How To Notes for AlliedWare Products
These How To Notes are for Allied Telesis products running the AlliedWare operating system. They are organised into the following categories:
- Setup, Management and Troubleshooting
- Interfaces and Layer 2
- Layer 3 Switching and Routing
- Access and Security
- Virtual Private Networks
- High Availability
(products that run AlliedWare)
Setup, Management and Troubleshooting
How To Use The Allied Telesis GUI To Customise The Router And Set Up An Internet Connection
This AlliedWare How To Note describes how to customise an Allied Telesis router and configure its basic LAN and WAN interfaces, using the web-based Graphical User Interface (GUI). Topics: LAN, WAN, ADSL, Ethernet, Cable, PPPoE
How to configure the AT-AR450S Firewall using the Graphical User Interface (GUI)
This document describes the firewall configuration facility availabel on the AT-AR450S HTTP-based Graphical User Interface (GUI). The GUI is a web-based device management tool, designed to make it easier to configure and monitor the router, and provides an alternative to the Command Line Interface (CLI). Its purpose is to make complicated tasks simpler and regularly performed tasks quicker.
How to set up your AT-AR440S ADSL Router for Typical Network Scenarios
Get your AT-AR440S ADSL router up and running as quickly as possible. It describes a basic Internet access and Firewall protection configuration.
How To Upgrade Release Software on Allied Telesis Routers and Managed Layer 3 Switches
This AlliedWare How to Note describes how to locate, load, and install firmware updates.
How To Configure Some Advanced Features on your ADSL Router
This Note describes how to configure the firewall, NAT, the DHCP server, DNS relay, ISDN backup of the ADSL link, and VPNs with NAT-T. It also describes basic and advanced troubleshooting procedures.
Best Practice For On-site Debugging
This AlliedWare How To Note describes techniques for on-site debugging. These ideas make it less likely that you will miss important pieces of information, make it simpler for someone else to analyse the debug information that you capture, and enable you to be more accurate in after-the-event discussions of what you saw..
AlliedWare Technical Tips and Tricks for Routers and Managed Layer 3 Switches
This document contains useful technical tips and tricks for Allied Telesis routers and managed Layer 3 switches running AlliedWare.
How To Configure a UPnP Internet Gateway Device with Windows XP as UPnP Control Point
This document describes how to configure your router as a UPnP Internet Gateway Device (IGD), and how to configure your Windows XP machine as a UPnP control point. Topics: UPnP, firewall, NAT traversal, Windows XP, videoconferencing.
How to configure SNMPv3 on Allied Telesyn devices
This document describes how to configure Simple Network Management Protocol v3 (SNMPv3) on Allied Telesis devices. When SNMP was first introduced security was not really a consideration, but as its use increased several security weaknesses became apparent. SNMPv3 was introduced to attempt to address those weaknesses.
Interfaces and Layer 2
This Overview describes VLANs—what they are, why they were developed, and how they behave. It focuses on the general principles of VLANs, instead of describing any particular switch implementation.
How to Configure, Verify, and Debug Link Aggregation Control Protocol (LACP)
Link Aggregation Control Protocol (LACP) is a control protocol that automatically detects multiple links between two LACP enabled devices and configures them to use their maximum possible bandwidth by automatically trunking the links together.
How To Configure IGMP for Multicasting on Routers and Managed Layer 3 Switches
Allied Telesis routers and switches use IGMP - Internet Group Management Protocol - to track which multicast groups their hosts belong to. This How To Note describes basic and advanced IGMP, IGMP snooping, IGMP proxy, IGMP filters, and more.
How to configure resilient Layer 2 multicast networks using IGMP
This document describes the recommended configuration for designing a resilient network for multicast distribution across a Layer 2 infrastructure.
How to configure IGMP snooping with unregistered multicast addresses such as SLP
If you want to advertise or learn services via multicast and you also want to use IGMP snooping, then you need to configure static IGMP entries on the switch. This How To Note describes the configuration, using SLP as an example.
How to configure Multiple Spanning Tree Protocol (MSTP)
This document provides configuration examples and guidelines for configuring Multiple Spanning Tree Protocol on Allied Telesyn switches.
