT
Transmit Data
6
RXD
IN
Receive Data
7
Not Connected
–
–
8
Not Connected
–
–
Do not make connections to pins 1 and 2.
2.2
Operating Indications
Normal Indications
After the power-up self-test, either the MAIN or the REM indicator must light,
indicating the selected mode. The LAN RX and LAN TX indicators must light (or
flash), and the ERR LAN and ERR LINK indicators must be off.
The READY indicator will turn on when the LAN and WAN interfaces are ready.
Note
2-4
If a link’s synchronization is lost, the KMBE modules will attempt to re-establish
the link automatically. If the attempt does not succeed, the KMBE modules reset
themselves, and continue the attempts to resynchronize. During these attempts,
the LINK ERR indicator flashes slowly.
Operating Indications
KMBE
Kilomux-2100/2104
Installation and Operation Manual
2.3
Chapter 2 Installation and Setup
Initial Setup
KMBE features a setup program that is invoked and run from an ASCII terminal or
a PC terminal emulator. The terminal/terminal-emulator is connected to the
CONTROL port on the KMBE rear panel.
This section describes how to connect to the terminal and to access the Main
menu setup program.
Connecting to the Terminal
³
To connect the terminal:
1. Connect a control cable between the KMBE RJ-45 CONTROL port and the
connector on the terminal; or between the KMBE RJ-45 CONTROL port and
the PC communication port (refer to Figure 2-3).
2. Set the terminal to work at any Baud rate from 2.4 to 19.2 kbps, No Parity, 8
Data Bits. The Baud rate is self-adaptable.
3. Set the hardware control to OFF.
4. Switch on KMBE. The operational status screen displays. Press <ENTER>
several times to invoke the password message.
Figure 2-3. Connecting to the Terminal
Setting a Password
For first time operation, or if no configuration password has been specified, the
following message appears:
WARNING: No configuration password exists.
Define configuration password? (Y/N):
³
To set a password:
1. Type Y to set a configuration password.
KMBE
Kilomux-2100/2104
Initial Setup
2-5
Chapter 2 Installation and Setup
Installation and Operation Manual
A message appears, prompting you to enter a new configuration
password.
2. Type a password.
The password can be up to twelve characters.
3. Press ENTER.
A message appears, prompting you to retype the password for
verification.
4. Retype the password and press ENTER.
The Main menu screen appears.
The password protects entry to the configuration module, preventing
unauthorized personnel from changing setup and configuration parameters.
Note
All KMBE password verification routines are CASE SENSITIVE. Once a password has
been set, always use the same case when typing the password.
Changing and Deleting the Password
³
To change the password during normal operation:
1. From the Main menu, select option 0, Exit, to return to the Operational Status
Messages screen.
2. Press ENTER several times.
3. Enter the current password.
A message appears, asking if you want to update the current password.
4. Type Y. You will be prompted to retype the current password.
5. Retype the current password.
A message appears prompting you to enter the new password.
6. Type the new password and retype the same password for verification.
The Main menu appears.
³
To delete the current password:
Follow steps 1-5 above to change the password.
1. When prompted to enter a new password, press ENTER without typing a new
password.
This deletes the current password and removes password protection.
2. Press ENTER again when prompted for verification.
The Main menu appears. If the unit doesn't have an IP Address, the Quick
Setup menu appears.
Note
2-6
Use of Password protection for the configuration module is recommended.
Always use the “Exit” option in the Main menu once the unit has been
configured. Using the Exit option will force personnel requiring access to the
configuration module to use a password.
Initial Setup
KMBE
Kilomux-2100/2104
Chapter 3
Operation
This chapter gives an introduction on how to operate and initially configure
KMBE. Topics covered in this chapter include:
•
Composite Channel Configuration
•
Configuring KMBE as a bridge or router
•
Menus and Screens.
3.1
KMBE General Configuration
You can configure KMBE via the Kilomux supervision port using an ASCII Terminal
or any supported remote management. You can also configure Channel
parameters (Link Speed and Location) from the LCD on the Kilomux front panel.
For information about these configuration methods, refer to the
Kilomux-2100/2104 System Installation and Operation Manual. Table 3-1 explains
the KMBE composite channel configuration parameters.
KMBE
Kilomux-2100/2104
KMBE General Configuration
3-1
Chapter 3 Operation
Installation and Operation Manual
Table 3-1. KMBE Composite Channel Configuration Parameters
Parameter
Function
Values
LOCATION
Selects the location of the KMBE
module.
MAIN: connects KMBE to the main LAN
This parameter can only be
configured via the CL module by
the command DEF CH i, where “i”
is the slot number from 1 to 12.
Default: MAIN
Selects the link bandwidth
assigned to the KMBE module
NC – Module not connected
This is an external port parameter,
also configurable from the
Kilomux LCD
9.6, 19.2, 28.8
38.4, 48.0, 57.6
67.2, 76.8, 86.4
96, 105.6, 115.2
124.8, 128, 160
192, 224, 240
272, 304, 336,
368, 512, 768,
1024, 1536 – Composite channel data
rate, in kbps.
LINK_SPEED
REM: connects KMBE to the remote LAN
Default: NC
Note: Table 3-2 specifies the
comptiablity of the various KMBE link
bandwidth with the Kilomux main link
rates.
LINK
All fields
Selects to which Kilomux link each
KMBE module connects
ML-A
This is a DEF CON command
parameter
BOTH
ML-B
When both external channels are
connected the slot is configured
for two lines, one for Main Link A,
and one for Main Link B
This is a DEF FRAME command
parameter
3-2
KMBE General Configuration
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 3 Operation
Table 3-2. KMBE Link Bandwidth Compatibility with the Kilomux Main Link Rate
Main Link Rate
384
512
768
1024
1536
9.6
+
+
+
–
–
19.2
+
+
+
+
+
28.8
+
+
+
–
–
38.4
+
+
+
+
+
48.0
+
+
+
–
–
57.6
+
+
+
+
+
67.2
+
+
+
+
+
76.8
+
+
+
+
+
86.4
+
+
+
–
–
96
+
+
+
+
+
105.6
+
+
+
–
–
115.2
+
+
+
+
+
124.8
+
–
–
–
–
128
+
+
+
+
+
160
+
+
+
+
+
192
+
+
+
+
+
224
+
+
+
+
+
240
+
+
+
–
–
272
+
+
+
–
–
304
+
+
+
–
–
336
+
+
+
–
–
368
+
+
+
–
–
512
–
–
+
+
+
768
–
–
–
+
+
1024
–
–
–
–
+
1280
–
–
–
–
+
Link Bandwidth
KMBE
Kilomux-2100/2104
KMBE General Configuration
3-3
Chapter 3 Operation
Installation and Operation Manual
3.2
KMBE Bridge or Router Configuration
KMBE can be configured as either a bridge or a router. KMBE, by default is
automatically configured in the bridge mode. Decide whether KMBE will be used
as a bridge or a router before you start the configuration.
Configuring KMBE as a Bridge
By default, KMBE is automatically configured in bridge mode. Before you
configure KMBE as a bridge, set the location parameter to Remote or Main. One
of the two KMBEs in the bridge must have the location parameter set to Remote
and the other set to Main:
•
Remote - If the KMBE you are configuring as a bridge is connected to the
network that is smaller, and has no connections via a router to other
networks
•
Main - If the KMBE you are configuring as a bridge is connected to the
network that is larger or has connections via a router to other networks.
Configuring KMBE as a Router
You can use KMBE as a router with compression capability to separate networks.
Before configuring KMBE as a router, set the location switch to Main.
3.3
Menus and Screens
This section provides a brief description of the available KMBE menus and
screens.
The Main Menu
The name of the device (KMBE) connected to the terminal is listed at the top of
the screen. The Main menu has five options. To choose an option, type the
number preceding the option.
MAIN
3-4
MENU
( Device name – KMBE )
1.
2.
3.
4.
5.
Quick setup
Security setup
Advanced setup
View
Diagnostic tools
0.
Exit
Menus and Screens
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 3 Operation
Quick Setup
The Quick Setup menu allows you to adjust setup and link configuration
parameters while KMBE is in operation. Line-by-line prompting simplifies the
setup. On-screen instructions and explanations guide you through the setup
procedure.
Security Setup
Use the options in the Security Setup menu to control KMBE management and
entry to your LAN by unauthorized users.
Advanced Menu
The Advanced menu lists KMBE configuration parameters and their current values.
You are able to change these parameters and to perform advanced configuration
operations, not available through the Quick Setup menu. Resetting the device and
software downloads are also performed via the Advanced menu.
View
Use the options in the View menu to view configuration screens and information
on interface connections, routing tables and statistics.
Diagnostic Tools
Use the Diagnostic Tools menu to verify WAN and LAN connectivity. The Ping
feature allows you to dial (Ping) another user on the LAN or WAN. If the remote
user replies, WAN connectivity is confirmed up to and including the IP level.
Exit
Select this option to return to the Operational Status Messages screen. From the
Operational Status Messages screen you can remove or change the password.
KMBE
Kilomux-2100/2104
Menus and Screens
3-5
Chapter 3 Operation
3-6
Menus and Screens
Installation and Operation Manual
KMBE
Kilomux-2100/2104
Chapter 4
Configuration
4.1 Quick Setup Menu
The Quick Setup menu allows you to enter the minimum number of parameters
needed to operate your KMBE/N.
Principles of Operation
The Quick Setup screen guides you through the configuration, port by port. The
Quick Setup screen asks you for the appropriate parameters depending on the
type of port you are configuring and how you have already configured other
ports. The Quick Setup screen presents messages, and prompts you to accept or
modify the current parameters.
•
To accept the current parameter, press ENTER
•
The parameter options are enclosed in brackets [ ]. To view the options, use
the space bar to toggle, then press ENTER
•
To enter new information, type in the new parameters and press ENTER.
After all parameters have been accepted or changed, you can view them on the
screen. A confirmation message appears requesting that you confirm all the
setup changes. The device resets after the changes are saved.
³ To configure the setup parameters:
1. From the Main menu, select option 1, Quick Setup.
2. Follow the on-screen instructions to accept or modify the setup parameters.
3. Press Y to save the setup parameters.
KMBE
Kilomux-2100/2104
Quick Setup Menu
4-1
Chapter 4 Configuration
Installation and Operation Manual
Quick Setup Example
QUICK SETUP
----------WARNING: This device automatically exits to Operational
Messages
10 minutes after last keyboard action without saving
parameters
'ENTER' - Accept parameter , 'SPACE' - Change parameter .
