® OfficeConnect® Remote 812 ADSL Router CLI User’s Guide Release 2.0 http://www.3com.
3Com Corporation 5400 Bayfront Plaza Santa Clara, California 95052-8145 Copyright © 2001 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
Table of Contents 1 ACCESSING THE CONFIGURATION INTERFACE Establishing Communications with the OfficeConnect Remote 812 Local Connection 1 -1 IBM-PC Compatible Computers 1 -1 Macintosh Computers 1 -1 UNIX-Based Computers 1 -2 Remote Connection 1 -2 1 -1 2 CLI COMMAND CONVENTIONS AND TERMINOLOGY Command Structure 2 -1 Format 2 -1 Parameters 2 -1 Values 2 -1 Names or Strings 2 -2 Network Address Formats 2 -2 Abbreviation and Command Completion Control Characters 2 -2 Help 2 -2 Conventions 2 -3 Command Langu
Quick Setup Script Instructions 4 -2 Quick Setup Script 4 -2 Do you want to continue Quick Setup? 4 -2 Password Protection 4 -2 Which portions of the network do you want to configure? Quick Setup Identification Information 4 -3 Quick Setup Management Information 4 -3 TELNET information 4 -4 Quick Setup IP Information 4 -4 Quick Setup IPX Information 4 -5 Quick Setup Bridge Information 4 -6 Sample Identification Information 4 -6 Sample Output Display as Quick Setup Executes 4 -7 4 -2 5 QUICKVC SETUP CLI Qu
Setting Up a Virtual Private Network (VPN) Tunnel 6 -5 Tunnel Encryption 6 -5 VPN Tunneling Overview 6 -6 Before You Begin 6 -6 Initiating a VPN Tunnel 6 -6 Enabling and Disabling a VPN Tunnel 6 -7 Displaying VPN Tunnel Information 6 -7 Creating a VPN Tunnel Using 812 Default Values 6 -7 Tunnel Commands 6 -8 Creating a VPN Tunnel Using Non-Default Values 6 -9 Encrypting a PPTP or L2TP Tunnel 6 -9 Configuring Authentication and Encryption 6 -10 Configuring Windows 2000 Server to Support CHAP Authentication 6
Configuring the DHCP Relay 6 -29 Monitoring the DHCP Relay 6 -29 DNS 6 -29 Configuring DNS 6 -30 DNS Host Entries 6 -30 Managing the DNS Proxy 6 -30 Access Lists 6 -31 IPX Routing 6 -31 Enabling IPX Routing 6 -32 Configuring IPX for the LAN 6 -32 Configuring IPX for Remote Site Connections 6 -32 Configuring IPX Static and Framed Routes 6 -33 Configuring IPX Static and Framed Services 6 -34 Configuring IPX RIP and SAP 6 -35 Bridging 6 -35 Configuring Bridging for the LAN 6 -36 Configuring Bridging for the Re
IP RIP Packet Filtering Using CLI 6 -50 IPX Source and Destination Network Filtering Using CLI 6 -51 IPX Source and Destination Host Filtering Using CLI 6 -51 IPX Source and Destination Socket Number Filtering Using CLI 6 -51 IPX RIP Packet Filtering Using CLI 6 -52 IPX SAP Packet Filtering Using CLI 6 -52 Bridge / Generic Filtering Using CLI 6 -52 Step by Step Guide to Creating Filter Files Using CLI 6 -53 Assigning Filters 6 -54 Interface Filters 6 -54 Input Filters 6 -54 Output Filters 6 -54 Input Filter
B CLI COMMAND DESCRIPTION CLI Commands B -1 ADD B -1 add access B -1 add auto_filter eth_blk_dst B -1 add auto_filter vc_blk_netbios B -1 add bridge network B -1 add dns host address B -2 add dns server B -2 add filter B -2 add framed_route vc B -3 add framed_route tunnel B -3 add ip defaultroute gateway B -3 add ip network B -4 add ip route B -4 add ipx n
delete ipx service B -11 delete pat tcp vc B -11 delete pat udp vc B -11 delete nat [dynamic | static ] vc public_pool_start B -12 delete network service B -12 delete snmp community B -12 delete snmp trap_community B -12 delete syslog B -12 delete tftp client B -12 delete tunnel B -12 delete user B -12 delete vc B -12 DIAL B -13 dial B -13 DISABL
enable ip rip B -15 enable ip routing B -15 enable ipx network B -15 enable lan access B -15 enable link_traps interface B -16 enable network service B -16 enable security_option remote_user administration B -16 enable security_option snmp user_access B -16 enable snmp authentication traps B -16 enable tunnel B -16 enable telnet escape B -16 enable user B -16 enable vc B -16 exit CLI B -16 HANGUP B -16 hangup interface
list services B -21 list snmp communities or list snmp trap_communities B -21 list syslog B -21 list tcp connections B -22 list tftp clients B -22 list udp listeners B -22 list tunnel B -22 list users B -22 list vc B -22 login_required B -22 password B -22 PAUSED COMMANDS B -22 PING B -23 ping B -23 QUICKVC B -23 REBOOT B -23 RENAME B -23 rename file B -23 RESOLVE B -23 resolve name B -23 SAVE B -24 save all B -24 SET B -24 set adsl reset B -24 set
set system B -34 set syslog loglevel [level] B -34 set time
show memory B -50 show network settings B -50 show network counters B -50 show ppp on vc counters B -51 show ppp on vc settings B -51 show ppp on interface counters B -51 COUNTERS for PPP BUNDLE 1 B -51 COUNTERS for PPP LINK 1 - 5 B -51 show ppp on interface settings B -51 SETTINGS for PPP BUNDLE 1 B -52 SETTINGS for PPP BUNDLE 1 COMPRESSION Operational Status - Opened or Not Opened B -52 SETTINGS for PPP LINK 1 - 5 B -52 SETTINGS for PPP LINK 1 - 5 AUTHENTICA
POSITIONAL HELP B -57 Command Completion B -57 Output Pause B -58 Command Kill B -58 Comments B -58 3COM CORPORATION LIMITED WARRANTY FCC CLASS A VERIFICATION STATEMENT FCC CLASS B STATEMENT FCC DECLARATION OF CONFORMITY xiv
1 ACCESSING THE CONFIGURATION INTERFACE This chapter explains how to attach to the configuration interface locally via the console port or remotely via a Telnet session. This chapter also introduces you to the capabilities and conventions associated with management of your OfficeConnectâ Remote 812.
1-2 CHAPTER 1: ACCESSING THE CONFIGURATION INTERFACE UNIX-Based Computers Kermit, minicom and tip are typical terminal emulation programs for UNIX-based computers. Depending on the platform you’re using, you may need to modify a configuration file for vt100 settings. Remote Connection If you want to attach to the OCR 812 via the LAN or WAN interface of the unit, you will need to establish a Telnet connection to the unit.
CLI COMMAND CONVENTIONS AND 2 TERMINOLOGY This chapter describes the command syntax, conventions and terminology used within the Command Line Interface. Reviewing and understanding this chapter is essential for you to understand subsequent chapters. Command Structure Format Commands can be followed by values and/or parameters and values.
2-2 CHAPTER 2: CLI COMMAND CONVENTIONS AND TERMINOLOGY The type of value you enter must match the type requested. Numbers are either decimal or hexadecimal. Text can be either a string that you create, or it may be a list of options you must choose from. When choosing an option, type the text of the option exactly. Names or Strings “Double quotation marks” set off user-defined strings. If you want white space or special characters in a string, it must be enclosed by “double quotation marks”.
