Sapphire/Topaz VASC Instructor Guide
Module 5: Ethernet Basics & VFI Cisco
Router Configuration
Client Services, Training
300 S. Park Place Blvd.
Suite 100
727.953.4000 – Main Reception
727.953.4270 – Training Administration
408.232.7244 - Fax
i_trngregistration@smokestack.verifone.com
Sapphire/Topaz VASC Instructor Guide
Module 5 Router Basics & VeriFone Router Configuration
Published: June 20, 2009
VeriFone, Inc.
Integrated Systems
300 South Park Place Blvd., Suite 100
Clearwater, FL 33759
Office: (727) 953-4000
Fax: (727) 953-4001
Printed in the United States of America
© 2009 VeriFone, Inc.
All rights reserved.
No part of this publication may be copied, distributed, stored in a retrieval system,
translated into any human or computer language, or transmitted in any form or by
any means, without the prior written consent of VeriFone, Inc.
The content of this document is subject to change without notice. The information
contained herein does not represent a commitment on the part of VeriFone, Inc.
VeriFone, Inc. is a registered trademark of VeriFone, Inc.
All other brand names and trademarks appearing in this documentation are the
property of their respective owners.
Published: 06/20/09
VeriFone Confidential
Page: 2
Sapphire/Topaz VASC Instructor Guide
Module 5 Router Basics & VeriFone Router Configuration
Document Revision History
Revision Revision
Version Date
Author
Description
1.0
1.1
1.2
05/01/07
05/04/07
5/15/08
Cindy_B1
Marcus_S1
Tony_P4
1.3
06/20/2009
Tony_P4
Original Documentation
Added VFI/Cisco specifics
Reconfigured information and renamed to Ethernet
and routing basics
Minor updates including clarification on terms and
correction to ‘when a router is required’, added note
about ‘off the shelf’ router support/configuration
Date of Printing: June 20, 2009
Published: 06/20/09
VeriFone Confidential
Page: 3
Sapphire/Topaz VASC Instructor Guide
Module 5 Router Basics & VeriFone Router Configuration
Subject: Ethernet Basics & VFI Cisco Router Configuration
Skill Level: 3 – Expert
Time Involved: 1 hour
Objective(s)
Successfully configure a VFI/Cisco router to establish connectivity with Sapphire. This
includes:
 Demonstrate the ability to configure the VFI/Cisco router per VeriFone
specifications.
 Ability to determine the current IP address assigned on a terminal or device.
 Demonstrate how to release an IP address and use for troubleshooting network
problems.
 Demonstrate how to renew an IP address and use for troubleshooting network
problems.
 Ability to set up both Static and Dynamic addressing in the VFI/Cisco router.
 Demonstrate how to test an IP address to ensure connectivity has been attained.
Documentation Needed
 Instructor Guide – Module 4: Router Basics & VeriFone Router Configuration
 VASC Service Manual, Software Utilities
o VeriFone Routing Requirements
o VFI/Cisco Router Configuration Utility Guide
 Student Handouts:
o VeriFone Routing Requirements
o Verifying Ruby/HPV-20 Connectivity
Software Needed
 Cisco Router Configuration Utility
Equipment Needed
 Pencils, pens, highlighters, and post-its for students.
 Sapphire system – 1 for each student, includes
o HPV-20 – 1 for each student
o Sapphire – 1 for each student
 Student Activities Supply Box – 1 for each student
o 3 patch CAT-5 Ethernet cables
o VFI/Cisco Router – 1 for each student
 Laptops with Windows 2000 or newer and Internet Explorer 6.0 or higher
Published: 06/20/09
VeriFone Confidential
Page: 4
Sapphire/Topaz VASC Instructor Guide
Module 5 Router Basics & VeriFone Router Configuration
Instructor Notes
The Topaz Pre-Course Certification and the Day One Homework Assignment should have
sufficiently prepared students for router configurations.
Prior to instructing this module discuss the Homework Assignment to ensure students have
a basic understanding of what a router is used for and basic networking terminology.
In this module general router information and terminology will be discussed. At the end of
this module, the students will configure a VFI/Cisco router. In the next module we will
continue with router configurations discussing how to correctly configure and install a nonVFI/Cisco router. Defer any such questions concerning configurations on other routers until
that time. Also, a later module will be discussed concerning interfacing a VFI/Cisco router to
an existing site router. Again, defer any such questions concerning those configuration
procedures until that time.
Terminology
The Sapphire will use FTP, HTTP, and Telnet protocol’s to send and get data; this is
accomplished through the router. Review the following terms before proceeding with the
router configuration procedures. A good choice is to use the PC projector and bring up the
terms on WEBOPEDIA.COM. Pay special attention to IPCONFIG, IPCONFIG /RENEW,
IPCONFIG /RELEASE, and PING:
 FTP:
Definition: File Transfer Protocol, usually referred to as FTP. This protocol is
commonly used to transfer web page files from their creator to the computer that acts
as their server for everyone on the Internet.
Example: If you were a Webmaster and created a web page you would use FTP
to transfer your web page to the server. The server is hosting (holding or storing) the
information. FTP is commonly used to download programs and files to your
computer from other servers.

