Compatible-systems 5.4 Manuel d'utilisateur

CompatiView 5.4Reference GuideCompatible Systems Corporation4730 Walnut StreetSuite 102Boulder, Colorado 80301303-444-9532800-356-0283http://www.comp

4 Chapter 1 - Installation and Overview• The Help menu, which provides standard help functions. v Note: Some of the menu items will be grayed out un

94 Chapter 5 - DECnet Routing & BridgingLogically, the DECnet Bridge Group is treated by the router as an interface (Bridge 0). The settings in t

Chapter 5 - DECnet Routing & Bridging 95• If it is set to DECnet Off, then any DECnet packets received on this interface are discarded.DECnet: WAN

96 Chapter 5 - DECnet Routing & BridgingHello TimerDECnet hello messages tell end nodes which routers are available to route packets. This parame

Chapter 6 - VPN Ports and LAN-to-LAN Tunnels 97Chapter 6 - VPN Ports and LAN-to-LAN TunnelsAdd VPN Port Dialog BoxAdd VPN Port Dialog BoxThis section

98 Chapter 6 - VPN Ports and LAN-to-LAN TunnelsTunnel Partner: VPN Configuration Dialog BoxTunnel Partner: VPN Configuration Dialog BoxOnce you have

Chapter 6 - VPN Ports and LAN-to-LAN Tunnels 99IKE Key ManagementIKE Key Management Dialog BoxOnce you have created a VPN port, you may access the IK

100 Chapter 6 - VPN Ports and LAN-to-LAN Tunnels• If Respond is selected, this Tunnel Partner will use IKE, but will only respond to tunnel establish

Chapter 6 - VPN Ports and LAN-to-LAN Tunnels 101To add, remove, or edit a Transform, you must access the IKE Configuration Dialog Box by selecting the

102 Chapter 6 - VPN Ports and LAN-to-LAN TunnelsManual Key Management.Manual Key Management Dialog BoxOnce you have created a VPN port, you may acces

Chapter 6 - VPN Ports and LAN-to-LAN Tunnels 103Enable EncryptionThis checkbox controls whether all tunnel traffic will be encrypted. • If checked, ea

Chapter 1 - Installation and Overview 5If the device is a multislot product such as a VSR or IntraPort Enterprise, both the slot number and the interf

Interoperability Settings Dialog BoxTo access this dialog box, select VPN Port #/Interoperability Settings from the device view.ModeThis pull-down men

Chapter 6 - VPN Ports and LAN-to-LAN Tunnels 105Local / AccessThis used to specify a local host or subnet which will be reachable by the tunnel. It is

106 Chapter 6 - VPN Ports and LAN-to-LAN Tunnels•50 - ESP (Encapsulating Security Protocol)•51 - AH (Authentication Header)•89 - OSPF (Open Shortest

Chapter 6 - VPN Ports and LAN-to-LAN Tunnels 107

108 Chapter 6 - VPN Ports and LAN-to-LAN Tunnels

Chapter 7 - VPN Client Tunnels 109Chapter 7 - VPN Client TunnelsVPN Group Configuration Dialog BoxVPN Group Configuration Dialog Box and General TabTo

110 Chapter 7 - VPN Client Tunnels> Current VPN GroupThis edit box allows a VPN group configuration to be selected. Any changes made in the tab wi

Chapter 7 - VPN Client Tunnels 111Inactivity TimeoutThis is the number of seconds the device will wait without receiving any traffic from a client bel

112 Chapter 7 - VPN Client TunnelsVPN Group Configuration IKE Configuration TabVPN Group Configuration IKE Configuration TabTransformThis specifies t

Chapter 7 - VPN Client Tunnels 113This group is set (as G1 or G2) in the IKE Policy Dialog Box. The IKE Policy Dialog Box is discussed later in this c

6 Chapter 1 - Installation and OverviewThe File Menu The File menu provides options which allow you to create and manage configurations in CompatiVie

114 Chapter 7 - VPN Client TunnelsChoosing either of the top two checkboxes means that the Encapsulating Security Payload (ESP) header will be used t

Chapter 7 - VPN Client Tunnels 115• If Fixed is selected, Personal Level Encryption will be used to scramble the data using a fixed key.• If PLE is se

116 Chapter 7 - VPN Client TunnelsEach of the addresses thus generated must be a valid, unique, and unused IP address. Also, these addresses must not

Chapter 7 - VPN Client Tunnels 117> Allow Connections ToThis scrolling list displays the IP networks which the client will be told are reachable vi

118 Chapter 7 - VPN Client TunnelsVPN Group Configuration IP Filters TabVPN Config IP Filters Tab> Input FiltersThese pulldowns allow the selectio

Chapter 7 - VPN Client Tunnels 119VPN Group Configuration IPX Connection TabVPN Config IPX Connection Tab> Local IPX NetThis edit box specifies the

120 Chapter 7 - VPN Client Tunnelsagated throughout an internet. The IPX Packet Type 20 is designated to perform broadcast propagation for these prot

Chapter 7 - VPN Client Tunnels 121> Input FiltersThese pulldowns allow the selection of previously created filter scripts which will be applied to

122 Chapter 7 - VPN Client TunnelsVPN Group Configuration SecurID TabVPN Group Configuration SecurID TabSecurID RequiredCheck this box to specify tha

Chapter 7 - VPN Client Tunnels 123VPN Group Configuration DNS Redirection TabVPN Group Configuration DNS Redirection TabPrimary ServerThe primary serv

Chapter 1 - Installation and Overview 7Download Config to Device Dialog BoxSave / Restart OptionsThe settings in this dialog box are specific for this

124 Chapter 7 - VPN Client TunnelsTo add or modify the Local Domain Names, click on the appropriate button to access the Add Local Domain Dialog BoxA