Command Structure 2-3 Help is most useful during configuration: query the list of possible parameters by typing ? and, when you find the value you need, type it without losing your place in the argument. Just be sure to leave a space between the keyword and the question mark. Conventions Command Language Terminology Most commands are not case sensitive. As a rule, only and [password] values require typing the correct case.
3 CONFIGURATION METHODS The OCR 812 CLI offers three setup choices, all of which are described in this section: the automated, Quick Setup method, the QuickVC Setup method, and the manual method. Review the capabilities of each below and decide which configuration method best suits your needs, then proceed to the appropriate chapter for detailed configuration guidelines for each method. Quick Setup Instructions The Quick Setup program for the CLI is designed to get your OCR 812 up and running fast.
3-2 CHAPTER 3: CONFIGURATION METHODS Manual Setup Instructions Once you become familiar with the CLI interface, you might find it more efficient to manage the OCR 812 manually. Manual configuration is most versatile in that you only enter commands that need to effectively change from the current configuration. Also, many of the advanced features can only be accessed through manual configuration (such as filtering).
QUICK SETUP 4 This chapter will describe in detail the operations of the Quick Setup program. It will identify the required information, steps involved, and sample output scripts from the execution of this program. CLI Quick Setup Script Introduction The CLI Quick Setup program allows you to quickly configure LAN-side, global and management settings for your OCR 812. Instead of using CLI commands, you will simply respond to a series of questions regarding different aspects of your configuration.
4-2 CHAPTER 4: QUICK SETUP Downgrading the Remote 812 Software to a Previous Version Downgrading the 812 software to an older version is not recommended (we suggest you upgrade to obtain the latest and most reliable software available). If you do choose to downgrade, we suggest you delete your existing configuration before or after you install the downgrade (in any case, you must delete the existing configuration).
CLI Quick Setup Script IPX ? [no] Bridging ? [no] 4-3 Quick Setup Identification Information Question Default Enter the name of your system: [] Who is the system contact person? [] Where is this system located? [] Your System Quick Setup Management Information Question Default Do you want to be able to manage the system via SNMP? [yes] Your System An SNMP community names a group of systems that can manage your system via SNMP. It is a rudimentary form of security.
4-4 CHAPTER 4: QUICK SETUP TELNET information Question Default Do you want to allow command line management via TELNET? [yes] Your System For TELNET management of the system, you need to create a user name and password to control access. Question Default Your System What user name will be allowed to manage this system? [root] What password will be used for this user ? [] Quick Setup IP Information The OCR 812 uses a network name to identify the network for future management commands.
CLI Quick Setup Script 4-5 The OCR 812 can act as a DHCP server, providing IP addresses to other stations on the local LAN. Question Default Your System Do you want the OfficeConnect Remote 812 to act [yes] as a DHCP server? Enter the start address for the DHCP IP address pool: [] Enter the end address for the DHCP IP address pool: [] It is possible to restrict access to the TFTP server to a specific system or a list of systems.
4-6 CHAPTER 4: QUICK SETUP Quick Setup Bridge Information The network name is used by the OCR 812 to identify your bridging setup. Question Default Enter the network name: [bridge] Your System The spanning tree algorithm is used to eliminate loops in a network that is linked together with bridges.
CLI Quick Setup Script 4-7 Sample Output Display as Quick Setup Executes OCR-DSL> set system name "name" OCR-DSL>set system location "vienna" OCR-DSL>set system contact "jc" OCR-DSL>enable command password “password” OCR-DSL>add snmp community public address 0.0.0.0 access RW OCR-DSL>enable security_option remote_user administration OCR-DSL>add user "root" password "!root" OCR-DSL>add ip network “test” interface eth:1 address 192.168.200.
QUICKVC SETUP 5 This chapter will describe in detail the operations of the OCR 812 QuickVC Setup Wizard program. It will identify the required information, steps involved, and sample output scripts from the execution of this program. CLI QuickVC Setup Script Introduction The CLI QuickVC Setup program allows you to quickly configure remote site profiles (virtual channel connections) for your OCR 812.
5-2 CHAPTER 5: QUICKVC SETUP The Category of Service and cell rate parameters only affect data transmitted from the OCR 812 to the remote site (upstream direction). The default value of UBR with a Peak Cell Rate of 0 will attempt to use all available upstream bandwidth when transmitting to the remote site. The ATM Configuration for VC “name” is now complete. Network Service PPP Parameters The OCR 812 supports either PPP, PPPoE, or RFC 1483 encapsulation.
CLI QuickVC Setup Script 5-3 Enter the local ip address for the WAN connection: (specified [ ] only) Do you want to use “name”’s remote router as the default gateway ? [no] Do you want to run RIP ? [no] Enter the version of RIP to run: (if applicable) [v2] The IP configuration for VC “name” is now complete. IP Configuration (Network Service RFC 1483) Port Address Translation (PAT) allows a single WAN-side IP address to be ‘shared’ by multiple LAN-side devices.
5-4 CHAPTER 5: QUICKVC SETUP IPX Routing (Network Service PPP) Question Default Is IPX traffic going to be routed over VC “name”? [no] Is the IPX WAN interface (S)pecified or (L)earned? [L] Is the IPX WAN interface (U)nnumbered or (N)umbered? [N] Enter the IPX network number for the WAN? [] Do you want IPX routing (RIP) to run over the WAN? [yes] Your System The IPX configuration for VC “name” is now complete.
CLI QuickVC Setup Script Sample Identification Information Sample Output Display as Quick Setup Executes 5-5 This section contains a sample of possible settings.
6 MANUAL SETUP This chapter describes how to manually set up the OCR 812 for routing or bridging. Configuration Overview The following steps provide an outline to follow when configuring the OCR 812 to route or bridge to remote networks. 1 Determine how the OCR 812 will be used (as an IP, IPX Router and/or Bridge) and gather information about your remote site connection using the Configuration Planning Forms provided with the unit.
6-2 CHAPTER 6: MANUAL SETUP Remote Site Management Each remote site that you want to connect to is accessed through a single ATM Virtual Channel connection. To set up connections over the WAN, a VC (remote site) profile must be created and edited. With this profile, you specify ATM Virtual Channel information, protocols, and addresses that determine the method of connection and communication to that remote site. You create VC profiles using the add vc command (e.g.
Remote Site Management 6-3 For example, if you want to change the PPP authentication password to testpassword for a profile called Internet you would do the following: disable vc Internet set vc Internet send_password testpassword enable vc Internet Configuring Network Service Information A Network Service defines the data encapsulation and protocol characteristics for the connection between the OCR 812 and the remote site.
6-4 CHAPTER 6: MANUAL SETUP When the Network Service is set to RFC 1483, the profile’s IP WAN addresses can be dynamically learned with the DHCP protocol. To enable DHCP on a Remote Site profile: 1 Set the network service to RFC 1483: set vc dynamic_ip_addressing dhcp_client 2 Enable MAC encapsulated routing (MER): set vc mac_routing enable 3 Set dynamic IP addressing to DHCP: set vc dynamic_ip_addr dhcp_client Enabling a Point-to-Point Protocol PPP is enabled by default.
Setting Up a Virtual Private Network (VPN) Tunnel 6-5 set vc name atm vci vpi You should have been provided with Category Of Service parameters. UBR - Unspecified Bit Rate; No limit has been specified for the upstream data flow. CBR - Constant Bit Rate; A constant rate has been specified for the upstream data flow. The cell rate transmission parameters are used to specify upstream transmission rates for the particular Category of Service.
