Allied Telesis AR 300 AT-AR300 AT-AR300 manual

Simply connecting the world Softwar e Release 2.3.1 For Rapier Sw itches, AR30 0 and AR70 0 Seri es Rou ters, an d AR800 Series Modular Swit ching Routers Introduction .......... ............. ................... ................... ............. .................... ........ 2 Hardware Platforms ................. ............. ................... [...]

2 Release Note Software Release 2.3.1 C613-10325 -00 REV B Intr oduction Allied T elesyn Internationa l announ ces the release of Software Release 2.3.1 on the AR300 and AR700 Series r outers, Rapier Seri es laye r 3 swi tches, and AR80 0 Series modular sw itching routers. This release note describes software features that ar e new sinc e Softwar e[...]

Softw are Rel ease 2 .3.1 3 Software Release 2.3.1 C613-103 25-00 REV B Hot Swapping Network Service Modules In routers and switches that have NSM bays, this release allows the fol lowing NSMs to be hot swapped, so that they ca n be installed a nd uninstal led without powering down the entire r o uter or switch: ■ A T - AR040 NSM wi th 4 PIC s lo[...]

4 Release Note Software Release 2.3.1 C613-10325 -00 REV B files, feature li cences and ot her files. (If this happens, FLASH m emory may need to be clear ed completely , leaving no functioning software to run the r outer .) Hot swap an NSM out of an NSM bay Follow these steps to hot swap an NSM, or PICs in an NSM-4 PIC, out of an NSM bay . 1. Prep[...]

Softw are Rel ease 2 .3.1 5 Software Release 2.3.1 C613-103 25-00 REV B Software Features The following feature s are available o n all routers and sw itches supported by this r eleas e, un less ot her wise s tated : Major f eatures ■ NSM Hot Swap softwar e support for models with NSM bays (“ NSM Ho t Swap Software Support ” on page 6) ■ Do[...]

6 Release Note Software Release 2.3.1 C613-10325 -00 REV B NSM Hot Swap Softw ar e Support When a car d is hot-sw apped out of a bay , it s inte rface inst ances becom e dormant. They stay dorma nt until either another card of the same type is ho t- swapped into the bay , in which case they ar e reactivated, or a car d of a differ ent type is hot-s[...]

Softw are Rel ease 2 .3.1 7 Software Release 2.3.1 C613-103 25-00 REV B Figur e 2: Ex ample out put from the SHO W INTERF ACE command fo r a specif ic interf ace. Domain Name S erver Enha ncements Softwar e Release 2.3.1 includes two enha ncements to Domain Name Server (DNS) functio nality: ■ The r outer can now store r ecently obtained DNS infor[...]

8 Release Note Software Release 2.3.1 C613-10325 -00 REV B If the DNS s ervers have already been configured, the configuration information ca n be set using the comma nd: SET IP DNS [DOMAIN={ANY| domain-name }] {INTERFACE= interf ace | [PRIMARY= ipadd ] [SECONDARY= ipadd ]} For example, to add or set the IP addresses of the default primary and seco[...]

Softw are Rel ease 2 .3.1 9 Software Release 2.3.1 C613-103 25-00 REV B Auto matic Na meserve r Conf igura tion The primary and se condary name server ’s addresses can eith er be statically configured as above, or learned dynamically o ver an interface. Name servers can be learned via DHCP over an Ethernet interface or via IPCP over a PPP interfa[...]

10 Release Note Software Release 2.3.1 C613-10325 -00 REV B SET TRIGGER= trigger-id [INTERFACE[= int erface ]] EVENT={UP| DOWN|FAIL|ANY} [CIRCUIT= miox-circuit ] [CP={ APPLE|ATCP|BCP| CCP|DCP|DNCP|IPCP|IPXCP|LCP}] [DLCI= dlci ] [AFTER= hh:mm ] [BEFORE= hh:mm ] [{DATE= date |DAYS= day-lis t }] [NAME= name ] [REPEAT={YES|NO|ONCE|FOREVER| count }] [T [...]

Softw are Rel ease 2 .3.1 11 Software Release 2.3.1 C613-103 25-00 REV B IP Secur ity (IPsec) Source Interface a nd Enhancem ents A source in terface can now be specified for tunnelled IPsec traffic. The performance of IPsec is also enhanced, and mor e simultaneous IPsec tunnels are supported, because of the incre ase in ENCO channels. A new SR CIN[...]

12 Release Note Software Release 2.3.1 C613-10325 -00 REV B OSPF on Dem and OSPF on demand circuits allow data lin k connections to be clo sed when not carrying application traf fic. A new parameter , DEMAND, has been added to the following com mands to support this feature: ADD OSPF INTERFACE [DEMAND={ON|OFF|YES |NO|TRUE|FALSE}] SET OSPF INTERFACE[...]

