Professional Documents
Culture Documents
LineRunner
LineRunner SHDSL EFM Router Application Manual
Copyright in this document vests in KEYMILE. This document contains confidential information which is the property of KEYMILE. It must be held in confidence by the recipient and may not be used for any purposes except those
specifically authorised by contract or otherwise in writing by KEYMILE. This
document may not be copied in whole or in part, or any of its contents disclosed by the recipient to any third party, without the prior written agreement
of KEYMILE.
Disclaimer
Document PEC
37125516
Document release
RA | January 2010
Published by
KEYMILE AG
Schwarzenburgstrasse 73
3097 Bern-Liebefeld
Switzerland
http://www.keymile.com
Application Manual
LineRunner SHDSL EFM Router
Table of Contents
1
VLAN Bridging
1.1
Theory of operation
1.2
Modem configuration
1.2.1
1.2.2
Bridge creation
1.2.3
Transparent Bridging
2.1
Theory of operation
2.2
Modem configuration
2.2.1
2.2.1.1
2.2.1.2
2.2.1.3
2.2.1.4
CPE (Master)
DSL Settings
Bridge
Bridge Settings
Security
8
8
9
10
10
2.2.2
2.2.2.1
2.2.2.2
2.2.2.3
CPE (Slave)
DSL Settings
Bridge
Security
11
11
11
11
2.2.3
2.2.3.1
Bridge configuration
VLAN Transparent Bridging
11
11
2.2.4
Switch configuration
12
QoS Application
13
3.1
Theory of Operation
13
3.2
Enabling QoS
13
3.3
Traffic shaping
13
3.4
Traffic priority
14
3.5
DSCP settings
15
3.6
Class statistics
16
17
4.1
Theory of operation
17
page 3 of 20
37125516 RA
Application Manual
LineRunner SHDSL EFM Router
4.2
Modem configuration
17
4.2.1
Management consideration
17
4.2.2
17
4.2.3
18
Bridge Management
19
5.1
Theory of operation
19
5.2
Modem configuration
19
5.2.1
19
5.2.2
Management Configuration
19
5.2.3
20
page 4 of 20
37125516 RA
VLAN Bridging
1
1.1
Application Manual
LineRunner SHDSL EFM Router
VLAN Bridging
Theory of operation
In this scenario we want to configure the LineRunner SHDSL EFM Router to
act as a VLAN bridge and we will add remote management access over a
dedicated management VLAN (4094).
This section shows the concept of this application as well as the necessary
configuration of the modem:
1.2
Modem configuration
1.2.1
page 5 of 20
20
37125516 RA
VLAN Bridging
1.2.2
Application Manual
LineRunner SHDSL EFM Router
Bridge creation
Creation of the bridge connection:
System -> Network connections -> New Connection -> Advanced Connection -> Network Bridging
Select LAN Switch and VLAN 100 interfaces for building the bridge:
If you are connected from the LAN side, you will loose the connection to the
Web-based management after you configured the bridge. The reason is that
the MAC address of the LAN will be modified and will be the same as the
WAN MAC address. In order to accelerate the reconnection you can clear
the ARP table of your computer. If you use Microsoft Windows you can
use the arp d command in a cmd shell.
After reconnection to the LineRunner SHDSL EFM Router your network connections should look similar to this:
page 6 of 20
20
37125516 RA
VLAN Bridging
1.2.3
Application Manual
LineRunner SHDSL EFM Router
page 7 of 20
20
37125516 RA
Transparent Bridging
2
2.1
Application Manual
LineRunner SHDSL EFM Router
Transparent Bridging
Theory of operation
With the LineRunner SHDSL EFM Router it is possible to build an application that enables clients to extend the existing VLAN over one to four DSL
lines.
In this example, management access is only possible form the master side.
This section shows the concept of this application as well as the necessary
configuration of the modems:
The management access from the left LAN side is blocked by the appropriate filter settings on both CPEs.
2.2
Modem configuration
2.2.1
CPE (Master)
2.2.1.1
DSL Settings
First of all the DSL parameters must be set:
page 8 of 20
20
37125516 RA
Transparent Bridging
Application Manual
LineRunner SHDSL EFM Router
Please note:
EFM encapsulation has to be selected for CPE to CPE connections and connections to the MileGate unit SUSE1.
2.2.1.2
Bridge
A bridge must be set between the LAN and WAN interface of the CPE
Router.
For this the following command must be set:
System -> Network Connections -> New Connection -> Advanced Connection -> Network Bridging
Please note:
After clicking Next the router will be reconfigured as a bridge. The MAC
address of the LAN interface will be replaced with the Bridge MAC address,
which is the current WAN interface MAC address. Therefore your webbrowser will temporarily loose connection to the Web-based management.
In order to accelerate the reconnection you can delete the ARP table entries
of your PC. For Microsoft Windows users you can use the arp d command from a cmd shell.
page 9 of 20
20
37125516 RA
Transparent Bridging
2.2.1.3
Application Manual
LineRunner SHDSL EFM Router
Bridge Settings
You can use the Bridge properties settings if you want to modify the local
Management Address (ex. 192.168.1.20).
2.2.1.4
Security
For security reasons the HTTP Web-based management access from the
slave side (WAN) can be filtered:
Service -> Firewall -> Advanced Filtering -> Input Rules Set -> (WAN
Ethernet Rules) New Entry
page 10 of 20
20
37125516 RA
Transparent Bridging
2.2.2
CPE (Slave)
2.2.2.1
DSL Settings
Application Manual
LineRunner SHDSL EFM Router
Please note:
EFM encapsulation has to be selected for CPE to CPE connections and connections to the MileGate unit SUSE1.
