User manual ALCATEL-LUCENT SPEDDTOUCH DSL ROUTERS - 1

AlcatelTM DSL Router Family Command Line Interface Guide P/N 3EC 16963 AAAA-TCZZA October 1999 Copyright Alcatel provides this publication "as is" without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. All rights reserved. No part of this book may be reproduced in any form or by any means without written permission from Alcatel . Changes are periodically made to the information in this book. They will be incorporated in subsequent editions. Alcatel may make improvements and/or changes in the product described in this publication at any time. © Copyright 1996-1999 Alcatel Trademarks Alcatel is a trademark of Alcatel. All other trademarks and registered trademarks mentioned in this manual are the sole property of their respective companies. 2 AlcatelTM DSL Router Family Command Line Interface Preface About This Guide The Command Line Interface guide contains information on the syntax and use of the Command Line Interface for the family of DSL routers. It provides the steps and information needed to configure the router software and troubleshoot problems using the Command Line Interface. Configuration of network connections, bridging, routing, and security features are essentially the same for all DSL routers, unless otherwise noted. The guide also provides detailed information about the system's bridging, routing, addressing, and security operations. This guide is intended for small and home office users, remote office users, and other networking professionals who are installing and maintaining bridged and routed networks. How This Guide is Organized This guide is intended to help you configure and manage the router using the Command Line Interface. The guide assumes that you have read the information about the router and installed the hardware using the Internet Quick Start Guide. The guide is divided into eight parts: Introduction. Describes the features of the Command Line Interface. Advanced Topics. Contains additional information on topics such as interoperability, routing and bridging operations, PAP/CHAP security negotiation, bandwidth management, protocol conformance, and the file system. Planning for Router Configuration. Provides information unique to configuration using the Command Line Interface including worksheets for collecting required information. Configuring Router Software. Describes how to configure the router using the Command Line Interface. Configuring Special Features. Describes how to configure features such as Bridging Filtering, RIP, DHCP, NAT, Management Security, Software Options Keys, Encryption, IP Filtering, and L2TP Tunneling. Command Line Interface Reference. Describes the syntax of each command and the results when the command is entered. Managing the Router. Describes SNMP management capabilities, TFTP client and server, TELNET support and how to upgrade the system software, boot code, backup and restore configuration files, FLASH memory recovery procedures, and batch file command execution. Troubleshooting. Describes diagnostic tools used for identifying and correcting hardware and software problems. References User Guide. Contains an overview of the router's software and hardware features and details on hardware installation and software configuration using the Windows-based Configuration Manager. Quick Start Guide. Describes the configuration process involved in setting up a specific router model. Typographic Conventions The following conventions are used in this guide: Item Book titles, command reference parameters, reference to a specific section/chapter in this guide, emphasis in text. Keywords in command reference instructions Examples showing you what to type and what is displayed on the terminal. File names Italics Type Face Examples Refer to Chapter 1. Advanced Features system name Bold Mono-spaced font save remote listIpRoute hq Upper case Copy file CFGMGR.EXE 4 Preface Table of Contents Preface About This Guide How This Guide is Organized References Typographic Conventions Table of Contents Introduction Chapter 1. Advanced Topics Interoperability Routing Bridging Bridging and Routing Operation Bridging and Routing Configuration Settings Point-To-Point Protocol (PPP) PAP/CHAP Security Authentication General Security Authentication Security Configuration Settings Authentication Process Protocol Conformance Protocol Standards IP Routing IPX Routing Encapsulation Options PPP PPPLLC RFC 1483 or RFC 1490 MAC Encapsulated Routing: RFC 1483MER (ATM) or RFC 1490MER (Frame Relay) FRF8 rawIP System Files Bridge Filtering Unique