Maipu 1800-10 Basic Configuration

Dear Friends, 

As now a days, in many countries you can find Maipu 1800-10 Series Routers massive installations for Banking ATM's, Logistics companies, chain stores and many more. 

I am now starting a new Label of 1800-10 3G Routers for all configuration details about these routers. 

These are cost effective Routers and well suited for Banking ATM's requirements with all required security features to comply with security standards. 


Maipu 1800-10 series offers 5 models - 

Maipu 1800-10 - 1 WAN + 4 LAN + USB Dongle for connecting 3G Dongles (CDMA/GSM)
Maipu 1800-10C- 1 WAN + 4 LAN + CDMA SIM Card connectivity with external antenna
Maipu 1800-10W - 1 WAN + 4 LAN + 1 GSM SIM card connectivity with external antenna. 
Maipu 1800-10WG - 1 WAN + 4 LAN + 1 GSM SIM card connectivity with GPS enabled features with external antenna.
Maipu 1800-10WW - 1 WAN + 4 LAN + 2 GSM SIM card connectivity with external antenna

These all products Failover between WAN link and 3G with IPSec protocols.

For more details about product, you can refer product datasheet - 
http://www.maipu.com/productmes.aspx?id=3174#.VRI9ivmUcT8

In this post,  I am sharing Testing report for Maipu 1800-10W Router for accessing internet, Same configuration method applies to Maipu 1800-10 series all routers for basic configurations. 

Use Straight cable to connect Fast Ethernet port1 and PC/Laptop.

Configure LAN card IP address to DHCP mode in case you are using new router, By default the IP address will be 192.168.10.0/24 Network.

Router default IP address is 192.168.10.1, You can also assign static IP to Network Interface.

Access the Router from PC using Web interface – 

Default username – admin , password – admin.

Check the System Information for more details – Click Status System information 

Currently in this Router  Airtel Sim card is used, so the SIM card information is showing as Airtel.

Dialer Interface configuration –

Go to Network Menu --> 3G Dialer Interface --> Basic Setting 

In Basic Setting –

Define Network Mode of Sim card/Service, Access point Name and username, password.

Then save it. 

In GSM SIM, usually the configuration is APN name. Username password is just field for authentication. you can type anything.
GSM SIM card authenticates  based on APN details. 

In special VPN sim card, you may need to add user name and password in GSM SIM also. In that case, Telco provider will share you those details. 

After Basic  Configuration – Click Network –>Dial Interface Link Type, 

For more link related configuration ---

Here you can define Link type – Dial on Demand, Manual  and Online forever. Then save it. 

 After this configuration – You can check Dialer interface status

Click , Status  -- > Dialer Interface Status 

 In Dialer Interface status /3G Interface status– You can check the link status UP/Down (connected or not connected),

ISP details , Network Mode, Signal Strength, IP address and Gateway.

Along with this you can see Traffic Information

For LAN network Configurations -

Click Network -> Lan Interface                      

Here you can change the LAN subnet as per your requirement. 

 For DHCP config- Click Service  DHCP setting

Here you can define,  

 For Natting –

Click Network --> Forward mode /Network Mode

 Select the required option –

 Nat Mode for Natting ( Internet use)

Route Mode for IP to IP communication, Usually used in Private APN installations. 

Then save it.

Here we selected NAT and saved it.

Now we can check from PC,

PC received 192.168.010.168/24  IP address from DHCP pool .

Client PC can ping google.com 

 Client PC can access Internet

We can check signal strength from GUI interface – 

Hope this testing report will help you in configuration of Maipu 1800-10 Routers.

In few new firmware of Maipu 1800-10 series, few more web options are added. But overall with this testing report, you can easily locate new options also. 

In case of queries, Plz feel free to comment or reach me at uttam@startnetworks.info

Thanks for reading...

The Difference of SFP , SFP+ and XFP

Hi Friends, After long time, I am posting new post on my blog.  Hope it will help you to clear basic understanding towards SFP modules. 

What is the difference of SFP, SFP+  and XFP? 

The 10G module has been developed from 300Pin. XENPAK, X2, XFP and finally achieve with the same size as SFP which can transmit 10G signals called SFP+.

SFP by virtue of its small cost and other advantages to meet the needs of high-density equipment, SFP+ has been replaced the XFP 10G modules and became the mainstream.