2.2.2.2
Bridge
Also create a bridge between the LAN and the WAN interface of the LineRunner SHDSL EFM Router.
See previous description.
2.2.2.3
Security
For security reason the HTTP Web-based management access form the
slave side (LAN) can be disabled:
Service -> Firewall -> Advanced Filtering -> Input Rules Set -> (LAN
Switch Rules) New Entry
Choose IP 192.168.1.40 as destination IP address and HTTP as protocol.
2.2.3
Bridge configuration
2.2.3.1
page 11 of 20
20
37125516 RA
Transparent Bridging
Application Manual
LineRunner SHDSL EFM Router
A new screen will appear. Select Enable VLAN and All VLAN IDs. Click
OK to accept the configuration. The bridge is now transparent to all VLANs.
2.2.4
Switch configuration
If you want the switch to be VLAN transparent select transparent in the
VLAN tab of the LAN Switch Properties screen:
page 12 of 20
20
37125516 RA
QoS Application
3
3.1
Application Manual
LineRunner SHDSL EFM Router
QoS Application
Theory of Operation
The LineRunner SHDSL EFM Router is able to process higher priority traffic
before lower priority traffic.
The most significant bottleneck is where the high speed LAN meets limited
broadband bandwidth. Special QoS mechanisms are built into the LineRunner SHDSL EFM Router to ensure that this sudden drop in connectivity
speed is taken into account when prioritizing and transmitting real-time-service related data packets.
This example shows how to configure the SHDSL router to prioritize traffic
that is tagged with DSCP priority marking.
3.2
Enabling QoS
In order to enable QoS processing do the following:
Select Services -> QoS.
The Quality of Service screen will appear, displaying the General tab.
Select User Defined from the combo-box.
Enter the Rx and Tx bandwidth of your DSL interface in kbit/s.
Select the Default QoS profile.
This turns QoS on without special preferences. We will configure our
preferences later.
3.3
Traffic shaping
The traffic shaping configuration is needed to have several classes of services each having different priority and different rate limiting.
In this example we will create two classes (class 1 and class 2).
Select the Traffic Shaping tab.
Click the edit button of the Default WAN device.
page 13 of 20
20
37125516 RA
QoS Application
Application Manual
LineRunner SHDSL EFM Router
3.4
Traffic priority
We have to set rules determining the priority that packets, travelling through
the device, will receive. This can be done here:
Select the Traffic Priority tab.
We can now create the following two QoS output rules for the WAN interface:
Rule #0 detects packets with DSCP 0x2E and puts them in Class 1.
Rule #1 detects packets with DSCP 0x1A and puts them in Class 2.
page 14 of 20
20
37125516 RA
QoS Application
3.5
Application Manual
LineRunner SHDSL EFM Router
DSCP settings
Select the DSCP Settings tab. In this table you can add or modify the mapping of the DSCP value to a priority. Note that in our example DSCP 0x2E is
set to high priority and DSCP 0x1A is set to medium priority.
page 15 of 20
20
37125516 RA
QoS Application
3.6
Application Manual
LineRunner SHDSL EFM Router
Class statistics
The Class Statistics tab shows the two classes and the default class statistics. Check the statistics to see if the QoS is correctly configured.
page 16 of 20
20
37125516 RA
4
4.1
Application Manual
LineRunner SHDSL EFM Router
4.2
Modem configuration
4.2.1
Management consideration
Before to start with the VLAN configuration, you have to ask yourself how
you will access the management of the LineRunner SHDSL EFM Router
once that the 802.1q VLAN mode is turned on in the switch.
One way to access the management is to create a new VLAN interface (for
example 4094). This is described in chapter "VLAN interface creation"
(page 5).
In this scenario we will reserve one Ethernet port (port 8 in this example) for
the local access to the management of the router. We will configure the
switch to send all traffic coming from port 8 as untagged packets. Therefore
we do not need to create a special VLAN interface for the management.
4.2.2
page 17 of 20
20
37125516 RA
Application Manual
LineRunner SHDSL EFM Router
If the table looks identical you can click Apply. Otherwise correct the table
before to proceed. Do not forget that you might completely loose access to
the management if your configuration is not correct.
You probably have to refresh your browser to access the management.
Also check that you PC is connected to port 8 of the Ethernet switch.
4.2.3
page 18 of 20
20
37125516 RA
Bridge Management
5
5.1
Application Manual
LineRunner SHDSL EFM Router
Bridge Management
Theory of operation
This chapter describes a secured way to configure local and/or remote management of the LineRunner SHDSL EFM Router when it is used as a bridge.
It is recommended to follow this procedure to minimize the risk of unauthorized access to the LineRunner SHDSL EFM Router.
5.2
Modem configuration
5.2.1
Here you see that the Internet Connection Firewall is disabled by default.
When Internet Connection Firewall is turned off web-based management,
telnet and SSH access to the management is possible from the LAN and
from the WAN sides. This is very unsecured and therefore it is recommended to enable the Internet Connection Firewall. But before to enable
this setting you have to prepare remote management access, otherwise you
will loose access to the management.
5.2.2
Management Configuration
Before to enable Internet Connection Firewall you need to allow remote
management. If you do not enable remote management you will loose connection to the device when you enable the Internet Connection Firewall.
page 19 of 20
20
37125516 RA
Bridge Management
Application Manual
LineRunner SHDSL EFM Router
In the example below the HTTPS and the SSH connection are enabled.
5.2.3
page 20 of 20
20
37125516 RA