How to Monitor Ethernet interface state changes
This AlliedWare How to Note describes how to monitor Ethernet interface state changes on your Allied Telesis routers.
How To Configure Power over Ethernet
Power over Ethernet (PoE) is a technology allowing devices such as IP telephones to receive power over existing LAN cabling.
How To Configure An L3 Switch To Use Different MAC Addresses On Different VLANs
Allied Telesis managed L3 switches use one MAC address for the whole switch. This can cause interoperability issues with some L2 switches. Therefore, this AlliedWare How to Note describes how to use VRRP to give different MAC addresses to different VLANs.
How to configure nested VLANS on the AT-8948 switch
This document provides configuration examples and guidelines for configuring Multiple Spanning Tree Protocol on Allied Telesyn switches.
How to set up PPPoE between a Linux client and an Allied Telesis access concentrator
This AlliedWare How to Note describes how to set up PPPoE between a Linux client and an Allied Telesis device.
How To Configure Allied Telesis and Cisco routers to interoperate over L2TP
This AlliedWare How to Note covers a range of examples on how to configure Allied Telesis and Cisco routers to interoperate over Layer 2 Tunnelling Protocol (L2TP)
This document provides information about E1 versus T1 links, unstructured versus structured E1, and how to configure these.
How To Configure An Allied Telesis Router For Multiple Microsoft Point-to-Point Tunnelling Protocol
Point-to-Point Tunnelling Protocol (PPTP) allows you to securely transfer data from your travelling staff to your office network using a VPN across TCP/IP-based data networks. This AlliedWare How to Note describes the firewall's PPTP proxy agent and includes a NAT configuration.
How to configure ISDN calls on Allied Telesis routers
This document examines all the ISDN configuration options available on Allied Telesis routers, explains their purpose in practical terms, and gives configuration examples.
How To Troubleshoot ISDN Connections
This AlliedWare How to Note contains steps for troubleshooting ISDN connections. Topics: BRI, PRI, LAPD, ISDN, PPP, CHAP, PAP
How To Configure Common ISDN Access Concentration With The Firewall
This AlliedWare How to Note provides examples of how to configure a network of remote Small Office /Home Office (SOHO) routers connected to a central office router via ISDN connections. Topics: ISDN, firewall, PPP, CHAP, PAP, IP filters, freeRADIUS
How to configure port-IP binding
This document describes how to configure switches to operate in a way that is frequently required by service providers. In summary, the service provider’s requirement is that only one IP address can be used on any port. This can be referred to as port-IP binding.
Configure Frame Relay over a DS3 Interface Between Two Rapier 24i Switches
This document provides a basic configuration example for configuring Frame Relay over a DS3 interface between two Rapier 24i switches.
How To Configure link compression facilities in the AR router
In this document we are looking specifically at data link compression, i.e. compression that operates by compressing the whole data stream, including the network layer packet headers used for routing.
How To Configure asynchronous calls on the AR Router
The ACC module can be configured to answer calls made to a modem connected to an asynchronous port, validate the user making the call and configure the port to the mode appropriate to the desired service.
Layer 3 Switching and Routing
Overview Of How Allied Telesis Routers And Managed Layer 3 Switches Choose The Best IP Route
As a network becomes more complex it will often become multiply connected, giving multiple paths from any given point to any other point. This document describes the router or switch's criteria for choosing from among the multiple routes.
How to configure basic IPv6 interoperability between an AR450 router and Windows XP
This document introduces basic IPv6 interoperability testing between an AR450 router and Microsoft® Windows® XP. This document is essentially a lab note, and assumes you have a basic knowledge of IPv6 implementation as well as knowledge of configuring the Windows XP operating system.
How to configure basic IPv6 interoperability between an AT-AR450S and Red Hat Linux
In the examples, an AR450S running AlliedWare 54-252 with patch-01, was configured against a Red Hat™ Linux™ client running Red Hat 8.0, Kernel 2.4.18-14.