Chapter 7 - VPN Client Tunnels 125WINS queries to the IntraPort and the IntraPort will take all WINS queries bound for the client’s primary WINS serve

126 Chapter 7 - VPN Client TunnelsVPN User Dialog Box> NameThis is the name of a user who will connect to the device using VPN client software.>

Chapter 7 - VPN Client Tunnels 127STEP/STAMP Encryption SecretThis is a shared alphanumeric long term secret between 1-255 characters long. It is used

128 Chapter 7 - VPN Client Tunnels2. The second piece is the encryption algorithm. DES (Data Encryption Standard) uses a 56-bit key to scramble the d

Chapter 7 - VPN Client Tunnels 129

130 Chapter 7 - VPN Client Tunnels

Chapter 8 - IntraGuard Firewall Configuration 131Chapter 8 - IntraGuard Firewall ConfigurationThere are three pre-set paths in the IntraGuard Firewall

132 Chapter 8 - IntraGuard Firewall ConfigurationSettings: FirewallPath Dialog BoxSettings: FirewallPath Dialog Box To access this dialog box, select

Chapter 8 - IntraGuard Firewall Configuration 133If more than one interface is designated as an inside or outside interface on a particular path, thos

8 Chapter 1 - Installation and Overviewcurrent operations without restarting the device. This is the equivalent of issuing the apply command and then

134 Chapter 8 - IntraGuard Firewall ConfigurationAdvanced Settings: Firewall Path Dialog BoxAdvanced Settings: Firewall Path Dialog BoxTo access this

Chapter 8 - IntraGuard Firewall Configuration 135SynRejectOnlyThis checkbox sets whether the device will limit itself to sending TCP reset messages on

136 Chapter 8 - IntraGuard Firewall ConfigurationSecurity Policies: Firewall Path Dialog BoxSecurity Policies: Firewall Path Dialog Box This dialog b

Chapter 8 - IntraGuard Firewall Configuration 137excluded. The only exceptions to those rules are that the BPG and X Window protocols are excluded fro

138 Chapter 8 - IntraGuard Firewall ConfigurationSecurity Policies at a Glance: The following chart shows how each of the 31 protocols is treated by

Chapter 8 - IntraGuard Firewall Configuration 139Security Policy Protocol Setting Dialog BoxSecurity Policy Protocol Setting Dialog Box To change the

140 Chapter 8 - IntraGuard Firewall Configuration• DNSUse defines how DNS (Domain Name Service) packets will be handled on the path. DNS is the proto

Chapter 8 - IntraGuard Firewall Configuration 141• SunRPCUse defines how SunRPC (Sun’s Remote Procedure Call Protocol) packets will be handled on the

142 Chapter 8 - IntraGuard Firewall ConfigurationAllow Ports/Protocols Dialog BoxSecurity Policy Protocol Setting Dialog Box To access the Allow Port

Chapter 8 - IntraGuard Firewall Configuration 143Firewall Logging Dialog BoxFirewall Logging Dialog BoxTo access this dialog box, select Global/Firewa

Chapter 1 - Installation and Overview 9Delete opens a confirmation prompt to delete the path. You must have a fire-wall path selected to enable the De

144 Chapter 8 - IntraGuard Firewall ConfigurationThe event log messages will appear in the log buffer (or wherever log messages are being sent), only

Chapter 8 - IntraGuard Firewall Configuration 145ICMP Resets ICMPResets messages are created by the firewall whenever a non-TCP session (i.e. UDP or I

146 Chapter 8 - IntraGuard Firewall ConfigurationFirewall Settings Dialog BoxFirewall Settings Dialog Box To access this dialog box, select Global/Fi

Chapter 8 - IntraGuard Firewall Configuration 147TCPTimeout This field sets the number of seconds the firewall will wait before shutting down an inac

Chapter 9 - Bridging 149Chapter 9 - BridgingGlobal Bridging Configuration Dialog BoxGlobal Bridging Configuration Dialog Boxv Note: If you need more

150 Chapter 9 - BridgingEach Bridge Group can have routing parameters set for it. All of the interfaces in the group share these parameters.To access

Chapter 9 - Bridging 151v Note: Nodes on segments connected through routers which are not doing bridging do not need to be counted. This is because a

152 Chapter 9 - BridgingBridging: Ethernet Configuration Dialog BoxBridging: WAN Configuration Dialog BoxBridging: VPN Configuration Dialog BoxInterf

Chapter 9 - Bridging 153v Note: WAN bridging is not recommended for ports set to On Demand PPP Link operation. Bridging requires that any broadcast t

10 Chapter 1 - Installation and OverviewOptionsThis menu item brings up a dialog box which lets you set a variety of options having to do with Compat

154 Chapter 9 - BridgingExclude Non-Routed ProtocolsThis checkbox determines whether this interface will bridge protocols which the router does not r

Chapter 10 - WAN Link Protocols 155Chapter 10 - WAN Link ProtocolsLink Configuration: WAN Dialog BoxLink Configuration: WAN Dialog BoxTo access this d

156 Chapter 10 - WAN Link Protocols> Link TypeThis pull-down menu determines how the router will maintain the WAN link, and sets the low-level com

Chapter 10 - WAN Link Protocols 157router stops receiving Frame Relay switch maintenance packets, or if all user PVCs go down.• If None is selected,

158 Chapter 10 - WAN Link ProtocolsAllow Dial InThis checkbox tells the router whether it should accept incoming on-demand PPP connections from other

Chapter 10 - WAN Link Protocols 159commands in the chat scripts you select as the Dial-Out Script and/or Dial-back Script.• If you select V.25bis dial

160 Chapter 10 - WAN Link Protocols• If you select None here, the router will not initiate a global dial-back on all incoming connections to this int

Chapter 10 - WAN Link Protocols 161Failover Timers Configuration Dialog BoxFailover Timers Configuration Dialog BoxYou can access the Failover Timers

