Kentrox Q2200 User manual

QoS Access Router

User’s Guide

Q2200 T1 Router

Q2300 Ethernet Router

Q2400 QoS Router

Hardware Reference

Router Management

Advanced Features

Operation

Diagnostics

Specifications

Software Release 1.35

Document #650-00319-04

Printed in the U.S.A.

Specifications published here are current or planned as of the date of publication

of this document. Because we are continuously improving and adding features to

our products, Kentrox reserves the right to change specifications without prior

notice. You may verify product specifications by contacting our office.

In no event shall Kentrox be liable for any damages resulting from loss of data,

loss of use, or loss of profits. Kentrox further disclaims any and all liability for

indirect, incidental, special, consequential or other similar damages. This dis-

claimer of liability applies to all products, publications and services during and

after the warranty period.

Additional copyrights applicable to portions of this product:

Trademark

information

Kentrox is a registered trademarks of Kentrox, LLC.

Q-Series is a trademark of Kentrox, LLC.

SafeNet is a registered trademark of SafeNet, Inc.

All other product names are trademarks or registered trademarks of their

respective owners.

Revision history

If you need

assistance

If you need assistance with this product or have questions not answered by this

manual, please first contact your reseller or visit our Support page on the Kentrox

web site at www.kentrox.com.

Part # Date Description

650-00319-00 February 2004 Initial release, v1.00, Q2200

650-00319-01 March 2004 Second release, v1.01, Q2200

650-00319-02 April 2004 Third release, v1.20, Q2300

650-00319-03 December 2004 Fourth release, v1.30, Q2200, Q2300

and Q2400

650-00319-04 March 2006 Fifth release, v1.35, Q2200, Q2300,

and Q2400

Contents

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Chapter 1 Introduction to the Q-Series™ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Router features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Typical applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

Using VPN to ensure a secure connection between remote peers. . . . . . . . . . . . . . . . . . .21

Using VPN to allow remote clients to access your network . . . . . . . . . . . . . . . . . . . . . . .22

Protecting critical traffic with QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Deployment planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Chapter 2 Hardware reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Front panel description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

Rear panel description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

Cable connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Power-on and power-down . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38

Chapter 3 Accessing the router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

Using the router GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

Using the router CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

Adding and managing users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Setting options for remote management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51

Configuring and using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52

Chapter 4 Configuring system-wide parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Setting the system date and time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

Managing logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .58

Adding a system contact . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

Updating the system software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Saving the system configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61

Restarting the system and resetting to factory defaults . . . . . . . . . . . . . . . . . . . . . . . . . . .62

Chapter 5 Interface configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Ethernet LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64

Ethernet Port 5 (Ethernet WAN models only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67

T1 Ports (T1 WAN models only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69

IP configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72

Chapter 6 Routing features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76

Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82

4Contents

DHCP services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83

DHCP server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84

DHCP relay agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88

DHCP client (Ethernet WAN models only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89

DNS client and relay agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90

NAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .92

Mapped IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .94

Chapter 7 Quality of Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

QoS in the router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98

DiffServ overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100

Understanding traffic management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105

Configuring QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .108

Configuring the WAN interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Configuring the LAN interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112

Changing DSCP mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

QoS interaction with other router features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Using QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .116

Chapter 8 Lists. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

Creating lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124

Chapter 9 Virtual Private Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Common VPN configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128

VPN in the router. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130

Configuring a VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133

Phase 1: Gateway configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135

Phase 2: Tunnel configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139

VPN Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141

Special considerations for using VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .142

Chapter 10 Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Firewalls in the router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .146

Configuring an IDS Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .147

Configuring ACL firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .148

ACL policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149

Using Application Layer Gateways (ALGs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153

Firewall logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154

Chapter 11 Monitoring traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

QoS Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156

Policy Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .157

Latency Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .158

Chapter 12 Monitoring the interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Ethernet Ports 1-4 interface monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .160

Ethernet Port 5 interface monitoring (Ethernet WAN models only) . . . . . . . . . . . . . . . .163

PPPoE monitoring (Ethernet WAN models only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166

T1 WAN interface monitoring (T1 WAN models only) . . . . . . . . . . . . . . . . . . . . . . . . .167

Frame Relay monitoring (T1 WAN models only) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172

DLCI statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174

PPP monitoring (T1 WAN models only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176

Alarm Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178

Chapter 13 Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

System Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187

Syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188

Chapter 14 Diagnostics and testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

Ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190

Traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191

Loopbacks (T1 WAN models only). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193

Appendix A Cable specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197

Appendix B System specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Appendix C System defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211

Appendix D SNMP support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

Glossary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

6Contents

Preface

This manual covers usage instructions for Kentrox Q-Series™ QoS Access

routers (“the router”). It also contains product specifications and system default

values.