How To Use Dynamic DNS To Allow You To Host Servers Behind A Dynamically-Assigned Public IP Address
The dynamic DNS client allows you to host web domains, FTP servers, and mail servers behind a dynamically-assigned public IP address that periodically changes. It works with the service provided by DynDNS.com (www.dyndns.com).
How to Minimise the impact of unstable eBGP routes
How to minimise the impact of unstable eBGP routes or flapping Border Gateway Protocol (BGP) routes, caused by recursive routing failure.
How To Use Route Maps and Other Filters to Filter and Alter BGP and OSPF Routes
This How To provides an overview of BGP implementation and the use of route maps for OSPF on Allied Telesis routers and switches.
How To Achieve Router-On-A-Stick Routing Between VLANs On Allied Telesis Routers
Router on a stick, also called one-armed routing, describes the use of a single multihomed interface of a router to route between multiple subnets. It is commonly used when multiple IP subnets are being used on a single LAN segment.
How To Configure Dynamic Routing Over An L2TP Tunnel
This How To Note shows an example of using a dynamic routing protocol over an L2TP tunnel. Topics: L2TP, RIP, OSPF
How to configure IPv6 over IPv4 tunnelling interop between an AR740 and a CISCO 4500
This document introduces tunnelling IPv6 packets over an IPv4 network, and a method of obtaining interoperability between Allied Telesis AR740 and Cisco 4500 routers.
Access and Security
How To Create A Secure Network With Allied Telesis Managed Layer 3 Switches
Allied Telesis switches include a range of sophisticated security features at layer 2 and layer 3. This How To Note describes these features and includes brief examples of how to configure them. Topics: broadcast storms, rapid MAC movement, IGMP, SSH, SSL, SNMPv3, whitelists, IP spoofing, ARP spoofing, ARP poisoning, DHCP snooping, 802.1x, private VLANs, MAC-forced forwarding, MACFF, local proxy ARP, filters.
How To Configure the AT-8948 and 9900 series switches for maximum security against attack
This document looks at the Allied Telesis AT-8948 and AT-9900 series switches and considers several aspects of secure configuration of these devices.
How To Configure Some Basic Firewall and VPN Scenarios
This document provides examples that illustrate common configurations for security routers: a basic Ethernet connection, a basic PPPoE configuration, an internal L2TP network server (LNS), an IPsec VPN, a PPTP server on the LAN behind the router, and a DMZ with private addresses.
How To Apply Firewall Policies And Rules
This AlliedWare How To Note describes some of the more subtle aspects of dealing with firewall policies and how to apply rules to various traffic flows when using multiple firewall policies.
How To Allow Public and Private Address Access to Servers at a Service Provider Client Site
This document contains configuration examples and guidelines for a situation that uses firewall and enhanced NAT where you need to make a server’s registered public address accessible from hosts on the firewall’s private interface.
How to Configure WinXP PPPoE client to PPPoE Access Concentrator with RADIUS Authentication
The purpose of this document is to provide a simple example of how to configure the AlliedWare PPPoE AC to interoperate with the Windows XP PPPoE client, and to use a Radius server for user authentication.
How to configure IPv6 support for IPSec on AR450S routers
This document describes how to configure IPv6 support for IP Security (IPSec) on your AR450S router, and provides a configuration example, illustrating how to configure IPSec with IPv6 using ISAKMP/IKE key management.
How To Configure the Firewall VoIP Support Service (SIP ALG)
This How To Note describes how to configure the SIP ALG (Application Level Gateway), which handles VoIP calls across the firewall.
How to Configure URL Filtering Using the Firewall’s HTTP Proxy
This document describes how the firewall's HTTP proxy can be used to filter outbound HTTP sessions based on the URLs requested. This allows the network administrator to prevent users from downloading undesirable resources from the Internet.
How To Set up a RADIUS Server for User Authentication
This document is to help users set up a RADIUS server to authenticate users who access the device by Telnet or via the console port. It makes use of commands and features modified or added with the release of 2.7.3.