Let’s have look in bit more details –

XFP

• The XFP ( 10G Gigabit Small Form factor Pluggable) is a standard for transceiver for high speed network links that use optical fiber.
• It was defined by an industry group in year 2002, along with its interface to other electrical components which is called XFI.
• A transceiver is a device comprising both a transmitter and a receiver, which is combined and share a common circuit.

XFP details –

• XFP modules are hot-swappable and protocol independent.
• XFP operates at optical wavelengths of 850nm, 1310nm or 1550 nm.
• Principal applications include 10 Gbit /s Fibre Channel, Synchronous optical networking (SONET) at OC-192 rates, Synchronous optical networking STM-64, 10 Gbit /s Optical Transport Network (OTN) OTU-2, and parallel optics links
• They can operate over a single wavelength or use dense wavelength-division multiplexing techniques
• They include digital diagnostics that provide management that were added to the SFF-8472 standard
• XFP modules use an LC fiber connector type to achieve high density.

SFP-

The small form-factor pluggable (SFP) is a compact, hot-pluggable transceiver used for both telecommunication and data communications applications. It interfaces a network device mother board (for a switch, router, media converter or similar device) to a fiber optic cable. It is a popular industry format jointly developed and supported by many network component vendors.

SFP Detail

• SFP transceivers are expected to perform at data speeds of up to five gigabits per second (5 Gbps), and possibly higher.
• Because SFP modules can be easily interchanged, electro-optical or fiber optic networks can be upgraded and maintained more conveniently than has been the case with traditional soldered-in modules
• Rather than replacing an entire circuit board containing several soldered-in modules, a single module can be removed and replaced for repair or upgrading. This can result in a substantial cost savings, both in maintenance and in upgrading efforts as compared to old in built modules.
• SFP transceivers are designed to support SONET, Gigabit Ethernet, Fibre Channel, and other communications standards.
• Due to its smaller size, SFP obsoletes the formerly ubiquitous gigabit interface converter (GBIC); the SFP is sometimes referred to as a Mini-GBIC although no device with this name has ever been defined in the MSAs.

The advantages of SFP+ modules:

• SFP+ has a more compact form factor package than X2 and XFP
• It can connect with the same type of XFP, X2 and XENPAK directly.
• The cost of SFP+ is lower than XFP, X2 and XENPAK.

The differences between SFP and SFP+：

They have the same size and appearance, but in different standard which SFP is based on IEEE802.3 and SFF-8472.

The connection between XFP and SFP+：

• Both of them are 10G fiber optical modules and can connect with other type of 10G modules.
• The size of SFP+ is smaller than XFP, thus it moves some functions to motherboard, including signal modulation function, MAC, CDR and EDC.
• XFP is based on the standard of XFP MSA
• SFP+ is compliance with the protocol of IEEE802.3ae, SFF-8431, SFF-8432.
• SFP+ is the mainstream design.

      Hope above information will help you.

      Thanks for reading !!!

Maipu 1800 Testing Report for Load Balancing Scenario

Hi Friends, Below is testing report of Load balancing and back up scenario using Maipu 1800 Routers. 

Objective-

•  Maipu 1800 CPE router need to perform load balancing in between two outgoing interfaces F0 and F1
•  If one WAN link is down, then another wan link will be primary, vice versa.
• As the faulty link is restored, Both WAN link should do load balancing for LAN traffic.

Topology –

Description –

Load Balancing

Load balancing is based on a combination of source and destination packet information; it allows you to optimize resources by distributing traffic over multiple paths for transferring data to a destination. You configure load balancing on outbound interfaces on a per-destination or per-packet basis.

Types Load balancing – Per destination load balancing and Per packet load balancing.

Per-Destination and Per-Packet

Per-destination load balancing allows the router to distribute packets based on the destination address, and uses multiple paths to achieve load sharing. Packets for a given source-destination host pair are guaranteed to take the same path, even if multiple paths are available. For example, given two paths to the same network, all packets for destination1 on that network go over the first path, all packets for destination2 on that network go over the second path, and so on. Per-destination load balancing is enabled by default when you start the router, and is the preferred load balancing for most situations.

Per-packet load balancing allows the router to send successive data packets over paths without regard to individual hosts or user sessions. It uses the round-robin method to determine which path each packet takes to the destination. With per-packet load balancing enabled, the router sends one packet for destination1 over the first path, the second packet for (the same) destination1 over the second path, and so on. Per-packet load balancing ensures balancing over multiple links.

Although path utilization with per-packet load balancing is beneficial, packets for a given pair of source-destination hosts might take different paths. This means that per-packet load balancing can introduce reordering of packets. This load balancing method would be inappropriate for certain types of data traffic (such as voice traffic over IP) that depend on packets arriving at the destination in sequence.

