Administrator's Guide

(1)

MAGNUM DX FAMILY OF ROUTERS

Secure Web Management for Magnum DX family of Routers

MNS-DX Version 3.1

(2)

Preface

This guide describes how to setup and use the Magnum DX family of routers. Some simple guidelines which will be useful for configuring and using the Magnum DX family of routers -

 If you need further information or data sheets on GarrettCom Magnum DX

family of routers, refer to the GarrettCom web links at:

http://www.garrettcom.com/routers.htm

Any feedback or comments can be sent to the GarrettCom Address shown below.

GarrettCom Inc. 47823 Westinghouse Drive

Fremont, CA 94539-7437

Phone (510) 438-9071• Fax (510) 438-9072 Email – Tech support – [email protected]

Email – Sales – [email protected]

(3)

Trademarks

GarrettCom Inc. reserves the right to change specifications, performance characteristics and/or model offerings without notice. GarrettCom, Magnum, S-Ring, MNS-DX, MNS-6K, Link-Loss-Learn, Converter Switch, Convenient Switch and Personal Switch are trademarks and Personal Hub is a registered trademark of GarrettCom, Inc.

NEBS is a registered trademark of Telcordia Technologies. UL is a registered trademark of Underwriters Laboratories. Ethernet is a trademark of Xerox Corporation.

Rights

Except as set forth in the Software License Agreement, GarrettCom makes no representation that software programs and practices described herein will not infringe on existing or future patent rights, copyrights, trademarks, trade secrets or other proprietary rights of third parties and GarrettCom makes no warranties of any kind, either express or implied, and expressly disclaims any such warranties, including but not limited to any implied warranties of merchantability or fitness for a particular purpose and any warranties of non-infringement.

The descriptions contained herein do not imply the granting of licenses to make, use, sell, license or otherwise transfer GarrettCom products described herein. GarrettCom disclaims responsibility for errors which may appear in this document, and it reserves the right, in its sole discretion and without notice, to make substitutions and modifications in the products and practices described in this document.

Copyright

This manual may not be reproduced or disclosed in whole or in part by any means without the written consent of GarrettCom DynaStar is a trademark of GarrettCom. All other trademarks mentioned in this document are the property of their respective owners.

(4)

recently upgraded your software, carefully note those areas where new commands or procedures have been added. The material contained in this manual is supplied without any warranty of any kind. GarrettCom therefore assumes no responsibility and shall incur no liability arising from the supplying or use of this document or the material contained in it. Copyright  2010 GarrettCom, Inc. All rights reserved.

Printed in the United States of America.

Paper Version Part Number: 4-62-2117-00_Rev AF

(5)

1 – Conventions Followed ... 30

Flow of the guide... 31

2 – Getting Started ... 34

Before starting... 34

Console connection for CLI ... 35

Console setup ... 36

Console screen ... 36

Logging in for the first time ... 37

Setting the IP parameters ... 37

Console connection - DX40 ... 39

Web browser ... 41

Administration menus ... 45

User management ... 46

Authentication ... 46 Authentication: Policies ... 46 Adding Users ... 48

Creating Common Users among DX devices ... 51

(6)

Locked Out User ... 55

User sessions ... 56

Policies ... 57

Active Logins ... 57

Login Banner ... 58

Other Administrative Tasks ... 58

System Information ... 58

System Status ... 59

System Time ... 60

Time Zone and DST ... 60

Time and Date ... 62

Time Persistence... 62

Adding License Keys ... 63

Example – adding MNS-DX-SECURE license keys ... 63

Exiting ... 65

3 – IP Address and System Information ... 66

IP Addressing ... 66

Setting the IP address ... 66

Switching ports ... 67

Enabling Ethernet Ports ... 68

Switching and Routing ports ... 71

Enabling Ethernet Ports ... 72

DHCP address ... 76

DHCP and bootp ... 77

Using SSH and Telnet ... 78

SSH port forwarding ... 81

DNS ... 83

Configuring DNS ... 84

DNS Status ... 85

(7)

DNS Support in MNS-DX ... 86

DDNS ... 87

Configuring DDNS ... 87

HTTP Profiles ... 87

DDNS Interface Settings ... 89

Network time (SNTP Client) ... 90

Upgrading MNS-DX ... 92

Saving and loading configuration ... 96

Erasing configuration ... 98

Saving changes ... 99

4 – Configuring Ethernet ... 100

Assumptions ... 100

Setting up Ethernet Ports ... 100

Settings ... 100

Status ... 103

Summary Statistics ... 104

Extended Statistics ... 105

5 – Port Mirroring and Rate Limits ... 109

Port Monitoring and Mirroring ... 109

Port mirroring ... 109

Rate Limits ... 111

6 – Bridge Groups ... 114

Bridging or Switching vs Routing ... 114

Switch Ports ... 114

MAC address aging ... 114

Setting Switch Ports ... 115

(8)

RSTP Features and Operations ... 119

RSTP Setup ... 120

BPDUs ... 120

Bridge Roles ... 121

Port Roles ... 121

Edge Ports and Point-to-Point Links ... 121

Port States ... 121

RSTP Normal Operation ... 122

Design Considerations... 122

Configuring RSTP – Bridge Settings ... 122

RSTP – Port Settings ... 123 RSTP – Bridge Status ... 125 RSTP – Port Status ... 125

8 – VLAN ... 127

Why VLANs? ... 127

Configuring VLANs ... 128

VLANs – Design considerations ... 128

Adding VLANs ... 128

Importance of Tagging ... 130

Importance of Filtering ... 131

Enabling VLANs ... 131

VLANs and IP Addresses ... 131

VLANs and Serial Ports ... 135

9 – DHCP Server ... 136

Modes of Operation ... 137

Technical Details ... 138

DHCP Discovery ... 138

DHCP Offers... 139

DHCP Request ... 139

(9)

DHCP Information ... 140

DHCP Release ... 140

Client Configuration ... 140

DHCP Server Configuration ... 140

Design Consideration ... 140 Define Networks ... 141 Static Addresses ... 141

Dynamic Addresses or DHCP Pools ... 142

Managing Leases ... 142

10 – Serial Connectivity ... 144

Serial IO technologies... 144

Serial Protocol Backgrounder ... 144

Serial IO and Ethernet ... 145

Terminal Services ... 145

Serial Ports and Security ... 145

Serial Ports and VLANs... 145

Terminal Server ... 146

Terminal Server Operations ... 147

Passive Mode Channels ... 147

Active Mode Channels ... 147

Mixed Mode Channels ... 148

Session Type ... 148

Configuring Terminal Services ... 149

Step 1 - Profiles ... 149

Step 2 – Associate ports to profiles ... 152

Step 3 – Setting TCP/IP parameters for Serial ports ... 153

Troubleshooting Terminal Services ... 155

(10)

