Alcatel-Lucent OmniAccess 5740 - Semi-Trusted Zone or Demilitarized Zone

To Next Page

To Previous Page

Filter and Firewall

Left running head:

Chapter name (automatic)

772

Beta Beta

OmniAccess 5740 Unified Services Gateway CLI Configuration Guide

Alcatel-Lucent

SEMI-TRUSTED ZONE OR DEMILITARIZED ZONE

A Demilitarized Zone (DMZ) is a network attached to an internetworking device on

the border of a "trusted" and "untrusted" zones. This network typically comprises

the servers and related network resources that need exposure to the "untrusted"

zone without compromising security of a "trusted" zone.

A DMZ creates a buffer space between the Internet and the private network which

is accessed by both Internet and the internal network. A DMZ typically contains

the following:

• Web Server

• Mail Server

• Application Gateway

• E-Commerce Systems

Example of systems to place on a DMZ include Web servers and FTP servers.

Figure 23: Three Zone Network Topology

Main Page

Default Chapter3
- Table of Contents3
1 Preface27
- About this Guide27
- Audience27
- Organization28
A Well Defined Port Numbers for Services29
- Part IV - Packet Classification30
- Partv - Routing Protocols30
- Part VI - Network Security CLI31
- Part VII - Quality of Service31
- Part VIII - TCP/IP Services32
- Part IX - License Manager32
- Document Conventions33
- Obtaining Documentation34
- Reference Publications34
- Obtaining Technical Assistance35
- Documentation Feedback35
Part 1 Introduction37
2 The Command Line Interface39
- CLI Overview39
- Introduction to CLI Modes40
- CLI Modes41
- Configuration Modes41
3 System Configuration and Monitoring69
- System Configuration and Monitoring Tasks69
  - Chapter Conventions70
- Management Plane Overview71
- Terminal Settings84
  - Example84
- System Name84
- AAA Configuration on Omniaccess 5740 USG85
- Setting and Displaying the System Time and Date105
- System Logging and Debugging108
- Rate Limiting in Statlog112
- Saving Log Messages114
- The File System116
- Software Package Management127
  - Package Types127
- Reloading the System133
- System Monitoring and Troubleshooting135
- Factory Default Configuration146
  - To Reload Factory Default Configuration147
  - Example147
- Importing Certificates148
  - Example148
- SNMP (Simple Network Management Protocol)153
4 Virtual Router Redundancy Protocol167
- Chapter Conventions167
- VRRP Overview168
- VRRP Configuration169
- VRRP Interface Tracking182
  - Alcatel-Lucent's Interface Tracking Design182
- VRRP Configuration Scenario Using Omniaccess 5740 USG184
  - Procedure184
- VRRP Topology184
  - VRRP Configuration185
Part 2 LAN Interfaces and Configuration187
5 Ethernet Interfaces on SE189
- Chapter Conventions189
- Ethernet Overview190
  - Ethernet Basics190
  - Ethernet Terminologies191
- Ethernet Network191
6 Layer 2 Switching Configuration203
- Chapter Conventions203
- Switching Overview204
- Layer 2 Switching205
7 Per VLAN Spanning Tree225
- Chapter Conventions225
- Per VLAN Spanning Tree (PVST+) Overview226
- PVST+ Configuration227
- Topology234
  - PVST+ Configuration Examples236
    - Example 1236
- PVST+ Topology236
8 Integrated Routing and Bridging241
- Chapter Conventions241
- Integrated Routing and Bridging Overview242
  - Alcatel-Lucent Specific IRB Overview242
- IRB Configuration243
  - IRB Configuration Steps243
  - IRB Commands244
- IRB Configuration Using Omniaccess 5740 USG245
  - Topology for IRB Configuration on Omniaccess 5740 USG245
- IRB Topology245
9 1X Port-Based Authentication247
- Chapter Conventions247
- Overview248
  - Generic Terms Used in 802.1X249
- Message Exchange250
10 Port Monitoring269
- Chapter Conventions269
- Port Monitoring Overview270
- Port Monitoring Configuration271
  - Port Monitoring Configuration Steps271
  - Port Monitoring Commands272
- Port Monitoring Configuration on Omniaccess 5740 USG273
- Port Monitoring Topology273
Part 3 WAN Interfaces and Protocols275
11 T1E1 Line Card277
- Chapter Conventions277
- T1 and E1 Overview278
- Omniaccess 5740 USG T1E1 Line Card278
12 Universal Serial Port (USP) Line Card313
- Chapter Conventions314
- USP Line Card (V.35/X.21/RS-232) Overview315
  - Alcatel-Lucent Specific Overview316
- Universal Serial Port Line Card (V.35/X.21/RS-232)316
  - Configuration317
13 High-Level Data Link Control327
- Chapter Conventions327
- HDLC Overview328