Who should use this

manual?

This manual is intended as a conceptual overview and reference for network plan-

ners, managers, and administrators of the router. The person responsible for

managing the router is referred to in this document as the network administrator.

Viewing this manual

as a PDF file

This manual is designed to be used as both a printed book and a PDF file, and

includes the following features for PDF viewing:

■Cross-references are clickable hyperlinks that appear in blue text.

■Chapters and section headings are represented as clickable bookmarks in the

left-hand pane of the Acrobat viewer.

■Page numbering is consistent between the printed page and the PDF file to

help you easily select a range of pages for printing.

You can obtain PDF files of our manuals by visiting http://www.kentrox.com.

Related publications The following provide additional information about this product:

■Additional PDF manuals, including the Setup Guide and the CLI Guide, are

located at the web site or on the CD-ROM

■Q-Series product pages: http://www.kentrox.com/Q-Series

■Q2200 product page: http://www.kentrox.com/Q2200

■Q2300 product page: http://www.kentrox.com/Q2300

■Q2400 product page: http://www.kentrox.com/Q2400

Conventions used in

this manual

Variables Italic type identifies variable syntax elements, such as values

or alphanumeric strings, that you can enter.

x|y A vertical line (pipe) between elements means that the ele-

ments are mutually exclusive; you can select one and only

one of the elements.

[ ] Brackets indicate items that are optional.

<> Angle brackets indicate that items are required.

filenames Filenames appear in Courier font, for example,

commands.txt.

commands Command line interface commands also appear in Courier

font, for example, dhcp server set subnet.

QoS Access Router User’s Guide 8

Preface

Key names The names of keyboard keys are spelled as they appear on the

keyboard and bolded, for example, Esc, Enter.

Pathnames The pathname to GUI pages as they exist on the “bread

crumb bar”, for example, Monitor > System.

Admonishments Important safety admonishments are used throughout this manual to warn of pos-

sible hazards to persons or equipment. An admonishment identifies a possible

hazard and then explains what may happen if the hazard is not avoided. The

admonishments, in the form of Dangers, Warnings, and Cautions, must be fol-

lowed at all times. These warnings are flagged by use of the triangular alert icon

(seen below), and are listed in descending order of severity of injury or damage

and likelihood of occurrence.

DANGER!

Danger is used to indicate the presence of a hazard that will cause severe per-

sonal injury, death, or substantial property damage if the hazard is not avoided.

WARNING!

Warning is used to indicate the presence of a hazard that can cause severe per-

sonal injury, death, or substantial property damage if the hazard is not avoided.

CAUTION!

Caution is used to indicate the presence of a hazard that will or can cause minor

personal injury or property damage if the hazard is not avoided.

9QoS Access Router User’s Guide

General safety precautions

General safety

precautions

This equipment has been designed to the highest quality standards of materials,

workmanship and safety. Do not bypass any of the safety features of this equip-

ment or operate this equipment in an improper environment.

WARNING!

To avoid hazard from electrical shock and/or fire, adhere to the safety practices

listed in this section and identified within the instructions of this document.

Use caution when installing or modifying communication lines. Dangerous volt-

ages may be present. It is unsafe to install communication wiring during a

lightning storm.

Always disconnect all communication lines at the network interface and power

connections from the wall outlets before servicing or disassembling this

equipment.

All wiring external to the product(s) should follow the provisions of the current

local and national building codes or any wiring rules that apply.

The router should be installed so that users have easy access to the wall outlet that

the AC power cord is plugged into. This is important so that power can be

removed quickly if there is a problem with the router or with the power adapter.

WARNING!

Potentially hazardous voltages inside. Service should be performed only by quali-

fied personnel.

ADVERTISSEMENT!:

Tensions Dangereuses à l'intérieur. Confier la maintenance à une personne

qualifiée.

WARNING!

This equipment is electrically grounded only when it is connected to a grounded

AC power outlet using the supplied AC-DC power adapter.

10 Preface

Chapter

1Introduction to the

Q-Series™

Each Q-Series QoS Access router combines a number of network access and secu-

rity devices into one inexpensive device that can be set up and managed using a

browser-based graphical interface. This chapter provides a detailed description of

the router and its features, and gives examples of how you can deploy the router to

benefit your organization.

Table 1 summarizes the available Q-Series router models.

The following table summarizes the differences between the three models.

