Pinnacle Communications EIPRTR Wireless Bridge/Router User Manual 51328
Pinnacle Communications Inc Wireless Bridge/Router 51328
8a
| Download: |  |
| Mirror Download [FCC.gov] | |
| Document ID | 51328 |
| Application ID | p0gNKcCJhys22OFInuINSA== |
| Document Description | 8a |
| Short Term Confidential | No |
| Permanent Confidential | No |
| Supercede | No |
| Document Type | User Manual |
| Display Format | Adobe Acrobat PDF - pdf |
| Filesize | 147.91kB (1848870 bits) |
| Date Submitted | 1999-08-02 00:00:00 |
| Date Available | 1998-08-28 00:00:00 |
| Creation Date | 2001-05-25 17:24:25 |
| Producing Software | Acrobat Distiller 4.0 for Windows |
| Document Lastmod | 2001-05-25 17:24:44 |
| Document Title | 51328.pdf |
| Document Author: | jsoscia |
m- .
......___.._.
_—_—_
PINNACLE L '
The Pinnacle LINK Z/E wireless ethernet IP
Router is capable of connecting two or more
remote Ethernet LANs at speeds onMBPS at
distances up to 10 miles. With ZMBPS speeds
Pinnacle LINK 2/E obsoletes traditional
slower telco Tl wireline solutions. Pinnacle
LINK Z/E provides higher performance,
without the expense of recurring monthly line
charges! Pinnacle LINK Z/E works in
conjunction with all wired cthernet networks,
including BNC coaxial and twisted pair
I 0BaseT, making it the ideal solution for
metropolitan area networking
Pinnacle LINK v2/E uses proven spread
spectrum radio' "technology that provides
reliable data transmission, evidenced by the
thousands of installed units using this
technology. Pinnacle LINK J/E uses the 902-
928 MHz or 2.4_»GHz spread spectrum radio
frequency for transmission which means there
are NO FCC licensing requirements to be
concerned with. The Pinnacle LINK Z/E
supports all ethernet and ethernet like
protocols making the Pinnacle LINK 2/E easy
to integrate into your existing network.
Pinnacle LINK Z/E supports point-to-point or
multipoint configurations In multipoint
configurations a centrally located “hub”
station communicates with multiple satellite
buildings toforrn ti cell. Each location within
that cell has the capability of communicating
with the hub sit'e. Multiple cells can be
interconnected utilizing any of the Pinnacle
wireless solutions yielding infinite wireless
networking possibilities.
Installation is easy with the Pinnacle LINK
2/E wireless ethernet IP Router. Install the
antenna outside and run the coax cable to the
Pinnacle LINK unit located inside. The
indoor unit is then connected to your LAN via
ENC, A U], or IllBaseT cable.
WIRELESS CGMMUNICATIGNS‘
Pinnacle LlNK
2/E IP Router
Features
- Wireless data rates up to 1 maps
Ol’aintJa point wireless links up to 10 miles
OMultipoint configurations using hub station for
campus area networks
olnaunry standard 902-923 MHz or 2.4 61-11, spread
spearum radio
ONO FCC license required
0Immune to environmental interface like rain or snow
ODES encryption
oSNMI’ management
oSupparts all major dilernet protacaLc
o.vo monthly recurring line charges
~Supports IEEE 302.3 Ethernet Protocols, IIEEE
1101, 1 a transparent MAC layer bridging and are
compliant 1a routing
'Diredi0nal or OMNI directional antenna kit.
(Antenna, Cable, Lighting Arrestar)
OOne year warranty with free telephone support
FCC ID: NSU EIPRTR
r: é. PINNACLE
CDMMU NICATIDNS
INCORPORATED
" 1403 Business Center Court . Dayton, Ohio 45410
Voice: 937.154.0141 - Fax 937.254. 0156
OPTIONAL FEATURES SPECIFICATIONS g
oAmemm Mounting hardware OPawer 90 - 132 vac 200-255 vac 47—63 Hz
100 Watts Minimum 5
OF all featured installation and set—up utility
' Temperature: 5° to 40°C/40" to 105° F
0 Fiber optic Ethernet inter/ate
OHumidity: 20%~30%
‘Law loss Antenna Extension:
‘Dimensions: 6” Ex 16”): 14.25” W
‘4 MB full duplex upgrade kit
0 Frequencies:
0 I4 dBi Yogi Directional Antenna 902 - 928 MHz Spread Spectrum
2.4 - 245 GHz SpreadSpectrum
023 Mi Parabolic Directional Antenna
‘MAX Power output: <4 watt: ERP
06 {187 OMNI Directional Antenna
OEthernet Connections: AUI, BNC,
0 15 118i Quad Array High Gain Antenna IOBareT
o LlNKamp Amplifier “ml OPawer Cord Connector: NEMA 515
ORDERING INFORMATION
WNW...“ : ~ ”mam“ Product Code Product Descrigtion
“M'W'w PLZRTR-flfllil Pinnacle LINK 2/E (915 MHz, Dir)
2 Mbps Ethernet IP Router Kit
; " ’ ‘ > ‘- " v PL2RTR—0002 Pinnacle LINK 2/5 (ws MHz, OMNI
2 Mbps Ethernet IP Router Kit
PLZRTR-0003 Pinnacle LINK 2/E (2.4 GHz, Dir)
2 Mbps Ethernet IP Router Kit
PLZR T 12-0004 Pinnacle LINK 2/E (2.4 GHz, OMNI)
2 Mbps Ethernet [P Router Kit
PL2/RB-0flfll Pinnacle LINK Z/E
2 Mbps Ethernet Roaming Bridge Kit
Yw - WW _..._._-, v,_fi
This manual covers
Pinnacle Link Bridge and Pinnacle Link Router
Software Version 2.0
PUBLISHED BY
Pinnacle Communications, Inc
1403 Business Center Ct.
Dayton, OH 45410
(937) 254-0141
Copyright © 1991 through 1995 by Pinnacle Communications, Inc. All rights reserved.
No part of the contents of this document may be reproduced or transmitted in any ton-n
or by any means without the written permission of the publisher. Permission is hereby
granted to end users of the Pinnacle Link Bridge and Pinnacle Link Router software to
copy this manual for their own internal use. Revised 1-13»97
FCC Statement (For U.S.A. Only)
Federal Communications Commission Radio
Frequency Interference Statement
Warning: This equipment generates, uses, and can radiate radio frequency energy. If it
is not installed and used in accordance with the instruction manual, it may cause inter-
ference to radio communications. It has been tested and found to comply with the limits
for a Class A computing device pursuant to Part 15 of FCC Rules, which are designed
to provide reasonable protection against such interference when operated in a commer-
cial environment. Operation of this equipment in a residential area is likely to cause
interference, in which case the user at his own expense will be required to take what-
ever measures may be required to correct the interference.
If this equipment causes interference to radio reception (which can be determined by
unplugging the power cord from the equipment) try these measures: Re—orient the
receiving antenna. Relocate the equipment with respect to the receiver. Plug the equip-
ment and receiver into different branch circuits. Consult your dealer or an experienced
technician for additional suggestions.
Software License Agreement
mm: It is important for Users of Pinnacle Link Software to take time to read this
License Agreement associated with this software PRIOR TO ITS USE. The End User
has paid a License fee to Pinnacle Communications, Inc. for the use of this software on
one computer. This License does not extend to any copyrights to the program nor does
it License use of the program on more than one computer no to make copies of the
program for distribution or resale. A software registration card is located in the front of
this manual. Please complete the card within 10 days of receipt of the software and
return it to Pinnacle Communications, lnc. hereafter in this License Agreement, Pin-
nacle. Registration is required for warranty service and notification of software updates
and revisions.
License Agreement: The End User is granted a non-exclusive License to use the Li-
censed program on a single computer subject to the terms and conditions as set forth in
this agreement. The End User may not copy, modify or transfer the reference manual or
other documentation or any copy thereof except as expressly provided in this agree-
ment.
The copyright and all intellectual / industrial rights of this program and associated mate-
rial remain the property of Pinnacle Communications, Inc. THE END USER MAY NOT
USE, COPY, SUBLICENSE, ASSlGN OR TRANSFER THE LICENSED MATERIALS
OR ANY COPIES THEREOF IN WHOLE OR IN PART, EXCEPT AS EXPRESSLY
PROVIDED IN THIS LICENSE AGREEMENT. The End User shall not reverse as-
semble or reverse compile the Licensed product or any copy thereof in whole or in part.
Upgrades and Revisions: At its sole option and discretion, Pinnacle may from time to
time make available for licensing to the End User, in consideration for the payment of an
additional fee specified by Pinnacle, future updated versions of the Licensed product.
Also, at its sole discretion, Pinnacle may from time to time make available for licensing
to End Users, free of charge, revisions to the Licensed product.
Warranty and Liability: Pinnacle warrants to the end user/purchaser, that this product
will be free from defects, under normal use, in materials and workmanship under normal
user and service for a period of one year from the date of original purchase. Pinnacle
agrees under this warranty, at its sole option, to repair, replace, or refund the purchase
price of any product discovered to be defective during the warranw period. Any such
replacement may be, at the sole option of Pinnacle, a new or a re—manutactured prod~
UCI.
