VPN 3000 Series Concentrator Reference Volume I: Configuration, Release 4.0
Interfaces
Download this chapter
InterfacesInterfaces
Download the complete book
A PDF version of the entire bookA PDF version of the entire book (PDF - 6 MB)
give_us_feedback

Table of Contents

Interfaces
 Configuration | Interfaces
 Configuration | Interfaces | Power
 Configuration | Interfaces | Ethernet 1 2 3
 General Parameters Tab
 RIP Parameters Tab
 OSPF Parameters Tab
 Bandwidth Parameters Tab

Interfaces

The Interfaces section of the VPN 3000 Concentrator Series Manager applies primarily to Ethernet network interfaces. In this section, you configure functions that are interface-specific, rather than system-wide. There is also a screen to configure power-supply and voltage-sensor alarms.

Typically, you configure at least two network interfaces for the VPN Concentrator to operate as a VPN device: usually the Ethernet 1 (Private) and the Ethernet 2 (Public) interfaces. If you used Quick Configuration as described in the VPN 3000 Series Concentrator Getting Started manual, the system supplied many default parameters for the interfaces. In the Interfaces section, you can customize the configuration.

The VPN Concentrator uses filters to control, or govern, data traffic passing through the system (see Configuration | Policy Management | Traffic Management). You apply filters both to interfaces and to groups and users. Group and user filters govern tunneled group and user data traffic; interface filters govern all data traffic.

Network interfaces usually connect to a router that routes data traffic to other networks. The VPN Concentrator includes IP routing functions: static routes, RIP (Routing Information Protocol), and OSPF (Open Shortest Path First). You configure RIP and interface-specific OSPF in the Interfaces section. You configure static routes, the default gateway, and system-wide OSPF in the IP Router section (see the Configuration | System | IP Routing screens).

RIP and OSPF are routing protocols that routers use to send messages to other routers to determine network connectivity, status, and optimum paths for sending data traffic. The VPN Concentrator supports RIP versions 1 and 2, and OSPF version 2. You can enable both RIP and OSPF on an interface.

Filter settings override RIP and OSPF settings on an interface; therefore, be sure settings in filter rules are consistent with RIP and OSPF use. For example, if you intend to use RIP, be sure you apply a filter rule that forwards TCP/UDP packets with the RIP port configured.

Configuration | Interfaces

This section lets you configure the three VPN Concentrator Ethernet interface modules. You can also configure alarm thresholds for the power-supply modules.

Model 3005 comes with two Ethernet interfaces. Models 3015 through 3080 come with three Ethernet interfaces.

  • Ethernet 1 (Private) is the interface to your private network (internal LAN).
  • Ethernet 2 (Public) is the interface to the public network.
  • Ethernet 3 (External) is the interface to an additional LAN (Models 3015 through 3080 only).

Configuring an Ethernet interface includes supplying an IP address, applying a traffic-management filter, setting the speed and transmission modes, and configuring RIP and OSPF routing protocols.

Note   Interface settings take effect as soon as you apply them. If the system is in active use, changes might affect tunnel traffic.

The table shows all installed interfaces and their status.


Figure 3-1   Configuration | Interfaces Screen (Model 3005)

 


Figure 3-2   Configuration | Interfaces Screen (Models 3015 through 3080)


To configure a module, either click the appropriate link in the status table; or use the mouse pointer to select the module on the back-panel image, and click anywhere in the highlighted area.

Refresh

To update the screen contents, click the Refresh button. The date and time above this reminder indicate when the screen was last updated.

Interface

The VPN Concentrator interface installed in the system. To configure an interface, click the appropriate link.

Ethernet 1 (Private), Ethernet 2 (Public), Ethernet 3 (External)

To configure Ethernet interface parameters, click the appropriate highlighted link in the table or click in a highlighted module on the back-panel image. See Configuration | Interfaces | Ethernet 1 2 3.

[Renew | Release]

This field appears under Ethernet 1, 2, or 3 if DHCP Client is enabled for that interface.

Renew: Renews the DHCP client lease for the interface.

Release: Releases the DHCP client lease for the interface.

DNS Server(s)

This field displays the IP addresses of up to three configured DNS servers.

To view or edit DNS server information, click DNS Server. The Configuration | System | Servers | DNS window appears.

DNS Domain Name

The registered domain in which the VPN Concentrator is located, for example: cisco.com.

To view or edit DNS Domain Name information, click DNS Domain Name. The Configuration | System | Servers | DNS window appears.

