Rad Kmbe Manual PDF

INSTALLATION AND OPERATION MANUAL
KMBE
Ethernet Bridge/Router Module
Kilomux-2100/2104
The Access Company
KMBE
Ethernet Bridge/Router Module
Kilomux-2100/2104
Installation and Operation Manual Notice

This manual contains information that is proprietary to RAD Data Communications Ltd. ("RAD"). No part of this publication may be reproduced in any form whatsoever without prior written approval by RAD Data Communications. Right, title and interest, all information, copyrights, patents, know-how, trade secrets and other intellectual property or other proprietary rights relating to this manual and to the KMBE and any software components contained therein are proprietary products of RAD protected under international copyright law and shall be and remain solely with RAD. KMBE is a registered trademark of RAD. No right, license, or interest to such trademark is granted hereunder, and you agree that no such right, license, or interest shall be asserted by you with respect to such trademark. The RAD name, logo, logotype, and the terms EtherAccess, TDMoIP and TDMoIP Driven, and the product names Optimux and IPmux, are registered trademarks of RAD Data Communications Ltd. All other trademarks are the property of their respective holders. You shall not copy, reverse compile or reverse assemble all or any portion of the Manual or the KMBE. You are prohibited from, and shall not, directly or indirectly, develop, market, distribute, license, or sell any product that supports substantially similar functionality as the KMBE, based on or derived in any way from the KMBE. Your undertaking in this paragraph shall survive the termination of this Agreement. This Agreement is effective upon your opening of the KMBE package and shall continue until terminated. RAD may terminate this Agreement upon the breach by you of any term hereof. Upon such termination by RAD, you agree to return to RAD the KMBE and all copies and portions thereof. For further information contact RAD at the address below or contact your local distributor.
International Headquarters RAD Data Communications Ltd. 24 Raoul Wallenberg Street Tel Aviv 69719, Israel Tel: 972-3-6458181 Fax: 972-3-6498250, 6474436 E-mail: market@rad.com
North America Headquarters RAD Data Communications Inc. 900 Corporate Drive Mahwah, NJ 07430, USA Tel: (201) 5291100, Toll free: 1-800-4447234 Fax: (201) 5295777 E-mail: market@rad.com
19882008 RAD Data Communications Ltd.
Publication No. 425-217-12/08
Glossary
10BaseT Address Agent Analog ARP (Address Resolution Protocol)
10BaseT is a LAN protocol which allows stations to be attached via twisted pair cable. A coded representation of the origin or destination of data. In SNMP, this refers to the managed system. A continuous wave or signal (such as human voice). ARP is a method for finding a host's Ethernet address from its Internet address. The sender broadcasts an ARP packet containing the Internet address of another host and waits for the second host to send back its Ethernet address. ARP is defined in RFC 826. Asynchronous transmission is the sending of data units characterby-character. The characters are preceded by start bits and followed by stop bits. The American Wire Gauge System, which specifies wire width. A transmission line in which voltages on the two conductors are equal in magnitude, but opposite in polarity, with respect to ground. The range of frequencies passing through a given circuit. The greater the bandwidth, the more information can be sent through the circuit in a given amount of time. Unit of signaling speed equivalent to the number of discrete conditions or events per second. If each signal event represents only one bit condition, baud rate equals bps (bits per second). The smallest unit of information in a binary system. Represents either a one or zero (1 or 0). A measure of data transmission rate in serial transmission. A device interconnecting local area networks at the OSI data link layer, filtering and forwarding frames according to media access control (MAC) addresses. Bridging is the forwarding of traffic between network segments based on data link layer information. These segments have a common network layer address. Broadcast is a transmission to multiple, unspecified recipients. On an Ethernet network, a broadcast packet is a special type of multicast packet which all nodes on the network are always willing to receive.
Asynchronous Transmission AWG Balanced
Bandwidth
Baud
Bit bps (Bits Per Second) Bridge
Bridging
Broadcast
Buffer
A storage device. Commonly used to compensate for differences in data rates or event timing when transmitting from one device to another. Also used to remove jitter. A transmission path or channel. A bus is typically an electrical connection with one or more conductors, where all attached devices receive all transmissions at the same time. A group of bits (normally 8 bits in length). A continuous signal at a fixed frequency that is capable of being modulated with a second (information carrying) signal. A path for electrical transmission between two or more points. Also called a link, line, circuit or facility. The Challenge Handshake Authentication Protocol CHAP is an authentication protocol used by Point to Point Protocol (PPP) servers to validate the identity of remote clients. CHAP periodically verifies the identity of the client by using a three-way handshake based on a shared secret (client users password). A term for the source(s) of timing signals used in synchronous transmission. Any of several techniques that reduce the number of bits required to represent information in data transmission or storage, thereby conserving bandwidth and/or memory. A state in which the network is overloaded and starts to discard user data (frames, cells or packets). A resource and traffic management mechanism to avoid and/or prevent excessive situations (buffer overflow, insufficient bandwidth) that can cause the network to collapse. In ATM networks, congestion control schemes may be based on fields within the ATM cell header (CLP, EFCI within the PTI) or may be based on a more sophisticated mechanism between the ATM endsystem and ATM switches. The ATM Forum has developed a mechanism based on rate control for ABR-type traffic. In Frame Relay networks, congestion is handled by the FECN, BECN and DE bits. Information represented in digital form, including voice, text, facsimile and video. Layer 2 of the OSI model. The entity, which establishes, maintains, and releases data-link connections between elements in a network. Layer 2 is concerned with the transmission of units of information, or frames, and associated error checking. Default Gateway is a routing table entry which is used to direct packets addressed to hosts or networks not explicitly listed in the routing table. The detection and isolation of a malfunction or mistake in a communications device, network or system.
Bus
Byte Carrier Channel CHAP
Clock Compression
Congestion Congestion Control
Data Data Link Layer
Default Gateway
Diagnostics
Digital DLCI (Data Link Control Identifier) DNS (Domain Name System)
The binary (1 or 0) output of a computer or terminal. In data communications, an alternating, non-continuous (pulsating) signal. DLCI is a channel number which is attached to data frames to tell the network how to route the data in Frame Relay Networks. DNS is a general-purpose distributed, replicated, data query service chiefly used on Internet for translating hostnames into Internet IP addresses. DNS is defined in STD 13, RFCs 1034 and 1035. A dynamic station is a host which is added automatically to an ARP or LAN table. The European standard for high speed digital transmission, operating at 34 Mbps. Encapsulating data is a technique used by layered protocols in which a low level protocol accepts a message from a higher level protocol, then places it in the data portion of the lower-level frame. The logistics of encapsulation require that packets traveling over a physical network contain a sequence of headers. A local area network (LAN) technology which has extended into the wide area networks. Ethernet operates at many speeds, including data rates of 10 Mbps (Ethernet), 100 Mbps (Fast Ethernet), 1,000 Mbps (Gigabit Ethernet), 10 Gbps, 40 Gbps, and 100 Gbps. A firewall system controls access to or from a protected network (i.e., a site). It implements a network access policy by forcing connections to pass through the firewall, where they can be examined and evaluated. A logical grouping of information sent as a link-layer unit over a transmission medium. The terms packet, datagram, segment, and message are also used to describe logical information groupings. An efficient packet switching technology providing high speed frame or packet transmission with minimum delay and efficient bandwidth utilization over virtual circuits. The link layer handles much of the network layer functionality. It has less protocol overhead than X.25. A voice interface, emulating a PBX extension, as it appears to the CO (Central Office) for connecting a PBX extension to a multiplexer. A voice interface, emulating the extension interface of a PBX (or subscriber interface of a CO) for connecting a regular telephone set to a multiplexer.
Dynamic Station E3 Encapsulation
Ethernet
Firewall
Frame
Frame Relay
FXO (Foreign Exchange Office) FXS (Foreign Exchange Subscriber)
Gateway
Gateways are points of entrance and exit from a communications network. Viewed as a physical entity, a gateway is that node that translates between two otherwise incompatible networks or network segments. Gateways perform code and protocol conversion to facilitate traffic between data highways of differing architecture. A shared boundary, defined by common physical interconnection characteristics, signal characteristics, and meanings of exchanged signals. Also known as an Internet address. A unique string of numbers that identifies a computer or device on a TCP/IP network. The format of an IP address is a 32-bit numeric address written as four numbers from 0 to 255, separated by periods (for example, 1.0.255.123). he IP mask is a unique 4 byte (32 bit) value that allow the recipient of IP packets to distinguish between different host IDs. IP/IPX Routing is the process, performed by a router, of selecting the correct interface and next hop for a packet being forwarded. Routing is done in order to send a packet to a specific destination. IPX is a network layer protocol used in Novell NetWare file server operating system. ISDN is a set of communications standards allowing a single wire or optical fiber to carry voice, digital network services and video. ISDN is intended to eventually replace the telephone system. The deviation of a transmission signal in time or phase. It can introduce errors and loss of synchronization in high speed synchronous communications. A device that transmits an extremely narrow and coherent beam of electromagnetic energy in the visible light spectrum. Used as a light source for fiber optic transmission (generally more expensive, shorter lived, single mode only, for greater distances than LED). The time between initiating a request for data and the beginning of the actual data transfer. Network latency is the delay introduced when a packet is momentarily stored, analyzed and then forwarded. A leased line is a private telephone circuit permanently connecting two points, normally provided on a lease by a local PTT. The addition of inductance to a line in order to minimize amplitude distortion. Used commonly on public telephone lines to improve voice quality, it can make the lines impassable to high speed data, and baseband modems. A type of diagnostic test in which the transmitted signal is returned to the sending device after passing through all or part of a communications link or network.
Interface
IP Address
IP Mask IP/IPX Routing
IPX (Internetwork Packet Exchange) ISDN (Integrated Services Digital Network) Jitter
Laser
Latency
Leased Lines Loading
Loopback
MAC (Media Access Control) MAC Address Manager
MAC is the lower sublayer of the data link layer. MAC is the interface between a node's Logical Link Control and the network's physical layer. The MAC differs for various physical media. The MAC Address is the hardware address of a device connected to a shared network medium. An application that receives Simple Network Management Protocol (SNMP) information from an agent. An agent and manager share a database of information, called the Management Information Base (MIB). An agent can use a message called a traps-PDU to send unsolicited information to the manager. A manager that uses the RADview MIB can query the RAD device, set parameters, sound alarms when certain conditions appear, and perform other administrative tasks. A mask is a filtering aid that is used to define classes of addresses. By defining classes, any packet can be judged as to whether it should pass the filter or not. The Maximum Transmission Unit is the largest frame length which may be sent on a physical medium. MultiCast is an Ethernet addressing scheme used to send packets to devices of a certain type or for broadcasting to all nodes. At one end of a communications link, a device that combines several lower speed transmission channels into a single high speed channel. A multiplexer at the other end reverses the process. Sometimes called a mux. See Bit Interleaving/Multiplexing. (1) An interconnected group of nodes. (2) A series of points, nodes, or stations connected by communications channels; the collection of equipment through which connections are made between data stations. A layer in the OSI reference model. The network layer provides address resolution and routing protocols. Address resolution enables the network layer to determine a unique network address for a node. Routing protocols allow data to flow between networks and reach their proper destination. Examples of network layer protocols are Address Resolution Protocol (ARP), Datagram Delivery Protocol (DDP), Internet Control Message Protocol (ICMP), Interior Gateway Protocol (IGP), Internet Protocol (IP), Internetwork Packet Exchange (IPX) and Packet Layer Protocol (PLP). NetBEUI is the network transport protocol used by all of Microsoft network systems and IBM LAN Server based systems.
Mask
MTU (Maximum Transmit Unit) MultiCast Multiplexer
Network
Network Layer
NetBEUI (NetBIOS Extended User Interface) NCP (NetWare Core Protocol)
NCP is a Novell trademark for the protocol used to access Novell NetWare file and print service functions. NCP uses an underlying IPX or IP transport protocol.
Parity
Parity is an extra bit added to a byte or word to reveal errors in storage (in RAM or disk) or transmission. Even/odd parity means that the parity bit is set so that there are an even/odd number of one bits in the word, including the parity bit. Odd parity means that the parity bit is set so that there are an odd number of one bits in the word, including the parity bit. A point of interconnection to a network. An ordered group of data and control signals transmitted through a network, as a subset of a larger message. A data transmission technique, which divides user information into discrete data envelopes called packets, and sends the information packet by packet. The Password Authentication Protocol is a simple authentication protocol used by a point to point protocol (PPP) to authenticate users to a network server. This protocol transmits unencrypted ASCII messages over the network and is considered unsecure. It is used if the server does not support a stronger protocol such as CHAP. Parameters are often called arguments, and the two words are used interchangeably. However, some computer languages such as C define argument to mean actual parameter (i.e., the value), and parameter to mean formal parameter. In RAD CLI, parameter means formal parameter, not value. See Multidrop. The physical interface to a computer or multiplexer, for connection of terminals and modems. PPP is the protocol defined in RFC 1661, the Internet standard for transmitting network layer datagrams (e.g. IP packets) over serial point-to-point links. PPP is designed to operate both over asynchronous connections and bit-oriented synchronous systems, it can configure connections to a remote network dynamically, and test that the link is usable. PPP can be configured to encapsulate different network layer protocols (such as IP, IPX, or AppleTalk) by using the appropriate network.
Node Packet Packet Switching
PAP
parameters
Polling Port PPP (Point to Point Protocol)
prompt Protocol
One or more characters in a command line interface to indicate that the computer is ready to accept typed input. A formal set of conventions governing the formatting and relative timing of message exchange between two communicating systems. PSTN is the collection of interconnected systems operated by the various telephone companies and administrations (PTTs) around the world.
PSTN (Public Switched Telephone Network)
RFC (Request for Comment) RIP (Routing Information Protocol) RIP-2
RFC is a numbered Internet informational documents and standards widely followed by commercial software and freeware in the Internet and UNIX communities. RIP is the companion protocol to IPX for exchange of routing information in a Novell network. It is not related to the Internet protocol of the same name. Routing information protocol used to discover agents and the routes that IP packets must traverse. This is done automatically using periodic broadcasts. RIP-2 also supports IP subnets. An interconnection device that connects individual LANs. Unlike bridges, which logically connect at OSI Layer 2, routers provide logical paths at OSI Layer 3. Like bridges, remote sites can be connected using routers over dedicated or switched lines to create WANs. The process of selecting the most efficient circuit path for a message. SAP is the OSI term for the component of a network address which identifies the individual application on a host which is sending or receiving a packet. A common mode of transmission, where the character bits are sent sequentially one at a time instead of in parallel. Describing an optical wave-guide or fiber that is designed to propagate light of only a single wavelength (typically 5-10 microns in diameter). SLIP is software allowing the IP, normally used on Ethernet, to be used over a serial line, e.g. an RS-232 serial port connected to a modem. It is defined in RFC 1055. SNMP is the Internet standard protocol, defined in STD 15, RFC 1157, developed to manage nodes on an IP network. SOCKS is a security package that allows a host behind a firewall to use finger, FTP, Telnet, Gopher, and Mosaic to access resources outside the firewall while maintaining the security requirements. In telecommunications, the absence of a signal. Equivalent to a binary 0.
Router
Routing SAP
Serial Transmission Single Mode
SLIP (Serial Line Internet Protocol) SNMP (Simple Network Management Protocol) SOCKS
Space
Spoofing
Spoofing is a technique used to reduce network overhead, especially in wide area networks (WAN). Some network protocols send frequent packets for management purposes. These can be routing updates or keep-alive messages. In a WAN this can introduce significant overhead, due to the typically smaller bandwidth of WAN connections. Spoofing reduces the required bandwidth by having devices, such as bridges or routers, answer for the remote devices. This fools (spoofs) the LAN device into thinking the remote LAN is still connected, even though it's not. The spoofing saves the WAN bandwidth, because no packet is ever sent out on the WAN.
SPX (Sequenced Packet Exchange) Static Station Stop Bit
SPX is a transport layer protocol built on top of IPX. SPX is used in Novell NetWare systems for communications in client/server application programs, e.g. BTRIEVE (ISAM manager). A static station is a host which is added manually to an ARP or LAN table. Stop Bits mark the end of a unit of transmission (normally a byte or character). In serial communications, where each bit of the message is transmitted in sequence, stop bits are extra "1" bits which follow the data and any parity bit. Transmission in which data bits are sent at a fixed rate, with the transmitter and receiver synchronized. A digital transmission link with a capacity of 1.544 Mbps used in North America. Typically channelized into 24 DS0s, each capable of carrying a single voice conversation or data stream. Uses two pairs of twisted pair wires.
TCP is the most common transport layer protocol used on Ethernet and the Internet.
Synchronous Transmission T1
TCP (Transmission Control Protocol)
TCP is built on top of Internet Protocol (IP) and is nearly always seen in the combination TCP/IP (TCP over IP). It adds reliable communication, flow-control, multiplexing and connectionoriented communication. It provides full-duplex, process-toprocess connections. TCP is defined in STD 7, RFC 793.
TCP/IP stack (Transmission Control Protocol over Internet Protocol) Telnet
TCP/IP stack is the standard Ethernet protocols incorporated into 4.2BSD UNIX. While TCP and IP specify two protocols at specific layers, TCP/IP is often used to refer to the entire DoD protocol suite based upon these, including Telnet, FTP, UDP and RDP. The virtual terminal protocol in the Internet suite of protocols. It lets users on one host access another host and work as terminal users of that remote host. Instead of dialing into the computer, the user connects to it over the Internet using Telnet. When issuing a Telnet session, it connects to the Telnet host and logs in. The connection enables the user to work with the remote machine as though a terminal was connected to it.
TFTP (Trivial File Transfer Protocol) Throughput
A simplified version of the File Transfer Protocol that transfers files but does not provide password protection or user-directory capability. The amount of information transferred through the network between two users in a given period, usually measured in the number of packets per second (pps). Set of actions and operations performed by the network to guarantee the operability of the network, exercised in the form of traffic control and flow control. UDP is an Internet standard network layer, transport layer and session layer protocols which provide simple but unreliable datagram services. It adds a checksum and additional process-to-process addressing information. UDP is a connectionless protocol which, like TCP, is layered on top of IP. UDP is defined in STD 6, RFC 768. A WAN is a network, usually constructed with serial lines, extending over distances greater than one kilometer.
Traffic Management
UDP (User Datagram Protocol)
WAN (Wide Area Network)
Contents
Chapter 1. Introduction 1.1 1.2 Overview.................................................................................................................... 1-1 Versions ................................................................................................................. 1-1 Features .................................................................................................................... 1-1 Bridging .................................................................................................................. 1-2 IP Routing ............................................................................................................... 1-2 IPX Routing ............................................................................................................. 1-2 Address Translation (Single IP) and Firewall ............................................................. 1-2 Solid Firewall .......................................................................................................... 1-3 Applications ............................................................................................................... 1-3 Basic Bridging ......................................................................................................... 1-3 Routing Between Central and Remote Offices ......................................................... 1-3 Dual Link Applications ............................................................................................. 1-4 Physical Description ................................................................................................... 1-5 LEDs ....................................................................................................................... 1-5 Connectors ............................................................................................................. 1-5 Jumpers .................................................................................................................. 1-5 Functional Description................................................................................................ 1-6 Management .......................................................................................................... 1-6 Configuration Parameters ....................................................................................... 1-6 Technical Specifications.............................................................................................. 1-6
1.3
1.4
1.5
1.6
Chapter 2. Installation and Setup 2.1 Installation ................................................................................................................. 2-1 Rear Panel .............................................................................................................. 2-1 Internal Settings ..................................................................................................... 2-2 Module Installation ................................................................................................. 2-3 Cable Connections .................................................................................................. 2-4 Control Connector .............................................................................................. 2-4 Operating Indications ................................................................................................. 2-4 Normal Indications .................................................................................................. 2-4 Initial Setup ............................................................................................................... 2-5 Connecting to the Terminal ..................................................................................... 2-5 Setting a Password ................................................................................................. 2-5 Changing and Deleting the Password ...................................................................... 2-6
2.2 2.3
Chapter 3. Operation 3.1 3.2 KMBE General Configuration ....................................................................................... 3-1 KMBE Bridge or Router Configuration ......................................................................... 3-2 Configuring KMBE as a Bridge .................................................................................. 3-2 Configuring KMBE as a Router ................................................................................. 3-3 Menus and Screens .................................................................................................... 3-3 The Main Menu ....................................................................................................... 3-3 Quick Setup ............................................................................................................ 3-3 Security Setup ........................................................................................................ 3-3 Advanced Menu ...................................................................................................... 3-3 View ....................................................................................................................... 3-3 Diagnostic Tools ..................................................................................................... 3-3 Exit ......................................................................................................................... 3-3
i
3.3
KMBE
Table of Contents
Installation and Operation Manual
Chapter 4. Configuration 4.1 Quick Setup Menu ...................................................................................................... 4-1 Principles of Operation ........................................................................................... 4-1 Quick Setup Example ............................................................................................... 4-1 Link Mode .......................................................................................................... 4-1 Routing .............................................................................................................. 4-2 WAN IP Address ................................................................................................. 4-2 Host IP Setup ..................................................................................................... 4-2 Security Setup .................................................................................................... 4-3 Security Setup............................................................................................................ 4-3 Enabling Telnet Access ............................................................................................ 4-4 Enabling SNMP Access ............................................................................................. 4-5 Enabling/Disabling the Solid Firewall ........................................................................ 4-5 Advanced Setup ......................................................................................................... 4-6 Setup Menu ............................................................................................................ 4-7 Host Parameters ................................................................................................ 4-7 Routing/Bridging Menu ..................................................................................... 4-11 Interface Parameters ........................................................................................ 4-20 Access Control (Security) .................................................................................. 4-26 WAN Economy Menu ........................................................................................ 4-28 Factory Default Options ................................................................................... 4-36 Device Control Menu ............................................................................................. 4-36 Software Download.......................................................................................... 4-37 Device Configuration Parameters Upload/Download .......................................... 4-39 Reset Options .................................................................................................. 4-40 Control Other Device ........................................................................................ 4-40 Terminal Type .................................................................................................. 4-40
4.2
4.3
Chapter 5. Troubleshooting and Diagnostics 5.1 5.2 Error Messages .......................................................................................................... 5-1 Technical Support ...................................................................................................... 5-2
Appendix A. Boot Manager
ii
KMBE
Chapter 1 Introduction
1.1 Overview
KMBE is based on the MBE family of standalone bridges and IP/IPX routers for the small office. KMBE is a Kilomux-2100/2104 I/O module that can be used for various bridging and routing functions, connecting one or two Ethernet LANs via the Kilomuxs main links. Quick setup and advanced configuration menus provide on-screen instructions that guide you through the configuration procedures.
Versions
You can order KMBE with the following LAN interfaces: AUI Thin coax UTP (10BaseT).
1.2
Features
The KMBE module has the following principle features:

