Firewall working mode of an AR router

1

To improve networking flexibility of the firewall, a working mode is defined for different interfaces, instead of an entire router. The working mode of interfaces is defined as routing mode.
If a router is located between an internal network and an external network, the firewall configures IP addresses of different segments for the interfaces connecting to the internal network and the external network, respectively, and re-plans the original topological structure. Example:
PC (internal network: trust) - AR (with embedded firewall) - (external network: untrust) PC
Two security zones are planned: trust zone and untrust zone. The interface of the trust zone is connected to the internal network, and the interface of the untrust zone is connected to the external network. It should be noted that the interfaces of the trust zone and untrust zone are located on two different subnets, separately.
When packets are forwarded between interfaces of the Layer 3 zone, the router queries the routing table based on IP addresses of the packets. Unlike other router devices, the AR router further processes the IP packets. It queries the session table or the ACL to determine whether to release the packets. Besides, the firewall needs to complete other attack defense check.

Other related questions:
How to check the work mode of a card on an AR router
Run the display workmode command in any view to check the work mode of cards installed in all slots or specified slots.

How to configure the work mode of the Combo interface of an AR router
Combo interfaces are optical-electrical multiplex Ethernet interfaces. The optical interface and the electrical interface of the combo interface cannot work at the same time. Note: Combo interfaces work in electrical interface mode by default. If you want to use the optical interface of the Combo interface, you must configure the Combo interface as follows to set it to optical interface mode. 1. Run the system-view command to enter the system view. 2. Run the interface gigabitethernet [interface-number] command to enter the view of the GigabitEthernet interface. 3. Run the combo-port { auto | copper | fiber } command to configure the work mode of the Combo interface. auto: Indicates the work mode is selected automatically. The device detects the state of the interfaces and select the work mode as follows: - If the state of the electrical interface becomes Up first, electrical interface mode is selected. - If the state of the optical interface becomes Up first, optical interface mode is selected. copper: Indicates that the work mode of the Combo interface is set to electrical interface mode by force, that is, data is transmitted through network cables. fiber: Indicates that the work mode of the Combo interface is set to optical interface mode by force, that is, data is transmitted through optical fibers.

Configure the CE1/PRI interface of an AR router to be working in CE1 mode
controller e1 1/0/0 //Enter the view of the specified CE1/PRI interface.
[Huawei-E1 1/0/0] using ce1 //Configure the CE1/PRI interface to be working in CE1/PRI mode. The CE1/PRI interface works in CE1/PRI mode by default.
[Huawei-E1 1/0/0] channel-set 1 timeslot-list 1,10-16,18 //You can create channel sets for multiple times. Corresponding serial interfaces are created automatically. You can run the display interface brief command to check the created serial interfaces.
[Huawei-E1 1/0/0] line-termination 75-ohm //You can select 75-ohm coaxial cables or 120-ohm twisted pair cables. Twisted pair cables are used by default. You can directly use twisted pair cables on 4-interface and 8-interface cards.
[Huawei-E1 1/0/0] frame-format crc4 //Set the frame format of the interface to CRC4 or NO-CRC4. The frame format is NO-CRC4 by default and can be modified. The frame format of the interface must be in accordance with that of the peer end (except for the clock).
[Huawei-E1 1/0/0] itf number 4 //Set the number of characters filled between frames on the interface to a value ranging from 0 to 14. The default value is 4.
[Huawei-E1 1/0/0] itf type 7e //Set the type of characters filled between frames on the interface to 7e or ff. The default type is 7e.
[Huawei-E1 1/0/0] data-coding inverted //Configure whether to invert data by setting the value to inverted or normal. The default value is normal. Set the value to inverted when the number of error packets increases.
[Huawei-E1 1/0/0] idlecode 7e //Set the idle code type of the line to 7e or ff. The default value is 7e.
[Huawei-E1 1/0/0] detect-rai //Configure whether the remote alarm indication (RAI) detection is enabled on the interface. The detection is enabled by default.

Run the display controller e1 interface-number command to check the status and parameters of the CE1/PRI interface.
Run the display interface serial interface-number command to check the status and statistics of the corresponding serial interface.