How To Configure A Secure Network Solution For Schools
This configuration has two VLANs: admin and curriculum. Teachers can access both areas from anywhere in the school. Students can never access the admin area. Topics: security, firewall, PPPoE, RADIUS, DHCP
How To Use DHCP Snooping and ARP Security to Block ARP Poisoning Attacks
This AlliedWare How To Note shows how to use ARP security to prevent ARP poisoning. It includes a configuration example of how to block attacks from the Cain & Abel tool. Keywords: ARP poisoning, ARP spoofing, ARP poison routing, APR, IP spoofing, DHCP snooping.
How To Use MAC-Forced Forwarding with DHCP Snooping to Create Enhanced Private VLANs
This AlliedWare How to Note describes how to use MAC-forced forwarding, in conjunction with private VLANs and DHCP snooping, to increase Layer 2 security.
How To Use DHCP Snooping, Option 82, and Filtering on AT-9900 and x900-48 Series Switches
This document describes DHCP snooping, DHCP Option 82 and DHCP filtering, and takes you through step-by-step configuration examples. It ends with troubleshooting information, and sample configuration for ISC DHCP server.
How To Use DHCP Snooping, Option 82, and Filtering on AT-8800, AT-8600, AT-8700XL, and Rapier i
This document describes DHCP snooping, DHCP Option 82, and DHCP filtering, and takes you through step-by-step configuration examples. It ends with troubleshooting information, and sample configuration for ISC DHCP server.
How To Configure Basic 802.1x Port Authentication
This How To Note outlines the 802.1x authentication process, then gives basic configurations for an Allied Telesis device as the Authenticator, a Steel-Belted RADIUS server as the Authentication Server, and Windows XP Professional as the Supplicant.
How To use 802.1x VLAN assignment
In a network environment that contains multiple VLANs, it can be very desirable for roaming users to be assigned to the same VLAN, no matter at which point they connect to the network. This means that they will always have access to the same set of network resources irrespective of which physical location on the network they happen to be connected to.
How To Configure A Secure School Network Based On 802.1x
This AlliedWare How To Note describes a specific example of a highly reproducible school network solution from Allied Telesis. Topics: security, 802.1x, classifiers, filters, RADIUS
How To Use 802.1x Security with AT-WA7400 APs, AT-8624PoE Switches, and Linux’s freeRADIUS and Xsupp
This How To Note details how to take advantage of 802.1x security to ensure that users who connect to your wireless LAN are authorised first. Additionally, it gets the RADIUS server to pass a WEP key to the supplicant so that wireless conversations to the access points are encrypted. The example in this Note uses Linux for both the access controller (RADIUS server) and the supplicant (client). Other products: AT-WA7400
This AlliedWare How to Note describes how to create a secure LAN, using two servers and an 802.1x-compatible Allied Telesis switch. The servers are running Microsoft Windows Server 2003. This How To note takes you step-by-step through the configuration required for PEAP-MS-CHAP v2 authentication, then through the steps required for EAP-TLS authentication.
How To Configure MAC-based port authentication
This AlliedWare How to Note describes how to configure MAC-based port authentication both with and without VLAN assignment.
How To Configure Hardware Filters on AT-9900, x900-48, and x900-24 Series Switches
This How To Note describes how to create classifiers and hardware filters, especially how to use the "inner" VLAN parameters and the layer 4 masks. Then it discusses the extensive filter actions and how many filters you can make.
How To Configure QoS on AT-9900, x900-48, and x900-24 Series Switches
This How To Note describes generic configuration examples for Quality of Service (QoS) on AT-9900 and x900 series switches running the AlliedWare OS. Topics: egress rate limiting, setting priority (802.1p, CoS, DSCP, TOS), setting egress queue
Overview of the Quality of Service (QoS) features on the AT-8948 switch
The purpose of this document is to enable a user who already has some familiarity with the QoS features on the Rapier and AT-9800 series products to understand the new features of the AT-8948, and how they have been integrated into the existing command structure.
How to Configure QoS to Conform to Standard Marking Schemes
This How To Note describes how to deploy a QoS solution across an entire network.
How To configure filtering actions on QoS flow groups and traffic classes
This AlliedWare How to Note describes how to achieve filtering activity as part of the QoS process.
