Manuale d’uso / di manutenzione del prodotto XSR-Series del fabbricante Enterasys Networks
Vai alla pagina of 55
Enterasys Networks XSR-XPEDITION Security Routers XSR-Series IP-Function and Advanced Se rvices May 2004 Confi g uration Guide.
Configuration Guide Page 2 of 55 Table of Contents Table of Contents Table of Contents Table of Contents p p p pag e age age age 1.0 IP-Address and Se condary Addresses con figuration .............................................. 4 1.1 IP-Static- routing .
Configuration Guide Page 3 of 55 9.0r1 VPN IPSEC site-t o-site tun nel via pre-shared key .............................................. 31 9.0r2 VPN IPSEC site-t o-site tun nel via pre-shared key .............................................. 32 9.1 VPN IPSEC site-to- site tunnel ce rtific ation PKI.
Configuration Guide Page 4 of 55 1.0 IP-Address and Secondary Addresses configu ration XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.
Configuration Guide Page 5 of 55 1.3 IP-OSPF-rou ting XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.255.
Configuration Guide Page 6 of 55 1.4 IP-RIPv1,v 2-ro uting XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.
Configuration Guide Page 7 of 55 1.5 DHC P server, s tatic / dynamic-p ool 1.6 DHC P/Bootp re lay argent / ip -help er XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.
Configuration Guide Page 8 of 55 1.7 SNTP Sim ple Netw ork Time Pr otocol XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! sntp-client server 51.51.51.88 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.
Configuration Guide Page 9 of 55 2.0 Interfa ce descrip tion 2.1 Duplex c onfigu ration on Fast Ether net full/ half 2.2 Speed co nfigurati on on Fast E thernet 10/100M Bit/s XSR-1805#show running-config !! ! Version 4.
Configuration Guide Page 10 of 55 3.0 Access contr ol lis t incomin g outgoi ng 3.1 Access control list 1-99 (s tandard ) 3.2 Access control list 100- 199 (extended ) XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! access-list 2 permit 20.
Configuration Guide Page 11 of 55 3.3 Access control lis t moving onl ine ed it ing XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! access-list 110 deny ip 10.10.10.100 0.0.0.0 any access-list 110 deny ip 10.
Configuration Guide Page 12 of 55 4.0 Virt ual Router Redund ancy Protoco l (RFC 233 8) Router-1-Master XSR-1805_1#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_1 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.
Configuration Guide Page 13 of 55 4.1 VRRP mon itor inte rface func tion, interface tracking Router-1-Master XSR-1805_1#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_1 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.
Configuration Guide Page 14 of 55 4.2 NAT s tatic bind ings XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.10.10.1 255.255.
Configuration Guide Page 15 of 55 5.0 Dialer Inte rface XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface bri 1/0 isdn switch-type basic-ne.
Configuration Guide Page 16 of 55 5.1 Dialer Backup inte rf ace functi on XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! controller e1 0/2/0 clock.
Configuration Guide Page 17 of 55 5.2 PAP for authentica tion PPP XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 username remote privilege 0 "p.
Configuration Guide Page 18 of 55 5.3 CHAP fo r authentic ation PPP XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 username remote privilege 0 clear.
Configuration Guide Page 19 of 55 5.4.1 VPN via Diale r Interface rtr1 XSR-1805-1#show running-config !! ! Version 6.0.0.9, Built Dec 12 2003, 14:56:30 ! hostname XSR-1805-1 ! interface bri 0/1/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 101 permit ip 20.
Configuration Guide Page 20 of 55 5.4.2 VPN via Diale r Interface rtr2 XSR-1805-2#show running-config !! ! Version 6.0.0.9, Built Dec 12 2003, 14:56:30 ! hostname XSR-1805-2 ! interface bri 0/2/0 isdn switch-type basic-net3 no shutdown dialer pool-member 1 priority 0 ! access-list 102 permit ip 10.
Configuration Guide Page 21 of 55 5.5.1 Diale r Int. PRI to BRI with D-chann el-call back central-si te XSR-central#show running-config !! ! Version 6.
Configuration Guide Page 22 of 55 5.5.2 Diale r Int. PRI to BRI with D-chann el-call back remote 1-site remote1#show running-config !! ! Version 6.0.0.
Configuration Guide Page 23 of 55 5.5.3 Diale r Int. PRI to BRI with D-chann el-call back remote 2-site remote1#show running-config !! ! Version 6.0.0.
Configuration Guide Page 24 of 55 6.0 ISDN c onfig f or BRI x/ x 6.1 ISDN sw itch typ e chang ing XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! i.
Configuration Guide Page 25 of 55 6.2 ISDN ca llback XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface bri 1/0 isdn switch-type basic-net3 .
Configuration Guide Page 26 of 55 6.3 ISDN m ultil ink / ISN D channel b undling XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface bri 1/0 .
Configuration Guide Page 27 of 55 7.0 PPPoE on Fast Ethernet interf aces 7.1 IP-address negotiat ion for PPPoE XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 ip address 10.10.