6-6 CHAPTER 6: MANUAL SETUP VPN Tunneling Overview A VPN tunnel is a private virtual circuit that uses public wires to connect two nodes. For example, it is common practice to create VPNs that use the Internet as the public medium over which private information is sent and received. Tunnelling is a technology that enables one network to send its data via another network’s connections. Tunnelling works by encapsulating a network protocol within packets carried by the second network.
Setting Up a Virtual Private Network (VPN) Tunnel Enabling and Disabling a VPN Tunnel 6-7 To enable a VPN, enter the enable tunnel command. To disable a VPN, enter the disable tunnel command. Before you attempt to set or change any parameter for a VC, you must first disable the VC using the DISABLE VC command. If you attempt to set or change VC values while the VC is enabled, an erroneous error message (telling you that you must first disable the VC) will display.
6-8 CHAPTER 6: MANUAL SETUP be blank (assigned with the value “”). You can change the PASSWORD and SEND_PASSWORD using the SET TUNNEL [PASSWORD | SEND_PASSWORD] command. You must change the SEND_PASSWORD (to the appropriate authentication password value expected by the VPN Server) using the SET TUNNEL < tunnel_name> SEND_PASSWORD command. You may optionally change the PASSWORD using the SET TUNNEL < tunnel_name> PASSWORD command.
Setting Up a Virtual Private Network (VPN) Tunnel 6-9 Table 6-2 812 Set Tunnel Parameters and Supported Values Parameter Supported Value Remarks INPUT_FILTER OUTPUT_FILTER PASSWORD SEND_PASSWORD MTU 1400 SEND_NAME NAT_OPTION PAT LOCAL_IP_ADDRESS 255.255.255.255 is the recommended setting for LOCAL_IP_ADDRESS REMOTE_IP_ADDRESS 255.255.255.
6-10 CHAPTER 6: MANUAL SETUP Configuring Authentication and Encryption To learn how to use CLI commands to configure authentication and encryption for the OCR 812, please refer to the following: To configure authentication parameters, see set ppp receive_authentication [ANY | ANY_EXCEPT_MSCHAP | CHAP | MSCHAPV1 | MSCHAPV2 | NONE | PAP]. To configure a Windows 2000 Server for CHAP authentication, see Configuring Windows 2000 Server to Support CHAP Authentication.
Setting Up a Virtual Private Network (VPN) Tunnel 6-11 An administrator may also set up a Windows 2000 Server as a router with a private IP subnet set to 98.76.54.0/C. To add DHCP Services on the Windows 2000 Server, an administrator can use any IP addresses from 98.76.54.1 to 98.76.54.253 inclusive. IP addresses for workstations on the private LAN side of the Windows 200 Server will be in the 98.76.54.xx subnet.
6-12 CHAPTER 6: MANUAL SETUP vpdn-group 1 accept-dialin protocol l2tp virtual-template 25 terminate-from hostname OfficeConnect local name c7200 no l2tp tunnel authentication source-ip 192.180.3.2 3 In Cisco router configuration mode, enter the following commands to configure the private network (LAN) interface: interface Ethernet1/2 ip address 192.168.200.1 255.255.255.
Setting Up a Virtual Private Network (VPN) Tunnel 6-13 ppp authentication pap 6 Ensure RIP and IP Pool configuration parameters are set to the following values: RIP Configuration router rip ver 2 network 192.180.3.0 IP Pool for L2TP Tunnel ip local pool L2TP 192.168.200.3 192.168.200.10 At this point, your L2TP tunnel should be fully operational and ready for use.
6-14 CHAPTER 6: MANUAL SETUP Adding a Framed Route for a VPN Tunnel If you wish to set up a route to a network on the private (LAN) side of a remote site, use a framed route. To add a framed route for a VPN tunnel, enter the add framed_route vc command or the add framed_route tunnel command at the CLI prompt. For more information, see add framed_route vc and add framed_route tunnel in Appendix B.
IP Routing Enabling IP Routing 6-15 When the OCR 812 is to be used for IP Routing, IP forwarding must be enabled. This is a global setting for the entire router. To enable IP routing, use the command: enable ip forwarding To disable IP routing, use the command: disable ip forwarding IP Forwarding refers to the routing of IP packets from one interface to another. It does not affect communicating to the OCR 812 itself.
6-16 CHAPTER 6: MANUAL SETUP You can obtain a list of all configured networks using the command list networks. To only list IP networks, use list ip networks. By default, the network is enabled when it is created. You can disable the network using the following command: disable ip network You can delete a disabled network using the command: delete ip network The reconfigure ip network command can be used to modify an existing IP network’s address or frame type.
IP Routing 6-17 The IP address associated with the local side of the WAN connection can be specified by you, learned from the remote site (if you are using PPP as the Network Service for the connection), or the interface can be Unnumbered. To specify the local IP address use the command: set vc local_ip_address To specify that the local IP address should be learned you must enter 255.255.255.255 for the parameter.
6-18 CHAPTER 6: MANUAL SETUP If you are using address translation for a remote site connection (NAT) you must set ip_routing to LISTEN or NONE. This is because you have set up a private LAN network and therefore do not want to be broadcasting information to other routers. The OCR 812 will not allow a profile using address translation to be enabled if ip_routing is set to BOTH or SEND.
Address Translation IP Tools Address Translation 6-19 The OCR 812 CLI provides a standard set of IP utility programs including Ping, TELNET and RLOGIN. Public IP addresses are registered and can be used within a public network (e.g., the Internet). Due to the limitation of IP version 4 address space and the growth of the Internet, public addresses are becoming more scarce.
6-20 CHAPTER 6: MANUAL SETUP PAT allows multiple private IP addresses to use one public IP address by dynamically and statically mapping each private IP source address and private IP source port to one public IP source address and one public IP source port. Super NAT should be used to optimize address translation when the ISP assigns multiple public addresses to the site.
Address Translation 6-21 there is no existing dynamic or static port mapping, the packet will be translated using the PAT default address. Configuring PAT Typically, PAT only needs to be enabled or disabled for a remote site connection. Use the following command to configure PAT in a vc profile: set vc nat_option pat As previously stated, it is sometimes necessary to configure the workstation default address.
6-22 CHAPTER 6: MANUAL SETUP memory. If you do not enter the save all command before a reboot, unsaved changes made since the last save will be lost.
Address Translation 6-23 Please also note the following: The “best guess” LAN workstation will continue to receive all non-addressed packets sent by this remote workstation until and unless a new (different) communication pattern is detected by Intelligent PAT.
6-24 CHAPTER 6: MANUAL SETUP Configuring NAT Static and Dynamic Mappings If you do not configure static or dynamic mappings for NAT (even if they have a default PAT address), the following error message displays on the CLI console when you enable the vc: When Network Address Translation (NAT, RFC 1631) is enabled, Static Addresses and/or Dynamic pool addresses must be configured.
Address Translation 6-25 If you choose (optionally) to add static or dynamic mappings for Super NAT, do not use the public WAN port IP address of the OfficeConnect 812 as one of the Super NAT static or dynamic public IP addresses. To configure OCR812 to use Super NAT, perform the following steps: 1 Configure all NAT and PAT parameters.
6-26 CHAPTER 6: MANUAL SETUP Configuring the 812 for SIP Phone Support Overview Using a SIP Phone with the OfficeConnect Remote 812 The OCR 812 can be configured to use SIP phones. A SIP phone (Session Initiation Protocol phone) is a network-capable telephone that uses Ethernet connectivity to place and receive calls over the Internet. SIP phones send and receive voice data as TCP/IP packets.
DHCP 6-27 caller identity (and finds, then connects to, the recipient’s IP address). The IP address of the intended recipient is their (SIP) phone number. By creating and storing a caller identity, a proxy server enables party A to call party B (and vice-versa), even if the recipient’s IP address (SIP phone number) is not specifically known to the caller.