Softw are Rel ease 2 .3.1 13 Software Release 2.3.1 C613-103 25-00 REV B Figur e 3: Examp le of dial -on-demand IS DN befor e configuring OS PF on demand. Figur e 4: Examp le of dial -on-demand IS DN after configuring OSPF on dema nd. For more information, see t he Open Shor test Path First (OSPF) ch apter of your swi tch o r rou ter ’s S oft war[...]

14 Release Note Software Release 2.3.1 C613-10325 -00 REV B Paladi n Firewall Enhanc ements The existing firewall NA T performs address translation for traffic passing between a pair of interfa ces. W ith Softwar e Rel ease 2.3.1, firewall rul es can al so be configured which selectively perfo rm address translation on sessions passing through an i[...]

Softw are Rel ease 2 .3.1 15 Software Release 2.3.1 C613-103 25-00 REV B ■ Reve rse N A T This transla tes the addresses of public side de vices to addresses suitabl e for the private side of the firewall (destination addr ess will be translated for outbound packets, sou rce addre ss for inboun d packets). ■ Double NA T This tra nslates both th[...]

16 Release Note Software Release 2.3.1 C613-10325 -00 REV B additional r ules can be ad ded to allow or deny acce ss based on IP addr esses, por t nu mbe rs, day of t he w eek , or t im e of d ay . Each rule fo r a sp eci fi c int erf ace in a policy is pro cessed in order , starting with the lowest numbered r ule and proceeding to the highest numb[...]

Softw are Rel ease 2 .3.1 17 Software Release 2.3.1 C613-103 25-00 REV B translates both the public and priva te side source and desti nation addresse s. ENHANCED NA T defined for a private interfac e will translate the private side source ad dress (specified using the IP parameter) and pr otocol dependent ports to a single source address (specifie[...]

18 Release Note Software Release 2.3.1 C613-10325 -00 REV B T able 2: Require d parameters for Firewall NA T rules. Key to table: ■ Direction I = in. The rule is applied to a public in terface. O = out. The rule is applied to a private interface. ■ S = Selector . The value supplied for this parameter is compared to the corres pon di ng fi eld i[...]

Softw are Rel ease 2 .3.1 19 Software Release 2.3.1 C613-103 25-00 REV B redir ection any web traffic from the user ’s PC or lapto p can be redire cted to the ISP's web server . This for ces the user to arrange payment for using the service before being able to browse to any other site. W ith appropriate supp orting “deny” rules, all oth[...]

20 Release Note Software Release 2.3.1 C613-10325 -00 REV B Figur e 5: Using e nhanced NA T in an IPsec tunne l with diff erent I Psec and de fault gateways. Standard NA T T o translate the source addr ess of traf fic received on the private interface eth0 and dest ined for addr esses in the range 210 .25.4.1-21 0.25.4.99 t o the glo bal subnet 210[...]

Softw are Rel ease 2 .3.1 21 Software Release 2.3.1 C613-103 25-00 REV B Reverse NA T T o redirect all traffic r eceived on a private interface to a des tination of 210.25.7.1, without changing the source a ddress, use the command: ADD FIREWALL POLICY=zone1 RULE=51 ACTI ON=NAT NATTYPE=REVERSE INT=eth1 PROTOCOL=all GBLREMOTEIP=210.2 5.7.1 Changing S[...]

22 Release Note Software Release 2.3.1 C613-10325 -00 REV B Fir ewall HTTP Pr oxies and Firew all Policies T o add or delete a Firewall HTTP proxy , use the new HTTP option for the PROXY parameter in the commands: ADD FIREWALL POLICY= po licy-name PROXY={ HTTP |SMTP} INTERFACE= interface GB LINTERFACE= interface DIRECTION={IN| OUT|BOTH} [IP= ipadd [...]

Softw are Rel ease 2 .3.1 23 Software Release 2.3.1 C613-103 25-00 REV B per line. Options are supplied after the entry and a colon . Each option is separated by a spa ce. The option keyw ords that are allowed for each ent ry are “allow” and “nocookies” . The “allow” opt ion will explicitl y allow the U RL, or part of the URL, given on [...]

24 Release Note Software Release 2.3.1 C613-10325 -00 REV B Figur e 6: Ex ample of a HTTP fil ter file. HTTP Cookies By default, HTTP cook ie r equests are allowed to pa ss through the HTTP proxy configur ed under the fir ewall policy . T o discard coo kie sets fr om particular domains or URLs, put entries in the filter file for the direction in wh[...]

