Alcatel™ DSL Router Family Command Line Interface Guide P/N 3EC 16963 AAAA-TCZZA
October 1999 Copyright Alcatel provides this publication “as is” without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. All rights reserved. No part of this book may be reproduced in any form or by any means without written permission from Alcatel . Changes are periodically made to the information in this book. They will be incorporated in subsequent editions.
Preface About This Guide The Command Line Interface guide contains information on the syntax and use of the Command Line Interface for the family of DSL routers. It provides the steps and information needed to configure the router software and troubleshoot problems using the Command Line Interface. Configuration of network connections, bridging, routing, and security features are essentially the same for all DSL routers, unless otherwise noted.
References User Guide. Contains an overview of the router’s software and hardware features and details on hardware installation and software configuration using the Windows-based Configuration Manager. Quick Start Guide. Describes the configuration process involved in setting up a specific router model. Typographic Conventions The following conventions are used in this guide: Item 4 Type Face Examples Refer to Chapter 1.
Table of Contents Preface About This Guide How This Guide is Organized References Typographic Conventions Table of Contents 3 3 3 4 4 5 Introduction 9 Chapter 1.
Configuring MAC Encapsulated Routing: RFC 1483MER / RFC 1490MER with IP Routing Configuring FRF8 with IP Routing Configuring Mixed Network Protocols Configuring a Dual-Ethernet Router for IP Routing Verify the Router Configuration Test IP Routing Test Bridging to a Remote Destination Test IPX Routing Sample Configurations Sample Configuration 1: PPP with IP and IPX Sample Configuration 2: RFC 1483 with IP and Bridging Sample Configuration 3: Configuring a Dual-Ethernet Router for IP Routing Chapter 4.
Sample Configurations 101 Chapter 5.
History Log Ping Command Investigating Hardware Installation Problems Check the LEDs to Solve Common Hardware Problems Problems with the Terminal Window Display Problems with the Factory Configuration Investigating Software Configuration Problems Problems Connecting to the Router Problems with the Login Password Problems Accessing the Remote Network Problems Accessing the Router via Telnet Problems Downloading Software System Messages Time-Stamped Messages History Log How to Obtain Technical Support 8 232
Introduction This guide provides steps and information needed to configure the DSL or Dual-Ethernet router software using the Command Line Interface1.
Introduction
Chapter 1. Advanced Topics This chapter provides information on advanced topics useful to network administrators. Interoperability The router uses industry-wide standards to ensure compatibility with routers and equipment from other vendors. To interoperate, the router supports standard protocols on the physical level, data link level for frame type or encapsulation method, and network level. For two systems to communicate directly, they must use the same protocol at each level.
Network Protocol Internet Protocol (IP) Internet Packet Exchange (IPX) Associated Protocols Description Routing Information Protocol (RIP) Maintains a map of the network Address-Resolution Protocol (ARP) Maps IP addresses to datalink addresses Reverse Address Resolution Protocol (RARP)a Maps data-link addresses to IP addresses Internetwork Control Message Protocol (ICMP) Diagnostic and error reporting/ recovery Simple Network Management Protocol (SNMP) Network management Routing Information Pr
• • • • The router will operate as a router for network protocols that are enabled for routing (IP or IPX). The router will operate as a bridge for protocols that are not supported for routing. Routing takes precedence over bridging; i.e., when routing is active, the router uses the packet’s protocol address information to route the packet. If the protocol is not supported, the router will use the MAC address information to forward the packet.
IP/IPX Routing On Bridging to/from Remote Router On Data packets carried IP/IPX routed; all other packets bridged. Operational characteristics IP/IPX routing and allows other protocols, such as NetBEUI (that can’t be routed), to be bridged. Typical usage When only IP/IPX traffic is to be routed but some non-routed protocol is required. Used for client/server configurations. IP/IPX Routing Off Bridging to/from Remote Router On Data packets carried All packets bridged.
General Security Authentication Security authentication may be required by the remote end. The following information describes how authentication occurs. PAP provides verification of passwords between routers using a two-way handshake. One router (peer) sends the system name and password to the other router. Then the other router (known as the authenticator) checks the peer’s password against the configured remote router’s password and returns acknowledgment. PAP Authentication 1 New York Chicago ...
Security Configuration Settings The router has one default system password used to access any remote router. This “system authentication password” is utilized by remote sites to authenticate the local site. The router also allows you to assign a unique “system override password” used only when you are connecting to a specific remote router for authentication by that remote site.
Protocol Conformance Protocol Standards The router conforms to RFCs designed to address performance, authentication, and multi-protocol encapsulation.
PPP Each packet begins with a one- or two-byte protocol ID. Typical IDs are: 0xc021—LCP 0x8021—IPCP 0x0021—IP 0x002d— Van Jacobson compressed TCP/IP 0x002f—Van Jacobson uncompressed TCP/IP 0x8031—Bridge NCP 0x0031—Bridge Frame The command for this encapsulation option is: remote setProtocol PPP Note: With PPP over ATM, the address and control fields (i.e., FF03) are never present; this also is the case for LCP packets.
MAC Encapsulated Routing: RFC 1483MER (ATM) or RFC 1490MER (Frame Relay) MER encapsulation allows IP packets to be carried as bridged frames, but does not prevent bridged frames from being sent as well, in their normal encapsulation format: RFC 1483 (ATM) or RFC 1490 (Frame Relay). If IP routing is enabled, then IP packets are prepended with the sequence 0xAAAA0300 0x80c20007 0x0000 and sent as bridged frames. If IP routing is not enabled, then the packets appear as bridged frames.