6-28 CHAPTER 6: MANUAL SETUP Configuring the DHCP Server The OCR 812’s DHCP Server has the following fields that will need to be configured: Hostname Domain Name IP Address Pool, Start and End address IP Subnet address mask Lease period WINS Server addresses DNS Server addresses The Hostname is the base name assigned to the workstation. A numeric suffix is appended to the base name and incremented after each assignment.
DNS 6-29 assigned, the corresponding workstation MAC addresses, and remaining time before the lease expires. show dhcp server counters list dhcp server leases The DHCP Server configuration is displayed with the show dhcp server settings command. Configuring the DHCP Relay The OCR 812 can relay DHCP requests to up to two Remote Servers. The OCR 812 DHCP relay can be configured with two Remote Server entries.
6-30 CHAPTER 6: MANUAL SETUP Configuring DNS To enable DNS functionality on the OCR 812, use the command: enable dns To disable DNS functionality, use the command: disable dns You can configure three global DNS parameters that control the operation of the DNS proxy. Number of Retries: the number of retry attempts when accessing a primary or secondary DNS server. The default is 1 retry. Timeout: the amount of time to wait for request to be serviced. The default is 5 seconds.
IPX Routing 6-31 To display the contents of the DNS Server table, use the command: list dns servers To delete a domain entry, use the command: delete dns server Access Lists Access lists enable you to restrict which Remote Subnets are allowed to access the Management services of the OCR812.
6-32 CHAPTER 6: MANUAL SETUP Remember to save your configuration using the save all command before rebooting your OCR 812 so that your changes will be written to permanent FLASH memory. Enabling IPX Routing Configuring IPX for the LAN Unlike IP, there is no setting on the OCR 812 that enables or disables IPX routing functionality on a global basis. To configure IPX over the LAN you need to assign an IPX network to the LAN port with the add ipx network command. Each network has a name.
IPX Routing 6-33 To specify that the interface is Unnumbered you must enter 00000000 for the parameter. set vc ipx_address 00000000 Configuring IPX Static and Framed Routes A static route is a configured route that will remain in the routing table until deleted. Static routes differ from Dynamic routes in that Dynamic routes are learned real-time via RIP or when new connections are established.
6-34 CHAPTER 6: MANUAL SETUP Configuring IPX Static and Framed Services The Service table contains IPX server names, the services they provide, their network addresses and node addresses, and their relative distances. Examples of services include file servers and printers. Note the following: A static service entry is a manually configured service accessible from the LAN. Once created, a static service entry remains in the Service table until deleted.
Bridging 6-35 delete ipx_service vc name type Remember to disable and then re-enable the VC profile for the change to take effect. Configuring IPX RIP and SAP IPX RIP is used to exchange IPX routing information with other IPX routers. SAP is a protocol used by IPX servers and routers to exchange information about the location of servers. For IPX networks over the LAN you can separately enable or disable RIP and SAP.
6-36 CHAPTER 6: MANUAL SETUP The OCR 812 bridge supports the Spanning Tree Protocol (STP). This feature is used when two networks are joined by two bridges forming a looped network. STP prevents the data packets from circling the two networks. The OCR 812 provides a Bridge Firewall function which allows flexible configuration of simultaneous bridging and routing. For more information on the Bridge Firewall, see the Bridging and Routing section.
Bridging 6-37 IP Forwarding refers to the routing of IP packets from one interface to another. It does not affect communicating to the OCR 812 itself. Even when IP Forwarding is disabled, you can perform non-routing functions such as use a Web browser to manage the unit and use PING.
6-38 CHAPTER 6: MANUAL SETUP MAC-Encapsulated Routing Because routers base their forwarding decision on network-level addresses, packets that are routed over a WAN are transmitted without MAC-layer addresses. Additionally, address resolution procedures that can be used to determine the destination MAC address for a packet are not required. Conversely, packets that are bridged over a Wide Area Connection include MAC-layer information. Address resolution procedures are required.
System Administration 6-39 2 Forward Unicast Packets Only: If a protocol is configured for routing, and a packet for that protocol type is received from the LAN that is not addressed to the MAC address of the OCR 812, it is bridged. Additionally, ARP broadcasts for IP addresses other than that of the OCR 812 are also bridged. Other broadcasts for the configured protocol are not bridged.
6-40 CHAPTER 6: MANUAL SETUP Year (yyy) can be specified as 2 digits or as 4 digits (97 or 1997). For example: set date 01-JAN-1998 To manually set the time, use the command set time (which sets the system time, and leaves the date unchanged). Set time command format is hh:mm:ss. The seconds (ss) field is optional. Military time (GMT in 24-hour format) is used. For example: To set the time to 4:10 am, enter the command set time 04:10.
System Administration 6-41 If more than one OCR 812 is installed in your network, each OCR 812 is assigned a different primary NTP server (the assignment of a primary NTP server to a given OCR 812 is based on the unique MAC address of that OCR 812 unit).
6-42 CHAPTER 6: MANUAL SETUP To specify a time zone for NTP, use the following command: set timezone The default time zone is GMT. To display NTP time zone settings, use the following command: list timezone To display NTP settings, use the following command: show ntp To display NTP counter values, use the following command: show ntp counters NTP Servers List The following is a partial list of available NTP servers that can be found at the www.ntp.org web site.
System Administration Displaying Date, Time, and System Uptime 6-43 To display current date, current time, and system uptime (time elapsed since power-on), use the command show date. Date and time information displays in the following format: Setting System Identification System Date: 02-MAR-1998 05:17:00 System UpTime: 2d 08:37:54 The system name, location and contact information is useful when monitoring the OCR 812 remotely.
6-44 CHAPTER 6: MANUAL SETUP Providing TFTP Access Trivial File Transfer Protocol (TFTP) provides a simple way to transfer files from one machine to another. The OCR 812 has a TFTP server that allows you to copy files to or from the unit. All you have to do is set up TFTP access on the OCR 812 and run a TFTP client program on a workstation. You can configure the OCR 812 to provide access to all TFTP clients or you can specify the IP addresses of the TFTP clients for restricted access.
System Administration After logging in to the CLI, you can exit the CLI with the command: exit cli 6-45
6-46 CHAPTER 6: MANUAL SETUP To set the idle timeout period, use the command: set command idle_timeout where specifies the idle timeout period in minutes. By default, there is no idle timeout period. This capability is useful for system administrators or users who wish to restrict access to the OCR 812. Care should be taken to remember the configured password. If the password is forgotten, the unit must be sent back to 3Com support to have the feature disabled.
OfficeConnect Remote 812 Filtering Capabilities 6-47 Packet filters control inter-network data transmission by accepting or rejecting the passage of specific packets through network interfaces based on packet header information. When data packets are received by a network interface such as an Ethernet LAN or WAN port, a packet filter analyzes packet header information against a set of rules you define. A filter then lets the packet pass through or discards it.
6-48 CHAPTER 6: MANUAL SETUP Generic Filters IPX-SAP Controls the content of Service Advertising Protocol (SAP) packets that are sent out or received on specific ports. The IPX-SAP filter rules allow filtering on service type, server name, network address, node address, and socket number fields of the service entry. The forwarding process uses the filter information to prevent the service information from being included in the SAP packet.
Creating Filters Using Command Line Interface Filter File Components in CLI 6-49 You define the filtering rules used by the router within filter files. Filter files are text files that are stored in the unit’s FLASH memory. You can create and modify filter files using an off-line text editor, then TFTPing the finished file on to the unit.
