ユーザーズマニュアル目次About this User Guide3Applicable Firmware Revision3Who Should Use This User Guide3How To Use This User Guide3Document Conventions4Quick Start Recommendations4Table Of Contents8Table Of Figures19Chapter 1 – Setting Up And Administering The Router29Introduction29Access Methods29Accounts And Password Management29Default Configuration29Accessing The RuggedRouter Command Prompt30From the Console Port30From SSH30The RuggedRouter Setup Shell30Configuring Passwords30Configuring IP Address Information31Setting The Hostname31Configuring Radius Authentication31Enabling And Disabling The SSH and Web Server32Enabling And Disabling The Gauntlet Security Appliance33Configuring The Date, Time And Timezone33Displaying Hardware Information34Restoring A Configuration35The RuggedRouter Web Interface36Using a Web Browser to Access the Web Interface36SSL Certificate Warnings36The Structure of the Web Interface36Using The LED Status Panel38Obtaining Chassis Information39Chapter 2 – Webmin Configuration40Introduction40Webmin Configuration Menu40IP Access Control40Ports And Addresses41Change Help Server41Logging42Authentication43Webmin Events Log44Chapter 3 – Configuring The System46Introduction46Bootup And Shutdown46Change Password Command47Scheduled Commands47Scheduled Cron Jobs49System Hostname50System Time50Chapter 4 – Configuring Networking51Introduction51Network Configuration51Core Settings52Dummy Interface52Routing And Gateways53Default Route Table53Configured Static Routes53Manually Entered Static Routes54Static Multicast Routing55DNS Client56Host Addresses56End To End Backup56Configuring End To End Backup58Current Routing & Interface Table58Chapter 5 – Configuring Ethernet Interfaces59Introduction59Ethernet Interface Fundamentals59LED Designations59VLAN Interface Fundamentals59VLAN Tag59RuggedRouter Functions Supporting VLANs60PPPoE On Native Ethernet Interfaces Fundamentals60Ethernet61Ethernet Interfaces61Editing Currently Active Interfaces62Virtual Interfaces63Virtual Lan Interfaces63Edit Boot Time Interfaces63PPPoE On Native Ethernet Interfaces64Edit PPPoE Interface65PPP Logs66Current Routes & Interface Table66Chapter 6 – Configuring Frame Relay/PPP And T1/E167Introduction67T1/E1 Fundamentals67Frame Relay67Location Of Interfaces And Labeling68LED Designations68Included With T1E168T1/E168T1/E1 Network Interfaces69Strategy For Creating Interfaces69Naming Of Logical Interfaces70Editing A T1/E1 Interface70T1 Settings71E1 Settings71Editing A Logical Interface (Frame Relay)72Frame Relay Link Parameters72Frame Relay DLCIs73Editing A Logical Interface (PPP)73T1/E1 Statistics74Link Statistics74Frame Relay Interface Statistics75PPP Interface Statistics76T1/E1 Loopback77Current Routes & Interface Table78Upgrading Software78Upgrading Firmware78Chapter 7 – Configuring Frame Relay/PPP And T379Introduction79T3 Fundamentals79Location Of Interfaces And Labeling79LED Designations79T3 Configuration80T3 Network Interfaces80Naming Of Logical Interfaces80Editing A T3 Interface81Editing A Logical Interface (Frame Relay)81Editing A Logical Interface (PPP)82T3 Statistics82Current Routes & Interface Table82Upgrading Software83Chapter 8 – Configuring Frame Relay/PPP And DDS85Introduction85DDS Fundamentals85Location Of Interfaces And Labeling85LED Designations85DDS Configuration86DDS Network Interfaces86Naming Of Logical Interfaces87Editing A Logical Interface (Frame Relay)87Editing A Logical Interface (PPP)88DDS Statistics88Link Statistics88Frame Relay And PPP Interface Statistics89DDS Loopback89Current Routes & Interface Table89Upgrading Software89Chapter 9 – Configuring PPPoE/Bridged Mode On ADSL91Introduction91ADSL Fundamentals91PPPoE/Bridged Mode Fundamentals91Authentication, Addresses and DNS Servers92PPPoE MTU Issues92Bridged Mode92Location Of Interfaces And Labeling92LED Designations92ADSL Configuration93ADSL Network Interfaces93Editing A Logical Interface (PPPoE)93Editing A Logical Interface (Bridged)94ADSL Statistics95Current Routes & Interface Table96Upgrading Software96Chapter 10 – Configuring PPP and Modem97Introduction97Modem Fundamentals97PPP Mode Fundamentals97Authentication, Addresses and DNS