162 Chapter 10 - WAN Link ProtocolsFrame Relay Configuration Dialog BoxFrame Relay Configuration Dialog Boxv Note: If you need more information abou

Chapter 10 - WAN Link Protocols 163> Polling FrequencyThe router is required to periodically poll the Frame Relay switch at the other end of the co

Chapter 1 - Installation and Overview 11be loaded to the file on disk. If left unchecked, you will be prompted each time the config files are changed

164 Chapter 10 - WAN Link ProtocolsDLCI Database Dialog BoxDLCI Database Configuration Dialog BoxDLCI Entry Dialog Boxv Note: If you need more infor

Chapter 10 - WAN Link Protocols 165The Data Link Connection Identifier (DLCI) is a number which uniquely identifies one end of a Permanent Virtual Cir

166 Chapter 10 - WAN Link ProtocolsIPX AddressThis is the IPX address of the interface of the router WAN interface at the other end of the PVC. It sh

Chapter 10 - WAN Link Protocols 167PPP Link from the Link Type pulldown in the Link Configuration: WAN Dialog Box (under WAN/Link Configuration), and

168 Chapter 10 - WAN Link Protocols• If checked this router will use the values in the Name and Secret fields to respond to a CHAP challenge from the

Chapter 10 - WAN Link Protocols 169from the Link Type pulldown in the Link Configuration: WAN Dialog Box (under WAN/Link Configuration), and then clic

170 Chapter 10 - WAN Link Protocols• If unchecked this router will not provide any PAP information if it is requested by the device at the other end

Chapter 10 - WAN Link Protocols 171IP MulticastThis is the IP multicast address. This address is the SMDS group address assigned by the service provid

172 Chapter 10 - WAN Link ProtocolsSequenced Predictor CompressionPacket data can be compressed to provide better throughput across slower WAN links.

Chapter 10 - WAN Link Protocols 173The number of echo packets sent, and the number of responses, are counted. If the conditions set in the Drop Link W

12 Chapter 1 - Installation and Overview • Save config, but don’t restart device. This parameter will save an edited configuration without restarting

174 Chapter 10 - WAN Link ProtocolsMRUThis is the Maximum Receive Unit size in bytes for PPP packets. The default value is 1500 bytes.ACCMThe Asynchr

Chapter 10 - WAN Link Protocols 175To access this dialog box, select Global/Multilink PPP from the Device View. This dialog box defines a list of MPPP

176 Chapter 10 - WAN Link Protocolsv Note: While the shorter header can enhance performance slightly, routers from other vendors may not be compatib

Chapter 10 - WAN Link Protocols 177All of the chat scripts stored in a router are available to any of the router’s WAN interfaces. To select the scrip

178 Chapter 10 - WAN Link ProtocolsAll control characters are preceded by a backslash character (\) which tells the router that what follows is an es

Chapter 10 - WAN Link Protocols 179• CONNECT -- The other end has successfully answered. Note that some modems require a switch to be set correctly to

180 Chapter 10 - WAN Link ProtocolsChat Script ExamplesThere are as many variations of chat scripts as there are specific installation requirements.

Chapter 10 - WAN Link Protocols 181User Authentication Database Dialog BoxUser Authentication Database Configuration Dialog BoxAuthentication Database

182 Chapter 10 - WAN Link Protocols> Remote NameThis is the name of the remote device.• For PAP entries, this is the name of the device we are req

Chapter 11 - TCP/IP Filtering 183Chapter 11 - TCP/IP FilteringMain TCP/IP Filtering Dialog BoxMain TCP/IP Filtering Configuration Dialog BoxTo access

Chapter 1 - Installation and Overview 13The Control menu lets you update the software contained in the Flash ROM of a device. Download SoftwareWhen ne

184 Chapter 11 - TCP/IP FilteringBlock IP Source RoutingThis check box sets a filter in the device which drops any received packet which has the “sou

Chapter 11 - TCP/IP Filtering 185Filter Editor Dialog Box Buttons and Controls• The Current Filter pull-down menu lets you select a filter set for edi

186 Chapter 11 - TCP/IP FilteringRule sets that have been created with the TCP/IP Route Filter Editor Window must be applied using the pull-down menu

Chapter 11 - TCP/IP Filtering 187IP Route Filter Rule OptionsA direction can optionally be specified with in, out or both. If no direction is specifie

188 Chapter 11 - TCP/IP FilteringIP Route Filter Rule NotificationFilter rule matches can optionally cause a log message to be sent. By default, no l

Chapter 11 - TCP/IP Filtering 189Rules that have been specified using CompatiView may be edited or exam-ined through the command line interface, and v

190 Chapter 11 - TCP/IP Filteringthe device when it compares the address in a packet to the filter rule. For example, an address specified in the rul

Chapter 11 - TCP/IP Filtering 191All of the modifiers also require a port number between 0 and 65535. Port numbers can also be specified using the nam

192 Chapter 11 - TCP/IP Filteringv Note: RFC 1700 "Assigned Numbers" contains a listing of all currently assigned IP protocol keywords and

Chapter 11 - TCP/IP Filtering 193The est keyword allows a rule to be established in which an external connection to a particular port is not allowed,

CompatiView Reference Guide, Version 5.4Copyright © 1999, Compatible Systems CorporationAll rights reserved. CompatiView, RISC Router, MicroRouter, I

14 Chapter 1 - Installation and OverviewThe Output WindowThe CompatiView Output WindowThere is an Output Window at the bottom of the Device View whic

194 Chapter 11 - TCP/IP Filteringv Note: If VPN tunneling with authentication is enabled on an interface to which an IP filter is applied, then the

Chapter 11 - TCP/IP Filtering 195This rule would drop all packets with the source host address 192.15.1.10: deny 192.15.1.10 0.0.0.0 A rule to drop al

