Firepro Router tech support.pdf

7/16/2019 Firepro Router tech support.pdf

http://slidepdf.com/reader/full/firepro-router-tech-supportpdf 1/14

FPBR 1000 Support Note 1.1



Firepro TAC Team

1. Ip Addressing

1.1 CLI

1.1.1 How to assign ip address on an interface

[admin@Firepro] > ip address <<ip address directory>>

[admin@Firepro] /ip address> print <<to print the configuration>>

Flags: X - disabled, I - invalid, D - dynamic

# ADDRESS NETWORK BROADCAST INTERFACE

[admin@Firepro] /ip address>

[admin@Firepro] /ip address> add address=192.168.1.1/24 interface=ether? <<Adding Ip address on Ethernet>>

Interface::= ether1 | ether2 | ether3 | ether4 | ether5

[admin@Firepro] /ip address> add address=192.168.1.1/24 interface=ether1

(To assign an ip address always put the CIDR/Class of IP Address like “/24,/16,/28,/8”)

[admin@Firepro] /ip address> pr



0 192.168.1.1/24 192.168.1.0 192.168.1.255 ether1


1.1.2 How to Change an IP Address on an Interface

[admin@Firepro] > ip address




0 192.168.1.1/24 192.168.1.0 192.168.1.255 ether1

[admin@Firepro] /ip address> set 0 address=10.0.0.1/8 network=10.0.0.0 broadcast=10.255.255.255




0 10.0.0.1/8 10.0.0.0 10.255.255.255 ether1


1.2 GUI

For using Firepro Router in GUI mode, winbox tool is required. You can download the winbox configuration tool from any router webpage.

After downloading Winbox Console tool, run the winbox tool and click on “…” button to see the mac-address and IP address of connected router.

Enter the MAC-address or IP address in “Connect to” provide the Login credentials. And click connects.



Firepro TAC Team

Note: To open a firepro router via IP through winbox console. It is mandatory that the PC should be in the same network.

After a successful connection, Click on “IPAddress “

Click on +, put the required ip address in Address and Select Interface. The click “applyOK”



Firepro TAC Team

1.2.1 To change the IP address

Dbl-click on the selected IP Address, change the address then disable the network and broadcast by clicking arrow, in last clik applyok.

2. IP Route

2.1CLI

To configure routes in Firepro Router please follow the below figure.

Here two routes 1# and 2# are automatically created whenever an ip address is assigned. We called these routes as Active dynamically connected routes.

The command for adding routes are as follow.

“add dst-address=y.y.y.y/y gateway=x.x.x.x”

dst-address ---- Destination address should be like 71.0.0.0/8,10.0.0.0/8,0.0.0.0/0

Gateway --- next hop address



Firepro TAC Team

2.2 GUI

To configure IP routes via GUI mode, click on IPRoutes.

Click on +, Add “Destination and gateway”, then click apply ok.

You can add required specific routes too in the same fashion.

3. Vlan-Interface

3.1 CLI

For creating Vlan-Interface on firepro router, please go through the below commands.

First decide on which interface you want to make a Vlan interface. In the given example we use ether1.

When we create a vlan interface through CLI then by default it is disabled. So for enabling it first check its Serial ID mentioned under #. And follow the command “enable

<#ID>”.

In this way you can configure, as many interface you required.



Firepro TAC Team

3.2GUI

For creating Vlan interface using GUI mode, click on “interface then select + and select VLAN.

In the new interface window, add name, VLAN ID, select Interface. Then click apply and OK.

Note: by default the encapsulation supported by firepro for VLAN Interface is dot1q



Firepro TAC Team

4. Tunnel

4.1CLI

Cisco

Configure the tunnel interface on Cisco router as mentioned below

Firepro

For creating Tunnel on Firepro please follow the steps below.

Local Address --- Tunnel Source Address

Remote Address --- Tunnel Destination Address

IP Address--- Tunnel IP Address

5. Nat

5.1SNat

SNAT or Source nat means to Masquerade the WAN ip/Interface with the LAN IP/Pool/Interface. For e.g. see the below diagram.

