Introduction

The routers are available in a number of configurations with from 1 to 48? interfaces depending on model. All models from the small AR1xx series, through to the Rack mounted AR8xx, and Rapier Switches, share a common software platform.

All models include a basic software and configuration in PROM, plus the current software and configuration in Flash Memory.

Network interfaces

The interfaces provided vary with model but basicaly fall in to two catagories.

Ethernet interfaces

These can be ina any of the common veriants depending on the model.
  • 10baseT
  • 10baseFX
  • 100baseT
  • 1000baseT

WAN interfaces

These all present to the higher layers, as PPP Interfaces, which are implimented over, one or more of Serial, PSTN, ISDN-2, Digital Data Circuits such as BT Kilostream, Frame Relay, T1, E1, ISDN-30, ....

The PPP implimentation is mutli link capable. The available bandwidth on a circuit may be dynamicaly varied by adding or subtracting ISDN chanels as requierments vary.

Virtual Interfaces

These can be created, using protocols such as L2TP, to allow the routing accross WAN links or multi hop connections of data that would not normaly be valid.

Compresion

Number of compresion options are available,
  • VJC Header
  • STAC LZS Software to 128,000 bps
  • STAC LZS Via Hardware option card to 2Mbps? AR-011 AR-012
  • Predictor

Compresion may be at the link layer, or in the form of IP payload compresion. Which allows compresion of suitable packets be for encapsulation and encription. This is performed in an optional hardware modual.

Encription

Hardware 56-bit DES, 2-key and 3-key 3DES encription is available as a hardware modual for use where permited. AR-010 AR-011

NAT and IP filters

Network Address Translation and, IP filters can be applied to network traffic received.

Optional Feature Licencess

The functionality of most of the Allied AR-xxx and, Rapier Switches. Can be extended, with Feature Licences.

Please note the usefullness of these depend on the unit, having sufficent processing power, and memory to handle the task. So do not use on AR-1xx, and AR2xx units.

The variouse feature licences are interdependent, so cirtain features include others.

Allied Statefull Firewall {AT-0014}

This adds a statefull firewall, to the basic IP/IXP/... filters. Rules are created to allow the initial packet of a connection, when a connection starts dynamic filters are added for that connection. The workload from filtering thus depends on, the number of active connections, rather than the number of filter rules created.

Includes dynamic proxies for :-

Also include SSH and its associated encription licences.

Secure Shell

Licence for Secure Shell. Note this includes RSA support.

DES/3DES encription {AT-013}

Allows for 3DES encription on a PPP link to another Allied Telesyn Router.

ISAKMP

ISAKMP is listed as a fearure, as it requiers a licence for RSA encription to work. In practise if you are using ISAKMP you will alread have the necesary licence from one of the other features.

Maintenance

Maintenance

David's PPP FAQ

Accessing Router

Via Serial port

Connect a Terminal or PC with emulation software to Serial port 0

  • VT100 emulation
  • 9600 baud
  • 8 data
  • 1 stop
  • No Parity
  • Hardware Flow Control
  • Username manager
  • Password friend

Switch on router, Diagnostics mesages should be displayed as unit boots. Note There is a prompt to stop loading of software/configs from Flash, If you have realy messed it up.

Via network

If telnet management is enabled you can telnet to the router from a PC or Netterm.

Via ISDN

If router was configured for dial in access then you can access it via an ISDN call. See notes in diagnostics section fro setting up the client.

If all else fails

  • Switch off router.
  • Find a small non conducting pointed object {The cap off a BIC pen is ideal}.
  • Flick switch 2 on the back of the router up.
  • Power on
The router will power up with the following settings
  • Serial port as above
  • Ethernet port 0 enabled on IP address 192.168.44.2/24
  • ISDN enabled auto detect, accept inbound calls {If software at level 1.8.1 or above}

How Packets are processed

Receive logic

IP protocol logic

NAT logic

Filter logic

Standard Configuration

This configuration should be applicable to all Allied Telesyn routers, we configure.

Further Configuration

Internet access

Links Allied to Allied

Links Allied to/from other makes of router

Configuring to accept ISDN link from another router

Extended Config Options

Diagnostics

A number of features are available to aid in diagnosing problems.

There are also a number Technical notes availabe from AlliedTelesyn see the Technotes Index

Configuration Checking

show debug
Will display a set of configuration details usefull for debuging configurations.

ISDN

ISDN connections are prone to more problems than any other.

Points to bear in mind are :-

  • It is a dial call across the telephone network so expect 1 to 2% of calls to fail, {Network busy, wrong number!, ....} just like for a normal phone.
  • ISDN is NOT a digital connection to the exchange, transmition is similar to that of a v32 modem but with the 8kHz line filter removed alowing higher frequencies to be sent.

ISDN interfaces are automaticaly created for each hardware interface detected. ISDN-2 interfaces will be identified as "bri" and a number.

show bri=0 state
Should return ACTIVATED if carrier is being received from the exchange on the first ISDN-2 interface on the router.

reset bri=0
Gives the interface a prod to wake it up.

show lapd
This displays the status of the control layer negociated with the exchange. Look for ALIVE or DEAD if lapd is dead but the interface is active the exchange has lost sync posible due to line noise the following will give it a nudge.

reset q931=0

show isdn log
This displays a list of recent call attempts and there outcome.

For more detail see the ISDN trouble shooting guide

Cisco RAS servers

Cisco RAS servers do not suport LQR {Link Quality Reporting} This results in the line droping after exactly 2 minutes.

To fix
show ppp
Note the number for the problematic connection

set ppp=0 over=isdn-MyISP lqr=off echo=on

Leased line testing

Start by checking the interfaces in use

show syn

reset syn=0 counter
show sysn=0 counter

Wait a few seconds

show syn=0 counter

You should have incrementing counters for both Transmit and receive. If you do not you have found a problem.

If TX is zero either your router or cable is faulty, or the NTU is not providing clock signals.

If TX >0 but RX stuck at zero. you are not recieving data from remote router. Try using loop back facilities do locate fault.

If counters look ok and IP interfaces and routes have been set. You should be able to ping or tracert from a local PC to remote site.

If this does not work try looking at :-

show ppp=0
show ip route

ISDN access to a remote router

This Example will work to a remote router running in switch 2 mode 1.8 software. It will also work if the router has been programed to accept calls.

add isdn call=remote dir=out prec=out num=555100
create ppp=11 over isdn-remote idle=300
enable ip
add ip int=ppp11 ip=192.168.42.1
add ip route=192.168.44.0 mask=255.255.255.0 next=192.168.42.2 int=ppp11

You should now be able to telnet to the remote router.

telnet 192.168.42.2