System Passwords Chapter 2. Planning for Router Configuration Important Terminology Essential Configuration Information PPP Link Protocol (over ATM or Frame Relay) RFC 1483/RFC 1490 Link Protocols MAC Encapsulated Routing: RFC 1483MER/RFC 1490MER Link Protocols FRF8 Link Protocol Dual-Ethernet Router Configuration Chapter 3. Configuring Router Software Configuration Tables Configuring PPP with IP Routing Configuring PPP with IPX Routing Configuring PPP with Bridging Configuring RFC 1483 / RFC 1490 with IP Routing Configuring RFC 1483 / RFC 1490 with IPX Routing Configuring RFC 1483 / RFC 1490 with Bridging 3 3 3 4 4 5 9 11 11 11 12 12 13 14 14 15 16 16 17 17 17 17 17 18 18 18 19 19 19 20 20 22 23 23 24 25 30 35 37 39 40 41 42 43 44 45 46 47 Table of Contents 5 Configuring MAC Encapsulated Routing: RFC 1483MER / RFC 1490MER with IP Routing Configuring FRF8 with IP Routing Configuring Mixed Network Protocols Configuring a Dual-Ethernet Router for IP Routing Verify the Router Configuration Test IP Routing Test Bridging to a Remote Destination Test IPX Routing Sample Configurations Sample Configuration 1: PPP with IP and IPX Sample Configuration 2: RFC 1483 with IP and Bridging Sample Configuration 3: Configuring a Dual-Ethernet Router for IP Routing Chapter 4. Configuring Special Features Bridge Filtering and IP Firewall General Information Configure Bridge Filtering Enable/Disable Internet Firewall Filtering IP (RIP) Protocol Controls Dynamic Host Configuration Protocol (DHCP) General Information Manipulating Subnetworks and Explicit Client Leases Setting Option Values BootP Defining Option Types Configuring BootP/DHCP Relays Other Information Network Address Translation (NAT) General NAT Rules Masquerading Classic NAT Client Configuration Management Security Disable Telnet and SNMP Restore Telnet and SNMP Validation of Telnet and SNMP Clients Restrict Remote Access Changing the SNMP Community Name Disable WAN Management System Log Software Option Keys Encryption PPP DES (RFC 1969) Encryption Diffie-Hellman Encryption IP Filtering Filters and Interfaces Configuring Filters with Network Address Translation Enabled Filter Actions IP Filter Commands Special Notes L2TP Tunneling -- Virtual Dial-Up Introduction L2TP Concepts Configuration 48 49 50 51 52 52 52 53 54 54 62 68 69 69 69 69 70 71 72 72 73 75 77 79 80 80 80 80 81 84 85 87 87 87 87 88 88 88 89 89 89 90 92 93 93 94 95 95 95 96 96 96 99 6 Table of Contents Sample Configurations Chapter 5. Command Line Interface Reference Command Line Interface Conventions Command Input Command Output Command Organization ? or HELP System-Level Commands Frame Statistics Router Configuration Commands Target Router System Configuration Commands (SYSTEM) Target Router Ethernet LAN Bridging and Routing (ETH) Remote Router Access Configuration (REMOTE) Asymmetric Digital Subscriber Line Commands (ADSL) Asynchronous Transfer Mode Commands (ATM) DMT Command Dual-Ethernet Router Commands (ETH) High-Speed Digital Subscriber Line Commands (HDSL) ISDN Digital Subscriber Line (IDSL) Symmetric Digital Subscriber Line Commands (SDSL) Dynamic Host Configuration Protocol Commands (DHCP) L2TP -- Virtual Dial-Up Configuration (L2TP) Bridge Filtering Commands (FILTER BR) Save Configuration Commands (SAVE) Erase Configuration Commands (ERASE) File System Commands Chapter 6. Managing the Router Simple Network Management Protocol (SNMP) Telnet Remote Access Client TFTP Facility TFTP Server BootP Server Boot Code Manual Boot Menu Identifying Fatal Boot Failures Software Kernel Upgrades Booting and Upgrading from the LAN Upgrading from the WAN Line Backup and Restore Configuration Files Backup Configuration Files (Recommended Procedure) Restore Configuration Files FLASH Memory Recovery Procedures Recovering Kernels for Routers with Configuration Switches Recovering Kernels for Routers with a Reset Button Recovering Passwords and IP Addresses Routers with Configuration Switches Routers with a Reset Button Batch File Command Execution Chapter 7. Troubleshooting Diagnostic Tools Using LEDs 101 109 109 109 109 109 110 111 113 120 121 134 143 166 168 171 172 176 179 181 185 196 204 206 208 210 215 215 216 216 216 217 217 217 221 221 221 223 224 224 224 225 225 226 227 227 228 228 231 231 231 Table of Contents 7 History Log Ping Command Investigating Hardware Installation Problems Check the LEDs to Solve Common Hardware Problems Problems with the Terminal Window Display Problems with the Factory Configuration Investigating Software Configuration Problems Problems Connecting to the Router Problems with the Login Password Problems