Configuration Guide Page 28 of 55 8.0 AAA Authent ication Auth orization Accounting Radius XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "LAN-Interface1" ip address 10.
Configuration Guide Page 29 of 55 8.1 SSH / Te lnet SSH an d Teln et are en ab led b y defau lt SSH an d Teln et are en ab led b y defau lt SSH an d Teln et are en ab led b y defau lt SSH an d Teln et are en ab led b y defau lt XSR-1805#show running-config !! ! Version 4.
Configuration Guide Page 30 of 55 8.3 SNMP con figura tion / contact/ location/ param eter XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 logging 10.
Configuration Guide Page 31 of 55 9.0r1 VPN I PSEC site-to-site tunnel v ia pre-shared key Router-1 XSR-1805_1#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_1 ! crypto isakmp proposal prop-map1 authentication pre-share group 5 lifetime 10800 ! access-list 101 permit ip 10.
Configuration Guide Page 32 of 55 9.0r2 VPN I PSEC site-to-site tunnel v ia pre-shared key Router-2 XSR-1805_2#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_2 ! crypto isakmp proposal prop-map1 authentication pre-share group 5 lifetime 10800 ! access-list 101 permit ip 80.
Configuration Guide Page 33 of 55 9.1 VPN IPSEC site-to- site tunne l certific ation PKI XSR-1805_1#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805_1 ! crypto isakmp proposal prop-map1 authentication rsa-sig group 5 lifetime 10800 ! access-list 101 permit ip 10.
Configuration Guide Page 34 of 55 Issu e C ertificate vi a SCEP protocol to XS R Issu e C ertificate vi a SCEP protocol to XS R Issu e C ertificate vi a SCEP protocol to XS R Issu e C ertific ate vi a SCEP protoc ol to XS R from from from from Wi Wi Wi Win n n ndows dows dows dows 2000 2000 2000 2000 CA CA CA CA : : : : 1.
Configuration Guide Page 35 of 55 9.1.1 Cert ificat ion contr ol / ce rtificates / CRLS / CA id entity XSR-1805_1#show crypto ca certificates Certificate - issued by Enterasys-Networks-CA State: ENTITY-ACTIVE Version: V3 Serial Number: 458876448087542442491910 Issuer: MAILTO=support@enterasys.
Configuration Guide Page 36 of 55 9.3 VPN PPTP User term ination XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 ip address 134.141.130.12 255.255.255.0 no shutdown ! interface FastEthernet2 ip address 192.
Configuration Guide Page 37 of 55 9.4r1 GRE e ncapsulate d in IPSEC site-t o-site tunnel via pre-shared key Router-1 XSR-1805_1#show running-config !! ! Version 6.
Configuration Guide Page 38 of 55 9.4r2 GRE e ncapsulate d in IPSEC site-t o-site tunnel via pre-shared key Router-2 XSR-1805_2#show running-config !! ! Version 6.
Configuration Guide Page 39 of 55 9.5r1 GRE n ative s ite-to-site tunnel Router-1 XSR-1805_1#show running-config !! ! Version 6.0.0.0, Built Sep 14 2003, 11:09:28 ! hostname XSR-1805_1 ! access-list 101 permit gre any any access-list 101 deny ip any any ! interface FastEthernet 1 description "LAN-Interface1" ip address 10.
Configuration Guide Page 40 of 55 9.5r2 GRE n ative s ite-to-site tunnel Router-2 XSR-1805_2#show running-config !! ! Version 6.0.0.0, Built Sep 14 2003, 11:09:28 ! hostname XSR-1805_2 ! access-list 101 permit gre any any access-list 101 deny ip any any ! interface FastEthernet 1 description "LAN-Interface1" ip address 80.
Configuration Guide Page 41 of 55 10.1 D IFFS ERV DSCP fiel d addressing XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! class-map DSCP_EF match access-group 2 match ip dscp EF ! policy-map DSCP_EF class DSCP_EF priority high 12000 ! access-list 2 permit 10.
Configuration Guide Page 42 of 55 11.1 Firewal l configu ration XSR-1805#show running-config !! ! Version 4.0.0.0, Built Mar 26 2003, 19:47:17 ! hostname XSR-1805 ! interface FastEthernet1 description "Interal_network_Private" ip address 10.
Configuration Guide Page 43 of 55 12.1 Vlan c onfigu ration 802.1q tagged r outing XSR-1805#show running-config !! ! Version 6.0.0.0, Built Sep 14 2003, 11:09:28 ! hostname XSR-1805 ! interface FastEthernet 1 description "UnTagged-Native-Interface" ip address 11.
Configuration Guide Page 44 of 55 Appen dix Appen dix Appen dix Appen dix: : : : Import an t commands for us ing the XSR plat form: A1.1 show vers ion - So ftware, Bo otrom, RAM, Flash, System Uptime XSR-1805#show version Enterasys Networks Operating Software Copyright 2002 by Enterasys Networks Inc.
