Enterasys Networks Security Router X-PeditionTM User Manual

Utilizing the Command Line Interface

2-10 Managing the XSR

PPP RAI over a Leased Line

PPP over a leased line performs similarly to Frame Relay RAI over a serial link via a leased Telco
line. When PPP negotiation is successful, a point-to-point connection is established from the
remote XSR to the central router. Then the remote XSR can obtain its IP address. But, you must
assign a default peer IP address in the central router to give the remote XSR a valid IP address.

After the remote XSR acquires the address, RAI proceeds by sending DNS and TFTP requests.

At the central site, the node will be fully configured with PPP encapsulation. In case multilink is
required, the PPP multilink option is enabled and a multilink interface created. The central router
is also configured with a default IP address over the serial interface for non-multilink PPP
circumstances and over a multilink interface for a multilink PPP scenario.

PPP RAI over a Dial-in Line

Dial-in PPP RAI is performed as a background task in that the designated port is configured and
waiting for the central site to dial in while the other RAI type (Ethernet/Frame Relay/PPP Leased
line) is still operating on the other ports. As soon as the dial-in port reaches a PPP up state, the rest
of the RAI process is terminated.

Dial-in line RAI requires either a modem attached to the serial interface or the switched BRI/PRI
interface. Similar to leased line PPP RAI, successful PPP negotiation provides the point-to-point
link from the remote XSR to the central router. Authentication may then be required by the central
site. After successful authentication, the remote XSR can obtain the IP address through negotiation
but a default peer IP address must be assigned in the central router to provide the remote XSR
with a valid IP address.

Dial-in PPP RAI is directed to a port by the following priority with only one port type defined:

•

The first BRI port found in the XSR or,

•

The first PRI port found in the XSR or,

•

The second serial port found on the XSR (since the first serial is defaulted to be used for Frame-
Relay/PPP Leased line RAI).

The XSR’s Dialer interface (Dx) is configured to handle a dial-in call and set for PPP encapsulation
to accept either CHAP or PAP authentication. While being authenticated by the central site, the
serial number of the remote XSR will be used as the user name and the password. The central site
must decide which PPP authentication type to use or none at all.

The Dialer interface’s IP address is negotiated and is assigned via PPP negotiation similar to PPP
leased line RAI.

Refer to the XSR Getting Started Guide for configuration examples.

PPP RAI over ADSL

RAI ADSL is performed over the ADSL line using PPPoE. Similar to other RAI methods, RAI tries
to configure a point-to-point connection in order to download the startup file from the TFTP
server. To reach the TFTP server, RAI ADSL must connect to the DSLAM with a proper PVC and
establish the PPPoE session with the PPPoE server. The PPPoE server that terminates the PPPoE
connection for the XSR handles the TFTP request and directs it to a proper TFTP server (that may
or may not be on the same device as the PPPoE server).

When the XSR boots without the

startup-config

and the ADSL card is installed, the first RAI

method tried is RAI over ADSL. If that fails, RAI moves on to other available RAI methods. RAI
ADSL passes through four phases to configure the XSR during which it displays console messages
about the state of the process.