Status

The operational status of this interface.

  • Up = (Green) Configured, enabled, and operational; ready to pass data traffic.
  • Down = (Red) Configured but disabled or disconnected.
  • Testing = In test mode; no regular data traffic can pass.
  • Dormant = (Red) Configured and enabled but waiting for an external action, such as an incoming connection.
  • Not Present = (Red) Missing hardware components.
  • Lower Layer Down = (Red) Not operational because a lower-layer interface is down.
  • Unknown = (Red) Not configured or not able to determine status.
  • Not Configured = Present but not configured.
  • Waiting for DHCP = DHCP is enabled, but the VPN Concentrator has not received an IP address.
  • Lease expires in... (hh:mm:ss) = If DHCP Client is enabled on any interface, the amount of time remaining on the lease appears here. You can also view this information on the Configuration | Interfaces | Ethernet 1 2 3 screens.

IP Address

The IP address configured on this interface.

Subnet Mask

The subnet mask configured on this interface.

MAC Address

The unique hardware MAC (Medium Access Control) address for this interface, displayed in 6-byte hexadecimal notation.

Default Gateway

This field displays the IP address of the default gateway for the subnet associated with this interface.

To view or edit default gateway information, click Default Gateway. The Configuration | System | IP Routing | Default Gateways window displays.

When you are not using DHCP to obtain a default gateway, you configure a default gateway manually. If DHCP client on the Ethernet 2 (Public) interface is enabled, the default gateway is automatically entered in the routing table, and not in the Configuration | System | IP Routing | Default Gateways screen.

When you configure a default gateway manually, the system automatically removes the DHCP-obtained default gateway from the routing table. To reverse this operation, renew the DHCP lease for the Ethernet 2 (Public) interface.

Power Supplies

To configure alarm thresholds on system power supplies, click the appropriate highlighted link or click in a highlighted power-supply module in the back-panel image and see Configuration | Interfaces | Power.

Ethernet 1 (Private), Ethernet 2 (Public), Ethernet 3 (External) Module in Back-Panel Image

To configure Ethernet interface parameters, click the appropriate highlighted Ethernet module in the back-panel image and see Configuration | Interfaces | Ethernet 1 2 3.

Configuration | Interfaces | Power

This screen lets you configure alarm thresholds for voltages in the system power supplies, CPU, and main circuit board. You set high and low thresholds for the voltages. (For recommended thresholds, see Table 3-1.) When the system detects a voltage outside a threshold value, it generates a HARDWAREMON (hardware monitoring) event. (See Configuration | System | Events.) If a power supply is faulty, the appropriate Power Supply LED on the front panel is amber.

Table 3-1   Recommended Power Thresholds

Thresholds Monitor  Minimum-Maximum Range
(in Centivolts) 		 Tolerance 

1.9V CPU

180-201 cV

±10 cV

2.5V CPU

241-260 cV

±10 cV

3.3V power supply

321-389 cV

±10% cV (+ 25 cV if redundant power supply)

5.0V power supply

471-577 cV

±10% cV (+ 25 cV if redundant power supply)

3.3V board

314-346 cV

±5%

5.0V board

474 - 524 cV

±5%

Warning If a voltage generates an alarm, shut down the system in an orderly way and contact Cisco support. Operating the system with out-of-range voltages, especially if they exceed the high threshold, might cause permanent damage.

You can view system voltages and status on the Monitoring | System Status | Power screen.


Figure 3-3   Configuration | Interfaces | Power screen (Model 3005)



Figure 3-4   Configuration | Interfaces | Power screen (Model 3015 through 3080)


Alarm Thresholds

The fields show default values for alarm thresholds in centivolts, for example, 361 = 3.61 volts. Enter or edit these values as desired.

The hardware sets voltage thresholds in increments that might not match an entered value. The fields show the actual thresholds, and the values might differ from your entries.

CPU

High and low thresholds for the voltage sensors on the CPU chip. The value is system dependent, either 2.5 or 1.9 volts.

Power Supply A, B

High and low thresholds for the 3.3- and 5-volt outputs from the power supplies. You can enter values for the second power supply on Models 3015-3080 even if it is not installed.

Board

High and low thresholds for the 3.3- and 5-volt sensors on the main circuit board.

Apply / Cancel

To apply your settings to the system and include them in the active configuration, click Apply. The Manager returns to the Configuration | Interfaces screen.

Reminder:

To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.

To discard your settings, click Cancel. The Manager returns to the Configuration | Interfaces screen.