Internet/WAN

Cloud

FE0/1-(10.10.10.2/30)

Gateway-10.10.10.1

FPBR 1000

PC 1

PC 2

192.168.1.2/24

192.168.1.3/24

FE0/2-(192.168.1.1/24)

MAIPU

CISCO

Firepro

10.10.10.1/30

10.10.10.2/3011.11.11.1/30

11.11.11.2/30

Tunnel



Firepro TAC Team

Cases:-

-SNat Wan ip--LAN ip (Src-Nat)

-SNat Wan ip—LAN pool (Src-Nat)

-Masquerade WAN Interface (Masquerading) Note: Only applicable, if the WAN ip is already Nated.

Solution:-

Case 1:- SNat Wan IP – LAN IP (Src-NAT)

Case 2:- Nat Wan IP – Whole LAN Pool (Src-NAT)



Firepro TAC Team

Case 3:- Masquerading WAN Interface

5.2DNAT

DNAT or Destination NAT means to transparently changing the destination IP address of an en-route packet. As per below diagram

Cases:-

-DNAT WAN IP –

LAN Server-PAT port forwarding of WAN IP – one or more servers (DMZ)

Solution:-

Case1: DNAT WAN IP – LAN IP

FPBR 1000

Internet/WAN

Cloud

FE0/1-(10.10.10.2/30)

Gateway-10.10.10.1 PC1

192.168.1.2/24FE0/2-(192.168.1.1/24)



Firepro TAC Team

Case2: PAT – one or more servers (DMZ)

6. Queuing (Rate Limit) On an Interface.

6.1CLI

For adding queuing on an interface, please follow the procedure as below.

Interface --- Interface on which you want to restrict the traffic

Limit at ----- X/X(Upload/Download) limit.

Max-limit- -- X/X (Upload/Download) limit

Queue--- Queue type (default, small, ethernet, wireless—pfifo, sfq)

FPBR 1000

Internet/WAN

Cloud

FE0/1-(10.10.10.2/30)

Gateway-10.10.10.1 HTTP

192.168.1.3/24FE0/2-(192.168.1.1/24)

FTP

192.168.1.2/24



Firepro TAC Team

6.2GUI

Click on “Queues”

7. Troubleshooting Guide

7.1Ping

Ping option is available in tools option in GUI. Also you can use the ping tool via cli as below.



Firepro TAC Team

7.2Traceroute

Traceroute option is available in tools menu. For terminal use the command below.

7.3 ARP Address

You can check the ARP entries in IP ARP menu through winbox console. Or via terminal follow the command below.

7.4 Monitoring interface/Changing Duplex/Speed

You can check or change the speed and duplex of any interface in cli by the commands as mentioned below.



Firepro TAC Team

7.5 Nat connections/Translation

For checking the Nat Translations/Connections you go wi th the following commands

7.6 Ip address

This command shows the IP address on interfaces

7.7 Ip route

This command show how to check the ip routes status on Firepro Router

7.8 SNMP

On firepro router, by default SNMP is disabled, So these commands enable the SNMP and also to add a new community on firepro router.

7.9 Resources

If you want to check the resources of firepro router like RAM, Processor, Flash etc. Then follow the command below.



Firepro TAC Team

7.10 Logs

For checking logs use the command mentioned below

7.11 Telnet

You can telnet any reachable device simply by using this command.

7.12 Torch (Monitoring traffic on via CLI)

You can analyze the traffic through CLI mode on any interface with this command.

8. Miscellaneous Commands

Add ---- for adding configurationRemove ---- for removing configuration

Set ----for changing configuration

Print ---- for printing configuration

Disable ----disabling configuration/interface

Enable ---- Enable configuration/interface

? ----- hint commands

.. ----- changing to parent directory

/ ----- changing root directory (global mode)

ctrl+c or q -----breaking any running command

Note: All the commands in firepro router are case sensitive. So kindly use the appropriate command to do the configuration.

Firepro Router tech support.pdf

Documents

Transcript of Firepro Router tech support.pdf