HTTP:
Definition: HTTP is Hypertext Transfer Protocol. In order for Internet Explorer (or
other browser) to transfer and display a web page on your computer it is sent using
the Hypertext Transfer Protocol (HTTP).
Example: Basically the job of the Hypertext Transfer Protocol is to send web
pages to your computer from the host or server where the web page resides.
NOTE: A key difference between HTTP and FTP is that FTP is giving a TRUE copy
of the file when you download/upload, whereas HTTP is a protocol that has to do
with viewing the file. Further, FTP works both ways, to download and upload
information, HTTP in contrast is a one way system that only transfers contents from
a server to a web browser (for viewing). It is important that students are able to
distinguish the difference between these terms.

Telnet:
Definition: Telnet is the way to access someone else's computer, assuming they
have given you permission. More technically, Telnet is a user command for
accessing remote computers. On the Web, HTTP and FTP protocols allow you to
request specific files from remote computers, but not to actually be logged on as a
Published: 06/20/09
VeriFone Confidential
Page: 5
Sapphire/Topaz VASC Instructor Guide
Module 5 Router Basics & VeriFone Router Configuration
user of that computer. With Telnet, you log on as a regular user with whatever
privileges you may have been granted to the specific application and data on that
computer.
Example: The old VeriFone BBS system used telnet connectivity. A VASC was
allowed to access certain files, download specific information, and even
communicate with other users while not actually logged on to the BBS server.

SSL:
Definition: Secure Socket Layer or SSL. The SSL security protocol provides data
encryption, server authentication, message integrity, and optional client
authentication for a TCP/IP connection. Because SSL is built into all major browsers
and web servers, simply installing a digital certificate turns on their SSL capabilities.
Example: If you have made a credit card purchase on the internet, you have
(hopefully) used SSL. Two indicators that SSL protocol is in use are a padlock icon
appearing in the bottom left of your browser window and the http:// in the address
line becomes https.

VNC:
Definition: Virtual Network Computing or VNC. A remote display system. VNC
allows you to view a computing 'desktop' environment not only on the machine where
it is running, but from anywhere on the Internet and from a wide variety of machine
architectures.
Example: If you have used an application like PC Anywhere to access your home
PC from the office, you have used VNC.

DNS
Definition: Domain Name Server. Allows the user to type in a mane that
represents the IP address desired. The DNS recognizes the name and directs the
user request to the correct IP address.
Example: A user opens Internet Explorer and enters http://yahoo.com on the
address line. DNS will translate the request into the IP address for yahoo and take
you to the yahoo homepage.

Static and Dynamic IP Addresses:
Static Addressing:
Definition: When networking was first developed TCP/IP addresses were assigned
a specific location on the system. The IP address was considered “static”.
Example: If the employee moved to a different location within the building the
Network Administrator would have to manually change the location on the network.
Now if you only have 5 or 6 people on a network it’s probably not a big deal.
However, as networks become bigger and bigger it took a great deal of effort for a
Network Administrator to keep track of all the IP Addresses, placements on the
network, where people were moving from and to, etc. This type of addressing
became a logistic nightmare for large networks.
Published: 06/20/09
VeriFone Confidential
Page: 6
Sapphire/Topaz VASC Instructor Guide
Module 5 Router Basics & VeriFone Router Configuration
DHCP Addressing:
Definition: A new type of system was developed, the Dynamic Host Configuration
Protocol, or DHCP. With this type of protocol the Network Administrator no longer
assigns an EXACT address or location for each terminal on the network. The IP
Addresses became “dynamic”. With DHCP the Network Administrator assigns a
block of IP address numbers on the network. When a terminal logs on to the
network, the DHCP finds an available or open location (from the block of numbers)
and automatically assigns the terminal a location.