Routing
Bridging IP, IPX, and IP+IPX Routing Single IP Address Translation Supports static nets and multi-nets Supports IP fragmentation
Configuration and Control

KMBE
Supports Telnet allowing configuration and control of the device over WAN and LAN An SNMP agent provides management by RADview or any other standard SNMP management station Fast configuration from a terminal emulator and via Telnet or SNMP management Dual image Flash enables downloading two software versions
Features 1-1
Kilomux-2100/2104
Software downloading is available by TFTP
Security
Solid firewall protection PAP/CHAP authentication Undesired access to KMBE via Telnet or SNMP can also be blocked or password protected
Other
Supports PPP Protocol Supports 10Base2, 10Base5, or 10BaseT LAN interface Supports dual link applications Hot-swappable plug-in module.
Bridging
KMBE supports standard proprietary functionality. Because bridging is the KMBE default, you can use KMBE as a bridge with little or no configuration.
IP Routing
KMBE is an IP router that supports: Static IP net configuration Dynamic IP net learning using the RIP and RIP-2 protocols CIDR topologies Multiple IP nets on the LAN or WAN interfaces Numbered and unnumbered I/F IP fragmentation.
IPX Routing
In addition to IP routing, KMBE also supports IPX routing and includes support for RIP and SAP.
Address Translation (Single IP) and Firewall

KMBE includes a feature called Single IP. Single IP, designed by RAD, translates IP addresses. Single IP can be enabled or disabled. When enabled, KMBE allows users in a Small Office to connect to the Intranet quickly and transparently. Connection is via a synchronous link. Single IP also protects all Small Office users from hackers on the Intranet. Normally, a LAN requires a complete statically assigned, unique and legal subnet in order to connect to the Intranet. Single IP allows an entire Small Office to
1-2
Features
KMBE
Kilomux-2100/2104
connect to the Corporate Intranet using only one dynamically or statically assigned IP address.
Solid Firewall
The Solid Firewall feature prevents access from the Intranet into the Small Office LAN. This feature makes the Small Office LAN invisible to outside users. The Solid Firewall feature is a simple and foolproof way of protecting security sensitive Small Offices (e.g. doctors and lawyers) from Intranet hackers.
1.3
Applications
This section gives four examples of the applications KMBE can be used in.
Basic Bridging
Two KMBEs can be used opposite each other in a bridging application. The KMBE connected to the larger network or to a network with connections to other networks, is the Main KMBE. The KMBE connected to the smaller network is the Remote KMBE, see Figure 1-1.
Figure 1-1. Bridging Application
Routing Between Central and Remote Offices

You can use the KMBE as a router to connect a central office to a remote office. This application allows you to: Use data compression Setup firewall protection Supply Internet access to all of the remote offices through only one Internet connection.
KMBE
Kilomux-2100/2104
Applications
1-3
Figure 1-2. Routing Application with IP+IPX Data Compression
Figure 1-3. Routing Application with a Firewall
Dual Link Applications

In a dual link application, KMBE can work with both Kilomux main links simultaneously, connecting two remote LANs to a central LAN and therefore provides a cost-effective and simple solution for corporate applications. KMBE can also operate opposite another KMBE module, see Figure 1-4.
1-4
Applications
KMBE
Kilomux-2100/2104
Figure 1-4. Dual Link Application for KMBE
1.4
Physical Description
KMBE modules are designed for installation in any I/O slot of a Kilomux-2100 or Kilomux-2104 chassis. Installation procedures for KMBE are provided in Chapter 2 of the Installation and Operation Manual.
LEDs
The LED indicators on the rear panel show the operating status of KMBE. Various indicators display LAN activity, configuration mode, alert conditions, and readiness of the system. For a description of the rear panel, see Rear Panel section in Chapter 2.
Connectors
The LAN connector, located on the rear panel, is available in different interfaces according to your needs.
Jumpers
You need to set the internal jumpers of KMBE according to the specific conditions of use. For more information on setting the jumpers, see Internal Settings section in Chapter 2.
KMBE
Kilomux-2100/2104
Physical Description
1-5
1.5
Functional Description
You can configure KMBE to function as a bridge or router.
Management
An SNMP agent provides management by RADview or any other standard SNMP management station. For more information, see SNMP Manager Table in Chapter 6.
Configuration Parameters
KMBE supports Telnet, allowing configuration and control of the device over WAN and LAN. You can also perform fast configuration from a terminal emulator. For more information, see Initial Setup in Chapter 3.
1.6
LAN Interface
Technical Specifications
Conforms to Ethernet/IEEE 802.3 10Base2 with coax connector 10BaseT with RJ-45 connector AUI with 15-pin, D-type female
Standard Type
Control Port
Interface Connector Data Rates Data Format
RS-232/V.24 RJ-45 1.2 to 9.6 kbps 8 bit, no parity 9.6 to 1280 kbps
General
Bandwidth Allocated on Kilomux Main Link Data Buffer Size Protocol Panel Control Diagnostics
256 kb HDLC based Reset Local module loopback Remote module loopback Internal BER test Auto self-test
1-6
KMBE
Kilomux-2100/2104
Indicators
LAN ERR (red) Lights momentarily when an error is detected on the LAN interface LINK ERR (red) (Per Link A&B) Flashes when the relevant main link between the local and remote KMBE/N is disconnected Lights momentarily when an error is detected on a packet received from the relevant link LAN TX (yellow) Lights momentarily when packets are transmitted toward the LAN LAN RX (yellow) Lights momentarily when packets are received from the LAN READY (green) Lights when KMBE/N is ready to forward packets Flashes when KMBEs are synchronized but no workstation has requested MAIN (green) Lights when KMBE/N is configured for connection to the main LAN REM (green) Lights when the KMBE/N is configured for connection to the remote LAN UTP (green) Lights when 10BaseT interface is connected to the LAN (on modules with UTP interface only)
Power Consumption
1.1W
KMBE
Kilomux-2100/2104
1-7
1-8
KMBE
Kilomux-2100/2104
Chapter 2 Installation and Setup