Accessing the Remote Network Problems Accessing the Router via Telnet Problems Downloading Software System Messages Time-Stamped Messages History Log How to Obtain Technical Support Appendix A. Network Information Worksheets Configuring PPP with IP Routing Configuring PPP with IPX Routing Configuring PPP with Bridging Configuring RFC 1483 / RFC 1490 with IP Routing Configuring RFC 1483 / RFC 1490 with IPX Routing Configuring RFC 1483 / RFC 1490 with Bridging Configuring RFC 1483MER / RFC 1490MER with IP Routing Configuring FRF8 with IP Routing Configuring a Dual-Ethernet Router for IP Routing Appendix B. Configuring IPX Routing IPX Routing Concepts Configure IPX Routing Step 1: Collect Your Network Information for the Target (Local) Router Step 2: Review your Settings Appendix C. Access the Command Line Interface Connect the PC to the Console Port of the Router Access the Command Line Interface Terminal Window under Configuration Manager Terminal Session under Windows (HyperTerminal) Terminal Session for a Non-Windows Platform (Macintosh or UNIX) Telnet Session Index 232 233 234 234 234 234 235 235 235 236 238 238 238 239 241 241 243 244 245 246 247 248 249 250 251 252 253 253 253 254 255 257 257 257 257 258 258 258 259 8 Table of Contents Introduction This guide provides steps and information needed to configure the DSL or Dual-Ethernet router software using the Command Line Interface1. The Command Line Interface covers the following basic configuration topics: · · · · Set names, passwords, PVC numbers, and link and network parameters Configure specific details within a protocol, such as IP or IPX addresses and IP protocol controls Activate bridging and routing protocols Enable the Internet firewall filter with IP routing The Command Line Interface also provides the following advanced features: · · · · · · · · · · · · · · · · · Manage the router's file system Set bridging filters Configure the type of DSL technology specific to your router (e.g., ADSL, SDSL) Configure the Dual-Ethernet router Issue online status commands Monitor error messages Set RIP options Configure DHCP Configure NAT Configure Telnet/SNMP security Configure host mapping Configure IP multicast Create and execute script files Configure encryption Configure IP filtering Configure L2TP tunneling Enable software options keys 1. The Microsoft® WindowsTM-based Configuration Manager or Quick Start program (featuring an easyto-use, point-and-click GUI interface) provides another way to configure the router's software. Please refer to Access the Command Line Interface section in this guide if you intend to use Configuration Manager or Quick Start as your primary configuration tool. 10 Introduction Chapter 1. Advanced Topics This chapter provides information on advanced topics useful to network administrators. Interoperability The router uses industry-wide standards to ensure compatibility with routers and equipment from other vendors. To interoperate, the router supports standard protocols on the physical level, data link level for frame type or encapsulation method, and network level. For two systems to communicate directly, they must use the same protocol at each level. Most protocols do not support negotiable options, except for PPP. The physical protocol level includes hardware and electrical signaling characteristics. This support is provided by the router Ethernet and modem hardware interfaces. The data-link protocol level defines the transmission of data packets between two systems over the LAN or WAN physical link. The frame type or encapsulation method defines a way to run multiple network-level protocols over a single LAN or WAN link. The router supports the following WAN encapsulations: · · · · · · · PPP (VC multiplexing) PPP (LLC multiplexing) RFC 1483 (for ATM) RFC 1483 with MAC encapsulated routing (for ATM) FRF8 (for ATM) RFC 1490 (for Frame Relay) RFC 1490 with MAC encapsulated routing (for Frame Relay) Routing The network protocol provides a way to route user data from source to destination over different LAN and WAN links. Routing relies on routing address tables to determine the best path for each packet to take. The routing tables can be seeded; i.e., addresses for remote destinations are placed in the table along with path details and the associated costs (path latency). The routing tables are also built dynamically; i.e., the location of remote stations, hosts, and networks are updated from broadcast packet information. Routing helps to increase network capacity by localizing traffic on LAN segments. It also provides security by isolating