Connecting SCADA devices ... 158

11 – Secure Serial Connectivity or Serial SSL ... 161

Configuring Secure Serial Connectivity ... 162

Troubleshooting Secure Serial Connectivity ... 163

12 – Modbus ... 166

Modbus overview ... 166

Modbus on MNS-DX ... 168

Serial and TCP variants ... 169

Exception Handling ... 170

TCP Connection Handling ... 170

Configuring Modbus ... 171

Configuring Local Masters ... 171

Configuring Local Slaves ... 173

Configuring Remote Slaves... 174

Modbus active connections ... 175

13 – Wide Area Network (WAN) ... 177

DDS Circuits ... 177

Configuring DDS ... 177

DDS Port Status ... 178

Configuring T1/E1 ... 180

T1/E1 Port Status ... 181

Configuring Frame Relay... 183

Frame Relay Background ... 183

LMI Protocol ... 183

Fragmentation Size ... 184

LMI Types ... 184

LMI Modes ... 184

Configuring Frame Relay ... 184

(11)

Configuring DLCI ... 186

Configuring EEK ... 189

EEK Status ... 190

Configuring DLCI based IP Routing ... 191

Serial Tunnel Over Frame Relay ... 195

Mapping Serial Ports to DLCI ... 195

Running PPP over a DLCI ... 196

Configuring PPP ... 198

14 – Wireless Data Access ... 200

Cellular Data and MNS-DX ... 200

Network Design Considerations ... 200

Virtual Front Panel ... 201

Configuring the Cellular Interface ... 202

Configure the Cellular Interface ... 202

Cellular Status ... 203

Cellular Info ... 205

Cellular Data Statistics ... 206

Cellular OTASP Status ... 206

Manually starting OTASP ... 208

Stopping OTASP ... 209

15 – Point to Point Protocol (PPP) ... 211

PPP Overview... 211

Configuring PPP ... 211

PPP Profiles ... 212 PPP Connections ... 213

Configuring MLPPP ... 216

MLPPP Bundles ... 216 MLPPP Memberships ... 217

(12)

PPP Statistics ... 219

16 – Quality of Service (QoS) ... 220

QoS Concepts ... 220

DiffServ and QoS ... 222

DiffServ Marking... 223 DiffServ Processing ... 223 WAN ports ... 223

Configuring QoS ... 225

DiffServ Configuration... 225 802.1p configuration ... 226

Ethernet Port configuration ... 227

IP Flow configuration ... 228

17 – RIP Routing ... 230

Routing Concepts ... 230

Routing Information Protocol (RIP) ... 230

RIP – a brief history... 231

RIP technical overview ... 231

RIP Version 1 ... 232

RIP Version 2 ... 232

Configuring RIP ... 232

Setting IP address ... 232

Setting Static Routes ... 233

Setting RIP Parameters ... 234

Validating Routing Setup ... 236

18 – OSPF Routing ... 238

Open Shortest Path First (OSPF) ... 238

OSPF Backgrounder ... 238

OSPF Neighbor relationships ... 239

(13)

OSPF Stub Area ... 241

OSPF Not-So-Stubby Area ... 241

Proprietary Extensions ... 241

Configuring OSPF ... 241

Setting IP Address ... 241

Setting OSPF global parameters ... 243

OSPF Area Settings ... 244

OSPF Interface Settings ... 245

OSPF Interface Profiles ... 247

OSPF Area Aggregates ... 248

OSPF Neighbor Status ... 248

Validating Routing Setup ... 249

19 – BGP Routing ... 251

Border Gateway Protocol (BGP) ... 251

BGP Backgrounder ... 251

Configuring BGP ... 252

Setting IP Address ... 252

Setting BGP Global Parameters... 253

Setting BGP Peer Settings... 254

Setting BGP Filters ... 255

Setting BGP Profiles ... 256

Checking BGP Status ... 257

Checking BGP RIB ... 259

Checking BGP Statistics ... 260

Validating routing setup ... 261

20 – VRRP ... 263

(14)

21 – NAT and PAT ... 266

NAT Background ... 266

Protocol Address Translation (PAT) ... 267

NAT/PAT and Security ... 267

Configuring NAT and PAT ... 267

Configuring NAT ... 267

Configuring Port Forwarding ... 268

Configuring Static Port Forwarding ... 269

22 – Security Certificates... 271

Security Certificates ... 271

Certificate Backgrounder ... 271

RSA and Public Cryptography ... 272

Digital Signatures... 272 X.509 Certificates ... 272 Certificate Authority ... 272 MNS-DX Certificate Files ... 273 MNS-DX Local Certificates ... 273 MNS-DX CA Certificates ... 275

23 – Other Security Considerations ... 277

Ethernet Port Security ... 277

Address Locking ... 277

Link Locking ... 278

Configuring Ethernet Security... 278

Serial Port Security ... 279

MNS-DX Web Server ... 279

MNS-DX CLI Access ... 281

RADIUS Authentication ... 281

Configuring RADIUS ... 282

(15)

24 – Firewall ... 287

Firewall on MNS-DX ... 287

Traffic Selectors ... 287

Allowing Inbound Connections ... 288

Allowing Outbound Connections ... 289

Session Logging ... 290

Configuring Firewall ... 292

Global Settings... 292

IP Interfaces ... 293

Interface Groups ... 294

Configuring Inbound Connections ... 294

Configuring Outbound Connections ... 295

25 – VPN ... 296

VPN Backgrounder ... 296

VPN - Brief History ... 296

Key Management ... 298

Peer Authentication ... 298

Packet Integrity and Confidentiality ... 298

Profiles ... 298 Tunnels ... 299 IKE ... 299 Key Lifetimes ... 299

VPN Example ... 300

MNS-DX Stack ... 301

IP Interface IN ... 302 FW IN ... 303 NAT IN ... 303 IPSEC IN ... 303 IP FWD ... 303

(16)

FW OUT ... 304 IP Interface OUT ... 304

Firewall and VPN ... 305

IKE ... 305 ESP ... 305 IP ... 305

NAT and VPN ... 307

IKE ... 307 ESP ... 307 NAT Bypass ... 307 No Bypass ... 308 Bypass Example... 308 No Bypass Example ... 309

Configuring VPN ... 311

Global Settings... 311 VPN Profiles ... 312 IPSec Authentication ... 314 VPN Tunnels ... 315 VPN Status ... 316 VPN Details ... 317 RFC compliance ... 317

26 – Monitoring events ... 319

Alarms, Events and Logs ... 319

Events ... 320

Event Categories ... 321

Event Descriptions ... 322

The list below is a list of defined event id’s and their default values. ... 326

Logging ... 328

Configuring Events ... 329

(17)

Alarms ... 331

27 – SNMP ... 333

SNMP Concepts ... 333

SNMP Standards ... 335

SNMP on MNS-DX ... 336

Configuring SNMP – Global Settings ... 337

Configuring SNMP – Management Stations ... 339

Configuring SNMP – Trap Receivers ... 339

Configuring SNMP Users ... 340

SNMP Statistics ... 341

28 – Wizards ... 345

Router Setup Wizard ... 345

Step 1 – Router Configuration Wizard ... 346

Step 3A – Router Configuration Wizard ... 347

Certificate Creation Wizard ... 349

Step 1 – Certificate Creation Wizard ... 349

Step 2 – Certificate Creation Wizard ... 350

Certificate Request for CA ... 352

APPENDIX 1 – CLI Commands ... 355

APPENDIX 2 – Browser Certificates ... 446

Certificates ... 446

Using Mozilla Firefox (ver. 3.x) ... 447

(18)