WAN interface #1 - V.11
Connection type: [Uplink ]
Link mode: [Synchronous
]
Routing: [BRIDGE
], Protocol: [PROPRIETARY]
Connection
: [Always
]
LAN IP address : 192.168.1.2 , enter new : 192.168.1.3
LAN IP mask
: 255.255.255.000 , enter new :
255.255.255.000
Default gateway setting by: [Interface ]
Default gateway interface: 1
SECURITY setup
Device access name : KMBE/N
No password at present - do you want to create
password(Y/N)?:[N]
Security type: [Disabled]
Saving the changes might cause RESET the unit.
Do you want to save QUICK SETUP (Y/N) ? Y
The fields in the Quick Setup example are described below:
Link Mode
Select this parameter to determine how data is transmitted across the link. When
the mode is synchronous, data bits are transmitted at a fixed rate. The sender
and the receiver are synchronized. The other mode is Frame Relay. Frame Relay is
a packet-switching protocol for connecting devices on a WAN.
Use the space bar to toggle between Synchronous, or Frame Relay modes.
Routing
Select this parameter to assign the link type. Use the space bar to toggle
between Bridge, IP, IPX or IP&IPX link types.
Selecting IPX link type disables the Single IP and WAN IP Address features, and
removes the corresponding parameters from the screen.
WAN IP Address
Select this parameter to enter the IP address for the WAN interface.
4-2
Quick Setup Menu
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
Host IP Setup
LAN IP Address
Select this parameter to enter the IP address. Every device on a TCP/IP network
must have an address to identify it. The IP address is a value consisting of the
network address and the host address on that network. The value assigned to a
network depends on the number of computers on that network.
The IP address is a 32-bit number. The number is made up of 4 parts, with each
part consisting of 3 digits. One part of the address identifies the network and
another part of the address identifies the host. Which numbers in the address
identifies the host is dependent on the IP class.
There are 5 classes of IP addresses. Each class represents a network having a
certain number of computers. For example, a Class C address is given to a
network having between 1-255 computers. Table 4-1 gives the ranges for
different classes of IP addresses.
Table 4-1. IP Classes
Class
Range
A
0.0.0.0 to 127.255.255.255
B
128.0.0.0 to 191.255.255.255
C
192.0.0.0 to 223.255.255.255
D
224.0.0.0 to 239.255.255.255
E
240.0.0.0 to 247.255.255.255
The numbers in each part of the code are translated into binary. The binary code
identifies the network and the host.
IP addresses are assigned by the Internet Network Information Center (InterNIC).
InterNIC assigns the network ID. Host IDs are assigned by the network
administrator.
LAN IP Mask
Select this parameter to enter the IP mask. The mask is configured automatically
from the IP address class, as shown in Figure 4-1. If you want to change the
default mask, enter a new mask. For example, the IP mask is usually
225.225.225.0. A mask of this sort would allow 254 hosts on the LAN. If you
want to create a subnet which allows 6 users, including KMBE/N, configure the
mask as 22.225.225.248. on KMBE/N and each host that is included on the
subnet.
KMBE
Kilomux-2100/2104
Quick Setup Menu
4-3
Chapter 4 Configuration
Installation and Operation Manual
Digital
Network
LAN IP address 192.168.1.1
Mask
255.255.255.248
KILOMUX
KMBE/N
192.168.1.2
255.255.255.248
192.168.1.1
IP address
Mask
Default Gateway
.3
.248
192.168.1.1
.4
.248
192.168.1.1
.5
.248
192.168.1.1
.6
.248
192.168.1.1
Figure 4-1. Setting up the IP Mask
Security Setup
Device Access Name
Select this parameter to display the name assigned to KMBE/N for identification
by the Internet Provider. To change the device access name, type in the new
name and press ENTER.
Device Access Password
Select this parameter to assign or update a password. The password is used to
access the Internet.
KMBE/N’s default setup does not include a password. Use the space bar to toggle
between no (do not change the password) and yes (enter a new password). If
you choose yes, the following screen appears:
Enter new password : ***
Enter new password verification : ***
Type the new password and press ENTER. Retype the same password for
verification and press ENTER.
4.2
Security Setup
This chapter describes the Setup menu. Topics covered in this chapter include:
4-4
•
Enabling Telnet access
•
Enabling SMNP access
Security Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
•
Chapter 4 Configuration
Enabling/disabling the Solid Firewall.
1
Quick Setup
2 Security Setup
3 Advanced Menu
View
4
5 Diagnostic Tools
1
2
3
FIREWALL
Options
SNMP Access
TELNET Access
Figure 4-2. Security Setup Menu Outline
The Security Setup menu allows you to control access to KMBE and the LAN.
KMBE is protected against access by unauthorized users by disabling access via
SNMP, Telnet and web browsers. The Solid Firewall is used to protect the LAN
against undesired entry.
To access the Security Setup menu, in the Main menu press 2. The following
screen appears:
SECURITY SETUP
1.
2.
3.
( Device name – KMBE )
TELNET access
SNMP access
FIREWALL options
-
Disabled
Disabled
Disabled
ESC - Return to previous menu
Choose one of the above:
The Security Setup options are described below.
Enabling Telnet Access
KMBE supports Telnet. This allows KMBE to be configured and controlled over a
WAN and LAN using TCP/IP. Access to Telnet requires authentication by the
device, using username and password.
By default, Telnet access to KMBE is disabled, to prevent changes being made to
the unit's configuration parameters. Enabling Telnet access allows configuration
of KMBE via Telnet.
³
To enable Telnet access:
4. From the Main menu, select option 2, Security Setup.
5. From the Security Setup menu, select option 1, Telnet access.
6. Toggle with space bar to Y.
7. Press ENTER.
KMBE
Kilomux-2100/2104
Security Setup
4-5
Chapter 4 Configuration
Installation and Operation Manual
8. Follow the on-screen instructions to allocate a user name and password.
9. Save the new setup.
TELNET access setup
'ENTER' - Accept parameter , 'SPACE' - Change parameter .
Do you want to permit TELNET management of the device ? [ Y
]
TELNET user name : lan
Do you want to change TELNET password ? [ N ]Y
Current password : ***
Enter new password : ***
Enter new password verification : ***
Do you want to save TELNET parameters (Y/N) ? Y
KMBE can now be accessed using your Telnet username and password.
Enabling SNMP Access
By default, access to KMBE via SNMP is disabled. Blocking SNMP access prevents
changes being made to the unit's configuration parameters. Enabling SNMP
access prompts the user to define SNMP management parameters.
³
To enable SNMP access:
1. From the Main menu, select option 2, Security Setup.
2. From the Security Setup menu, select option 2, SNMP access.
3. Toggle to Y.
4. Press ENTER.
5. Enter the read, write and trap communities.
6. Save the new setup.
SNMP access setup
'ENTER' - Accept parameter , 'SPACE' - Change parameter .
Do you want to permit SNMP management of the device? [N]Y
SNMP read community : public
SNMP write community : private
SNMP trap community : public
Do you want to save SNMP parameters (Y/N) ? Y
KMBE can now be accessed for SNMP operation using the appropriate
communities.
4-6
Security Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
Enabling/Disabling the Solid Firewall
Solid Firewall, when enabled, prevents all access from the WAN or Intranet into
the small office LAN. Outgoing traffic from the LAN will be forwarded to the WAN.
Incoming traffic from the WAN will be blocked from entering the LAN.
Only those applications that are enabled via the Firewall Forward Application List
(e.g. WWW, FTP, E-mail servers, etc.) will be allowed to enter the LAN. By default,
the Solid Firewall is disabled. In Single IP mode, Solid Firewall is always enabled by
default and cannot be disabled.
³
To enable the Solid Firewall feature (in regular router mode):
1. From the Main menu, select option 2, Security Setup.
2. From the Security Setup menu, select option 3, Firewall Options.
FIREWALL options setup
Enabling FIREWALL will forward outgoing sessions
from LAN to WAN and block incoming sessions from
entering the LAN except for applications that are
enabled by the FIREWALL FORWARD APPLICATION LIST.
Do you want to enable firewall options ? [ N ]Y
Enter link from which to be protected by FIREWALL: 1
3. Toggle to Y and press ENTER to enable the Solid Firewall. The Firewall
Forward Application List screen is displayed.
4. Press ESC.
5. Save the Firewall setup to block all incoming traffic from the WAN.
³
To enable a specific application to enter the Solid Firewall (both in regular router
and Single IP modes):
1. In the Firewall Forward Application List screen, press A to add an application.
KMBE
Kilomux-2100/2104
Security Setup
4-7
Chapter 4 Configuration
Installation and Operation Manual
FIREWALL FORWARD APPLICATION LIST
(Device name – KMBE)
List of applications which may pass the FIREWALL.
APPLICATION
ADVANCED SETUP
1. TELNET server
2. PING request
NO
NO
IP ADDRESS
192.168.1.1
192.168.1.1
Telnet server, Ping request, DNS server, E_Mail POP3, E-Mail SMTP,
FTP server, WWW server, TFTP server, SNMP, User defined
Application type: [E-MAIL POP3
]
[Default ] Advanced
Host IP address interval: [SINGLE ]
Host IP Address: 192.168.1.2
Guest IP address interval: [INTERVAL ]
Guest start IP Address: 192.168.1.3
Guest end IP Address: 192.168.1.2
Host port interval: [SINGLE ]
Host port: 110
Guest port interval: [ALL
]
Frame type: [TCP ]
2. To select an application, toggle the SPACE bar.
3. If a specific application has a specific IP destination on the LAN, select
DEFAULT and type the IP destination address.
4. The advanced option includes the following possibilities for forwarding an IP
session to the secured LAN:
5. Host IP address interval - range of destination addresses on the LAN (only
one address for Single IP)
6. Guest IP address interval - range of source addresses in the Intranet
7. Host port interval - range of UDP or TCP destination ports of the applications
8. Guest port - range of UDP or TCP source ports of the applications
9. Frame type - UDP, TCP or ICMP protocol.
10. Select Single, All or Interval and type the IP address for each option listed
above.
11. Press ESC.
12. Save the Firewall setup.
In Single IP mode, for each application, only one destination address from the
secured LAN can be used. Incoming traffic from the WAN should be destined to
the single IP address. KMBE forwards the application to the destination address
on the LAN, as listed in the Firewall Forward Application List.