traffic on segmented LANs. Routing extends the reach of networks beyond the limits of each LAN segment. Numerous network protocols have evolved, and within each protocol are associated protocols for routing, error handling, network management, etc. The following chart displays the networking and associated protocols supported by the router. Chapter 1. Advanced Topics 11 Network Protocol Internet Protocol (IP) Associated Protocols Routing Information Protocol (RIP) Description Maintains a map of the network Address-Resolution Protocol (ARP) Reverse Address Resolution Protocol (RARP)a Maps IP addresses to datalink addresses Maps data-link addresses to IP addresses Diagnostic and error reporting/ recovery Network management Maintains a map of the network Internetwork Control Message Protocol (ICMP) Simple Network Management Protocol (SNMP) Internet Packet Exchange (IPX) Routing Information Protocol (RIP)b Service Advertising Protocol (SAP) a Used only during a network boot b IPX-RIP is a different protocol from IP-RIP and it includes time delays Distributes information about service names and addresses Most of the router's operation on each protocol level is transparent to the user. Some functions are influenced by configuration parameters, and these are described in greater detail in the following sections. Bridging Bridging connects two or more LANs so that all devices share the same logical LAN segment and network number. The MAC layer header contains source and destination addresses used to transfer frames. An address table is dynamically built and updated with the location of devices when the frames are received. Transparent bridging allows locally connected devices to send frames to all devices as if they were local. Bridging allows frames to be sent to all destinations regardless of the network protocols used. It allows protocols that cannot be routed (such as NETBIOS) to be forwarded and allows optimizing internetwork capacity by localizing traffic on LAN segments. A bridge extends the physical reach of networks beyond the limits of each LAN segment. Bridging can increase network security with filtering. The router bridging support includes the IEEE 802.1D standard for LAN-to-LAN bridging and the Spanning Tree Protocol for interoperability with other vendors' bridge/routers. Bridging is provided over PPP as well as adjacent LAN ports. Most of the router's bridging operation is transparent. Some functions are influenced by configuration parameters, which are described in greater detail in the following sections. Bridging and Routing Operation The router can operate as a bridge, a router, or as both (sometimes called a brouter). 12 Chapter 1. Advanced Topics · · · · The router will operate as a router for network protocols that are enabled for routing (IP or IPX). The router will operate as a bridge for protocols that are not supported for routing. Routing takes precedence over bridging; i.e., when routing is active, the router uses the packet's protocol address information to route the packet. If the protocol is not supported, the router will use the MAC address information to forward the packet. Operation of the router is influenced by routing and bridging controls and filters set during router configuration as well as automatic spoofing and filtering performed by the router. For example, general IP or IPX routing, and routing or bridging from specific remote routers are controls set during the configuration process. Spoofing and filtering, which minimize the number of packets that flow across the WAN, are performed automatically by the router. For example, RIP routing packets and certain NetBEUI packets are spoofed even if only bridging is enabled. Bridging and Routing Configuration Settings The router can be configured to perform general routing and bridging while allowing you to set specific controls. One remote router is designated as the outbound default bridging destination. All outbound bridging traffic with an unknown destination is sent to the default bridging destination. Bridging from specific remote routers can be controlled by enabling or disabling bridging from individual remote routers. Routing is performed to all remote routers entered into the remote router database. All routing can be enabled or disabled with a system-wide control. The following charts describe the operational characteristics of the router, based on configuration settings. IP/IPX Routing On Data packets carried Operational characteristics Typical usage Bridging to/from Remote Router Off IP (TCP, UDP), IPX Basic IP, IPX connectivity When