Скачать презентацию Prestige router fundamental case study Felix Chang Скачать презентацию Prestige router fundamental case study Felix Chang

67ebdea9a008e3be452e5e1a893b8573.ppt

  • Количество слайдов: 36

Prestige router fundamental & case study Felix Chang / Manfred Recla Prestige router fundamental & case study Felix Chang / Manfred Recla

Outline - I • User interface – SMT/PWC/PNC • System information – Zy. XEL Outline - I • User interface – SMT/PWC/PNC • System information – Zy. XEL Networking Operating System – Debug mode/Command Interpreter mode • Application case study – Case 1: ISP connection • Procedure for trouble shooting • ISDN EPA and PPP • Frequently used CI command

Outline - II – Case 2: LAN-to-LAN • MP (PPP trace) • Incoming call Outline - II – Case 2: LAN-to-LAN • MP (PPP trace) • Incoming call bumping (EPA trace) – Case 3: Call back • Caller ID call back • MS CBCP call back – Prestige to Prestige – Win 9 x DUN to Prestige – Case 4: Filter rule • Packet filter example • Filter and syslog

Outline - III – Case 5: LAN-to-LAN with Cisco 2503 • • P 100 Outline - III – Case 5: LAN-to-LAN with Cisco 2503 • • P 100 to TA + serial port of Cisco 2503 P 153 + TA to Cisco 2503 BRI Mutual authentication P 100 to Cisco BRI for MP

User interface • PNC demo User interface • PNC demo

System information - Zy. NOS • Zy. NOS – Operating System with Network Protocol System information - Zy. NOS • Zy. NOS – Operating System with Network Protocol support – Remote Access Service code - RAS code – Configuration file - Romfile 0 – Boot module

Zy. NOS architecture Applications Connection Manager System Service Network Protocols NDIS driver Operating System Zy. NOS architecture Applications Connection Manager System Service Network Protocols NDIS driver Operating System Boot Module

Zy. NOS key data structure Layer 3 if 2 if 1 Network Layer 2 Zy. NOS key data structure Layer 3 if 2 if 1 Network Layer 2 ch 1 ch 2 ch 3 NDIS Layer 1 p 2 p 3 H/W

Zy. NOS key data structure board line channel line channel Zy. NOS key data structure board line channel line channel

Iface & channel P 100 ih> ip route status Dest FF Len Interface Gateway Iface & channel P 100 ih> ip route status Dest FF Len Interface Gateway Metric stat Timer 192. 168. 30. 1 01 32 wanif 1 192. 168. 30. 1 1 03 a 9 0 192. 168. 20. 1 00 32 wanif 0 192. 168. 20. 1 1 03 a 9 0 192. 168. 50. 0 02 24 wan. Idle 192. 168. 50. 1 2 002 b 0 192. 168. 30. 0 01 24 wanif 1 192. 168. 30. 1 2 00 ab 0 192. 168. 20. 0 00 24 wanif 0 192. 168. 20. 1 2 00 ab 0 192. 168. 10. 0 00 24 enif 0 192. 168. 10. 1 1 041 b 0 Use 2 2 0 1 1 0 May 15 13: 08: 01 192. 168. 10. 1 Zy. XEL Communications Corp. : board 0 line 0 channel 0, call 1, C 01 Outgoifnordng Call dev=2 ch=0 20000 ** dev=2 ch=0 : ISDN router either bri 0 or bri 1

System information • Debug mode • Command Interpreter (CI) mode • System upgrade – System information • Debug mode • Command Interpreter (CI) mode • System upgrade – Firmware (RAS code) – Configuration file (romfile 0) – Boot module

Case 1: ISP connection ISP Case 1: ISP connection ISP

SUA/NAT WAN IP address IP = 163. 31. 244. 1 LAN IP address ISP SUA/NAT WAN IP address IP = 163. 31. 244. 1 LAN IP address ISP WS Source IP=192. 168. 10 Source port=1027 Destination IP=200. 101. 1. 1 Destination port=23 Prestige Source IP=163. 31. 244. 20 Source port=10002 Destination IP=203. 89. 255. 69 Destination port=80