6-50 CHAPTER 6: MANUAL SETUP the first match that occurs. If there is no match, by default the packet is accepted. For this reason, you should order your protocol rules so that the rules you expect to be most frequently matched are in the beginning of the section. This reduces the amount of parsing time that occurs during filtering.
Creating Filters Using Command Line Interface 6-51 Table 6-6 Protocol Keywords Protocol Section Keyword Generic Filter Rule Operators Description and Value Range IP src-addr dst-addr tcp-src-port tcp-dst-port udp-src-port udp-dst-port protocol generic =, != =, != all all all all =, != = Source IP Address (ddd.ddd.ddd.ddd/mask) Destination IP Address (ddd.ddd.ddd.
6-52 CHAPTER 6: MANUAL SETUP IP Source and Destination Network Filtering Using CLI Source and destination address filtering is generally used to limit permitted access to trusted hosts and networks only, to explicitly deny access to hosts and networks that are not trusted, or to limit external access to a given host (for example, a web server or a firewall). Note that only the part of the IP address specified by the mask field is used in the comparison.
Creating Filters Using Command Line Interface 6-53 If the router is listening for, or broadcasting RIP messages, you should allow them to pass in the appropriate direction(s). You define IP RIP filtering rules in the IP-RIP protocol section of the filter file. For example, if you want to filter all routes except the one specified by the IP network address 195.12.254.45, you would create this rule: IP-RIP: 1 ACCEPT network = 195.12.254.45; 999 DENY; This filter only allows the route 195.12.254.
6-54 CHAPTER 6: MANUAL SETUP IPX: 1 ACCEPT src-socket = 0x001; 999 DENY; IPX RIP Packet Filtering Using CLI Routing Information Protocol (RIP) packets are used to identify all attached networks as well as the number of router hops required to reach them. The responses are used to update a router's routing table. You define IPX RIP packet filtering rules in the IPX-RIP protocol section of the filter file. You can filter IPX RIP packets by network only.
Creating Filters Using Command Line Interface 6-55 3 ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x8136; 4 ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x8137; 999 DENY; Step by Step Guide to Creating Filter Files Using CLI You can create filter files using any text editor. Once the file is created, use the Trivial File Transfer Protocol (TFTP) to place the filter file in the router FLASH memory. To create a filter file using CLI: 1 Open a new text file.
For example, from the workstation command line enter: tftp put 12 The router does not recognize a filter file stored in its FLASH memory until you add it to the managed filter table. To notify the unit about the filter file for the first time, you must issue the CLI command add filter to add the filter to the managed filter table. When the filter is added, the unit automatically verifies the filter file syntax.
Applying Filters Using CLI VC/Remote Site Filters Applying Filters Using CLI 6-57 Most importantly, the router does not know which interface an outgoing packet came in through. If a potential intruder forges a packet with a false source address (in order to appear as a trusted host or network), there is no way for an output filter to tell if that packet came in through the wrong interface.
Configuring Filters for a VPN Tunnel To configure filters for a VPN tunnel, use the following commands: set tunnel input_filter set tunnel output_filter For more information about configuring a VPN Tunnel (including information about configuring filters), see Setting Up a Virtual Private Network (VPN) Tunnel, Creating a VPN Tunnel Using 812 Default Values, and Tunnel Commands.
Managing Filters Using CLI 6-59 It may be helpful to use the list files command to see files successfully stored in the FLASH memory. Removing a Filter from an Interface Using CLI To remove a filter that is assigned to an interface, use the following command: set interface input_filter "" set interface output_filter "" The " " value represents a null value and removes the defined filter from the interface.
6-60 CHAPTER 6: MANUAL SETUP
A Sample Configuration Overview OFFICECONNECT REMOTE 812 SAMPLE CONFIGURATION This section describes a sample configuration that illustrates the following OCR 812 features: Address Translation Internal DHCP Server and DNS Proxy. Multiple Remote Sites, with different routing and bridging configurations. Our sample SOHO network, shown below, has the OCR 812 connected to a LAN that is using private IP addresses.
A-2 APPENDIX A: OFFICECONNECT REMOTE 812 SAMPLE CONFIGURATION Configuring the Sample Network Global Configuration The following sections discuss the six steps required to configure our sample network. Global Configuration IP LAN Network DHCP and DNS IPX LAN Network Bridge LAN Network Remote Sites Global configuration includes some optional “system” commands to identify the OCR 812’s name, location, and support contact.
Configuring the Sample Network A-3 set dhcp server dns1 192.168.200.254 dns2 0.0.0.0 set dhcp server wins1 0.0.0.0 wins2 0.0.0.0 add dns host ocrdsl-3com.com addr 192.168.200.254 add dns server MyCorp.com primary 192.168.1.253 add dns server * vc Internet enable dns When a DNS request is received from a locally attached workstation, the OCR 812 will search the local static table to find an entry. If one is not found, the request will be forwarded to a Remote DNS Server.
A-4 APPENDIX A: OFFICECONNECT REMOTE 812 SAMPLE CONFIGURATION dynamically learn the addresses for two remote DNS Servers. The login name for this account is “internet-user” and the password is “1a2b3c”. Port Address Translation will be enabled, allowing all the workstations on our local LAN to share one public IP address. This Remote Site will be used as our default gateway. The ATM virtual channel is VPI 0 and VCI 32 and the Peak Cell Rate is set to the default access rate.
Configuring the Sample Network set vc corp-net ip_routing both set vc corp-net ipx_address 0 ipx_routing all enable vc corp-net A-5
CLI Command Description B CLI Commands ADD Use the ADD command to define: Networks you will connect to Hosts you need to access SNMP communities Users who will dial out, dial in, access the network, or use the CLI Note that some parameters have default values. add access add auto_filter eth_blk_dst add auto_filter vc_blk_netbios The access list defines which Remote IP Subnets are allowed access to the Management services of the OCR812.
B-2 APPENDIX B: CLI COMMAND DESCRIPTION You must use add user to create a network type user for this command, and set user to specify the protocol and other parameters related to bridging. add dns host address Parameter Description Designation you wish to give to this bridge network. enabled Default is to enable the bridge network. Adds the named host to the Local Host Table.
CLI Commands B-3 You must correct the filter file in a text editor, use TFTP to export the updated file to the system’s FLASH file system, and use the verify filter command to check the filter’s syntax. add framed_route vc Parameter Description Designation of a filter file, up to twenty ASCII characters. ip_route [ip_address] metric [number] Adds a framed (static) network to the VC profile for WAN connections.
B-4 APPENDIX B: CLI COMMAND DESCRIPTION add ip network address [ip_net_address] frame [ETHERNET_II | SNAP | LOOPBACK] { interface [eth:1] } { enabled [yes] } Adds an IP network to the list of IP networks available over the specified interface. Parameter Description Name of IP network, consisting of up to 32 unique ASCII characters; space must be surrounded by double quotes.
CLI Commands add ipx route B-5 address Address of the IPX network. interface Name of the interface with which this IPX network is to be associated. The default is the first LAN interface (eth:1). enabled Optional parameter indicates whether the network is enabled (YES) or disabled (NO) by this command. YES is the default. frame Frame encapsulation chosen for this IPX network.
B-6 APPENDIX B: CLI COMMAND DESCRIPTION Below is a partial list of the IPX services available: add ipx_route vc Type Description 04 file server 05 job server 07 print server 09 archive server 0A job queue 21 NAS SNA gateway 2E dynamic SAP 47 advertising print server 4B Btrieve VAP 5.
CLI Commands B-7 You must supply the name, internal ipx network number, node number, socket, and type of service for this service. The user must also supply gateway information to indicate the next router hop. Parameter Description The name of the user for the IPX route. Petitioned IPX address of the route, in IPX (xxxxxxxx) form. Hops An integer representing how far away the route is, in “hops” through other routers. Values are 1-15.