Servers97When the Modem Connects97LED Designations97Modem Main Menu98Modem Configuration98Modem PPP Client Connections100Modem PPP Client100Modem PPP Server101Modem Incoming Call Logs101Modem PPP Logs102Modem PPP Connection Logs103Current Routes & Interface Table103Chapter 11 – Configuring The Firewall105Introduction105Firewall Fundamentals105Stateless vs Stateful Firewalls105Linux® netfilter, iptables And The Shoreline Firewall105Network Address Translation106Port Forwarding107Shorewall Quick Setup107ShoreWall Terminology And Concepts108Zones108Interfaces108Hosts109Policy109Masquerading And SNAT110Rules111Configuring The Firewall And VPN112Route Based Virtual Private Networking112Policy Based Virtual Private Networking113Virtual Private Networking To A DMZ113Firewall Main Menu114Network Zones116Network Interfaces116Network Zone Hosts118Default Policies119Masquerading119Firewall Rules120Static NAT121Actions When Stopped122Chapter 12 – Configuring An IPsec VPN125Introduction125VPN Fundamentals125IPsec Modes125Policy Vs Route Based VPNs125Supported Encryption Protocols126Public Key And Pre-shared Keys126X509 Certificates127NAT Traversal127Other Configuration Supporting IPSec127The Openswan Configuration Process128IPsec and Router Interfaces128VPN Main Menu Before Key Generation128VPN Main Menu128Server Configuration130Public Key131Preshared Keys131List Certificates132VPN Connections132IPsec VPN Connection Details132Left/Right System's Settings134Export Configuration134Showing IPsec Status135IPSec X.509 Roaming Client Example136Select A Certificate Authority136Generate X.509 Certificates137VPN Networking Parameters137Client Configuration137Router IPSec Configuration137Firewall IPSec Configuration138Ethernet Port Configuration138Chapter 13 – Configuring Dynamic Routing140Introduction140Quagga, RIP and OSPF140RIP Fundamentals140OSPF Fundamentals141Link State Advertisements141Key OSPF And RIP Parameters141Network Areas141Router-ID142Hello Interval and Dead Interval142Active/Passive Interface Default142Redistributing Routes142Link Detect143Configuring OSPF Link Costs143OSPF Authentication143RIP Authentication143OSPF And Antispoofing143Administrative Distances144OSPF And VRRP Example Network145Area And Subnets145VRRP Operation145Dynamic Routing146Enable Protocols146Core147Core Global Parameters147Core Interface Parameters147View Core Configuration148OSPF149OSPF Global Parameters149OSPF Interfaces151OSPF Network Areas152OSPF Status152View OSPF Configuration152RIP152RIP Global Parameters153RIP Key Chains154RIP Interfaces154RIP Networks155RIP Status156View RIP Configuration156Chapter 14 – Configuring Link Backup158Introduction158Link Backup Fundamentals158Path Failure Discovery158Use Of Routing Protocols And The Default Route159Link Backup Main Menu159Link Backup Configuration159Edit Link Backup Configuration160Link Backup Logs161Link Backup Status161Test Link Backup161Chapter 15 – Configuring VRRP164Introduction164VRRP Fundamentals164The Problem With Static Routing164The VRRP Solution164VRRP Terminology164VRRP Main Menu167VRRP Configuration167Editing A VRRP Instance168Viewing VRRP Instances Status169Chapter 16 – Configuring Traffic Prioritization170Introduction170Traffic Prioritization Fundamentals170Priority Queues170Filters170TOS Prioritization171Included With Traffic Prioritization171Prioritization Example172Traffic Prioritization Main Menu173Interface Prioritization Menu173Prioritization Queues174Prioritization Filters174Prioritization Transmit Queue Length174Prioritization Statistics175Chapter 17 – Configuring Generic Routing Encapsulation176Introduction176GRE Fundamentals176GRE Main Menu177GRE Configuration Menu177Chapter 18 – Network Utilities179Introduction179Network Utilities Main Menu179Ping Menu180Traceroute Menu180Host Menu181Trace Menu181Tcpdump A Network Interface181Frame Relay Link Layer Trace A WAN Interface182Serial Trace A Serial Server Port182Interface Statistics Menu183Current Routing & Interface Table184Interface Status185Chapter 19 – Configuring Serial Protocols187Introduction187Serial IP Port Features187LED Designations187Serial Protocols Applications188Character Encapsulation188RTU