Transcription
OnSite 3210 SeriesG.SHDSL VPN RouterUser ManualSales Office: 1 (301) 975-1000Technical Support: 1 (301) 975-1007E-mail: support@patton.comWWW: www.patton.comPart Number: 07M3210-GS, Rev. BRevised: February 23, 2012
Patton Electronics Company, Inc.7622 Rickenbacker DriveGaithersburg, MD 20879 USATel: 1 (301) 975-1000Fax: 1 (301) 869-9293Support: 1 (301) 975-1007URL: www.patton.comE-Mail: support@patton.comTrademark StatementThe term OnSite is a trademark of Patton Electronics Company. All other trademarkspresented in this document are the property of their respective owners.Copyright 2012, Patton Electronics Company. All rights reserved.The information in this document is subject to change without notice. Patton Electronics assumes no liability for errors that may appear in this document.Warranty InformationThe software described in this document is furnished under a license and may be usedor copied only in accordance with the terms of such license.Patton Electronics warrants all OnSite router components to be free from defects,and will—at our option—repair or replace the product should it fail within one yearfrom the first date of the shipment.This warranty is limited to defects in workmanship or materials, and does not covercustomer damage, abuse or unauthorized modification. If the product fails to performas warranted, your sole recourse shall be repair or replacement as described above.Under no condition shall Patton Electronics be liable for any damages incurred bythe use of this product. These damages include, but are not limited to, the following:lost profits, lost savings and incidental or consequential damages arising from the useof or inability to use this product. Patton Electronics specifically disclaims all otherwarranties, expressed or implied, and the installation or use of this product shall bedeemed an acceptance of these terms by the user.
Summary Table of Contents1 General information . 162 Hardware installation. 233 Getting started with the OnSite. 314 G.SHDSL Basic Configuration . 375 VPN configuration . 426 Access control list configuration. 547 Link scheduler configuration . 688 LEDs status and monitoring . 879 Contacting Patton for assistance . 89A Compliance information . 92B Specifications . 95C Cabling . 100D Port pin-outs . 104E OnSite 3210 Series factory configuration . 107F Installation checklist . 1093
Table of ContentsSummary Table of Contents . 3Table of Contents . 4List of Figures . 9List of Tables . 10About this guide . 11Audience. 11Structure. 11Precautions . 12Safety when working with electricity .13General observations .14Typographical conventions used in this document. 15General conventions .151 General information . 16OnSite Model 3210 Series overview .17OnSite 3210 Series detailed description .18Model code extensions .18Ports descriptions .19Applications overview .20Branch-Office virtual private network over Frame Relay service .20Corporate multi-function virtual private network .212 Hardware installation. 23Planning the installation.24Installation checklist .25Site log .26Network information .26Network Diagram .26IP related information .26Software tools .26Power source .26Location and mounting requirements .27Installing the VPN router .27Mounting the VPN router .27Connecting cables .27Installing the Ethernet cable .27Installing the DSL cable .28Connecting to external power source .293 Getting started with the OnSite. 31Introduction .321. Configure IP address .334
OnSite Model 3210 User ManualTable of ContentsPower connection and default configuration .33Connect with the serial interface .33Login .34Changing the IP address .342. Connect the OnSite VPN Router to the network .353. Load configuration .354 G.SHDSL Basic Configuration . 37Introduction .38Line Setup .38Configuring PPPoE .38Configuration Summary.39Setting up permanent virtual circuits (PVC).40Using PVC channels in bridged Ethernet mode .40Using PVC channels with PPPoE .40Diagnostics .41Troubleshooting DSL Connections.415 VPN configuration . 42Introduction .43Authentication .43Encryption .43Transport and tunnel modes .44VPN configuration task list .44Creating an IPsec transformation profile .44Creating an IPsec policy profile .45Creating/modifying an outgoing ACL profile for IPsec .47Configuration of an IP interface and the IP router for IPsec .48Displaying IPsec configuration information .48Debugging IPsec .49Sample configurations .50IPsec tunnel, DES encryption .50OnSite configuration .50Cisco router configuration .51IPsec tunnel, AES encryption at 256 bit key length, AH authentication with HMAC-SHA1-96 .51OnSite configuration .51Cisco router configuration .52IPsec tunnel, 3DES encryption at 192 bit key length, ESP authentication with HMAC-MD5-96 .52OnSite configuration .52Cisco router configuration .526 Access control list configuration. 54Introduction .55About access control lists .55What access lists do .55Why you should configure access lists .555
OnSite Model 3210 User ManualTable of ContentsWhen to configure access lists .56Features of access control lists .56Access control list configuration task list.57Mapping out the goals of the access control list .57Creating an access control list profile and enter configuration mode .58Adding a filter rule to the current access control list profile .58Adding an ICMP filter rule to the current access control list profile .60Adding a TCP, UDP or SCTP filter rule to the current access control list profile .62Binding and unbinding an access control list profile to an IP interface .64Displaying an access control list profile .65Debugging an access control list profile .65Examples .67Denying a specific subnet .677 Link scheduler configuration . 68Introduction .69Configuring access control lists.69Configuring quality of service (QoS) .70Applying scheduling at the bottleneck .70Using traffic classes .70Introduction to Scheduling .71Priority .71Weighted fair queuing (WFQ) .71Shaping .72Burst tolerant shaping or wfq .72Hierarchy .72Quick references .73Setting the modem rate .73Command cross reference .74Link scheduler configuration task list.74Defining the access control list profile .75Packet classification .75Creating an access control list .76Creating a service policy profile .77Specifying the handling of traffic-classes .79Defining fair queuing weight .79Defining the bit-rate .80Defining absolute priority .80Defining the maximum queue length .80Specifying the type-of-service (TOS) field .80Specifying the precedence field .81Specifying differentiated services codepoint (DSCP) marking .81Specifying layer 2 marking .82Defining random early detection .836
OnSite Model 3210 User ManualTable of ContentsDiscarding Excess Load .83Devoting the service policy profile to an interface .84Displaying link arbitration status .85Displaying link scheduling profile information .85Enable statistics gathering .858 LEDs status and monitoring . 87Status LEDs.889 Contacting Patton for assistance . 89Introduction .90Contact information.90Patton Support Headquarters in the USA .90Alternate Patton support for Europe, Middle Ease, and Africa (EMEA) .90Warranty Service and Returned Merchandise Authorizations (RMAs).90Warranty coverage .90Out-of-warranty service .91Returns for credit .91Return for credit policy .91RMA numbers .91Shipping instructions .91A Compliance information . 92Compliance .93EMC .93Safety .93PSTN Regulatory .93Radio and TV Interference (FCC Part 15) .93CE Declaration of Conformity .93Authorized European Representative .94FCC Part 68 (ACTA) Statement .94Industry Canada Notice .94B Specifications . 95Ethernet interfaces.96PPP support .96IP services.96Management .96Operating environment .96Operating temperature .96Operating humidity .96System.97Dimensions .97G.SHDSL Daughter Card.98Power supply .
Appendix E on page 107 lists the factory configuration settings for the OnSite VPN router Appendix F on page 109 provides license information that describes acceptable usage of the software pro-vided with the OnSite VPN router For best results, read the contents of t