Pinnacle has made a good-faith effort to ensure that the firewall security filters
are implemented in the best way possible. The user/purchaser is solely respon-
sible for ensuring that all firewall security filters are setup correctly and function-
ing correctly.
This warranty shall not apply to any product that has been modified without written
approval of Pinnacle, abused, misused, tampered with, damaged by other equipment or
systems, or operated or stored under adverse environmental conditions.
EXCEPT AS EXPRESSLY SET FORTH ABOVE, PINNACLE MAKES NO OTHER
WARRANTIES OR REPRESENTATIONS, EITHER EXPRESSED OR IMPLIED (IN-
CLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
PARTICULAR PURPOSE). PINNACLE EXPRESSLY DISCLAIMS ALL WARRANTIES
NOT STATED HEREIN. YOU ASSUME THE ENTIRE RISK AS TO THE QUALITY AND
PERFORMANCE OF THE PRODUCT. SOME STATES DO NOT ALLOW THE EX-
CLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSION MAY NOT
APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS WHICH
MAY VARY FROM STATE TO STATE.
YOUR SOLE REMEDIES AND PINNACLE’S AND ITS SUPPLIERS, DISTRIBUTORS.
RESELLERS, AND AGENTS ENTIRE LIABILITY ARE SET FORTH ABOVE. IN NO EVENT
SHALL PINNACLE OR ITS SUPPLIERS. DISTRIBUTORS, RESELLERS. AND AGENTS BE
LIABLE TO YOU, OR ANY OTHER PERSON, FOR ANY DAMAGES. INCLUDING ANY
SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING. LOST SAVINGS,
COST OF REPLACEMENT, OR OTHER EXPENSES ARISING OUT OF THE USE OR
INABILITY TO USE THIS PRODUCT, EVEN IF' KARLNET HAS BEEN ADVISED OF SUCH
POSSIBLE DAMAGES, OR FOR ANY CLAIM BY ANY OTHER PARTY. SOME STATES DO
NOT ALLOW THE EXCLUSION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO
THE ABOVE LIMITATION MAY NOT APPLY TO YOU.
For product returns, please call Pinnacle Communicatons, Inc. (937) 254-0141.
HARDWARE INFORMATION 4-1
Hardware
Information
4-2 HARDWARE INFORMATION
FRONT PANEL (ETHERNET-TO-ETHERNET)
Remote Local Forwarding Rate W.)
Receive. 0 0.0.0...
7mm" . . 1 s m 20 m so some
Collision Q 0
Port 0 Port 1
Receive: This light will blink whenever a packet is received:
Transmit: This light will blink whenever a packet is transmitted.
Collision: This light will blink whenever a collision or error is detected on the
LAN.
Forwarding Hate: This will display the fonNarding rate of the bridge/brouter in
percent of the full theoretical Ethernet rate of 10 megabits per
second.
HARDWARE INFORMATION 46
FRONT PANEL (ETHERNET-TO-WAVELAN)
Wired Receive:
Wired Transmit:
Wired Collision:
Wireless Receive:
Wireless Transmit:
Wireless Collision:
Forwarding Rate:
Wrong:
Low:
Good:
Excl:
. . Forwardan Rate (36)
w'm’“ w'wd t 5 to 20 an so so we
Receive. . 0.......
Transmit. . Wrong Low Good Excl
Collision . O O O O .
Port 0 Port 1
This light will blink whenever a packet is received.
This light will blink whenever a packet is transmitted.
This light will blink whenever a collision or error is detected on
the LAN.
This light will blink whenever a packet is correctly received.
This light will blink whenever a packet is transmitted
This light will blink whenever a packet is retransmitted (packets
will only be retransmitted it the CellWave algorithm is being used).
This will display the forwarding rate of the bridge/brouter in
percent of the full theoretical Ethernet rate of 10 mega bits per
second.
This light will blink whenever a packet from another WaveLAN
network is detected.
This light will blink whenever a CeIIWave "hello" packet is received
with a low signal to Noise Ratio.
This light will blink whenever a CeIIWave "hello“ packet is received
with a good signal to Noise Ratio.
This light will blink whenever a CellWave "hello" packet is received
with a high signal to Noise Ratio.
4—4 HARDWARE INFORMATION
HARDWARE REMOTE CONFIGURATION PROTECTION
The Flash ROM version of the Pinnacle Link Bridge/Pinnacle Link Router is configured
remotely through the network using KBCONFlG via lP/SNMP. This leaves open the
remote possibility that someone on the Internet could guess your SNMP read/write
password and use their version of KBCONFIG to reconfigure your Pinnacle Link Bridge/
Pinnacle Link Router. This loophole can be completely closed by use of the SNMP
Access Lists (described later in this manual) orjumpers on the Flash ROM card located
inside the case. These iumpers positions are as follows:
Normal Operation The only protection is through passwords and the SNMP
Access Lists, there is no special hardware protection.
Write Protection The configuration can be read but not written unless the
hardware protections are lowered by use of the front panel
protection button.
ReadNVrite Protection The configuration cannot be read or written unless the hard-
ware protections are lowered by the use of the front panel
protection button.
ISA BUS FLASH CARD
HARDWARE INFORMATION 4-5
FFlONT PANEL
Pinnacle Link Bridge/Pinnacle Link Router Flash ROM Module
FUNCTION
Normal operation
Factory Default
Write Protection
Read/Write Protection
Boot on PROM
RESET‘I’ING TO THE FACTORY DEFAULT CONFIGURATION
The Flash ROM version of the Pinnacle Link Bridge/Router is configured remotely
through the network using KBCONFIG via lP/SNMP. In order for KBCONFIG to com-
municate through the network two things must be known; the IP Address and the read/
write SNMP password (sometimes called the community name) of the Pinnacle Link
Bridge/Router. When shipped from the factory the IP Address is 198.1774254 and the
read only and read/write passwords are set to public and public. If you forget what you
have changed these to you can restore them to the factory default by placing the jumper
on the Flash ROM board located inside the case to the Factory Default position. You
must then reboot the Pinnacle Link Bridge/Router and configure it with KBCONFIG
using the factory default address and passwords Once you have changed the address
and password and saved them with KBCONFIG and the Pinnacle Link Bridge/Router
4-6 HARDWARE INFORMATION
has rebooted itself it is ready for use. You should then shut off the Pinnacle Link Bridge/
Router move the jumper back to Normal Operation, or one of the protection settings,
and start it back up to verify that your changes have taken effect
REMOTE AND LOCAL PORTS
The Pinnacle Link Bridge and Pinnacle Link Routers security filters provide isolation
between one or more local networks and one or more remote networks. The ports on
the standard 2 port Pinnacle Link Bridge and Pinnacle Link Router are labeled Port 0
Remote and Port 1 Local. The work group or computer lab that you wish to isolate
should be connected to the Local Port and the external network should be connected to
the Remote Port. NOTE: If you have a Pinnacle Link Bridge/Router that supports mixed
media or more than 2 ports you will have the option in the Setup-Ports menu to change
which port(s) are considered "local" and which port(s) are considered "remote".
115/230 VOLT SETTING
The Non-Auto switch Pinnacle Link Bridge/Router is shipped with 115V selected. If
your country uses 230V this setting should be changed. The Auto switch version of the
Pinnacle Link Bridge/Router automatically detects and adjusts for the proper voltage
setting and no manual switch is needed or provided
HARDWARE INFORMATION 4-7
ETHERNET INTERFACE (BNC 0F| AUI CONNECTIONS)
The 108ase2 (Thin Wire) Pinnacle Link Bridge/Router is shipped with both Ethernet
cards setup for BNC (Thin Wire Ethernet). If you wish to use the AUI (transceiver) port
you must open the case and change the jumpers located on the appropriate Ethernet
card. These Ethernet cards have been customized for use in the commercial Pinnacle
Link Bridge/Router and are not interchangeable with the standard Ethernet cards by the
same manufacturer.
10 Base T
(Twisted Pair)
3,“
”g,
15
::n
AUI
BNC
- (Thin Net)
SMC Elite 16 Ethernet Card
BNC
Use this setting it you are connecting your LAN to the BNC connection.
AUI & 1oBaseT
Use this setting it you are connecting your LAN to either the AUI or the 10BaseT
(Twisted Pair) connector.
Twisted Pair No Link
Use this setting it you are connecting your LAN to the 1OBaseT (T iwsted Pair) connector
and wish to have No Link integrity signal active - (This setting is not normally used).
4-8 HARDWARE INFORMATION
WAVELAN INTERFACE
The commercial version of the Pinnacle Link Bridge/Router supports a standard ATT/
NCR or DEC WaveLAN wireless intenace card. The card is configured in "factory
default“ mode (all switches in the up position). It provides a wireless link to other
WaveLAN wireless cards within a building. The Omni directional antenna supplied has a
range of 800 feet. With the addition of a directional antenna, (wireless network) connec»
tions can be made between buildings that are several miles apart.
sws swz . .