APPENDIX 3 – Port and Type Reference ... 453

Well Known TCP/UDP Network Ports ... 453

ICMP Types ... 456

APPENDIX 4 – Glossary ... 457

APPENDIX 5 – Generating self signed certificates ... 463

Step 1: Generate an RSA key and a certificate request for your CA ... 463

Step 2: Generate a self-signed CA certificate from the request... 464

Step 3: Create the CA’s Key File ... 464

Step 4: Create an RSA key and a certificate request for your system ... 464

Step 5: Create the system’s certificate and have it signed by the CA ... 465

Step 6: Create the System Key File ... 465

APPENDIX 6 – Third Party Licenses ... 467

GNU LESSER GENERAL PUBLIC LICENSE ... 467

Preamble ... 467

TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION ... 469

NO WARRANTY ... 473

END OF TERMS AND CONDITIONS... 474

How to Apply These Terms to Your New Libraries ... 474

(19)

List of Figures

FIGURE 1- HyperTerminal screen showing the serial settings and inlaid is the Putty settings for

serial connectivity ... 36

FIGURE 2- Prompt showing the login via the console port ... 37

FIGURE 3– On the console, after logging in, enter the IP menu to setup the IP address ... 38

FIGURE 4– MNS-DX has help commands built in. In the above example, use the "?" key to get help. The "?" key shows all the relevant commands for the IP command sub menu. We next want to use the "set" command to set the IP address. To go about using it, use "set ?" and it shows the choices. The obvious choice to set the address is to use the "set address" option... 38

FIGURE 5– Using the "?" help feature of MNS-DX, the above example shows how the administrator can get assistance each step of the way. Here the administrator types in the appropriate values for the command till no more mandatory options are needed. The optional arguments for the command line are shown in "[" and "]" . Once the address is set, similarly, the help feature is used to determine if the address is set properly. Make sure you "save" the settings after setup ... 39

FIGURE 6– On power up, if the space key is held down, the menu appears on serial port S1 ... 40

FIGURE 7– Setting the IP address on DX40 ... 40

FIGURE 8 – Security certificate – click “yes” to proceed ... 41

FIGURE 9– Login screen – Before the login screen is shown, a security banner is displayed. Click on "Continue" to get to the login screen, as shown below. This banner is shown if the MNS-DX-SECURE license key is installed. This banner can be disabled if needed. ... 42

FIGURE 10–Login with the proper user name and password. For the first time use manager as Login ID and manager as the Password ... 42

FIGURE 11– After a successful login the initial screen displaying the device ports is shown. This screen is called the Virtual Front Panel ... 43

FIGURE 12 – Welcome screen (using the DX940 router). Note the different information provided on the screen and different areas. The menus are used to configure settings on the router ... 44

FIGURE 13- Administration Menus. At anytime, if the "+" symbol on the menus is clicked on, the menus associated with that function is exposed ... 45

FIGURE 14- Authentication menu allows for authentication of users. This includes adding users, setting policies for user passwords and authentication. Finally, it also allows adding users in bulk under the "Files" sub-menu ... 46

(20)

FIGURE 16 - Adding users - select the accounts option ... 48

FIGURE 17 – Adding a user with the login name "administrator". Once the fields are filled out, click on Apply settings... 50

FIGURE 18 – Once the user is added, the user appears in the Existing User Accounts table ... 50

FIGURE 19 – Adding different types of users ... 51

FIGURE 20 – Importing users or exporting users ... 51

FIGURE 21 – Exporting users ... 52

FIGURE 22 – Descriptor for the user files. Note the version would reflect the MNS-DX version. In this example, a file from version 2.0.1 is displayed ... 52

FIGURE 23 – XML file for all the users ... 53

FIGURE 24 – Deleting users - select the "Delete" check box and then click on "Apply Settings" ... 54

FIGURE 25 – Modifying passwords ... 54

FIGURE 26 - Suspending a user. After clicking "No" in the "Suspended?" column, the suspended user is no longer suspended ... 55

FIGURE 27 - Locked Out user. The column "Locked Out?" shows the user has been locked out. To unlock the user, change the "Yes" to a "No" and then click on "Apply Settings" ... 55

FIGURE 28 - Viewing Logs. History of logs are kept. Here we view the current or the Active log ... 56

FIGURE 29 - The log file shown the repeated unsuccessful login attempts on user administrator. After the 5th invalid attempt the account was suspended ... 56

FIGURE 30 - Setting up user Session policies. In this example, if the user is idle for more than one hour, the session is ended automatically. Also the policy of whether the user sees the welcome banner or not is set here (Login Banner option) ... 57

FIGURE 31 - Displaying all the active session ... 57

FIGURE 32 - To force a user off the system, select the user under the “Delete” column and click “Apply Settings” as shown below ... 58

FIGURE 33 - Customizing Login Banner. Type over the existing text and click Submit when done. It is a good idea to logout and login to ensure that the banner text appears properly ... 58

FIGURE 34–Updating the System Information via Administration  System  Information as shown above. Once the proper information is entered, click on Apply Settings ... 59

FIGURE 35–Status of the device ... 59

FIGURE 36 – Updating Time Zone and DST information ... 61

FIGURE 37–Specifying Time Zone and Daylight Savings time ... 62

FIGURE 38 – Updating Time and Date - enter in the time (24 hour format) and date as MM/DD/YYYY and click on Apply Settings ... 62

(21)

FIGURE 40– Icons depicting the necessary functionality in this Manual ... 63

FIGURE 41– Adding the MNS-DX-SECURE License key. The feature key is covered in this example ... 64

FIGURE 42– After the upgrade, the license keys are displayed on the Virtual Front Panel ... 64

FIGURE 43– License keys are displayed on the Virtual Front Panel ... 65

FIGURE 44– Logout ... 65

FIGURE 45 - The DX router Ethernet ports can be set up as a switch group allowing the DX to participate in a switched network. The IP address of the device is for accessing the management interface. ... 67

FIGURE 46 - Enabling Ethernet Ports ... 68

FIGURE 47 - Setting all Ethernet ports to the same Bridge group i.e. ensuring that the ports are switch ports. Note: the ports can be mixed and matched as switched and routed ports as needed ... 68

FIGURE 48 - Set the IP address as needed. If necessary, change the IP address to match the IP address schema of the switched network. If the IP address is changed, please make sure the browser points to the new IP address to manage the DX device. Note the Cellular IP address is displayed on this screen ... 69

FIGURE 49 - Click on Other Options to ignore Link information on the interface ... 70

FIGURE 50 - On the Ignore Link option, set that to "Yes" to ignore the link information to update the status etc. ... 70