B-8 APPENDIX B: CLI COMMAND DESCRIPTION close_active_connections [TRUE | FALSE] This configures a network listener process that provides a certain type of service. To see the available server types, use list services. Parameter Description Name of this type of service. Limit of 32 character ASCII string.
CLI Commands B-9 Adds to the list of SNMP authorized users. The community name and IP address of SNMP requests from managers on the network must match the list, which you can see using list snmp communities. add snmp trap_community add syslog loglevel [loglevel] Parameter Description Group name that authorizes SNMP requests. address IP address of the SNMP manager, in the form nnn.nnn.nnn.
B-10 APPENDIX B: CLI COMMAND DESCRIPTION add user [name] password [password] {enabled [yes]} Adds a Telnet user to the local user table. The list users command displays these parameters for all users. add vc [name] Parameter Description Name Name of the user to be added, up to 32 ASCII characters. Password User’s password, up to 15 ASCII characters. Enabled This indicates whether the user is enabled. Enter YES or NO. Creates a virtual channel (VC) profile.
CLI Commands delete dns host B-11 Deletes the specified host from the DNS Local Host Table. Use list DNS hosts to view the DNS Local Host table. After deletion, requests for that host will be processed through a DNS server, instead of locally. Use list DNS servers to see which servers are defined. delete dns server Removes the name server addresses associated with the specified domain from the Domain Name Server Table.
B-12 APPENDIX B: CLI COMMAND DESCRIPTION delete nat [dynamic | static ] vc public_pool_start public_address Deletes the static NAT mapping to this public IP address for the associated VC. Parameter Description The name of the vc for which you are deleting the static NAT mapping. public_address The public IP address of the static NAT mapping you wish to delete.
CLI Commands B-13 DIAL dial Generates an outgoing connection to the location specified by the vc name. You can use list vcs to list the defined vc profiles, and their current status. DISABLE disable access Disables the Access List feature. When disabled, all hosts are permitted to access the Router’s management services. disable bridge network Disables the bridge network you previously defined using the add bridge network command.
B-14 APPENDIX B: CLI COMMAND DESCRIPTION disable lan access When the access list is enabled, this command disables access to Hosts on the local LAN interface. When disabled, all frames received on the LAN interface are subject to the access list check. If the corresponding LAN subnet is not in the access list, the frame is silently discarded. disable link_traps interface Prevents SNMP from sending linkup and linkdown traps for the specified interface.
CLI Commands B-15 ENABLE enable access Enables the Access List feature. When enables, only Remote Hosts in the access list are permitted access to the Router’s management services. enable bridge network Enables bridging over the specified network. You must have previously run add bridge network to add bridging over this network. bridge networking is enabled by default, so you will only need to use this command if you have previously disabled this bridge.
B-16 APPENDIX B: CLI COMMAND DESCRIPTION enable link_traps interface This command tells SNMP to send linkup and linkdown traps for the specified interface. You can see if the interface is currently enabled for traps using the show interface settings command. enable network service Enables the network service that you previously defined with the add network service command. You can see which services are currently defined and their state using list network services.
CLI Commands hangup vc B-17 Causes the connection for the specified VC to drop. You can see which VCs have active connections using list vcs. Also see disable vc, which causes a VC’s session to drop, and prevents new sessions which use that VC from being established. HELP help Provides information about possible commands and their formats. Typing help alone lists the possible commands. Typing help lists the possible parameters for that command.
B-18 APPENDIX B: CLI COMMAND DESCRIPTION mgmt - unknown, but filtering information exists RxPkt - Number of packets received from this MAC station RxOctets - No.
CLI Commands list interfaces list ip addresses list ip arp list ip interface_block list ip networks list ip routes B-19 Displays the installed interfaces, along with their operational status, administration status, and interface index. If an interface is down, you can use enable interface to try to bring it up.
B-20 APPENDIX B: CLI COMMAND DESCRIPTION list ipx networks list ipx routes list ipx services list lan interfaces list networks Prot - LOCAL or RIP NextHop - address of the gateway used to reach this route Metric - number of router hops away this route is from the system If - interface that the route uses Displays the IPX networks that you previously defined using the add ipx network command.
CLI Commands list processes list ppp Type - STATIC or DYNAMIC network Network Address - address of the network B-21 Displays all processes running on the system. Index - a reference number in the process table Name - designation of the process (e.g.: Domain Name System) Type - SYSTEM, APPLICATION, FORWARDER or DRIVER Status - ACTIVE, PENDING or INACTIVE Displays PPP bundles and links.
B-22 APPENDIX B: CLI COMMAND DESCRIPTION list tcp connections list tftp clients list udp listeners list tunnel list users list vc login_required password Displays information about all TCP connections. Connection status is defined in RFC-793.
CLI Commands B-23 PING More (or CR) ping Continue printing output [output_filename] count [count] interval [interval] timeout [timeout_value] Sends an ICMP echo request to a remote IP host. A reply from the pinged address indicates success. Parameter Description IP address in dotted notation, or host name of remote system. output A file name to direct output to. count Number of ICMP echo requests to send.
B-24 APPENDIX B: CLI COMMAND DESCRIPTION SAVE save all Saves all changes you have made during your session with the CLI. It is a good idea to save your changes frequently, just as you should with any type of editor. SET set adsl reset set adsl wire [pair] set bridge Resets the ADSL interface. Overrides the auto-direction of inner and outer pair wiring on the RJ-11 connector. inner - inner pair. outer - outer pair.
CLI Commands set date set dhcp mode B-25 prompt Sets the global command prompt for the CLI. Use show command to see the currently defined prompt. Limit: 64 characters. local_prompt Sets a separate prompt for a command file process. Limit: 64 characters. Sets the system date, and leaves the time unchanged. Use show date to see what the current settings are. The format is: dd-mmm-yyyy. The month should be the first three characters of the month name.
B-26 APPENDIX B: CLI COMMAND DESCRIPTION set dhcp server DNS1 DNS2 domain end_address hostname lease mask router start_address WINS1 WINS2 Defines the characteristics of the DHCP Server and defines the pool of addresses that this facility should administer.
CLI Commands timeout set facility loglevel [level] set ilmi vpi vci set interface B-27 Number of seconds to wait before deciding a request to a Name Server has timed out. Minimum interval and default is 5 seconds, maximum interval is 120 seconds. Sets the severity reporting level for a facility. The hosts that will receive the error log entries are defined using add syslog loglevel.
B-28 APPENDIX B: CLI COMMAND DESCRIPTION Sets the broadcast algorithm, the maximum size used for reassembling fragmenting packets, the RIP authentication string, RIP policies, and the routing protocol for the specified interface. The only required parameter for this command is . All other parameters are optional. You can set all of them at once, or one at a time. This command can only be used on IP networks that have already been defined using add ip network.
CLI Commands B-29 Parameter Description Designation of the IP network for which you want to set parameters. broadcast_algorithm Algorithm determines which address is used in broadcasts to represent the entire network. Choices are: 1 - the IETF standard, nnn.nnn.nnn.255 (default) 0 - the BSD standard, nnn.nnn.nnn.000 reassembly_ maximum_size Maximum size IP datagram that the system will try to reassemble, when the datagram has been fragmented to fit in the network packet size.
B-30 APPENDIX B: CLI COMMAND DESCRIPTION rip_flags Flags indicate at which level a RIP instance is disabled or configured. Choices are: METRICS - Specifies how to increment metrics using RFC1058. SEND_REQUEST - Sends a RIP request for routing information when an interface first comes up. Router_id set ipx network The IP station address of the ip router.