Optional DES chip sw t swr F Connector
‘NOTE: It is highly recommended that you install the WaveLAN card as Pinnacle Link
Bridge Port 0.
CONFIGURATION 5-1
CONFIGURATION
5-2 CONFI UHATION
The Pinnacle Link Bridge/Pinnacle Link Router has been designed to provide several
layers of isolation and firewall security protection for many types of local area networks.
You will most likely not need to use all of the features and filters provided.
FlUNNING THE KBCONFIG PROGRAM
(on a floppy based Pinnacle Link Bridge/Pinnacle Link Router)
Remove the Pinnacle Link Bridge/Router floppy from the floppy drive and insert it into
any standard PC compatible computer that is running DOS version 3 or higher with an
EGA or VGA monitor. For this example it is assumed your floppy drive is drive A.
1. Copy the files KBCONFIGEXE, KBC.EXE, KBHELP.HLP, and KBCONFIG.CFG
from the ”Flash ROM Remote Configuration" diskette into a directory on your hard
disk.
2. Issue the command: KBCONFIG A:KBRIDGE.BIN
3. Set-up the Pinnacle Link Bridge/Pinnacle Link Router features and filters by use of
the menus as described in the sections later in this manual.
4. Save your new configuration back into the KBRIDGEBIN file on the floppy by issu-
ing the Save command under the File menu.
The KBCONFIG program modifies the KBRIDGEBIN file which contains the bridge/
router program and your filter settings, When the floppy is inserted into the Pinnacle
Link Bridge/Pinnacle Link Routerfloppy drive and the box is powered up the program
KBRIDGEBIN will boot and execute.
WARNING: The Pinnacle Link Bridge/Pinnacle Link Router floppy disk boot block pro—
gram will only boot the KBRIDGEBIN file if it is contiguous. The only way to guarantee
that the KBRIDGEBIN file is contiguous is to copy it to a blank newly formatted disk
with a Pinnacle Link Bridge boot block on it. If you copy the KBRlDGEBIN file to a hard
disk and then back to a non-blank floppy it may not be contiguous and thus will not boot
properly. NOTE: When the KBCONFIG program modifies the KBRIDGEBIN file on the
floppy it does not move the KBRIDGE.B|N file and therefore will boot properly. There-
fore whenever you change the configuration of the KBRIDGEBlN file on the boot floppy
always open the file on the floppy directly from KBCONFIG.
RUNNtNG THE KBCONFIG PROGRAM
(remotely on Flash ROM Pinnacle Link Bridge/Pinnacle Link Routers)
1. Ensure that a standard "Packet" driver is installed on your MS-DOS computer. It
came with the software you received when you pourchased your Ethernet card. If
you do not have a packet driver you can use one of the drivers that are included on
the "Flash ROM Remote Configuration" diskette provided with your Flash ROM
Pinnacle Link Bridge or Pinnacle Link Router.
CONFlGURATION 5-3
2. Copy the files KBCONFIGEXE, KBCEXE, KBHELP.HLP, and KBCONFIG.CFG
from the "Flash ROM Remote Configuration" diskette into a directory on your hard
disk.
3. If you are connected to an existing lP network then setup the KBCONFIGCFG file to
reflect your IP address, IP mask, default router, etc.
4. Issuethe command: KBCONFIG.
5. Under the File menu issue an Open Remote then specify the IP address of the
network connected remote Pinnacle Link Bridge/Pinnacle Link Router. The factory
default forthe Pinnacle Link Bridge/Pinnacle Link Router IP address and the IP
address as shipped is 1981774254.
6. Set-up the Pinnacle Link Bridge/Pinnacle Link Router features and filters by use of
the menus as described later in this manual.
7. Save your new configuration by issuing the Save command underthe File menu.
The KBCONFIG program modifies the configuration section of the Pinnacle Link Bridge/
Pinnacle Link Router Flash ROM and then the remote bridge/router will reboot.
KBCONFIG's File Menu
KBCONFIG will configure either an executable Pinnacle Link Bridge/Pinnacle Link
Router file or configure a remote FIashROM based Pinnacle Link Bridge or Pinnacle
Link Router.
CONFIGURING AN EXECUTABLE FILE
To configure an executable file you can use the Open and Save functions. The file can
be either a .EXE or .BIN file. EXE files can be run under DOS and are usually the
shareware demo version. BIN files can either be loaded into FIashROM or booted off of
the special Pinnacle Link Bridge/Pinnacle Link Router boot diskette. You must have a
file open before any other KBCONFIG functions can be performed. After you have
made your configuration choices you should then Save them back to the open file.
CONFIGUHING A REMOTE Pinnacle Link Bridge or Pinnacle Link Router
To configure a remote (network attached) Pinnacle Link Bridge or Pinnacle Link Router
you can use the Open Remote and Save functions. You must have a remote bridge or
brouter open before any other KBCONFIG functions can be performed. After you have
opened the remote device and configured it you can then Save your configuration back
to the open device. When you Save back to the remote device its FlashROM will be
erased and then reprogrammed with the new configuration.
5-10 CONFIGURATlON
ets will take up a small amount of HF air time. If you only have a few wireless stations
this is inconsequential, If you have hundreds of wireless stations in your wireless cell
and all of these stations are transmitting hello/test packets the wireless LAN will be
slowed down.
[X] Enable Directional Antenna Support
The WaveLAN card is designed to connect to either a special omni-directional antenna
or a directional antenna. If you are using a directional antenna you should enable direc-
tional antenna support. With directional antenna support enabled, the WaveLAN card
stops sending out the 10 Volt. 1 MHz square wave signal needed only by the special
omni-directional antenna. Note: A DC blocking device should be connected to the
WaveLAN cards antenna port it the WaveLAN card is connected to a DC grounded
directional antenna such as the loop yagi.
[X] Enable Signal Quality Front Panel Display
This function will enable WaveLAN signal quality statistics on the CRT monitor or LCD
front panel display.
[X] Enable Data Encryption on All Packets
Some Pinnacle Link Bridges and Pinnacle Link Routers contain a special software
encryption algorithm that is distinct from the optional WaveLAN DES encryption chip. lf
Data Encryption is enabled on the General Setup menu and it an Encryption Key is
setup in the Data Encryption menu then enabling encryption here will cause all packets
transmitted over the WaveLAN wireless network to be software encrypted.
(-) WaveLAN Compatibility Mode
KarINet, ATT/NCR, DEC, Persoft, Solectek and others can transmit and receive data
over WaveLAN wireless networks in an industry compatible way. This setting will enable
the Pinnacle Link Bridge/Pinnacle Link Router to transmit and receive its WaveLAN
wireless packets in this compatible way.
(-) CeIIWave Mode (No Base Station)
The industry compatible way of transmitting and receiving data over WaveLAN (and
many other) wireless networks cause data packets to be frequently lost. This is due to
the fact that a wireless network does not have the ability to detect collisions like an
Ethernet network has. In an Ethemet network collisions can be detected by the hard-
ware (Ethernet chip) and are automatically retransmitted. Ethernet is referred to as
CSMA/CD (Carrier Sense Multiple Access with Collision Detect). Wireless networks are
CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance). The reason that
collisions cannot be detected is because with radio you cannot receive and transmit at
the same time hence you cannot detect the collisions. In practice a properly operating
WaveLAN point—to-point network will loose, due to collisions, approximately We at the
transmitted packets. This packet loss is not normally a problem with protocols such as
Novell IPX (without the burst mode NLM) but will cause networks using most other
protocols to experience poor performance.
CONFIGURATION 5-11
If all of the wireless Pinnacle Link Bridge/Pinnacle Link Routers in your wireless cell can
"hear" each other and if you are running a non-Novell IPX protocol or Novell IPX with
burst mode NLM then this setting will greatly improve the performance of your wireless
network.
(-) CeIIWave Base Station Mode (This is a base station)
This setting should be used if this wireless Pinnacle Link Bridge/Pinnacle Link Router is
the one and only base station in the wireless network (Le. a WaveLAN network with the
same Network lD, NWID). With the previously mentioned CeIiWave Mode (No Base
Station) setting there is a requirement that all wireless stations be able to transmit to
and receive from ALL other stations in the wireless network. This is not always possible
due to the particular topology and terrain. The Wireless Pinnacle Link Bridge/Pinnacle
Link Router has a special mode where one of the wireless nodes can be setup as a
"base" station and all others can be setup as "satellite" stations. In this configuration the
only requirement is that each satellite station be able to communicate with the one base
station. The base station is responsible for "repeating“ packets that need to travel
between satellite stations.
The performance of this approach is slightly improved if the base station is connected to
the most heavily loaded file server or wired network access point. This is due to the fact
that data flowing from one satellite to another satellite station must be repeated (retrans-
mitted) by the base station using more of the wireless bandwidth. Data packets flowing
from a satellite station to the base station are transmitted directly without the need to be
repeated.
(-) CelIWave Base Station Mode (This is a satellite station)
Set this if this wireless Pinnacle Link Bridge/Pinnacle Link Router is one of the satellite
stations in the wireless network. (Le. a WaveLAN network with the same Network ID,
NWID).