Case 2. 1: LAN-to-LAN (MP-PPP trace) P 128 plus IP: 192. 168. 20. 1 Case 2. 1: LAN-to-LAN (MP-PPP trace) P 128 plus IP: 192. 168. 20. 1 LAN P 100 ih IP: 192. 168. 10. 1 LAN

Case 2. 2: LAN-to-LAN (ISDN EPA trace) * Incoming call bumping EPA trace P Case 2. 2: LAN-to-LAN (ISDN EPA trace) * Incoming call bumping EPA trace P 128 plus IP: 192. 168. 20. 1 LAN P 100 ih IP: 192. 168. 10. 1 LAN

Case 3. 1: Caller ID Callback P 128 IP: 192. 168. 20. 1 LAN Case 3. 1: Caller ID Callback P 128 IP: 192. 168. 20. 1 LAN P 100 IH IP: 192. 168. 10. 1 LAN

Caller ID Callback • You can check CLID information from – Prestige system log Caller ID Callback • You can check CLID information from – Prestige system log • Go to menu 24. 8 and enable packet trace on screen – sys event (pre-Zy. NOS) – sys trcl call (Zy. NOS) • Prestige ring buffer – isdn drv ring [1/2] (pre-Zy. NOS) – isdn atring disp [bri 0|bri 1] (Zy. NOS) • ISDN EPA – isdn ana on, isdn ana disp (pre-Zy. NOS) – isdn fw ana on, isdn fw ana dump (Zy. NOS)

Connection Manager • The function of Call Control – Control the number of outgoing Connection Manager • The function of Call Control – Control the number of outgoing call retry – Control the incoming authentication • The function of Call Management – Budget control – Timer of date schedule

Case 3. 2: MS CBCP Call back Prestige call back to Prestige with call Case 3. 2: MS CBCP Call back Prestige call back to Prestige with call back number pre-configured P 128 LAN P 100 IH LAN

MS CBCP Callback P 128>sys trcl disp 61 62 63 121800 PP 09 DIALING MS CBCP Callback P 128>sys trcl disp 61 62 63 121800 PP 09 DIALING dev=2 ch=0. . 121800 PP 09 OUTGOING-CALL phone(10000) 121827 PP 09 CALL CONNECT speed<64000> type<2> chan<0> 67 121830 PP 0 a ebp=5 eb 344, seq. Num=265 bri 0 -RECV len: 40 call=3 0000: ff 03 c 0 21 02 85 00 24 01 04 05 f 4 05 06 00 01 0010: db e 3 08 02 0 d 03 06 11 04 05 f 4 13 09 03 00 a 0 73 121834 PP 0 a ebp=5 eb 414, seq. Num=269 bri 0 -RECV len: 11 call=3 0000: c 0 29 01 79 00 09 01 02 03 03 00 74 121835 PP 0 a ebp=5 eb 448, seq. Num=26 a bri 0 -XMIT len: 9 call=3 0000: c 0 29 02 79 00 07 03 03 00 75 121836 PP 0 a ebp=5 eb 47 c, seq. Num=26 b bri 0 -RECV len: 9 call=3 0000: c 0 29 03 79 00 07 03 03 00 82 121838 PP 0 a Recv'd TERM-ACK state 4 83 121838 PP 0 a LCP stopped 84 122324 PP 09 ANSWER CONNECTED ch=573 b 30 ( callback from P 100 IH) 89 122328 PP 0 a LCP opened 90 122328 PP 0 a ebp=5 eac 90, seq. Num=274 bri 0 -XMIT len: 31 call=4 0000: c 2 23 01 0 e 00 1 d 10 42 4 f 70 bf 50 60 9 e 37 a 6 0010: 48 c 9 5 e 3 a 47 ae 44 50 31 32 38 70 6 c 75 73