CLI Commands set ipx system B-31 packet_maximum_size Maximum size packet that this IPX network will support. rip Sets the RIP mode. rip_age_multiplier Number to multiply the rip_update_interval by, to obtain the value for the aging out the entries in the RIP database. rip_packet_size Size of RIP packets. rip_update_interval How often RIP should send periodic updates. sap Sets the SAP mode.
B-32 APPENDIX B: CLI COMMAND DESCRIPTION server_type Type of network service you wish to assign to this administration name. Currently available services are: TELNETD - TELNET server HTML - for gathering statistics SNMPD - SNMP agent TFTPD - server for file transfers set ppp receive_authentication [ANY | ANY_EXCEPT_MSCHAP | CHAP | MSCHAPV1 | MSCHAPV2 | NONE | PAP] socket Indicates which “socket” the server listens on. For TFTP and TELNET, it is the TCP or UDP port number. data TELNET Ancillary Data.
CLI Commands set tunnel encryption_algori thm [AUTO | MICROSOFT_128BIT | MICROSOFT_40BIT | MICROSOFT_56BIT | NONE | REQUIRED] B-33 Sets encryption for a PPTP or L2TP tunnel. Encryption can be set to any of the parameters shown in the Table below. However, a tunnel can only be configured for Microsoft 40-bit, 56-bit, and 128-bit encryption (MPPE) if the MSCHAPv1 authentication protocol is set to enabled.
B-34 APPENDIX B: CLI COMMAND DESCRIPTION set system name [“name”] location [“location”] contact [“contact info”] transmit_authentication_name [name] Specifies system contact information, which is displayed using show system. The user name is the remote account name. Location, name and contact names are limited to 64 characters. set syslog loglevel [level] Parameter Description name A name identifying the user to the system. location The location of the user.
CLI Commands B-35 Table 6-7 812 Set Tunnel Parameters and Supported Values Parameter Supported Value Remarks SEND_PASSWORD The SEND_PASSWORD must match the authentication password on the VPN server. You must change the default SEND_PASSWORD using the SET TUNNEL command. ENCRYPTION_ALGORITHM NONE AUTO MICROSOFT_128BIT MICROSOFT_40BIT MICROSOFT_56BIT REQUIRED set user MTU 1400 SEND_NAME NAT_OPTION PAT LOCAL_IP_ADDRESS 255.255.255.
B-36 APPENDIX B: CLI COMMAND DESCRIPTION set vc session_timeout Interval before timing out a session. tcp_port TCP Port number for the Telnet session. Terminal_type The type of terminal. This is an alphanumeric string, of up to 64 characters.
CLI Commands B-37 Parameter Description VC profile name. address_ selection Determines how the IP address will be assigned for remote IP network connections. NEGOTIATE - learn the remote IP address. SPECIFIED - uses IP address set in remote_IP_address value bridging Enables/disables bridging across this link. default_route_ option When enabled, a default route is automatically created (by negotiation) with the remote router’s IP address.
B-38 APPENDIX B: CLI COMMAND DESCRIPTION management_ip_ address Secondary IP address on the VC for Management purposes only. If the Management IP address is configured, the ‘local_IP_address’ must be configured as numbered. Address is configured with the following format: xx.xx.xx.xx/nn -- where nn is the number of bits in the netmask or netmask class (i.e., A, B, or C). MTU Maximum Transfer Unit - largest data packet size allowed. NAT_option Enable or disable PAT, NAT, or Super NAT.
CLI Commands B-39 Sets ATM parameters for VCs. SHOW show access show atm status Parameter Description VC profile name. Bt Burst Tolerance (VBR only). Category_of_service Select either Unspecified (UBR) or Variable (VBR). Pcr Peak Cell Rate (both UBR and VBR). Scr Sustained Cell Rate (VBR only). Type This designated a virtual circuit as either a Switched Virtual Circuit (SVC) or a Permanent Virtual Circuit (PVC). Vci Virtual Channel Identifier. Vpi Virtual Path Identifier.
B-40 APPENDIX B: CLI COMMAND DESCRIPTION show adsl statistics show adsl performance show adsl transceiver_status Statistics for both near end and far end ADSL/ATM link. Counters include corrected frames, CRC errors, and HEC errors for the Fast and Interleaved path.
CLI Commands settings B-41 Displays information about the specified bridge network. You use add bridge network to define bridge networks. Interface - the interface this bridge is using Network Address - index number for this bridge network Frame Type - BRIDGE is the default Status - ENABLED or DISABLED are options User Name - user to supply parameters for this bridge Spanning Tree Enabled - ENABLED or DISABLED show bridge settings show call_log Displays the settings for all bridge networks.
B-42 APPENDIX B: CLI COMMAND DESCRIPTION History Depth: 10 Current Prompt: OCR-DSL> Local Prompt: OCR-DSL> show configuration Displays a variety of system information including: System Identification, Authentication Remote, Remote Accounting, Interfaces, IP forwarding, IPX Default Gateway, Bridge Spanning Tree, and DNS Domain. show critical_event settings Displays where the log files for critical event messages are stored in the FLASH file system.
CLI Commands show dhcp relay show dhcp server counters show dhcp server settings B-43 Displays the current configuration and counters for both the primary and secondary DHCP relay server. IP Address - IP address of the DHCP Server. Max Hops - maximum hops to get to this server. Status - enabled or disabled. Request Sent to Server - number of requests sent to server. Responses Received from Server - number of responses received from the server.
B-44 APPENDIX B: CLI COMMAND DESCRIPTION show dns counters DNS #1 - IP address of the primary DNS server that the DHCP server will utilize when resolving names. DNS #2 - IP address of the secondary DNS server that the DHCP server will utilize when resolving names. WINS #1 - IP address of the primary WINS server that the DHCP server will utilize WINS #2 - IP address of the secondary WINS server that the DHCP server will utilize. Displays various counters for DNS.
CLI Commands show icmp counters BR-ETH - CALL - Ethernet bridge call filter rules IP - IP data filter rules IP-CALL - IP call filter rules IP-RIP - IP RIP advertisement filter rules B-45 Shows the Input and Output Counters for ICMP. Two types of ICMP messages error and query messages - are sent to syslog hosts. ICMP COUNTERS INPUT COUNTERS Messages - ICMP packets received. Errors - ICMP packets received with errors.
B-46 APPENDIX B: CLI COMMAND DESCRIPTION show interface counters Echos - sum of ICMP Echo (request) messages sent Echo Replies - sum of these messages sent Timestamps - sum of these messages sent Timestamp Replies - sum of these messages sent Address Masks - sum of these messages sent Address Mask Replies - sum of these messages sent Displays counters for the specified interface.
CLI Commands show ip counters B-47 Displays system wide IP network statistics.
B-48 APPENDIX B: CLI COMMAND DESCRIPTION show ipx counters Broadcast Algorithm - broadcast algorithm used for this network Max Reassembly Size - maximum packet size allowed to be reassembled from fragments IP Routing Protocol - routing protocol used IP RIP Routing Policies - routing policies used by RIP IP RIP Authentication Key - text string used for RIPv2 authentication Displays counters for all IPX network activity.
CLI Commands show ipx network settings show ipx rip RIP In Packets - sum of RIP packets received SAP Out Packets - sum of SAP packets transmitted SAP In Packets - sum of SAP packets received B-49 Displays parameter settings for the specified IPX network. You can modify most of these values using the set ipx network command.