This chapter provides information on the functions of the rear panel indicators and connectors of the KMBE module, and instructions for performing the internal settings, physical installation, and cable connections to this module.
Caution
The KMBE module contains components sensitive to electrostatic discharge (ESD). To prevent ESD damage, always hold the module by its sides, and do not touch the module components or connectors.
2.1
Rear Panel
Installation
The rear panels of the three models of KMBE modules are shown in Figure 2-1. The module rear panel includes several indicators, a RESET push-button and the LAN connector. Their functions are explained in Table 2-1.
KMBE MAIN REM MAIN KMBE REM MAIN KMBE REM
5
ERR LINK A LINK B
6 7
5 4
6
ERR LINK A LINK B LAN
5
ERR LINK A LINK B
6 7
RX
4
LAN
7
RX LAN ERR
4
LAN
3 2
TX
RX
8
RDY LAN ERR
3 2
TX
8 9 10
3 2
TX
8
RDY LAN ERR
9 10
RDY
9 10
C T R L
C T R L
C T R L
RESET
RESET
THIN COAX
RESET
UTP
12 11 11
A U I
11
Figure 2-1. KMBE Rear Panel Versions
KMBE
Kilomux-2100/2104
Installation
2-1
Table 2-1. KMBE Module, Functions of Rear Panel Components

Item 1 2 3 4 Indicator RESET push-button READY Indicator (green) LAN TX Indicator (yellow) ERR LINK A Indicator (red) Function Resets the KMBE module, and starts the initialization process Lights steadily when the KMBE module is ready to forward packets Lights to indicate that packets are transmitted to the LAN Lights steadily when the link between the local and remote KMBE modules is disconnected Lights momentarily for each error detected in a packet received from link A Lights to indicate that the KMBE module is configured for operation in the local mode Lights to indicate that the KMBE module is configured for operation in the remote mode Lights steadily when the link between the local and remote KMBE modules is disconnected Lights momentarily for each error detected in a packet received from link B Lights to indicate that packets are received from the LAN Lights momentarily during connection to the LAN Lights steadily if connection to the LAN failed 10 11 12 CONTROL connector LAN Connector LAN Connection Indicator (green only for UTP) RJ-45 connector, used for connection of an optional ASCII terminal used for KMBE configuration, monitoring and diagnostics Connection to the local LAN Connector type depends on the KMBE module model Lights when the KMBE UTP interface is connected to the local LAN
5 6 7
MAIN Indicator (green) REM Indicator (green) ERR LINK B Indicator (red)
8 9
LAN RX Indicator (yellow) LAN ERR Indicator (red)
Internal Settings
All KMBE modules have one user-selectable jumper, designated WTCH-DOG. The KMBE modules include additional jumpers, which are factory-set and should not be moved. The WTCH-DOG jumper allows maintenance personnel to disable the KMBE watchdog circuit during maintenance.
Figure 2-2 shows the location of the jumper. The jumper has two positions:
ON - The watchdog circuit is enabled. This is the setting required for normal operation OFF - The watchdog circuit is disabled.
The default setting is ON.
2-2
Installation
KMBE
Kilomux-2100/2104

FUSE F1
JP6 OFF WTCH-DOG ON
WTCH- DOG JUMPER-JP6

OFF
WATCHDOG DISABLED
ON
WATCHDOG ENABLED
STN-HUB SWITCH (UTP INTERFACE ONLY)

STN STN
FOR KMBE CONNECTED DIRECTLY TO LAN
HUB
HUB
FOR KMBE CONNECTED TO HUB
FUSE F3
FUSE F2
Figure 2-2. Module KMBE, Internal Settings

KMBE modules with thin Ethernet and AUI interfaces do not have additional jumpers, as all of their remaining functions are programmable. The KMBE module with UTP interface, however, has one additional switch, designated STN/HUB, located on the LAN interface card. Figure 2-2 also identifies the location of this switch. The switch is located on the printed circuit side of the module. The STN/HUB switch controls the connection of the internal transmit and receive pairs to the external UTP pairs to allow direct connection, without cross cables. Table 2-2 shows the switch settings.
Table 2-2. STN/HUB Switch Settings

Switch Setting STN (Station) HUB Receive Pins 1, 2 Pins 3, 6 Transmit Pins 3, 6 Pins 1, 2
The correct position of the switch depends on the wiring used in your particular network. In general: Set the switch to STN if the KMBE module connects directly to the LAN (this interchanges the connections of the receive and transmit pairs). Set the switch to HUB if the KMBE module connects to an Ethernet hub.
Factory setting is HUB.
Module Installation
The KMBE module can be inserted into, or removed from, an operating chassis (hot-swappable). Refer to the system installation plan and insert the module in the assigned I/O slot of the Kilomux chassis. The module is ready to start operating as soon as it is plugged into an operating Kilomux chassis. For module configuration instructions, see Chapter 3.
KMBE
Kilomux-2100/2104
Installation
2-3
Cable Connections
Identify the cable intended for connection to the LAN connector of this module, and connect the cable to the module connector on the rear panel.
Note
For the KMBE module with UTP interface, verify that the LAN receive and transmit pairs are properly connected in accordance with the wiring conventions used in your system.
Control Connector
The CONTROL connector is an RJ-45 connector wired as follows:
Table 2-3. Control Connector Pinout

Pin 1, 2 3 4 5 6 7 8 Designation Internal Test Not Connected SG TXD RXD Not Connected Not Connected OUT IN Direction Function Reserved Signal Ground Transmit Data Receive Data
Note
Do not make connections to pins 1 and 2.
2.2
Normal Indications
Operating Indications
After the power-up self-test, either the MAIN or the REM indicator must light, indicating the selected mode. The LAN RX and LAN TX indicators must light (or flash), and the ERR LAN and ERR LINK indicators must be off. The READY indicator will turn on when the LAN and WAN interfaces are ready.
Note
If a links synchronization is lost, the KMBE modules will attempt to re-establish the link automatically. If the attempt does not succeed, the KMBE modules reset themselves, and continue the attempts to resynchronize. During these attempts, the LINK ERR indicator flashes slowly.
2-4
Operating Indications
KMBE
Kilomux-2100/2104
2.3
Initial Setup
KMBE features a setup program that is invoked and run from an ASCII terminal or a PC terminal emulator. The terminal/terminal-emulator is connected to the CONTROL port on the KMBE rear panel. This section describes how to connect to the terminal and to access the Main menu setup program.
Connecting to the Terminal

To connect the terminal: 1. Connect a control cable between the KMBE RJ-45 CONTROL port and the connector on the terminal; or between the KMBE RJ-45 CONTROL port and the PC communication port (refer to Figure 2-3). 2. Set the terminal to work at any Baud rate from 2.4 to 19.2 kbps, No Parity, 8 Data Bits. The Baud rate is self-adaptable. 3. Set the hardware control to OFF. 4. Switch on KMBE. The operational status screen displays. Press <ENTER> several times to invoke the password message.
Figure 2-3. Connecting to the Terminal
Setting a Password
For first time operation, or if no configuration password has been specified, the following message appears: WARNING: No configuration password exists. Define configuration password? (Y/N): To set a password: 1. Type Y to set a configuration password.
KMBE Kilomux-2100/2104 Initial Setup 2-5
A message appears, prompting you to enter a new configuration password. 2. Type a password. The password can be up to twelve characters. 3. Press ENTER. A message appears, prompting you to retype the password for verification. 4. Retype the password and press ENTER. The Main menu screen appears. The password protects entry to the configuration module, preventing unauthorized personnel from changing setup and configuration parameters.
Note
All KMBE password verification routines are CASE SENSITIVE. Once a password has been set, always use the same case when typing the password.
Changing and Deleting the Password

To change the password during normal operation: 1. From the Main menu, select option 0, Exit, to return to the Operational Status Messages screen. 2. Press ENTER several times. 3. Enter the current password. A message appears, asking if you want to update the current password. 4. Type Y. You will be prompted to retype the current password. 5. Retype the current password. A message appears prompting you to enter the new password. 6. Type the new password and retype the same password for verification. The Main menu appears. To delete the current password: Follow steps 1-5 above to change the password. 1. When prompted to enter a new password, press ENTER without typing a new password. This deletes the current password and removes password protection. 2. Press ENTER again when prompted for verification. The Main menu appears. If the unit doesn't have an IP Address, the Quick Setup menu appears.
Note
Use of Password protection for the configuration module is recommended. Always use the Exit option in the Main menu once the unit has been configured. Using the Exit option will force personnel requiring access to the configuration module to use a password.
KMBE Kilomux-2100/2104
2-6
Initial Setup
Chapter 3 Operation
This chapter gives an introduction on how to operate and initially configure KMBE. Topics covered in this chapter include: Composite Channel Configuration Configuring KMBE as a bridge or router Menus and Screens.
3.1
KMBE General Configuration
You can configure KMBE via the Kilomux supervision port using an ASCII Terminal or any supported remote management. You can also configure Channel parameters (Link Speed and Location) from the LCD on the Kilomux front panel. For information about these configuration methods, refer to the Kilomux-2100/2104 System Installation and Operation Manual. Table 3-1 explains the KMBE composite channel configuration parameters.
KMBE
Kilomux-2100/2104
3-1
Chapter 3 Operation
Table 3-1. KMBE Composite Channel Configuration Parameters

Parameter LOCATION Function Selects the location of the KMBE module. This parameter can only be configured via the CL module by the command DEF CH i, where i is the slot number from 1 to 12. LINK_SPEED Selects the link bandwidth assigned to the KMBE module This is an external port parameter, also configurable from the Kilomux LCD Values MAIN: connects KMBE to the main LAN REM: connects KMBE to the remote LAN Default: MAIN
NC Module not connected 9.6, 19.2, 28.8 38.4, 48.0, 57.6 67.2, 76.8, 86.4 96, 105.6, 115.2 124.8, 128, 160 192, 224, 240 272, 304, 336, 368, 512, 768, 1024, 1536 Composite channel data rate, in kbps. Default: NC
Note: Table 3-2 specifies the

comptiablity of the various KMBE link bandwidth with the Kilomux main link rates. LINK Selects to which Kilomux link each KMBE module connects This is a DEF CON command parameter All fields When both external channels are connected the slot is configured for two lines, one for Main Link A, and one for Main Link B This is a DEF FRAME command parameter ML-A ML-B BOTH
3-2
KMBE
Kilomux-2100/2104
Chapter 3 Operation
Table 3-2. KMBE Link Bandwidth Compatibility with the Kilomux Main Link Rate
Main Link Rate Link Bandwidth 9.6 19.2 28.8 38.4 48.0 57.6 67.2 76.8 86.4 96 105.6 115.2 124.8 128 160 192 224 240 272 304 336 368 512 768 1024 1280 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + 384 512 768 1024 1536
KMBE
Kilomux-2100/2104
3-3
Chapter 3 Operation
3.2
KMBE Bridge or Router Configuration
KMBE can be configured as either a bridge or a router. KMBE, by default is automatically configured in the bridge mode. Decide whether KMBE will be used as a bridge or a router before you start the configuration.
Configuring KMBE as a Bridge

By default, KMBE is automatically configured in bridge mode. Before you configure KMBE as a bridge, set the location parameter to Remote or Main. One of the two KMBEs in the bridge must have the location parameter set to Remote and the other set to Main: Remote - If the KMBE you are configuring as a bridge is connected to the network that is smaller, and has no connections via a router to other networks Main - If the KMBE you are configuring as a bridge is connected to the network that is larger or has connections via a router to other networks.
Configuring KMBE as a Router

You can use KMBE as a router with compression capability to separate networks. Before configuring KMBE as a router, set the location switch to Main.
3.3
Menus and Screens
This section provides a brief description of the available KMBE menus and screens.
The Main Menu

The name of the device (KMBE) connected to the terminal is listed at the top of the screen. The Main menu has five options. To choose an option, type the number preceding the option.
MAIN 1. 2. 3. 4. 5. 0.
MENU
( Device name KMBE )
Quick setup Security setup Advanced setup View Diagnostic tools Exit
3-4
Menus and Screens
KMBE
Kilomux-2100/2104
Chapter 3 Operation
Quick Setup
The Quick Setup menu allows you to adjust setup and link configuration parameters while KMBE is in operation. Line-by-line prompting simplifies the setup. On-screen instructions and explanations guide you through the setup procedure.
Security Setup
Use the options in the Security Setup menu to control KMBE management and entry to your LAN by unauthorized users.
Advanced Menu
The Advanced menu lists KMBE configuration parameters and their current values. You are able to change these parameters and to perform advanced configuration operations, not available through the Quick Setup menu. Resetting the device and software downloads are also performed via the Advanced menu.
View
Use the options in the View menu to view configuration screens and information on interface connections, routing tables and statistics.
Diagnostic Tools
Use the Diagnostic Tools menu to verify WAN and LAN connectivity. The Ping feature allows you to dial (Ping) another user on the LAN or WAN. If the remote user replies, WAN connectivity is confirmed up to and including the IP level.
Exit
Select this option to return to the Operational Status Messages screen. From the Operational Status Messages screen you can remove or change the password.
KMBE
Kilomux-2100/2104
Menus and Screens
3-5
Chapter 3 Operation
3-6
Menus and Screens
KMBE
Kilomux-2100/2104
Chapter 4 Configuration
4.1 Quick Setup Menu
The Quick Setup menu allows you to enter the minimum number of parameters needed to operate your KMBE/N.
Principles of Operation
The Quick Setup screen guides you through the configuration, port by port. The Quick Setup screen asks you for the appropriate parameters depending on the type of port you are configuring and how you have already configured other ports. The Quick Setup screen presents messages, and prompts you to accept or modify the current parameters. To accept the current parameter, press ENTER The parameter options are enclosed in brackets [ ]. To view the options, use the space bar to toggle, then press ENTER To enter new information, type in the new parameters and press ENTER.
After all parameters have been accepted or changed, you can view them on the screen. A confirmation message appears requesting that you confirm all the setup changes. The device resets after the changes are saved. To configure the setup parameters: 1. From the Main menu, select option 1, Quick Setup. 2. Follow the on-screen instructions to accept or modify the setup parameters. 3. Press Y to save the setup parameters.
KMBE
Kilomux-2100/2104
Quick Setup Menu
4-1
Quick Setup Example