Use per-packet load balancing to ensure that a path for a single source-destination pair does not get overloaded. If the bulk of data passing through parallel links is for a single pair, per-destination load balancing overloads a single link while other links have very little traffic. Enabling per-packet load balancing allows you to use alternate paths to the same busy destination.

Devices used in Testing –

Maipu 1800-22-AC

IOS Details –

Main Configuration:

interface fastethernet0

 description ### ISP1 ###

 ip address 100.1.1.1 255.255.255.252

 keepalive gateway 100.1.1.2

 exit

interface fastethernet0

 description ### ISP2 ###

 ip address 200.1.1.1 255.255.255.252

 keepalive gateway 200.1.1.2

 exit

interface vlan1

 description ### LOCAL LAN ###

 ip address 201.1.1.1 255.255.255.0

 exit

ip route 0.0.0.0 0.0.0.0 100.1.1.2

ip route 0.0.0.0 0.0.0.0 200.1.1.2

Output –

Show ip route

router#sh ip route

S   0.0.0.0/0 [1/100] via 100.1.1.2, 0:01:10, fastethernet0

S   0.0.0.0/0 [1/100] via 200.1.1.2, 0:01:04, fastethernet1

Notes –

• By default per destination load balancing will work.
• To configure per packet load balancing
• router(config)#ip load-sharing per-packet
• After above configuration, load balancing will work per packet basis.
• As F0 (ISP-1) link is down, all LAN traffic will take F1 as primary path, vice versa.
• After faulty link restored, Traffic will be again go with configured load balancing algorithm. 

d    Hope this testing report will help you in live network implementations. 

      

     Thanks for reading ...

  

Maipu - IPSec Template

Hi All friends, Many time we came across requirement of IPSec configurations. Maipu every Router support IPSec. In this section, I will share IPSec Configuration template. It will help you to understand Maipu IPSec configuration steps.

Maipu IPSec configuration is having different command line than other vendors.

Before looking in details of IPSec template, let’s take a overview of IPSec working process -

IPSec working process –

IPSec works using IKE protocol (Internet Key Exchange).

IKE - When two devices communicate across the network to form secure tunnel. Both Routers/devices will negotiate on set of protocols, they are going to use for security, Encryption, Authentication and protection.

If both devices are using same set of protocols then only secure tunnel will form and data communication will start from secure tunnel or otherwise the secure tunnel will not be established.

In above discussion I used secure tunnel term, The secure tunnel is IPSec tunnel.

IPSec stands for IP packets security.

IPSec is having two modes of communications in Network – Transport and Tunnel Mode…

Some are well known types of VPN – Site to Site VPN, Easy VPN, Point to Multipoint VPN.

VPN -stands for Virtual Private Network, VPN tunnel means creating a private tunnel in public network. IPSec protocols are used to secure VPN tunnel. Data transfer will happen  securely from IPSec VPN.  

IPSec VPN Establishment process –

• The Routers receives traffic considered "Intresting traffic" from LAN Network towards WAN for establishing a VPN connection.
• IKE Phase 1 Negotiated and Security Association (SA) established.
• IKE Phase 2 Negotiated and Security ASsociation (SA) established.
• Data Transmitted thru IPSec Tunnel
• Once Transmission is complete , Then IPSec tunnel torn down.

Configuration Steps for Maipu Router IPSec Configurations –

• Set up Ike Proposal [ For IKE Phase I ]
• Set up IPSec proposal[ For IKE Phase II ]
• Define interesting traffic - flow
• Set up crypto tunnel –include local wan interface
• Map flow to crypto tunnel

Maipu IPSec Configuration Template –

crypto ike key pplhkhqtodel address x.x.x.x

### Define Crypto key ####

### Define Crypto IKE Phase 1 proposal ###

crypto ike proposal 1

 encryption 3des

 group group2

integrity sha1

 lifetime 28800

 exit

### Define Crypto IKE Phase 2 proposal ###

crypto ipsec proposal 1

 esp 3des

 ah sha1

 lifetime 28800

 exit

### Create IPSec Tunnel Interface ###

crypto tunnel t1

 local interface f0

 peer any

 set authentication preshared

 set ike proposal 1

 set ipsec proposal 1

set auto-up

 exit

### Create Interesting traffic rule, like ACL. Match source and destination traffic ####

crypto policy p1

 flow x.x.x.x x.x.x.x (local lan ip) x.x.x.x x.x.x.x (remote lan) ip tunnel t1

crypto policy p2

 flow x.x.x.x x.x.x.x (local lan ip) x.x.x.x x.x.x.x (remote lan) ip tunnel t1

exit

ex:

crypto policy p1

 flow 10.1.1.0 255.255.255.0 (local lan ip) 172.16.1.0 255.255.255.0 (remote lan) ip tunnel t1

crypto policy p2

 flow 10.1.1.0 255.255.255.0 (local lan ip) 192.168.1.0 255.255.255.0 (remote lan) ip tunnel t1

exit

crypto policy p3

flow 10.1.1.0 255.255.255.0 (local lan ip) 10.1.1.0 255.255.255.0 (local lan ip ) ip permit

Hope this template will help you in IPSec configuration in Maipu Routers.

Thanks for reading…

For feedback. Plz comment with Name and Mail ID..

Maipu Support - DDMI

Hi Friends, Many times I came across requirement about DDMI feature from many engineers. Maipu support DDMI (Digital Diagnostics Monitoring Interface) features in many aggregation switches on Fiber interfaces like SM3900, SM 4200, 6800, etc. 


Below commands are used for DDMI -


show optical all
show optical all detail


Show Output - 

6800-2#show optical all  detail 

port 2/0 optical information
        Device Name          : XFP
        Connector Name       : LC
        Vendor OUI           : 00-17-6a
        Vendor Name          : OEM             
        Part Number          : XFP-10G-SR      
        Revision Number      : A Bh
        Serial Number        : GM1201104103    
        Production Date      : 12/04/23(y/m/d)
        Laser WaveLength     : 850(nm)
        Vendor Specific      : ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
        Monitor Parameters   : 
                                                                         T - ThresHold, S - Status
  Type                                          Value           Alarm-High(T/S)     Alarm-Low(T/S)         Warning-High(T/S)           Warning-Low(T/S)
  ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  Temperature(C)              19.273438       85.000000(N)           -10.000000(N)            80.000000(N)                        -5.000000(N)
  Voltage(V)                           0.000000         1.536000(N)                1.408000(N)               0.000000(N)                         0.128000(N)
  Tx Bias(mA)                        5.562000         12.000000(N)              1.000000(N)            10.000000(N)                         2.000000(N)
  Rx Power(dBm)                -14.100504         0.000000(N)             -13.001623(Y)              -1.000154(N)                      -11.999706(Y)
  Tx Power(dBm)                   -2.503410          2.000019(N)           -10.000000(N)               0.999912(N)                       -8.999743(N)


port 2/1 optical information
        Device Name          : XFP
        Connector Name       : LC
        Vendor OUI           : 00-00-00
        Vendor Name          : OEM             
        Part Number          : 10GB-XFP-LR-F   
        Revision Number      : 1 fX
        Serial Number        : FXF96L042       
        Production Date      : 12/04/24(y/m/d)
        Laser WaveLength     : 1310(nm)
        Vendor Specific      : 000000000000000000000000000000000000000000000000000000000000000
        Monitor Parameters   : 
                                                                         T - ThresHold, S - Status
          Type                          Value                  Alarm-High(T/S)     Alarm-Low(T/S)     Warning-High(T/S)   Warning-Low(T/S)
          ------------------------------------------------------------------------------------------------------------------------------------------------------------------------
          Temperature(C)       34.824219        80.000000(N)         -10.000000(N)       75.000000(N)                -5.000000(N)
          Voltage(V)                 3.254800           3.500000(N)               3.080000(N)          3.480000(N)                  3.100000(N)
          Tx Bias(mA)             37.240002         90.000000(N)            2.000000(N)          80.000000(N)               4.000000(N)
          Rx Power(dBm)       -1.408016           0.000000(N)           -20.000000(N)          -1.000154(N)               -18.996294(N)
          Tx Power(dBm)       -2.301060           0.000000(N)             -7.999707(N)          -1.000154(N)                 5.999804(N)


6800-2#  




Hope this commands will help you for fiber port monitoring and troubleshooting...


Thanks for reading...


For feedback. Plz comment with Name and Mail ID.. 

Maipu - Outside Destination NAT Testing

Dear All, I came across one testing for Outside destination NAT. In this post I am sharing this report. Hope it will help in real time installation using Maipu Routers.

Normally we do inside NAT, But some time as per requirement we have to do outside Destination NAT. 