only IP/IPX traffic is to be routed and all other traffic is to be ignored. For IP, used for Internet access. Note: This is the most easily controlled configuration. Chapter 1. Advanced Topics 13 IP/IPX Routing On Data packets carried Operational characteristics Typical usage Bridging to/from Remote Router On IP/IPX routed; all other packets bridged. IP/IPX routing and allows other protocols, such as NetBEUI (that can't be routed), to be bridged. When only IP/IPX traffic is to be routed but some non-routed protocol is required. Used for client/server configurations. IP/IPX Routing Off Data packets carried Operational characteristics Typical usage Bridging to/from Remote Router On All packets bridged. Allows protocols, such as NetBEUI (that can't be routed) to be bridged. Peer-to-peer bridging and when the remote end supports only bridging. Point-To-Point Protocol (PPP) PPP is an industry standard WAN protocol for transporting multi-protocol datagrams over point-to-point connections. PPP defines a set of protocols, such as security and network protocols, that can be negotiated over the connection. PPP includes the following protocols: · · Link Control Protocol (LCP) to negotiate PPP; i.e., establish, configure and test the datalink connection. Network Control Protocols (NCPs), such as: TCP/IP routing Internet Protocol Control Protocol (IPCP) IPX routing Control Protocol (IPXCP) Bridge Control Protocol (BNCP) · Security Protocols including PAP and CHAP A more detailed description of the router's implementation of some of these protocols appears the following section. A list of PPP protocol conformance is included later in this section. PAP/CHAP Security Authentication Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) under PPP are supported by the router. However, security authentication may or may not be needed depending on the requirements of the remote end. The nature of the connection in a DSL environment (traffic occurs on a dedicated line/virtual circuit) does not require authentication unless that is specifically required by the remote end, the ISP, or the NSP. When authentication is not required, security can be disabled with the command remote disauthen. 14 Chapter 1. Advanced Topics General Security Authentication Security authentication may be required by the remote end. The following information describes how authentication occurs. PAP provides verification of passwords between routers using a two-way handshake. One router (peer) sends the system name and password to the other router. Then the other router (known as the authenticator) checks the peer's password against the configured remote router's password and returns acknowledgment. PAP Authentication 1 New York ...New York & xyz....... Chicago 2 System Name=New York System Password=xyz .....Accepted/Rejected....... Remote Router Database Remote=Chicago Password=abc Remote Router Database Remote=New York Password=xyz System Name=Chicago System Password=abc CHAP is more secure than PAP because unencrypted passwords are not sent across the network. CHAP uses a three-way handshake. One router (known as the authenticator) challenges the other router (known as the peer) by generating a random number and sending it along with the system name. The peer then applies a one-way hash algorithm to the random number and returns this encrypted information along with the system name. The authenticator then runs the same algorithm and compares the result with the expected value. This authentication method depends upon a password or secret known only to both ends. CHAP Authentication New York 1 CHALLENGE ...New York & random number....... Chicago Hashes random number and secret `abc' System Name=New York System Password=xyz Remote Router Database Remote=Chicago Password=abc Performs same hash with number and secret `abc' and compares results 2 .....Chicago & encrypted secret....... 3 .....Accepted/Rejected....... System Name=Chicago System Password=abc Remote Router Database Remote=New York Password=xyz Chapter 1. Advanced Topics 15 Security Configuration Settings The router has one default system password used to access any remote router. This "system authentication password" is utilized by remote sites to authenticate the local site. The router also allows you to assign a unique "system override password" used only when you are connecting to a specific remote router for authentication by that remote site. Each remote router entered in the remote router database has a password used when the remote site attempts to gain access to the local router. This "remote authentication