System Files The router’s file system is a DOS-compatible file system, whose contents are as follows: : SYSTEM.CNF: These are configuration files containing: DOD SYS ETH Remote Router Database System Settings: name, message, authentication method, and passwords Ethernet LAN configuration settings DHCP.DAT: DHCP files. FILTER.DAT: Bridge filters. KERNEL.F2K: Router system software (KERNEL.FP1 for IDSL routers). ETH.DEF: File used by the manufacturer to set a default Ethernet configuration. ASIC.
For example, it might be necessary to restrict remote access for specific users on the local network. In this case, bridging filters are defined using the local MAC address for each user to be restricted. Each bridging filter is specified as a “deny” filter based on the MAC address and position of the address within the packet. Deny filtering mode is then enabled to initiate bridge filtering. No packet with one of the MAC addresses can be bridged across the router until the deny filtering mode is disabled.
Unique System Passwords As described in Security Configuration Settings on page 16 of this chapter, you can specify a unique system override password for a remote router with the command remote SetOurPasswd. This “system override password” is used instead of the general system password only for connecting to a specific remote router. This allows you to set a unique CHAP or PAP authentication password for authentication of the local site by the remote site only when the router connects to that remote site.
Chapter 2. Planning for Router Configuration This chapter describes the terminology and the information that you need to obtain before configuring the router. The information needed to configure the router is contingent on the chosen Link Protocol. It is therefore important to know which Link Protocol you are using (this is determined by your Network Service Provider) so that you can refer to the configuration sections that apply to your setup.
Essential Configuration Information This section describes the configuration information associated with each Link Protocol/Network Protocol combination and also provides configuration information for the Dual-Ethernet router. If you are using Link and Network Protocols: 1. Determine which Link Protocol/Network Protocol association you are using from your Network Service Provider (NSP). 2.
PPP Link Protocol (over ATM or Frame Relay) The PPP Link Protocol is an encapsulation method that can be used over ATM (for ATM routers) or Frame Relay (for Frame-Relay routers) Combined with the IP, IPX, or Bridging Network Protocols, PPP over ATM and PPP over Frame Relay share the same configuration characteristics, except for the connection identifiers: VPI/VCI numbers are used for ATM, and a DLCI number is used for Frame Relay.
! DNS Internet Account Information (optional) This information is obtained from your Network Service Provider. Consult with you Network Service Provider to find out if you need to enter the following information: ! • DNS server address • DNS second server address • DNS domain name IP Routing Addresses For the Ethernet Interface This information is defined by the user or your Network Administrator.
IPX Routing Network Protocol ! System Names and Authentication Passwords For the Target Router This information is defined by the user. You must choose a name and authentication password for the target router. They are used by a remote router to authenticate the target router. For the Remote Site(s) This information is obtained from the Network Service Provider. For each remote site, you must have the site name and its authentication password.
Internal Network Number It is a logical network number that identifies an individual Novell server. It is needed to specify a route to the services (i.e., file services, print services) that Novell offers. It must be a unique number. External Network (a.k.a. IPX Network Number) It refers to a physical LAN/wire network segment to which servers, routers, and PCs are connected (Ethernet cable-to-router segment). It must be a unique number.
Bridging Network Protocol ! System Names and Authentication Passwords For the Target Router This information is defined by the user. You must choose a name and authentication password for the target router. They are used by a remote router to authenticate the target router. ! For the Remote Site(s) This information is obtained from the Network Service Provider. For each remote site, you must have the site name and its authentication password.
RFC 1483/RFC 1490 Link Protocols The Link Protocol RFC 1483 is a multiprotocol encapsulation method over ATM and is used by ATM routers. RFC 1490 is a multiprotocol encapsulation method over Frame-Relay and is used by Frame-Relay routers. RFC 1483 and RFC 1490 combined with the IP, IPX, or Bridging Network Protocols share the same configuration characteristics, except for the connection identifiers: VPI/VCI numbers are used for RFC 1483 and a DLCI number is used for RFC 1490.
TCP/IP Ethernet Routes You normally do not need to define an Ethernet IP route. An Ethernet IP route consists of an IP address, a mask, a metric, and a gateway. An Ethernet route is usually defined when there are multiple routers on the Ethernet that cannot exchange routing information. For the WAN Interface This information is obtained from the Network Administrator.
IPX Routing Network Protocol ! VPI and VCI Numbers (for RFC 1483) The VPI and VCI numbers apply to ATM routers only. Your router may have been preconfigured with VPI/VCI numbers. If not, you will have to obtain these numbers from your Network Service Provider and then configure them. If you are connecting to multiple remote sites, you will need to obtain additional VPI and VCI numbers from your Network Service Provider and/or Network Access Provider.
Frame Type With local servers on your LAN, make sure to select the proper frame type for the IPX network number. To determine this, consult with your network administrator. When you have only NetWare clients on your LAN, keep the default (802.2) selected as most clients can support any type. The frame type choices are: 802.2 Default recommended by Novell 802.3 Other most common type DIX For DEC, Intel, Xerox; this setting is also referred to as “Ethernet II”, and it is rapidly becoming obsolete. Chapter 2.
Bridging Network Protocol ! VPI and VCI Numbers (with RFC 1483) The VPI and VCI numbers apply to ATM routers only. Your router may have been preconfigured with VPI/VCI numbers. If not, you will have to obtain these numbers from your Network Service Provider and then configure them. If you are connecting to multiple remote sites, you will need to obtain additional VPI and VCI numbers from your Network Service Provider and/or Network Access Provider.