- HDLC Configuration330
14 Frame Relay339
- Chapter Conventions339
- Frame Relay Overview340
- Frame Relay Configuration342
15 Point-To-Point Protocol355
- Chapter Conventions355
- PPP Overview356
  - PPP Components356
  - PPP Operation356
- PPP Configuration357
16 Point-To-Point Protocol over Ethernet (Pppoe)381
- Chapter Conventions381
- Pppoe Overview382
  - Pppoe Operation382
  - Alcatel-Lucent Specific Overview on Pppoe Features382
- Pppoe Configuration383
17 Multilink Point to Point Protocol393
- Chapter Conventions393
- MLPPP Overview394
  - MLPPP Components395
  - MLPPP Operation395
- MLPPP Header in Long Sequence Number Format395
18 Multilink Frame Relay407
- Chapter Conventions407
- MLFR Overview408
  - MLFR Components408
  - MLFR Operation408
- MLFR Frame Format for Data Packets409
- MLFR Frame Format for Control Packets409
  - Alcatel-Lucent Specific Overview on MLFR Features410
  - MLFR Configuration410
19 Ethernet OAM (Operations, Administration, and Maintenance)421
- Chapter Conventions421
- OAM Overview423
  - Alcatel-Lucent Specific Overview424
- OAM Configuration on Omniaccess426
- OAM Configuration Using Omniaccess 5740 USG447
  - Configuration Steps447
- OAM Configuration Scenario Using Omniaccess 5740 USG447
20 Bridging Configuration449
- Chapter Conventions449
- Bridging Overview450
  - Alcatel-Lucent Specific Bridging Overview450
- Bridging Configuration on Ppp/Mlppp/Fr/Mlfr/Hdlc/Gige Interface452
  - Bridging Configuration Steps452
  - Bridging Configuration Flow454
- Configuration Flow454
- BCP Configuration Flow454
- BCP Configuration Scenario on Omniaccess 5740 USG462
21 Link Fragmentation and Interleaving (LFI)463
- Chapter Conventions463
- LFI Overview464
  - Alcatel-Lucent Specific Overview on LFI Features464
- LFI Scenario464
  - Overview of LFI in MLPPP465
    - Packet Formats465
- MLPPP Header in Long Sequence Number Format466
  - Configuration of LFI on MLPPP467
  - LFI Configuration on MLPPP468
    - LFI - MLPPP Configuration Steps469
- LFI Configuration on MLPPP469
- End-To-End Fragmentation Format480
  - Configuration of LFI on FR (and FR Sub Interface)481
  - LFI Configuration on FR482
- LFI Configuration on FR489
  - LFI - FR Show Commands490
  - Configuration Example of LFI on FR493
Part 4 Common Classification495
22 Common Classifiers497
- Chapter Conventions497
- CC Overview498
- CC Configuration501
- Sample Examples on the Usage of CC Across Applications522
Part 5 Routing Protocols525
23 Protocol Independent Features527
- Chapter Conventions527
- Protocol-Independent Configuration528
- Protocol-Independent Configuration Commands529
24 Routing Information Protocol557
- Chapter Conventions557
- RIP Overview558
- RIP Configuration559
25 Border Gateway Protocol583
- Chapter Conventions583
- BGP Overview584
- BGP Configuration585
- A Typical BGP Example Using Omniaccess 5740 USG596
26 Open Shortest Path First599
- Chapter Conventions599
- OSPF Overview600
- OSPF Configuration601
- OSPF Configuration on Omniaccess 5740 USG633
  - Example 1633
27 Multicast Routing635
- Chapter Conventions635
- Multicast Overview637
- PIM Configuration640
- IGMP Configuration653
- Multicast Configuration on Omniaccess 5740 USG663
  - Verifying Multicast Routing667
28 Policy Based Routing669
- Chapter Conventions669
- PBR Overview670
  - Alcatel-Lucent Specific Overview670
- PBR Configuration671
- PBR Configuration Example679
  - Configuration Steps680
  - Verification681
29 Virtual Routing and Forwarding683
- Chapter Conventions684
- VRF-CE Overview685
- VRF-CE Configuration687
Part 6 Network Security705
30 Network Address Translation707
- Chapter Conventions707
- NAT Overview708
- Source NAT Configuration711
- Destination NAT Configuration722
- Modifying NAT Configuration736
31 Filter and Firewall741
- Chapter Conventions741
- Network Security - an Overview742
- Filter Configuration746
- Managing Security Configuration764
  - Insertions764
  - Updations765
- Network Attacks - an Overview767
- Network Attack Prevention Configuration774
- Zone Configuration797
- Time-Range/Timer Configuration809
  - Time-Range Configuration Commands809
  - Time-Range Show Command810
- Algs Supported in Omniaccess811
- 5740 Usg811
  - ALG Configuration Commands813
- Customized-Service Rule Based ALG Configuration820
  - Customizing ALG Commands820
- Typical Rule Based ALG and DNAT Example Using Omniaccess 5740 USG823