FIGURE 51 - In the above example, the DX device is routing between LAN1, LAN2, WAN and also participating on the switch network on the two ports. Firewall is also enabled on the device as shown, filtering traffic from the WAN port ... 72

FIGURE 52 - Enabling Ethernet Ports ... 72

FIGURE 53 - Two ports are set as Bridged ports (E3 and E4), while the others are non-bridged i.e. routed ports ... 72

FIGURE 54 - Set the IP address as needed for the different interfaces ... 73

FIGURE 55 - Click on Other Options to ignore Link information on the interface ... 73

FIGURE 56 - On the Ignore Link option, set that to "Yes" to ignore the link information to update the status etc. ... 74

FIGURE 57 - Once the Links are ignored, the status of the interface is changed ... 74

FIGURE 58 - Enable routing on the device. More details on routing are covered in a separate chapter ... 75

FIGURE 59 - Specify the interface for routing as well as if the routing interfaces are passive i.e. listen for route updates ... 76

(22)

FIGURE 61 - Once the IP address is acquired, the address is displayed and the status of the port

changes to “Up”. The Virtual Front Panel (not shown) will also change to reflect the port

now being active or “Up”... 78 FIGURE 62 – Enabling or disabling telnet is done in the CLI mode. The default, SSH only, is

currently set for the CLI mode. From the drop down, telnet can be enabled ... 81 FIGURE 63 – Example of port forwarding. In this example, the DX router connects to the 6K

switch. Since the connection is tunneled, the connection is securely sent on over the connection to the DX router and then the connection is unsecure or not encrypted from the DX to the

6K switch. ... 82 FIGURE 64 – Enable SSH Port forwarding ... 83

FIGURE 65 – Setting Global DNS setting. In this example the public domain Google DNS

servers are used as DNS1 and DNS2. Open DNS is used as DNS3... 84 FIGURE 66 – Check DNS Status ... 85

FIGURE 67 – Adding Static Hosts ... 85

FIGURE 68 – Displaying DNS Cache entries. After a Flush, there will be no entries. The DNS

cache is cleared as shown above. ... 86 FIGURE 69 – Setting Global DDNS setting. This setting enables or disables DDNS ... 87

FIGURE 70 – Setting DDNS HTTP Profiles ... 88

FIGURE 71 – DDNS Interface Settings ... 89

FIGURE 72– SNTP parameters – set the global settings. See table below for different options ... 90

FIGURE 73 – Adding or deleting SNTP Servers. Note - with DNS enabled, logical server names

can be used instead of IP addresses ... 91 FIGURE 74 – Checking the status of the SNTP services ... 91

FIGURE 75 – Software update process state diagram. Note that if the upgrade is unsatisfactory for

whatever reason, the user can fall back to the older version ... 92 FIGURE 76 – Upgrading MNS-DX. To upgrade, simply choose the MNS-DX file, and click on

upload. Once the upload is done, reboot the router. Once the software is loaded, the old

version can be deleted or can fall back to the old version ... 93 FIGURE 77 – List the location and file name for the new image and click on “Upload” to load the

new image ... 94 FIGURE 78 – After the file is uploaded, the message is shown that MNS-DX is ready for

upgrade. Click on Upgrade or Fallback ... 94 FIGURE 79 – On Fallback the State “Fallback” is displayed. User is presented with the choice to

delete the new image. Retry takes you back to the choice regarding whether the image should

be upgraded or fallback (previous figure) ... 95 FIGURE 80 – On successful upgrade, the router is rebooted and the new image is now the active

(23)

FIGURE 81 – After successful upgrade, the State changes to “Upgraded”. Please delete the older

version to load an subsequent release of MNS-DX ... 96 FIGURE 82 – Multiple configuration files are stored on the MNS-DX routers. One of them is

current. The other is associated with the fallback. To view the files, click on the file name ... 97 FIGURE 83 – Config file. To save a config file, highlight the text and copy/paste that information

in a text file. These files can be archived for tracking and history purposes. ... 98 FIGURE 84 – Resetting the configuration values to factory default. ... 99

FIGURE 85 – If the "Save" icon is orange - there have been configuration changes made on the

switch ... 99 FIGURE 86– Configuring Ethernet parameters ... 101

FIGURE 87– Setting Ethernet Speed settings. Default is auto negotiate. In some situations, it

may be necessary to set the port to a fixed speed setting. Supported speeds will vary depending on the port and technology. For example with 100Mbps fiber ports, only

100Mbps speeds will be supported as fiber ports cannot auto negotiate ... 101 FIGURE 88– Setting Ethernet Flow control – this allows to control the amount of ingress and

egress packets which can be sent based on flow control information. Default setting is

disabled ... 102 FIGURE 89– Administrative status. This turns an Ethernet port on or off. Admin status

enabled allows traffic flow on the port. Disabled turns the Ethernet port off ... 102 FIGURE 90– Status Summary screen ... 104

FIGURE 91– Summary Statistics – shows the octets, bytes, errors and received on a specific ports ... 105

FIGURE 92– Extended Statistics – shows the octets, bytes, errors and received on a specific ports ... 106

FIGURE 93 – Editing and enabling port mirroring. Default value is “None” i.e. port mirroring is

disabled ... 110 FIGURE 94 – In this setup, all traffic from port E1 is reflected on Port E2 ... 110

FIGURE 95– Rate limits restrict the amount of broadcast, multicast, flooded or all traffic across

the interface. Ingress and Egress rates can be defined separately. ... 111 FIGURE 96– Types of incoming or ingress traffic on which rate limits can be set ... 112

FIGURE 97– The incoming traffic can be limited to the set values shown above ... 113

FIGURE 98– The outgoing traffic can be limited to the set values shown above ... 113

FIGURE 99– Setting the MAC address aging interval ... 115

FIGURE 100– Setting the Bridge group. In this example, ports E3 to E6 from the bridge group

i.e. the two ports are switch ports. The ports E1 and E2 are routed ports ... 115 FIGURE 101– Setting a static MAC address associated with the port... 116

(24)

FIGURE 103– Once the MAC address is assigned, it appears on the Static MACs screen as

shown above. To delete a static MAC address, check the "Delete" box and click on

“Apply Settings” ... 117 FIGURE 104– Viewing the MAC address and the ports associated with the MAC addresses.