Case 3. 2: MS CBCP Call back Win 9 x dial up to Prestige, Case 3. 2: MS CBCP Call back Win 9 x dial up to Prestige, then Prestige callback to Win 9 x. TA LAN Win 9 x/NT

Case 4: Input, Output & Call filter WAN filter sets (Menu 11) WAN call/ Case 4: Input, Output & Call filter WAN filter sets (Menu 11) WAN call/ output (Output to WAN) WAN input (Input from WNA) LAN filter sets (Menu 3) LAN input (Input from LAN) LAN output (Output to LAN)

IP packet filter example Case 1: Only stations with IP address in first 64 IP packet filter example Case 1: Only stations with IP address in first 64 address, that is 192. 168. 10. 0 to 63 are allowed to access WAN. WS 2 IP: 192. 168. 10. 65 ISP IP: 192. 168. 10. 1 WS 1 IP: 192. 168. 10. 2

Generic packet filter example Case 3: Filter all traffic with Source Ethernet MAC address Generic packet filter example Case 3: Filter all traffic with Source Ethernet MAC address = 0080 c 82 DF 13 F WS 1 IP: 192. 168. 20. 10 MAC: 0080 C 82 DF 13 F P 128 -P IP: 192. 168. 20. 1 P 100 IH IP: 192. 168. 10. 1 Server IP: 192. 168. 10 LAN

LAN packet trigger the call (IP) LAN Packet which Triggered Last Call: (Type: IP) LAN packet trigger the call (IP) LAN Packet which Triggered Last Call: (Type: IP) 45 00 00 2 E CA 0 E 40 00 1 F 06 D 7 09 CC F 7 CB B 4 CC D 9 00 02 041 C 0015 Protocol = 06 = TCP (0 x 01: ICMP; 0 x 06: TCP; 0 x 11: UDP) Source IP : CC F 7 CB B 4 Destination IP: CC D 9 00 02 Source port : 041 C Destination port : 0015

LAN packet trigger the call (IPX) LAN Packet Which Triggered Last Call: (Type: IPX) LAN packet trigger the call (IPX) LAN Packet Which Triggered Last Call: (Type: IPX) (FF FF) (00 24) 0 B (00) (01 0 A C 5 BE) (00 00 00 01) (04 57) (01 0 C AD E 2) (00 00 00 01) (00 00) 00 04 26 65 64 25 DD 4 B FF FF : check sum 00 24 : length 00 : packet type (00: unknown, 01: RIP, 04: SAP, 05: SPX, 11: NCP) 01 0 A C 5 BE : Dest. Network address 00 00 00 01 : Dest. Node # 04 57 : Dest. Socket # (0451: NCP, 0452: SAP, 0453: RIP, 0455: Netbios) 01 0 C AD E 2 : Source Network address 00 00 00 01 : Source Node # 00 00: Source socket #

Syslog & call history & filter Menu 24. 3. 2 LAN Syslog: Active= Yes Syslog & call history & filter Menu 24. 3. 2 LAN Syslog: Active= Yes Syslog IP Address= 192. 168. 10 Log Facility= Local 3 LAN WS 1 IP: 192. 168. 20. 10 IP: 192. 168. 10 Syslog daemon P 128 -P IP: 192. 168. 20. 1 P 100 IH IP: 192. 168. 10. 1 Menu 24. 9. 4 - Call History Phone Number Dir Rate #call Max 1. 20000 IN 64 K 12 0: 53: 04 2. 30000 IN 64 K 4 0: 02: 14 Min 0: 00: 24 0: 01: 40 Total 1: 37: 31 0: 07: 55

Syslog & call history & filter Example: Feb 14 16: 57: 17 192. 168. Syslog & call history & filter Example: Feb 14 16: 57: 17 192. 168. 10. 1 Zy. XEL Communications Corp. : board 0 line 0 channel 0, call 18, C 01 Incoming Call 64000 K 20000 *Feb 14 16: 58: 56 192. 168. 10. 1 Zy. XEL Communications Corp. : IP[Src=192. 168. 20. 10 Dst=192. 168. 10 TCP spo=040 f dpo=0015] } S 04>R 01 m. D Feb 14 17: 07: 18 192. 168. 10. 1 Zy. XEL Communications Corp. : board 0 line 0 channel 0, call 18, C 02 Call Terminated * where S 04>R 01 m. D means filter set 4 (S) and rule 1 (R), match (m) drop (D).