- Security - Best Practices825
  - Rules for Configuring Packet Filters825
32 IP Security - Virtual Private Network829
- Chapter Conventions830
- Ipsec VPN Overview831
- Ipsec VPN Configuration842
- Ipsec Scenarios on Omniaccess 5740 USG888
- Best Practices for Deploying Ipsec VPN891
- Ipsec NAT-Traversal894
- Scenarios Depicting Ipsec Nat-Traversal895
- Ipsec Tunnel Interface897
  - Before You Configure Ipsec Tunnel Interface897
  - Default Configuration for an Ipsec Profile on Omniaccess 5740 USG898
- Ipsec Tunnel Interface Configuration899
- Ipsec Tunnel Configuration Scenarios Using Omniaccess 5740 USG910
- Dynamic Multipoint Virtual Private Network (DMVPN) Overview912
  - Alcatel-Lucent Specific Overview913
- DMVPN Configuration914
- DMVPN Configuration Scenarios Using Omniaccess 5740 USG926
- Ipsec VPN Server Overview929
  - Alcatel-Lucent Specific Overview929
- Ipsec VPN Server Configuration930
33 Intrusion Detection/Intrusion Prevention System945
- Chapter Conventions945
- IDS/IPS Overview946
  - Alcatel-Lucent Specific Overview946
- IDS/IPS Configuration946
- IDS/IPS Configuration Scenario Using Omniaccess 5740 USG963
34 Generic Routing Encapsulation965
- Chapter Conventions965
- GRE Overview966
- GRE Tunnel Configuration969
- GRE Configuration Scenarios Using Omniaccess 5740 USG976
35 Transparent Firewall985
- Chapter Conventions985
- TF Overview986
  - Omniaccess 5740 USG Specific Overview986
- TF Configuration987
- TF Configuration on Omniaccess 5740 USG993
  - Configuration Steps993
  - Show Commands993
Part 7: Quality of Service995
36 Quality of Service997
- Chapter Conventions997
- Qos Overview998
- Qos Configuration1008
- Qos Test Scenarios on Omniaccess 5740 USG1048
  - Traffic Shaping1048
  - Priority Queuing1049
- Qos on Frame Relay (Per-PVC Queuing)1051
- L2 Qos1060
  - To Attach a L2 Policy Map to an Interface1060
Part 8 TCP/IP Services1061
37 DHCP (Dynamic Host Configuration Protocol)1063
- Server1063
38 DHCP (Dynamic Host Configuration Protocol)1081
- Client1081
39 TFTP (Trivial File Transfer Protocol) Server1097
- Chapter Conventions1097
- TFTP Server Overview1098
  - Alcatel-Lucent Specific Overview1098
- TFTP Server Configuration1099
40 DHCP (Dynamic Host Configuration Protocol) Relay1103
- Chapter Conventions1103
- DHCP Relay Overview1104
  - Alcatel-Lucent Specific Overview1104
- DHCP Relay Configuration1105
- DHCP Relay Test Scenarios Using Omniaccess 5740 USG1109
  - Configuration Steps1109
41 DNS (Domain Name Service)1111
- Client1111
42 Dynamic DNS (DDNS) Client1121
- Chapter Conventions1121
- DDNS Client Overview1122
  - Alcatel-Lucent Specific Overview1122
- DDNS Client Configuration1123
- GRE Tunnel with DDNS Client Test Scenario Using Omniaccess 5740 USG1133
  - Configuration Steps1134
- Ipsec Tunnel with DDNS Client Test Scenario Using Omniaccess 5740 USG1136
  - Configuration Steps1137
Part 9: License Manager1139
43 License Manager1141
- Chapter Conventions1141
- License Manager Overview1142
Part 10 Appendices1151
B Mibs Supported in Omniaccess 5740 USG1161
C Standards Supported by Omniaccess 5740 USG1163
- IETF Standards1163
- IEEE Standards1166
  - Bcp1166
  - Eth-Oam1166
- FRF Standards1166
D Qos Values and Mnemonics1167
- Ip-Dscp1167
- IP-Precedence Mnemonics1171
- Tos Mnemonics1171
- Configuring Ipsec Tunnel between Omniaccess 5740 USG and VPN Firewall Brick1175
  - Configuring Sonicwall (PRO 3060)1182
  - Verification1186
F Failure Scenarios While Installing Omniaccess 5740 USG Software Package1187
- Failure Scenarios While Installing1187
G Software Licenses and Acknowledgements1189
- Linux Kernel1190
- Intel Linux Device Driver Software1190
- PMC-Sierra Linux Device Driver Software1190
- Ecos1191
- U-Boot1192
- Linux STP1192
- Paul's PPP Package1192
- Dhcp1194
- Tftp-Hpa1195
- Net-SNMP1196
- Openssh1198
- Zebra Cli1200
- GNU Pth - the GNU Portable Threads1201
- TCP Proxy and Reassembly1201
- Strongswan IKE1202
- Freebsd Crypto Library1202
- Snort1203
- Mbedthis Appweb1203
- Libxslt1204
- Busybox1205
- Iputils1205
- E2Fsprogs1207
- Inetutils, Gawk, GDB1207
- Curl1208
- Pcre1208
- Md51209
- GNU General Public License1210
- GNU Lesser General Public License1216
- Mozilla Public License1225

Alcatel-Lucent OmniAccess 5740 - Semi-Trusted Zone or Demilitarized Zone

Table of Contents

Other manuals for Alcatel-Lucent OmniAccess 5740

Related product manuals