User ManualTable of ContentsTitle Page1Contents5Contact Information3About the Nokia Network Voyager Reference Guide19Conventions This Guide Uses21Notices21Text Conventions21Menu Items22Related Documentation221 About Network Voyager23Software Overview23Logging In to Network Voyager24Logging Off24Obtaining a Configuration Lock25Navigating in Network Voyager26Reloading Pages26Accessing Documentation and Help26Viewing Hardware and Software Information for Your System282 Configuring Interfaces29Interface Overview29IP2250 Management Ports30Configuring Network Devices30Configuring IP Addresses31Interface Status32Configuring Tunnel Interfaces33Ethernet Interfaces34Configuring Ethernet Interfaces34Link Aggregation35Managing Link Aggregation Using SNMP36Configuring Switches for Link Aggregation36Static Link Aggregation37Link Aggregation on the IP225037Configuring Link Aggregation39Gigabit Ethernet Interfaces41Point-to-Point Over Ethernet43Configuring PPPoE43Configuring MSS Clamping46Virtual LAN Interfaces46FDDI Interfaces49ISDN Interfaces51Configuring Calling Line-Identification Screening56Dial-on-Demand Routing (DDR) Lists58ISDN Network Configuration Example61ISDN Troubleshooting65Token Ring Interfaces71Token Ring Example73Point-to-Point Link over ATM75ATM Example78IP over ATM (IPoA)79IPoA Example82Serial (V.35 and X.21) Interfaces83Serial Interface Example87T1(with Built-In CSU/DSU) Interfaces88T1 Interface Example94E1 (with Built-In CSU/DSU) Interfaces96HSSI Interfaces103Unnumbered Interfaces107Configuring Unnumbered Interfaces107Configuring OSPF over Unnumbered Interface110OSPF over Unnumbered Interfaces Using Virtual Links110Cisco HDLC Protocol111Point-to-Point Protocol112Frame Relay Protocol114Loopback Interfaces117GRE Tunnels118Configuring GRE Tunnels118GRE Tunnel Example121High Availability GRE Tunnels122HA GRE Tunnel Example122DVMRP Tunnels125DVMRP Tunnel Example126ARP Table Entries128Configuring ARP for ATM Interfaces130Transparent Mode132Limitations132Transparent Mode Processing Details133Configuring Transparent Mode in VPN Environments134Example of Transparent Mode135Configuring Transparent Mode136Monitoring Transparent Mode Groups139Transparent Mode and Check Point NGX139Virtual Tunnel Interfaces (FWVPN) for Route-Based VPN140Creating Virtual Tunnel Interfaces1423 Configuring System Functions145Configuring DHCP145Configuring DHCP Client Interfaces146DHCP Client Configuration146Configuring the DHCP Server147DHCP Server Configuration148Changing DHCP Service149Adding DHCP Address Pools149Enabling or Disabling DHCP Address Pools150Assigning a Fixed-IP Address to a Client150Creating DHCP Client Templates151Configuring Dynamic Domain Name System Service153Configuring the Domain Name Service154Configuring Disk Mirroring154Using an Optional Disk (Flash-Based Systems Only)155Mail Relay156System Failure Notification157Configuring Mail Relay157Sending Mail158Setting the System Time158Configuring Host Addresses159Configuring System Logging160Configuring Logging on Disk-Based Systems160Configuring Logging on Flash-Based Systems161Configuring Audit Logs163Remote Core Dump Server on Flash-Based Systems165Changing the Hostname166Managing Configuration Sets166Scheduling Jobs167Backing Up and Restoring Files168Creating Backup Files169Transferring Backup Files170Restoring Files from Locally Stored Backup Files172Managing Nokia IPSO Images173Changing Current Image173Deleting Images173Installing New Images174Testing a New Image175Upgrading Nokia IPSO Images for a Cluster176Downgrading Nokia IPSO Images176Configuring Monitor Reports177Managing Packages178Installing and Enabling Packages178Advanced System Tuning180Tuning the TCP/IP Stack180Router Alert IP Option1814 Virtual Router Redundancy Protocol (VRRP)183VRRP Overview183How VRRP Works183Understanding Monitored-Circuit VRRP186Configuring VRRP186Selecting Configuration Parameters187Before you Begin191Configuring Monitored-Circuit VRRP192Configuring VRRPv2196Configuring Check Point NGX for VRRP197Configuring VRRP Rules for Check Point NGX199Link Aggregation (IP2250 Systems Only)201Monitoring VRRP201Monitoring