How to configure software QoS for some specific customer scenarios
The purpose of this document is to give some real-world configuration examples for software QoS (SQoS). In each case, the customer requirements are described, and then the configuration is given which satisfies those requirements. In some cases, there is a discussion of the reasoning behind the configuration choices.
How To Achieve Quality of Service over a Low-Speed WAN that has a Non-QoS-Capable Gateway Device
This How To Note describes how to use a router to give preferential treatment to sensitive traffic such as voice, even when it goes through a gateway modem with no QoS capability. It includes a software QoS (SQoS) configuration using DAR.
Virtual Private Networks
An Overview of VPN Solutions in How To Notes
This document lists all the VPN How To Notes, with a brief summary of each Note. Its purpose is to make you aware of all the available solutions and to help you choose the appropriate solution for your network.
How To Use The Allied Telesis GUI Wizard To Create A Site-to-Site VPN
This How To Note describes how to configure a Virtual Private Network (VPN) between LANs at two sites, such as a central office and a branch office. Use this Note when the VPN does not go through a NAT gateway device.
How To Use The Allied Telesis GUI Wizard To Create A Site-to-Site VPN Through A NAT Gateway Device
This AW How To Note describes how to configure a Virtual Private Network (VPN) between LANs at two sites. Each LAN is connected to the Internet through an Allied Telesis router. In addition, the router at one end is connected to the Internet through a separate Network Address Translation (NAT) gateway device, such as an ADSL modem, and uses NAT-T.
This document describes how to provide secure remote access through IP Security (IPsec) Virtual Private Networks (VPNs), with an emphasis on using an Allied Telesis router at ahead office and roaming Windows 8 clients.
How To Configure VPNs In A Corporate Network, With Optional Prioritisation Of VoIP
This document describes how to configure VPNs to remote offices and roaming clients. It also describes how to prioritise voice traffic. Topics: VPN, IPsec, firewall, SQoS, VoIP, security.
How To Troubleshoot A Virtual Private Network (VPN)
This Alliedware How To Note describes how to test and troubleshoot an IPsec configuration, using the CLI and the GUI.
How To Create an X.509 Certificates VPN Between an Allied Telesis Router and a Windows XP Client
This solution uses X.509 certificates to provide a public key technique to seed the ISAKMP negotiation between the VPN access concentrator (AT router) and VPN remote host (XP Computer), thus providing a more secure authentication method than the alternate practice of using a pre-shared key.
How To Configure VoIP And Data Over A Meshed IPsec VPN
This solution allows you to transfer VoIP traffic securely between remote offices and a Head Office, and also between remote offices, when the remote offices have dynamically-allocated IP addresses.
How To Create Concurrent VPNs with Remote Routers, Windows Vista Clients and XP Clients, over NAT-T
This Note describes how to provide secure remote access through IP security (IPsec) Virtual Private Networks (VPNs), with an emphasis on using an Allied Telesis router at a head office and roaming Vista clients.
How To Configure an IPsec VPN between Microsoft ISA Server 2004 and an Allied Telesis Router Client
Both Microsoft Internet Security and Acceleration (ISA) Server 2004 and Allied Telesis routers enable you to define Virtual Private Networks (VPNs) for secure remote access to private LANs. This How To note describes how to configure a VPN in which an Allied Telesis router is the private office access gateway connected to a Microsoft ISA Server as the access concentrator.
This document describes how to provide secure remote access through IP security (IPsec) Virtual Private Networks (VPNs), with an emphasis on using an AlliedWare Allied Telesis router at a head office and roaming Android clients. This VPN solution is suitable for any business deployment and provides your office with secure Internet access and firewall protection, plus remote encrypted VPN access for your traveling staff.
How To Create A VPN Between An Allied Telesis And A NetScreen Router
This AlliedWare How To Note shows you how to configure a VPN between a local Allied Telesis router and a remote NetScreen router.
How To Create A VPN Between An Allied Telesis And A SonicWALL Router, With NAT-T
This How To Note shows you how to configure a VPN between a local Allied Telesis router and a remote SonicWALL router.
How To Create a VPN between an Allied Telesis Router and a Cisco PIX Firewall
This How To Note details one of the inter-operation solutions from Allied Telesis: creating virtual private networks between Allied Telesis routers and Cisco PIX firewalls.