QUICK SETUP ----------WARNING: This device automatically exits to Operational Messages 10 minutes after last keyboard action without saving parameters 'ENTER' - Accept parameter , 'SPACE' - Change parameter . WAN interface #1 - V.11 Connection type: [Uplink ] Link mode: [Synchronous ] Routing: [BRIDGE ], Protocol: [PROPRIETARY] Connection : [Always ] LAN IP address : 192.168.1.2 , enter new : 192.168.1.3 LAN IP mask : 255.255.255.000 , enter new : 255.255.255.000 Default gateway setting by: [Interface ] Default gateway interface: 1 SECURITY setup Device access name : KMBE/N No password at present - do you want to create password(Y/N)?:[N] Security type: [Disabled] Saving the changes might cause RESET the unit. Do you want to save QUICK SETUP (Y/N) ? Y The fields in the Quick Setup example are described below:
Link Mode
Select this parameter to determine how data is transmitted across the link. When the mode is synchronous, data bits are transmitted at a fixed rate. The sender and the receiver are synchronized. The other mode is Frame Relay. Frame Relay is a packet-switching protocol for connecting devices on a WAN. Use the space bar to toggle between Synchronous, or Frame Relay modes.
Routing
Select this parameter to assign the link type. Use the space bar to toggle between Bridge, IP, IPX or IP&IPX link types. Selecting IPX link type disables the Single IP and WAN IP Address features, and removes the corresponding parameters from the screen.
WAN IP Address
Select this parameter to enter the IP address for the WAN interface.
4-2
Quick Setup Menu
KMBE
Kilomux-2100/2104
Host IP Setup
LAN IP Address
Select this parameter to enter the IP address. Every device on a TCP/IP network must have an address to identify it. The IP address is a value consisting of the network address and the host address on that network. The value assigned to a network depends on the number of computers on that network. The IP address is a 32-bit number. The number is made up of 4 parts, with each part consisting of 3 digits. One part of the address identifies the network and another part of the address identifies the host. Which numbers in the address identifies the host is dependent on the IP class. There are 5 classes of IP addresses. Each class represents a network having a certain number of computers. For example, a Class C address is given to a network having between 1-255 computers. Table 4-1 gives the ranges for different classes of IP addresses.
Table 4-1. IP Classes

Class A B C D E Range 0.0.0.0 to 127.255.255.255 128.0.0.0 to 191.255.255.255 192.0.0.0 to 223.255.255.255 224.0.0.0 to 239.255.255.255 240.0.0.0 to 247.255.255.255
The numbers in each part of the code are translated into binary. The binary code identifies the network and the host. IP addresses are assigned by the Internet Network Information Center (InterNIC). InterNIC assigns the network ID. Host IDs are assigned by the network administrator.
LAN IP Mask
Select this parameter to enter the IP mask. The mask is configured automatically from the IP address class, as shown in Figure 4-1. If you want to change the default mask, enter a new mask. For example, the IP mask is usually 225.225.225.0. A mask of this sort would allow 254 hosts on the LAN. If you want to create a subnet which allows 6 users, including KMBE/N, configure the mask as 22.225.225.248. on KMBE/N and each host that is included on the subnet.
KMBE
Kilomux-2100/2104
Quick Setup Menu
4-3
Digital Network
LAN IP address 192.168.1.1 Mask 255.255.255.248
KILOMUX
KMBE/N
IP address Mask Default Gateway
192.168.1.2 255.255.255.248 192.168.1.1
.3 .248 192.168.1.1
.4 .248 192.168.1.1
.5 .248 192.168.1.1
.6 .248 192.168.1.1
Figure 4-1. Setting up the IP Mask
Security Setup
Device Access Name
Select this parameter to display the name assigned to KMBE/N for identification by the Internet Provider. To change the device access name, type in the new name and press ENTER.
Device Access Password

Select this parameter to assign or update a password. The password is used to access the Internet. KMBE/Ns default setup does not include a password. Use the space bar to toggle between no (do not change the password) and yes (enter a new password). If you choose yes, the following screen appears: Enter new password : *** Enter new password verification : ***
Type the new password and press ENTER. Retype the same password for verification and press ENTER.
4.2

Security Setup
This chapter describes the Setup menu. Topics covered in this chapter include: Enabling Telnet access Enabling SMNP access
4-4
Security Setup
KMBE
Kilomux-2100/2104
Enabling/disabling the Solid Firewall.

1
Quick Setup
2 Security Setup 3 Advanced Menu 4

View
5 Diagnostic Tools
1 TELNET Access
2 SNMP Access
3 FIREWALL Options
Figure 4-2. Security Setup Menu Outline

The Security Setup menu allows you to control access to KMBE and the LAN. KMBE is protected against access by unauthorized users by disabling access via SNMP, Telnet and web browsers. The Solid Firewall is used to protect the LAN against undesired entry. To access the Security Setup menu, in the Main menu press 2. The following screen appears: SECURITY SETUP 1. 2. 3. ( Device name KMBE ) Disabled Disabled Disabled
TELNET access SNMP access FIREWALL options
ESC - Return to previous menu Choose one of the above: The Security Setup options are described below.
Enabling Telnet Access

KMBE supports Telnet. This allows KMBE to be configured and controlled over a WAN and LAN using TCP/IP. Access to Telnet requires authentication by the device, using username and password. By default, Telnet access to KMBE is disabled, to prevent changes being made to the unit's configuration parameters. Enabling Telnet access allows configuration of KMBE via Telnet. To enable Telnet access: 4. From the Main menu, select option 2, Security Setup. 5. From the Security Setup menu, select option 1, Telnet access. 6. Toggle with space bar to Y. 7. Press ENTER.
KMBE Kilomux-2100/2104 Security Setup 4-5
8. Follow the on-screen instructions to allocate a user name and password. 9. Save the new setup. TELNET access setup 'ENTER' - Accept parameter , 'SPACE' - Change parameter . Do you want to permit TELNET management of the device ? [ Y ] TELNET user name : lan Do you want to change TELNET password ? [ N ]Y Current password : *** Enter new password : *** Enter new password verification : *** Do you want to save TELNET parameters (Y/N) ? Y KMBE can now be accessed using your Telnet username and password.
Enabling SNMP Access

By default, access to KMBE via SNMP is disabled. Blocking SNMP access prevents changes being made to the unit's configuration parameters. Enabling SNMP access prompts the user to define SNMP management parameters. To enable SNMP access: 1. From the Main menu, select option 2, Security Setup. 2. From the Security Setup menu, select option 2, SNMP access. 3. Toggle to Y. 4. Press ENTER. 5. Enter the read, write and trap communities. 6. Save the new setup. SNMP access setup 'ENTER' - Accept parameter , 'SPACE' - Change parameter . Do you want to permit SNMP management of the device? [N]Y SNMP read community : public SNMP write community : private SNMP trap community : public Do you want to save SNMP parameters (Y/N) ? Y KMBE can now be accessed for SNMP operation using the appropriate communities.
4-6
Security Setup
KMBE
Kilomux-2100/2104
Enabling/Disabling the Solid Firewall

Solid Firewall, when enabled, prevents all access from the WAN or Intranet into the small office LAN. Outgoing traffic from the LAN will be forwarded to the WAN. Incoming traffic from the WAN will be blocked from entering the LAN. Only those applications that are enabled via the Firewall Forward Application List (e.g. WWW, FTP, E-mail servers, etc.) will be allowed to enter the LAN. By default, the Solid Firewall is disabled. In Single IP mode, Solid Firewall is always enabled by default and cannot be disabled. To enable the Solid Firewall feature (in regular router mode): 1. From the Main menu, select option 2, Security Setup. 2. From the Security Setup menu, select option 3, Firewall Options. FIREWALL options setup Enabling FIREWALL will forward outgoing sessions from LAN to WAN and block incoming sessions from entering the LAN except for applications that are enabled by the FIREWALL FORWARD APPLICATION LIST. Do you want to enable firewall options ? [ N ]Y Enter link from which to be protected by FIREWALL: 1 3. Toggle to Y and press ENTER to enable the Solid Firewall. The Firewall Forward Application List screen is displayed. 4. Press ESC. 5. Save the Firewall setup to block all incoming traffic from the WAN. To enable a specific application to enter the Solid Firewall (both in regular router and Single IP modes): 1. In the Firewall Forward Application List screen, press A to add an application.
KMBE
Kilomux-2100/2104
Security Setup
4-7
FIREWALL FORWARD APPLICATION LIST
(Device name KMBE)
List of applications which may pass the FIREWALL. APPLICATION 1. TELNET server 2. PING request ADVANCED SETUP NO NO IP ADDRESS 192.168.1.1 192.168.1.1
Telnet server, Ping request, DNS server, E_Mail POP3, E-Mail SMTP, FTP server, WWW server, TFTP server, SNMP, User defined Application type: [E-MAIL POP3 ] [Default ] Advanced Host IP address interval: [SINGLE ] Host IP Address: 192.168.1.2 Guest IP address interval: [INTERVAL ] Guest start IP Address: 192.168.1.3 Guest end IP Address: 192.168.1.2 Host port interval: [SINGLE ] Host port: 110 Guest port interval: [ALL ] Frame type: [TCP ] 2. To select an application, toggle the SPACE bar. 3. If a specific application has a specific IP destination on the LAN, select DEFAULT and type the IP destination address. 4. The advanced option includes the following possibilities for forwarding an IP session to the secured LAN: 5. Host IP address interval - range of destination addresses on the LAN (only one address for Single IP) 6. Guest IP address interval - range of source addresses in the Intranet 7. Host port interval - range of UDP or TCP destination ports of the applications 8. Guest port - range of UDP or TCP source ports of the applications 9. Frame type - UDP, TCP or ICMP protocol. 10. Select Single, All or Interval and type the IP address for each option listed above. 11. Press ESC. 12. Save the Firewall setup.
In Single IP mode, for each application, only one destination address from the secured LAN can be used. Incoming traffic from the WAN should be destined to the single IP address. KMBE forwards the application to the destination address on the LAN, as listed in the Firewall Forward Application List.
4-8
Security Setup
KMBE
Kilomux-2100/2104
4.3
Advanced Setup
The Advanced menu contains the majority of KMBE configuration parameters. You can change these parameters and perform advanced configuration operations that are not available through the Quick Setup menu. Resetting the device and software downloads are also performed via the Advanced menu.
Advanced Menu
1 2
Setup
Device Control
Figure 4-3. Advanced Menu Outline

To access the Advanced menu: From the Main menu, press 3. The Advanced menu appears: ADVANCED MENU (Device name KMBE)
1. Setup 2. Device control ESC - Return to previous menu Choose one of the above: The options in the Advanced menu are described below.
Setup Menu
Advanced Menu
1 2
Setup
Device Control
1 Host Parameters
2 Routing/ Bridging
3 Interface Parameters
4 Access Control (Security)
5 WAN Economy
6 Factory Default Options
Figure 4-4. Setup Menu Outline

To access the Setup menu: In the Advanced menu, press 1.
KMBE
Kilomux-2100/2104
Advanced Setup
4-9
The Setup menu appears. SETUP (Device name KMBE) 1. 2. 3. 4. 5. 6. Host parameters Routing/Bridging Interface parameters Access control (Security) WAN economy Factory default options
ESC - Return to previous menu Choose one of the above: The options in the Setup menu are briefly described below. For a detailed description of the sub-menus, refer to the sections that follow.
Host Parameters
Select this option to enter reference information about the device, the IP Host, the SNMP agent and TFTP.
Advanced Menu
1 2 1 Host Parameters
Setup
Device Control
1 Device Control
2 IP Host
3 SNMP Manager Table
4 TFTP
5 RADIUS
1. Device Name
1. IP Address
1. Manager Table
1. File Server IP Address
2. Contact Person
2. IP Mask
2. File Name
3. System Location
3. Default Gateway
3. Retransmitting Timeout
4. MAC Address
4. Total Timeout
Figure 4-5. Host Parameters Menu Outline

To access the Host Parameters menu: 1. In the Advanced menu, press 1.
4-10
Advanced Setup
KMBE
Kilomux-2100/2104
The Setup menu appears. 2. In the Setup menu, press 1. The Host Parameters menu appears. HOST PARAMETERS (Device name KMBE) 1. 2. 3. 4. 5. Device ID IP host SNMP manager table TFTP RADIUS
ESC - Return to previous menu Choose one of the above: The options in the Host Parameters menu are described below.
Device ID
Select this option to view and/or modify the following arbitrary parameters. Device Name Select this parameter to assign an arbitrary name to KMBE for identification by the system manager. Contact Person Select this parameter to enter the name of the person to be contacted with matters pertaining to the system. System Location Select this parameter to enter the physical location of the device. MAC Address Select this parameter to assign a MAC address locally. This allows you additional control of the devices in the LAN. KMBE can be used with the default address provided by the manufacturer or with a locally administered address. Locally administered addresses are very useful for managing large networks.
IP Host
Select this option to configure the following IP parameters. IP Address Every device on a TCP/IP network must have an address to identify it. The IP address is a value consisting of the network address and the host address on that network. The value assigned to a network depends on the number of computers on that network. The IP address is a 32-bit number. The number is made up of 4 parts, with each part consisting of 3 digits. One part of the address identifies the network and
KMBE
Kilomux-2100/2104
Advanced Setup
4-11
another part of the address identifies the host. Which numbers in the address identifies the host is dependent on the class. There are 5 classes of IP addresses. Each class represents a network having a certain number of computers. For example, a Class C address is given to a network having between 1-255 computers. Table 4-1 gives the ranges for different classes of IP addresses.
Table 4-2. IP Classes