Configuration | Interfaces | Ethernet 1 2 3

This screen lets you configure parameters for the Ethernet interface you selected. It displays the current parameters, if any.

Configuring an Ethernet interface includes supplying an IP address, identifying it as a public interface, applying a traffic-management filter, setting speed and transmission mode, and configuring RIP and OSPF routing protocols.

To apply a custom filter, you must configure the filter first; see Configuration | Policy Management | Traffic Management.

Caution   If you modify any parameters of the interface that you are currently using to connect to the VPN Concentrator, you will break the connection, and you will have to restart the Manager from the login screen.

Using the Tabs

This screen includes three tabbed sections. Click each tab to display its parameters. As you move from tab to tab, the Manager retains your settings. When you have finished setting parameters on all tabbed sections, click Apply or Cancel.

General Parameters Tab

This tab lets you configure general interface parameters: DHCP client, IP address, subnet mask, public interface status, filter, speed, transmission mode, maximum transmission unit, and IPSec fragmentation policy.


Figure 3-5   Configuration | Interfaces | Ethernet 1 2 3 Screen, General Tab


Disabled

To make the interface offline, click Disabled. This state lets you retain or change its configuration parameters

If the interface is configured but disabled (offline), the appropriate Ethernet Link Status LED blinks green on the VPN Concentrator front panel.

DHCP Client

Check the DHCP Client check box if you want to obtain the IP address, the subnet mask, and the default gateway for this interface via DHCP. If you check this box, do not make entries in the IP address and subnet mask fields that follow.

Note   Because some Internet service providers require that the host name be specified in DHCP requests, you might have to specify the system name when running the DHCP Client on the VPN Concentrator public interface. (Specify the system name on the Configuration | System | General | Identification screen.) The VPN Concentrator uses the system name as the host name in DHCP requests.

Static IP Addressing

IP Address

If you want to set a static IP address for this interface, enter the IP address here, using dotted decimal notation (for example, 192.168.12.34). Note that 0.0.0.0 is not allowed. Be sure no other device is using this address on the network.

Subnet Mask

Enter the subnet mask for this interface, using dotted decimal notation (for example, 255.255.255.0). The Manager automatically supplies a standard subnet mask appropriate for the IP address you just entered. For example, the IP address 192.168.12.34 is a Class C address, and the standard subnet mask is 255.255.255.0. You can accept this entry or change it. Note that 0.0.0.0 is not allowed.

Public Interface

To make this interface a public interface, check the Public Interface check box. A public interface is an interface to a public network, such as the Internet. You must configure a public interface before you can configure NAT and IPSec LAN-to-LAN, for example. You should designate only one VPN Concentrator interface as a public interface.

MAC Address

This is the unique hardware MAC (Medium Access Control) address for this interface, displayed in six byte hexadecimal notation. You cannot change this address.

Filter

The filter governs the handling of data packets through this interface: whether to forward or drop, in accordance with configured criteria. Cisco supplies three default filters that you can modify and use with the VPN Concentrator. You can configure filters on the Configuration | Policy Management | Traffic Management screens.

Click the drop-down menu button and choose the filter to apply to this interface:

  • 1. Private (Default) = Allow all packets except source-routed IP packets. Cisco supplies this default filter for Ethernet 1, but it is not selected by default.
  • 2. Public (Default) = Allow inbound and outbound tunneling protocols plus ICMP and VRRP. Allow fragmented IP packets. Drop everything else, including source-routed packets. Cisco supplies this default filter for Ethernet 2, and it is selected by default for Ethernet 2.
  • 3. External (Default) = No rules applied to this filter. Drop all packets. Cisco supplies this default filter for Ethernet 3, but it is not selected by default.
  • -None- = No filter applied to the interface, which means there are no restrictions on data packets. This is the default selection for Ethernet 1 and 3.

Other filters that you have configured also appear in this menu.

Speed

Click the Speed drop-down menu button and choose the interface speed:

  • 10 Mbps = Fix the speed at 10 megabits per second (10Base-T networks).
  • 100 Mbps = Fix the speed at 100 megabits per second (100Base-T networks).
  • 10/100 auto = Let the VPN Concentrator automatically detect and set the appropriate speed, either 10 or 100 Mbps (default). Be sure that the port on the active network device (hub, switch, router, etc.) to which you connect this interface is also set to automatically negotiate the speed. Otherwise, choose the appropriate fixed speed.

