Manuel d'utilisation / d'entretien du produit AT-AR300 du fabricant Allied Telesis
Aller à la page of 36
Simply connecting the world Softwar e Release 2.3.1 For Rapier Sw itches, AR30 0 and AR 700 Ser ies Rou ters, an d AR800 Series Modular Swit ching Routers Introduction ... .................... ................... ................... ............. ....
2 Release Note Software Release 2.3.1 C613-10325 -00 REV B Intr oduction Allied T elesyn Interna tional anno unces the release of Softwa r e Releas e 2.3.1 on the AR300 and AR700 Series r outers, Rapi er Series layer 3 switches, a n d AR80 0 Series modular sw itching routers.
Softw are Rel ease 2 .3.1 3 Softwar e Release 2.3.1 C613-103 25-00 REV B Hot Swapping Network Service Module s In routers and switches that have NSM bays, this release allows the fol lowing NSMs to be.
4 Release Note Software Release 2.3.1 C613-10325 -00 REV B files, feature li cences and ot her files. (If this happens, FLASH m emory may need to be clear ed completely , leaving no functioning software to run the r outer .) Hot swap an NSM out of an NSM bay Follow these steps to hot swap an NSM, or PICs in an NSM-4 PIC, out of an NSM bay .
Softw are Rel ease 2 .3.1 5 Softwar e Release 2.3.1 C613-103 25-00 REV B Software Features The following feature s are available on all r outers and switches supported by this r eleas e, un less other.
6 Release Note Software Release 2.3.1 C613-10325 -00 REV B NSM Hot Swap Softw ar e Support When a card i s hot-sw apped out of a bay , its in terface i nstances be come dormant.
Softw are Rel ease 2 .3.1 7 Softwar e Release 2.3.1 C613-103 25-00 REV B Figur e 2: Example o utput fr om the SHOW INTERF ACE comma nd for a specific i nterface.
8 Release Note Software Release 2.3.1 C613-10325 -00 REV B If the DNS s ervers have already been configured, the configuration informatio n can be set using the com mand: SET IP DNS [DOMAIN={ANY| doma.
Softw are Rel ease 2 .3.1 9 Softwar e Release 2.3.1 C613-103 25-00 REV B Auto matic Na meserver Con figura t ion The primary and s econdary name server ’s addresses can either be stat ically configured as above, or learned dynamically o ver an interface.
10 Release Note Software Release 2.3.1 C613-10325 -00 REV B SET TRIGGER= trigger-id [INTERFACE[= int erface ]] EVENT={UP| DOWN|FAIL|ANY} [CIRCUIT= miox-circuit ] [CP={ APPLE|ATCP|BCP| CCP|DCP|DNCP|IPC.
Softw are Rel ease 2 .3.1 11 Softwar e Release 2.3.1 C613-103 25-00 REV B IP Secur ity (IPse c) Sour c e Interface a nd Enhancem ents A source in terface can now be specified for tunnelled IPsec traffic. The performance of IPsec is also enhanced, and mor e simult aneous IPsec tunnels are supported, because of the incre ase in ENCO channels.
12 Release Note Software Release 2.3.1 C613-10325 -00 REV B OSPF on Dem and OSPF on demand circuits allow data lin k connections to be clo sed when not carrying application traf fic.
Softw are Rel ease 2 .3.1 13 Softwar e Release 2.3.1 C613-103 25-00 REV B Figur e 3: Example of dial-on-dema nd ISDN befor e configuring OSPF on d emand.
14 Release Note Software Release 2.3.1 C613-10325 -00 REV B Paladi n Fir ewal l Enhanc ements The existing firewall NA T performs add r ess transla tion for traffic passing between a pair of interfa ces.
Softw are Rel ease 2 .3.1 15 Softwar e Release 2.3.1 C613-103 25-00 REV B ■ Reve rse N A T This transla tes the addresses of public side de vices to addresses suit able for the private side of the firewall (destination addr es s will be transl ated for outboun d packets, sou r ce address for inboun d packets).
16 Release Note Software Release 2.3.1 C613-10325 -00 REV B additiona l rules can be added to allow or deny acce ss based on IP addresses , por t nu mbe rs, day of t he w eek , or tim e of d ay .
Softw are Rel ease 2 .3.1 17 Softwar e Release 2.3.1 C613-103 25-00 REV B translates both the public and priva te side source and desti nation add resses.
18 Release Note Software Release 2.3.1 C613-10325 -00 REV B T able 2: Require d parameters for Firewall NA T rules. Key to table: ■ Direction I = in. The rule is applied to a public in terface. O = out. The rule is applied to a private interface. ■ S = Selector .
Softw are Rel ease 2 .3.1 19 Softwar e Release 2.3.1 C613-103 25-00 REV B redir e ction any web traffic fr om the user ’s PC or laptop can be redirected to the ISP's web server . This force s the user to arrange payment for using the service before being able to br owse to any o ther site.