Class A B C D E Range 0.0.0.0 to 127.255.255.255 128.0.0.0 to 191.255.255.255 192.0.0.0 to 223.255.255.255 224.0.0.0 to 239.255.255.255 240.0.0.0 to 247.255.255.255
The numbers in each part of the code is translated into binary. The binary code identifies the network and the host. IP addresses are assigned by the Internet Network Information Center (InterNIC). InterNIC assigns the network ID. Host IDs are assigned by the network administrator. IP Mask A subnet is a portion of a network that shares a common address component. On TCP/IP networks, subnets are defined as all devices whose IP addresses have the same prefix. For example, all devices with IP addresses that start with 133.100.100. would be part of the same subnet. An IP mask allows filtering of IP addresses on a subnet. When an IP address is configured the IP mask is automatically configured according to Table 4-2.
Table 4-3. IP Mask Configuration

IP Network Class A B C D IP Address Range Default IP mask
0.0.0.0-127.255.255.255 128.0.0.0-191.255.255.255 192.0.0.0-223.255.255.255 224.0.0.0-239.255.255.255
255.0.0.0 255.255.0.0 255.255.255.0 255.255.255.225
The default IP mask can be edited. Default Gateway The default gateway is the address to which frames are sent if no other address is defined in the routing table. The station compares the destination IP address net ID with the station's own net ID. If they are not the same, KMBE
4-12 Advanced Setup KMBE Kilomux-2100/2104
automatically sends the packets to the default gateway MAC address; in this case KMBE. KMBE then passes the packets to the Central Access Router link. From there they are routed onwards. The default gateway can be an IP address or a WAN interface. If you choose to use an IP address, enter the address of the router which will deliver the frames. Specifying an IP address for the default gateway is done with shared media, such as LAN interface. If you choose to use a WAN interface, the connection to the router is point-topoint. Choose "by interface" and Interface 1 is automatically set.
It is very important to obtain the correct parameters from the system administrator or ISP. The most common problem when establishing an IP connection is incorrect configuration of the IP parameters and default gateway.
SNMP Manager Table

Select this option to add, clear or delete parameters from the manager table. The manager table lists the SNMP manager IP addresses and masks. Simple Network Management Protocol (SNMP) is an application-layer protocol designed to facilitate the exchange of management information between network devices. By using SNMP to access management information data (such as packets per second and network error rates), network administrators can more easily manage network performance and find and solve network problems.
TFTP (Trivial File Transfer Protocol)

TFTP is a file transfer protocol used for downloading boot code to diskless workstations. TFTP is used in a server designated as the TFTP server. The server needs to provide concurrency to allow multiple users to boot up simultaneously. To do this, TFTP creates a UDP port for each client. By creating a UDP port, the different client input datagrams can be demutilpexed by the server's UDP module. Demutilpexing in the module increases the server efficiency. One characteristic of TFTP is that it is not secure. There is no password or firewall associated with TFTP. Anyone with the IP address of the TFTP server can enter the server and download files. Security can be provided by creating a directory which contains only those files which you want to be downloaded. This prevents access to any other files. You must configure the following parameters in a TFTP server: File Server IP Address Select this parameter to enter the IP address of the TFTP server. File Name Select this parameter to enter the name and path of the file to be transferred. Retransmitting Timeout Select this parameter to enter the amount of time that is allowed to pass before a file is retransmitted.
KMBE Kilomux-2100/2104 Advanced Setup 4-13
Total Timeout Select this parameter to enter the amount of time KMBE should wait for an acknowledgment from the TFTP server.
Routing/Bridging Menu
Select this option to enter routing or bridging information for the device.
Advanced Menu
1 2 Routing
1 Link Number
Setup
Device Control
Interface Routing/Bridging Mode
Static Station & Nets
3 IP Routing Setting
IPX Routing Settings
5 RADIUS
1. Link Type
Add
1. Interface Address
1. New Stations Aging Time
2. Link Protocol
Clear
2. RIP Mode
3. Link Cost/Metric
Delete
3. Maximum Transmit Unit
4. PPP Settings
1. Header and Control Field Compression
4. DHCP Setting
5. PC Remote Access
1. Shared IP Net
2. Protocol Field Compression 3. IP Compression (V Jacobson-RFC 1144) 4. Data Negotiation Compression Mode RFC 1974 compatible 5. Multilink
2. Remote Workstation IP Address Allocation 3. Remote Workstation IP Address Pool 4. Primary Domain Name Server 5. Secondary Domain Name Server
Figure 4-6. Routing/Bridging Menu Outline

To access the Routing menu 1. In the Advanced menu, press 1. The Setup menu appears. 2. In the Setup menu, press 2.
4-14
Advanced Setup
KMBE
Kilomux-2100/2104
The Routing menu appears: ROUTING (Device name KMBE)
Link 1 - IP & IPX ROUTER Setup Menu 1. 2. 3. 4. 5.
PPP
Link Routing/Bridging mode Static stations & nets IP routing settings IPX routing settings Station ageing (minutes): 30
ESC - Return to previous menu Choose one of the above: The options in the Routing menu are described below.
Link Routing/Bridging Mode

ROUTING MODE: LINK 1 (Device name KMBE)
1. 2. 3. 4.
Link type - IP & IPX ROUTER Link protocol - PPP Link cost/metric - 1 PPP settings
ESC - Return to previous menu Choose one of the above: Link Type Select this parameter to assign the link type. Use the space bar to toggle between Bridge, IP, IPX or IP&IPX routing.
Routing/Bridging Mode: * Bridge * IP * IPX * IP+IPX
KMBE/N KMBE/N
KILOMUX
KILOMUX
Figure 4-7. Routing Modes

Link Protocol Select this parameter to assign the link protocol. The link protocol available is PPP, RFC 1490, or Native.
KMBE
Kilomux-2100/2104
Advanced Setup
4-15
PPP - Point to Point Protocol consists of 3 components: A way to encapsulate IP datagrams on a serial link. PPP supports either:
an asynchronous link with 8 bits of data and no parity bit-oriented synchronous links.
A link control procedure (LCP) to establish, configure, and test the datalink connection. Having a LCP allows each end to negotiate various options A family of network control protocols (NCPs) specific to different network layer protocols. The NCPs allow each end to configure network control parameters.
Each frame begins and ends with a flag byte whose value is 0x7e. The flag byte is followed by an address byte whose value is 0xff. The address byte is followed by a control byte whose value is 0x03. The control byte is followed by the protocol field. The value of the protocol field determines the type of information field. A value of 0x0021 means the information filed is an IP datagram. A value of 0xc21 means that the information field is link control data, and a value of 0x8021 means that the information field is for network control data. The CRC field is a cyclic redundancy check, used to detect errors in the frame. PPP is often used across slow serial lines. It is therefore important to reduce the number of bytes per frame to reduce the latency time. Using the LCP, most implementations negotiate to omit the constant address and control fields and to reduce the size of the protocol fields from 2 bytes to 1 byte. In addition, when using the IP NCP, most implementations use Van Jacobson header compression to reduce the size of the IP and TCP headers.
Protocol: * PPP * RFC-1490 * Native
KMBE/N KMBE/N
KILOMUX
KILOMUX
Figure 4-8. Link Protocols

Link Cost/Metric Select this parameter to assign a cost to each WAN link for routing purposes. Metrics are hop counts. Hop counts are the number of routers through which a packet must go to get to its destination. Adjacent interfaces have a hop count of 1. If a packet must go through 2 routers to get to its destination the hop count is 2. The higher the hop count the longer the route. A router will automatically send packets using the lowest possible metric. If a router is not functioning, KMBE will send the packets through an interface with a higher metric.
RFC-1490 - supported Frame Relay protocol Native - HDLC protocol.
PPP Settings This option is only available for PPP link protocol. The PPP Setting screen has the following options: Header and Control Field Compression - This parameter is used for troubleshooting only. Do not change the entry unless there is a problem Protocol Field Compression - This parameter is used for troubleshooting only. Do not change the entry unless there is a problem IP Compression - This parameter activates Van Jacobson TCP Header Compression on a specified link. PPP is normally used on slow bandwidths, such as modems. Data transmission is therefore slower when using this protocol. To quicken the transmission, certain parts of the data packets can be compressed. In Van Jacobson TCP Header Compression the packet header is compressed. Every IP data packet contains a header. The header contains the source address, destination address and other information. Since PPP is used for point to point transmissions, both the local and remote devices must have Van Jacobson TCP Header Compression enabled for compression to be performed. To verify that Van Jacobson TCP Header Compression is being performed, open the Interface Connections Screen. Data Compression Negotiation Mode - KMBE supports IP and IPX data compression according to RFC 1974 using the STAC Compression Method. The following modes are supported: Disabled No History LCB Sequence Extended.
When KMBE attempts to negotiate with another unit, a message is sent stating in which mode the data will be sent. If the mode is acceptable to the receiving unit, data transmission begins. If the mode is not acceptable (i.e. the second unit does not support this mode), another mode is tried, until an acceptable mode is found. This process is called auto-negotiation. When you choose a mode, you are choosing the first mode used during auto-negotiation. Do not change this parameter unless a problem arises with the auto-negotiation. If a problem does arise, consult the opposite unit's user manual.
KMBE/N
Auto Negotiation
KMBE/N
Data compression set at LCB
Data compression set at Extended
KILOMUX
KILOMUX
Figure 4-9. Autonegotiation

In Figure 4-8, the KMBE data compression is set at LCB. In the remote unit the data compression is set to Extended. Messages are sent between the 2 units, until a common data compression mode is found.
Static Stations and Nets

STATIC STATIONS AND NETS(IP,IPX) (Device name KMBE)
1. IP cost-1
- 192.168.1.1 mask-255.255.255.248 interface-2/16
2. IPX - 19490182
interface-3
cost-1
A - Add , C - Clear all , D - Delete ESC - Return to previous menu. Select this parameter to add, delete, or clear static entries in the IP/IPX Routing table. When adding, static entries can be defined in several ways: IP Net - IP Net defines a network as the destination. IP Net consists of 2 parts: the frame pathway and destination. The pathway is specified either as an interface (i.e. port) number or as Next Hop IP address. Next Hop IP means that the frames are sent to another router; from there they will be sent to their final destination. To define the destination enter the subnet IP address and IP mask. For example, 192.168.1.3 is a subnet IP address and 255.255.255.240 is the IP mask.
Digital Network
KILOMUX
KMBE/N
Router IP address 192.168.1.2 Mask 255.255.255.240 IP NET 1 IP NET 2
Figure 4-10. Router 2 set to Next Hop in KMBE

IP Station - IP Station defines a single host as the destination. IP Station consists of 2 parts: the frame pathway and destination. The pathway is
4-18
Advanced Setup
KMBE
Kilomux-2100/2104
specified as in IP Net, above. To define the destination enter the host IP address IPX Net - IPX Net is used for IPX routing. Define the IPX Net and the interface number in hexadecimal MAC - MAC is used in the remote device for Bridging. MAC defines the MAC address of the static station in the bridge station list.
IP Routing Settings
IP ROUTING SETTINGS (Device name KMBE) 1. 2. 3. 4. Interface address RIP mode Maximum transmit unit PC remote access
Interface Address Not applicable. RIP Mode Select this parameter to set the type of RIP to be sent. Toggle between RIP1, RIP2, RIP1+2 or No RIP for each interface. Since most Internet applications do not use RIP, the default setting is No RIP. RIP stands for Routing Information Protocol. Every router has a routing table which directs packets. A router uses the routing table to send the packets through a designated gateway (if the packet was sent to another network) or sends the packets directly to a host. The routing table is built when the host is booted up. RIP sends a request to all active interfaces, asking for the others' routing table. Using the information received, the host builds its own routing table in which the packet destinations are entered. By sending requests for information, RIP both builds the table and updates the entries. RIP updates the table using the responses received every 30 seconds. If a router is not functioning, the packets must be redirected and sent to a second router. The routing table contains the address of a backup router. RIP informs all of the other routers in a network on how to circumvent the nonfunctioning router. Maximum Transmit Unit Select this parameter to set the maximum transmit unit (MTU) for IP fragmentation. The MTU must be set for each interface. Both Ethernet and 802.3 encapsulation have frame size limits. If a frame is larger than the MTU, IP fragments the frame into smaller units.
KMBE
Kilomux-2100/2104
Advanced Setup
4-19
PC Remote Access PC Remote Access (Device name KMBE) 1. 2. 3. 4. 5. Shared IP net - 192.168.1.2 mask - 255.255.255.240 Remote workstation IP addresses allocation (BOOT/IPCP)-[Enabled] Remote workstation IP addresses pool Primary domain name server (DNS) - 192.168.1.3 Secondary domain name server (DNS) - 192.168.1.4
ESC - Return to previous menu Choose one of the above: Select this parameter to define the remote access. The PC Remote Access Option is important if KMBE is used as a remote access server for remote PCs accessing the LAN.
Shared IP Net
Select this parameter to enter the Shared IP net address. The Shared IP net address is used by all remote workstations connecting to the remote access server on the WAN links.
Remote Workstation IP Address Allocation
Select this parameter to enable or disable allocation of remote workstation IP addresses via BootP or IPCP negotiations.
Remote Workstation IP Address Pool
Select this parameter to enter and display a pool of addresses to be allocated by the remote access server to remote workstations connected over the WAN links. These addresses belong to the Shared IP Net.
Primary Domain Name Server (DNS)
Select this parameter to enter a primary DNS to be obtained by the remote PC during the IPCP negotiations.
Secondary Domain Name Server (DNS)
Select this parameter to enter a secondary DNS to be obtained by the remote PC during the IPCP negotiations. DNS is a distributed database that is used by TCP/IP applications to map between host names and addresses, and to provide electronic mail routing information. The term distributed is used because no single site on the Internet knows all of the information. Each site (university department, company etc.) maintains its own database and runs a server program that other systems across the Internet can query. The DNS provides the protocol that allows clients and servers to communicate with each other.
4-20
Advanced Setup
KMBE
Kilomux-2100/2104
IPX Routing Settings