Polling188Broadcast RTU Polling188Serial Protocols Concepts And Issues189Host And Remote Roles189Use Of Port Redirectors189Message Packetization189Use of Turnaround Delays190Serial Protocols Main Menu190Assign Protocols Menu191Port Settings Menu191RawSocket Menu191Serial Protocols Statistics Menu193Protocol Specific Packet Error Statistics193Serial Protocols Trace Menu194Serial Protocols Sertrace Utility195Chapter 20 – Configuring GOOSE Tunnels197Introduction197IEC61850 GOOSE Fundamentals197Layer 2 Tunnel Daemon Details197Layer 2 Tunnels Main Menu198General Configuration Menu199GOOSE Tunnels Menu199GOOSE Statistics Menu200Activity Trace Menu200Chapter 21 - Configuring The DHCP server203Introduction203DHCP Fundamentals203DHCP Network Organizations203DHCP Client Options203Option 82 Support with Disable NAK205Example DHCP Scenarios And Configurations206Single Network With Dynamic IP Assignment206Single Network With Static IP Assignment206Single Network With Option82 Clients On One Switch206Multiple Subnets On Separate VLANs Using Option82 On One Switch207DHCP Server Main Menu209DHCP Shared Network Configuration210DHCP Subnet Configuration211DHCP Group Configuration212DHCP Host Configuration212DHCP Pool Configuration213Chapter 22 – Configuring NTP214Introduction214NTP Fundamentals214The NTP Sanity Limit215NTP And The Precision Time Protocol Card215Included With NTP215NTP Server Main Menu216Generic Options216Servers Configuration217Peers Configuration217Viewing The NTP Status218Viewing The NTP Log218Viewing The GPS Status219Viewing The GPS Log219Chapter 23 – Configuring SSH220Introduction220SSH Fundamentals220Included With SSH220SSH Main Menu221Authentication221Networking222Access Control222Chapter 24 – Configuring IRIGB And IEEE1588224Introduction224IEEE1588 Fundamentals224PTP Network Roles224PTP Master Election224Synchronizing NTP from IEEE1588225IRIGB Fundamentals225IRIGB Output Formats225Reference Clocks226How The Router Selects A Reference Clock226GPS Cable compensation226IRIGB/IEEE1588 Main Menu227General Configuration227IRIGB Configuration228IEEE1588 Configuration228IRIGB Status229IEEE1588 Status229IRIGB Log230Chapter 25 – Configuring The Snort IDS232Introduction232Snort Fundamentals232Which Interfaces To Monitor232Snort Rules232Alerting Methods232Performance And Resources233Snort IDS Main Menu233Global Configuration233Interfaces233Rulesets234Rule Lookup by SID234Network Settings234PreProcessors235Alerts & Logging235Edit Config File236Chapter 26 – Maintaining The Router237Introduction237Alert System237Alert Menu237Alert Configuration238Alert Filter Configuration239Alert Definition Configuration239Change Alert Definition240Gauntlet Security242What And How Gauntlet Protects242Gauntlet And The Firewall242Gauntlet Status Menu243Upgrading Gauntlet243Backup And Restore244General Configuration245Archive History246Archive Backup246Archive Restore247Archive Difference Tool247SNMP Configuration249SNMP Configuration Main Menu250System Configuration250Network Addressing Configuration250Access Control251Trap Configuration253MIB Support254Radius Authentication255Radius Authentication Configuration256Edit Radius Server Parameters256Outgoing Mail257Chassis Parameters258System Logs259Syslog Factory Defaults259Remote Logging260Upgrade System261RuggedRouter Software Fundamentals261When A Software Upgrade Requires A Reboot262Automatic Upgrade262Upgrade to RX1100263Change Repository Server263Automatic Upgrading264Upgrading All Packages264Installing A New Package265Pre-upgrade/Post-upgrade scripts265Uploading And Downloading Files266Chapter 27 – Security Considerations267Introduction267Security Actions267Appendix A – Setting Up A Repository269Repository Server Requirements269Initial Repository Setup269Upgrading The Repository270Setting Up The Routers270An Alternate Approach270Upgrading Considerations271Appendix B – Downgrading Router Software272Appendix C – Installing Apache Web Server On Windows273Appendix D – Installing IIS Web Server On Windows275Appendix E – Radius Server Configuration276FreeRadius276Windows Internet Authentication Service276Index280サイズ: 4.54MBページ数: 284Language: Englishマニュアルを開く