Duplex

Click the Duplex drop-down menu button and choose the interface transmission mode:

  • Auto = Let the VPN Concentrator automatically detect and set the appropriate transmission mode, either full or half duplex (default). Be sure that the port on the active network device (hub, switch, router, etc.) to which you connect this interface is also set to automatically negotiate the transmission mode. Otherwise, choose the appropriate fixed mode.
  • Full-Duplex = Fix the transmission mode as full duplex: transmission in both directions at the same time.
  • Half-Duplex = Fix the transmission mode as half duplex: transmission in only one direction at a time.

MTU

The MTU value specifies the maximum transmission unit (packet size) in bytes for the interface. Valid values range from 68 through 1500. The default value, 1500, is the MTU for IP.

Change this value only on an interface that terminates a VPN tunnel, typically a public or external interface.

Change this value only when the VPN Concentrator is dropping large packets because of the additional 8 bytes that a PPPoE header adds, or when other intermediate devices drop large, fragmentable packets without issuing an ICMP message. In such these cases, determine the largest packet size that can pass without being dropped, and set the MTU to that value. The object is to reduce overhead on the system by sending packets that are as large as possible, but that are not so large as to require fragmentation and reassembly.

A good way to find out the largest packet size that can be passed is to use the PING utility as follows:

ping -f -l <frame size in bytes> <destination IP address>, where

f = do not fragment

l = packet length.

For example: ping -f -l 1400 10.10.32.4

Note   The value you use when pinging does not include IP, ICMP, or Ethernet headers, which total 42 bytes. You need to include these 42 bytes when you set the MTU value for the interface.

If the interface is receiving large packets that require fragmentation, and the DF (Don't Fragment) bit is set, use the third option in the IPSec Fragmentation Policy field below. You can find out if the DF bit is set by using a traffic analyzer, or you may receive this ICMP message: "Fragmentation required but the DF bit is set."

Note   Changing the MTU or the fragmentation option on any interface tears down all existing connections. For example, if 100 active tunnels terminate on the public interface, and you change the MTU or the fragmentation option on the external interface, all of the active tunnels on the public interface are dropped.

IPSec Fragmentation

The IPSec fragmentation policy specifies how to treat packets that exceed the MTU setting when tunneling traffic through the public interface. This feature provides a way to handle cases where a router or NAT device between the VPN Concentrator and the client rejects or drops IP fragments. For example, suppose a client wants to FTP get from an FTP server behind a VPN Concentrator. The FTP server transmits packets that when encapsulated would exceed the VPN Concentrator's MTU size on the public interface. The following options determine how the VPN Concentrator processes these packets.

The fragmentation policy you set here applies to all traffic travelling out the VPN Concentrator public interface to clients running version 3.6 or later software. The second and third options described below may affect performance.

Note   Clients running software versions earlier than 3.6 or L2TP over IPSec clients can use only the first option, "Do not fragment prior to IPSec encapsulation; fragment prior to interface transmission."

The setting you configure applies to 3.6 and later clients only. The VPN Concentrator ignores the setting for clients running software versions earlier than 3.6 and protocols other than IPSec. For these clients the first option applies: "Do not fragment prior to IPSec encapsulation; fragment prior to interface transmission."
Do not fragment prior to IPSec encapsulation; fragment prior to interface transmission

The VPN Concentrator encapsulates all tunneled packets. After encapsulation, the VPN Concentrator fragments packets that exceed the MTU setting before transmitting them through the public interface. This is the default policy for the VPN Concentrator. This option works for situations where fragmented packets are allowed through the tunnel without hindrance. For the FTP example, large packets are encapsulated and then fragmented at the IP layer. Intermediate devices may drop fragments or just out-of-order fragments. Load-balancing devices can introduce out-of-order fragments.

Fragment prior to IPSec encapsulation with Path MTU Discovery (ICMP)

The VPN Concentrator fragments tunneled packets that would exceed the MTU setting during encapsulation. For this option, the VPN Concentrator drops large packets that have the Don't Fragment (DF) bit set, and sends an ICMP message "Packet needs to be fragmented but DF is set" to the packet's initiator. The ICMP message includes the maximum MTU size allowed. Path MTU Discovery means that an intermediate device (in this case the VPN Concentrator) informs the source of the MTU permitted to reach the destination.

If a large packet does not have the DF bit set, the VPN Concentrator fragments prior to encapsulating thus creating two independent non-fragmented IP packets and transmits them out the public interface. This is the default policy for the VPN 3002 hardware client.