MAC Encapsulated Routing: RFC 1483MER/RFC 1490MER Link Protocols MAC Encapsulated Routing (MER) allows IP packets to be carried as bridged frames (bridged format). The Link Protocol RFC 1483 with MER (referred to as RFC 1483MER) is a multiprotocol encapsulation method over ATM used by ATM routers. RFC 1490 with MER (referred to as RFC 1490MER) is a multiprotocol encapsulation method over Frame Relay used by Frame-Relay routers.
! IP Routing Entries For the Ethernet Interface This information is defined by the user or the Network Administrator. Ethernet IP Address (Local LAN) An Ethernet LAN IP address and subnet mask are required for the router’s local Ethernet LAN connection. TCP/IP Ethernet Routes You normally do not need to define an Ethernet IP route. An Ethernet IP route consists of an IP address, a mask, a metric, and a gateway.
FRF8 Link Protocol The FRF8 Link Protocol is an encapsulation method that allows an ATM router to interoperate with a Frame- Relay network. FRF8 is only used in conjunction with the IP Network Protocol. Obtain the information described below. This data will be used later to configure your router using the Command Line Interface (see Configuration Tables, on page 41). IP Routing Network Protocol ! VPI and VCI Numbers Your router may have been preconfigured with VPI/VCI numbers.
For the ATM WAN Interface This information is obtained from the Network Administrator or the Network Service Provider. Source (Target/Local) WAN Port Address and Mask You must specify a Source WAN IP address for the WAN connection to the remote router (whether or not Network Address Translation is enabled. The Source WAN address is the address of the local router on the remote network. The mask is the mask used on the remote network. Check with your system administrator for details.
Dual-Ethernet Router Configuration General Information on Dual Ethernet router To configure the Dual-Ethernet router, access the router using the Command Line Interface (CLI). The CLI can be accessed from a Telnet or a console session (using the console cable) connected to the router’s default IP address of 192.169.254.254. You can also configure the router using the Web browser GUI. Refer to the Dual-Ethernet Router Quick Start Guide.
Chapter 3. Configuring Router Software This chapter covers configuration tables and verifying the router configuration. It also provides sample configurations. Configuration commands are outlined for each Link Protocol/Network Protocol supported by the router. The information needed to configure the router is contingent on the chosen Link Protocol.
Configuration Tables The following tables give you step-by-step instructions for standard configurations of the following Network Protocol/Link Protocol associations, as well as a configuration table for a Dual-Ethernet Router: • PPP Link Protocol with IP Routing Network Protocol • PPP Link Protocol with IPX Routing Network Protocol • PPP Link Protocol with Bridging Network Protocol • RFC 1483/RFC 1490 Link Protocols with IP Routing Network Protocol • RFC 1483/RFC 1490 Link Protocols with IPX Routi
Configuring PPP with IP Routing This table outlines configuration commands for the PPP Link Protocol with the IP Routing Network Protocol.
Configuring PPP with IPX Routing This table outlines configuration commands for the PPP Link Protocol with the IPX Routing Network Protocol. Note: Appendix B provides step-by-step information on how to configure IPX routing.
Configuring PPP with Bridging This table outlines configuration commands for the PPP Link Protocol with the Bridging Network Protocol.
Configuring RFC 1483 / RFC 1490 with IP Routing This table outlines configuration commands for the RFC 1483 and the RFC 1490 Link Protocols with the IP Routing Network Protocol.
Configuring RFC 1483 / RFC 1490 with IPX Routing This table outlines configuration commands for the RFC 1483 and RFC 1490 Link Protocols with the IPX Routing Network Protocol. Note: Appendix B provides step-by-step information on how to configure IPX routing.
Configuring RFC 1483 / RFC 1490 with Bridging This table outlines configuration commands for the RFC 1483 and RFC 1490 Link Protocols with the Bridging Network Protocol.
Configuring MAC Encapsulated Routing: RFC 1483MER / RFC 1490MER with IP Routing This table outlines configuration commands for the RFC 1483MER and RFC 1490MER Link Protocols with the IP Routing Network Protocol.
Configuring FRF8 with IP Routing This table outlines configuration commands for the FRF8 Link Protocol with the IP Routing Network Protocol.
Configuring Mixed Network Protocols Several network protocols can be configured concurrently in the same router. The possible combinations are: • • • • Bridging + IP routing Bridging + IPX routing Bridging + IP routing + IPX routing IP routing + IPX routing General configuration rules: • IP (and IPX) routing takes precedence over bridging. • Each network protocol in the combination is individually configured as described in the preceding tables.
Configuring a Dual-Ethernet Router for IP Routing This table outlines commands used to configure a Dual-Ethernet router for IP routing.
Verify the Router Configuration Test IP Routing Test IP Routing over the Local Ethernet LAN (from PC) • Use the TCP/IP ping command or a similar method to contact the configured target router specifying the Ethernet LAN IP address. • If you cannot contact the router, verify that the Ethernet IP address and subnet mask are correct and check the cable connections. • Make sure that you have saved and rebooted after setting the IP address. • Check Network TCP/IP properties under Windows 95.
Test IPX Routing One way to test IPX routing is to check for access to servers on the remote LAN. Under Windows, use the NetWare Connections selection provided with NetWare User Tools. Under DOS, use the command pconsole or type login on the login drive (usually F:). Select the printer server and verify that the server you have defined is listed. When you attempt to access the server, the router will connect to the remote router using the DSL line.