Table 1: Q-Series routers

Model Description

Q2200 T1 QoS Access router

Q2201 T1 QoS Access router with optional modem

Q2300 Ethernet QoS Access router

Q2301 Ethernet QoS Access router with optional modem

Q2400 QoS Access router (T1 and Ethernet combined)

Q2401 QoS Access router (T1 and Ethernet combined) with optional modem

Table 2:

Feature Q2200 Q2300 Q2400

Ethernet LAN Ports 4 4 4

Ethernet WAN Ports 0 1 1

T1 Ports 1 0 2

DLCIs 16 N/A 32

12 Chapter 1: Introduction to the Q-Series™

Figure 1, Figure 2 and Figure 3 show an overview of each Q-Series router and the

functions they can provide between your Local Area Network (LAN) and a Wide

Area Network (WAN) such as the Internet.

Figure 1: Q2200/Q2201 QoS Access router (T1 WAN model)

Figure 2: Q2300/Q2301 QoS Access router (Ethernet WAN model)

,35RXWLQJ

4R67UDIILF6KDSLQJDQG

3ULRULWL]DWLRQ

0RQLWRULQJDQG5HSRUWLQJ

,36HF931

)LUHZDOO

1$7

7'68&68

7

(WKHUQHW

/$1

4 :$1

,QWHUQHW

,35RXWLQJ

4R67UDIILF6KDSLQJDQG

3ULRULWL]DWLRQ

0RQLWRULQJDQG5HSRUWLQJ

,36HF931

)LUHZDOO

1$7

(WKHUQHW

/$1

4

:$1

'6/RU

&DEOH0RGHP

Q2400/Q2401 QoS Access router (T1 WAN model) 13

Figure 3: Q2400/Q2401 QoS Access router (T1 WAN model)

Read this chapter to discover how the router’s feature integration provides a sim-

ple, reliable, and high-quality solution to traffic management and security, while

saving your organization time and money.

,35RXWLQJ

4R67UDIILF6KDSLQJDQG

3ULRULWL]DWLRQ

0RQLWRULQJDQG5HSRUWLQJ

,36HF931

)LUHZDOO

1$7

7'68&68

7$GG'URS

7

(WKHUQHW

/$1

4 :$1

,QWHUQHW

3%;

7

$GG'URS

14 Chapter 1: Introduction to the Q-Series™

Router features

Access router As an access router, the Q-Series router provides LAN-to-WAN access. The router

supports:

■IP over Ethernet with an auto-sensing, auto-polarity 10Base-T/100Base-Tx

switch interface on the LAN side

■Four ports are available for the LAN connections

■IP over Frame Relay or Point-to-Point Protocol (PPP) with a T1/FT1 interface

on the WAN side (T1 WAN models only)

■One port is available for a T1 WAN connection on the Q2200

■Two ports are available for T1 WAN connections on the Q2400

■One T1 on the Q2400 can be configured for Add/Drop

■Multiple DLCIs

■Q2200: 16 DLCIs

■Q2400: 32 DLCIs

■IP over Point-to-Point Protocol over Ethernet (PPPoE) with an Ethernet port

on the WAN side to interface with DSL or cable modem (Ethernet WAN mod-

els only)

■One port is available for a WAN connection (Q2300 and Q2400)

■Domain Name Service (DNS) client capability

■Resolve IP addresses to domain names

■Resolve incomplete domain names

■Retrieve IP addresses

■Load Balancing

■Share bandwidth on a session basis across up to four equal-cost routes

■DHCP Server

■Static and Dynamic Routing—Routing Information Protocol (RIP) versions 1

and 2, and Open Shortest Path First (OSPF)

■Virtual LANs (VLANs)

■Secure Shell (SSH)

T1/FT1 DSU/CSU (T1

WAN models only)

The router includes a built-in Data Service Unit/Channel Service Unit (DSU/

CSU) that provides:

■T1 circuit termination

■T1 and frame monitoring

■Alarms and diagnostics

Management access 15

Management access The router gives you several options for accessing its features:

■An intuitive graphical user interface (GUI) that makes it easier to set up and

install the router, and makes system management, monitoring, and reporting

accessible and understandable

■RS-232, Telnet, SSH and optional modem connections for local or remote

management via a command line interface (CLI)

■Simple Network Management Protocol (SNMP) for remote device

monitoring

NAT The router’s Network Address Translation (NAT) support includes:

■Traditional NAT

■Enables the use of private IP subnets behind a single public IP address,

allowing users access to the WAN from a private IP local network

■Shields your LAN’s internal IP addresses from the WAN

■Mapped IP (bi-directional) NAT to allow your LAN-side server to be

accessed from the WAN side

■Network Address Port Translation (NAPT)

■Application Layer Gateways (ALGs)

Quality of Service

(QoS)

The router’s QoS implementation is based on the IP Differentiated Services (Diff-

Serv) architecture. Traffic can be classified and monitored; the information

collected can be used to apply performance guarantees to the individual classes.