196 Chapter 11 - TCP/IP FilteringTCP/IP Packet Filtering: Ethernet Dialog BoxTCP/IP Packet Filtering: WAN Dialog BoxTCP/IP Packet Filtering: VPN Dial

Chapter 12 - IPX Filtering 197Chapter 12 - IPX FilteringMain IPX Filtering Dialog BoxMain IPX Filtering Configuration Dialog BoxTo access this dialog

198 Chapter 12 - IPX FilteringIPX Filter Editor WindowIPX Filter Editor WindowThe editor window shown above is used in CompatiView for editing all IP

Chapter 12 - IPX Filtering 199• The Import button lets you import a previously exported set of filter rules, or a text file in which you have stored f

200 Chapter 12 - IPX FilteringIPX Packet Filter OptionsThe basic action specified in the rule will almost always be accompanied with an option. IPX P

Chapter 12 - IPX Filtering 201source and destination sockets should be used to implicitly filter the packet type. NetBIOS propagate packets (type 14h)

202 Chapter 12 - IPX FilteringIPX Packet Filter Rule ExamplesDrop all packets where the source network number is greater than or equal to 1000 and pe

Chapter 12 - IPX Filtering 203Basic IPX Route Filter Rules and SyntaxAt a minimum, every non-comment line in a filter set must include an action and a

Chapter 1 - Installation and Overview 15be used by Compatible Systems technical support to determine the cause of many problems.EthernetThis menu item

204 Chapter 12 - IPX Filteringv Note: In rules where expressions are used, the syntax checker requires a space before and a space after the expressi

Chapter 12 - IPX Filtering 205• metricout <increment value> This modifier tells the device to increment the metric on outgoing routes which matc

206 Chapter 12 - IPX FilteringRules that have been specified using CompatiView may be edited or exam-ined through the command line interface, and vic

Chapter 12 - IPX Filtering 207• gteq, ge, >=, or => These are allowable ways of writing a “greater than or equal to” operator which will match

208 Chapter 12 - IPX Filtering• Filter rules specifying out are only applied to server information being sent from the device.• Filter rules specifyi

Chapter 12 - IPX Filtering 209deny server = “Test Server”permitThe rule below specifies that only servers from network 7 should be entered into the de

210 Chapter 12 - IPX FilteringOutput FiltersThis set of pull-downs allows you to select previously defined sets of packet filter rules. These rules w

Chapter 13 - AppleTalk Filtering 211Chapter 13 - AppleTalk FilteringMain AppleTalk Filtering Editor WindowMain AppleTalk Filter Editor WindowTo access

212 Chapter 13 - AppleTalk Filtering• The Rename button lets you rename the selected set of filter rules.• The Import button lets you import a previo

Chapter 13 - AppleTalk Filtering 213all packets. For NBP request and reply packets the NBPName, NBPType and NBPZone rules are also used. All other rul

16 Chapter 1 - Installation and OverviewIP Route TableThis menu item displays the IP route table and is the equivalent of the command line’s show ip

214 Chapter 13 - AppleTalk Filtering• lteq, le, <=, or =< These are allowable ways of writing a “less than or equal to” operator which will ma

Chapter 13 - AppleTalk Filtering 215• srcskt <operator> <socket number> This option allows filtering of packets by the source socket from

216 Chapter 13 - AppleTalk FilteringSimple AppleTalk Packet Filter Rule ExamplesThe following is an AppleTalk packet filter which denies echo packets

Chapter 13 - AppleTalk Filtering 217AppleTalk Filtering: Ethernet Dialog BoxAppleTalk Filtering: WAN Dialog BoxAppleTalk Filtering: VPN Dialog BoxAppl

218 Chapter 13 - AppleTalk FilteringOutput RTMP FiltersThis set of pulldowns allows you to select previously defined sets of routing (RTMP) filter r

Chapter 14 - General 219Chapter 14 - GeneralPhysical RS-232 Configuration: WAN Dialog BoxPhysical RS-232 Configuration: WAN Dialog BoxTo access this d

220 Chapter 14 - GeneralTx Clock Internal (Sync Only)This parameter determines whether the interface will source a clock signal or expect to receive

Chapter 14 - General 221Physical T1 Configuration: WAN Dialog BoxPhysical T1: WAN Configuration Dialog BoxTo access this dialog box, select WAN/Physic

222 Chapter 14 - General• If Master is selected, the interface will source clock onto the line.• If Slave is selected, the interface will sync to the

Chapter 14 - General 223Contiguous Channels or Alternate ChannelsThis set of radio buttons determine whether the T1 fraction will occupy every channel

Chapter 1 - Installation and Overview 17OSPF NeighborsThis menu item displays an abbreviated list of current neighbors an their state. This is equival

224 Chapter 14 - GeneralPhysical V.35 Configuration: WAN Dialog BoxPhysical V.35 Configuration: WAN Dialog BoxTo access this dialog box, select WAN/

Chapter 14 - General 225Physical DS3 Configuration: WAN Dialog BoxPhysical DS3 Configuration: WAN Dialog BoxTo access this dialog box, select WAN/Phys

226 Chapter 14 - GeneralInvert Data This checkbox determines whether data will be inverted. Data inversion can be used to meet pulse density requirem

Chapter 14 - General 227To access this dialog box, select Global/System Configuration from the Device View.> Device NameThis is the name which is u

228 Chapter 14 - GeneralSNMP Configuration SNMP System Info Configuration Dialog BoxSNMP System Info Configuration Dialog BoxTo access this dialog bo

Chapter 14 - General 229Advanced SNMP Configuration Dialog BoxAdvanced SNMP Configuration Dialog BoxTo access this dialog box, select Global/System Co

230 Chapter 14 - GeneralCompatible Systems devices support the following SNMP Traps (as outlined in RFC 1157):• coldStart - this will be generated wh