4-8
Security Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
4.3
Chapter 4 Configuration
Advanced Setup
The Advanced menu contains the majority of KMBE configuration parameters. You
can change these parameters and perform advanced configuration operations
that are not available through the Quick Setup menu. Resetting the device and
software downloads are also performed via the Advanced menu.
Advanced Menu
1
2
Setup
Device Control
Figure 4-3. Advanced Menu Outline
³
To access the Advanced menu:
•
From the Main menu, press 3.
The Advanced menu appears:
ADVANCED
MENU (Device name – KMBE)
1. Setup
2. Device control
ESC - Return to previous menu
Choose one of the above:
The options in the Advanced menu are described below.
Setup Menu
Advanced Menu
1
2
1
2
Host
Parameters
3
Routing/
Bridging
Setup
Device Control
4
Interface
Parameters
5
Access Control
(Security)
6
WAN Economy
Factory Default
Options
Figure 4-4. Setup Menu Outline
³
To access the Setup menu:
•
KMBE
In the Advanced menu, press 1.
Kilomux-2100/2104
Advanced Setup
4-9
Chapter 4 Configuration
Installation and Operation Manual
The Setup menu appears.
SETUP (Device name – KMBE)
1.
2.
3.
4.
5.
6.
Host parameters
Routing/Bridging
Interface parameters
Access control (Security)
WAN economy
Factory default options
ESC - Return to previous menu
Choose one of the above:
The options in the Setup menu are briefly described below. For a detailed
description of the sub-menus, refer to the sections that follow.
Host Parameters
Select this option to enter reference information about the device, the IP Host,
the SNMP agent and TFTP.
Advanced Menu
1
2
Setup
Device Control
1
Host Parameters
1
2
3
Device Control
1. Device Name
4
IP Host
SNMP Manager
Table
1. IP Address
1. Manager Table
2. Contact Person
2. IP Mask
3. System Location
5
TFTP
RADIUS
1. File Server IP
Address
2. File Name
3. Default Gateway
4. MAC Address
3. Retransmitting
Timeout
4. Total Timeout
Figure 4-5. Host Parameters Menu Outline
³
To access the Host Parameters menu:
1. In the Advanced menu, press 1.
4-10
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
The Setup menu appears.
2. In the Setup menu, press 1.
The Host Parameters menu appears.
HOST PARAMETERS (Device name – KMBE)
1.
2.
3.
4.
5.
Device ID
IP host
SNMP manager table
TFTP
RADIUS
ESC - Return to previous menu
Choose one of the above:
The options in the Host Parameters menu are described below.
Device ID
Select this option to view and/or modify the following arbitrary parameters.
Device Name
Select this parameter to assign an arbitrary name to KMBE for identification by
the system manager.
Contact Person
Select this parameter to enter the name of the person to be contacted with
matters pertaining to the system.
System Location
Select this parameter to enter the physical location of the device.
MAC Address
Select this parameter to assign a MAC address locally. This allows you additional
control of the devices in the LAN. KMBE can be used with the default address
provided by the manufacturer or with a locally administered address. Locally
administered addresses are very useful for managing large networks.
IP Host
Select this option to configure the following IP parameters.
IP Address
Every device on a TCP/IP network must have an address to identify it. The IP
address is a value consisting of the network address and the host address on
that network. The value assigned to a network depends on the number of
computers on that network.
The IP address is a 32-bit number. The number is made up of 4 parts, with each
part consisting of 3 digits. One part of the address identifies the network and
KMBE
Kilomux-2100/2104
Advanced Setup
4-11
Chapter 4 Configuration
Installation and Operation Manual
another part of the address identifies the host. Which numbers in the address
identifies the host is dependent on the class.
There are 5 classes of IP addresses. Each class represents a network having a
certain number of computers. For example, a Class C address is given to a
network having between 1-255 computers. Table 4-1 gives the ranges for
different classes of IP addresses.
Table 4-2. IP Classes
Class
Range
A
0.0.0.0 to 127.255.255.255
B
128.0.0.0 to 191.255.255.255
C
192.0.0.0 to 223.255.255.255
D
224.0.0.0 to 239.255.255.255
E
240.0.0.0 to 247.255.255.255
The numbers in each part of the code is translated into binary. The binary code
identifies the network and the host.
IP addresses are assigned by the Internet Network Information Center (InterNIC).
InterNIC assigns the network ID. Host IDs are assigned by the network
administrator.
IP Mask
A subnet is a portion of a network that shares a common address component. On
TCP/IP networks, subnets are defined as all devices whose IP addresses have the
same prefix. For example, all devices with IP addresses that start with
133.100.100. would be part of the same subnet. An IP mask allows filtering of IP
addresses on a subnet.
When an IP address is configured the IP mask is automatically configured
according to Table 4-2.
Table 4-3. IP Mask Configuration
IP Network
Class
IP Address Range
Default IP mask
A
0.0.0.0-127.255.255.255
255.0.0.0
B
128.0.0.0-191.255.255.255
255.255.0.0
C
192.0.0.0-223.255.255.255
255.255.255.0
D
224.0.0.0-239.255.255.255
255.255.255.225
The default IP mask can be edited.
Default Gateway
The default gateway is the address to which frames are sent if no other address
is defined in the routing table. The station compares the destination IP address
net ID with the station's own net ID. If they are not the same, KMBE
4-12
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
automatically sends the packets to the default gateway MAC address; in this case
KMBE. KMBE then passes the packets to the Central Access Router link. From
there they are routed onwards.
The default gateway can be an IP address or a WAN interface. If you choose to
use an IP address, enter the address of the router which will deliver the frames.
Specifying an IP address for the default gateway is done with shared media, such
as LAN interface.
If you choose to use a WAN interface, the connection to the router is point-topoint. Choose "by interface" and Interface 1 is automatically set.
It is very important to obtain the correct parameters from the system
administrator or ISP. The most common problem when establishing an IP
connection is incorrect configuration of the IP parameters and default gateway.
SNMP Manager Table
Select this option to add, clear or delete parameters from the manager table. The
manager table lists the SNMP manager IP addresses and masks.
Simple Network Management Protocol (SNMP) is an application-layer protocol
designed to facilitate the exchange of management information between
network devices. By using SNMP to access management information data (such
as packets per second and network error rates), network administrators can
more easily manage network performance and find and solve network problems.
TFTP (Trivial File Transfer Protocol)
TFTP is a file transfer protocol used for downloading boot code to diskless
workstations.
TFTP is used in a server designated as the TFTP server. The server needs to
provide concurrency to allow multiple users to boot up simultaneously. To do this,
TFTP creates a UDP port for each client. By creating a UDP port, the different
client input datagrams can be demutilpexed by the server's UDP module.
Demutilpexing in the module increases the server efficiency.
One characteristic of TFTP is that it is not secure. There is no password or firewall
associated with TFTP. Anyone with the IP address of the TFTP server can enter
the server and download files. Security can be provided by creating a directory
which contains only those files which you want to be downloaded. This prevents
access to any other files.
You must configure the following parameters in a TFTP server:
File Server IP Address
Select this parameter to enter the IP address of the TFTP server.
File Name
Select this parameter to enter the name and path of the file to be transferred.
Retransmitting Timeout
Select this parameter to enter the amount of time that is allowed to pass before
a file is retransmitted.
KMBE
Kilomux-2100/2104
Advanced Setup
4-13
Chapter 4 Configuration
Installation and Operation Manual
Total Timeout
Select this parameter to enter the amount of time KMBE should wait for an
acknowledgment from the TFTP server.
Routing/Bridging Menu
Select this option to enter routing or bridging information for the device.
Advanced Menu
1
2
Routing
Setup
2
Device Control
1
Link Number
1
2
Interface
Routing/Bridging
Mode
1. Link Type
Static
Station &
Nets
3
Add
2. Link Protocol
4
IP Routing
Setting
5
RADIUS
1. New Stations
Aging Time
1. Interface Address
Clear
3. Link Cost/Metric
IPX
Routing
Settings
2. RIP Mode
Delete
4. PPP Settings
3. Maximum Transmit
Unit
4. DHCP Setting
1. Header and Control
Field Compression
5. PC Remote
Access
2. Protocol Field
Compression
1. Shared IP Net
3. IP Compression
(V Jacobson-RFC1144)
2. Remote Workstation
IP Address Allocation
4. Data Negotiation
Compression Mode
RFC 1974 compatible
5. Multilink
3. Remote Workstation
IP Address Pool
4. Primary Domain
Name Server
5. Secondary
Domain
Name Server
Figure 4-6. Routing/Bridging Menu Outline
³
To access the Routing menu
1. In the Advanced menu, press 1.
The Setup menu appears.
2. In the Setup menu, press 2.
4-14
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
The Routing menu appears:
ROUTING (Device name – KMBE)
Link 1 - IP & IPX ROUTER
PPP
Setup Menu
1.
2.
3.
4.
5.
Link Routing/Bridging mode
Static stations & nets
IP routing settings
IPX routing settings
Station ageing (minutes): 30
ESC - Return to previous menu
Choose one of the above:
The options in the Routing menu are described below.
Link Routing/Bridging Mode
ROUTING MODE: LINK 1 (Device name – KMBE)
1.
2.
3.
4.
Link type
- IP & IPX ROUTER
Link protocol
- PPP
Link cost/metric - 1
PPP settings
ESC - Return to previous menu
Choose one of the above:
Link Type
Select this parameter to assign the link type. Use the space bar to toggle
between Bridge, IP, IPX or IP&IPX routing.
KMBE/N
KMBE/N
Routing/Bridging Mode:
* Bridge
* IP
* IPX
* IP+IPX
KILOMUX
KILOMUX
Figure 4-7. Routing Modes
Link Protocol
Select this parameter to assign the link protocol. The link protocol available is
PPP, RFC 1490, or Native.
KMBE
Kilomux-2100/2104
Advanced Setup
4-15
Chapter 4 Configuration
•
Installation and Operation Manual
PPP - Point to Point Protocol consists of 3 components:
ƒ
A way to encapsulate IP datagrams on a serial link. PPP supports either:
…
an asynchronous link with 8 bits of data and no parity
…
bit-oriented synchronous links.
ƒ
A link control procedure (LCP) to establish, configure, and test the datalink connection. Having a LCP allows each end to negotiate various
options
ƒ
A family of network control protocols (NCPs) specific to different network
layer protocols. The NCPs allow each end to configure network control
parameters.
Each frame begins and ends with a flag byte whose value is 0x7e. The flag
byte is followed by an address byte whose value is 0xff. The address byte is
followed by a control byte whose value is 0x03.