Note the Static entry added in the previous section ... 117 FIGURE 105– Port Roles in RSTP ... 120

FIGURE 106– Setting the RSTP parameters for all ports ... 123

FIGURE 107– RSTP Port Settings ... 124

FIGURE 108– Operational status of the RSTP Bridge. Note all the information discussed in

earlier sections are displayed on this screen ... 125 FIGURE 109– Port status. The specific information on the state of the ports is displayed on this

screen. Note - routed ports are shown as "Not Bridged" ... 126 FIGURE 110 – VLAN as two separate collision domains. The top part of the figure shows two

“traditional” Ethernet segments. Up to 16 VLANs can be defined per router. Traffic

between VLANs is routed using MNS-DX ... 127 FIGURE 111– Assigning VLANs. For adding VLANs, specify the VLAN ID number

(VID) and a logical name with it. VLAN 1 is the default VLAN and is always

present on all MNS-DX devices ... 129 FIGURE 112– Setting Port E1 as a trunk port. In the above example, the native VLAN for the

trunk will be 10 and VLANs 35 and 40 will be prohibited on this port ... 130 FIGURE 113– Port E3 is designated to be on VLAN 40. All traffic will be tagged with VID

40 as shown above. The port is an Access port i.e. only packets with the VID of 40 are

allowed to pass through the port ... 130 FIGURE 114– Enabling VLANs. This menu is available as Ethernet  VLANs  Global

Settings. After enabling, click on “Apply Settings” ... 131 FIGURE 115– After VLANs are added and enabled, each VLAN can have a unique IP

address schema ... 132 FIGURE 116– Click on other options to ignore the fact that there may not be devices on the

VLAN, showing the VLAN as being down, even though the VLAN services are

running ... 133 FIGURE 117– Ignoring the link shows whether the VLAN services are functioning, irrespective

whether there are devices on the VLAN ... 134 FIGURE 118– Ignoring link shows the port status to be up ... 134

FIGURE 119 – DHCP Operation ... 138

FIGURE 120 – Accessing DHCP Services. Define the networks as well as relevant information

such as IP address of the Gateway, DNS servers and DNS suffix as shown above... 141 FIGURE 121 – Assigning Static addresses. In the above example, the device with the MAC

(25)

FIGURE 122 – Assigning DHCP Pools or Dynamic Addresses ... 142

FIGURE 123 – Managing IP addresses. In the above figure no IP addresses have been assigned. ... 142

FIGURE 124 – Terminal Server vs local Serial connection ... 146

FIGURE 125 – Terminal Server ... 149

FIGURE 126 – Setting Profiles for the serial ports ... 150

FIGURE 127 – Associating Profiles with Serial Ports ... 152

FIGURE 128 – Associate the IP address and port number, along with other parameters for

terminal services to function properly ... 153 FIGURE 129 – Signals associated with serial ports after the ports are configured using the Serial

Ports Settings menu ... 156 FIGURE 130 – Statistics for the serial ports ... 156

FIGURE 131 – Channel Status shows the status of active TCP/IP connections on the serial ports... 157

FIGURE 132 – Example network for connecting multiple SCADA Devices... 158

FIGURE 133 – Setting up the DX router where the SCADA Master is. Note the call connection

directions are set to Out – allowing the SCADA Master to initiate the connections ... 159 FIGURE 134 – Setup of the remote DX routers. Note the serial ports call direction is set to “In”

allowing incoming connection requests. The TCP port number (socket number) matches the port number (socket number) of the serial ports on the DX device connected to the

SCADA Master ... 160 FIGURE 135 – Setting up specific ports for secure connectivity. The screen above is captured from a

DX1000 device to show ports 1 and 6 are configure for secure serial connectivity ... 162 FIGURE 136- Modbus Communications stack ... 167

FIGURE 137- Interconnecting different Modbus devices ... 167

FIGURE 138- Modbus networks can be built out using Magnum family of products, including

Magnum 6K family of switches and Magnum DX routers ... 168 FIGURE 139– Sample Modbus network using Magnum DX routers ... 169

FIGURE 140– Format of Modbus ASCII packet ... 169

FIGURE 141– Format of a Modbus RTU packet ... 170

FIGURE 142– Format of a TCP Modbus packet ... 170

FIGURE 143– Configuring Modbus Local Masters ... 172

FIGURE 144– Configuring Modbus local slaves ... 173

FIGURE 145– Configuring Modbus remote slaves ... 174

(26)

FIGURE 148– Port Status of WAN port. Note - carrier loss indicates the WAN port may not

be connected or the interface is down ... 178 FIGURE 149– Configuring T1/E1 ports ... 180

FIGURE 150– Port Status of WAN port ... 182

FIGURE 151– OSI Layers and respective functions of T1/E1, DDS, Frame Relay and Frame

Relay applications ... 183 FIGURE 152– Configuring Frame Relay ... 185

FIGURE 153– Defining DLCI for Frame Relay Network ... 187

FIGURE 154– DLCI status screen ... 188

FIGURE 155– Properly configured DLCI network status ... 189

FIGURE 156– EEK settings ... 190

FIGURE 157– EEK status ... 190

FIGURE 158– Setting the IP addresses on IP DLCI’s defined earlier ... 191

FIGURE 159– Check to see if the IP segment defined for the DLCI appears in the routing table

entries ... 191 FIGURE 160– Adding default gateway information for the router or for each IP segment ... 192

FIGURE 161– Setting the RIP settings ... 193

FIGURE 162– Define the interfaces on which the RIP protocol is active on ... 194

FIGURE 163– Verify the routing table is populated properly. Note the RIP discovered routes are

shown as “RIP” under the Protocol column. The “Local” are local interfaces on the device – these could be VLANs, DLCIs or local interfaces. Management are static addresses on

the router ... 194 FIGURE 164– Adding “Channels” or mapping a DLCI setting to the Serial port allowing

asynchronous traffic to tunnel through the Frame Relay circuit ... 195 FIGURE 165– Check the status to see if the mapping of serial ports to DLCI is working properly ... 196

FIGURE 166– DLCI Settings. Adding DLCI's with and without IP addresses ... 197

FIGURE 167– Mapping the DLCI to a PPP connection ... 198

FIGURE 168– Error message displayed when port is in use ... 199

FIGURE 169– Once the error is fixed, the port can be added to PPP ... 199

FIGURE 170– Virtual Front Panel with a cellular interface ... 201

FIGURE 171– Configuring the Cellular Interface ... 202

FIGURE 172– Setting up NAT on the cellular interface ... 203

FIGURE 173– Checking the status of the cellular connection. In this example, the cellular interface

(27)

FIGURE 174– The above screen shows the status as Connected ... 205

FIGURE 175– Checking the data statistics for the cellular interface. The above screen capture was

taken after the clear counters, which provides an overview of the flow of data through the

cellular modem ... 206 FIGURE 176– Over The Air Service Provisioning or OTASP status ... 207

FIGURE 177– Starting Over The Air Service Provisioning or OTASP manually. Click on

"Proceed" to start the session ... 209 FIGURE 178– Stopping OTASP manually. Click on "Proceed" to stop the OTASP session ... 210

FIGURE 179– Setting up PPP Profiles ... 212

FIGURE 180– Setting up PPP Connections. ... 214

FIGURE 181– Interfaces or Port ID's over which PPP connections are possible. ... 215

FIGURE 182– Interfaces or Port ID's over which PPP connections are possible. ... 215

FIGURE 183– Setting up PPP Multilink Bundles ... 216

FIGURE 184– Setting up MLPPP Memberships ... 217

FIGURE 185– Checking PPP status ... 218

FIGURE 186– Checking PPP statistics ... 219

FIGURE 187 – Block diagram showing the interaction of QoS and DiffServ prioritization ... 221