Chapter 14 - General 231AccessThis set of radio buttons controls the type of access the administrator(s) within the Community String will have to this

232 Chapter 14 - GeneralDomain Name Server (DNS) Dialog BoxDomain Name Server Dialog BoxTo access this dialog box, select Global/Domain Name Server

Chapter 14 - General 233To add or modify this list, click on the appropriate button to access the Add TCP/IP DNS Server Dialog Box.Add TCP/IP DNS Serv

18 Chapter 1 - Installation and OverviewMoving and Customizing the WindowsRight-clicking in the area between windows brings up a popup menu which con

234 Chapter 14 - GeneralProtocolThis pulldown identifies the type of time server protocol to use. In most cases, the time server being used will dict

Chapter 14 - General 235RADIUS Configuration Dialog BoxRADIUS Configuration Dialog BoxTo access this dialog box, select Global/RADIUS from the Device

236 Chapter 14 - Generalaccounting. The device acts as a client and exchanges packets with a RADIUS server running on an external host computer.The d

Chapter 14 - General 237VPN Tunnel SecretThis value sets the attribute number for the VPN tunnel secret. The tunnel secret is a shared secret between

238 Chapter 14 - GeneralUse Secret in ChecksumSome RADIUS servers calculate packet validation checksums using both the secret value and the packet da

Chapter 14 - General 239SecurID Configuration Dialog BoxSecurID Configuration Dialog BoxTo access this dialog box, select Global/SecurID from the Devi

240 Chapter 14 - General> Primary ServerThe device will attempt to contact this SecurID server first when attempting to authenticate a user. The a

Chapter 14 - General 241NAT Configuration Dialog BoxNAT Configuration Dialog BoxTo access this dialog box, select Global/NAT Configuration from the De

242 Chapter 14 - General> Internal Range This is the address range of the internal NAT network. This range will be translated into the range of IP

Chapter 14 - General 243TCP TimeoutThis edit box allows you to set the amount of time to lapse without any IP Network Address Translations using this

Chapter 1 - Installation and Overview 19Customize Window View Dialog BoxToolbarsThis tab allows you to choose the toolbars that you want in your displ

244 Chapter 14 - GeneralNAT Range Dialog BoxNAT Range Dialog BoxYou can access the NAT Range Dialog Box by selecting one of the New or Modify buttons

Chapter 14 - General 245NAT Mapping Dialog BoxNAT Mapping Dialog BoxNAT Range Dialog BoxYou can access the NAT Mapping Dialog Box by selecting Global/

246 Chapter 14 - General<internal IP address>This is the IP address on the internal network to be mapped to the external IP address. It must be

Chapter 14 - General 247The following example shows a range of IP addresses being mapped as a translation pair.[ NAT Mapping ]10.5.3.0/29 -> 198.41

248 Chapter 14 - Generalresponse. Examples include login/logout, serial line resets, and LAN-to-LAN connections. This is the default setting and is s

Chapter 14 - General 249interface. To select or deselect more than one interface, press Control while clicking on the interface.LDAP ConfigurationThis

250 Chapter 14 - GeneralAdd LDAP Server Dialog BoxLDAP Config NameThis specifies a name which uniquely defines this LDAP configuration. It can be up

Chapter 14 - General 251Secondary ServerThis sets the IP address (e.g., 192.168.9.99) or fully qualified domain name (e.g., monkeywrench.com) of the s

252 Chapter 14 - GeneralLDAP Authentication Dialog BoxLDAP Authentication Dialog BoxLDAP authentication is done only if the user cannot be found in t

Chapter 14 - General 253Primary ServerThis sets the IP address (e.g., 192.168.9.99) or fully qualified domain name (e.g., monkeywrench.com) of the pri

254 Chapter 14 - General

Chapter 15 - OSPF 255Chapter 15 - OSPFThis chapter provides instructions for configuring a network utilizing the OSPF (Open Shortest Path First) Proto

256 Chapter 15 - OSPFOSPF EnabledThis pull-down menu sets how the interface will function on a network utilizing OSPF.• If On is specified, the inter

Chapter 15 - OSPF 257v Note: If a router with a lower priority is the Designated Router and a new router with a higher priority comes online, the Des

258 Chapter 15 - OSPFcollection of networks under a common administration sharing a common routing strategy. All routers within an area have the same

Chapter 15 - OSPF 259OSPF Area NameThe OSPF Area Name is an integer or IP address. If more than one area is configured within an AS, then one of these

260 Chapter 15 - OSPFTo add or modify a Net Range, click the appropriate button to open the Net Range Dialog Box. Net Range Dialog BoxThe Net Range s

Chapter 15 - OSPF 261OSPF Virtual Link Dialog BoxTo access the OSPF Virtual Link Dialog Box, select OSPF/OSPF Virtual Link from the device view. To a

262 Chapter 15 - OSPFTransit AreaThe transit area is the number assigned to the tunnel between the two routers of the virtual link. Each router must

Chapter 16 - BGP 263Chapter 16 - BGPThis chapter explains how to modify parameters that affect the way Border Gateway Protocol (BGP) operates. These p

Chapter 2 - IP Routing & Bridging 21Chapter 2 - IP Routing & BridgingTCP/IP Routing: Ethernet Dialog BoxTCP/IP Routing: Ethernet Configuration

264 Chapter 16 - BGPFor multi-homed installation where more than one ISP is used, an “official” AS number is required.BGP Local PreferenceThe local p

Chapter 16 - BGP 265To add or modify a BGP aggregate network on the list, click on the appro-priate button to open the Add BGP Aggregate Dialog Box.Ad

266 Chapter 16 - BGPA peer configuration should only be used for more than one peer if all the same parameters are desired. To add or modify these en

Chapter 16 - BGP 267router must also have a route to the external peer that is not directly connected in order to establish a connection.Peer WeightTh