For this example, the FTP server may use Path MTU Discovery to adjust the size of the packets it transmits to this destination.

Fragment prior to IPSec encapsulation without Path MTU Discovery (Clear DF bit)

The VPN Concentrator fragments tunneled packets that exceed the MTU setting before encapsulating them. If the DF bit on these packets is set, the VPN Concentrator clears the DF bit, fragments the packets, and then encapsulates them. This action creates two independent non-fragmented IP packets leaving the public interface and successfully transmits these packets to the peer site by turning the fragments into complete packets to be reassembled at the peer site. In our example, the VPN Concentrator overrides the MTU and allows fragmentation by clearing the DF bit.

RIP Parameters Tab

RIP is a routing protocol that routers use for messages to other routers, to determine network connectivity, status, and optimum paths for sending data traffic. RIP uses distance-vector routing algorithms, and it is an older protocol that generates more network traffic than OSPF. The VPN Concentrator includes IP routing functions that support RIP versions 1 and 2. Many private networks with simple topologies still use RIPv1, although it lacks security features. RIPv2 is generally considered the preferred version; it includes functions for authenticating other routers, for example.

To use the Network Autodiscovery feature in IPSec LAN-to-LAN configuration, or to use the automatic list generation feature in Network Lists, you must enable Inbound RIPv2/v1 on Ethernet 1. (It is enabled by default.)


Figure 3-6   Configuration | Interfaces | Ethernet 1 2 3 screen, RIP Tab


Inbound RIP

This parameter applies to RIP messages coming into the VPN Concentrator. It configures the system to listen for RIP messages on this interface.

Click the Inbound RIP drop-down menu button and choose the inbound RIP function:

  • Disabled = No inbound RIP functions. The system does not listen for any RIP messages on this interface (default for Ethernet 2 and 3).
  • RIPv1 Only = Listen for and interpret only RIPv1 messages on this interface.
  • RIPv2 Only = Listen for and interpret only RIPv2 messages on this interface.
  • RIPv2/v1 = Listen for and interpret either RIPv1 or RIPv2 messages on this interface (default for Ethernet 1).

Outbound RIP

This parameter applies to RIP messages going out of the VPN Concentrator; that is, it configures the system to send RIP messages on this interface.

Click the Outbound RIP drop-down menu button and choose the outbound RIP function:

  • Disabled = No outbound RIP functions. The system does not send any RIP messages on this interface (default).
  • RIPv1 Only = Send only RIPv1 messages on this interface.
  • RIPv2 Only = Send only RIPv2 messages on this interface.
  • RIPv2/v1 compatible = Send RIPv2 messages that are compatible with RIPv1 on this interface.

OSPF Parameters Tab

OSPF is a routing protocol that routers use for messages to other routers, to determine network connectivity, status, and optimum paths for sending data traffic. OSPF uses link-state routing algorithms, and it is a newer protocol than RIP. It generates less network traffic and generally provides faster routing updates, but it requires more processing power than RIP. The VPN Concentrator includes IP routing functions that support OSPF version 2 (RFC 2328).

OSPF involves interface-specific parameters that you configure here, and system-wide parameters that you configure on the Configuration | System | IP Routing screens.


Figure 3-7   Configuration | Interfaces | Ethernet 1 2 3 Screen, OSPF Tab


OSPF Enabled

To enable OSPF routing on this interface, check the OSPF Enabled check box. (By default it is unchecked.)

To activate the OSPF system, you must also configure and enable OSPF on the Configuration | System | IP Routing | OSPF screen.

OSPF Area ID

The area ID identifies the subnet area within the OSPF Autonomous System or domain. Routers within an area have identical link-state databases. While its format is that of a dotted decimal IP address, the ID is only an identifier and not an address.

The 0.0.0.0 area ID identifies a special area, the backbone, that contains all area border routers, which are the routers connected to multiple areas.

Enter the area ID in the field, using IP address format in dotted decimal notation (for example, 10.10.0.0). The default entry is 0.0.0.0, the backbone. Your entry also appears in the OSPF Area list on the Configuration | System | IP Routing | OSPF Areas screen.

OSPF Priority

This entry assigns a priority to the OSPF router on this interface. OSPF routers on a network elect one to be the Designated Router, which has the master routing database and performs other administrative functions. In case of a tie, the router with the highest priority number wins. A 0 entry means this router is ineligible to become the Designated Router.

Enter the priority as a number from 0 to 255. The default is 1.