20 Release Note Software Release 2.3.1 C613-10325 -00 REV B Figur e 5: Using enhanced NA T in an IPsec tunne l with differ ent IPsec and default g a teways. Standard NA T T o translate the source addr ess of traffic r eceived on the private interfa ce eth0 and dest ined for addr esses in the range 210 .
Softw are Rel ease 2 .3.1 21 Softwar e Release 2.3.1 C613-103 25-00 REV B Rever se NA T T o r edirect all traffic r eceived on a private interface to a destin ation of 210.25.7.1, w ithout changing the sour ce address, use the command: ADD FIREWALL POLICY=zone1 RULE=51 ACTI ON=NAT NATTYPE=REVERSE INT=eth1 PROTOCOL=all GBLREMOTEIP=210.
22 Release Note Software Release 2.3.1 C613-10325 -00 REV B Fir ewall HTTP Pr oxies and Fir ewall Policies T o add or delete a Firewall HTTP proxy , use the new HTTP option for the PROXY parameter in .
Softw are Rel ease 2 .3.1 23 Softwar e Release 2.3.1 C613-103 25-00 REV B per line. Options are supplied after the entry and a colon . Each option is separated by a spa ce. The option keyw ords that are allowed for each ent ry are “allow” and “nocook ies”.
24 Release Note Software Release 2.3.1 C613-10325 -00 REV B Figur e 6: Example o f a HTTP fi lter file. HTTP Cookies By default, HTTP cook ie r equests are allowed t o pass through the HTTP proxy configur ed under the fir ewall policy .
Softw are Rel ease 2 .3.1 25 Softwar e Release 2.3.1 C613-103 25-00 REV B T o r e-enable HTTP cooki e r equests to pass through the HTTP proxy , use the command: ENABLE FIREWALL POLICY= name HTTPCOOKI.
26 Release Note Software Release 2.3.1 C613-10325 -00 REV B VRRP Port Monitoring V i rtual Router Redundancy Protocol (VRRP) is now able to monitor ports in the VLAN over which it is runn ing, and reduce the priority of the router or switch if ports in th e VLAN fail.
Softw are Rel ease 2 .3.1 27 Softwar e Release 2.3.1 C613-103 25-00 REV B If the PROPOR TIONAL option is specified, the virtual router r educes the priority to a percentage of the original priority in pr oportion th e per centage of availa ble ports.
28 Release Note Software Release 2.3.1 C613-10325 -00 REV B Border Gateway Protocol 4 (BGP-4) The Border Gateway Pr otocol version 4 (BGP-4) i s an external g ateway prot ocol which allows two routers in differe nt routing doma ins to exchange routing information.
Softw are Rel ease 2 .3.1 29 Softwar e Release 2.3.1 C613-103 25-00 REV B Inter net Protocol (IP) In conjunction with BGP-4, a n umber of new commands have been added to the implementation of IP , an d several commands have been modified.
30 Release Note Software Release 2.3.1 C613-10325 -00 REV B T o reset IP interfaces, use the command: RESET IP COUNTER={ALL|ARP|EGP|ICMP|INTERFACE|IP|MULTICAST| ROUTE|SNMP|UDP} This command resets the specified group of IP counters to zer o (0). The COUNTER parameter specifies the group of counters to be reset.
Softw are Rel ease 2 .3.1 31 Softwar e Release 2.3.1 C613-103 25-00 REV B Figur e 8: Example o utput fr om the SHOW IP CO UNTER=INTER FACE com m and. IP Interface Counters ----------------------------.
32 Release Note Software Release 2.3.1 C613-10325 -00 REV B Figur e 9: Example o utput fr om the SHOW IP CO UNTER=SNMP command. SNMP counters: inPkts .......................... 0 outPkts ......................... 0 inBadVersions ................... 0 outTooBigs .
Softw are Rel ease 2 .3.1 33 Softwar e Release 2.3.1 C613-103 25-00 REV B T elephon y (PBX) Functionality AR300 Series r o uters with telephony ports now off er a choice of ISDN supplemental services or internal PBX functions.
34 Release Note Software Release 2.3.1 C613-10325 -00 REV B Bandwi dth Limi ting This feature will be available on Rapier i Series layer 3 switches only , when these models become available. Ingres s and egress ban dwidth limits are specified separa tely .
Softw are Rel ease 2 .3.1 35 Softwar e Release 2.3.1 C613-103 25-00 REV B ENABLE TELNET SERVER Synt ax ENABLE TELNET SERVER Description This command enables the T elnet server to be accessed remotely .
36 Release Note Software Release 2.3.1 C613-10325 -00 REV B The LOGIN parameter is used to specify whether or not users with a privilege of “user” w ill be able to login to th e command line interfac e. Usernames with LOGIN set to TRUE can be used both for P AP and CHAP authenticatio n, and to login and access the com mand line.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté Allied Telesis AT-AR300 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du Allied Telesis AT-AR300 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation Allied Telesis AT-AR300, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le Allied Telesis AT-AR300 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le Allied Telesis AT-AR300, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du Allied Telesis AT-AR300.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le Allied Telesis AT-AR300. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei Allied Telesis AT-AR300 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.