268 Chapter 16 - BGPTo access this dialog box, select Global/IP Loopback from the device view.IP LoopbackThis specifies the IP address of the Loopbac

Chapter 16 - BGP 269The BGP Peer String specifies a BGP peer for this router. The BGP Peer String has the following syntax:On|Off <IP Address>

270 Chapter 16 - BGP• If the preferences are the same, the protocol selects the path that has the shortest AS path length.• If all paths have the sam

Chapter 16 - BGP 271• The New button brings up a dialog box which asks you to name the new route map, then creates a blank editor window and selects t

272 Chapter 16 - BGP• Hexadecimal numbers. Example 0x82cc0801 (This matches the host address 130.204.8.1) The optional /bits at the end of the IP add

Chapter 16 - BGP 273 Special Communities1. noexport - specifies that this route will not be advertised outside a BGP confederation boundary. A BG

22 Chapter 2 - IP Routing & Bridgingv Note: The IP Bridging radio button will be grayed out unless bridging has been turned on globally for the

274 Chapter 16 - BGPBGP NetworksThis dialog box defines a list of routes which will be advertised as originating inside the Autonomous System this ro

Chapter 16 - BGP 275Subnet MaskThe optional mask parameter tells the router how many bits of the IP routing table entry to match against the IP addres

276 Chapter 16 - BGP

Appendices 277AppendicesIP 101v Note: This is a very brief introduction to IP networking. For more in-depth information, there are a number of excell

278 AppendicesChart 1: IP Address ClassesYou can always tell what class an address is by looking at the first octet and comparing it to the chart abo

Appendices 279Chart 3: Subnetted Class C Host Rangesv Note: The lowest calculated address in each range (0 in the traditional C range) is not shown,

280 Appendices Chart 4: Broadcast Address ExamplesThe first three entries are traditional Class A, B and C network addresses and use traditional mask

Appendices 281Static Routes & Routing ProtocolsIn addition to the three required values, you must also decide whether to use an IP routing protoco

282 AppendicesEach group of devices is assigned a unique “network number” which repre-sents that particular group to all of the routers on the network

Appendices 283network cable segment. It may sometimes be desirable for redundancy to have several seed routers on a segment. This is acceptable as lon

Chapter 2 - IP Routing & Bridging 23the address. A few networks use all zeroes in this field. If you are unsure which type your network uses, chec

284 AppendicesFor this reason, the default configuration for Compatible Systems routers which support IPX has both 802.3 Raw and 802.2 set to autoseed

Appendices 285AppleTalk Routing ExampleEach AppleTalk physical network segment is assigned a network number/range by the routers on the segment. The n

286 Appendicesseed router per network cable segment. It may sometimes be desirable for redundancy to have several seed routers on a segment. This is a

Appendices 287When a device on the network attempts to discover services (such as servers or printers) using a Chooser program, an NBP (Name Binding P

288 AppendicesThis simplicity is both the strength of bridging, and also a weakness. Because bridges maintain very little information about network to

Appendices 289In all other respects, spanning tree bridges operate in the same fashion as simple learning bridges.A Simple Bridging ExampleBridging Ex

290 AppendicesThe following diagram shows a four interface router which also supports bridging. Two of the router’s interfaces (Port 0 and Port 1) are

Appendices 291Frame Relay 101Frame Relay is a streamlined subset of the X.25 packet switching protocol which has been used by many corporations for wi

292 AppendicesLocal & Global DLCIsLocal DLCI addressing means that DLCI numbers are only significant at one end of a Frame Relay virtual circuit (

Appendices 293Network/protocol addresses are associated with each PVC using one of two methods: static mapping, or the Inverse Address Resolution Prot

Table of Contents iiiChapter 1 - Installation and Overview 1COMPATIVIEW QUICKSTART . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

24 Chapter 2 - IP Routing & Bridging• If None is selected with this pull-down menu, the router will not be able to update its routing table and w

.

Index 295Symbols\ space (inserting a space in a chat script) 178\\ (inserting a backslash in a chat script) 178\b (sending a break character in a chat

296 IndexBbackup port, setting 157BGP (Border Gateway Protocol)Autonomous System configuration 263enabling 263IP Loopback address, using 267Network Ag

Index 297VPN 34WAN 29Command LineEdit box 17Output window 14CompatiView installation 2CompatiView optionsauto open device 10auto reload config files 1

298 IndexEedit area 5EthernetAppleTalk Phase 1auto-seed 73bridging 72NBP filters 73node number 73non-seed 72off 72routing 72routing/bridging/off 72see

Index 299Exclude Local LAN checkbox 111Exit menu item 9expect statement 177exportingchat scripts 177Ffailover timers, for WAN ports 161failover type,

300 IndexFrame RelayAppleTalk address 165configuration 162DECnet address 166home DLCI 163IP address 165IPX address 166maintenance protocol 163MTU 163p

Index 301IPXblocking type 20 packetsBridge 70Ethernet 59VPN 66WAN 63Bridge configuration 68Bridge Group 67end-node proxy 63Ethernet configuration 57Et

302 IndexMRU (Maximum Receive Unit) for PPP 174MTU (Maxiumum Transmission Unit) 163Multilink PPPBundle, creating 175configuration 174virtual port, cre

Index 303authentication 236configuration 235PAP authentication secret 237secret 238server address 237VPN attribute numbers 236– 237VPN authentication

Chapter 2 - IP Routing & Bridging 25Directed BroadcastThis checkbox sets whether the interface will forward network-prefix-directed broadcasts. Th

304 IndexSMDS (Switched Multi-megabit Data Service)configuration 170– 171SNMP configuration 228– 231SNMP, Advancedcommunity strings 230enabling 229set

Index 305dialing 159INV (invalid command) 179V.54 loopback in T1 CSU/DSU 223View menu item 9ViewsCommand Line Output 14Device Information 14Local Conf