IPConfig:
Definition: This DOS command is commonly used to determine to what IP address
a terminal (in class use, the laptop) is currently assigned.
Example: At the DOS prompt, typing ipconfig will return a display similar to:
Ethernet Adapter:
IP Address……………….192.168.3.1
Subnet Mask……………..255.255.255.248
Default Gateway…………192.168.33.11
The Default Gateway address is the address to be concerned with when configuring
the router.

ipconfig /release:
Definition: DOS Command used to release or instruct the terminal (in class use,
the laptop) to stop looking to the current IP address. When you release the IP
address you are basically letting the network know you no longer need to be
assigned to the current address

ipconfig /renew:
Definition: DOS Command normally used after you have released an IP address.
After releasing the IP address the command IPCONFIG /RENEW will initiate or
instruct the terminal to search for a “fresh” IP address.

PING
Definition: DOS command used for troubleshooting Ethernet connectivity. Ping
sends out a packet to a specified device and waits for returned data. Ping will verify
connectivity, NOT communications.

Firewall
Definition: The security features initiated by the router setup preventing
unauthorized users from hacking into the LAN.
Router Basics
Review the reasons for the need of a hub, switch or router and advantages of Internet
connectivity. Reference the homework from the previous night. At this time introduce 2
terms: LAN and WAN.
Explain that LAN is Local Area Network and in our situation refers to the local in-store
network which will consist of the Sapphire, HPV-20 and Topaz(s) and may also include the
Back Office PC and other devices such as the in-store security cameras, TLS, etc. Stay
Published: 06/20/09
VeriFone Confidential
Page: 7
Sapphire/Topaz VASC Instructor Guide
Module 5 Router Basics & VeriFone Router Configuration
very clear on LAN vs. WAN. Example, VeriFone has 50 offices, each is on a LAN, a WAN
connection then links all LAN connections together and gives them access outside of the
building.
Explain that the WAN is a Wide Area Network (internet) and will connect the site to an
outside resource, such as a corporate or home office.
Instruct students to find the Cisco router. Point out the 4 LAN and 1 WAN ports on the
router.
Explain the Sapphire and HPV-20 will connect to the LAN ports and the remaining ports may
be used for other devices such as BO PC, VASC laptop, etc.
If more than 4 devices need router connectivity, the site may use a hub or switch. Because
of its functionality a switch would be preferred over a hub (refer to the homework information
if needed).
Stress the circumstances when a router would be required at a site:
 If a site requires more than 2 Ethernet connections (Sapphire and HPV-20 are
required)
 If a site desires to have remote communications into the Sapphire.
If the Back Office PC does not have a static IP address, a router with DHCP enabled must
be used.
If a tech desires to “patch in” to the LAN for troubleshooting, configuration changes, etc. a
router with DHCP enabled should be used.
If the site has or will have internet connectivity and does not have an existing router, the site
must purchase a router (VFI/Cisco recommended) to connect to the Internet Provider
Service’s modem through the WAN port of the router.
If the site has an existing router, the Sapphire and HPV-20 will connect to our router and our
router will connect via their router to the WAN. Specifics on this configuration will be
addressed later in the course in an Advanced Router Configuration module.
Remote Connectivity
One of the features of the Sapphire is remote access to a user interface known as the
Sapphire Management Suite. The SMS uses Internet Explorer (v6.0 or higher) to display,
add, change, update, and delete information. Explain the SMS will be discussed in detail
later in the training session.
Discuss the importance of this feature using the following example: ABC Oil Company owns
10 C-Stores, they want all their sites to have the same PLU’s, same menu’s, keyboard
configuration, etc. The manager of the Marketing Department will be running a special
promotion this next week. The special is on Snickers candy bars – 3 for $1. He wants to
program this using the Combo File and also set up a Soft Key.
With the SMS the Marketing Manager can access the Sapphire remotely and configure or
upload the Combo File and the Soft Key File. He can then send a message to each site
manager to let him or her know the soft key has now been changed. This will be further
Published: 06/20/09
VeriFone Confidential
Page: 8
Sapphire/Topaz VASC Instructor Guide
Module 5 Router Basics & VeriFone Router Configuration
discussed in later modules, the information about remote connectivity in this module is only
for general information.
Points to Stress for Remote Connections:
 The site MUST have an internet connection (Ethernet Based)
o Cable, DSL, VSAT, ISDN etc…
 If the site has a Back Office PC and using GemCom32 to transfer data, BOTH an
RS232 and Ethernet connection from the back office PC is required and must be
present and active at all times.
 When remote connections are being setup, they must be configured based on PCIDSS guidelines, available in the PA-DSS Implementation Guide in the VASC Service
Manual.
Configuring the VFI/Cisco Router
Instruct students to introduce power to the Cisco router. Instruct students connect their
laptop to one of the LAN ports on the router and open a DOS window. Discuss the
IPCONFIG, Release, and Renew commands. Have them observe the Default Gateway
address at each step.
DOS Command: IPCONFIG
Used to determine the current Internet Protocol Configuration settings for the PC.
 Go to your DOS prompt or command prompt and type: IPCONFIG
 Press the <Enter> key.
After pressing the <Enter> key, the screen will display several lines of information. The first
line indicates the windows version you are running. Next you have a section indicating
Ethernet adapter Local Area Connection. On the second line you will find the current IP
address your computer has been assigned. (if not connected to the router the students may
get a message stating no device is found.)