password" is utilized by the router to authenticate the remote site. Each remote router entered in the remote router database also has a minimum security level, known as the "remote authentication protocol," that must be negotiated before the remote router gains access to the local router. In addition, a system-wide control, "system authentication protocol," is available for overriding the minimum security level in the entire remote router database. Authentication Process The authentication process occurs regardless of whether a remote router connects to the local router or vice versa, and even if the remote end does not request authentication. It is a bi-directional process, where each end can authenticate the other using the protocol of its choice (provided the other end supports it). During link negotiation (LCP), each side of the link negotiates which protocol to use for authentication during the connection. If both the system and the remote router have PAP authentication, then they negotiate PAP authentication. Otherwise, the router always requests CHAP authentication first; if CHAP is refused, PAP will be negotiated. If the remote end does not accept either PAP or CHAP, the link is dropped; i.e., the router will not communicate without a minimum security level. On the other hand, the router will accept any authentication scheme required by the remote node, including no authentication at all. During the authentication phase, each side of the link can request authentication using the method they negotiated during LCP. For CHAP, the router issues a CHAP challenge request to the remote side. The challenge includes the system name and random number. The remote end, using a hash algorithm associated with CHAP, transforms the name and number into a response value. When the remote end returns the challenge response, the router can validate the response challenge value using the entry in the remote router database. If the response is invalid, the call is disconnected. If the other end negotiated CHAP, the remote end can, similarly, request authentication from the local router. The router uses its system name and password to respond to CHAP challenge. For PAP, when a PAP login request is received from the remote end, the router checks the remote router PAP security using the remote router database. If the remote router is not in the remote router database or the remote router password is invalid, the call is disconnected. If the remote router and password are valid, the local router acknowledges the PAP login request. If PAP was negotiated by the remote end for the remote-side authentication, the router will issue PAP login requests only if it knows the identity of the remote end. The identity is known if the call was initiated from the router, or if the remote end returned a successful CHAP challenge response. For security reasons, the router will never identify itself using PAP without first knowing the identity of the remote router. If PAP was negotiated by the remote end for the local side of the authentication process and the minimum security level is CHAP, as configured in the remote router database, the link will be dropped for a security violation. 16 Chapter 1. Advanced Topics Protocol Conformance Protocol Standards The router conforms to RFCs designed to address performance, authentication, and multi-protocol encapsulation. The following RFCs are supported: · · · · · · · · · · · · · · · · RFC 1058 Routing Information Protocol (RIP) RFC 1144 Compressing TCP/IP headers (Van Jacobson) RFC 1220 Bridging Control Protocol (BNCP) RFC 1332 IP Control Protocol (IPCP) RFC 1334 Password Authentication Protocol and Challenge Handshake Authentication Protocol (PAP/ CHAP) RFC 1483 Multiprotocol Encapsulation over ATM Adaptation Layer 5 RFC 1490 Multiprotocol Interconnect over Frame Relay RFC 1552 Novell IPX Control Protocol (IPXCP) RFC 1577 Classical IP and ARP over ATM RFC 1661 Point-to-Point Protocol (PPP) RFC 1723 RIP Version 2 RFC 1962 PPP Compression Control Protocol (CCP) RFC 1973 PPP in Frame Relay RFC 1974 Stac LZS compression protocol RFC 1990 Multi-Link Protocol (MLP) RFC 2131 and 2132 Dynamic Host Configuration Protocol (DHCP) IP Routing IP routing support, in conformance with RFC 791, provides the ability to process TCP/IP frames at the network layer for routing. IP routing support includes the Routing Interface Protocol (RIP), in conformance with RFC 1058 (RIP v.1) and RFC 1723 (RIP v.2). IPX Routing IPX routing conforms to the Novell® NetWareTM IPX Router Development Guide, Version 1.10. Encapsulation Options This section