the Firewall State203Troubleshooting VRRP203General Configuration Considerations203Firewall Policies204Access Control Lists204Switched Environments2055 Configuring Clustering207IP Clustering Description207Using Flash-Based Platforms207Example Cluster208Cluster Management209Cluster Terminology210Clustering Modes212Considerations for Clustering214If You Do Not Use a Dedicated Primary Cluster Protocol Network217Upgrading IPSO in a Cluster217For All Upgrades218Upgrading from IPSO 3.7 or Later218Upgrading from IPSO 3.6218Creating and Configuring a Cluster220Configuration Overview220Creating a Cluster220Selecting the Cluster Mode221Configuring the Work Assignment Method221Configuring an Interface222Configuring Firewall Monitoring223Supporting Non-Check Point Gateways and Clients223Configuring Join-Time Shared Features226Making the Cluster Active229Adding a Node to a Cluster229Recommended Procedure230Joining a System to a Cluster231Managing a Cluster231Using Cluster Voyager232Synchronizing the Time on Cluster Nodes239Configuring NGX for Clustering241Clustering Example (Three Nodes)243Configuring the Cluster in Voyager244Configuring the Internal and External Routers245Clustering Example With Non-Check Point VPN2466 Configuring SNMP249SNMP Overview249SNMP Proxy Support for Check Point MIB252Using the Check Point MIB253Using cpsnmp_start253Enabling SNMP and Selecting the Version254Configuring the System for SNMP255Setting an Agent Address255Configuring Traps256Interpreting Error Messages260Configuring SNMPv3262Request Messages263Managing SNMP Users2637 Configuring IPv6267IPv6 Overview267Interfaces268IPv6 and IPv4 Compatibility270Configuring IPv6 in IPv4 Tunnels270Configuring IPv6 to IPv4271Configuring IPv6 over IPv4271Configuring IPv4 in IPv6 Tunnels272Configuring an IPv6 Default or Static Route272Routing Configuration273Configuring OSPFv3273Configuring RIPng273Creating IPv6 Aggregate Routes273Creating Redistributed Routes274Router Discovery275Configuring ICMPv6 Router Discovery275VRRP for IPv6277Configuring VRRP for IPv6277Creating a Virtual Router for an IPv6 Interface Using VRRPv3278Creating a Virtual Router to Back Up Another VRRP Router Addresses Using VRRPv3278Monitoring the Firewall State279Setting a Virtual MAC Address for a Virtual Router280Changing the IP Address List of a Virtual Router in VRRPv3281Removing a Virtual Router in VRRPv3281Creating a Virtual Router in Monitored Circuit Mode for IPv6282Setting Interface Dependencies for a Monitored Circuit Virtual Router for IPv6283Changing the List of Addresses in a Monitored Circuit Virtual Router for IPv6284Traffic Management284Security and Access Configuration2858 Managing Security and Access287Managing Passwords287Managing User Accounts288Adding and Deleting Users289Managing and Using S/Key290Managing Groups292Role-Based Administration293Managing Roles294Assigning Roles and Access Mechanisms to Users295Creating Cluster Administrator Users296Configuring Network Access and Services297Configuring a Modem on COM2, COM3, or COM4298Configuring Nokia Network Voyager Access300Configuring Basic Nokia Network Voyager Options301Generating and Installing SSL/TLS Certificates302Secure Shell (SSH)304Initial SSH Configuration305Configuring Advanced Options for SSH306Configuring Secure Shell Authorized Keys308Changing Secure Shell Key Pairs309Managing User RSA and DSA Identities310Tunneling HTTP Over SSH311Network Voyager Session Management311Enabling Enabling or Disabling Session Management312Configuring Session Timeouts312Authentication, Authorization, and Accounting (AAA)313Creating an AAA Configuration313Configuring RADIUS319Configuring TACACS+321Deleting an AAA Authentication Server Configuration322Changing an AAA Configuration323Deleting an AAA Configuration327Encryption Acceleration327Enabling Encryption Accelerator Cards328Monitoring Cryptographic Acceleration328IPSec Tunnels (IPSO Implementation)328Using PKI332IPSec Implementation in IPSO332IPSec Parameters334Creating an IPSec Policy335Creating an IPSec Tunnel Rule341Transport Rule342IPSec Tunnel Rule Example344IPSec Transport Rule