EasyManua.ls Logo

ELTEX ESR-1511 User Manual

Default Icon
650 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
Page #1 background imageLoading...
Page #1 background image

ESR series service routers
ESR-10, ESR-12V, ESR-12VF, ESR-14VF, ESR-15V, ESR-20, ESR-21,
ESR-30, ESR-100, ESR-200, ESR-1000, ESR-1200, ESR-1500, ESR-1700,
ESR-1511, ESR-3100, ESR-3200
User manual
Firmware version1.18.1

Table of Contents

Question and Answer IconNeed help?

Do you have a question about the ELTEX ESR-1511 and is the answer not in the manual?

ELTEX ESR-1511 Specifications

General IconGeneral
Device TypeRouter
WAN Ports1
LAN Ports4
Dimensions190 x 130 x 30 mm
Power Supply5V 1A
Flash Memory16 MB
Console PortNo
Operating Temperature0°C to +40°C
Weight0.25 kg
FirewallYes
QoSYes
Ethernet Ports4
USB Ports1
Ports5 (1 WAN + 4 LAN)
VPN SupportPPTP, L2TP
Storage Temperature-20°C to 70°C
Humidity10% to 90% (non-condensing)

Summary

2 Product description

2.2 Functions

2.3 Main specifications

Lists the primary hardware specifications of various ESR router models, including interfaces and ports.

3 Installation and connection

3.1 Support brackets mounting

Instructions for installing support brackets on the device for rack mounting.

3.2 Device rack installation

Steps for installing the device into a standard rack, ensuring proper alignment and security.

3.3 ESR-1000, ESR-1200, ESR-1500, ESR-1511, ESR-1700, ESR-3100, ESR-3200 power module installation

Procedure for installing power modules in supported ESR router models, including main and reserve slots.

3.4 Connection to Power Supply

Guidelines for safely connecting the device to AC or DC power supply, including earthing requirements.

3.5 SFP transceiver installation and removal

4 Management interfaces

4.1 Command line interface (CLI)

Details on using the Command Line Interface for device management, authorization, and command categories.

4.2 Types and naming procedure of router interfaces

4.3 Types and naming procedure of router tunnels

5 Initial router configuration

5.1 ESR router factory configuration

Describes essential basic settings installed from the factory, allowing gateway use with SNAT.

5.1.1 Description of factory settings

Details the two security zones ('Trusted' and 'Untrusted') and interface division for network connection.

5.2 Router connection and configuration

Covers connecting the ESR series router to public data networks and basic router configuration.

5.2.1 Connection to the router

Options for connecting to the device, including Ethernet LAN and RS-232 console port.

5.2.2 Applying the configuration change

Explains how changes made in the configuration take effect after applying commands and the rollback mechanism.

5.2.3 Basic router configuration

Outlines the initial steps for router configuration, including password change, user creation, and network parameters.

6 Firmware update

6.1 Updating firmware via system resources

Procedure for updating firmware on a running operating system using TFTP, FTP, or SCP servers.

6.2 Updating firmware via bootloader

Steps for updating router firmware via the bootloader, including TFTP server address and file name.

6.3 Secondary bootloader update (U-Boot)

Process for updating the secondary bootloader (U-Boot) to the flash.

7 Safe configuration recommendations

7.1 General recommendations

General advice for safe operation, including disabling unused interfaces, setting system clock, and firewall configuration.

7.2 Event logging system configuration

Describes algorithms for configuring event logging, including message storage, rotation, and transmission to an external server.

7.3 Password usage policy configuration

Details on configuring password policies, including change requests, lifetime, length, and character type requirements.

7.4 AAA policy configuration

Explains AAA policy configuration, including recommendations for role-based access and personal accounts.

7.5 Remote management configuration

Recommendations for secure remote access, including disabling Telnet, using crypto-resistant algorithms, and limiting access by IP address.

7.6 Configuration of protection against network attacks mechanisms

Recommendations for configuring protection against various network attacks, including IP spoofing and TCP flag anomalies.