The router’s QoS feature includes:

■Support for all DiffServ classes

■Configurable QoS marking and remarking on all ingressing traffic

■Configurable policing of traffic

■Configurable queue weighting and scheduling on all egressing traffic

■Configurable QoS policies

■Traffic reports and graphs

■VoIP and video prioritization

Virtual Private

Networks (VPN)

Use the router to set up VPNs for secure communication over a WAN. The VPN

implementation follows the IPSec standard, and is designed to meet the Virtual

Private Networks Consortium (VPNC) standards for interoperability and con-

formance. The router’s VPN capability enables you to:

■Secure data from interception using the Internet standard IP Security (IPSec)

■Configure up to 100 VPN tunnels

■Configure a peer-to-peer connection to connect your remote corporate LANs

■Configure remote clients to allow “road warriors” (users with Internet access)

to access your corporate LAN

16 Chapter 1: Introduction to the Q-Series™

Security and key management algorithms include:

■Encryption algorithms (DES, 3DES, and AES), with DES and 3DES hard-

ware acceleration

■Hash algorithms (MD5 and SHA)

■Diffie-Hellman groups 1, 2, and 5

■Perfect Forward Secrecy (PFS)

Dynamic VPN

■Allows any client or peer device to negotiate with a Q-Series router by using

the preshared key defined on the Q and any supported transform

Q Connect Utility

■Simplifies the Windows XP IPSec VPN Client configuration

Firewall To protect your network from outside intrusion, the router has an integrated State-

ful Packet Inspection (SPI) Firewall. The Firewall feature supports:

■An Intrusion Detection System (IDS), which identifies and blocks common

attacks

■Black listing sources of Denial of Service (DoS) attacks

■A manually configured, policy-driven Access Control List (ACL)

■Application Layer Gateways (ALGs)

■Selectable security zones (Trusted, Untrusted, and DMZ) on a per-IP-interface

basis

Monitoring and

reporting

Get feedback from the router regarding traffic performance, network status, secu-

rity, and more in the form of graphs, reports, logs, and tests, including:

■Overall system status

■Physical and link layer status and alarms

■Real-time and historical network usage reporting and statistics

■Real-time and historical QoS policy reporting and statistics

■Traffic Latency Report

■System Event Log

■Interface Alarm Log

■Firewall Traffic (Session and Blocking) Log

■Firewall Intrusion Log

■VPN (IKE) Event Log

■Syslog for remote host event reporting

■Ping

■Loopbacks

Typical applications 17

Typical applications

This section shows brief examples of how the router can be used as a network

routing, security, and traffic management solution. Additionally, it shows which

router functions you might consider implementing in each scenario.

For more in-depth examples of how the Kentrox router can be deployed, visit the

Kentrox Web site.

Connecting remote

offices over a

private T1 line

Figure 4 shows a Kentrox Q2200 router providing a point-to-point connection

with another Q2200 over a private T1 leased line.

Figure 4: Q2200 providing a private connection between sites

The router can be configured to use PPP (recommended) or Frame Relay in this

scenario. Note that:

■A VPN or Firewall is not necessary as the T1 line is dedicated, but you can

still configure policies to protect sensitive data or applications on hosts at

either site

■Frame Relay Link Management must be disabled, as no network interface is

provided

■QoS can be configured to enhance application performance, if necessary

■LAN and WAN interface statistics can be collected to analyze traffic flow

,35RXWHU

7'68&68

7UDIILF6KDSLQJ4R6

0RQLWRULQJDQG5HSRUWLQJ

(WKHUQHW

/$1

4

:$1 7

333RU)5

(WKHUQHW

4

7

333RU)5

,35RXWHU

7'68&68

7UDIILF6KDSLQJ4R6

0RQLWRULQJDQG5HSRUWLQJ

18 Chapter 1: Introduction to the Q-Series™

Connecting an office

to the Internet using

redundant T1 lines

for high availability

Figure 5 shows the Q2400 router providing Internet access over a T1 leased line

for a medium-sized business with a LAN.

Figure 5: Q2400 as a network router

In this configuration, the router is providing basic Internet access using PPP or

Frame Relay. Once you acquire the network configuration information from your

ISP, initial setup of the router is simple enough to perform without advanced net-

working knowledge.