B-50 APPENDIX B: CLI COMMAND DESCRIPTION show ipx sap Parameter Description settings Displays the state of the IPX routing. This is ON or OFF. counters Displays the Incorrect RIP Packets for the IPX routing. The incorrect RIP packets are the number of RIP packets that do not make sense. settings counters Displays information about SAP for IPX. show ipx settings show memory Parameter Description settings Displays the state of the IPX routing. This is ON or OFF.
CLI Commands show ppp on vc counters show ppp on vc settings show ppp on interface counters B-51 This shows counters for the Point-to-Point Protocol on the Virtual Circuit. This shows the settings for the Point-to-Point Protocol on the Virtual Circuit. Displays statistics for PPP running on the specified interface.
B-52 APPENDIX B: CLI COMMAND DESCRIPTION SETTINGS for PPP BUNDLE 1 Operational Status - opened or not opened Number Active Links - number of links active on this PPP bundle User Profile - user whose parameters were used in creating links Local MMRU - MRU the remote entity uses when sending packets to local PPP entity. Default: 1514 Remote MMRU - MRU the local entity uses when sending packets to remote PPP entity.
CLI Commands B-53 Remote To Local ACC Compression - Indicates whether the remote PPP entity will use Address and Control Compression when sending packets to the local PPP entity. Default: ENABLED.
B-54 APPENDIX B: CLI COMMAND DESCRIPTION Total Set MIB Objects - sum of MIB objects altered successfully as the result of receiving valid SNMP Set-Request PDUs Get Request PDUs - sum of SNMP Get-Request PDUs accepted and processed Get Next Request PDUs - sum of SNMP Get-Next PDUs accepted and processed Set Request PDUs - sum of SNMP Get-Next PDUs accepted and processed Get Response PDUs - sum of SNMP Get-Response PDUs accepted and processed Trap PDUs - sum of SNMP Trap PDUs accepted
CLI Commands show telnet show tcp counters B-55 Displays the status of the TELNET escape feature (ENABLED or DISABLED). It is set using the disable and enable TELNET escape commands. Displays system-wide TCP statistics.
show user settings Displays the parameters defined for the specified TELNET user. You can use list users to see which users are defined. show vc settings Displays the parameters defined for the specified VC. You can use list vc to see which virtual channels are defined.
CLI Exit Commands set_escape status CLI Exit Commands EOR end of record SYNC synch B-57 Allows changing the TELNET escape character from ^] to something else. Control characters are specified using the carat character followed by another character. For example, to set the TELNET escape character to control - X, type set_escape ^X. Displays the IP address of the remote host and the value of the TELNET escape character.
B-58 APPENDIX B: CLI COMMAND DESCRIPTION Output Pause The output will pause when there is more than 24 lines of output. Type ‘more’ (or press CR) to continue, or ‘quit’ to stop. Command Kill To discontinue the current command action, and flush any commands which have been typed ahead, use ^C (control-C). Comments ; Nothing following the semicolon will be processed. This is useful when you are writing CLI script files. The do command runs a CLI script.
INDEX A Add command 2 -2 Address filtering, source and destination 6 -44 Address Translation Configuring NAT 6 -23 Configuring PAT 6 -21 Configuring Super NAT 6 -24 Monitoring NAT 6 -24 Monitoring PAT 6 -23 Monitoring Super NAT 6 -25 Network Address Translation (NAT) 6 -23 Overview 6 -19 ADSL reset B -24 Advertisement Filters 6 -45 Applying a Filter to an Interface Using CLI 6 -55 Applying Filters Using CLI 6 -55 Applying the Rules Using CLI 6 -49 Assigning Filters 6 -54 ATM show status B -39 ATM Informatio
D data filtering, Input and output 6 -44 Data Filters 6 -45 Defaults 4 -2, 4 -7 DHCP Configuration set DHCP mode B -25 set DHCP relay server1 B -25 set DHCP relay server2 B -25 set DHCP server B -26 Overview 6 -27 Relay 6 -29 Server 6 -28 Statistics show dhcp server counters B -43 show dhcp server settings B -43 DHCP Relay Statistics show dhcp relay B -43 Diagnostics PING B -23 DNS Configuration add DNS host B -2 add DNS server B -2 delete DNS host B -11 delete DNS server B -11 list DNS hosts B -18 list DNS
I Input and Output filters contrasted 6 -54 Input data filters 6 -45 Input Filters 6 -54 Interface 1 -1, 2 -3 Interface Filters 6 -54 Interfaces disable interface B -13 disable link_traps interface B -14 enable interface B -15 list active interfaces B -17 list interfaces B -19 list lan interfaces B -20 Internet, viewing Web resources 1 -1 IP 2 -3, 3 -1, 4 -4, 4 -5 Configuration add ip network B -4 add user B -10 delete ip network B -11 disable ip network B -13 disable network service B -14 enable ip network
IP Routing Framed Routes 6 -18 Static Routes 6 -18 IP Source and Destination Network Filtering Using CLI 6 -50 IP Source and Destination Port Filtering Using CLI 6 -50 IPX Configuration add ipx network B -4 delete ipx network B -11 disable ipx network B -13 enable ipx network B -15 set ipx network B -30 show ipx network settings B -49 show ipx settings B -50 ROUTING show ipx RIP settings B -49 Routing add ipx route B -5 add ipx_route B -6 delete ipx route B -11 list ipx routes B -20 SAP list ipx services B
N Network Address Translation (NAT) 6 -23 Network Service, configuring 6 -3 Network user 2 -2, 2 -3, 4 -4, 4 -5, 4 -6 O Output data filters 6 -45 Output Filters 6 -54 P Package, what’s included 1 -1 Packet filters 6 -44 Password 2 -2, 2 -3 password B -22 Password Protection 6 -43 password protection 4 -2 Passwords add user B -10 set ppp receive_authentication B -32, B -33 PC 1 -1 port filtering 6 -44 PPP Dial-in set ppp receive_authentication B -32, B -33 show ppp settings B -53 WAN list ppp B -21 show pp
S Sample Configuration A -1 Scripts CLI do (run CLI script) B -14 Security CLI Access disable security_option remote_user administration B -14 enable security_option remote_user administration B -16 Dial-in disable user B -14 enable user B -16 TELNET disable telnet escape B -14 enable telnet escape B -16 Virtual Channel disable VC B -14 enable VC B -16 Set command 2 -2, 4 -2, 4 -4, 4 -7 Setting Filter Access Using CLI 6 -56 SIP phone (using with an OfficeConnect Remote 812) Must be installed on LAN side of
T TELNET access 6 -42 TFTP access 6 -42 U Unconfigured state (booting 812 in) 4 -1 Unconfigured state (restoring 812 to) 4 -1 Users delete user B -12 show user settings B -56 show vc settings B -56 V VC delete vc B -12 set vc B -36 VC/Remote Site Filters 6 -55 Virtual Channel (VC) 2 -3, 5 -1 Virtual Channels set vc ppp atm B -39 VPN (Virtual Private Network) Tunnel Commands 6 -8 Creating a tunnel using 812 default values 6 -7 Creating a tunnel using 812 non-default values 6 -9 Displaying tunnel informatio
3Com Corporation LIMITED WARRANTY HARDWARE 3Com warrants its hardware products to be free from defects in workmanship and materials, under normal use and service, for the following lengths of time from the date of purchase from 3Com or its Authorized Reseller: Network interface cards Lifetime Other hardware products (unless otherwise specified in the warranty statement above) 1 year Spare parts and spares kits 90 days If a product does not operate as warranted above during the applicable warranty per
FCC CLASS B STATEMENT This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: 1 This device may not cause harmful interference, and 2 This device must accept any interference received, including interference that may cause undesired operation.