Ethernet Interface
There are no special hardware setups needed for Ethemet ports.
Port Setup
gamete Enable
Port 0 WaveLAN [X] [X]
Port1 Ethernet [ 1 [x1
Port 2 Synchronous [ ] le
"1 Ethernet Setup
Nothing to Set for This Port
m-
Synchronus Interface
Port Setup
Bemote Enable
Port OWaveLAN [X] [X]
Port 1Etheme’t [ ] [X]
Port 2 Synchronous [ ] 1 [X]
[I]
Synchronous Setup
External Clock 1
lntemal Clock 56K Baud 3
lntemal Clock 128 Baud l
lntemal Clock 2043 Baudf
Enable Reliable Point-to-Point Communication
Enable Packet Compression
Enable Data Encryption on All Packets
Enable DTFt Dialing
VVVV
r—nr—ll—nl—
(.) External Clock
This setting will enable the external clock inputs and disable the internal clock source.
(-) Internal Clock
One of these settings will enable the internal clock generator to the specified bit rate.
[X] Enable Date Encryption on All Packets
Some Pinnacle Link Bridges and Pinnacle Link Routers contain a special software
encryption algorithm that is distinct from the optional WaveLAN DES encryption chip. If
Data Encryption is enabled on the General Setup menu and if an Encryption Key is
setup in the Data Encryption menu then enabling encryption here will cause all packets
transmitted over the synchronous port to be encrypted.
7T" o v...,,. ,A_~_W
CONFIGURATION 5—13
STEP 3: BRIDGE SETUP
. General Setup . . .
Step 2 : Port Setup . . .
: Bridge Setup . . .
IP Host Setup . . .
Bridging Setup
Protocol to Brid-e or Tunnel
Appletalk 1 Sr 2 8098 Bridge ._ [X] Pass Ethemet Broadcasts
Appletalk ARP 1 & 2 80F3 Bridge [x1 Pass Ethernet Multicasts
P 0800 Bridge
tP—ARP 0305 Bridge
- - . Advanced Features
Bridge Tunnel D_op ‘r
‘ Storm Thresholds
( ) Bridge all non-listed protocols
(-) Drop all non-listed protocols Tunnel Partners
( ) Pass (0) Drop Following Ethernet Pair
Remote Local
00-11-22-3344-55 00.01.02-xx-xx-xx
Edit
NQIE: The Tunnel and Tunnel Partners Buttons will not appear unless "Remote Bridg-
ing using IP Tunnels“ is enabled in the General Setup Menu.
Protocol to Bridge or Tunnel
This menu specifies the Elhemet protocols to Bridge, Drop or optionally Tunnel. Each
protocol can be bridged (a synonym for passed) or can be dropped as selected with the
Bridge or Drop button. All other protocols not specified in the menu are then either
bridged or dropped depending upon the mode selected by the radio buttons labeled
"Bridge all non-listed protocols" or "Drop all non-listed protocols".
It is recommended that you bridge only the protocols that you absolutely need and drop
all non-listed protocols. If you elect to bridge IP, DECNET, Novell, or AppleTaIk then
you will have the opportunity to setup additional filters under the Setup - Security
5-14 CONFIGURAT|ON
menus. You will be given the opportunity to specify in more detail the types of services
you wish to promote (pass) or restrict (drop) for the particular protocols selected.
Tunneling is a method of encapsulating Ethernet packets, received from the "Local" port
in a lP/UPD packet and sending them to one or more tunnel partners. Tunneling can be
used to setup virtual Ethernet networks. You can tunnel some protocols, bridge other
protocols and drop other protocols all simultaneously.
(-) Bridge ()Drop all non-listed protocols
This setting will determine what is to happen to packets that are not listed in the "Proto-
col to Bridge or Tunnel" menu.
[x] Pass Ethernet Broadcast
Standard Ethernet bridges will always fonivard broadcast packets. Many protocols do
not use broadcasts (e.g. AppIeTaIk Phase II, DECNET and others). However, lP/ARP
does use broadcasts. If you do not use IP or any other protocol that requires broad-
casts then you can drop them. Shutting off broadcast packets will reduce the traffic on
your network and will also greatly reduce the number of interrupts that each computer
connected to your network experiences. Networks with a high number of broadcasts
will slow down the processing of each attached computer even it it is not using the
network.
[X] Pass Ethernet Muiticasts
Standard Ethernet bridges will always forward multicast packets. Some protocols do
not use multicast packets, such as IP and Novell IPX. if you do not use protocols that
use multicast packets then you can drop them by shutting off multicasts on the Pinnacle
Link Bridge. Shutting off multicast packets will reduce the traffic on your network and
will also reduce the number of interrupts that each computer connected to your network
experiences.
(-) Pass () Drop Following Address Pair
This menu specifies the Ethernet addresses that should be either Passed or Dropped
both the source and destination address are checked against this filter. An entire 6 byte
Ethernet address can be filtered or just portions of it. This menu can be used to inhibit
or promote communication with a several particular Ethernet addresses or groups of
Ethernet addresses. This approach of specifying Ethernet addresses is similar to a
standard bridge that supports Ethemet address filtering. We have found this approach
to not be very useful, however, support it for completeness.
As an example if the menu is set to "Drop following Paif‘ and an address pair of:
00-11-22—33‘44-55 & OO-O1-O2-XX-XX-XX is specified then data packets from the
address 00-1 1-22-33—44-55 to any addresses that start with 00-01-02 will be dropped.
CONFlGURATION 5-15
Advanced Features
This menu contains advanced bridging options. These options should be changed from
their default only if you clearly understand their functions and how they may impact your
network.
Bridging Setup
Protocol to Brid-e or Tunnel
Appletalk 1 & 2 8098 Bridge
Appletalk ARP l & 2 BOFS Bridge
[X] Pass Ethernet Broadcasts
[X] Pass Ethernet Multicasts
35
IP 0800 Bridge
lP-ARP 0806 Bridge
Est
Advanced Features
End 9 Tunnel
- _____.Advanced Features —
( ) Bridge allnon-listed prot-
(') Drop all non-listed protoc Pass Bad Ethernet Source
Pass Unleamed Ethernet Source
( ) Pass (°) Drop Follow Enable Learned Table Lockdown
Remote Enable Expanded lP ARP Support
00-11-2263-4-4-55 00—01 -l
[X] Pass Bad Ethernet Source
The standard Ethernet bridges we have tested will pass Ethernet packets with a broad
cast or multioast address as their source (is. the first bit set to 1). The Ethemet specifi-
cation ior Transparent (i.e. Non-Source Routing) bridges does not allow these types of
packets and are considered as "bad" packets. Our studies have shown that a common
failure mode of many Ethernet interfaces and networking software is to transmit packets
like these. If you do not need the Pinnacle Link Bridge to pass Source Routing packets
it is suggested that you set it to drop these packets. Default: Pass
[X] Pass Unseen Ethernet Source
Standard Ethernet bridges will always forward packets with destination addresses that
have not been "Ieamed" (i.e. not been seen as a source address of a packet) This
characteristic is needed for the proper operation of an Ethernet bridge. The down side
to this is that our studies have shown that the failure mode of many Ethernet interface
cards is to send out erroneous packets with good CFlC's but with random Ethernet
5-16 CONFIGURATION
destination and source addresses. Standard bridges will pass these erroneous packets
since they have not "Ieamed" the random destination address and then add this packets
random source address to theirfinite "learned" table. This situation is not uncommon
and can greatly hinder the operation of standard bridges. If you chose to Drop un-
learned packets then the Pinnacle Link Bridge will not fonivard unicast packets to
Ethernet addresses that have not already been seen as a source address. This
scheme works for most protocols because it relies on the characteristics of most upper-
layer protocol to transmit ARP requests or Hello packets. It should be set to Drop with
care by a qualified network engineer. Default: Pass
[X] Enable Learned Table Lock down
A standard bridge watches the source addresses of each packet it receives on any of its
ports. As new addresses are seen, entries are added in the "learned table" that contain
the particular source address and the port number that address was received on. If that
source address is later seen on a different port the bridge will immediately change the
port number in the Ieamed table entry. This condition could happen in a correctly func-
tioning network if someone moved the computer to a different part of the network. This
could also happen if someone was trying to capture network packets by spoofing the
bridge. Enabling Ieamed table lock down will prevent the port number from being
changed once the source address has been seen.
A standard bridge will also time-out the learned table records every 10 minutes. If
learned table lock down is enabled then these records will not be timed out, once a
record is Ieamed it will not change or be deleted until eitherthe bridge reboots or the
Ieamed table becomes completely filled and needs to be reset. Note: A typical Pinnacle
Link Bridge Ieamed table can contain over 12,000 records. Default: Disabled
[X] Enable Expanded IP ARP Support
Enabling this feature will cause the bridge to also watch the lP/ARP packets that occur
on the network. No action is taken in response to an IP/AHP packet (since that is the
role of an lP router) other than the bridge will add the IP address to it‘s lP/AFtP table.