Sample Configurations Sample Configuration 1: PPP with IP and IPX This configuration example comprises: • A scenario describing the configuration • A diagram showing the configuration of the SOHO router • Tables containing the configuration settings for this example • Several list command outputs that are used to check the information entered for this particular configuration • Information about the names and passwords that are used in this configuration example (required for PPP) Note: Blank Netw
Sample Configuration 1: Diagram for Target Router (SOHO) Small Home Office SOHO (Target/Local Router) IPX = 456 0,39 (HQ) SOHO Target Router IP:192.168.254.254 255.255.255.0 Workstation/Server 192.168.254.3 255.255.255.0 PC/Client 192.168.254.2 255.255.255.0 2 Virtual Circuits 0,38 (ISP) DSL / ATM Network PPP/IP 192.168.200.20 IPX WAN = 789 Remote Router HQ 0.0.0.0 255.255.255.255 IP:172.16.0.1 255.255.255.0 ISP PPP/IP and IPX IPX NET = 123 Network Service Provider (ISP) DNS: 192.168.200.
Sample Configuration 1: Tables for Target Router (SOHO) SOHO System Settings Configuration Section Item Commands System Settings Name System Name system name SOHO Message Message (optional) system msg Configured_Dec_1998 Authentication Password Authentication Password system password SOHOpasswd Ethernet IP Address Ethernet IP Address and Subnet Mask (default IP eth ip addr 192.168.254.254 255.255.255.
SOHO Remote Router Database Entry: HQ Configuration Section Item Commands Remote Routers New Entry Remote Router’s Name remote add HQ Link Protocol Link Protocol remote setProtocol PPP HQ PVC VPI Number/VCI Number remote setPVC 0*39 HQ Security Minimum Authentication (PAP is the default) remote setauthen PAP HQ Remote Router’s Password remote setpasswd HQpasswd HQ Bridging Bridging on/off (Bridging is off by default) remote disbridge HQ TCP/IP Route Addresses Remote Network’s IP Address
SOHO Remote Router Database Entry: ISP Configuration Section Item Commands Remote Routers New Entry Remote Router’s Name remote add ISP Link Protocol Link Protocol remote setProtocol PPP ISP PVC VPI Number/VCI Number remote setPVC 0*38 ISP Security Minimum Authentication remote setauthen PAP ISP (PAP is the default) Remote Router’s Password remote setpasswd ISPpasswd ISP Bridging Bridging on/off (Bridging is off by default) remote disbridge ISP TCP/IP Route Addresses Remote Network’s IP
Sample Configuration 1: Check the Configuration with the LIST Commands Type the following commands to obtain a list of your configuration. system list GENERAL INFORMATION FOR System started on.................... Authentication override.............. WAN to WAN Forwarding................. BOOTP/DHCP Server address............ Telnet Port.......................... SNMP Port..............................
IPX network number................... Total IPX remote routes.............. Total IPX SAPs....................... Bridging enabled..................... Exchange spanning tree with dest... 00000000 0 0 no yes dhcp list bootp server ................. none bootp file ................... n/a DOMAINNAMESERVER (6) ......... 192.168.200.1 DOMAINNAME (15) .............. myISP.com WINSSERVER (44) .............. 172.16.0.2 Subnet 192.168.254.0, disabled - other DHCP servers detected When DHCP servers are active .
Information About Names and Passwords for Sample Configuration 1 In this configuration example, the PPP Link Protocol requires using systems names and passwords. ! System Passwords SOHO has a system password “SOHOpasswd,” which is used when SOHO communicates with HQ for authentication by that site and at any time when HQ challenges SOHO. HQ has a system password “HQpasswd,” which is, likewise, used when HQ communicates with site SOHO for authentication by SOHO and at any time SOHO challenges HQ.
Sample Configuration 2: RFC 1483 with IP and Bridging This configuration example comprises: • A scenario describing this configuration of the router SOHO • A diagram showing the configuration information needed for this example • Tables containing the configuration settings for this example • Several list command outputs that are used to check the information entered for this particular configuration Note 1: Names and passwords are not required with the RFC 1483 Link Protocol.
Sample Configuration 2: Diagram for Target Router SOHO Small Home Office SOHO (Target Router) 0,39 (HQ) SOHO Target Router Workstation/Server 192.168.254.3 255.255.255.0 PC/Client 192.168.254.2 255.255.255.0 IP:192.168.254.254 255.255.255.0 2 Virtual Circuits 0,38 (ISP) DSL / ATM Network RFC 1483 / IP 192.168.200.20 Remote Router HQ 0.0.0.0 255.255.255.255 IP:172.16.0.1 255.255.255.0 ISP RFC 1483 / IP + Bridging Network Service Provider (ISP) DNS: 192.168.200.1 DNS Domain: myISP.
Sample Configuration 2 : Tables for Target Router (SOHO) SOHO System Settings Configuration Section Item Commands System Settings Message Message (optional) system msg RFC1483_dec98 Ethernet IP Address Ethernet IP Address and Subnet Mask eth ip addr 192.168.254.254 255.255.255.0 (default IP address) DHCP Settings DNS Domain Name dhcp set valueoption domainname myISP.com DNS Server dhcp set valueoption domainnameserver 192.168.200.1 WINS Server address dhcp set valueoption winsserver 172.16.0.