How to configure the CE1/PRI interface of an AR router to be working in E1 mode
You can configure the CE1/PRI interface of an AR router to be working in E1 mode as follows: # Configure the IE1T1-M/2E1T1-M interface card to be working in CE1/PRI mode. display device//Check whether the slot number of the E1T1-M interface card is correct and whether the interface card has been registered properly. system-view [Huawei] controller e1 1/0/0 //Enter the view of the specified CE1/PRI interface. [Huawei-E1 1/0/0] using e1 //Configure the CE1/PRI interface to be working in E1 mode. The CE1/PRI interface works in CE1 mode by default. The system automatically creates a serial interface xx:0. You can run the display interface brief command to check the information about the created interface. [Huawei-E1 1/0/0] line-termination 75-ohm //You can select 75-ohm coaxial cables or 120-ohm twisted pair cables. Twisted pair cables are used by default. You can directly use twisted pair cables on 4-interface and 8-interface cards. [Huawei-E1 1/0/0] undo detect-ais //Do not perform the alarm indication signal (AIS) detection on the current interface. This is an optional configuration which is mandatory for E1 interfaces. The configuration of the interface must be in accordance with that of the peer end (except for the clock). [Huawei-E1 1/0/0] itf number 4 //Set the number of characters filled between frames on the interface to a value ranging from 0 to 14. The default value is 4. [Huawei-E1 1/0/0] itf type 7e //Set the type of characters filled between frames on the interface to 7e or ff. The default type is 7e. [Huawei-E1 1/0/0] data-coding inverted //Configure whether to invert data by setting the value to inverted or normal. The default value is normal. Set the value to inverted when the number of error packets increases. [Huawei-E1 1/0/0] idlecode 7e //Set the idle code type of the line to 7e or ff. The default value is 7e. Run the display controller e1 [interface-number] command to check the status and parameters of the CE1/PRI interface. Run the display interface serial [interface-number] command to check the status and statistics of the corresponding serial interface.

How to configure the CE1/PRI interface of an AR router to be working in PRI mode
You can configure the CE1/PRI interface of an AR router to be working in PRI mode as follows: # Configure the IE1T1-M/2E1T1-M interface card to be working in CE1/PRI mode. display device//Check whether the slot number of the E1T1-M interface card is correct and whether the interface card has been registered properly. system-view [Huawei] controller e1 1/0/0 //Enter the view of the specified CE1/PRI interface. [Huawei-E1 1/0/0] using ce1 //Configure the CE1/PRI interface to be working in CE1/PRI mode. The CE1/PRI interface works in CE1 mode by default. The system automatically creates a serial interface xx:0. You can run the display interface brief command to check the information about the created interface. [Huawei-E1 1/0/0] pri-set timeslot-list 1,5-8,16 //Bind the timeslot 1, timeslots 5 to 8, and timeslot 16 of the CE1/PRI interface 1/0/0 into a pri-set. [Huawei-E1 1/0/0] line-termination 75-ohm //You can select 75-ohm coaxial cables or 120-ohm twisted pair cables. Twisted pair cables are used by default. You can directly use twisted pair cables on 4-interface and 8-interface cards. [Huawei-E1 1/0/0] frame-format crc4 //Set the frame format of the interface to CRC4 or NO-CRC4. The frame format is NO-CRC4 by default and can be modified. The frame format of the interface must be in accordance with that of the peer end (except for the clock). [Huawei-E1 1/0/0] itf number 4 //Set the number of characters filled between frames on the interface to a value ranging from 0 to 14. The default value is 4. [Huawei-E1 1/0/0] itf type 7e //Set the type of characters filled between frames on the interface to 7e or ff. The default type is 7e. [Huawei-E1 1/0/0] data-coding inverted //Configure whether to invert data by setting the value to inverted or normal. The default value is normal. Set the value to inverted when the number of error packets increases. [Huawei-E1 1/0/0] idlecode 7e //Set the idle code type of the line to 7e or ff. The default value is 7e. [Huawei-E1 1/0/0] detect-rai //Perform the remote alarm indication (RAI) detection which is enabled by default. Run the display controller e1 [interface-number] command to check the status and parameters of the CE1/PRI interface. Run the display interface serial [interface-number] command to check the status and statistics of the corresponding serial interface.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top