This feature is helpful on an IP network because it will build a database of MAC layer
address to lP address pairs. An SNMP monitoring program such as KBCONFIG can at
any time extract this information. NOTE: 1) The lP/AFtP table is nevertimed out in this
mode. 2) This feature is not available if the Pinnacle Link Router is routing IP. Default:
Disabled
CONFlGURATlON 5-17
Storm Thresholds
One of the unique and very useful features of the Pinnacle Link Bridge/Pinnacle Link
Router is its ability to keep Broadcast and Multicast storms from spreading throughout a
network. Network storms are common and can cause bridges, routers, workstations,
sewers and PC's to slow down or crash Storms occur it network equipment is contig-
ured incorrectly, if network software is not functioning correctly, or it poorly designed
programs such as network games are used.
Bridging Setup
Protocol to Brid-e or Tunnel
Appletatk 1 at 2 3095 Bridge
Appletalk ARF' 1 & 2 80F3 Bridge
lP 0800 Bridge
lP-ARP 0806 Bridge
[X] Pass Ethemet Broadcasts
[X] Pass Ethernet Multicasts
Advanced Features
Storm Thresholds
Storm Thresholds
( ) Bridge all non-listed protocols
(.) Dro
Broadcast Multicast
( ) Address Threshold 15 15
Port 0 Threshold 30 30
Port 1 Threshold 30 30
Port 2 Threshold 30 30
Note: Threshold values are in packets per second
Address Threshold > Broadcast
This setting determines the maximum number of broadcast packets that can occur each
one second period before a storm condition is declared for a particular Ethernet address
(host). Once it is determined that a storm is occurring then any additional broadcast
packets from that host address will be dropped until the storm is determined to be over.
The storm will be determined to be over when 30 seconds has passed where every 1
second period has less then the stated threshold in broadcast packets.
5-18 CONFIGURATION
Address Threshold > Multicast
This setting determines the maximum number of multicast packets that can occur each
one second period before a storm condition is declared for a particular Ethernet address
(host). Once it is determined that a storm is occurring then any additional multicast
packets from that host address will be dropped until the storm is determined to be over.
The storm will be determined to be over once 30 seconds has passed where every 1
second period has less then the stated threshold in multicast packets.
Port Threshold > Broadcast
This setting determines the maximum number of broadcast packets that can occur each
1 second period before a storm condition is declared for a particular port. Once it is
determined that a storm is occurring then any additional broadcast packets received on
that port will be dropped until the storm is determined to be over. The storm will be
determined to be over once a 1 second period has occurred with no broadcast packets
received on that port.
Port Threshold > Multicast
This setting determines the maximum number of multicast packets that can occur each
1 second period before a storm condition is declared for a particular port. Once it is
determined that a storm is occurring then any additional multicast packets received on
that port will be dropped until the storm is determined to be over. The storm will be
determined to be over once a 1 second period has occurred with no multicast packets
received on that port.
Preset Button
This button sets the Broadcast and Multicast storm thresholds to the recommended
values. These values have been determined to offer good protection without interfering
with the operation of the typical network. These values may need to be tuned for your
panicular network.
CONFIGURATION 5-19
Tunnel Partners
Bridging Setup
Protocol to Bride or Tunnel
Appletatk 1 & 2 8098 Bridge [X] Pass Ethernet Broadcasts
Appletalk ARP 1 & 2 80F3 Bridge ' [X] Pass Ethernet Multicasts
IP 0800 Bridge
lP~ARP 0806 Bridge
Advanced Features
Storm Thresholds
( ) Bridge all non-listed protocols
(0) Drop all non-listed protocols
Tunnel Partner
lP Tunnel Partner
128.146.1010
198177420
[ ] Encrypt Bridge Tunnel Packets
Tunneling is a method of encapsulating Ethernet packets, received from the "Local" port
in an IP/UPD packet and sending them to one or more tunnel partners. Tunneling can
be used to setup virtual Ethernet networks.
Tunnel Partners
In the General Setup menu if the "Remote Bridging using IP Tunnels" is enabled then
Tunnel Partners can be setup. This menu specifies the IP addresses of each of the
Pinnacle Link Bridge/Pinnacle Link Routers that are setup to participate in the tunnel
group. Specify the addresses of all the bridges that are participating in the tunnel group
but DO NOT specify the IP address of this bridge.
5-20
CONFIGURATION
[X] Encrypt Bridge Tunnel Packets
Some Pinnacle Link Bridges and Pinnacle Link Houters contain a special software
encryption algorithm that is distinct from the optional WaveLAN DES encryption chip on
Wireless Pinnacle Link Bridge/Pinnacle Link Routers. If Data Encryption is enabled on
the General Setup menu and if an Encryption Key is setup in the Data Encryption menu
then enabling encryption here will cause all packets transmitted to tunnel partners to be
encrypted and any packets received from tunnel partners to be decrypted
Generic Ethernet Tunneling
(Through an IP Network)
Standard Ethemel
Packet
/Ethernet Packet\
\ Encapsulated in /
Ethernet Packet
Encapsulated in
lP/U DP \
Standard /
Ethernet
Packet \ t
Internet
or Campus
IP Network
The three Pinnacle Link Bridges are setup to
tunnel one or more protocols and each is a
Tunnel Partner to the others. This configuration
allows LAN A. LAN B and LAN C to become a
virtual private Ethernet network with the Internet
as the transport mechanism for data between
them. The encapsulated data packets can be
optionally encrypted to make the virtual private
network more secure.
5-21
STEP 4a: lP HOST SETUP
General Setup . . .
Step 2 Port Setup . . .
Bridge Setup . . .
IP Host Setups
Our IP Address: 128.140.1020
Our Subnet Mask: FFFFFFOO
Default Flouter: 128.146.101
Default Tl'L: 64
Syslog Host Address: 0.0.0.0
Syslog Host Facility: 1
NOTE: IP Routing in the General Setup Menu must be disabled for this menu to be
used.
Our IP Address
This is the IP address of the Pinnacle Link Bridge itself. If you wish to configure or
monitor your Pinnacle Link Bridge or if your network supports P and you wish to enable
the Ping support and IP/SNMP support of the Pinnacle Link Bridge set this to a valid IP
address. Setting this address to 0.0.00 will disable bridges Ping and lP/SNMP support.
Please note that unless you enable IP Routing the Pinnacle Link Bridge is not an IP
router. It has only one IP address and that address applies to both the Remote and
Local networks (i.e. both sides of the bridge). Having two Ethernet interfaces with the
same IP address is different than a standard IP host, but is appropriate for a Transpar-
ent Bridge. It is interesting to note that the Ethernet address of both ports is also the
same,
Our Subnet Mask
Every IP network has what is referred to as a Subnet mask. This should be set to the
appropriate mask for your network. Note that this is a hex number, hence the mask
255.255.2550 should be specified as FFFFFFOO.
Default Router
Most every IP network has a default IP router and that address should be specified
here.
Detault TTL
IP hosts on the Internet send out packets with a default time to live parameter. If you
wish to override the factory default of 64 you can specify your new default here.
5-22
CONFlGURATION
Syslog Host Address
There are many events that the Pinnacle Link Bridge/Pinnacle Link Router can log. One
of the places these events can be logged is on a computer equipped with the standard
UNIX Syslog facility. If you want logs of this type to be kept then the IP address of the
host that will take the logs must be entered here
Syslog Host Facility
On Unix computers that you are using to log Pinnacle Link Bridge/Pinnacle Link Router
events there are 7 categories of syslog messages available to you. This number speci-
fies which category will be used. If this number is set to "1", then the facility used is
Iocal1, so the line in the syslog.cont file should be: " Iocal1.debug tilename“. On most
computers there must be exactly one tab between the word "debug“ and the filename.
CONFIGURATION
STEP 4b: IP ROUTER SETUP
Step 1 . General Setup . . .
Step 2 : Port Setup . . .
Step 3 : Bridge Setup . . .
Step 4a : IP Host Setup. . .
Step 4b : IP Router Setup . . .
IP Router Setup
IP Address/Route Mask Ta -et Router Port/Cost
128146104 FFFFFFOO Direct
128.146.11.1 FFFFFFoo Direct
Add/Direct Addr’lndn'ect
Default Router: 128.1461 .1
Default Router Port: 0
Preferred IP Address: 128.146.10.1
Default TTL: 84
Syslog Host Address: 0.0.0.0
Syslog Host Facility: 1
[ ] Disable ARP Cache Aging
N TE: |P Routing in the General Setup Menu must be enabled forthis menu to be
used.
Default Router (IP Address)
This entry should be set to the IP Address of the default router that this Pinnacle Link
Router is to use when it does not know where to route a particular IP packet. it the port
that the default router is connected to is a serial port then this entry is ignored.
5-23
5-24 CONFIGURATION
Default Router Port
This entry should be set to the port that the default router is connected to. If the port that
the default router is connected to is a serial port then this defines the pod that is used
for the default router.