SOHO Remote Router Database Entry: ISP Configuration Section Item Commands Remote Routers New Entry Remote Router’s Name remote add ISP Link Protocol Link Protocol remote setProtocol RFC1483 ISP PVC VPI Number/VCI Number remote setPVC 0*38 ISP Bridging Bridging On/Off remote disbridge ISP (Bridging is Off by default) TCP/IP Route Addresses Remote Network’s IP Addresses, Subnet Masks, and Metric remote addiproute 0.0.0.0 255.255.255.
Sample Configuration 2: Check the Configuration with the LIST Commands system list GENERAL INFORMATION FOR System started on.................... Authentication override.............. WAN to WAN Forwarding.................. BOOTP/DHCP Server address............ Telnet Port.......................... SNMP Port.............................. System message: ADSL RFC1483 sample 12/1/1998 at 17:48 NONE yes none default (23) default (161) eth list ETHERNET INFORMATION FOR Hardware MAC address.
Compression Negotiation.............. Source IP address/subnet mask........ Remote IP address/subnet mask........ Send IP RIP to this dest............. Send IP default route if known..... off 192.168.200.20/255.255.255.255 0.0.0.0/0.0.0.0 no no Receive IP RIP from this dest......... .no Receive IP default route by RIP.... no Keep this IP destination private..... yes Total IP remote routes............... 1 0.0.0.0/255.255.255.255/1 IPX network number................... 00000000 Total IPX remote routes.....
Sample Configuration 3: Configuring a Dual-Ethernet Router for IP Routing Scenario: The following example provides a simple sample configuration for a Dual-Ethernet router (eth_router) with IP routing enabled. The router’s hub (ETH/0) belongs to the 192.168.254.0 subnet. The router’s ETH/1 belongs to the 192.168.253.0 subnet. ETH/0 will route packets to ETH/1 at the address 192.168.253.254. DHCP is enabled for both subnets.
Chapter 4. Configuring Special Features The features described in this chapter are advanced topics. They are primarily intended for experienced users and network administrators to perform network management and more complex configurations.
Up to 40 “allow” filters or 40 “deny” filters can be activated from the filter database. Enter the filters, including the pattern, offset, and filter mode, into a filter database. If you intend to restrict specific stations or subnetworks from bridging, then add the filters with a “deny” designation. Then enable filtering for “deny”. If you wish to allow only specific stations or subnetworks to bridge, then add the filters with an “allow” designation and enable filtering for “allow”.
IP (RIP) Protocol Controls You can configure the router to send and receive RIP packet information, respectively, to and from the remote router. This means that the local site will “learn” all about the routes beyond the remote router and the remote router will “learn” all about the local site’s routes. You may not want this to occur in some cases. For example, if you are connecting to a site outside your company, such as the Internet, you may want to keep knowledge about your local site’s routes private.
Dynamic Host Configuration Protocol (DHCP) This section describes how to configure DHCP using the Command Line Interface. Configuring DHCP can be a complex process; this section is therefore intended for network managers. Please refer to Chapter 5 for a complete list and explanation of the DHCP commands. General Information The router supports DHCP and acts as the DHCP server.
Manipulating Subnetworks and Explicit Client Leases Enabling/Disabling a subnetwork or a Client Lease To enable/disable a subnetwork or a client lease, use the commands: dhcp enable all | dhcp disable all | Example: To enable the subnetwork 192.168.254.0 if that subnetwork exists, type: dhcp enable 192.168.254.0 To enable the client lease 192.168.254.17 if that client lease exists, enter: dhcp enable 192.168.254.17 To disable the client lease 192.168.254.
! Adding Explicit or Dynamic Client Leases Client leases may either be created dynamically or explicitly. Usually client leases are created dynamically when PCs boot and ask for IP addresses. Explicit client leases To add an explicit client lease, a subnetwork must already exist (use dhcp add to add the subnetwork) before the client lease may be added.
! 3. If the client and subnetwork lease options are both “default”, then the server goes up one level (global) and uses the lease time defined at the global level (server). 4. Lease time: The minimum lease time is 1 hour. The global default is 168 hours. Commands The following commands are used by network administrators to control lease time.
Concepts The server returns values for options explicitly requested in the client request. It selects the values to return based on the following algorithm: 1. If the value is defined for the client, then the server will return the requested value for an option. 2. If the value for the option has not been set for the client, then the server returns the value option if it has been defined for the subnetwork. 3.
Commands for Specific Option Values for a Client Lease To set the value for an option associated with a specific client, use: dhcp set valueoption ... To clear the value for an option associated with a specific client, use: dhcp clear valueoption Example: dhcp set valueoption 192.168.254.251 winserver 192.168.254.
Enable/Disable BootP To allow BootP request processing for a particular client/subnet, use the command: dhcp bootp allow | To disallow BootP request processing for a particular client/subnet, type: dhcp bootp disallow | Use BootP to Specify the Boot Server The following commands let the administrator specify the TFTP server (boot server) and boot file name. The administrator will first configure the IP address of the TFTP server and file name (kernel) from which to boot.
Defining Option Types Concepts A DHCP option is a code, length, or value. An option also has a “type” (byte, word, long, longint, binary, IP address, string). The subnet mask, router gateway, domain name, domain name servers, NetBios name servers are all DHCP options. Refer to RFC 1533 if you require more information. Usually users will not need to define their own option types. The list of predefined option types based on RFC 1533 can be shown by typing dhcp list definedoptions.
The values for this option that have been set globally, specific to a subnetwork, or specific to a client will not be removed. The administrator must remove those values explicitly. Well-known type option codes cannot be changed or deleted. Configuring BootP/DHCP Relays BootP/DHCP Relays are used by system administrators when the DHCP configuration parameters are acquired from a BootP/DHCP server other than the router’s DHCP server. This feature allows configuration information to be centrally controlled.