IPX ROUTING SETTINGS (Device name KMBE) 1. 2. 3. 4. 5. 6. 7. Learn LAN IPX nets for all LAN IPX net for frame type LAN IPX net for frame type LAN IPX net for frame type LAN IPX net for frame type Dial-in IPX net RIP/SAP mode frame types 802.3 Ethernet II 802.2 SNAP [Automatic] 000A8023 04FD9F16 000A8022 05FD9F16 D2FD9F16
ESC - Return to previous menu Choose one of the above: Select this parameter to specify how KMBE learns IPX Nets. KMBE can learn IPX Nets in 3 ways: Learn LAN IPX Nets for all Frame Types - By setting this parameter to Automatic, KMBE learns IPX Nets from RIP/SAP frames sent by other IPX routers on the same LAN. If there are no other IPX routers on KMBE LAN, this parameter must be set to Manual, and you must configure the IPX Nets for each frame type. LAN IPX Net for Frame Type - Each of these parameters specifies the IPX Nets associated with a particular frame type. Each frame type is supported by the LAN. KMBE supplies default values for these frame types. Dial-in IPX Net - This parameter specifies the IPX Net definition for a WAN interface.
RIP/SAP Mode RIP / SAP MODE SETUP (Device name KMBE) 1. Link 1 RIP/SAP mode: [Enabled] 2. LAN RIP/SAP mode: [Enabled] ESC - Return to previous menu Choose one of the above:
Link 1 RIP/SAP Mode
Select this parameter to Enable/Disable the RIP/SAP mode. The default setting enables sending RIP and SAP tables for all updates and interfaces (Link and LAN). When disabled KMBE does not send RIP/SAP frames. KMBE receives and processes RIP/SAP frames sent from other routers.
Station Aging
Station aging determines the amount of time a station is allowed to be inactive before it is removed from the network. A station is inactive when no IP traffic is forwarded or received to the KMBE LAN interface. For example, in Figure 4-10, IP address 192.18.1.1 has an aging time of 120 seconds. If no frames are received
KMBE
Kilomux-2100/2104
Advanced Setup
4-21
from IP address 192.18.1.1 within 120 seconds, the station will be removed from the KMBE IP net table.
Digital Network
KILOMUX
KMBE/N
Station Aging 120 seconds
IP address 192.168.1.1
Figure 4-11. Station Aging
Interface Parameters
Select this option to set link, or Frame Relay parameters.
4-22
Advanced Setup
KMBE
Kilomux-2100/2104
Advanced Menu
1 3 Interface Parameters 2
Setup
Device Control
1 Link Settings
2 ISDN Protocol Setting
3 Frame Relay Settings
4 X.25 Module Setting
1. Status
1. ISDN Protocol & SPIC
2. Type
1. Asynchronous
3. Connection Type
2. Synchronous
3. ISDN
4. Connection Timeout (sec) 5. Control Signals Mode
1. Modem Name 2. Modem Initializing String 3. Autobauding to Modem Speed 4. Reset Modem Before Setup 5. Analyze Modem Answer
4. X.25
5. Frame Relay
6. Baud Rate (Kbps)
7. Parity
6. Modem Speaker On 7. Modem Dialling Number 8. Local Number (for Dialback)
8. Stop Bit
9. Modem Setting
9. Number of Rings Before Answer
Figure 4-12. Interface Parameters Menu Outline

To access the Interface Parameters menu: 1. In the Advanced menu, press 1. The Setup menu appears. 2. In the Setup menu, press 3. The Interface Parameters menu appears.
KMBE
Kilomux-2100/2104
Advanced Setup
4-23
INTERFACE PARAMETERS (Device name KMBE) 1. 2. 3. 4. Link settings ISDN protocol settings Frame relay DLCI settings X.25 module setting
ESC - return to previous menu Choose one of the above: The options in the Interface Parameters menu are described below.
Link Settings
Status Select this parameter to specify the status of a link: enabled or disabled. An enabled link transmits frames. Normally you would want all links enabled. If a router is not working, the link to that router should be disabled. All frames are then rerouted. Type Select this parameter to specify the type of interface in use: Synchronous. When the mode is synchronous, data bits are transmitted at a fixed rate. The sender and the receiver are synchronized. The third mode is Frame Relay. Frame Relay is a packet-switching protocol for connecting devices on a WAN. Connection Type Select this parameter to specify the type of connection: Originate only - If the link is to be used to connect to the Intranet Answer only - If the link is to be used for receiving remote access connections Answer&Originate - If the link is to be used for both incoming and outgoing connections (not simultaneously).
Connection Timeout (sec) Select this parameter to specify the connection timeout. The remote side has to answer within the time allotted with the Connection Timeout. If within this time there is no response, you are informed that the remote side is no longer active. Connection timeout is only configured when the PPP protocol is used. The parameter consists of two parts: Time (1-255 seconds) Number <N> of attempts.
Within the designated time, KMBE will send frames <N> times. For example, if the time is configured to120 and the number is configured to 6, every 20 seconds a frame is sent. If there is no response KMBE assumes that the remote unit has failed.
4-24
Advanced Setup
KMBE
Kilomux-2100/2104
ISDN Protocol Settings

Not applicable.
Frame Relay
Frame Relay is a form of WAN which is designed to maximize throughput and minimize cost by simplifying network processing. Frame Relay Features Supports permanent virtual circuits (PVC) Supports Frame Relay (IP/IPX) encapsulation based on RFC 1490 Supports different management maintenance protocols: T1.617/ANNEX D Q.933/ANNEX A LMI.
Supports self learning of the maintenance protocol and the DLCI which enables connection to the Frame Relay network without configuring Frame Relay parameters Executes congestion control when an explicit congestion notification is received for the DLCI from the Frame Relay network. The unit reduces the transmitted information rate of the DLCI and increases it when the congestion condition is cleared. Supports the Frame Relay SNMP MIB.
Implementing Frame Relay
Figure 4-12 shows a map of the options in the Advanced menu that are used to
configure KMBE for operation over a Frame Relay network.
KMBE
Kilomux-2100/2104
Advanced Setup
4-25
Main menu
Advanced menu
View
Setup
Device control
Frame relay DLCIs'
Interface Parameters
Reset options
View Frame relay DLCI parameters Link setting Frame Relay DLCI setting
Reset Link
DLCI
State
CIR
Excess
Throughput
Self learn DLCI/ Maintenance
Maintenance Protocol
CLLM Status
Polling Interval
Full enquiry Interval
Error Threshold
Monitored Events
Figure 4-13. Frame Relay Options in the Advanced Menu

Frame Relay Link Parameters The parameters in the Frame Relay Links Parameters menu are described below.
Self Learn DLCI/Maintenance
Select this parameter to specify whether KMBE will self learn the maintenance protocol on the Frame Relay link and the DLCI status (UP or DOWN). When this parameter is disabled (OFF), you need to configure the maintenance protocol and the DLCI manually.
CLLM Status
Select this parameter to specify whether CLLM frames, used for congestion indication, will be supported (ON) or not (OFF).
Maintenance Protocol
Select this parameter to specify the maintenance protocol of the Frame Relay link: T1.617/ANNEX D, Q.933/ANNEX A, LMI or None. This parameter can only be configured if Self learn DLCI /Maintenance parameter is disabled (OFF).
4-26
Advanced Setup
KMBE
Kilomux-2100/2104
Polling Interval
Select this parameter to specify the number of seconds between transmission of two successive status inquiry frames.
Full Inquiry Interval
Select this parameter to specify the number of polling intervals after which a full status request frame is transmitted.
Polling interval = 10 Full inquiry interval = 4
KMBE/N Status Inquiry 10 seconds Status Inquiry 10 seconds Status Inquiry 10 seconds Status Inquiry 10 seconds Status Inquiry 10 seconds Status Inquiry Status Inquiry Reply Time Status Inquiry Reply Status Inquiry Reply Status Inquiry Reply Status Inquiry Reply Frame Relay Network Status Inquiry Reply
Figure 4-14. Polling Intervals

Error Threshold
Select this parameter to specify the number of unacknowledged monitored events (status inquiry frames and full status inquiry frames) that can occur in a sliding monitored events window before the link is declared DOWN.
Monitored Events
Select this parameter to specify the number of monitored events (status inquiry frames and full status inquiry frames) in a sliding monitored events window.
KMBE
Kilomux-2100/2104
Advanced Setup
4-27
Figure 4-15. Monitored Events

After the link is declared DOWN, it can only be declared UP again when the sliding monitored events window contains only successfully monitored events.
Figure 4-16. Monitored Events - Down Link
Frame Relay DLCI Parameters

The parameters in the Frame Relay DLCI Parameters menu are described below. DLCI Select this parameter to specify the DLCI number. State Select this parameter to specify whether the DLCI is Enabled or Disabled (for receive/transmit). CIR Select this parameter to specify the maximum amount of data in bits which the network guarantees to transfer during the measurement interval (the measurement interval is usually one second). The value of this parameter is obtained from the Frame Relay provider.
4-28
Advanced Setup
KMBE
Kilomux-2100/2104
Excess Select this parameter to specify the maximum amount of uncommitted data bits that the network will attempt to deliver during the measurement interval. The value of this parameter should be received from the Frame Relay provider. Throughput Select this parameter to specify this parameter to specify the average number of data bits per second transferred by the network. When a measurement interval of one second is assigned to the CIR, the throughput value should equal the CIR value.
Access Control (Security)

Select this option to perform security operations.
Advanced Menu
1
Access Control (Security)
Setup
Device Control
1 External Access Security
Device Security Identity
Security Host/ Guest
Advanced PC to LAN Bridge Link Security
Login Script Setup
1. Security Authorization 2. Minimum Accepted PPP Security 3. Accessible Stations/Nets 4. User Access Profiles
1. Name
1. Security Link
2. Password
1. Access Mode
1. Unlimited Access
2. Limit Access List
2. Limited Access 3. Static Statiions/Net Access
Figure 4-17. Access Control Menu Outline

To access the Access Control menu 1. In the Advanced menu, press 1. The Setup menu appears. 2. In the Setup menu, press 4. The Access Control menu appears.
KMBE
Kilomux-2100/2104
Advanced Setup
4-29
ACCESS CONTROL (Device name KMBE) -------------1. External access security 2. Device security identity 3. Security Host/Guest 4. Advanced PC to LAN Bridge link security 5. Script setup ESC - Return to previous menu Choose one of the above: The options in the Access Control menu are described below.
External Access Security

Select this parameter to protect your LAN against unwanted entry by outside users. Toggle between the following options: None - Access denied to all users User Access Profile - Allow/deny access according to the User Access Profile (see below) RADIUS - Allow/deny access according to the RADIUS Authenticator User Access Profile+RADIUS - Access is allowed if the User Access Profile allows it OR if the User Access Profile denies access but the RADIUS Authenticator allows it.
If you select RADIUS, configure the RADIUS Access parameters from the Host Parameters menu.
Minimum Accepted PPP Security Select this parameter to specify the minimum security to none, PAP or CHAP. PPP supports 2 types of security systems: CHAP (Challenge Handshake Authentication Protocol) - CHAP is a type of authentication in which the authentication agent (typically a network server) sends the client program a key to be used to encrypt the username and password. This enables the username and password to be transmitted in an encrypted form to protect them against hackers. PAP (Password Authentication Protocol) - PAP is the most basic form of authentication, in which a user's name and password are transmitted over a network and compared to a table of name-password pairs. Typically, the passwords stored in the table are encrypted. The main weakness of PAP is that both the username and password are transmitted in an unencrypted form.
Accessible Stations/Nets Select this parameter to define parameters which limit public access to the network. Access can be allowed for all stations/nets, only certain stations/nets,
4-30
Advanced Setup
KMBE
Kilomux-2100/2104
or only stations/nets which are static. When the access mode is 'limited', use the access list to define which stations/nets have access. User Access Profiles Select this parameter to view and modify user access profiles in the access control users list. The list contains user names, security parameters and dialback options.
Device Security Identity

Name Select this parameter to assign a name to KMBE for access to the ISP's central access router. The maximum length is 30 characters. Password Select this parameter to assign a password to KMBE for access to the ISP's central access router. The maximum length is 30 characters.
Security Host/Guest
Select this parameter to define a link's security status. When a link is defined as a Host, users are approved according to your profile list. When link is defined as a Guest, the device sends its name and password to be approved by the host. The Guest mode is the default.
Advanced PC to LAN Bridge Link Security

Use this parameter to configure advanced security for remote access from a PC client, when the KMBE is configured as a bridge.
WAN Economy Menu

Select this option to reduce traffic over the WAN.
KMBE
Kilomux-2100/2104
Advanced Setup
4-31
Advanced Menu
1 5
WAN Economy
Setup
Device Control
1 Filters
2 Connection On Demand
3 IP/IPX Spoofing
Fast Retransmission Frame Limit
1. Block and Forwarding 2. Link to Link Traffic 3. IP/IPX Broadcast Control
1. Start Connection
1. Keep Alive Mode 2. RIP/SAP Spoofing Tables Updated Timeout 3. Change Link Spoofing Mode
2. Terminate Connection 3. Minimum Time Between Two Connects 4. Minimum Time Between Two Disconnects 5. Connect Manually 6. Disconnect Manually
4. Quick Filters
Figure 4-18. WAN Economy Menu Outline

To access the WAN Economy menu: 1. In the Advanced menu, press 1. The Setup menu appears. 2. In the Setup menu, press 5. The WAN Economy menu appears.
4-32
Advanced Setup
KMBE
Kilomux-2100/2104
WAN ECONOMY (Device name KMBE) ----------Use these features: - to reduce traffic over the WAN to a minimum and increase throughput - to keep the link up only when it is required 1. 2. 3. 4. Filters Connection on demand Spoofing Fast retransmission frame limit: 2
ESC - Return to previous menu Choose one of the above: The options in the WAN Economy menu are described below.
Filtering
Filtering allows you to limit the amount of traffic which enters and exits the Small Office LAN via KMBE. Filtering is used to: Increase security Reduce traffic to the link.
KMBE features two types of filters: Quick Filters Advanced Filters.
Quick Filters are used to regulate IP and IPX. A Quick Filter can neutralize IP and/or IPX protocol by blocking all traffic of that protocol, as illustrated in Figure 4-18.
Quick Filter Traffic is blocked by the Quick Filter Quick Filter
KMBE/N
Digital Network
KILOMUX Traffic is blocked by the Quick Filter
KILOMUX
Figure 4-19. Action of a Quick Filter
KMBE
Kilomux-2100/2104
Advanced Setup
KMBE/N
4-33
Advanced Filters are used to regulate traffic in both directions, as shown in Figure 4-19. From LAN to the Link. Using filters here will forward or block traffic from the LAN outwards From Link to the LAN. Using filters here will forward or block traffic from the link inwards.
Using a variety of parameters, advanced filters can be used to regulate different protocols, to totally or partially block traffic, and to control traffic between links.
Advanced Filter Advanced Filter Traffic is regulated by the Quick Filter
KMBE/N
Digital Network
KILOMUX Traffic is regulated by the Quick Filter
KILOMUX
Figure 4-20. Action of an Advanced Filter