The control byte is followed by the protocol field. The value of the protocol
field determines the type of information field. A value of 0x0021 means the
information filed is an IP datagram. A value of 0xc21 means that the
information field is link control data, and a value of 0x8021 means that the
information field is for network control data. The CRC field is a cyclic
redundancy check, used to detect errors in the frame.
PPP is often used across slow serial lines. It is therefore important to reduce
the number of bytes per frame to reduce the latency time. Using the LCP,
most implementations negotiate to omit the constant address and control
fields and to reduce the size of the protocol fields from 2 bytes to 1 byte. In
addition, when using the IP NCP, most implementations use Van Jacobson
header compression to reduce the size of the IP and TCP headers.
KMBE/N
KMBE/N
Protocol:
* PPP
* RFC-1490
* Native
KILOMUX
KILOMUX
Figure 4-8. Link Protocols
•
RFC-1490 - supported Frame Relay protocol
•
Native - HDLC protocol.
Link Cost/Metric
Select this parameter to assign a cost to each WAN link for routing purposes.
Metrics are hop counts. Hop counts are the number of routers through which a
packet must go to get to its destination. Adjacent interfaces have a hop count of
1. If a packet must go through 2 routers to get to its destination the hop count is
2. The higher the hop count the longer the route.
A router will automatically send packets using the lowest possible metric. If a
router is not functioning, KMBE will send the packets through an interface with a
higher metric.
4-16
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
PPP Settings
This option is only available for PPP link protocol.
The PPP Setting screen has the following options:
•
Header and Control Field Compression - This parameter is used for
troubleshooting only. Do not change the entry unless there is a problem
•
Protocol Field Compression - This parameter is used for troubleshooting only.
Do not change the entry unless there is a problem
•
IP Compression - This parameter activates Van Jacobson TCP Header
Compression on a specified link.
PPP is normally used on slow bandwidths, such as modems. Data
transmission is therefore slower when using this protocol. To quicken the
transmission, certain parts of the data packets can be compressed.
In Van Jacobson TCP Header Compression the packet header is compressed.
Every IP data packet contains a header. The header contains the source
address, destination address and other information.
Since PPP is used for point to point transmissions, both the local and remote
devices must have Van Jacobson TCP Header Compression enabled for
compression to be performed. To verify that Van Jacobson TCP Header
Compression is being performed, open the Interface Connections Screen.
•
Data Compression Negotiation Mode - KMBE supports IP and IPX data
compression according to RFC 1974 using the STAC Compression Method. The
following modes are supported:
ƒ
Disabled
ƒ
No History
ƒ
LCB
ƒ
Sequence
ƒ
Extended.
Data compression
set at LCB
KMBE/N
KMBE/N
When KMBE attempts to negotiate with another unit, a message is sent
stating in which mode the data will be sent. If the mode is acceptable to the
receiving unit, data transmission begins. If the mode is not acceptable (i.e.
the second unit does not support this mode), another mode is tried, until an
acceptable mode is found. This process is called auto-negotiation. When you
choose a mode, you are choosing the first mode used during
auto-negotiation. Do not change this parameter unless a problem arises with
the auto-negotiation. If a problem does arise, consult the opposite unit's user
manual.
Auto
Negotiation
KILOMUX
Data compression
set at Extended
KILOMUX
Figure 4-9. Autonegotiation
KMBE
Kilomux-2100/2104
Advanced Setup
4-17
Chapter 4 Configuration
Installation and Operation Manual
In Figure 4-8, the KMBE data compression is set at LCB. In the remote
unit the data compression is set to Extended. Messages are sent between
the 2 units, until a common data compression mode is found.
Static Stations and Nets
STATIC STATIONS AND NETS(IP,IPX) (Device name – KMBE)
1. IP
cost-1
- 192.168.1.1 mask-255.255.255.248 interface-2/16
2. IPX - 19490182
interface-3
cost-1
A - Add , C - Clear all , D - Delete
ESC - Return to previous menu.
Select this parameter to add, delete, or clear static entries in the IP/IPX Routing
table. When adding, static entries can be defined in several ways:
•
IP Net - IP Net defines a network as the destination. IP Net consists of 2
parts: the frame pathway and destination. The pathway is specified either as
an interface (i.e. port) number or as Next Hop IP address. Next Hop IP means
that the frames are sent to another router; from there they will be sent to
their final destination.
To define the destination enter the subnet IP address and IP mask. For
example, 192.168.1.3 is a subnet IP address and 255.255.255.240 is the IP
mask.
Digital
Network
KILOMUX
KMBE/N
Router
IP address 192.168.1.2
Mask 255.255.255.240
IP NET 1
IP NET 2
Figure 4-10. Router 2 set to “Next Hop” in KMBE
•
4-18
IP Station - IP Station defines a single host as the destination. IP Station
consists of 2 parts: the frame pathway and destination. The pathway is
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
specified as in IP Net, above. To define the destination enter the host IP
address
•
IPX Net - IPX Net is used for IPX routing. Define the IPX Net and the interface
number in hexadecimal
•
MAC - MAC is used in the remote device for Bridging. MAC defines the MAC
address of the static station in the bridge station list.
IP Routing Settings
IP ROUTING SETTINGS (Device name – KMBE)
1.
2.
3.
4.
Interface address
RIP mode
Maximum transmit unit
PC remote access
Interface Address
Not applicable.
RIP Mode
Select this parameter to set the type of RIP to be sent. Toggle between RIP1,
RIP2, RIP1+2 or No RIP for each interface. Since most Internet applications do not
use RIP, the default setting is No RIP.
RIP stands for Routing Information Protocol. Every router has a routing table
which directs packets. A router uses the routing table to send the packets
through a designated gateway (if the packet was sent to another network) or
sends the packets directly to a host. The routing table is built when the host is
booted up. RIP sends a request to all active interfaces, asking for the others'
routing table. Using the information received, the host builds its own routing
table in which the packet destinations are entered.
By sending requests for information, RIP both builds the table and updates the
entries. RIP updates the table using the responses received every 30 seconds.
If a router is not functioning, the packets must be redirected and sent to a
second router. The routing table contains the address of a backup router. RIP
informs all of the other routers in a network on how to circumvent the nonfunctioning router.
Maximum Transmit Unit
Select this parameter to set the maximum transmit unit (MTU) for
IP fragmentation. The MTU must be set for each interface.
Both Ethernet and 802.3 encapsulation have frame size limits. If a frame is larger
than the MTU, IP fragments the frame into smaller units.
KMBE
Kilomux-2100/2104
Advanced Setup
4-19
Chapter 4 Configuration
Installation and Operation Manual
PC Remote Access
PC Remote Access (Device name – KMBE)
1.
2.
3.
4.
5.
Shared IP net - 192.168.1.2
mask - 255.255.255.240
Remote workstation IP addresses allocation (BOOT/IPCP)-[Enabled]
Remote workstation IP addresses pool
Primary domain name server (DNS) - 192.168.1.3
Secondary domain name server (DNS) - 192.168.1.4
ESC - Return to previous menu
Choose one of the above:
Select this parameter to define the remote access. The PC Remote Access Option
is important if KMBE is used as a remote access server for remote PCs accessing
the LAN.
Shared IP Net
Select this parameter to enter the Shared IP net address. The Shared IP net
address is used by all remote workstations connecting to the remote access
server on the WAN links.
Remote Workstation IP Address Allocation
Select this parameter to enable or disable allocation of remote workstation IP
addresses via BootP or IPCP negotiations.
Remote Workstation IP Address Pool
Select this parameter to enter and display a pool of addresses to be allocated by
the remote access server to remote workstations connected over the WAN links.
These addresses belong to the Shared IP Net.
Primary Domain Name Server (DNS)
Select this parameter to enter a primary DNS to be obtained by the remote PC
during the IPCP negotiations.
Secondary Domain Name Server (DNS)
Select this parameter to enter a secondary DNS to be obtained by the remote PC
during the IPCP negotiations.
DNS is a distributed database that is used by TCP/IP applications to map between
host names and addresses, and to provide electronic mail routing information.
The term distributed is used because no single site on the Internet knows all of
the information. Each site (university department, company etc.) maintains its
own database and runs a server program that other systems across the Internet
can query. The DNS provides the protocol that allows clients and servers to
communicate with each other.
4-20
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
IPX Routing Settings
IPX ROUTING SETTINGS (Device name – KMBE)
1.
2.
3.
4.
5.
6.
7.
Learn LAN IPX nets for all
LAN IPX net for frame type
LAN IPX net for frame type
LAN IPX net for frame type
LAN IPX net for frame type
Dial-in IPX net
RIP/SAP mode
frame types
802.3
Ethernet II
802.2
SNAP
-
[Automatic]
000A8023
04FD9F16
000A8022
05FD9F16
D2FD9F16
ESC - Return to previous menu
Choose one of the above:
Select this parameter to specify how KMBE learns IPX Nets. KMBE can learn IPX
Nets in 3 ways:
•
Learn LAN IPX Nets for all Frame Types - By setting this parameter to
Automatic, KMBE learns IPX Nets from RIP/SAP frames sent by other IPX
routers on the same LAN. If there are no other IPX routers on KMBE LAN, this
parameter must be set to Manual, and you must configure the IPX Nets for
each frame type.
•
LAN IPX Net for Frame Type - Each of these parameters specifies the IPX Nets
associated with a particular frame type. Each frame type is supported by the
LAN. KMBE supplies default values for these frame types.
•
Dial-in IPX Net - This parameter specifies the IPX Net definition for a WAN
interface.
RIP/SAP Mode
RIP / SAP MODE SETUP (Device name – KMBE)
1. Link 1 RIP/SAP mode: [Enabled]
2. LAN
RIP/SAP mode: [Enabled]
ESC - Return to previous menu
Choose one of the above:
Link 1 RIP/SAP Mode
Select this parameter to Enable/Disable the RIP/SAP mode. The default setting
enables sending RIP and SAP tables for all updates and interfaces (Link and LAN).
When disabled KMBE does not send RIP/SAP frames. KMBE receives and processes
RIP/SAP frames sent from other routers.
Station Aging
Station aging determines the amount of time a station is allowed to be inactive
before it is removed from the network. A station is inactive when no IP traffic is
forwarded or received to the KMBE LAN interface. For example, in Figure 4-10, IP
address 192.18.1.1 has an aging time of 120 seconds. If no frames are received
KMBE
Kilomux-2100/2104
Advanced Setup
4-21
Chapter 4 Configuration
Installation and Operation Manual
from IP address 192.18.1.1 within 120 seconds, the station will be removed from
the KMBE IP net table.