306 IndexVPN Portsadding 97configuring 97– 106deleting 97WWANallow dial in 156, 158allow dial out 156, 157always keep link up 158AppleTalkbridging 77c

Index 307polling frequency 163PVC 165static link maintenance 163Frame Relay link 156inactivity timer 158interface on/off 155IPaddress 27broadcast addr

26 Chapter 2 - IP Routing & BridgingTCP/IP Routing: WAN Configuration Dialog BoxTCP/IP Routing: WAN Configuration Dialog Boxv Note: If you need

Chapter 2 - IP Routing & Bridging 27v Note: The IP Bridging radio button will be grayed out unless bridging has been turned on globally for the d

28 Chapter 2 - IP Routing & Bridgingwhat part of the IP address identifies the network segment (the “network” portion), and what part identifies

Chapter 2 - IP Routing & Bridging 29RIP 2 is more useful in a variety of environments and allows the use of vari-able subnet masks on your network

30 Chapter 2 - IP Routing & Bridging• If Triggered is selected with this pull-down menu, the router will modify the standard RIP behavior for thi

Chapter 2 - IP Routing & Bridging 31OptionsThe options button brings up the WAN IP Options Dialog Box which allows you to set a Remote Node IP Add

32 Chapter 2 - IP Routing & BridgingOnce you have created a VPN port, you may access the TCP/IP Routing: VPN Configuration Dialog Box by clickin

Chapter 2 - IP Routing & Bridging 33• If checked, then you must set an IP Address, Subnet Mask, and Broad-cast Address (as described below) for th

iv Table of ContentsChapter 6 - VPN Ports and LAN-to-LAN Tunnels 97ADD VPN PORT DIALOG BOX . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

34 Chapter 2 - IP Routing & Bridging> Routing ProtocolRouters exchange information about the most effective path for packet transfer between v

Chapter 2 - IP Routing & Bridging 35default router see the discussion of the IP Static Route Dialog Box later in this chapter.v Note: Some router

36 Chapter 2 - IP Routing & Bridging• If No Split Horizon is selected with this pull-down menu, the device will include all routes in an output p

Chapter 2 - IP Routing & Bridging 37TCP/IP Routing: Bridge Configuration Dialog BoxBridge Logical Diagramv Note: If you need more information abo

38 Chapter 2 - IP Routing & BridgingTCP/IP Routing: Bridge 0 Configuration Dialog Boxv Note: If you need more information about the IP protocol,

Chapter 2 - IP Routing & Bridging 39This address should be entered as four decimal numbers separated by periods -- for example 198.238.9.5v Note:

40 Chapter 2 - IP Routing & Bridgingically broadcast routing information packets. These RIP 1 packets contain information concerning the networks

Chapter 2 - IP Routing & Bridging 41smaller routers can be set to use one of these backbone routers as their default router.RIP Split HorizonNorma

42 Chapter 2 - IP Routing & BridgingIP Subinterface Dialog BoxAdd IP Subinterface Dialog BoxIP Subinterface Configuration Dialog BoxSubinterfaces

Chapter 2 - IP Routing & Bridging 43v Note: Subinterfaces are only allowed on WAN ports configured for Frame Relay operation. They are not allowe

Table of Contents vChapter 11 - TCP/IP Filtering 183MAIN TCP/IP FILTERING DIALOG BOX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183T

44 Chapter 2 - IP Routing & BridgingIP AddressThis is the IP address of the IPSec port. It should be entered as four decimal numbers separated by

Chapter 2 - IP Routing & Bridging 45IP Static Routing Dialog Box Static IP Routing Configuration Dialog BoxAdd Static Route Dialog BoxTo open the

46 Chapter 2 - IP Routing & BridgingWhen you are finished adding entries, making changes, and marking dele-tions, click OK to store them in Compa

Chapter 2 - IP Routing & Bridging 47• If Port is selected, use the pull-down menu to select an interface on the device you are configuring. v Note

48 Chapter 2 - IP Routing & Bridging• If BGP is specified, the static route entry will be redistributed into the BGP routing protocol.Ethernet IP

Chapter 2 - IP Routing & Bridging 49• If set to On, then any ARP request received on this interface whose IP network portion matches the network p

50 Chapter 2 - IP Routing & Bridging> Server IP AddressYou may enter server IP addresses in this list. When the Server IP Address edit box is

Chapter 2 - IP Routing & Bridging 51If remote node operation is desired, the WAN interface would usually be set up as an unnumbered interface, and

52 Chapter 2 - IP Routing & BridgingTCP/IP Routing OptionsTCP/IP Routing Options Dialog BoxThis dialog box can be brought up selecting Options/TC

Chapter 2 - IP Routing & Bridging 53routes to a destination but there is a static route, that route will be installed even if the precedence is Os

vi Table of ContentsSECURID CONFIGURATION DIALOG BOX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239NAT CONFIGURATION DIALOG BOX . . . .