Example346Changing the Local/Remote Address or Local/Remote Endpoint of an IPSec Tunnel348Removing an IPSec Tunnel348Miscellaneous Security Settings3499 Configuring Routing351Routing Overview351Routing Protocols351Route Maps353OSPF353Types of Areas354Area Border Routers355High Availability Support for OSPF355Configuring OSPF356RIP365RIP 2365RIP 1366Virtual IP Address Support for VRRP366Configuring RIP367Configuring RIP Timers368Configuring Auto-Summarization369RIP Example369PIM370Configuring Virtual IP Support for VRRP371PIM Support for IP Clustering371Configuring Dense-Mode PIM373Disabling PIM374Setting Advanced Options for Dense-Mode PIM (Optional)375Configuring Sparse-Mode PIM376Configuring High-Availability Mode377Configuring this Router as a Candidate Bootstrap and Candidate Rendezvous Point379Configuring a PIM-SM Static Rendezvous Point380Setting Advanced Options for Sparse-Mode PIM (Optional)381Debugging PIM383IGRP385Generation of Exterior Routes387Aliased Interfaces388IGRP Aggregation388Configuring IGRP388DVMRP390Configuring DVMRP391Configuring DVMRP Timers391IGMP392Configuring IGMP393Static Routes394Adding and Managing Static Routes Example397Backup Static Routes398Route Aggregation398Route Aggregation Example400Route Rank401Rank Assignments401Routing Protocol Rank Example402BGP403Support for BGP-4++403BGP Sessions (Internal and External)404BGP Path Attributes404BGP Multi-Exit Discriminator406BGP Interactions with IGPs406Inbound BGP Route Filters407Redistributing Routes to BGP407Communities407Route Reflection408Confederations409EBGP Multihop Support410Route Dampening411TCP MD5 Authentication411BGP Support for Virtual IP for VRRP412BGP Support for IP Clustering413BGP Memory Requirements413BGP Neighbors Example415Path Filtering Based on Communities Example418BGP Multi Exit Discriminator Example419Changing the Local Preference Value Example421BGP Confederation Example423Route Reflector Example426BGP Community Example428EBGP Load Balancing Example: Scenario #1430EBGP Load Balancing Example: Scenario #2432Adjusting BGP Timers Example433TCP MD5 Authentication Example434BGP Route Dampening Example435BGP Path Selection436BGP-4++ Example436Route Redistribution438Redistributing Routes to BGP439Redistributing Routes to RIP and IGRP440Redistributing OSPF to BGP Example443Redistributing Routes with OSPF444Inbound Route Filters445BGP Route Inbound Policy Example446BGP AS Path Filtering Example44810 Configuring Traffic Management449Traffic Management Overview449Packet Filtering Description449Traffic Shaping Description449Traffic Queuing Description450Configuring Access Control Lists450Configuring ACL Rules452Modifying a Rule453Configuring Aggregation Classes455Configuring Queue Classes457Configuring ATM QoS459Configuring Common Open Policy Server461Configuring a COPS Client ID and Policy Decision Point462Configuring Security Parameters for a COPS Client ID462Assigning Roles to Specific Interfaces463Activating and Deactivating the COPS Client464Changing the Client ID Associated with Specific Diffserv Configuration464Deleting a Client ID464Example: Rate Shaping465Example: Expedited Forwarding46611 Configuring Router Services469BOOTP/DHCP Relay469Configuring BOOTP/DHCP Relay470IP Broadcast Helper471Router Discovery472Router Discovery Overview473Configuring Router Discovery473Network Time Protocol (NTP)475Configuring NTP47612 Monitoring System Configuration and Hardware479Viewing System Utilization Statistics479CPU-Memory Live Utilization479Disk and Swap Space480Monitoring Process Utilization480IPSO Process Management481Generating Monitor Reports482Monitoring System Health483Monitoring System Logs484Viewing Cluster Status and Members485Viewing Routing Protocol Information486Displaying the Kernel Forwarding Table486Displaying Route Settings486Displaying Interface Settings487Hardware Monitoring487Using the iclid Tool488iclid Commands488Preventing Full Log Buffers and Related Console Messages494Index497A497B497C498D499E500F500G501H501I502J503K503L503M504N504O505P505Q506R506S507T508U508V509W510X510Size: 2.76 MBPages: 510Language: EnglishOpen manual