Preferred IP Address
From time to time the Pinnacle Link Router will transmit unsolicited lP packets such as
SNMP Traps. Syslog, RIP or lP ARP packets. Most routers randomly use one of the IP
addresses from one of the router ports as the source lP address forthese packets. On
the Pinnacle Link Router you can specify the source IP address that you preferto use
for these packets.
Default TTL
IP hosts on the Internet send out packets with a default time to live parameter. if you
wish to override the factory default of 54 you can specify your new default here.
Syslog Host Address
There are many events that the Pinnacle Link Bridge/Pinnacle Link Router can log. One
of the places these events can be logged is on a computer equipped with the standard
UNIX Syslog facility. If you want logs of this type to be kept then the IP address of the
host that will take the logs must be entered here.
Syslog Host Facility
On Unix computers that you are using to log Pinnacle Link Bridge/Pinnacle Link Router
events there are 7 categories of syslog messages available to you. This number speci-
fies which category will be used. if this number is set to "1", then the facility used is
Iocal1, so the line in the syslog.conf file should be: ' Iocal1.debug filename". On most
computers there must be exactly one tab between the word "debug" and the filename.
[X] Disable ARP Cache Aging
Use this option if you want to keep a permanent record of the IP to Ethernet addresses
table for each computer directly connected to a port on this Pinnacle Link Router. This
feature is helpful when used in conjunction with a corporate wide SNMP monitoring tool
to create a database of all Ethernet to IP address combinations on your network. A
standard IP router and the Pinnacle Link Router will age it's ARP cache entries. It will
timeout and delete the ARP entries after a certain specified period (usually 10 min-
utes). The Pinnacle Link Router has the option of not aging (deleting) any ARP cache
entries. This will not normally cause any IP network problems but could result in a large
ARP cache table. Since the typical Pinnacle Link Router can hold over 10,000 ARP
entries this is not normally a problem.
, 7 . . "‘i" - __,.. .-______A
CONFIGURATION 5-25
Add/Direct
This button activates a menu which is used to specify the "direct" routes for each of the
ports on the Pinnacle Link Router. Direct routes are those that are directly connected to
the ports. As an example if port 0 is to have subnet 128.146.6tX connected to it and an
IP address of 128.146.6.1 with a subnet mask of 2552552551) then an entry in this
menu should be setup as: IP Address = 128.146.6 1; IP Mask = FFFFFFOO; and
Port = 0.
IP Router Setup
IP Address/Route Mask Ta -et Flouter Port/Cost
128146101 FFFFFFOO Direct
128146111 FFFFFFOO Direct
12814661 FFFFFFOO Direct
Add/Direct Addi’lndirect
Input IP Route
IP Address IP Mask
Port
I—
5-26
CONFIGURATION
Add/Indirect
This button activates a menu which is used to specify the "indirect" routes for this Pin-
nacle Link Router. These routes are sometime referred to as static routes. You can use
indirect routes to define the way to get to subnets that are attached to other routers in
your network. As an example, if subnet 198.17.74.0 is attached to a router
128.1461 1.20 in orderfor this Pinnacle Link Router to route packets to 198.17.74.1 you
should specify an entry that is setup as: IP Address = 198.17.74.0;
tP Mask = FFFFFFOO; Next Hop = 128.146.1120 with a Cost: 1.
IP Router Setup
IP Address/Route Mask T1 at Router Port/Cost
1281464101 FFFFFFOO Direct
128.1461 1.1 FFFFFFOO Direct
128146131 FFFFFFOO Direct
Addr’Direct Add/Indirect
Input IP Route
IP Address IP Mask
19817740 FFFFFFOO
Tar-et Router Cost
1281461120
CONFIGURATION 5-27
Step 5: SNMP SETUP
. General Setup. . .
Step 2 : Port Setup . . .
Step 3 : Bridge Setup . . .
Step 4a : lP Host Setup . . .
Step 4b : lP Router Setup . . .
: SNMP Setup . . .
Q 'h It?
egg“, gab-avail) Setup >
Read Password public
Read/Write Password XY‘ZSB
System Contact Joe Smith
System Name Brouter #1
System Location First Floor Closet
Trap Host IP Address
Ttap Host Password
i t
i ] Enable SNMP ColdNVarm Start Trap
[ ] Enable SNMP Authentication Trap
~ Delete
SNMP IP Access List
Address Mask Port Edit
128.146.it.1 FFFFFFOO
164.254.040 FFFFFFOO OK
Read Password
This is the read only password used for SNMP support. It is the SNMP password
needed to read the Flash ROM Configuration and SNMP MIB Variables The factory
default value for this variable is the string public.
ReadNVrite Password
This is the read/write password used for SNMP support. It is the SNMP password
needed to write the Flash ROM configuration and SNMP MIB variables in to the bridge/
router. The string should be set to a value that is known only by you. The factory de—
fault value for this variable is the string public and should be changed to a string known
only to you.
5-28
CONFIGURATION
System Contact
This field should contain the identification of the contact person for this SNMP managed
node, (iti., this bridge/router) together with inlormation on how to contact this person.
System Name
This field should contain the administratively assigned name for this managed node. By
convention, this is the node's fully-qualified Internet domain name(ex:
bridge20.karlnet.com).
System Location
This field should contain the physical location of this node (e.g.,‘telephone closet, 3'rd
floor“).
Trap Host IP Address
This is the IP address of a network connected host that is setup to receive SNMP Trap
messages from this bridge/router. If you do not have an SNMP Trap host then set this
to 0.0.0.0.
Trap Host Password
This is the SNMP read/write password (community name) of the host that is setup to
receive SNMP Trap messages. This field is ignored it the Trap Host IP Address de-
scribed above is 0.0.0.0.
[X] Enable SNMP Cold/Warm Start Trap
If Cold/Warm Start traps are enabled then an SNMP Trap will be sent to the trap host
whenever this bridge/router powers up, is restarted because of an internal software
error, has just completed a Flash ROM reprogram and restart cycle, or reboots because
the watchdog timer expired. Please see "Enable Watchdog Reboot Timer" under the
General Setup Menu.
[X] Enable SNMP Authentication Traps
ll SNMP authentication Traps are enabled adn a Trap Host is setup properly then an
SNMP Trap will be sent to the to the trap host whenever an SNMP request is made of
the bridge/router where the password (community name) is wrong.
SNMP IP Access List
You can optionally setup a list of networks, subnets and hosts that are authorized to
access the Pinnacle Link Bridge/Pinnacle Link Router via SNMP. SNMP access lists
are used in conjunction with well picked SNMP passwords and the special SNMP hard-
ware protection jumpers to prohibit unauthorized access into the Flash ROM configura»
tion database of this bridge/router.
5-29
Examples:
1. IP Address: 128.146.110 Mask: FFFFFFOO Pen: 1 will only allow SNMP
access from the Network 128.146.11.x and only if the SNMP request was made
from the ponion of the network anached to Pon 1.
2. IP Address: 164.254.00 Mask: FFFFOOOO Pon: X will only allow SNMP access
from the network 164.254.x.x received from any pon.
STEP 6: SECURITY {FIREWALLl SETUP
. General Setup
Step 2 : Port Setup
Step 3 : Bridge Setup
Step 43 : lP Host Setup
Step 4b : IP Ftouter Setup
Step 5 : SNMP Setup
StepG : Security (Firewall) setup > UDPITCP. ..
Step 7 : Data Encryption Setiip 3243-5?“ -
Novell (IPX) . . .
Security firewalls are enabled in the "General Setup" menu. If Security Filters are en-
abled and if the protocols that have security firewall capability (i.e. IP/UDP/TCP,
AppleTaIk, DECNET, or Novell IPX) are enabled to be passed through the bridge/
brouter then additional protection is added with these protocols. Security filters will
cause the Pinnacle Link Bridge/Pinnacle Link Router to analyze on the application level
each packet to determine if it should be passed or dropped.
Remote & Local Menus
Some of these menus are marked "Remote" and some are marked “Local". Remote
menus configure filters that pertain to networks, subnets, and/or hosts that are con-
nected to the Remote network (i.e. the Remote port of the Pinnacle Link Bridge/Pin-
nacle Link Router). Local menus configure filters that pertain to network, subnets, and/
or hosts that are connected to the Local network (i.e. the Local port of the Pinnacle Link
Bridge/Pinnacle Link Router)
You can determine weather a port is remote and local by looking at the Port Setup
Menu.
Pass or Drop Menu modes:
The menus can be in a mode to either pass (permit) or drop (deny) their items. The
concept is that in most situations one wants to either drop a few selected items or to
pass a few selected items of each type, If the menu is EMPTY and is set-up to "Pass
Following..." then all packets of that type will be dropped. This is because you are pass-
ing an empty menu therefore nothing will be passed. If the menu is EMPTY and is set-
up to "Drop Following..." then all packets of that type will be passed.
CONFIGURATION
IP/UDP/TCP Security Filter
(This will only appear if IP is being bridged or routed)
UDP/TCP . . .
AppleTaIk. . .
DE T . . .