describes in technical terms the format of each packet associated with a particular encapsulation option supported by the router. The encapsulation type for each remote entry is defined using the remote setProtocol command. Chapter 1. Advanced Topics 17 PPP Each packet begins with a one- or two-byte protocol ID. Typical IDs are: 0xc021--LCP 0x8021--IPCP 0x0021--IP 0x002d-- Van Jacobson compressed TCP/IP 0x002f--Van Jacobson uncompressed TCP/IP 0x8031--Bridge NCP 0x0031--Bridge Frame The command for this encapsulation option is: remote setProtocol PPP Note: With PPP over ATM, the address and control fields (i.e., FF03) are never present; this also is the case for LCP packets. PPPLLC This protocol (LLC-multiplexed) allows PPP traffic to be carried simultaneously with other traffic on a single virtual circuit (as opposed to the PPP method of encapsulation--VC multiplexing--which dedicates a virtual circuit to PPP traffic only). Each PPP packet is prepended with the sequence 0xFEFE03CF. Thus, an LLC packet has the format: 0xFEFE03CF 0xC021. The command for this encapsulation option is: remote setProtocol PPPLLC RFC 1483 or RFC 1490 Bridging User data packets are prepended by the sequence 0xAAAA0300 0x80c20007 0x0000 followed by the Ethernet frame containing the packet. 802.1D Spanning Tree packets are prepended with the header 0xAAAA0300 0x80C2000E. Routing IP packets are prepended with the header 0xAAAA0300 0x00000800. IPX packets are prepended with the header 0xAAAA0300 0x00008137. The commands for this encapsulation option are: remote setProtocol RFC1483 (for ATM) remote setProtocol FR (for Frame Relay - RFC 1490) 18 Chapter 1. Advanced Topics MAC Encapsulated Routing: RFC 1483MER (ATM) or RFC 1490MER (Frame Relay) MER encapsulation allows IP packets to be carried as bridged frames, but does not prevent bridged frames from being sent as well, in their normal encapsulation format: RFC 1483 (ATM) or RFC 1490 (Frame Relay). If IP routing is enabled, then IP packets are prepended with the sequence 0xAAAA0300 0x80c20007 0x0000 and sent as bridged frames. If IP routing is not enabled, then the packets appear as bridged frames. The commands for this encapsulation option are: remote setProtocol RFC1483MER (for ATM) remote setProtocol MER (for Frame Relay) FRF8 IP packets have prepended to them the following sequence: 0x03CC. The command for this encapsulation option is: remote setprotocol FRF8 Note: This protocol allows sending ATM over Frame Relay. rawIP IP packets do not have any protocol headers prepended to them; they appear as IP packets on the wire. Only IP packets can be transported since there is no possible method to distinguish other types of packets (bridged frames or IPX). The command for this encapsulation option is: remote setProtocol rawIP Chapter 1. Advanced Topics 19 System Files The router's file system is a DOS-compatible file system, whose contents are as follows: : SYSTEM.CNF: These are configuration files containing: DOD SYS ETH Remote Router Database System Settings: name, message, authentication method, and passwords Ethernet LAN configuration settings DHCP.DAT: DHCP files. FILTER.DAT: Bridge filters. KERNEL.F2K: Router system software (KERNEL.FP1 for IDSL routers). ETH.DEF: File used by the manufacturer to set a default Ethernet configuration. ASIC.AIC: Firmware for the xDSL modem or ATM interface. ATM.DAT: ATM configuration file. I2TP Tunnening Database ATOM.DAT SDSL.DAT DMT.DAT IPSEC.DAT IKE.DAT AUTOEXEC.BAT - Autoexec file of commands to run on next reboot. AUTOEXEC.OLD - Autoexec file that has run already Note: Users should not delete any of these files, unless advised by Tech Support. Any file contained within the system may be retrieved or replaced using the TFTP protocol. Specifically, configuration files and the operating system upgrades can be updated. Only one copy for the router software is allowed in the router's FLASH memory. Refer to Chapter 6. Managing the Router on page 215 for details on software upgrades, booting router software, copying configuration files, and restoring router software to FLASH memory. Bridge Filtering You can control the flow of packets across the router using bridge filtering. Bridge filtering lets you "deny"or "allow" packets to cross the network based on position and hexadecimal content within the packet. This feature lets you restrict or forward messages with a specified address, protocol, or data content. Common uses are to prevent access to remote networks, control unauthorized access to the local network, and limit unnecessary traffic. 20 Chapter 1. Advanced Topics