Topology details - 

Objective - CPE LAN network 192.168.115.155/24 will access 192.168.115.150 to access 207.67.x.x server. LAN network should not directly access public server. 

Solution - Outside Destination NAT 

Configuration template:

MP801E:

ip access-list extended 1001

 10 permit ip any any

 exit

interface fastethernet0

 description ###MPLS_WAN_LINK###

 ip address 10.205.29.9 255.255.255.252

 ip nat outside

 exit

interface fastethernet1

 description ###LAN_network###

 ip address 192.168.115.155 255.255.255.0

 ip nat inside

 exit

                                 

ip nat outside source static 207.67.74.x 192.168.115.150

ip nat inside source list 1001 interface fastethernet0 overload

ip route 0.0.0.0 0.0.0.0 10.205.29.10

Testing result:

From PC to ping 192.168.115.150:

On MAIPU 801E can take the debug information when PC ping server:

 

And the debugs on MP801E:

MP801E#

01:12:39: %NAT-7-TRANS: input from fastethernet1, proto=1, src=192.168.115.200:58760, dst=192.168.115.150: 0, vrf=0.

01:12:39: %NAT-7-TRANS: create translation record, 192.168.115.150:0-->207.67.74. x :58760, proto=1, vrf=0.

01:12:39: %NAT-7-TRANS: destination translation, dst=207.67.74.x :58760.

01:12:39: %NAT-7-TRANS: forwarded.

01:12:39: %NAT-7-TRANS: output to fastethernet0, proto=1, src=192.168.115.200:58760, dst=207.67.74. x: 0, vrf=0.

01:12:39: %NAT-7-TRANS: create translation record, 192.168.115.200:58760-->10.205.29.9:58760, proto=1, vrf=0.

01:12:39: %NAT-7-TRANS: source translation, src=10.205.29.9:58760.

01:12:39: %NAT-7-TRANS: forwarded.

MP801E#

Description -  You can see when PC-192.168.115.200 is trying to access public server. PC is accessing 192.168.115.150 and the request is forwarded to Public server 207.67.74.x

Hope this testing report will help you ...

Thanks for reading.. 

For feedback. Plz comment with Name and Mail ID.. 

Maipu LACP Manual Mode and Cisco ON Mode Testing

As discussed in last post of LACP configurations, We will see Maipu LACP Manual mode and Cisco ON mode configurations in this post. This is testing report for inter-operability between Maipu and Cisco Switches.

Maipu Manual Link Aggregation Manual mode- Cisco ON mode

Objective – To test the compatibility of Cisco and Maipu switch for Link aggregation in Cisco ON mode and Maipu Manual Mode. 

Cisco Configuration –

!

port-channel load-balance src-dst-mac

interface Port-channel1

 switchport trunk native vlan 2

 switchport mode trunk

 load-interval 30

interface FastEthernet0/1

 switchport access vlan 10

 switchport mode access

!

interface FastEthernet0/2

 switchport access vlan 10

 switchport mode access

!

interface FastEthernet0/3

 switchport access vlan 10

 switchport mode access

!

interface FastEthernet0/23

 switchport trunk native vlan 2

 switchport mode trunk

 load-interval 30

 channel-group 1 mode on

!

interface FastEthernet0/24

 switchport trunk native vlan 2

 switchport mode trunk

 load-interval 30

 channel-group 1 mode on

!

Maipu Configuration -

link-aggregation 1 mode manual

link-aggregation 1 load-balance src-dst-mac

vlan 1

 exit

vlan 2,10

port 0/0/14

 duplex full

 speed 100

 link-aggregation 1 manual

load-interval 30

 exit

port 0/0/15

 duplex full

 speed 100

 link-aggregation 1 manual

load-interval 30

 exit

link-aggregation 1

 port-type nni

 port mode trunk

 port trunk allowed vlan all

 port trunk pvid vlan 2

load-interval 30

 exit

Show Outputs

Screenshots –

Cisco Screenshots

Cisco Port channel status -

Port-Channel Interface output –

Interface Fa0/23 -

 Interface Fa0/24 -

 Maipu Screenshots –

Maipu Link Aggregation Output -

Maipu Port 0/0/14 -

 Maipu Port 0/0/15 -

Test Conclusion- Link Aggregation is working properly between Maipu and Cisco. Bandwidth is load-balancing between two trunk links.

Device IOS details - 

Maipu IOS details - 

Cisco IOS details - 

Hope this information will help you. 

Thanks for reading.. 

For feedback. Plz comment with Name and Mail ID..