How To Create a VPN between an Allied Telesis Router and a Microsoft Windows 2000 Client, over NAT-T
This AlliedWare How to Note describes Microsoft Windows 2000 client configuration and Allied Telesis router configuration for creating an IPSec VPN between the two. It includes NAT Traversal, which makes it suitable for roaming clients, such as users who connect to your office from a hotel room.
How To Create a VPN between an Allied Telesis Router and a Microsoft Windows XP Client, over NAT-T
This Note describes Microsoft Windows XP client configuration and Allied Telesis router configuration for creating an IPSec VPN between the two. It includes NAT Traversal, which makes it suitable for roaming clients, such as users who connect to your office from a hotel room.
How To Create A VPN Between An Allied Telesis Router And A Windows 2000 Client, Without Using NAT-T
This AlliedWare How to Note describes Microsoft Windows 2000 clis router configuration for creating an IPSec VPN between the twoient configuration and Allied Telesis. It does not include NAT-T, so it is suitable when neither the router nor the Windows 2000 clients are behind a NAT gateway.
How To Create A VPN Between An Allied Telesis Router And A Windows XP Client, Without Using NAT-T
This Note describes Microsoft Windows XP client configuration and Allied Telesis router configuration for creating an IPSec VPN between the two. It does not include NAT-T, so it is suitable when neither the router nor the Windows XP clients are behind a NAT gateway.
How to Create a VPN, (including dynamic DNS) between Apple products running Mac OS X and AT Router.
This How To note details one of the inter-operation solutions from Allied Telesis: creating Virtual Private Networks between Allied Telesis routers and a Mac OS X device, or iPhone, including Dynamic DNS.
High Availability
How To Configure VRRP (Virtual Router Redundancy Protocol)
VRRP is a popular protocol for providing device redundancy, for connecting redundant WAN gateway routers or server access switches. It allows a backup router or switch to automatically take over if the primary (master) router or switch fails. This How To Note describes one possible basic VRRP configuration.
How To configure WAN load balancing
When a router simultaneously connects to multiple WAN links, the WAN load balancer tries to distribute the router traffic equally across each network interface.
How To Configure Load Balancer Redundancy on Allied Telesis Routers and Switches
In many Server Hosting environments, two requirements are important: maximizing throughput availability to each service, and minimizing service downtime. This AlliedWare How To Note contributes towards both these aims.
How To Configure Microsoft Windows 2003 Network Load Balancing Clustering with Allied Telesis Switch
This is a guide to Network Load Balancing (NLB) clustering options with Allied Telesis managed layer 3 devices. NLB is one of the clustering technologies available from Microsoft. It provides high availability for services such as HTTP and FTP, by grouping identical servers into a cluster and sharing the network load between all currently-available servers in the cluster.
Products
The following products run AlliedWare:
- AR300 Series (AR300L(S), AR300(S), AR310(S), AR320, AR330, AR350, AR370(S), AR370(U), AR390, AR395)
- AR400 Series (AR415S, AR440S, AR441S, AR442S, AR450S)
- AR700 Series (AR725, AR745, AR750S, AR750S-DP, AR770S)
- AT-8600 Series (AT-8624T/2M, AT-8624PoE, AT-8648T/2SP)
- AT-8700XL Series (AT-8724XL, AT-8748XL)
- AT-8800 Series (AT-8824, AT-8848)
- AT-8900 Series (AT-8948, AT8948i)
- AT-9800 Series (AT-9812T, AT-9816GB)
- AT-9900 Series (AT-9924T, AT-9924SP, AT-9924T/4SP)
- AT-9924Ts, x900-24XT, x900-24XT-N, and x900-24XS Switches
- x900-FE48 Series (x900-48FE, x900-48FE-N, x900-48FS)
- Rapier i Series (Rapier 24i, Rapier 48i, Rapier 16fi)
- Rapier w Series (Rapier 48w)
- Rapier Series (Rapier G6, Rapier G6f, Rapier 16f)
- SwitchBlade 4000 Series (AT-SB4104, AT-SB4108)