ONE UDP/TCP Security Filter
Local lP Address & Mask
128.146.100 FFFFFFOO
128.126.100 FFFFFFOO
0.0.0.0 00000000
Remote IP Address & Mask
19820200 FFFFFFOO <_>
0.0.0.0 00000000 <,>
0.0.0.0 00000000 <fi>
Pass All lP Source Rooted Packets
Log Break-tn attempts
Enable Destination Unreachable Messages
Pass IP Multicasts Packets
Enable Authenticated Firewall By-Pass
Pass IP Packets with suspicious IP header
Log all TCP Establish Packets
.—u—.—.—-u—-—u—-
Remote/Local IP Address Menu & Mask
This menu specifies the lP network, subnet, and/or single machine that is to have its IP
packets passed, dropped, logged, or encrypted. Each packet's IP source and destina-
tion address is checked against each entry in the list to determine what action should be
performed on the packet. Matching is performed on the first entry first and then goes
down the list looking for the first match. When a match is found the action specified by
the socket menus for that line is performed immediately. The packet's lP addresses are
logically ”anded" with the mask and then compared with the lF’ address to determine if a
match has occurred.
NQTE: This menu specifies the IP networks, lP subnets and IP Hosts on the remote
network that hosts on the local network can communicate with. This menu
does not specify lP routes and is not used to setup lP Routing.
5-31
5-32
CONFIGURATION
[X] Pass All lP Source Routed Packets
Source routed packets are special IP packets that are rarely used. There are certain
situations where they can also be used by hackers to spoof firewalls. You should set
this to drop unless you know you need to pass source routed packets.
[X] Log Break-in Attempts
Enabling the logging of break-in attempts will cause a Syslog packet to be sent to the
Syslog server each time the security filter module detects and drops a packet.
[X] Enable Destination Unreachable Messages
Destination unreachable messages are normally sent by routers when a packet is
unable to be delivered to it‘s final destination due to one of several reasons. If the
dropped packet is a UDP packet then usually an ICMP Destination Unreachable packet
is sent to the originator of the dropped IP packet. if the packet is a TCP packet then a
TCP Reset packet is usually sent. if you enable this feature then the Pinnacle Link
Bridge/Pinnacle Link Router‘s security module will send either an ICMP destination
unreachable packet or a TCP Fteset packet to the originator of the dropped packet.
This feature is helpful because software such as telnet will quickly detect that a connec»
tion cannot be made. This feature is helpful but can also tip off a potential hacker that a
security firewall is being used.
[X] Pass IP Multicast Packets
IP multicast packets are normally used for M—Bone audio and video data transmissions
on a local network. IP multicast packets will penetrate through bridges and can cause
abnormal behavior on some network attached computers. It is recommended that you
Drop IP multicast packets unless you know you need them.
[X] Enable Authenticated Firewall By-Pass
The Pinnacle Link Bridge/Pinnacle Link Router’s UDP/TCP firewall filters can be dy-
namically bypassed. This feature enables data between particular subnets or hosts to
flow through the firewall untouched by any security filters. This feature is very powerful
and can be used to create a way to authenticate access by logging into a particular
network or host. If enabled this feature can also be used by a hacker to gain unautho—
rized access to your network. if you enable this feature you must take great care to
setup SNMP passwords and access lists to prevent such unauthorized tampering with
your firewall.
[X] Pass IP Packets with suspicious IP header
if you set this to "drop" than each IP packet that passes through the Pinnacle Link
Bridge/Pinnacle Link Router is checked for inconsistencies in its IP header. If an
anomaly is found the packet is dropped.
CONFIGURATlON 5-33
[X] Log all TCP Establish Packets
Each IP/TCP packet that travels through the bridge/router is checked to see if it is the
special TCP/IP SYN packet. This type of packet is always sent in a TCP/IP network to
initiate a TCP connection. As an example when the Telnet client attempts to connect to
a Telnet server it sends a TCP SYN packet. If you enable this setting a SYSLOG mes-
sage will be sent to the SYSLOG server each time a TCP program attempts to connect
to another TCP program such as the Telnet or FTP server.
5-34 CONFlGURATlON
UDPITCP Security Filter
Remote IP Address & Mask Local IP Address & Mask
19820200 FFFFFFOO <_> 128.146.100 FFFFFFOO
0.0.0.0 00000000 <_> 128.126.100 FFFFFFOO
0.0.0.0 00000000 <_> 0.0.0.0 00000000
UDP/TCP Security Filter for Connection
19820200 FFFFFFOO "and 128.146.100 FFFFFFOO
(-) Pass () Drop (-) Pass ( )Drop (0) Pass ( ) Drop
Followin Remote Sewers Followin- Local Servers Followin- > 1024 Servers
Domain Name Server U
TELNET T
SMTP
< drop all others > < drop all others>
[ ] Enable Data Encryption on Packets -
[X] Pass iP/ICMP Packets (incldg PING)
[ ] Pass IP Packets that are not TCPIUDP -
Once a packets source and destination IP address matches an entry in the Flemote/
Local lP Address Menu the UDP/TCP sockets are tested against this menu to deter-
mine if the packet is to be passed or dropped.
Following Remote Sewers
This menu specifies which sockets with values less then 1024 on computers connected
to the remote port are to be passed and which are to be dropped.
CONFIGURATlON 5-35
Following Local Sewers
This menu specifies which sockets with values less then 1024 on computers connected
to the local port are to be passed and which are to be dropped.
Following > 1024 Sewers
This menu specifies which sockets with values greater then or equal to 1024 on com-
puters connected to eitherthe local or remote port are to be passed and which are to be
dropped
[X] Enable Data Encryption on Packets
After a packets source and destination IP address matches an entry in the Remote/
Local IP Address Menu then he data portion of the UDP or TCP packet can be option-
ally encrypted (if received on the local port and destined forthe remote port) or de-
crypted (if received on the remote port and destined for the local port). You can specify
the encryption/decryption key on the Setup » Data Encryption Menu.
[X] Pass lPIICMP Packets (including Ping)
After a packets source and destination IP address matches an entry in the Remote/
Local IP Address Menu then it can be tested to see it it is an ICMP packet. You can
optionally drop any lCMP packets to/from the matched IP addresses. This is helpful if
you wish to allow ping packets to pass through the firewall. You can drop all ICMP
(including Ping) packets if you wish to hide the computers on the other side of the
firewall from potential hackers using ping to discover their existence.
[X] Pass lP Packets that are not TCPIUDP
It a packets source and destination iP address matches an entry in the Remote/Local lP
Address Menu and if it is either TCP or UDP its socket number will be tested to see if it
should be passed or dropped. It the packet is not UDP nor TCP then a decision must be
made what to do with the packet since it does not have a socket number. Most IP
packets are UDP or TCP with the exception of IGP. Since most LANs do not use IGP it
is best to drop packets that are not UDP/TOP. This is helpful so keep hackers from
sending non-UDP and non-TOP packets through the firewall.
5-36
CONFIGURATION
APPLETALK FILTERS
(Will only appear if AppIeTalk is being bridged)
UDP/TCP . . .
AppIeTalk . . .
DECNET . . .
AppleTalk Services Filter
(.) Pass () Drop (0) Pass ( ) Drop -) Pass () Drop
Followin - Zone Names Following Remote Sewers Following Local Sewers
Engineering Zone
(-) Pass (5 Drop (-) Pass ( ) Drop
Add Following Remot- Printers Followin Local Printers
Expensive Laser
Delete
Edit
OK
When Macintosh's are networked together, one of the undesirable side effects is that all
Macintosh‘s can "see" in their Choosers all sewers and all printers that are connected to
the network. If multiple zones are specified then there is some form of protection but a
user needs to only specify a zone and then can choose a printer to print to anywhere in
the network. These menus will configure the Pinnacle Link Bridge to selectively restrict
access to specified Apple sewers and/or Apple printers. The Pinnacle Link Bridge is
not an AppleTeIk router. It does not have any of the characteristics of an AppleTalk
router. The Pinnacle Link Bridge is simply a bridge that for AppIeTalk can promote or
prohibit the appearance of server and/or printer names in the chooser.
QAQTIQN: It is common characteristic of AppleTaIk networks with multiple routers to
have configuration problems if all of the routers do not agree on zone
names and networks numbers. The Pinnacle Link Bridge is not an
AppleTaIk Router, it does not contribute to this problem. These menus will
not, however, remedy this problem. If you wish to isolate a local AppleTaIk
network from a remote AppleTaIk network you must be sure to drop
AppleTalk and AppleTalk AFlP in the "Ethernet Protocol Menu".
CONFlGURATION 5-37
(-) Pass ( ) Drop Apple Zone Name Menu:
This menu specifies the AppIeTalk Zone names that are to be passed or dropped. Each
of the Apple Zones can be named in this menu. The menu entry " (single asterisk) is
the standard AppIeTaIk code that means "my Zone". As an example; it the Local LAN‘s
Zone name is Tiger and if you wish to see in your chooser printers and sewers from a
Remote LAN with the Zone name Tiger, then two entries must appear in this menu, the
string Tiger and on the next line an ". This is because sometimes AppIeTaIk explicitly
asks for printers and servers in the Zone Tiger and sometimes it uses the ' as short-
hand for Tiger (i.e. "my Zone").