OSPF Metric

This entry is the metric, or cost, of the OSPF router on this interface. The cost determines preferred routing through the network, with the lowest cost being the most desirable.

Enter the metric as a number from 1 to 65535. The default is 1.

OSPF Retransmit Interval

This entry is the number of seconds between OSPF Link State Advertisements (LSAs) from this interface, which are messages that the router sends to describe its current state.

Enter the interval as a number from 0 to 3600 seconds. The default is 5 seconds, which is a typical value for LANs.

OSPF Hello Interval

This entry is the number of seconds between Hello packets that the router sends to announce its presence, join the OSPF routing area, and maintain neighbor relationships. This interval must be the same for all routers on a common network.

Enter the interval as a number from 1 to 65535 seconds. The default is 10 seconds, which is a typical value for LANs.

OSPF Dead Interval

This entry is the number of seconds for the OSPF router to wait before it declares that a neighboring router is out of service, after the router no longer sees the neighbor's Hello packets. This interval should be some multiple of the Hello Interval, and it must be the same for all routers on a common network.

Enter the interval as a number from 0 to 65535 seconds. The default is 40 seconds, which is a typical value for LANs.

OSPF Transit Delay

This entry is the estimated number of seconds it takes to transmit a link state update packet over this interface, and it should include both the transmission and propagation delays of the interface. This delay must be the same for all routers on a common network.

Enter the delay as a number from 0 to 3600 seconds. The default is 1 second, which is a typical value for LANs.

OSPF Authentication

This parameter sets the authentication method for OSPF protocol messages. OSPF messages can be authenticated so that only trusted routers can route messages within the domain. This authentication method must be the same for all routers on a common network.

Click the OSPF Authentication drop-down menu button and choose the authentication method:

  • None = No authentication. OSPF messages are not authenticated (default).
  • Simple Password = Use a clear-text password for authentication. This password must be the same for all routers on a common network. If you choose this method, enter the password in the OSPF Password field that follows.
  • MD5 = Use the MD5 hashing algorithm with a shared key to generate an encrypted message digest for authentication. This key must be the same for all routers on a common network. If you choose this method, enter the key in the OSPF Password field that follows.

OSPF Password

If you chose Simple Password or MD5 for OSPF Authentication, enter the appropriate password or key in this field. Otherwise, leave the field blank.

  • For Simple Password authentication, enter the common password. The maximum password length is 8 characters. The Manager displays your entry in clear text.
  • For MD5 authentication, enter the shared key. The maximum shared key length is 8 characters. The Manager displays your entry in clear text.

Apply / Cancel

To apply your settings to this interface and include your settings in the active configuration, click Apply. The Manager returns to the Configuration | Interfaces screen.

Bandwidth Parameters Tab

The Bandwidth Parameters Tab lets you enable bandwidth management on the selected interface, define the link rate for the interface and assign a bandwidth management policy to be used on the interface. Before you do these steps, you must have already created a bandwidth management policy. To create a bandwidth management policy, use the Configuration | Policy Management | Traffic Management | Bandwidth Policies | Add screen.

For detailed information on the Bandwidth Management feature, see the Configuration | Policy Management | Traffic Management | Bandwidth Policies | Add or Modify section.


Figure 3-8   Configuration | Interfaces | Ethernet 1 2 3 Screen, Bandwidth Tab


Bandwidth Management

To enable bandwidth management on this interface, check the Bandwidth Management check box.

Link Rate

The link rate is the speed of the network connection through the Internet.

Note   The defined link rate is the available Internet bandwidth, not the physical LAN connection rate. If the router in front of the VPN Concentrator has a T1 connection to the Internet, set the link rate to 1544 kbps.

Enter a value for the speed of the network connection for this interface, and select a unit of measurement.

  • bps—bits per second
  • kbps—one thousand bits per second
  • Mbps—one million bits per second

The default link rate is 1544 kbps.

Bandwidth Policy

Select a policy from the drop-down list. If there are no policies in this list, you must go to Configuration | Policy Management | Traffic Management | Bandwidth Policies and define one or more policies.

The policy you apply here is a default bandwidth policy for all users on this interface. This policy is applied to users who do not have a bandwidth management policy applied to their group.

Apply/Cancel

To apply this change to the configuration, click Apply. To cancel the action, click Cancel.

Reminder:

To save the active configuration and make it the boot configuration, click the Save Needed icon at the top of the Manager window.

To discard your settings, click Cancel. The Manager returns to the Configuration | Interfaces screen.