Digital
Network
KILOMUX
KMBE/N
Station Aging
120 seconds
IP address 192.168.1.1
Figure 4-11. Station Aging
Interface Parameters
Select this option to set link, or Frame Relay parameters.
4-22
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
Advanced Menu
1
3
Interface Parameters
1
2
Setup
2
Device Control
3
4
X.25 Module
Setting
Frame Relay
Settings
ISDN Protocol
Setting
Link Settings
1. ISDN Protocol
& SPIC
1. Status
2. Type
1. Asynchronous
3. Connection Type
2. Synchronous
4. Connection
Timeout (sec)
3. ISDN
1. Modem Name
2. Modem Initializing
String
5. Control
Signals Mode
4. X.25
5. Frame Relay
6. Baud Rate (Kbps)
3. Autobauding to
Modem Speed
4. Reset Modem
Before Setup
5. Analyze Modem
Answer
7. Parity
8. Stop Bit
6. Modem Speaker
On
7. Modem Dialling
Number
8. Local Number
(for Dialback)
9. Modem Setting
9. Number of Rings
Before Answer
Figure 4-12. Interface Parameters Menu Outline
³
To access the Interface Parameters menu:
1. In the Advanced menu, press 1.
The Setup menu appears.
2. In the Setup menu, press 3.
The Interface Parameters menu appears.
KMBE
Kilomux-2100/2104
Advanced Setup
4-23
Chapter 4 Configuration
Installation and Operation Manual
INTERFACE PARAMETERS (Device name – KMBE)
1.
2.
3.
4.
Link settings
ISDN protocol settings
Frame relay DLCI settings
X.25 module setting
ESC - return to previous menu
Choose one of the above:
The options in the Interface Parameters menu are described below.
Link Settings
Status
Select this parameter to specify the status of a link: enabled or disabled. An
enabled link transmits frames. Normally you would want all links enabled. If a
router is not working, the link to that router should be disabled. All frames are
then rerouted.
Type
Select this parameter to specify the type of interface in use: Synchronous.
When the mode is synchronous, data bits are transmitted at a fixed rate. The
sender and the receiver are synchronized. The third mode is Frame Relay. Frame
Relay is a packet-switching protocol for connecting devices on a WAN.
Connection Type
Select this parameter to specify the type of connection:
•
Originate only - If the link is to be used to connect to the Intranet
•
Answer only - If the link is to be used for receiving remote access
connections
•
Answer&Originate - If the link is to be used for both incoming and outgoing
connections (not simultaneously).
Connection Timeout (sec)
Select this parameter to specify the connection timeout. The remote side has to
answer within the time allotted with the Connection Timeout. If within this time
there is no response, you are informed that the remote side is no longer active.
Connection timeout is only configured when the PPP protocol is used. The
parameter consists of two parts:
•
Time (1-255 seconds)
•
Number <N> of attempts.
Within the designated time, KMBE will send frames <N> times. For example, if the
time is configured to120 and the number is configured to 6, every 20 seconds a
frame is sent. If there is no response KMBE assumes that the remote unit has
failed.
4-24
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
ISDN Protocol Settings
Not applicable.
Frame Relay
Frame Relay is a form of WAN which is designed to maximize throughput and
minimize cost by simplifying network processing.
Frame Relay Features
•
Supports permanent virtual circuits (PVC)
•
Supports Frame Relay (IP/IPX) encapsulation based on RFC 1490
•
Supports different management maintenance protocols:
ƒ
T1.617/ANNEX D
ƒ
Q.933/ANNEX A
ƒ
LMI.
•
Supports self learning of the maintenance protocol and the DLCI which
enables connection to the Frame Relay network without configuring Frame
Relay parameters
•
Executes congestion control when an explicit congestion notification is
received for the DLCI from the Frame Relay network. The unit reduces the
transmitted information rate of the DLCI and increases it when the
congestion condition is cleared.
•
Supports the Frame Relay SNMP MIB.
Implementing Frame Relay
Figure 4-12 shows a map of the options in the Advanced menu that are used to
configure KMBE for operation over a Frame Relay network.
KMBE
Kilomux-2100/2104
Advanced Setup
4-25
Chapter 4 Configuration
Installation and Operation Manual
Main
menu
Advanced
menu
View
Setup
Device
control
Frame relay
DLCIs'
Interface
Parameters
Reset
options
View Frame relay
DLCI parameters
Reset Link
Frame Relay
DLCI setting
Link
setting
DLCI
Self learn
DLCI/
Maintenance
Maintenance
Protocol
State
CLLM
Status
CIR
Polling
Interval
Excess
Full enquiry
Interval
Throughput
Error
Threshold
Monitored
Events
Figure 4-13. Frame Relay Options in the Advanced Menu
Frame Relay Link Parameters
The parameters in the Frame Relay Links Parameters menu are described below.
Self Learn DLCI/Maintenance
Select this parameter to specify whether KMBE will self learn the maintenance
protocol on the Frame Relay link and the DLCI status (UP or DOWN). When this
parameter is disabled (OFF), you need to configure the maintenance protocol and
the DLCI manually.
CLLM Status
Select this parameter to specify whether CLLM frames, used for congestion
indication, will be supported (ON) or not (OFF).
Maintenance Protocol
Select this parameter to specify the maintenance protocol of the Frame Relay
link: T1.617/ANNEX D, Q.933/ANNEX A, LMI or None. This parameter can only be
configured if Self learn DLCI /Maintenance parameter is disabled (OFF).
4-26
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
Polling Interval
Select this parameter to specify the number of seconds between transmission of
two successive status inquiry frames.
Full Inquiry Interval
Select this parameter to specify the number of polling intervals after which a full
status request frame is transmitted.
Polling interval = 10
Full inquiry interval = 4
KMBE/N
Status Inquiry
Frame Relay Network
Status Inquiry Reply
10 seconds
Status Inquiry
Status Inquiry Reply
10 seconds
Status Inquiry
Status Inquiry Reply
10 seconds
Status Inquiry
Status Inquiry Reply
10 seconds
Status Inquiry
Status Inquiry Reply
10 seconds
Status Inquiry
Status Inquiry Reply
Time
Figure 4-14. Polling Intervals
Error Threshold
Select this parameter to specify the number of unacknowledged monitored
events (status inquiry frames and full status inquiry frames) that can occur in a
sliding monitored events window before the link is declared DOWN.
Monitored Events
Select this parameter to specify the number of monitored events (status inquiry
frames and full status inquiry frames) in a sliding monitored events window.
KMBE
Kilomux-2100/2104
Advanced Setup
4-27
Chapter 4 Configuration
Installation and Operation Manual
Figure 4-15. Monitored Events
After the link is declared DOWN, it can only be declared UP again when the sliding
monitored events window contains only successfully monitored events.
Figure 4-16. Monitored Events - Down Link
Frame Relay DLCI Parameters
The parameters in the Frame Relay DLCI Parameters menu are described below.
DLCI
Select this parameter to specify the DLCI number.
State
Select this parameter to specify whether the DLCI is Enabled or Disabled (for
receive/transmit).
CIR
Select this parameter to specify the maximum amount of data in bits which the
network guarantees to transfer during the measurement interval (the
measurement interval is usually one second). The value of this parameter is
obtained from the Frame Relay provider.
4-28
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
Excess
Select this parameter to specify the maximum amount of uncommitted data bits
that the network will attempt to deliver during the measurement interval. The
value of this parameter should be received from the Frame Relay provider.
Throughput
Select this parameter to specify this parameter to specify the average number of
data bits per second transferred by the network. When a measurement interval
of one second is assigned to the CIR, the throughput value should equal the CIR
value.
Access Control (Security)
Select this option to perform security operations.
Advanced Menu
1
4
Access Control
(Security)
1
2
External Access
Security
1. Security
Authorization
2
Device Security
Identity
1. Name
2. Minimum Accepted
PPP Security
3
Security Host/
Guest
4
Setup
Device Control
Advanced PC to
LAN Bridge Link
Security
5
Login Script
Setup
1. Security Link
2. Password
3. Accessible
Stations/Nets
4. User Access
Profiles
1. Access Mode
2. Limit Access List
1. Unlimited Access
2. Limited Access
3. Static Statiions/Net
Access
Figure 4-17. Access Control Menu Outline
³
To access the Access Control menu
1. In the Advanced menu, press 1.
The Setup menu appears.
2. In the Setup menu, press 4.
The Access Control menu appears.
KMBE
Kilomux-2100/2104
Advanced Setup
4-29
Chapter 4 Configuration
Installation and Operation Manual
ACCESS CONTROL (Device name – KMBE)
-------------1. External access security
2. Device security identity
3. Security Host/Guest
4. Advanced PC to LAN Bridge link security
5. Script setup
ESC - Return to previous menu
Choose one of the above:
The options in the Access Control menu are described below.
External Access Security
Select this parameter to protect your LAN against unwanted entry by outside
users. Toggle between the following options:
•
None - Access denied to all users
•
User Access Profile - Allow/deny access according to the User Access Profile
(see below)
•
RADIUS - Allow/deny access according to the RADIUS Authenticator
•
User Access Profile+RADIUS - Access is allowed if the User Access Profile
allows it OR if the User Access Profile denies access but the RADIUS
Authenticator allows it.
If you select RADIUS, configure the RADIUS Access parameters from the Host
Parameters menu.
Minimum Accepted PPP Security
Select this parameter to specify the minimum security to none, PAP or CHAP.
PPP supports 2 types of security systems:
•
CHAP (Challenge Handshake Authentication Protocol) - CHAP is a type of
authentication in which the authentication agent (typically a network server)
sends the client program a key to be used to encrypt the username and
password. This enables the username and password to be transmitted in an
encrypted form to protect them against hackers.
•
PAP (Password Authentication Protocol) - PAP is the most basic form of
authentication, in which a user's name and password are transmitted over a
network and compared to a table of name-password pairs. Typically, the
passwords stored in the table are encrypted. The main weakness of PAP is that
both the username and password are transmitted in an unencrypted form.
Accessible Stations/Nets
Select this parameter to define parameters which limit public access to the
network. Access can be allowed for all stations/nets, only certain stations/nets,
4-30
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
or only stations/nets which are static. When the access mode is 'limited', use the
access list to define which stations/nets have access.
User Access Profiles
Select this parameter to view and modify user access profiles in the access
control users list. The list contains user names, security parameters and dialback
options.