(0) Pass ( ) Drop Apple Remote Sewers Menu:
This menu specifies the Remote file servers that are to appear in the Local LAN's
Macintosh Choosers, regardless of Zone. if the Local LAN's Macintoshes are not to see
any Remote file servers then this menu should be set to "Pass Apple Remote Servers"
with no entries in it. This will force the Pinnacle Link Bridge to pass none of the Remote
file server names to the Local LAN. It all Remote file servers are to be seen by the
Local LAN then this menu should be empty and set to "Drop Apple Remote Sewers".
(.) Pass ( ) Drop Apple Local Sewers Menu:
This menu specifies the Local file servers that are to appear in the Remote LAN's
Macintosh Choosers, regardless of Zone. If the Remote Macintoshes are not to see
any Local file servers then this menu should be set to "Pass Apple Local Servers" with
no entries in it. This will force the Pinnacle Link Bridge to pass none of the Local LAN's
file server names to the Remote network. if all of the Local file sewers are to be seen
by the Remote network then this menu should be empty and set to "Drop Apple Local
Servers".
(0) Pass ( ) Drop Apple Remote Printers Menu:
This menu specifies the Remote printers that are to appear in the Local LAN's
Macintosh Choosers, regardless of Zone. If the Local LAN‘s Macintoshes are not to see
any Remote printers then this menu should be set to "Pass Apple Remote Printers" with
no entries in it. This will force the Pinnacle Link Bridge to pass none of the Remote
printer names to the Local LAN. It all Remote printers are to be seen by the Local LAN
then this menu should be empty and set to "Drop Apple Remote Printers”.
(0) Pass ( ) Drop Apple Local Printers Menu:
This menu specifies the Local printers that are to appear in the Remote LAN’s
Macintosh Choosers, regardless of Zone. It the Remote Macintoshes are not to see
any Local printers then this menu should be set to "Pass Apple Local Printers" with no
entries in it. This will force the Pinnacle Link Bridge to pass none of the Local LAN's
printer names to the Remote network. if all of the Local printers are to be seen by the
Remote network then this menu should be empty and set to "Drop Apple Local Print-
SFS.
5-38
CONFIGURATION
DECNET FILTERS
(Will only appear if DECNET is being bridged)
UDP/TCP . . .
Apple'l'alk . t .
DECNET . . .
DECNET Services Filter
(-) Pass () Drop (o) Pass () Drop -) Pass () Drop
Followin- Address & Mask Followin- Remote Ob'ects Followin- Local Ob'ects
20.1022 3F.3FF CTERM (Sethost) 42 CTERM (SETHOST) 42 n
21.0 3FAO 17
27
(-) Pass ()Drop -) Pass () Drop
Add Following Remote Object o Followin Local Objecto
Delete
"q
Ed|t
OK
(-) Pass ( ) Drop Following Address & Mask Menu:
This menu specifies the DECNET Areas and Hosts that are to be passed or dropped.
Each entry consists of a DECNET Address and an special Mask; a packet that matches
is then either passed or dropped as specified. Each DECNET packet's source and
destination address is checked against each entry in the list to determine if the packet is
to be passed or dropped. Matching is performed on the first entry first and then goes
down the list. When a match is found the action specified on that line is performed
immediately. The packet's DECNET addresses are logically "ended" with the mask and
then compared with the IP address to determine if a match has occurred. Addresses
are specified in the standard DECNET syntax: Area.Host. The special mask is a hexa-
decimal numberthat specifies a bit mask to be "anded" with the packet's DECNET
address prior to being comparing with the specified DECNET address.
NOTE: The Pinnacle Link Bridge is not a DECNET Router, This menu specifies the
DECNET hosts and/or DECNET areas that hosts on either the local or remote
network can communicate with. ‘
CONFIGURATION 5—39
(-) Pass ( ) Drop Remote Objects Menu:
This menu specifies the DECNET Objects on remote DECNET hosts that are to be
passed or dropped. Each DECNET connect packet is checked against each entry in
the list to determine if the packet is to be passed or dropped.
(-) Pass ( ) Drop Remote Object 0 Menu:
This menu specifies the DECNET Object 0 names on remote hosts that are to be
passed or dropped. Each DECNET connect packet to DECNET Object 0 is checked
against each entry in the list to determine if the packet is to be passed or dropped.
(-) Pass ( ) Drop Local Objects Menu:
This menu specifies the DECNET Objects on the local hosts that are to be passed or
dropped. Each DECNET connect packet is checked against each entry in the list to
determine if the packet is to be passed or dropped.
(-) Pass ( ) Drop Local Object 0 Menu:
This menu specifies the DECNET Object 0 names that are to be passed or dropped.
Each DECNET connect packet to DECNET Object O is checked against each entry in
the list to determine it the packet is to be passed or dropped.
5-40 CONFIGURATION
NOVELL (IPX) FILTERS
(Will only appear if Novell is being bridged)
UDP/TCP . . .
AppIeTaIk. . .
DECNET. t .
Novell (IPX) . . .
NOVELL Services Filter
(0) Pass () Drop 0) Pass () Drop (0) Pass 0 () Drop
Followin- Networks Followin- Re Ole Sewers Followin- Sewers
00000040 SERVER 1
(-) Pass () Drop (0) Pass () Drop
Following Remote Sewers Following Local Services
‘ Print Queue
[X] Enable Outgoing SLIST Commands
[ ] Enable Incoming SLIST Commands
When Novell systems are networked together, one of the undesirable side effects is that
all Novell servers can be seen by all other Novell sewers and clients that are connected
to the network. These menus wiII configure the Pinnacle Link Bridge/Pinnacle Link
Router to selectively restrict access to specific Novell networks, sewers and/or services.
The Pinnacle Link Bridge/Pinnacle Link Router is not a Novell router. it does not have
any of the characteristics of a Novell router. The Pinnacle Link Bridge/Pinnacle Link
Router is simply a bridge that for Novell IPX can promote or prohibit specific sewices.
Following Networks
This menu specifies the Novell networks that will be passed (permitted) or dropped
(denied) through the Pinnacle Link Bridge/Pinnacle Link Router. You can use it to
firewall off specific Novell networks from other Novell networks.
CONFIGURAT|0N 5-41
Following Remote Servers
This menu specifies the Remote Novell sewers that are to be accessible by the Local
LAN‘s.
Following Local Sewers
This menu specifies the Local Novell sewers that are to be accessible by the Remote
LAN‘s.
Following Remote Services
This menu specifies the Remote Novell services that are to be accessible by the Local
LAN's.
Following Local Services
This menu specifies the Local Novell services that are to be accessible by the Remote
LAN's.
[X] Enable Outgoing SLIST Commands
The Novell SLIST and related commands bypass the normal Novell Remote Server
Pinnacle Link Bridge/Pinnacle Link Routertilters. This is a special filter that enables or
disables the Novell server listing commands from local clients to remote servers.
[X] Enable Incoming SLIST Commands
The Novell SLIST and related commands bypass the normal Novell Remote Server
Pinnacle Link Bridge/Pinnacle Link Router filters. This is a special filter that enables or
disables the Novell server listing commands from remote clients to local sewers.
5-42 CONFIGURATION
STEP 7: DATA ENCRYPTION SETUP
. General Setup. . .
Step 2 : Port Setup . , .
Step 3 : Bridge Setup . . .
Step 4a : lP Host Setup . .
Step 4b : lP Router Setup . . .
Step 5 : SNMP Setup . . .
' Security (Firewall) Setup >
- Data Encrvption Setup . . .
Encryption Passwor
Password '
Data Encryption
The Pinnacle Link Bridge/Pinnacle Link Router contains a proprietary software encryp-
tion algorithm developed in the United Kingdom. This encryption algorithm can be
applied to Pinnacle Link Bridge Tunneled packets, lP UDP/TCP packets or all packets
sent to or received from a particular non—Ethemet port.
CONFIGURATION
Adding Data Encryption
(To lP/UDP/TCP Packets)
Standard IP/UDP/TCP
Packet
Secure
Encrypted IP Packet if
Destined for Pinnacle
Bridge Decrypter
Encrypted iP
Packet if Destined
for Pinnacle
Bridge Decrypter Internet
or Campus Hem“
Standard |p Network “mace
IP/UDP/TCP /
Insecure
Standard LAN
1 PM D P/TCP
Packet
5-43
5-44 CONF|GURATION
Generic Ethernet Tunneling
(Through an IP Network)
Standard Ethemel
Packet
/Elhemet Packe4\,k
\ Encapsulated m /
Ethernet Packet
Encapsuiated in
lP/UDP Internet
or Campus E1532;
IP Network
Standard /
Ethernet
Packet \
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.3 Linearized : Yes Create Date : 2001:05:25 17:24:25 Producer : Acrobat Distiller 4.0 for Windows Author : jsoscia Title : 51328.pdf Modify Date : 2001:05:25 17:24:44-04:00 Page Count : 51EXIF Metadata provided by EXIF.tools