8 Interface management

8.1 VLAN Configuration

8.2 LLDP configuration

8.3 LLDP MED configuration

8.4 Sub-interface termination configuration

8.5 Q-in-Q termination configuration

8.6 USB modems configuration

8.7 STP/RSTP configuration

8.8 PPP through E1 configuration

8.9 MLPPP Configuration

8.10 Bridge configuration

8.11 Dual-Homing configuration

8.12 Mirroring configuration (SPAN/RSPAN)

8.13 LACP configuration

8.14 AUX configuration

9 Tunneling management

9.1 GRE tunnel configuration

9.2 DMVPN configuration

9.3 L2TPv3 tunnel configuration

9.4 IPsec VPN configuration

9.5 LT tunnels configuration

10 QoS management

10.1 Basic QoS

10.1.1 Configuration algorithm

Steps for configuring basic QoS, including enabling QoS, setting trust mode, and mapping DSCP/CoS values.

10.2 Advanced QoS

10.2.1 Configuration algorithm

Steps for advanced QoS configuration, including creating access lists, class maps, and policy maps.

11 Routing management

11.1 Routing information advertising policy

11.2 Static routes configuration

11.3 RIP configuration

11.4 OSFP configuration

11.5 BGP configuration

11.6 BFD configuration

11.7 PBR routing policy configuration

11.8 VRF configuration

11.9 MultiWAN configuration

11.10 IS-IS configuration

12 MPLS technology management

12.1 LDP configuration

12.2 Configuring session parameters in LDP

12.3 Configuring session parameters in targeted-LDP

12.4 LDP tag filtering configuration

12.5 L2VPN Martini mode configuration

12.5.1 L2VPN VPWS configuration algorithm

12.5.2 L2VPN VPLS configuration algorithm

12.6 L2VPN Kompella mode configuration

12.6.1 L2VPN VPLS configuration algorithm

12.7 L3VPN configuration

12.8 MPLS traffic balancing

12.9 Operation with the bridge domain within MPLS

12.10 Assignment of MTU when operating with MPLS

12.11 Inter-AS Option A

12.11.1 L2VPN

12.12 Inter-AS Option B

12.12.1 L3VPN

12.13 MPLS over GRE

13 Security management

13.1 AAA configuration

Covers AAA configuration for access provisioning and control, including Authentication, Authorization, and Accounting.

13.1.1 Local authentication configuration algorithm

Steps for configuring local user authentication methods and privilege elevation.

13.1.2 AAA configuration algorithm via RADIUS

Details on configuring AAA authentication using RADIUS servers, including connection and key settings.

13.1.3 AAA configuration algorithm via TACACS

Explains AAA configuration using TACACS servers for authentication and accounting.

13.1.4 AAA configuration algorithm via LDAP

Provides steps for configuring AAA authentication using LDAP servers, including base DN and search scope.

13.1.5 Example of authentication configuration using telnet via RADIUS server

13.2 Command privilege configuration

Describes how to assign user privilege levels to command sets for fine-grained access control.

13.3 Logging and network attacks protection configuration

Details configuration for logging system events and protecting against network attacks like ICMP flood and SYN flood.

13.4 Firewall configuration

Explains the functionality and configuration of the firewall for controlling and filtering network packets.

13.4.1 Configuration algorithm

Steps for configuring firewall operation modes, session lifetimes, and security zones.

13.5 Access list (ACL) configuration

13.5.1 Configuration algorithm

Steps for creating ACLs, defining rules, actions, and matching criteria.

13.6 IPS/IDS configuration

Details IPS/IDS configuration for detecting and preventing intrusions and security breaches using signature-based analysis.

13.6.1 Base configuration algorithm

Steps for creating a basic IPS/IDS security policy and assigning it to interfaces.

13.6.2 Configuration algorithm for IPS/IDS rules autoupdate from external sources

Procedure for configuring automatic updates for IPS/IDS rules from external sources.