Device Security Identity
Name
Select this parameter to assign a name to KMBE for access to the ISP's central
access router. The maximum length is 30 characters.
Password
Select this parameter to assign a password to KMBE for access to the ISP's
central access router. The maximum length is 30 characters.
Security Host/Guest
Select this parameter to define a link's security status. When a link is defined as a
Host, users are approved according to your profile list. When link is defined as a
Guest, the device sends its name and password to be approved by the host. The
Guest mode is the default.
Advanced PC to LAN Bridge Link Security
Use this parameter to configure advanced security for remote access from a PC
client, when the KMBE is configured as a bridge.
WAN Economy Menu
Select this option to reduce traffic over the WAN.
KMBE
Kilomux-2100/2104
Advanced Setup
4-31
Chapter 4 Configuration
Installation and Operation Manual
Advanced Menu
1
5
2
WAN Economy
1
2
1. Block and
Forwarding
2. Link to Link
Traffic
3. IP/IPX Broadcast
Control
Device Control
3
Connection
On Demand
Filters
Setup
1. Start Connection
2. Terminate
Connection
3. Minimum Time
Between Two
Connects
4. Quick Filters
4
IP/IPX Spoofing
Fast
Retransmission
Frame Limit
1. Keep Alive Mode
2. RIP/SAP
Spoofing Tables
Updated Timeout
3. Change Link
Spoofing Mode
4. Minimum Time
Between Two
Disconnects
5. Connect
Manually
6. Disconnect
Manually
Figure 4-18. WAN Economy Menu Outline
³
To access the WAN Economy menu:
1. In the Advanced menu, press 1.
The Setup menu appears.
2. In the Setup menu, press 5.
The WAN Economy menu appears.
4-32
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
WAN ECONOMY (Device name – KMBE)
----------Use these features:
- to reduce traffic over the WAN to a minimum and increase
throughput
- to keep the link up only when it is required
1.
2.
3.
4.
Filters
Connection on demand
Spoofing
Fast retransmission frame limit: 2
ESC - Return to previous menu
Choose one of the above:
The options in the WAN Economy menu are described below.
Filtering
Filtering allows you to limit the amount of traffic which enters and exits the Small
Office LAN via KMBE. Filtering is used to:
•
Increase security
•
Reduce traffic to the link.
KMBE features two types of filters:
•
Quick Filters
•
Advanced Filters.
Quick Filters are used to regulate IP and IPX. A Quick Filter can neutralize
IP and/or IPX protocol by blocking all traffic of that protocol, as illustrated in
Figure 4-18.
Quick Filter
Quick Filter
KMBE/N
KMBE/N
Traffic is blocked by the
Quick Filter
Digital
Network
KILOMUX
KILOMUX
Traffic is blocked by the
Quick Filter
Figure 4-19. Action of a Quick Filter
KMBE
Kilomux-2100/2104
Advanced Setup
4-33
Chapter 4 Configuration
Installation and Operation Manual
Advanced Filters are used to regulate traffic in both directions, as shown in
Figure 4-19.
•
From LAN to the Link. Using filters here will forward or block traffic from the
LAN outwards
•
From Link to the LAN. Using filters here will forward or block traffic from the
link inwards.
Using a variety of parameters, advanced filters can be used to regulate different
protocols, to totally or partially block traffic, and to control traffic between links.
Advanced Filter
Advanced Filter
KMBE/N
KMBE/N
Traffic is regulated by the
Quick Filter
Digital
Network
KILOMUX
KILOMUX
Traffic is regulated by the
Quick Filter
Figure 4-20. Action of an Advanced Filter
There are two modes through which filtering can be implemented: blocking and
forwarding.
Blocking
The block command causes KMBE to test every packet of data that is sent to or
from the LAN. If the packet passes the test, passage is denied.
Example:
You want to ensure that IP/UDP packets do not go on to the link in the direction
of the Intranet. Thus, you design a filter which tests each packet to see if it is an
IP/UDP packet. If the packet tests positive, it is automatically blocked.
Forwarding
The forward command works in the same way as the block command. However,
with forwarding, if the packet passes the test, it is allowed passage to or from
the LAN.
Example:
You want to allow a certain user on the Small Office LAN to access the Internet
for FTP purposes. To do this, you create a filter to test each packet for the IP
host address of the specified user and the FTP socket of the packet. If the packet
passes the test, it is forwarded to the Internet/Intranet.
Multiple Filters
Up to 18 filters can be defined. If there are 2 filters which have contradictory
operations, forwarding takes precedence over blocking.
4-34
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
Example:
You want to allow only one particular user on the Small Office LAN to access the
Internet for FTP purposes. To insure that no one else is able to access the
Internet, create a blocking filter for all traffic going to the link. To do this, from
the Blocking and Forwarding menu enter "Block all traffic for Link1". In addition,
create a filter to test each packet for the IP host address of the specified user
and the FTP socket of the packet. Since forwarding takes precedence over
blocking, that user's frames are forwarded.
Definition of Filter Tests
You need to define the filter test that will be applied to every packet that is
transmitted. Use any combination of the following parameters to define the filter
test:
•
Protocol
•
Operation (block, forward, etc.)
•
Interface (LAN, Link)
•
Destination and/or source IP address of the packet
•
Destination and/or source MAC address of the packet (layer 2)
•
IP socket (upper and lower level)
•
IP packet type (broadcast, multicast).
Up to 18 filters can be defined. To avoid reducing KMBE performance, minimize
the number of active filters.
Defining Filters
Filters can be defined through the control port, Telnet or SNMP. First decide on
the mode and conditions for a filter, then follow the instructions below to set
filter parameters.
Remember that forwarding takes precedence over blocking. If there is
combination of filters which contain both operations, the frame will be
forwarded.
Quick Filter Menu
³ To define a quick filter:
1. From the Advanced Setup menu, choose:
Set up → WAN Economy → Filters.
2. Configure the operation.
3. Configure the broadcast control.
4. Configure the quick filter parameters.
KMBE
Kilomux-2100/2104
Advanced Setup
4-35
Chapter 4 Configuration
Installation and Operation Manual
FILTERS (Device name – KMBE)
1.
2.
3.
4.
5.
Block and Forwarding
Link to link traffic: [FORWARD]
IP / IPX broadcast control - [Full Propagation]
Quick filters
Advanced filters
Esc - Return to main menu
Choose one of the above:
³
To configure the operation:
1. From the Filters menu, choose Block and Forwarding.
2. Toggle between Block and Forward.
³
To configure the broadcast control:
•
From the Filters menu, press 2 to toggle between Full Propagation and Block
Propagation. The default is Block Propagation.
The broadcast control filter manages special frames which are normally
propagated throughout the network. The frames managed are:
•
IP - Local broadcast propagation
•
IPX - Zero destination propagation, IPX Type 20 frames propagation
•
NETBIOS over IP - IP frames with TCP/UDP ports 137, 138, 139 propagation.
Link Traffic
Use this to configure whether traffic will be sent or blocked when KMBE is
configured as a bridge:
³
•
Forward - forward all traffic
•
Blocked - clock all traffic.
To configure the Quick Filter parameters:
1. From the Filters menu, choose Quick Filters.
2. To toggle between No Filters/Forward/Block, press the number of the
protocol that you want to filter.
Quick Filters are defined per protocol. Configure each protocol that you want to
block or forward.
4-36
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
QUICK
Chapter 4 Configuration
FILTERS (Device name – KMBE)
Choose the protocols you want to block or forward!!:
1.
2.
3.
4.
5.
6.
7.
IP
IPX
SNA
NetBIOS
AppleTalk
DECnet
Others
NO
NO
NO
NO
NO
NO
NO
FILTERS
FILTERS
FILTERS
FILTERS
FILTERS
FILTERS
FILTERS
ESC - Return to previous menu
Choose one of the above:
Advanced Filter Menu
³
To define an advanced filter:
1. From the Advanced Setup menu, choose:
Set up → WAN Economy → Filters.
2. Choose Advanced Filter.
3. If you are defining a new filter, choose Add. If you are editing a filter, choose
Edit and enter the filter number.
4. Define the desired parameters.
Advanced Filter Concepts
When defining an advanced filter the following parameters must be determined:
•
Filter ID - A selection number used to view, edit or delete a particular file. To
work with any filter, the Filter ID number must be entered
ADD
FILTERS (Device name – KMBE)
ENTER
T
N
SPACE
BACKSPACE
ESC
-
Enter data
Toggle (parameters inside [])
Next line (skip this one)
Move right
Move left
Return to previous menu
Filter Id - 1
KMBE
•
Protocol - The protocol on which the filter operates
•
Operation - Used to define the action of the filter
•
Interface - Used to determine the filter interface
•
Source Address - Used to define the source address of passing frames
•
Destination Address - Used to define the destination address of passing
frames
Kilomux-2100/2104
Advanced Setup
4-37
Chapter 4 Configuration
Installation and Operation Manual
•
High level (IP only) - Used to include or exclude high level protocols
•
Source/Destination Port - Used to define the port source/destination address
of an application
•
Source/Destination Socket - Used to define the socket source/destination
address of an application
•
Low Level - Used to include or exclude the low level protocols
•
Mask - Used to define a mask filter
•
Status - Used to define the filter's status.
True-False Menus
Many of the Advanced Filter parameters can be configured so that:
•
Frames with that parameter pass (true); or
•
Frames without that parameter pass (false).
For example, if you choose BroadCast-True, any frame which is BroadCast will
pass. If you choose BroadCast-False, any frame which is not BroadCast will pass.
Advanced Filter Parameters
•
Filter ID - The system automatically assigns a new number to each filter
•
Protocol - The protocol on which the filter operates
•
Operation - The action which the filter applies to a frame that passes:
ƒ
Forward
ƒ
Block
ƒ
Connect
ƒ
Disconnect.
The operations are listed in their order of priority. For example if the connect and
disconnect commands are applied to a frame, the connect command takes
precedence.
Connect and disconnect are only relevant to Connection on Demand. When
accessed through the Filter menu, only they appear.
•
Interface - The area where the filters will act. If you want to filter traffic
going to the LAN, choose LAN. If you want to filter traffic going to the link,
choose Link.
•
Source Address - Toggle to the desired address type (MAC or NET). The
address format (hexadecimal or binary) appears. Type in the complete source
address.
If you want to include a group of addresses, type <x> to indicate an unspecified
group. For example, a filter with the MAC source address the 4020.D2FE.xxxx will
pass any address beginning with 4020.D2FE.