In addition:

■Support for two independent network connections ensures high availability

■Firewall support has been enabled to protect the LAN from outside intrusion

■DHCP server is enabled for easy LAN-side address configuration

■The QoS feature makes the performance of mission-critical applications

reliable

,35RXWHU

)LUHZDOO

7'68&68

7UDIILF6KDSLQJ4R6

7

333

/$1

4

,63

%DVH7[

(WKHUQHW

,63

7

333

Connecting offices to the Internet using a DSL or cable modem 19

Connecting offices

to the Internet using

a DSL or cable

modem

Figure 6 shows the Q2300 router providing business networking over a cable

modem or Digital Subscriber Line (DSL) for a medium-sized business user with a

LAN. Small-to-medium-sized business owners can use this type of configuration

as a lower-cost alternative to leasing a T1 line. The DSL/cable modem accesses

the Internet using PPPoE from the router’s WAN port.

Figure 6: Q2300 providing IP access through a DSL or cable modem

The router still provides the required business-class services such as Firewall,

VPN, and QoS, yet is simpler to configure than existing business access routers.

For ease of use, the WAN IP address can be configured statically or from the net-

work using DHCP or PPPoE. Obtain the proper setting from your service

provider.

,35RXWHU

)LUHZDOO1$7

,36HF931

7UDIILF6KDSLQJ4R6

'6/RU

&DEOH0RGHP

333R(

4

333R(

(WKHUQHW

/$1

'6/RUFDEOHQHWZRUN

20 Chapter 1: Introduction to the Q-Series™

Connecting sites in

a hub-and-spoke

network

Figure 7 shows Q2200, Q2300, and Q2400 routers in a hub-and-spoke network

connected to a larger, centrally-located router.

Figure 7: Hub-and-spoke network with Q-Series routers

Because all of the traffic is flowing over private lines, VPNs and Firewalls do not

necessarily need to be configured. In some cases, you may want to implement a

Firewall to protect your LAN from internal attacks. You can also consider per-

forming QoS analysis to optimize traffic between all sites.

On the Q2300, enable the DHCP relay agent feature so that other hosts on the

LAN can obtain dynamic IP addresses from a DHCP server at a remote location.

7333

RU)5

4 4

,35RXWHU

7UDIILF6KDSLQJ4R6

0RQLWRULQJDQG5HSRUWLQJ

4

7

333RU)5

(WKHUQHW

'6/RU

&DEOH0RGHP

(QWHUSULVHFODVV

5RXWHU

'+&3&OLHQW ,35RXWHU

7UDIILF6KDSLQJ4R6

0RQLWRULQJDQG5HSRUWLQJ

7'68&68

,35RXWHU

7UDIILF6KDSLQJ4R6

0RQLWRULQJDQG5HSRUWLQJ

7'68&68

'+&35HOD\

'+&35HOD\$JHQW

'+&3&OLHQW

'+&36HUYHU

,63

7

333RU)5

(WKHUQHW

Other manuals for q2200

This manual suits for next models

Other Kentrox Network Hardware manuals

Kentrox

Kentrox RMM-1400 User manual

Kentrox

Kentrox RMX-3200 User manual

Kentrox

Kentrox DataSmart 486 User manual

Popular Network Hardware manuals by other brands

BayTech

BayTech 24SII owner's manual

Moxa Technologies

Moxa Technologies C320Turbo/PCIEL user manual

CYG

CYG PRS-7910 instruction manual

Sumitomo

Sumitomo Electric Lightwave FutureFLEX installation manual

TP-Link

TP-Link VIGI NVR1008H installation guide

Stardom

Stardom SOHORAID DR8M-TB3 Quick installation guide

Vivotek

Vivotek ND8401 specification

Minuteman

Minuteman RS232 user manual

WIN Enterprises

WIN Enterprises PL-80590 user manual

Ubiquiti

Ubiquiti LiteBeam LBE-5AC-23 quick start guide

USAVision

USAVision UA-SNVR Series quick start guide

ExtraHop

ExtraHop Trace 6150 manual

Quantum

Quantum DXi4800 quick start

Huawei

Huawei RRU3908 V1 installation guide

Extreme Networks

Extreme Networks Extreme Management Center NMS-A-305 installation guide

infobit

infobit iWall 360 user manual

Lilin

Lilin 4ch PoE Network Video Recorder Series installation guide

AXIOMTEK

AXIOMTEK NA861 user manual

Kentrox q2200 User manual

Popular Network Hardware manuals by other brands