13.6.4 IPS/IDS configuration example with rules autoupdate

13.8 Content filtering service configuration

13.8.1 Basic configuration algorithm

Steps for basic content filtering configuration, including DNS server setup and IPS/IDS policy creation.

13.9 Antispam service configuration

13.9.1 Basic configuration algorithm

Steps for basic Antispam service configuration, including network name, domain, and DNS settings.

14 Redundancy management

14.1 VRRP configuration

Explains VRRP configuration for increased router availability, acting as a default gateway.

14.1.1 Configuration algorithm

Steps for configuring VRRP on interfaces, including virtual IP, router ID, priority, and group settings.

14.3 Firewall/NAT failover configuration

Details firewall and NAT failover configuration for reserving firewall sessions.

14.3.1 Configuration algorithm

Steps for configuring firewall failover modes, source/destination addresses, and VRRP group binding.

14.4 DHCP failover configuration

Explains DHCP failover configuration for reserving IP addresses issued by the DHCP server.

14.4.1 Configuration algorithm

Steps for configuring DHCP failover modes, local/remote addresses, and VRRP group binding.

15 Remote access configuration

15.1 Configuring server for remote access to corporate network via PPTP protocol

15.1.1 Configuration algorithm

Steps for creating a PPTP server profile, including remote gateway, user authentication, and security zone settings.

15.2 Configuring server for remote access to corporate network via L2TP protocol

15.2.1 Configuration algorithm

Steps for creating an L2TP server profile, specifying IP addresses, authentication, and security settings.

15.3 Configuring server for remote access to corporate network via OpenVPN protocol

15.3.1 Configuration algorithm

Steps for configuring OpenVPN server, including certificates, encryption, and user authentication.

15.4 Configuring remote access client via PPPoE

15.4.1 Configuration algorithm

Steps for creating a PPPoE tunnel, specifying user credentials, and interface settings.

15.5 Configuring remote access client via PPTP

15.5.1 Configuration algorithm

Steps for creating a PPTP tunnel, specifying remote gateway, user authentication, and security zone.

15.6 Configuring remote access client via L2TP

15.6.1 Configuration algorithm

Steps for creating an L2TP tunnel, specifying user credentials, authentication, and security settings.

16 Service management

16.1 DHCP server configuration

Covers configuring LAN device network settings using the integrated DHCP server.

16.1.1 Configuration algorithm

Steps for enabling DHCP server, setting DSCP values, and configuring IP address pools.

16.2 Destination NAT configuration

16.2.1 Configuration algorithm

Steps for configuring DNAT, including creating pools, rulesets, and specifying actions.

16.3 Source NAT configuration

16.3.1 Configuration algorithm

16.4 Static NAT configuration

16.4.1 Configuration algorithm

16.5 HTTP/HTTPS traffic proxying

16.5.1 Configuration algorithm

16.6 NTP configuration

16.6.1 Configuration algorithm

17 Monitoring

17.1 Netflow configuration

17.1.1 Configuration algorithm

17.2 sFlow configuration

17.2.1 Configuration algorithm

17.3 SNMP configuration

17.3.1 Configuration algorithm

17.4 Zabbix-agent/proxy configuration

17.4.1 Configuration algorithm

17.5 Syslog configuration

17.5.1 Configuration algorithm

17.7 Router configuration file archiving

18 BRAS (Broadband Remote Access Server) management

18.1 Configuration algorithm

18.2 Example of configuration with SoftWLC

18.3 Example of configuration without SoftWLC

19 VoIP management

19.1 SIP profile configuration algorithm

19.2 FXS/FXO ports configuration algorithm

19.3 Dial plan configuration algorithm

19.4 PBX server configuration algorithm

19.5 Registration trunk creation algorithm

19.6 VoIP configuration example

19.7 Dial plan configuration example

19.8 FXO port configuration

19.9 Example of VoIP configuration for FXS ports registration on external SIP server

19.10 Example of VoIP configuration on internal PBX server

Related product manuals