•
4-38
Destination Address - Toggle to the desired address type (MAC, NET, All,
BroadCast, MultiCast). The address format (hexadecimal or binary) appears.
Type in the complete destination address. Choose True or False.
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
•
Normally, a frame has a particular destination, as specified in the destination
address field of the frame. Such frames are referred to as "All" frames.
"BroadCast" frames are intended for all stations. If you specify "BroadCast"
do not specify a mask pattern.
•
High Level - When you choose this parameter 2 choices appear:
ƒ
Yes
ƒ
No.
When Yes is chosen, a list of High Level protocols appear. The High Level
protocols include:
ƒ
FTP
ƒ
WWW
ƒ
Telnet
ƒ
E-MAIL
ƒ
TFTP
ƒ
SNMP
ƒ
DNS
ƒ
RIP.
Select the protocols you want to filter. Choose True or False.
•
Source/Destination Sockets - This parameter differs for IP and IPX:
ƒ
IP - The Destination Port is enabled when no High Level protocol is
specified. If you define a port number in decimal numbers, define the low
level protocol as UTP or TCP. If no port number is defined, define the low
level protocol as UTP, TCP, or ICMP. Choose True or False.
ƒ
IPX - If a socket address or low level protocol is not defined, a socket
number may be specified. Choose True or False.
•
Low Level (IP protocol) - Toggle to the required low level protocol for the
filter. If the port number is defined in decimal format, specify the low level
protocol as UTP or TCP. If no port number is defined, specify the low level
protocol as UTP, TCP, or ICMP. Choose True or False.
•
Low Level (IPX protocol) - Toggle to the required low level protocol for the
filter. If a socket is defined in the destination address, a low level protocol or
socket number may not be specified. Conversely, if a socket address or low
level is not defined, a socket number may be specified.
•
Mask - A mask is a test pattern that is used to allow certain frame patterns
only. You define a code against which the frame is compared.
To create a mask, toggle to Yes. Three pairs of codes and offsets must be
created. The offset defines the point in the frame at which the comparison is
made. For example, an offset of 8 means that the 8th byte is compared to the
code. The offset can be from the 7th byte onwards.
The frame is made of 3 different portions:
KMBE
ƒ
MAC - is at the beginning of the frame
ƒ
LLC - is after the source address in the frame
Kilomux-2100/2104
Advanced Setup
4-39
Chapter 4 Configuration
Installation and Operation Manual
ƒ
DATA - is after the LLC section in the frame.
For each code-offset pair, select the code format:
ƒ
Binary - specify 48 address bits to be either 0,1, or X (unspecified)
ƒ
Hexadecimal - specify 12 hex digits to be 0-F or X (unspecified).
For each code-offset pair, choose True or False.
Every frame, at the designated offsets, is compared to the 3 codes in the mask.
If all 3 codes and the True-False condition match the code written in the frame,
the frame passes.
Only 1 mask per filter can be defined.
•
Status - Toggle between:
ƒ Active
ƒ Not Active - Not active allows you to define filters which can be stored
and used at a later time.
Saving Filter Parameters
All filters are stored in the Flash Memory, thereby preserving them if the power
goes down. When filtering is selected, all of the filters are copied into the RAM.
The RAM copy is then used to activate the software filtering. process. Any filter
which is modified, (by clearing all, deleting one, or changing a parameter) goes
into effect immediately. The previous filter also remains in effect until the system
is rebooted.
³
To exit filtering and return to the main Setup menu:
1. Press Esc.
The following prompt appears:
'up' (Y/N)?
2. Press Y to save changes in the Flash Memory or press N to cancel your
changes. The system loads the previous set of masks the next time the
system is rebooted.
Fast Retransmission Frame Limit
This option allows you to insert the maximum number of acknowledge frames in
the buffer to prevent unnecessary retransmission on the WAN.
Factory Default Options
The Factory Default menu allows you to change all configuration parameters back
to their factory defaults.
³
To access the Factory Default menu
1. In the Advanced Setup menu, press 1.
The Setup menu appears.
2. From the Setup menu, press 6.
A string of text appears, prompting you to reset certain parameters.
4-40
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
3. Press Y to reset the parameters to the factory default, or N to avoid reset.
The next string of text appears. The screen below displays all the
parameters that can be reset.
Reset
Reset
Reset
Reset
Reset
Reset
Reset
Reset
Reset
Reset
Reset
Reset
Reset
Reset
Reset
Reset
Reset
MONITOR parameters to factory default ? (Y/N): N
DEVICE ID parameters to factory default ? (Y/N): N
MASKS parameters to factory default ? (Y/N): N
FORWARDING parameters to factory default ? (Y/N): N
SPOOFING parameters to factory default ? (Y/N): N
SNMP parameters to factory default ? (Y/N): N
LINKS parameters to factory default ? (Y/N): N
DOWNLOAD parameters to factory default ? (Y/N): N
COD parameters to factory default ? (Y/N): N
MODEMS parameters to factory default ? (Y/N): N
ISDN parameters to factory default ? (Y/N): N
FRAME RELAY parameters to factory default ? (Y/N): N
PPP parameters to factory default ? (Y/N): N
HOST IP parameters to factory default ? (Y/N): N
TELNET parameters to factory default ? (Y/N): N
RADIUS parameters to factory default ? (Y/N): N
SECURITY parameters to factory default ? (Y/N):
Device Control Menu
Advanced Menu
1
2
1
2
Software
Download
Upload Device
Parameters to
TFTP Server
3
Download Device
Parameters from
TFTP Server
Setup
Device Control
4
1. Download
from TFTP
Server
5
Reset Options
6
Control Other
Device
1. Reset Device
2. XMODEM via
Control Port (BOOT
Manager)
2. Reset Link
3. Reset Interface
Module
3. Download Software
to ISDN Module
Terminal Type
1. VT-100, UT-200,
VT-220 ANSI
Terminals
2. VT-52, IBM 3101
Terminals
3. Other Terminals
Figure 4-21. Device Control Menu
³
To access the Device Control menu
•
KMBE
In the Advanced menu, press 3.
Kilomux-2100/2104
Advanced Setup
4-41
Chapter 4 Configuration
Installation and Operation Manual
The Device Control menu appears:
DEVICE CONTROL (Device name – KMBE)
1.
2.
3.
4.
5.
6.
Software download
Upload device parameters to TFTP server
Download device parameters from TFTP server
Reset options
Control other device (bridge link only)
Terminal type
ESC - Return to previous menu
Choose one of the above:
The options in the Device Control menu are described below.
Software Download
SOFTWARE PARAMETERS IN THE DOWNLOAD (Device name – KMBE)
1. The parameters in the download from TFTP Server
2. The parameters in the MODEM via control port (BOOT Manager)
3. The parameters in the download software to ISDN module
ESC - Return to previous menu
Choose one of the above:
Select this option to download a new software version.
KMBE includes a Dual Image Flash, capable of storing two different versions of
software in two different partitions. Upon reset or boot KMBE automatically runs
the program stored in the active partition.
New software versions are loaded into the backup partition. If loading succeeds,
the backup partition becomes active and reset is automatically performed,
running the new software version. If loading fails, however, the device will be still
capable of working, since the Flash partition storing the old version is still active.
Figure 4-21 illustrates this process.
4-42
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
Chapter 4 Configuration
Step
1
Original
S/W Version
Copy 1
Active Partition
Step
2
Original
S/W Version
Copy 2
Original
S/W Version
Backup Partition
New
S/W Version
Active Partition Backup Partition
Step
3
Original
S/W Version
Backup Partition
New
S/W Version
Active Partition
Figure 4-22. Using the Dual Image Flash
Dual Image Flash can be controlled by the BOOT Manager. You use the BOOT
Manager to manually define active and backup partition, run backup partition,
erase some or all information from Flash etc. The BOOT Manager is accessible via
the above menu or immediately after resetting the hardware. Refer to
Appendix A Boot Manager for a detailed description of the BOOT Manager.
The options in the Software Download menu are described below.
Download from TFTP Server
TFTP is a IP/UDP client-server application. The unit is a TFTP client. Operating
opposite the client, you need a TFTP server connected to the LAN or WAN
interface via an IP network.
³
To download a new software version via TFTP server
1. Select option 1 from the Software Download menu.
Do you want to download new software version? (y/n): Y
TFTP server IP address: 192.168.1.2
New software file name: kmben.mbi
Download process will erase the program code
in the second partition of the device.
Upon completion of the download,
the device will be reset automatically.
Press 'S' to start the download process
or
ESC to return to previous menu:
2. Confirm that the Do You Want To Download New Software Version? field is
set to Yes.
3. In the TFTP Server IP Address field, type the IP address of the TFTP server.
KMBE
Kilomux-2100/2104
Advanced Setup
4-43
Chapter 4 Configuration
Installation and Operation Manual
4. In the New Software File Name field, type the path and file name of the new
software version.
The IP address and the new software version file name can also be defined
through the Setup menu.
5. Press S to start the download process.
During the process, the new program code is downloaded to the Flash backup
partition, thus erasing its previous contents.
Upon completion, the newly downloaded Flash partition becomes active,
while the old version’s partition becomes backup. The device automatically
resets, running the new program stored in the active partition.
During the download process, a counter shows the number of packets that have
passed. Downloading can be interrupted at any time by pressing the ESC key.
XMODEM via Control Port (BOOT Manager)
You use this option to access the BOOT Manager via the control port.
The BOOT Manager is discussed in Appendix A, BOOT Manager.
Device Configuration Parameters Upload/Download
This option allows you to save device configuration in a file or load saved
configuration to the device, using the TFTP protocol. TFTP is an UDP/IP clientserver application. The unit is a client TFTP. Operating opposite the client, you
need to connect a TFTP server to the LAN or WAN interface via an IP network.
Upload Device Parameters to TFTP Server
Select this parameter to save device configuration parameters into a file by
uploading to the TFTP server. This operation sends all unit parameters to the TFTP
server and will be saved under a filename that you specify.
³
To upload device parameters:
1. Activate the TFTP server application connected to the unit via an IP network.
2. Configure the following IP parameters: IP address, IP mask and IP default
gateway.
3. Select the TFTP upload option.
4. Enter the TFTP server IP address.
5. Assign a name to the configuration file you want to save on the server.
6. Press S to start the upload process.
Downloading Device Parameters from the TFTP Server
Select this option to load device configuration parameters from a file by
downloading from the TFTP server.