DOS Command: ipconfig /release
When you release the IP address you are basically letting the network know you no longer
need to be assigned to the current address. There are other reasons for using the ipconfig
/release command. They include:
 If the network is using a DHCP server and a terminal(s) is having trouble communicating
with the network, you might try getting a new lease or renewing an existing lease on the
IP address.
 You many need to configure a router or set up a DHCP server using a computer already
assigned an IP address. When you configure the DHCP server, sometimes your
computer will hold on to the previous IP address location. When this happens you will
try to connect your computer to the server in order to configure it, but your computer will
not be able to find it. The reason why is because your computer is still holding on to the
IP address it is using when connecting to the network. If you release the address it will
un-assign the current location on the network
To release your current IP address, do the following:
1. Go to your DOS prompt or command prompt and type: IPCONFIG /RELEASE (there is
a space between IPCONFIG and the /).
Published: 06/20/09
VeriFone Confidential
Page: 9
Sapphire/Topaz VASC Instructor Guide
Module 5 Router Basics & VeriFone Router Configuration
2. Press the <Enter> key.
DOS Command: ipconfig /renew
The renew command is used after you have released an IP address. After releasing the IP
address by using the DOS command IPCONFIG /RELEASE you will initiate a “fresh” IP
address.
When you use IPCONFIG /RENEW, the terminal will attempt to contact the DHCP server
and renew the existing IP address or will obtain a new IP address.
To renew an IP address, do the following:
1. Go to your DOS prompt or command prompt and type: IPCONFIG /RENEW (there is a
space between IPCONFIG and the /).
2. Press the <Enter> key.
Router Configuration Specifics
Refer students to the VFI Routing Requirements document.
Specify the correct Port Forwarding configurations and why they are important (if not
properly configured, there will be no remote communications to Sapphire or remote
communications will not be secure).
The port forwarding and other configurations discussed are installed into the VFI/Cisco
router automatically when the VFI/Cisco Router Configuration Utility is run on the VFI/Cisco
router. In addition to the configurations specified, the router is also set as a DHCP server
with the Dynamic IP address range of 192.168.31.200 to 192.168.31.250.
VeriFone uses only 3 port forwards now based on PA-DSS compliance. These three routes
are secure forwards for SSL, SSH and SSH to the HPV-20. These three forwards will allow
users to access the Sapphire system remotely.
VFI/Cisco Router
Instruct students to download and install the VFI/Cisco Router Configuration Utility. Explain
the VFI/Cisco router was at one time a “plug-n-play” set-up as the factory configuration was
the VFI default configuration. There have been some major changes since the original
design so every VFI/Cisco router will need to have the current configuration installed.
Explain there are multiple versions of the VFI Router Configuration Utility, version 2.00.02 is
the most recent of the router configuration utilities and should be used at all times. It is
available on the Premier Portal and in the VASC Service Manual. Further stress the
VeriFone Router may only be configured using the VeriFone Router Configuration Utility, all
other access has been disabled from the factory.
Walk the students through the configuration utility in the following order:
Connections - Have the students make the proper connections based on the router
configuration guide.
Factory Reset - Do not have the students perform a Factory Reset as this can sometimes
take up to 15 minutes for the router to complete the reset process; simply discuss the
process.
Published: 06/20/09
VeriFone Confidential
Page: 10
Sapphire/Topaz VASC Instructor Guide
Module 5 Router Basics & VeriFone Router Configuration
Set-up Router - Have the students complete the Setup Router process discussing the
differences between the Dynamic and Static configurations. Stress the VeriFone Router
may ONLY be configured with the VeriFone Router Configuration Utility.
Choose a custom configuration first to display the fields that will be filled for advanced
routing. This will be talked about further in the Advanced Router Configuration Module. (set
up as Dynamic at this time).
Note: The VeriFone Router Configuration Utility v 2.00.00 has a known issue with the Cisco
851 router. When configuring the 851 router, all information will be sent to the router and it
will configure correctly however you will always receive an error message indicating that the
startup file was not found. This error is normal and is in the process of being corrected.
Make sure the students are aware of this issue and further emphasize they need to check
the Premier Portal for the most current version of the VeriFone Router Configuration Utility.
Retrieve Configuration - Finally, have the students run the Retrieve Configuration
command and discuss each of the information lines – what they are, what they mean, where
and/or how they were obtained, etc. When running the Retrieve Configuration function point
out the WAN IP address is the current Site IP address. Also make certain the students
realize the utility will ping the HPV-20, Sapphire, and Topaz(s) using their static IP
addresses.
After configuring the VFI/Cisco router, have the students open a DOS window and again
walk them through the IPCONFIG command (and release and renew if necessary). Have the
students PING the Sapphire. Explain the 4 attempts and the messages received if
connection is made or lost if not received.
Inform the students that they may have trouble communicating with the router the next time
they try to configure it (in the End of Day exercise or for the Exam). Remind them they may
need to run IPCONFIG /RELEASE and /RENEW commands for their laptop to recognize the
IP address.
Trouble-shooting and Testing Connectivity
Refer students to the Ruby/HPV-20 Communications handout and discuss how to ping each
device.