FIGURE 188 – ToS and DSCP ... 222

FIGURE 189 – WAN QoS flow ... 224

FIGURE 190 – Configuring Diffserv settings ... 225

FIGURE 191 – Configuring 802.1p settings... 226

FIGURE 192 – Configuring Ethernet Port priority settings ... 227

FIGURE 193 – Configuring priority for IP traffic flows ... 228

FIGURE 194 – Setting IP addresses on the different interfaces ... 233

FIGURE 195 – Setting static route including default route ... 233

FIGURE 196 – Setting RIP parameters ... 234

FIGURE 197 – Setting RIP interfaces ... 236

FIGURE 198 – Routing Table entries ... 237

(28)

FIGURE 204 – Defining OSPF interface profiles ... 247

FIGURE 205 – OSPF Area Aggregates ... 248

FIGURE 206 – OSPF Neighbor Status ... 248

FIGURE 210 – Setting BGP global settings, including enabling or disabling BGP ... 254

FIGURE 211 – Setting BGP Peer Settings... 254

FIGURE 212 – Setting BGP Filters ... 256

FIGURE 213 – Setting BGP Profiles ... 257

FIGURE 214 – Checking the status of BGP setup ... 258

FIGURE 215 – Checking the BGP RIB ... 259

FIGURE 216 – Checking the BGP Statistics ... 260

FIGURE 217 – VRRP services require two routers to provide redundancy. One router is always

the primary default router. ... 263 FIGURE 219 – When the primary or Master device fails, the secondary devices takes over ... 264

FIGURE 220 – Configuring VRRP ... 264

FIGURE 221 – Status of VRRP ... 265

FIGURE 222 – Setting up NAT global parameters. The public interface has been changed from

default to E2. ... 268 FIGURE 223 – Setting up PAT or mapping socket numbers ... 269

FIGURE 224 – Setting up static NAPT or mapping Network Addresses and Protocol

Translations ... 269 FIGURE 225 – Managing certificates on Magnum DX devices. Using this menu additional

certificates can be loaded, viewed or deleted ... 273 FIGURE 226 – A portion of the WEB_Cert.pem signature file ... 274

FIGURE 227 – A portion of the WEB_Cert.pem signature file ... 275

FIGURE 228 – A portion of the WEB_Cert.pem signature file ... 276

FIGURE 229 – Ethernet port security ... 278

FIGURE 230 – If an Ethernet port is locked out, it can be unlocked by changing the “Locked?”

field from a “Yes” to a “No” ... 279 FIGURE 231 – Configuring Web services for MNS-DX ... 280

(29)

FIGURE 233 – Configuring CLI access ... 282

FIGURE 234 – Defining the RADIUS servers ... 283

FIGURE 235 – Defining the Syslog settings ... 285

FIGURE 236 – Defining the Syslog collectors ... 286

FIGURE 237 – Firewall network example for inbound traffic ... 288

FIGURE 238 – Firewall configuration to map the inbound traffic example ... 289

FIGURE 239 – Firewall network example for outbound traffic... 290

FIGURE 240 – Firewall configuration to map the outbound traffic example... 290

FIGURE 241 – Firewall Global Settings ... 292

FIGURE 242 – Enabling or disabling Firewall services on a specific interface ... 293

FIGURE 243 – Group definitions for Firewall ... 294

FIGURE 244 – Configure inbound connections... 295

FIGURE 245 – Configure outbound connections ... 295

FIGURE 246 – VPN example ... 297

FIGURE 247 – Site-to-Site VPN ... 297

FIGURE 248 – Format of a tunneled IP packet using Encapsulated Security Payload (ESP) ... 298

FIGURE 249 – VPN Example ... 300

FIGURE 250 – Tunnels settings for router DX1 in the example. Note the destination gateway

should correspond to the public IP address of router DX2. ... 301 FIGURE 251 – Tunnels settings for router DX2 in the example. Note the destination gateway

should correspond to the public IP address of router DX1. ... 301 FIGURE 252 – MNS-DX network stack. The stack is used to explain packet processing flow

and how it impacts VPN, firewall and NAT interactions. ... 302 FIGURE 253 – Firewall and VPN Network example ... 305

FIGURE 254 – Defining Firewall rules ... 306

FIGURE 255 – Firewall rules settings ... 306

FIGURE 256 – Firewall rules settings with the “Security  VPN  Tunnels” menu item

“Bypass FW/NAT?” set to “Yes” ... 307 FIGURE 257 – Defining NAT rules ... 309

FIGURE 258 – Defining VPN Tunnels ... 309

(30)

FIGURE 262 – Defining NAT rules to allow port 80 traffic ... 311

FIGURE 263 – VPN Global Settings ... 312

FIGURE 264 – VPN Profiles ... 313

FIGURE 265 – VPN Authentication ... 314

FIGURE 266 – VPN Tunnels ... 315

FIGURE 267 – VPN Status ... 316

FIGURE 268 – VPN Details ... 317

FIGURE 269 – Events Specifications menu. Only a partial screen capture is shown ... 330

FIGURE 270 – Log file settings ... 330

FIGURE 271 – Log files. To view the file, click on the file name ... 331

FIGURE 272 – Enabling the Alarms and defining the relay closure time ... 331

FIGURE 273 – Setting the individual trap actions ... 332

FIGURE 274 – Setting the SNMP global settings ... 337

FIGURE 275 – Adding Management Stations for SNMP ... 339

FIGURE 276 – Adding Management Stations for SNMP ... 340

FIGURE 277 – Defining SNMP users ... 340

FIGURE 278 – Viewing SNMP Statistics ... 341

FIGURE 279 – Accessing the Router Setup Wizard. Note – after this wizard all the existing

setup and configuration is destroyed. Remember to save the configuration before using this

wizard ... 345 FIGURE 280 – Step 1 of the Router setup wizard. Here the choice is made on the choice of what

the Ethernet ports will function as – a switch port group or a router port... 346 FIGURE 281 – Step 2 of the Router setup wizard. Enter in a valid IP address for the default

interface. ... 347 FIGURE 282 – Step 3 of the Router setup wizard. Determine if the routing is enabled or not in

this step... 347 FIGURE 283 – Step 3A of the Router setup wizard. Determine if the router should be the

Default Gateway or not. ... 348 FIGURE 284 – Step 4 of the Router setup wizard. Determine if the firewall services should be

started or not ... 348 FIGURE 285 – Step 4 of the Router setup wizard. Determine if the firewall services should be

started or not ... 348 FIGURE 286 – Certificate creation wizard ... 349

(31)

FIGURE 288 – Step 2 of self signed certificate wizard. Here the created certificate can be viewed,

saved to a file or deleted. ... 350 FIGURE 289 – A self signed certificate generated by Certificate Creation Wizard ... 351

FIGURE 290 – Saving the certificate using the browser built in functionality ... 352

FIGURE 291 – Certificate which can be sent to the certificate authority. Copy an paste the

encrypted information in a file or email message. At this stage, the request becomes a

pending message. ... 353 FIGURE 292 – On finding a mismatch between the certificate and the accesses site, Mozilla

Firefox pops the window. Note – the site was accessed using the IP address. Typically, sites

accessed by their IP address will trigger this mismatch ... 447 FIGURE 293 – Mozilla Firefox tries to warn the user again about the dangers of sites with

improper certificates. This window may be different depending on the version of the browser

you are using ... 448 FIGURE 294 – Firefox forces you to get the certificate before it lets you access the site ... 449

FIGURE 295– Here, you can view the certificate, permanently make an exception and confirm the

exception. The locations to do those are identified in this figure ... 450 FIGURE 296– Self signed certificate from GarrettCom Inc for MNS-6K switch. A similar

certificate is available on MNS-DX ... 451 FIGURE 297– Using IE 7or IE 8 ... 452

(32)

1 – Conventions Followed

Conventions followed in the manual…

o best use this document, please review some of the conventions followed in the manual, including screen captures, interactions and commands with the router.