5. When using NAT with a remote router, either the remote ISP must supply the IP address for NAT translation or the user must configure the IP address for NAT translation locally. 6. Any number of PCs on the LAN may have a connection to the same or different remote routers at the same time.
Server Configuration This section is intended for users and network administrators who wish to allow WAN access to a Web server, FTP server, SMTP server, etc., on their local LAN, while using NAT. NAT needs a way to identify which local PC [local IP address(es)] should receive these server requests. The servers can be configured on a per-remote-router basis as well as globally.
Note: addserver commands using specific port numbers take priority over the port 0 setting. 192.168.1.4 will be asked to serve requests coming from router1 to the local router. If the local router also has the same Telnet and FTP entries from the previous example, 192.168.1.3 will serve the Telnet request, 192.168.1.2 will serve the FTP request, and 192.168.1.4 will serve any other request, including HTTP, SMTP, etc. Example 3: remote addServer 192.168.1.
first private port: if specified, this is a port remapping of the incoming request from the remote end. first port maps to first private port. first port + 1 maps to first private port + 1 last port maps to first private port + last port - first port first port through last port are the ports as seen by the remote end. first private port through first private port + last port - first port are the equivalent ports the server on your local LAN will receive the request.
Client Configuration Classic NAT requires that you first enable NAT Masquerading (as described in the previous section); thus, for the Classic and Masquerading forms of NAT, the clients are configured in the same way. Refer to the Client Configuration, page 81 section.
! Multiple-Host Remapping Entries Users may enter as many host remapping entries as they wish. Example: remote addHostMapping 192.168.207.40 192.168.207.49 10.0.20.11 remoteName remote addHostMapping 192.168.207.93 192.168.207.99 10.0.20.4 remoteName remote addHostMapping 192.168.209.71 192.168.209.80 10.12.14.16 remoteName The above entries create three mappings: 192.168.207.40 through 192.168.207.49 are mapped to 10.0.20.11 through 10.0.20.20 192.168.207.93 through 192.168.207.99 are mapped to 10.0.20.
Management Security With the following security control features, the user can prevent the router from being remotely managed via Telnet and/or SNMP. Disabling SNMP will stop the Configuration Manager from accessing the router, which in some environments is desirable. Disable Telnet and SNMP To completely disable remote management, the following commands should be entered from the command line.
system deltelnetFilter [] | LAN system delSNMPFilter [] | LAN system delHTTPFilter [] | LAN Note 3: To list the range of allowed clients, use the command system list when you are logged in with read and write permission (login with password).
System Log system syslogport default|disabled| To manage the system log default when the port becomes disabled. system addSyslogFilter [] When system log is filtered from the ip address: first or last. system addSyslogFilter LAN The Filter allows LAN access while using the filter. Software Option Keys This router has several optional software features that can be purchased as software option keys, when ordering the router.
• Diffie-Hellman Encryption requires PPP. Caution: PPP DES and Diffie-Hellman encryption options may not be exported outside the United States or Canada. PPP DES (RFC 1969) Encryption PPP DES (Data Encryption Standard) implementation uses a 56-bit key with fixed transmit and receive keys that are specified in each router. With RFC 1969, users must manage the keys. This implementation has been tested for interoperability with other PPP DES vendors such as IBM and Network Express (part of Cabletron).
remote setEncryption dese tx 2222222222222222 SOHO save reboot ! Enable encryption for the router SOHO Sample: remote setEncryption dese tx 1111111111111111 HQ login: ***** remote setEncryption dese rx 2222222222222222 HQ save reboot Chapter 4.
Diffie-Hellman Encryption With Diffie-Hellman encryption, each router has an encryption file that is associated with a public key providing 768-bit security. The predefined keys can be replaced by the user. The key files have a suffix of “num” by convention (e.g., dh96.num). Configuration Notes Simply add the encryption command to your standard configuration.
! Default Modulus 00000000: 00000010: 00000020: 00000030: 00000040: 00000050: ! c9 e0 82 c9 8b 33 b4 2d 9a 6a f4 92 ed 99 8c 3c 30 b9 33 44 2b 26 f2 5e ba e8 19 e5 28 d1 7f 8d d0 b8 fc b7 00 cd 56 1a 6b 20 9e 16 da 25 f1 8c - ce 02 9b 07 bf 92 e0 0e 5b b8 a4 02 83 6c a9 07 3e cb 5d 26 cd 22 87 e5 a5 6d cf ed f0 26 4c 15 fb 15 be 45 19 7c 45 8a d6 02 25 95 2b 56 1c 1d 78 e8 fc 97 a1 12 cc 63 d2 e7 65 5a 23 0a 5f 48 f0 97 79 21 83 43 b4 f6 a8 67 e2 db e6 c5 - 6c 5a a7 62 47 31 23 f8
Forward Phase Output Phase Input Phase 1 2 Input Filter N A T 3 IP-ES Forward Filters ICMP Redirect 4 5 N A T Output Filter IP Routing Table Forward filters on the input interface Routing Table Processing Forward filters on the output interface In the following description of the Input, Forward, and Output phases, the reference numbers associated with filtering steps match the numbers used in the above illustration. Input Phase When an IP packet comes in through an interface (i.e.
NAT swaps the local IP address with a global IP address: the IP address and port information that the PC uses are remapped (changed) to the IP address that was assigned to the router and a new port number is assigned. Note: The preceding section, Filters and Interfaces, describes how NAT “behaves” for each filtering phase. Filter Actions For an IP packet to be forwarded successfully, a filter at each implementation point (Input, Forward, and Output) must accept the IP packet.