What if you do not obtain connectivity? First, like most troubleshooting relating to
communications, cables and connections should be checked. Are the cables and
connections securely connected to the ports? Are the correct ports being used? Are
the cables the correct ones? Do you obtain connectivity by replacing the cable?

IPCONFIG is especially useful for diagnosing network problems. If the network is
using static IP addresses, you can use the IPCONFIG command to see the TCP/IP
configuration as Windows sees it. The information displayed is not simply a
regurgitation of what’s inserted into the TCP/IP properties sheet. Rather it is a way
to tell if Windows has accepted the address that you have used.

If the network is using a DHCP server, you can use IPCONFIG to see what address
DHCP has assigned. For example, using the IPCONFIG command, you see an IP
Published: 06/20/09
VeriFone Confidential
Page: 11
Sapphire/Topaz VASC Instructor Guide
Module 5 Router Basics & VeriFone Router Configuration
address of 0.0.0.0, then the computer has either lost communications with the DHCP
server, or the DHCP server is malfunctioning.

In order to verify or test the connectivity of an IP address/terminal, the most
commonly used DOS command is the PING command. When troubleshooting or
when using PING, you are basically asking the system, “Can you see me?”
For example, you are setting up a new network. You have set up the IP addresses
for each terminal and now are ready to test the connectivity. Let’s say your IP
address is 10.64.134.34. At this point go to the DOS prompt and type: PING
10.64.134.34 and press the <ENTER> key.
By default, PING attempts the connectivity 4 times.
Each ping waits
4,000 milliseconds (4 seconds) for each response to be returned before displaying
the "Request Timed Out" message. You will receive a message indicating the
number of attempts, how many were received, and how many were lost.

Students may come to class with a static IP address set in their laptop. Instruct the
student how to open Internet Options and change the TCP/IP settings to Dynamic.
Remember to write down the static IP address so they can switch it back after
completing the course.
“Off The Shelf” Routers
VeriFone will support to a limited extent, “off the shelf” routers. It should be explained to the
students that VeriFone does walk VASC’s through configuration of “off the shelf” routers and
further:
VeriFone provides VASC's the ability to purchase the VeriFone Cisco 851 and formerly the
VeriFone Cisco Soho 91.
These routers are advantageous because VeriFone provides full support for their features
and connectivity.
"Off-the-shelf" routers are not supported in the same way as the VeriFone Cisco routers.
This is because every 'off the shelf' router is different and the VeriFone routing requirements
may not be able to be configured correctly.
VeriFone's role in support of "off the shelf" routers is limited to:
 Advising of VeriFone Routing Requirements
 Explaining the cabling diagrams available in the VASC Service Manual
 Troubleshooting cabling and hardware placement based on VeriFone documented
methods. (PA-DSS Implementation Guide)
 Explaining PCI-DSS compliant installations with multiple routers as per the PA-DSS
Implementation guide
What VeriFone cannot provide for "off the shelf" routers:
 Programming assistance
 Troubleshooting of software intricacies
Published: 06/20/09
VeriFone Confidential
Page: 12
Sapphire/Topaz VASC Instructor Guide
Module 5 Router Basics & VeriFone Router Configuration
Published: 06/20/09
VeriFone Confidential
Page: 13