Box shows interaction with the router command line or screen captures from the router or computer for clarity

Commands typed by a user will be shown in a different color and this font

Router prompt – shown in Bold font, with a “# or >” at the end. For the

document we will use MagnumDX# as the prompt.

Related Topics

Related topics show that GarrettCom strongly recommends reading about those topics. You may choose to skip those if you already have prior detailed knowledge on those subjects.

Tool box – Necessary software and hardware components needed (or recommended to have) as a perquisite. These include serial ports on a computer, serial cables, computer with a browser, TFTP or FTP software, serial terminal emulation software etc.

Caution or take notice – Things to watch out for in case of problems or potential problems. This is also used to draw attention to a special issue, capability or fact.

1

T

(33)

Terminology – Whenever the word PC is used it implies a UNIX, Linux, Windows or any other operating system based work station, computer, personal computer, laptop, notebook or any other computing device. Most of the manual uses Windows XP or Windows 7 based examples. While effort has been made to indicate other Operating System interactions, it is best to use a Windows-XP based machine when in doubt. Supported MNS-DX Version – The documentation reflects features of MNS-DX version 3.0 or higher. If your router is not at the current version, GarrettCom Inc. recommends upgrading to the current version. Please refer to the GarrettCom Web site for information on upgrading the MNS-DX software on Magnum DX family of routers or contact GarrettCom Inc. on how to go about updating the software.

Product Family – this manual is for all the Magnum DX family of routers.

Flow of the guide

The manual is designed to guide the user through a sequence of events. Chapter 1 is a guide to this manual.

Chapter 2 is the basic setup as required by the Magnum DX family of routers. Chapter 2 is perhaps the most critical chapter in what needs to be done by the network administrator once the DX device is received. Adding license keys to unlock features in MNS-DX is also covered in this chapter.

Chapter 3 focuses on operational issues of the DX router. This includes time synchronization, IP Addressing, DHCP setup, erasing and saving configuration.

Chapter 4 focuses on setting up the Ethernet ports. All ports on the Magnum DX device are disabled by default - except one port. This chapter also covers those issues.

Chapter 5 builds on the pervious chapter and discusses Port Mirroring and rate limits for Ethernet.

Chapter 6 talks about how the Ethernet ports can be configured. In the Magnum DX devices, the Ethernet ports can be setup as switch ports or routed ports. Other issues such as Static MACs, ARP cache etc. are also discussed in this chapter.

Chapter 7 shows how RSTP can be used with ports setup as Bridge Groups. Chapter 8 discusses VLANs and inter-VLAN routing.

Chapter 9 configures DHCP server to service DHCP requests from the various IP routable networks setup.

(34)

Chapter 10 provides a lot of useful information for Serial connectivity. Serial ports are available with Magnum DX devices. Examples of how terminal services can be used along with some trouble shooting tips are also covered in this chapter.

Chapter 11 builds on Chapter 10 and shows how secure serial connectivity can be established using MNS-DX.

Chapter 12 discusses about Modbus protocols on Serial ports as well as Ethernet ports. Chapter 13 discusses Wide Area Networking and how the different interfaces can be configured for WAN connectivity.

Chapter 14 discusses the cellular interface option and how it can be used for connectivity. Chapter 15 configures PPP for use with an external modems and other interfaces. Chapter 16 discusses about QoS.

Chapters 17 through 19 focus on Routing.

Chapter 17 discusses RIP and configuration / setup of RIP.

Chapter 18 discusses OSPF and configuration / setup of OSPF. This is a licensed feature of MNS-DX.

Chapter 19 focuses on BGP and configuration / setup of BGP. This is a licensed feature of MNS-DX.

Chapter 20 shows how redundancy can be introduced in routing using VRRP. Chapter 21 starts to introduce concepts on security with NAT and PAT. Chapter 22 discusses issue and topics about Security Certificates.

Chapter 23 talks about Other Security consideration such as Address Locking, RADIUS and more. Most features in this chapter are a licensed feature of MNS-DX.

Chapter 24 shows how Firewall services can be used to secure traffic flow. This is a licensed feature of MNS-DX.

Chapter 25 discusses how VPNs can be configured. This chapter includes several examples and also has a state diagram of MNS-DX stack to show the interaction of different modules (DX applications) on setup. This is a licensed feature of MNS-DX.

(35)

Chapter 26 discusses Events and notifications from MNS-DX and how they can be sent to various places.

Chapter 27 discusses SNMP and how SNMP can be configured and used.

Chapter 28 Shows how some wizards included with MNS-DX can be used to ease configuration.

There are several Appendix's included as well.

If you find an error or have a helpful tip on the layout or informational content of this or any other GarrettCom manual please feel free to contact us via email with any problems or helpful information. All enquiries will be responded to with a correction or whatever resolution is required. Please make all comments to [email protected] or phone a support engineer at 510-438-9071.

2 – Getting Started

First few simple steps …

his section explains how the GarrettCom Magnum DX family of routers can be setup using the console port on the router. Some of the functionality includes setting up the IP address of the router, securing the router with a user name and password, and more.

Before starting

Before you start, it is recommended that you acquire the software and necessary hardware listed below.

1) Make sure you are using the latest version of MNS-DX.

2) Make sure you know the IP address or the logical name of the router and can ping the router. If you do not know the IP address or cannot ping the switch, please follow the steps listed below in the section on Console connection.

3) Make sure you have a browser that supports secure socket connection

4) Should you need to configure the router using the Command Line interface (CLI) it may be necessary to use the serial connection. To use the serial port, follow the guidelines below.

• A new router from GarrettCom will have a static IP address

of 192.168.1.2 with a netmask of 255.255.255.0

• Ethernet interface E2 is active for DX40 routers, E4 is

active for DX800, DX900, E6 for DX940 routers and E5 is active for DX1000 routers. All other interfaces are disabled (except the console port).

Once a router is assigned a static IP address, a browser can be used to configure the router. Type in the URL https://192.168.1.2 to start using SWM. If a different IP address

2

(37)

Console connection for CLI

This section can be used to set the IP address initially for the router. The Command Line Interface (or CLI) is used to set as well as reset the IP address if needed.