These commands will stop any attempt by a host coming from the remote internet from sending an IP packet to the telnet port “through” the router to a different interface. The router itself could still receive the IP packet, hence the remote host could Telnet to the router itself. remote ipfilter insert forward drop -p tcp -dp 23 internet save L2TP Tunneling — Virtual Dial-Up This section has four parts: • The Introduction provides a general overview of L2TP tunneling.
LNS, L2TP Client, LAC, and Dial User An L2TP tunnel is created between an L2TP client and LNS. The L2TP client and LNS control the tunnel using the L2TP protocol. Since routers are more often configured as L2TP clients or LNS than as LACs, this section, therefore, emphasizes L2TP client- and LNS-related information. ! LNS (L2TP Network Server) The LNS is the point where the call is actually managed and terminated (e.g., within a corporate network).
Figure 1 Company Remote User Logical Link PPP session running over the tunnel PC L2TP Client: Dial User+LAC (ISDN router) LNS Router TUNNEL Physical Link Company LAN/server Physical Link IP traffic to the Internet PPP session ISDN line DSL/ATM traffic INTERNET LNS and L2TP Client Relationship The LNS acts as the supervising system. The L2TP client acts both as the dial user and the LAC. One end of the tunnel terminates at the L2TP client. The other end of the tunnel terminates at the LNS.
Sessions Sessions can be thought of as switched virtual circuit “calls” carried within a tunnel and can only exist within tunnels. One session carries one “call”. This “call” is one PPP session. Multiple sessions can exist within a tunnel. The following briefly discusses how sessions are created and destroyed. ! Session creation Traffic destined to a remote entry (located at the end of the tunnel) will initiate a tunnel session.
a. “Pinging” from the L2TP client or LNS to the opposite tunnel endpoint will succeed (this tests the tunnel path). b. “Pinging” from a tunnel endpoint IP address to an IP address within the tunnel will probably fail due to the existence of the IP firewall.
Miscellaneous commands: Commands used to delete a tunnel, close a tunnel, or set up advanced L2TP configuration features such as traffic performance fine-tuning are discussed in the L2TP Commands section of Chapter 5. PPP Session Configuration Two commands are used to extend a PPP link from a remote site to a corporate site across the Internet and establish a tunnel. For additional information on the syntax of the commands listed below, refer to the Remote Commands section of Chapter 5.
remote remote remote remote remote remote remote eth ip eth ip ! add internet disauthen internet setoursysname name_isp_expects internet setourpass secret_isp_expects internet addiproute 0.0.0.0 0.0.0.0 1 internet setphone isdn 1 5551000 internet setphone isdn 2 5553000 internet enable address 192.168.254.254 255.255.255.
PPP remote configuration PPP remote-specific questions: 1. What is the home router’s name for PPP authentication? 2. What is the home router’s secret for PPP authentication? 3. Does the home router need PPP authentication for the remote router (company router)? If yes: a. What is the remote router’s name for PPP authentication? b. What is the remote router’s secret for PPP authentication? If no: a.
remote remote remote remote remote add ppp_work setlns Work_Router ppp_work setpasswd ppp_work_secret ppp_work setiptranslate on ppp_work addiproute 172.16.0.0 255.240.0.0 1 ppp_work l2tp set oursysname ppp_soho Work_Router l2tp set ourpassword ppp_soho_secret Work_Router Complete LNS and L2TP Client Configuration Example The following information and illustration (Figure 2) provide a configuration example of an LNS and L2TP Client. ! Assumptions IP Addresses The LNS server’s LAN IP address is 192.168.
Figure 2 Remote User Company PPP session running over the tunnel lacclient (see Note 1) L2TP Client: TUNNEL soho router PC lnsserver (see Note 3) tunnelAtHome (see Note 2) (ISDN) tunnelAtWork (see Note 2) LNS: LNSserver router (DSL) 192.168.100.1 Router on the LAN side: 192.168.101.1 CO LAN 192.168.110.1 LAN: 192.168.10 0.0 IP traffic to the Internet IP traffic to the Internet LAN: 192.168.101.0 Frame Relay ATM traffic isp router 172.16.0.254 INTERNET internet router CO end: 172.16.0.
Set up ISDN parameters: isdn set switch ni1 isdn set dn 5551000 5553000 isdn set spids 0555100001 0555300001 Define DHCP settings for DNS servers, domain, wins server: dhcp set value DOMAINNAMESERVER 192.168.100.68 dhcp set value DOMAINNAME flowpoint.com dhcp set value WINSSERVER 192.168.100.
Set up DSL parameters: sd term co sd speed 1152 Define a remote LNSserver remote remote remote remote remote remote save reboot ! add lnsserver setauthen chap lnsserver setpasswd serverpassword lnsserver addiproute 192.168.110.1 255.255.255.255 1 lnsserver setprotocol ppp lnsserver setpvc 0*38 lnsserver Configuration commands for isp Note: isp is an ISDN router. The router soho calls the router isp.
! Configuration commands for LNSserver Note: LNSserver is a DSL router. Define LNSserver: system system system system name lnsserver passwd serverpassword msg Script_for_LNS_called_HQ securitytimer 60 Enable IP routing: eth ip enable eth ip addr 192.168.100.1 255.255.255.0 Define DHCP settings for DNS servers, domain: dhcp set value domainname flowpoint.com dhcp set value domainnameserver 192.168.100.