4-44
Advanced Setup
KMBE
Kilomux-2100/2104
Installation and Operation Manual
³
Chapter 4 Configuration
To download device parameters:
1. Activate the TFTP server application connected to the unit via an IP network.
2. Configure the following IP parameters: IP address, IP mask and IP default
gateway.
3. Select the TFTP download option.
4. Enter the TFTP server IP address.
5. Enter the name of the configuration file you want to download from the
server.
6. Press S to start the download process.
Upon completion of the download process, the unit performs reset. The new
parameters only come into effect after resetting.
Reset Options
Select this option to reset the device, link or interface module. The interface
module reset relates to ISDN options only.
Control Other Device
This option is only applicable when KMBE is configured as a bridge. Select this
option to configure the KMBE on the other side of the bridge link.
Terminal Type
Select this option to choose a terminal type. Since each terminal type uses
different ASCII control codes for cursor control, KMBE requires this information to
display the screens clearly.
KMBE
Kilomux-2100/2104
Advanced Setup
4-45
Chapter 4 Configuration
4-46
Advanced Setup
Installation and Operation Manual
KMBE
Kilomux-2100/2104
Chapter 5
Troubleshooting and
Diagnostics
5.1
Error Messages
Table 5-1 lists different symptoms and their causes, and what corrective actions
to take. If a persistent fault condition occurs, confirm that the KMBE is configured
properly. Link errors are sometimes caused by loose contact between connectors
or lack of cable continuity. Check that all connectors are plugged in properly and
that the quality of the cable is good.
Table 5-1. Common Problems and Solutions
Symptom
Possible Cause
Recommended Course of Action
All front panel indicators
are OFF
The unit is not receiving power.
Check that power is supplied to the unit.
Red LINK ERROR indicator
is blinking
In synchronous operation:
Corrupted frames are being
received, or the physical
connection is unstable.
Check the modem configuration and
cables.
Red LINK ERROR indicator
is ON
The LINK ERROR indicator will be
ON if the link is configured in
Synchronous mode, and no clock
signal is being received.
Check configuration settings.
Check the fuse and replace it if
necessary. (By qualified technician only).
Check the modem configuration and
cables.
Red LAN ERROR indicator is There is a temporary transmission Check cable connections and ensure that
blinking
problem.
the proper cable type is being used.
Red LAN ERROR indicator is There is a problem with the LAN
ON
connection.
Check that the LAN is connected
properly.
READY indicator is OFF
Check LAN and Link connections.
KMBE
Kilomux-2100/2104
If LAN ERROR indicator is ON, or
all LINK ERROR indicators are ON,
there is a possible connection
problem with the LAN or Link.
5-1
Chapter 5 Troubleshooting and Diagnostics
5.2
Installation and Operation Manual
Technical Support
Technical support for MiniCVS can be obtained from the local distributor from
whom it was purchased.
For further information, please contact the RAD distributor nearest you or one of
RAD's offices worldwide.
This information can be found at RAD's Web site: http://www.rad.com/ (for
offices location, click About RAD > Worldwide Offices; for distributors location,
click Where to Buy > End Users).
5-2
KMBE
Kilomux-2100/2104
Appendix A
Boot Manager
This appendix describes the various options of the BOOT Manager.
A.1
Preface
KMBE includes a Dual Image Flash, capable of storing two different versions of
software in two different partitions.
Upon reset, KMBE automatically runs the program stored in the active partition.
New software versions are loaded into the backup partition. If loading succeeds,
the backup partition becomes the active partition and KMBE is reset
automatically, running the new software version. If loading fails, the device is still
capable of working, since the Flash partition storing the old version remains
active.
Dual Image Flash can be controlled by the BOOT Manager. Use the BOOT Manager
to:
•
Download new software
•
Manually define the active and backup partitions
•
Run the backup partition
•
Erase some or all information from Flash.
A.2
Accessing BOOT Manager
You can access the BOOT Manager:
•
Via option 2 in the Software Download menu
•
Via the Rescue option.
Access via Software Download Menu
1. In the Advanced menu, press 3. The Device Control menu appears:
KMBE
Accessing BOOT Manager
A-1
Appendix A Boot Manager
Installation and Operation Manual
DEVICE CONTROL (Device name – KMBE)
1.
2.
3.
4.
5.
Software download
Upload device parameters to TFTP server
Download device parameters from TFTP server
Reset options
Terminal type
2. Press 1. The Software Download menu appears:
SOFTWARE DOWNLOAD (Device name – KMBE)
1. Download from TFTP Server
2. XMODEM via control port (BOOT Manager)
3. Download software to ISDN module
3. Press 2 to display the BOOT Manager menu.
Rescue
If KMBE does not respond properly, try the Rescue option:
1. Connect to the terminal emulator.
2. Switch on KMBE and immediately press R. The BOOT Manager menu appears.
A.3
The BOOT Manager Menu
BOOT 302 Version 1.01 (Mar 18 1997)
First : 1997 Apr 30 12:32 MBEBOOT.X
Second: 1997 May 01 14:46 RE70A6.X
1)
2)
3)
4)
5)
6)
7)
8)
7.0A5 test1
Testing ISDN download in RAS (LK)
Load new software
Partitions status
Run second partition
Reactivate second partition
Duplicate first partition
Erase configuration
Erase all Flash
Set baud rate
0) Exit
Choose one of the above:
The options in the BOOT Manager menu are described below.
A-2
The BOOT Manager Menu
KMBE
Installation and Operation Manual
Appendix A Boot Manager
Load New Software
Select this option to download new software via the control port using the
XMODEM protocol. During the process, the new program code is downloaded to
the Flash backup partition, thus erasing its previous contents.
Upon completion, the newly downloaded Flash partition becomes the active
partition, while the old version’s partition becomes the backup partition. The
device automatically resets, running the new program stored in the active
partition. Figure A-1 illustrates this process.
Step 1
Step 2
Original
S/W Version
Copy 1
Original
S/W Version
Copy 2
Original
S/W Version
New
S/W Version
Primary Partition
Secondary Partition
Primary Partition
Secondary Partition
Step 3
Original
S/W Version
New
S/W Version
Secondary Partition
Primary Partition
Figure A-1. Dual Image Flash
Partitions Status
Select this option to display information about the status of the active (first) and
the backup (second) Flash partitions. Note that the BOOT Manager menu also
displays a partial status at its upper part:
First : 1997 Apr 30 12:32 MBEBOOT.X 7.0A5 test1
Second: 1997 May 01 14:46 RE70A6.X Testing ISDN download in
RAS (LK)
Run Second Partition
Select this option to run the program stored in the backup partition of the Flash
memory. Normally that program is the previous software version.
The backup program runs once. The next hardware reset or Boot will run the
program stored in the active partition.
KMBE
The BOOT Manager Menu
A-3
Appendix A Boot Manager
Installation and Operation Manual
Reactivate Second Partition
Select this option to turn the backup partition into the active partition (and vice
versa). In this way you can return to the previous software version permanently.
This command may be executed up to 16 times, after which downloading of the
new software will be required. Therefore avoid using this option for a one-time
run of the old version (use the Run Second Partition option for that purpose).
Duplicate First Partition
Select this option to duplicate the program stored in the active (first) partition
into the backup (second) partition.
Erase Configuration
Select this option to erase the device configuration parameters which are also
stored in the Flash memory. Sometimes it is needed after downloading a new
version, if its parameter set is not fully compatible with the previous version
parameters. You may also use this command to set the device to the default
settings. The Erase Configuration command is also useful if you forget the
password.
Erase All Flash
Select this option to erase the device configuration parameters, and the
programs stored in both partitions. Remember to download new software before
attempting to operate the device.
Set Baud Rate
KMBE/N
Select this option to set the device’s baud rate to 9600, 19200, 38400, 57600 or
115200 bps. For software code download, it is recommended to use the highest
rate possible, i.e. 115200 bps (the baud rate must be higher than 9600 bps to
enable downloading). Figure A-2 illustrates this process.
Figure A-2. Setting the Baud rate
Change your terminal baud rate and press Enter 2 or 3 times to ensure that the
device identifies the new value.
A-4
The BOOT Manager Menu
KMBE
Installation and Operation Manual
Note
Appendix A Boot Manager
The terminal emulator of Windows 95 - HyperTerminal has a bug. After changing
baud rate the status line presents the new value, but this value does not come
into effect unless you perform the disconnect and connect commands
immediately after performing the change.
Exit
Select this option to exit from the BOOT Manager menu and perform BOOT/RESET
KMBE.
If the BOOT Manager is idle for more the two minutes, exit will be performed
automatically.
KMBE
The BOOT Manager Menu
A-5
Appendix A Boot Manager
A-6
The BOOT Manager Menu
Installation and Operation Manual
KMBE
24 Raoul Wallenberg Street, Tel Aviv 69719, Israel
Tel: +972-3-6458181, Fax +972-3-6483331, +972-3-6498250
E-mail: [email protected], Web site: http://www.rad.com
Customer Response Form
RAD Data Communications would like your help in improving its product documentation.
Please complete and return this form by mail or by fax or send us an e-mail with your
comments.
Thank you for your assistance!
Manual Name:
KM-2100/2104 KMBE
Publication Number:
425-217-12/08
Please grade the manual according to the following factors:
Excellent
Installation instructions
Operating instructions
Manual organization
Illustrations
The manual as a whole
What did you like about the manual?
Good
Fair
Poor
Very Poor
Error Report
Type of error(s) or
problem(s):
Incompatibility with product
Difficulty in understanding text
Regulatory information (Safety, Compliance, Warnings, etc.)
Difficulty in finding needed information
Missing information
Illogical flow of information
Style (spelling, grammar, references, etc.)
Appearance
Other
Please list the exact page numbers with the error(s), detail the errors you found (information missing,
unclear or inadequately explained, etc.) and attach the page to your fax, if necessary.
Please add any comments or suggestions you may have.
You are:
Distributor
End user
VAR
Other
Who is your distributor?
Your name and company:
Job title:
Address:
Direct telephone number and extension:
Fax number:
E-mail:
Publication No. 425-217-12/08
Order this publication by Catalog No. 803234
International Headquarters
24 Raoul Wallenberg Street
Tel Aviv 69719, Israel
Tel. 972-3-6458181
Fax 972-3-6498250, 6474436
E-mail [email protected]
North America Headquarters
900 Corporate Drive
Mahwah, NJ 07430, USA
Tel. 201-5291100
Toll free 1-800-4447234
Fax 201-5295777
E-mail [email protected]
www.rad.com
The Access Company