Case 5. 1: P 153+TA to Cisco 2503 BRI IP: 172. 168. 80. xxx Case 5. 1: P 153+TA to Cisco 2503 BRI IP: 172. 168. 80. xxx Cisco 2503 BRI port IP: 172. 168. 80. 170 LAN TA P 153 IP: 172. 16. 64. 190

Case 5. 2 : P 100 to TA + Cisco 2503 serial port 192. Case 5. 2 : P 100 to TA + Cisco 2503 serial port 192. 168. 1. 1 192. 168. 100. X 192. 168. 10. 1 Cisco 2503 serial port TA AT command for TA: AT&FB 11&S 1&M 3*I 1&WZ LAN

Case 5. 3. 1: Mutual authentication with PAP IP: 172. 168. 80. xxx 172. Case 5. 3. 1: Mutual authentication with PAP IP: 172. 168. 80. xxx 172. 16. 64. 190 Cisco 2503 BRI port IP: 172. 168. 80. 170 LAN P 100

Case 5. 3. 1: Mutual Authentication with PAP • In menu 13 – Set Case 5. 3. 1: Mutual Authentication with PAP • In menu 13 – Set Mutual Authen to Yes – Set proper username/password to login to Cisco (PAP login=test, password=1234, in this case) • Configure a dial in user for Cisco to login to Prestige

Case 5. 3. 2: Mutual authentication with CHAP IP: 172. 168. 80. xxx 172. Case 5. 3. 2: Mutual authentication with CHAP IP: 172. 168. 80. xxx 172. 16. 64. 190 Cisco 2503 BRI port IP: 172. 168. 80. 170 LAN P 100

Case 5. 3. 2: Mutual authentication with CHAP Menu 11. 1 - Remote Node Case 5. 3. 2: Mutual authentication with CHAP Menu 11. 1 - Remote Node Profile Rem Node Name= hinet Active= Yes Route= IP Bridge= No Call Direction= Outgoing Incoming: Rem Login= [cisco_hostname] Edit PPP Options= No Rem IP Addr=172. 168. 80. 170 Edit IP/IPX/Bridge= No Rem Password= 1234 Telco Option: Rem CLID= N/A Allocated Budget(min)= 0 Call Back= N/A Period(hr)= 0 Outgoing: Transfer Type= 64 K My Login=[prestige_systemname] Nailed-Up Connection= No My Password= 1234 Session Options: Authen= CHAP/PAP Edit Filter Sets= No Pri Phone #= 4125678 Idle Timeout(sec)= 300 Sec Phone #= Press ENTER to Confirm or ESC to Cancel:

Case 5. 3. 2: Mutual authentication with CHAP Case: Cisco initiate call to Prestige Case 5. 3. 2: Mutual authentication with CHAP Case: Cisco initiate call to Prestige Cisco Challenge Hash value Challenge value Name=Outgoing user name Name=Cisco host name Response Success/Fail Challenge value Name=Outgoing user name (Prestige system name) Response Challenge Hash value Success/Fail Name=Cisco host name

Case 5. 4: P 100 to Cisco 2503 BRI (MP) IP: 172. 16. 80. Case 5. 4: P 100 to Cisco 2503 BRI (MP) IP: 172. 16. 80. xxx 172. 16. 64. 190 Cisco 2503 BRI port IP: 172. 16. 80. 170 LAN P 100