The connection to the console is accessed through the serial port available as a DB-9 RS232 connector on the router marked as “console” on the Magnum DX family of routers. This interface provides access to the commands the router can interpret and is called the Command Line Interface (or CLI). This interface can be accessed by attaching a VT100 compatible terminal or a PC running a terminal emulation program (such as TeraTerm, HyperTerminal or PuTTY.)

For using the serial port, make sure you have the following

1) A male-female null modem cable. This cable should be included with most DX family of routers purchased.

2) Serial port – if your PC does not have a serial port, you may want to invest in a USB to serial converter. This is again available from LANstore or from GarrettCom Inc. Alternately a USB to serial cable can also be used. This cable is also available from LANstore or GarrettCom Inc.

3) A PC (or a workstation/computer) with a terminal emulation program such as HyperTerminal (included with Windows) or PuTTY, Teraterm-pro, minicom or other equivalent software.

4) Enough disk space to store and retrieve the configuration files as well as copy software files from GarrettCom. We recommend at least 15MB of disk space for this purpose 5) For access security – decide on a manager level account name and password

6) IP address, netmask, default gateway for the router being configured

You can use the CLI to configure the IP address for the router. Once the IP address is assigned, you can start using the Secure Web Management (SWM) on the GarrettCom Magnum DX family of routers.

Once the router is configured with an IP address, Command Line Interface (or CLI) is also accessible using ssh.

The Command Line Interface (CLI) enables local or remote unit installation and maintenance. The Magnum DX family of routers provides a set of system commands

(38)

Console setup

Connect the console port on the router to the serial port on the computer using the serial cable listed above. The settings for the HyperTerminal software emulating a VT100 are shown in Figure 1 below. Make sure the serial parameters are set as shown (or bps = 38400, data bits=8, parity=none, stop bits=1, flow control=none).

FIGURE 1- HyperTerminal screen showing the serial settings and inlaid is the Putty settings for serial connectivity

Console screen

Once the console cable is connected to the PC and the terminal emulation software configured, MNS-DX should provide a login prompt.

(39)

FIGURE 2- Prompt showing the login via the console port

When the CLI prompts are shown, it will be shown as MagnumDX as this manual was

documented on a Magnum DX900 router.

Logging in for the first time

For the first time, use the default user name and passwords assigned by GarrettCom for the Magnum DX routers. They are:

Username – manager Password – manager

We recommend you login as manager for the first time to set up the IP address as well as change user passwords or create new users.

Setting the IP parameters

The IP parameters can be set up from the web interface as well as the console interface. If the web interface is used, please make sure to point the browser to the new IP address once the address has been changed.

To setup the router, the new IP address and other relevant TCP/IP parameters have to be specified. Using the console interface is shown below.

(40)

FIGURE 3– On the console, after logging in, enter the IP menu to setup the IP address

FIGURE 4– MNS-DX has help commands built in. In the above example, use the "?" key to get help. The "?"

key shows all the relevant commands for the IP command sub menu. We next want to use the "set" command to set the IP address. To go about using it, use "set ?" and it shows the choices. The obvious choice to set the address is to use the "set address" option

(41)

FIGURE 5 – Using the "?" help feature of MNS-DX, the above example shows how the administrator can get

assistance each step of the way. Here the administrator types in the appropriate values for the command till no more mandatory options are needed. The optional arguments for the command line are shown in "[" and "]" . Once the address is set, similarly, the help feature is used to determine if the address is set properly. Make sure you "save" the settings after setup

Console connection - DX40

Magnum DX40 does not have a dedicated console port. The serial port S1 doubles as a console port and serial port. To access the CLI on a DX40 follow the steps below:

1) Connect a serial port on your PC and port S1 on the DX40 with a serial cable

2) Start up a terminal emulator (Hyperterminal, Putty or other) configured as described above

3) Power up the DX40. If power to the DX40 is on, turn it off (that is, unplug the power cord) and restore power (plug the power cord back in)

4) As soon as the connection is made on the terminal emulator hold down the space bar on your keyboard until the MNS-DX boot menu appears

5) To set the IP address, use the proper option shown on the menu. In this case it is "2" 6) To boot with console port on serial port S1, use "c" and then Enter

(42)

c. If any changes are made to the configuration using S1 as a serial port, do not forget to save the changes. All changes will be lost when the device reboots.

FIGURE 6– On power up, if the space key is held down, the menu appears on serial port S1

(43)

Web browser

In the web browser, type in the following URL

https://<IP Address assigned to the router>

Make sure you use HTTPS (secure HTTP) in the URL to ensure secure

connectivity

If the IP address of the router is set to 192.168.5.254, the URL would be

https://192.168.5.254 Note - the default IP address is 192.168.1.2

If your site uses name services, you can use a name instead of the IP address. Please make sure that the name is resolved to the IP address assigned to the router.

(44)

For further information on Browser certificates, please refer to the appendix in this manual titled

Browser Certificates.

FIGURE 9– Login screen – Before the login screen is shown, a security banner is displayed. Click on "Continue"

to get to the login screen, as shown below. This banner is shown if the MNS-DX-SECURE license key is installed. This banner can be disabled if needed.

(45)

FIGURE 11– After a successful login the initial screen displaying the device ports is shown. This screen is called

the Virtual Front Panel

After a successful login, the welcome screen is shown. Note the information provided on the welcome screen.

(46)

FIGURE 12 – Welcome screen (using the DX940 router). Note the different information provided on the screen

and different areas. The menus are used to configure settings on the router

The menus and the operations will be consistent across the different routers in the Magnum DX family of routers. The welcome screen represents a snapshot of the operating state of the router as well as what the administrator would see if s/he were to be physically present in front of the router.

In the figure above, ports shown in red are not active. The status of the LED's are also reflected appropriately.

The ports are labeled as follows:

W1 (and / or W2) - indicates the WAN ports. Not all models have WAN ports on them.

E1, E2, E3, E4 - indicates the Ethernet ports. DX1000 has E1 through E5 as Ethernet ports. DX40 has only two Ethernet ports. DX940 has Ethernet ports E3 through E6 as 10/100 ports and optionally

IP + user + system (if set) Menus or Navigation Area Uptime and MNS-DX version - includes Licenses

(47)

S1, S2, S3, S4 - Serial IO ports. DX1000 has 12 serial ports. DX40 has only two serial ports. DX800, DX900, DX940 has four serial ports. On DX940 the serial ports are optional.

Console - shows the console port.

Alarm - shows the alarm port for external alarm triggers.

The rest of the chapter steps through the Administration menus.

Administration menus

The administration menus provides functions needed for proper administration of the system. This includes setting up the system parameters such as system name, location, time, time synchronization. Other administration functions such as those for software upgrades, falling back on a version, and system reboot. A synopsis of the menus is shown below

FIGURE 13 - Administration Menus. At anytime, if the "+" symbol on the menus is clicked on, the menus

associated with that function is exposed

Moving forward, the relevant portion of the screen will only be shown for the router as displayed above.