Softw are Rel ease 2 .3.1 25 Software Release 2.3.1 C613-103 25-00 REV B T o re-enable HTTP cookie requests to pass through the HTTP proxy , use the command: ENABLE FIREWALL POLICY= name HTTPCOOKIE S For example, to enable the passi ng of HTTP cookies through HTTP proxies configured fo r the policy zone1, use the command: ENABLE FIREWALL POLICY=zon[...]

26 Release Note Software Release 2.3.1 C613-10325 -00 REV B VRRP Port Monitoring V irtual Router Redundancy Protocol (VRRP) is now able to monitor ports in the VLAN over which it is runn ing, and reduce the priority of the router or switch if ports in th e VLAN fail. Ports th at ar e part of a VLAN over w hich a VR is ru nning can be monitor ed to [...]

Softw are Rel ease 2 .3.1 27 Software Release 2.3.1 C613-103 25-00 REV B If the PROPOR TIONAL option is specified, the virtual router r educes the priority to a percentage of the original priority in proportion the per centage of availa ble ports. F or example, i f a ro uter has f ive ports and a port fails, the router will drop its priority by a f[...]

28 Release Note Software Release 2.3.1 C613-10325 -00 REV B Border Gateway Protocol 4 (BGP-4) The Border Gateway Pr otocol version 4 (BGP-4) is an external gateway pr otoco l which allows two routers in differe nt routing domains to exchange routing information. Softwar e release 2.3 .1 supports phase one implementation of BGPv4 on AR700 Series r o[...]

Softw are Rel ease 2 .3.1 29 Software Release 2.3.1 C613-103 25-00 REV B Inter net Protocol (IP) In conjunction with BGP-4, a n umber of new commands have been added to the implementation of IP , and several commands have been modified. The new co mmands are: ■ ADD IP ASP A THL IST ■ ADD IP COMMUNITYLIST ■ ADD IP ROUTEMAP ■ DELETE IP ASP A [...]

30 Release Note Software Release 2.3.1 C613-10325 -00 REV B T o reset IP interfaces, use the command: RESET IP COUNTER={ALL|ARP|EGP|ICMP|INTERFACE|IP|MULTICAST| ROUTE|SNMP|UDP} This command resets the specified group of IP counters to zer o (0). The COUNTER parameter specifies the group of counters to be reset. If ALL is specified, all IP counters [...]

Softw are Rel ease 2 .3.1 31 Software Release 2.3.1 C613-103 25-00 REV B Figur e 8: Ex ample out put from the SHO W IP COUN TER=INTER FAC E comman d. IP Interface Counters -------------------------------------- --------------------------------- --------- Interface ifInPkts ifInBcastP kts ifInUcastPkts ifInDisc ards Type ifOutPkts ifOutBcastP kts if[...]

32 Release Note Software Release 2.3.1 C613-10325 -00 REV B Figur e 9: Ex ample out put from the SHO W IP COUN TER=SNMP command. SNMP counters: inPkts .......................... 0 outPkts ................... ...... 0 inBadVersions ................... 0 outTooBigs ................ ...... 0 inBadCommunityNames ............. 0 outNoSuchNames .........[...]

Softw are Rel ease 2 .3.1 33 Software Release 2.3.1 C613-103 25-00 REV B T elephon y (PBX) Functionality AR300 Series r outers with telephony ports now offer a choice of ISDN supplemental services or internal PBX functions. The PBX fun ctions are enabled by default, but one or more extensions can be set to su pport ISDN supplemental services instea[...]

34 Release Note Software Release 2.3.1 C613-10325 -00 REV B Bandwi dth Limi ting This feature will be available on Ra pier i Series layer 3 switches only , when these models become available. Ingress and egress bandwidth limits are specified separa tely . Limits can be configured fo r each switch port using the command: SET SWITCH PORT= port-list [[...]

Softw are Rel ease 2 .3.1 35 Software Release 2.3.1 C613-103 25-00 REV B ENABLE TELNET SER VER Synt ax ENABLE TELNET SERVER Description This command enables the T elnet server to be accessed r emotely . The T elnet server is enabled by default. SHOW TELNET Synt ax SHOW TELNET Description This command disp lays information ab out the current T elnet[...]

36 Release Note Software Release 2.3.1 C613-10325 -00 REV B The LOGIN parameter is used to specify whether or not users with a privilege of “user” will be a ble to login to the com mand line interface. Usern ames with LOGIN set to TRUE can be used both for P AP and CHAP authentication, and to login and access the com mand line. Usernames with L[...]