54 Chapter 2 - IP Routing & Bridging IP Route Redistribution Dialog BoxTo access this dialog box, select Global/IP Route Redistribution from the

Chapter 2 - IP Routing & Bridging 55• Type 2 is the external cost, regardless of the interior cost to reach that route. • The Metric parameter set

56 Chapter 2 - IP Routing & Bridgingv Note: BGP will provide its own hop count in its route advertisements.

Chapter 3 - IPX Routing & Bridging 57Chapter 3 - IPX Routing & BridgingIPX Routing: Ethernet Configuration Dialog BoxIPX Routing: Ethernet Con

58 Chapter 3 - IPX Routing & Bridging• Ethernet Type II is commonly used by TCP/IP and DECnet. The default seeding value is Non-Seed.• Ethernet 8

Chapter 3 - IPX Routing & Bridging 59if it exists. If it doesn’t discover a number in use, the device will wait indefinitely until a number is set

60 Chapter 3 - IPX Routing & BridgingThis checkbox allows you to control the rebroadcasting of IPX type 20 packets on this interface. This is use

Chapter 3 - IPX Routing & Bridging 61• If set to IPX Routing, then IPX packets received on this interface are routed to the correct interface on t

62 Chapter 3 - IPX Routing & Bridgingconnection is up, network traffic passing across the link causes the inactivity timer for the link to be res

Chapter 3 - IPX Routing & Bridging 63Use Ethernet Port as End-Node ProxyThe router can be set to dynamically reserve an IPX address for this WAN i

Chapter 1 - Installation and Overview 1Chapter 1 - Installation and OverviewCompatiView Quickstart• Follow the instructions in the Installation Guide

64 Chapter 3 - IPX Routing & BridgingIPX Routing: VPN Configuration Dialog BoxIPX Routing: VPN Configuration Dialog BoxVPN (Virtual Private Netw

Chapter 3 - IPX Routing & Bridging 65To access this dialog box, select VPN/IPX Routing in the Device View.> IPX Routing/Bridging/OffThis set of

66 Chapter 3 - IPX Routing & BridgingThe IPX RIP protocol periodically sends out update information across a link. These periodic update packets

Chapter 3 - IPX Routing & Bridging 67v Note: Novell’s router specification recommends that type 20 packets not be propagated across links with ba

68 Chapter 3 - IPX Routing & BridgingLogically, the IPX Bridge Group is treated by the device as an interface (Bridge 0). The settings in the IPX

Chapter 3 - IPX Routing & Bridging 69• Ethernet 802.3 (Raw) is the default frame type for earlier versions of Novell Netware. The default seeding

70 Chapter 3 - IPX Routing & Bridgingnumber if it exists. If it doesn’t discover a number in use, the device will auto-generate a valid number us

Chapter 4 - AppleTalk Routing & Bridging 71Chapter 4 - AppleTalk Routing & BridgingAppleTalk Routing: Ethernet Configuration Dialog BoxAppleTa

72 Chapter 4 - AppleTalk Routing & Bridgingv Note: Although Compatible Systems routers support AppleTalk Phase 1, we recommend that all new Appl

Chapter 4 - AppleTalk Routing & Bridging 73• Auto-Seed means the router will listen for an AppleTalk Phase 1 network number being set by another r

2 Chapter 1 - Installation and OverviewAbout this ManualThis manual documents CompatiView v5.3, which can be used to configure and manage all Compati

74 Chapter 4 - AppleTalk Routing & BridgingAppleTalk Phase 2 ConfigurationAppleTalk Phase 2 is an updated version of the AppleTalk protocol which

Chapter 4 - AppleTalk Routing & Bridging 75• Auto-Seed means the router will listen for an AppleTalk Phase 2 network range being set by another ro

76 Chapter 4 - AppleTalk Routing & Bridgingto router interfaces can make it easier to diagnose network problems using a network packet monitor.NB

Chapter 4 - AppleTalk Routing & Bridging 77> AppleTalk On/Bridging/OffThis set of radio buttons controls how AppleTalk packets are handled for

78 Chapter 4 - AppleTalk Routing & BridgingZoneIf you have set this interface to be a numbered interface, you must provide a zone name which will

Chapter 4 - AppleTalk Routing & Bridging 79interface. Once a client machine has connected to a router interface in this fashion, the router provid

80 Chapter 4 - AppleTalk Routing & BridgingOnce you have created a VPN port, you may access the AppleTalk Routing: VPN Configuration Dialog Box

Chapter 4 - AppleTalk Routing & Bridging 81problems. You should carefully track which AppleTalk network numbers are in use, and where they are use

82 Chapter 4 - AppleTalk Routing & BridgingAppleTalk Routing: Bridge Configuration Dialog BoxBridge Logical Diagramv Note: If you need more info

Chapter 4 - AppleTalk Routing & Bridging 83AppleTalk Phase 2 Bridge Group. This is shown schematically in the diagram above.v Note: AppleTalk Pha

Chapter 1 - Installation and Overview 3default of Ethernet A/0 on all devices). After setting the device’s IP address, be sure to change the workstati

84 Chapter 4 - AppleTalk Routing & Bridgingv Note: In transitional routing installations, the same range of possible AppleTalk network numbers i

Chapter 4 - AppleTalk Routing & Bridging 85Phase 1 Net #For an AppleTalk Phase 1 Bridge Group which you set to Seed Phase 1, you must provide a ne

86 Chapter 4 - AppleTalk Routing & Bridging> Phase 2 Routing/OffThese radio buttons control whether AppleTalk Phase 2 packets received by a me

Chapter 4 - AppleTalk Routing & Bridging 87connected to this interface, for Phase 2. Acceptable values vary from 1 to 65,279. The value on the lef

88 Chapter 4 - AppleTalk Routing & BridgingNBP FilteringNBP Filtering Configuration Dialog Boxv Note: The filtering functions discussed here are

Chapter 4 - AppleTalk Routing & Bridging 89• Setting Lockout causes the router to drop any NBP lookups which are destined for this physical segmen

90 Chapter 4 - AppleTalk Routing & BridgingAppleTalk Options Configuration Dialog BoxAppleTalk Options Configuration Dialog BoxTo access this dia

Chapter 5 - DECnet Routing & Bridging 91Chapter 5 - DECnet Routing & BridgingMain DECnet Routing Configuration Dialog BoxMain DECnet Routing C

92 Chapter 5 - DECnet Routing & Bridging> AreaDECnet areas create a logical group of DECnet nodes. A DECnet area may include one or more physi

Chapter 5 - DECnet Routing & Bridging 93v Note: The Routing Timer values for individual WAN interfaces are set in separate windows. For more info