Configuration Guide Page 45 of 55 A1.3 show inte rface - IP address, speed, duplex, stat istics, errors XSR-1805#show interface FastEthernet1 is Admin Up Description: LAN-Interface1 Internet address is 10.10.10.1, subnet mask is 255.255.255.0 The name of this device is Eth1.
Configuration Guide Page 46 of 55 A1.5 flash:/ cflash:/ - d ir, re name, copy command s XSR-1805# dir Listing Directory flash:/ size date time name -------- ------ ------ -------- 4000669 JUN-26-2003 11:00:12 xsr1800.
Configuration Guide Page 47 of 55 B1.0 show ip route XSR-1805#show ip route Codes: C-connected, S-static, R-RIP, O-OSPF, IA-OSPF interarea N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - 0SPF external type 1, E2 - 0SPF external type 2 * - candidate default, D - default route originated from default net C 192.
Configuration Guide Page 48 of 55 C1.0 show tun nels XSR-1805_2#show tunnels Tunnel MIB: ID Creation Time Proto Username Peer IP Packets In/Out 40000001 12/02/03, 13:21 IPSEC (Unknown) 0.
Configuration Guide Page 49 of 55 C1.4 sho w tunnels / GRE via IPSEC XSR-1805_2#show tunnels Tunnel MIB: ID Creation Time Proto Username Peer IP Packets In/Out 40000001 12/02/2003, 16:14 GRE 20.20.20.1 0000003528/0000002552 XSR-1805_2# C1.5 sho w inter face vpn / GRE via IPSEC XSR-1805_2#show interface vpn Vpn1 is Admin Up Internet address is 192.
Configuration Guide Page 50 of 55 D1.1 show ip in terface atm 1/0.1 XSR1805-ADSL#show ip interface atm 1/0.1 ATM 1/0.1 is Admin Up Internet address is 212.184.161.76, subnet mask is 255.255.255.255 Rcvd: 766 octets, 6 unicast packets, 0 discards, 0 errors, 0 unknown protocol.
Configuration Guide Page 51 of 55 D1.3 show con troll ers atm 1/0.1 XSR1805-ADSL#show controllers atm 1/0.1 ********** ATM Sub-Interface Stats ********** ATM 1/0.
Configuration Guide Page 52 of 55 D1.4 show in terface at m 1/0 XSR1805-ADSL #show interface atm 1/0 ********** ATM Interface Stats ********** ATM 1/0 is Admin Up / Oper Up Description: "ADSL-connection" The name of this device is adsl. Administrative State is ENABLED Operational State is UP.
Configuration Guide Page 53 of 55 D1.5 show in terface at m 1/0.1 XSR1805-ADSL #show interface atm 1/0.1 ********** ATM Sub-Interface Stats ********** ATM 1/0.
Configuration Guide Page 54 of 55 D1.6 sho w ppp i nterface atm 1 /0.1 XSR1805-ADSL#show ppp interface atm 1/0.1 ********** PPP Stats ********** ATM 1/0.
Configuration Guide Page 55 of 55 Gett ing Help Gett ing Help Gett ing Help Gett ing Help For a ddition al sup port r elat ed to the XSR, c on tact E nter asys Networ ks us ing one of the follo wing methods: World Wide Web World Wide Web World Wide Web World Wide Web http:// www.
Un punto importante, dopo l’acquisto del dispositivo (o anche prima di acquisto) è quello di leggere il manuale. Dobbiamo farlo per diversi motivi semplici:
Se non hai ancora comprato il Enterasys Networks XSR-Series è un buon momento per familiarizzare con i dati di base del prodotto. Prime consultare le pagine iniziali del manuale d’uso, che si trova al di sopra. Dovresti trovare lì i dati tecnici più importanti del Enterasys Networks XSR-Series - in questo modo è possibile verificare se l’apparecchio soddisfa le tue esigenze. Esplorando le pagine segenti del manuali d’uso Enterasys Networks XSR-Series imparerai tutte le caratteristiche del prodotto e le informazioni sul suo funzionamento. Le informazioni sul Enterasys Networks XSR-Series ti aiuteranno sicuramente a prendere una decisione relativa all’acquisto.
In una situazione in cui hai già il Enterasys Networks XSR-Series, ma non hai ancora letto il manuale d’uso, dovresti farlo per le ragioni sopra descritte. Saprai quindi se hai correttamente usato le funzioni disponibili, e se hai commesso errori che possono ridurre la durata di vita del Enterasys Networks XSR-Series.
Tuttavia, uno dei ruoli più importanti per l’utente svolti dal manuale d’uso è quello di aiutare a risolvere i problemi con il Enterasys Networks XSR-Series. Quasi sempre, ci troverai Troubleshooting, cioè i guasti più frequenti e malfunzionamenti del dispositivo Enterasys Networks XSR-Series insieme con le istruzioni su come risolverli. Anche se non si riesci a risolvere il problema, il manuale d’uso ti mostrerà il percorso di ulteriori procedimenti – il contatto con il centro servizio clienti o il servizio più vicino.