There are two modes through which filtering can be implemented: blocking and forwarding. Blocking The block command causes KMBE to test every packet of data that is sent to or from the LAN. If the packet passes the test, passage is denied. Example: You want to ensure that IP/UDP packets do not go on to the link in the direction of the Intranet. Thus, you design a filter which tests each packet to see if it is an IP/UDP packet. If the packet tests positive, it is automatically blocked. Forwarding The forward command works in the same way as the block command. However, with forwarding, if the packet passes the test, it is allowed passage to or from the LAN. Example: You want to allow a certain user on the Small Office LAN to access the Internet for FTP purposes. To do this, you create a filter to test each packet for the IP host address of the specified user and the FTP socket of the packet. If the packet passes the test, it is forwarded to the Internet/Intranet. Multiple Filters Up to 18 filters can be defined. If there are 2 filters which have contradictory operations, forwarding takes precedence over blocking.
KMBE/N
Example: You want to allow only one particular user on the Small Office LAN to access the Internet for FTP purposes. To insure that no one else is able to access the Internet, create a blocking filter for all traffic going to the link. To do this, from the Blocking and Forwarding menu enter "Block all traffic for Link1". In addition, create a filter to test each packet for the IP host address of the specified user and the FTP socket of the packet. Since forwarding takes precedence over blocking, that user's frames are forwarded. Definition of Filter Tests You need to define the filter test that will be applied to every packet that is transmitted. Use any combination of the following parameters to define the filter test: Protocol Operation (block, forward, etc.) Interface (LAN, Link) Destination and/or source IP address of the packet Destination and/or source MAC address of the packet (layer 2) IP socket (upper and lower level) IP packet type (broadcast, multicast).
Up to 18 filters can be defined. To avoid reducing KMBE performance, minimize the number of active filters.
Defining Filters
Filters can be defined through the control port, Telnet or SNMP. First decide on the mode and conditions for a filter, then follow the instructions below to set filter parameters.
Remember that forwarding takes precedence over blocking. If there is combination of filters which contain both operations, the frame will be forwarded.
Quick Filter Menu

To define a quick filter: 1. From the Advanced Setup menu, choose: Set up WAN Economy Filters. 2. Configure the operation. 3. Configure the broadcast control. 4. Configure the quick filter parameters.
KMBE
Kilomux-2100/2104
Advanced Setup
4-35
FILTERS (Device name KMBE) 1. 2. 3. 4. 5. Block and Forwarding Link to link traffic: [FORWARD] IP / IPX broadcast control - [Full Propagation] Quick filters Advanced filters
Esc - Return to main menu Choose one of the above: To configure the operation: 1. From the Filters menu, choose Block and Forwarding. 2. Toggle between Block and Forward. To configure the broadcast control: From the Filters menu, press 2 to toggle between Full Propagation and Block Propagation. The default is Block Propagation.
The broadcast control filter manages special frames which are normally propagated throughout the network. The frames managed are: Link Traffic Use this to configure whether traffic will be sent or blocked when KMBE is configured as a bridge: Forward - forward all traffic Blocked - clock all traffic. IP - Local broadcast propagation IPX - Zero destination propagation, IPX Type 20 frames propagation NETBIOS over IP - IP frames with TCP/UDP ports 137, 138, 139 propagation.
To configure the Quick Filter parameters: 1. From the Filters menu, choose Quick Filters. 2. To toggle between No Filters/Forward/Block, press the number of the protocol that you want to filter. Quick Filters are defined per protocol. Configure each protocol that you want to block or forward.
4-36
Advanced Setup
KMBE
Kilomux-2100/2104
QUICK
FILTERS (Device name KMBE)
Choose the protocols you want to block or forward!!: 1. 2. 3. 4. 5. 6. 7. IP IPX SNA NetBIOS AppleTalk DECnet Others NO NO NO NO NO NO NO FILTERS FILTERS FILTERS FILTERS FILTERS FILTERS FILTERS
ESC - Return to previous menu Choose one of the above:
Advanced Filter Menu

To define an advanced filter: 1. From the Advanced Setup menu, choose: Set up WAN Economy Filters. 2. Choose Advanced Filter. 3. If you are defining a new filter, choose Add. If you are editing a filter, choose Edit and enter the filter number. 4. Define the desired parameters. Advanced Filter Concepts When defining an advanced filter the following parameters must be determined: Filter ID - A selection number used to view, edit or delete a particular file. To work with any filter, the Filter ID number must be entered ADD FILTERS (Device name KMBE) Enter data Toggle (parameters inside []) Next line (skip this one) Move right Move left Return to previous menu
ENTER T N SPACE BACKSPACE ESC
Filter Id - 1 Protocol - The protocol on which the filter operates Operation - Used to define the action of the filter Interface - Used to determine the filter interface Source Address - Used to define the source address of passing frames Destination Address - Used to define the destination address of passing frames
KMBE
Kilomux-2100/2104
Advanced Setup
4-37
True-False Menus
High level (IP only) - Used to include or exclude high level protocols Source/Destination Port - Used to define the port source/destination address of an application Source/Destination Socket - Used to define the socket source/destination address of an application Low Level - Used to include or exclude the low level protocols Mask - Used to define a mask filter Status - Used to define the filter's status.
Many of the Advanced Filter parameters can be configured so that: Frames with that parameter pass (true); or Frames without that parameter pass (false).
For example, if you choose BroadCast-True, any frame which is BroadCast will pass. If you choose BroadCast-False, any frame which is not BroadCast will pass. Advanced Filter Parameters Filter ID - The system automatically assigns a new number to each filter Protocol - The protocol on which the filter operates Operation - The action which the filter applies to a frame that passes: Forward Block Connect Disconnect.
The operations are listed in their order of priority. For example if the connect and disconnect commands are applied to a frame, the connect command takes precedence.
Connect and disconnect are only relevant to Connection on Demand. When accessed through the Filter menu, only they appear.
Interface - The area where the filters will act. If you want to filter traffic going to the LAN, choose LAN. If you want to filter traffic going to the link, choose Link. Source Address - Toggle to the desired address type (MAC or NET). The address format (hexadecimal or binary) appears. Type in the complete source address.
If you want to include a group of addresses, type <x> to indicate an unspecified group. For example, a filter with the MAC source address the 4020.D2FE.xxxx will pass any address beginning with 4020.D2FE. Destination Address - Toggle to the desired address type (MAC, NET, All, BroadCast, MultiCast). The address format (hexadecimal or binary) appears. Type in the complete destination address. Choose True or False.
KMBE Kilomux-2100/2104
4-38
Advanced Setup
Normally, a frame has a particular destination, as specified in the destination address field of the frame. Such frames are referred to as "All" frames. "BroadCast" frames are intended for all stations. If you specify "BroadCast" do not specify a mask pattern. High Level - When you choose this parameter 2 choices appear: Yes No.
When Yes is chosen, a list of High Level protocols appear. The High Level protocols include: FTP WWW Telnet E-MAIL TFTP SNMP DNS RIP. Select the protocols you want to filter. Choose True or False. Source/Destination Sockets - This parameter differs for IP and IPX: IP - The Destination Port is enabled when no High Level protocol is specified. If you define a port number in decimal numbers, define the low level protocol as UTP or TCP. If no port number is defined, define the low level protocol as UTP, TCP, or ICMP. Choose True or False. IPX - If a socket address or low level protocol is not defined, a socket number may be specified. Choose True or False.
Low Level (IP protocol) - Toggle to the required low level protocol for the filter. If the port number is defined in decimal format, specify the low level protocol as UTP or TCP. If no port number is defined, specify the low level protocol as UTP, TCP, or ICMP. Choose True or False. Low Level (IPX protocol) - Toggle to the required low level protocol for the filter. If a socket is defined in the destination address, a low level protocol or socket number may not be specified. Conversely, if a socket address or low level is not defined, a socket number may be specified. Mask - A mask is a test pattern that is used to allow certain frame patterns only. You define a code against which the frame is compared. To create a mask, toggle to Yes. Three pairs of codes and offsets must be created. The offset defines the point in the frame at which the comparison is made. For example, an offset of 8 means that the 8th byte is compared to the code. The offset can be from the 7th byte onwards. The frame is made of 3 different portions: MAC - is at the beginning of the frame LLC - is after the source address in the frame
Advanced Setup 4-39
KMBE
Kilomux-2100/2104
DATA - is after the LLC section in the frame.
For each code-offset pair, select the code format: Binary - specify 48 address bits to be either 0,1, or X (unspecified) Hexadecimal - specify 12 hex digits to be 0-F or X (unspecified).
For each code-offset pair, choose True or False. Every frame, at the designated offsets, is compared to the 3 codes in the mask. If all 3 codes and the True-False condition match the code written in the frame, the frame passes.
Only 1 mask per filter can be defined.

Status - Toggle between: Active Not Active - Not active allows you to define filters which can be stored and used at a later time.
Saving Filter Parameters All filters are stored in the Flash Memory, thereby preserving them if the power goes down. When filtering is selected, all of the filters are copied into the RAM. The RAM copy is then used to activate the software filtering. process. Any filter which is modified, (by clearing all, deleting one, or changing a parameter) goes into effect immediately. The previous filter also remains in effect until the system is rebooted. To exit filtering and return to the main Setup menu: 1. Press Esc. The following prompt appears: 'up' (Y/N)? 2. Press Y to save changes in the Flash Memory or press N to cancel your changes. The system loads the previous set of masks the next time the system is rebooted.
Fast Retransmission Frame Limit

This option allows you to insert the maximum number of acknowledge frames in the buffer to prevent unnecessary retransmission on the WAN.
Factory Default Options

The Factory Default menu allows you to change all configuration parameters back to their factory defaults. To access the Factory Default menu 1. In the Advanced Setup menu, press 1. The Setup menu appears. 2. From the Setup menu, press 6. A string of text appears, prompting you to reset certain parameters.
3. Press Y to reset the parameters to the factory default, or N to avoid reset. The next string of text appears. The screen below displays all the parameters that can be reset. Reset Reset Reset Reset Reset Reset Reset Reset Reset Reset Reset Reset Reset Reset Reset Reset Reset MONITOR parameters to factory default ? (Y/N): N DEVICE ID parameters to factory default ? (Y/N): N MASKS parameters to factory default ? (Y/N): N FORWARDING parameters to factory default ? (Y/N): N SPOOFING parameters to factory default ? (Y/N): N SNMP parameters to factory default ? (Y/N): N LINKS parameters to factory default ? (Y/N): N DOWNLOAD parameters to factory default ? (Y/N): N COD parameters to factory default ? (Y/N): N MODEMS parameters to factory default ? (Y/N): N ISDN parameters to factory default ? (Y/N): N FRAME RELAY parameters to factory default ? (Y/N): N PPP parameters to factory default ? (Y/N): N HOST IP parameters to factory default ? (Y/N): N TELNET parameters to factory default ? (Y/N): N RADIUS parameters to factory default ? (Y/N): N SECURITY parameters to factory default ? (Y/N):
Device Control Menu

Advanced Menu
1 2
Setup
Device Control
1 Software Download
Upload Device Parameters to TFTP Server
Download Device Parameters from TFTP Server
4 Reset Options
5 Control Other Device
6 Terminal Type
1. Download from TFTP Server 2. XMODEM via Control Port (BOOT Manager) 3. Download Software to ISDN Module
1. Reset Device
1. VT-100, UT-200, VT-220 ANSI Terminals 2. VT-52, IBM 3101 Terminals
2. Reset Link
3. Reset Interface Module
3. Other Terminals
Figure 4-21. Device Control Menu

To access the Device Control menu
KMBE
In the Advanced menu, press 3.

Advanced Setup 4-41
Kilomux-2100/2104
The Device Control menu appears: DEVICE CONTROL (Device name KMBE)
1. 2. 3. 4. 5. 6.
Software download Upload device parameters to TFTP server Download device parameters from TFTP server Reset options Control other device (bridge link only) Terminal type
ESC - Return to previous menu Choose one of the above: The options in the Device Control menu are described below.
Software Download
SOFTWARE PARAMETERS IN THE DOWNLOAD (Device name KMBE) 1. The parameters in the download from TFTP Server 2. The parameters in the MODEM via control port (BOOT Manager) 3. The parameters in the download software to ISDN module ESC - Return to previous menu Choose one of the above: Select this option to download a new software version. KMBE includes a Dual Image Flash, capable of storing two different versions of software in two different partitions. Upon reset or boot KMBE automatically runs the program stored in the active partition. New software versions are loaded into the backup partition. If loading succeeds, the backup partition becomes active and reset is automatically performed, running the new software version. If loading fails, however, the device will be still capable of working, since the Flash partition storing the old version is still active. Figure 4-21 illustrates this process.
4-42
Advanced Setup
KMBE
Kilomux-2100/2104
Step 1
Original S/W Version Copy 1 Active Partition Original S/W Version Copy 2 Backup Partition
Step 2
Original S/W Version New S/W Version
Active Partition Backup Partition
Step 3
Original S/W Version New S/W Version
Backup Partition
Active Partition
Figure 4-22. Using the Dual Image Flash

Dual Image Flash can be controlled by the BOOT Manager. You use the BOOT Manager to manually define active and backup partition, run backup partition, erase some or all information from Flash etc. The BOOT Manager is accessible via the above menu or immediately after resetting the hardware. Refer to Appendix A Boot Manager for a detailed description of the BOOT Manager. The options in the Software Download menu are described below.
Download from TFTP Server

TFTP is a IP/UDP client-server application. The unit is a TFTP client. Operating opposite the client, you need a TFTP server connected to the LAN or WAN interface via an IP network. To download a new software version via TFTP server 1. Select option 1 from the Software Download menu. Do you want to download new software version? (y/n): Y TFTP server IP address: 192.168.1.2 New software file name: kmben.mbi Download process will erase the program code in the second partition of the device. Upon completion of the download, the device will be reset automatically. Press 'S' to start the download process or ESC to return to previous menu: 2. Confirm that the Do You Want To Download New Software Version? field is set to Yes. 3. In the TFTP Server IP Address field, type the IP address of the TFTP server.
4. In the New Software File Name field, type the path and file name of the new software version.
The IP address and the new software version file name can also be defined through the Setup menu.
5. Press S to start the download process. During the process, the new program code is downloaded to the Flash backup partition, thus erasing its previous contents. Upon completion, the newly downloaded Flash partition becomes active, while the old versions partition becomes backup. The device automatically resets, running the new program stored in the active partition. During the download process, a counter shows the number of packets that have passed. Downloading can be interrupted at any time by pressing the ESC key.
XMODEM via Control Port (BOOT Manager)

You use this option to access the BOOT Manager via the control port. The BOOT Manager is discussed in Appendix A, BOOT Manager.
Device Configuration Parameters Upload/Download

This option allows you to save device configuration in a file or load saved configuration to the device, using the TFTP protocol. TFTP is an UDP/IP clientserver application. The unit is a client TFTP. Operating opposite the client, you need to connect a TFTP server to the LAN or WAN interface via an IP network.
Upload Device Parameters to TFTP Server

Select this parameter to save device configuration parameters into a file by uploading to the TFTP server. This operation sends all unit parameters to the TFTP server and will be saved under a filename that you specify. To upload device parameters: 1. Activate the TFTP server application connected to the unit via an IP network. 2. Configure the following IP parameters: IP address, IP mask and IP default gateway. 3. Select the TFTP upload option. 4. Enter the TFTP server IP address. 5. Assign a name to the configuration file you want to save on the server. 6. Press S to start the upload process.
Downloading Device Parameters from the TFTP Server

Select this option to load device configuration parameters from a file by downloading from the TFTP server.
4-44
Advanced Setup
KMBE
Kilomux-2100/2104
To download device parameters: 1. Activate the TFTP server application connected to the unit via an IP network. 2. Configure the following IP parameters: IP address, IP mask and IP default gateway. 3. Select the TFTP download option. 4. Enter the TFTP server IP address. 5. Enter the name of the configuration file you want to download from the server. 6. Press S to start the download process.
Upon completion of the download process, the unit performs reset. The new parameters only come into effect after resetting.
Reset Options
Select this option to reset the device, link or interface module. The interface module reset relates to ISDN options only.
Control Other Device

This option is only applicable when KMBE is configured as a bridge. Select this option to configure the KMBE on the other side of the bridge link.
Terminal Type
Select this option to choose a terminal type. Since each terminal type uses different ASCII control codes for cursor control, KMBE requires this information to display the screens clearly.
KMBE
Kilomux-2100/2104
Advanced Setup
4-45
4-46
Advanced Setup
KMBE
Kilomux-2100/2104
Chapter 5 Troubleshooting and Diagnostics

5.1 Error Messages
Table 5-1 lists different symptoms and their causes, and what corrective actions
to take. If a persistent fault condition occurs, confirm that the KMBE is configured properly. Link errors are sometimes caused by loose contact between connectors or lack of cable continuity. Check that all connectors are plugged in properly and that the quality of the cable is good.
Table 5-1. Common Problems and Solutions

Symptom All front panel indicators are OFF Possible Cause The unit is not receiving power. Recommended Course of Action Check that power is supplied to the unit. Check the fuse and replace it if necessary. (By qualified technician only). In synchronous operation: Corrupted frames are being received, or the physical connection is unstable. The LINK ERROR indicator will be ON if the link is configured in Synchronous mode, and no clock signal is being received. Check the modem configuration and cables.
Red LINK ERROR indicator is blinking
Red LINK ERROR indicator is ON
Check configuration settings. Check the modem configuration and cables.
Red LAN ERROR indicator is There is a temporary transmission Check cable connections and ensure that blinking problem. the proper cable type is being used. Red LAN ERROR indicator is There is a problem with the LAN ON connection. READY indicator is OFF If LAN ERROR indicator is ON, or all LINK ERROR indicators are ON, there is a possible connection problem with the LAN or Link. Check that the LAN is connected properly. Check LAN and Link connections.
KMBE
Kilomux-2100/2104
5-1
Chapter 5 Troubleshooting and Diagnostics
5.2
Technical Support
Technical support for MiniCVS can be obtained from the local distributor from whom it was purchased. For further information, please contact the RAD distributor nearest you or one of RAD's offices worldwide. This information can be found at RAD's Web site: http://www.rad.com/ (for offices location, click About RAD > Worldwide Offices; for distributors location, click Where to Buy > End Users).
5-2
KMBE
Kilomux-2100/2104
Appendix A Boot Manager

This appendix describes the various options of the BOOT Manager.
A.1
Preface
KMBE includes a Dual Image Flash, capable of storing two different versions of software in two different partitions. Upon reset, KMBE automatically runs the program stored in the active partition. New software versions are loaded into the backup partition. If loading succeeds, the backup partition becomes the active partition and KMBE is reset automatically, running the new software version. If loading fails, the device is still capable of working, since the Flash partition storing the old version remains active. Dual Image Flash can be controlled by the BOOT Manager. Use the BOOT Manager to: Download new software Manually define the active and backup partitions Run the backup partition Erase some or all information from Flash.
A.2

Accessing BOOT Manager
You can access the BOOT Manager: Via option 2 in the Software Download menu Via the Rescue option.
Access via Software Download Menu

1. In the Advanced menu, press 3. The Device Control menu appears:
KMBE
Accessing BOOT Manager
A-1
DEVICE CONTROL (Device name KMBE) 1. 2. 3. 4. 5. Software download Upload device parameters to TFTP server Download device parameters from TFTP server Reset options Terminal type
2. Press 1. The Software Download menu appears: SOFTWARE DOWNLOAD (Device name KMBE) 1. Download from TFTP Server 2. XMODEM via control port (BOOT Manager) 3. Download software to ISDN module 3. Press 2 to display the BOOT Manager menu.
Rescue
If KMBE does not respond properly, try the Rescue option: 1. Connect to the terminal emulator. 2. Switch on KMBE and immediately press R. The BOOT Manager menu appears.
A.3
The BOOT Manager Menu

7.0A5 test1 Testing ISDN download in RAS (LK)
BOOT 302 Version 1.01 (Mar 18 1997) First : 1997 Apr 30 12:32 MBEBOOT.X Second: 1997 May 01 14:46 RE70A6.X 1) 2) 3) 4) 5) 6) 7) 8) Load new software Partitions status Run second partition Reactivate second partition Duplicate first partition Erase configuration Erase all Flash Set baud rate
0) Exit Choose one of the above: The options in the BOOT Manager menu are described below.
A-2
KMBE
Load New Software

Select this option to download new software via the control port using the XMODEM protocol. During the process, the new program code is downloaded to the Flash backup partition, thus erasing its previous contents. Upon completion, the newly downloaded Flash partition becomes the active partition, while the old versions partition becomes the backup partition. The device automatically resets, running the new program stored in the active partition. Figure A-1 illustrates this process.
Step 1
Original S/W Version Copy 1 Original S/W Version Copy 2
Step 2
Original S/W Version
New S/W Version
Primary Partition
Secondary Partition
Primary Partition
Secondary Partition
Step 3
Original S/W Version
New S/W Version
Secondary Partition
Primary Partition
Figure A-1. Dual Image Flash
Partitions Status
Select this option to display information about the status of the active (first) and the backup (second) Flash partitions. Note that the BOOT Manager menu also displays a partial status at its upper part: First : 1997 Apr 30 12:32 MBEBOOT.X 7.0A5 test1 Second: 1997 May 01 14:46 RE70A6.X Testing ISDN download in RAS (LK)
Run Second Partition

Select this option to run the program stored in the backup partition of the Flash memory. Normally that program is the previous software version. The backup program runs once. The next hardware reset or Boot will run the program stored in the active partition.
KMBE
A-3
Reactivate Second Partition

Select this option to turn the backup partition into the active partition (and vice versa). In this way you can return to the previous software version permanently. This command may be executed up to 16 times, after which downloading of the new software will be required. Therefore avoid using this option for a one-time run of the old version (use the Run Second Partition option for that purpose).
Duplicate First Partition

Select this option to duplicate the program stored in the active (first) partition into the backup (second) partition.
Erase Configuration
Select this option to erase the device configuration parameters which are also stored in the Flash memory. Sometimes it is needed after downloading a new version, if its parameter set is not fully compatible with the previous version parameters. You may also use this command to set the device to the default settings. The Erase Configuration command is also useful if you forget the password.
Erase All Flash

Select this option to erase the device configuration parameters, and the programs stored in both partitions. Remember to download new software before attempting to operate the device.
Set Baud Rate

Select this option to set the devices baud rate to 9600, 19200, 38400, 57600 or 115200 bps. For software code download, it is recommended to use the highest rate possible, i.e. 115200 bps (the baud rate must be higher than 9600 bps to enable downloading). Figure A-2 illustrates this process.
Figure A-2. Setting the Baud rate

Change your terminal baud rate and press Enter 2 or 3 times to ensure that the device identifies the new value.
A-4
KMBE/N
KMBE
Note
The terminal emulator of Windows 95 - HyperTerminal has a bug. After changing baud rate the status line presents the new value, but this value does not come into effect unless you perform the disconnect and connect commands immediately after performing the change.
Exit
Select this option to exit from the BOOT Manager menu and perform BOOT/RESET KMBE. If the BOOT Manager is idle for more the two minutes, exit will be performed automatically.
KMBE
A-5
A-6
KMBE
24 Raoul Wallenberg Street, Tel Aviv 69719, Israel Tel: +972-3-6458181, Fax +972-3-6483331, +972-3-6498250 E-mail: erika_y@rad.com, Web site: http://www.rad.com
Customer Response Form

RAD Data Communications would like your help in improving its product documentation. Please complete and return this form by mail or by fax or send us an e-mail with your comments. Thank you for your assistance!
Manual Name: Publication Number:
KM-2100/2104 KMBE 425-217-12/08
Please grade the manual according to the following factors:
Excellent
Installation instructions Operating instructions Manual organization Illustrations The manual as a whole
Good
Fair
Poor
Very Poor
What did you like about the manual?
Error Report
Type of error(s) or problem(s): Incompatibility with product Difficulty in understanding text Regulatory information (Safety, Compliance, Warnings, etc.) Difficulty in finding needed information Missing information Illogical flow of information Style (spelling, grammar, references, etc.) Appearance Other Please list the exact page numbers with the error(s), detail the errors you found (information missing, unclear or inadequately explained, etc.) and attach the page to your fax, if necessary.
Please add any comments or suggestions you may have.
You are:
Distributor End user VAR Other
Who is your distributor? Your name and company: Job title: Address: Direct telephone number and extension: Fax number: E-mail:
Publication No. 425-217-12/08
Order this publication by Catalog No. 803234
International Headquarters
24 Raoul Wallenberg Street Tel Aviv 69719, Israel Tel. 972-3-6458181 Fax 972-3-6498250, 6474436 E-mail market@rad.com
North America Headquarters

900 Corporate Drive Mahwah, NJ 07430, USA Tel. 201-5291100 Toll free 1-800-4447234 Fax 201-5295777 E-mail market@rad.com
www.rad.com
The Access Company

Rad Kmbe Manual PDF

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Rad Kmbe Manual PDF

Transféré par

Droits d'auteur :

Formats disponibles

INSTALLATION AND OPERATION MANUAL

The Access Company

Installation and Operation Manual Notice

19882008 RAD Data Communications Ltd.

Publication No. 425-217-12/08

Asynchronous Transmission AWG Balanced

Bit bps (Bits Per Second) Bridge

Byte Carrier Channel CHAP

Congestion Congestion Control

Data Data Link Layer

Dynamic Station E3 Encapsulation

FXO (Foreign Exchange Office) FXS (Foreign Exchange Subscriber)

IP Mask IP/IPX Routing

Leased Lines Loading

MAC (Media Access Control) MAC Address Manager

MTU (Maximum Transmit Unit) MultiCast Multiplexer

NetBEUI (NetBIOS Extended User Interface) NCP (NetWare Core Protocol)

Node Packet Packet Switching

Polling Port PPP (Point to Point Protocol)

PSTN (Public Switched Telephone Network)

RFC (Request for Comment) RIP (Routing Information Protocol) RIP-2

Serial Transmission Single Mode

SPX (Sequenced Packet Exchange) Static Station Stop Bit

TCP (Transmission Control Protocol)

TFTP (Trivial File Transfer Protocol) Throughput

UDP (User Datagram Protocol)

WAN (Wide Area Network)

Installation and Operation Manual

Appendix A. Boot Manager

The KMBE module has the following principle features:

Configuration and Control

Installation and Operation Manual

Software downloading is available by TFTP

Address Translation (Single IP) and Firewall

Installation and Operation Manual

Figure 1-1. Bridging Application

Routing Between Central and Remote Offices

Installation and Operation Manual

Figure 1-2. Routing Application with IP+IPX Data Compression

Figure 1-3. Routing Application with a Firewall

Dual Link Applications

Installation and Operation Manual

Figure 1-4. Dual Link Application for KMBE

Installation and Operation Manual

You can configure KMBE to function as a bridge or router.

Interface Connector Data Rates Data Format

Installation and Operation Manual

Installation and Operation Manual

Chapter 2 Installation and Setup

Figure 2-1. KMBE Rear Panel Versions

Chapter 2 Installation and Setup

Installation and Operation Manual

Table 2-1. KMBE Module, Functions of Rear Panel Components

LAN RX Indicator (yellow) LAN ERR Indicator (red)

The default setting is ON.

Installation and Operation Manual

Chapter 2 Installation and Setup

JP6 OFF WTCH-DOG ON

WTCH- DOG JUMPER-JP6

STN-HUB SWITCH (UTP INTERFACE ONLY)

FOR KMBE CONNECTED DIRECTLY TO LAN

FOR KMBE CONNECTED TO HUB