Chapter 5. Command Line Interface Reference Command Line Interface Conventions Command Input The Command Line Interface follows these conventions: • Command line length may be up to 120 characters long. • The Command Line Interface is not case-sensitive except for passwords and router names. • Items that appear in bold type must be typed exactly as they appear.However, commands can be shortened to just those characters necessary to make the command unique.
dhcp l2tp filters save erase • File system commands ? or HELP By entering ? or help, you can list the commands at the current level as well as subcommands. At the lowest subcommand level, entering a ? may return the syntax of the command. Note that some commands require a character string and the ? will be taken as the character string if entered in that position.
System-Level Commands These commands are online action and status commands.
IP Addr 192.84.210.148 Mac Address 00:05:02:00:80:A8 Interface ETHERNET/0 BI Lists the root bridge. bi Response: # bi GROUP 0Our ID=8000+00206f0249fc Root ID=8000+00206f0249fc Port ETHERNET/0 00+00 FORWARDING BI LIST Lists MAC addresses and corresponding bridge ports as learned by the bridge function. This list includes several flags and the number of seconds elapsed since the last packet was received by the MAC address.
EXIT Has the same function as logout, but will disconnect you from a Telnet session. exit Frame statistics - for Frame Relay routers only. Displays various FR statisics. FRAME STATS frame stats Example: FR/3 Frame Relay Statistics ANSI LMI: Protocol Errors........................ Unknown Msg Recv....................... T391 Timeouts.......................... PVC Status Changes..................... StatusEnq Sent......................... Status Recv............................ StatusEnq Recv..............
IPIFS Lists the IP interface. ipifs Response: ATM_VC/1 192.168.254.1 (FFFFFF00) dest 192.168.254.2 sub 192.168.254.0 net 192.168.254.0 (FFFFFF00) P-2-P 192.84.210.12 (FFFFFF00) dest 0.0.0.0 sub 192.84.210.0 net 192.84.210.0 (FFFFFF00) BROADCAST ETHERNET/0 IPROUTES Lists the current entries in the IP routing table. iproutes Response: # iproutes IP route / Mask --> Gateway Interface Hops Flags 0.0.0.0 192.84.210.0 192.84.210.12 192.168.254.0 192.168.254.1 192.168.254.2 224.0.0.9 255.255.255.
Network 00001001: 00000456: Gateway HQ (DIRECT) Interface [down] ETHERNET/0 Hops 1 0 where: STATIC DOD FORWARD DIRECT Static route Initiate link dial-up Ticks 4 1 Flags STATIC FORWARD DOD FORWARD IPXSAPS Lists the current services in the IPX SAPs table. ipxsaps Response: # ipxsaps Service Name SERV312_FP Type 4 Node number Network Skt 000000000001:00001001:045 Hops 1 LOGIN Login is required whenever you intend to change one or more configuration settings or save an entirely new configuration.
MEM The mem command report the amount of ram installed in the router. mem Response: # mem Small buffers used.......18 Large buffers used.......41 Buffer descriptors used..59 Number of waiters s/l....
network. By default, the router will try to ping the remote device for five consecutive times and will issue status messages. ping [-c count] [-i wait] [- s size (or -l size)] -c count Number of packets; count is a value between 1 and 10. -i wait Wait period in seconds between packets; wait is a value between 1 and 10. -s size Packet data length “size” bytes; size is a value between 0 and 972. -l size Same as -s size ipaddr IP address in the format of 4 decimals separated by periods.
13:SNMPD 14:BOOTP 15:CMD TID: NAME: FL: P: BOTTOM: CURRENT: SIZE: 03 5 03 5 01 6 124b60 12e3d0 12cba0 125a70 12e6c0 12d9f8 4080 1000 4080 task ID field name of the task flag field number from 1 to 7 with the highest priority equal to 1 address of the task stack current stack pointer stack size in bytes REBOOT This command causes a reboot of the system. It is necessary to reboot after you have configured the router the first time or whenever you modify the configuration.
tcp stats Example: tcp stats VERS Displays the software version level, source, software options, and amount of elapsed time that the router has been running. vers Response: FlowPoint/2025 ATM25 Router FlowPoint-2000 BOOT/POST V3.0.0 (12-Dec-98 18:10) Software version 3.0.
Router Configuration Commands Configuration commands are used to set configuration information for each functional capability of the router.
Target Router System Configuration Commands (SYSTEM) The following commands set basic router configuration information: • name of the router • optional system message • authentication password • security authentication protocol • management security • system administration password • IP address translation • NAT configuration • host mapping • WAN-to-WAN forwarding • filters SYSTEM ? Lists the supported keywords.
system addHostMapping first private addr First IP address in the range of IP addresses to be remapped, in the format of 4 decimals separated by periods. second private addr Last address in the range of IP addresses to be remapped, in the format of 4 decimals separated by periods. first public addr Defines the range of public IP addresses, in the format of 4 decimals separated by periods. The rest of the range is computed automatically.
first port First or only port as seen by the remote end. Port used by the selected server; can be a string such as ftp, telnet, smtp, snmp, or http, or a numeric value between 0 and 65,535. A numeric value of 0 will match any port. last port If specified, this is used with to denote a range of ports as seen by the remote end for the server on the LAN. first private port If specified, this is a port remapping of the incoming request from the remote end. Example: system addServer 192.168.1.
system addTelnetFilter [] | LAN first ip addr First IP address of the client range. last ip addr Last IP address of the client range. May be omitted if the range contains only one IP address. LAN Local Ethernet LAN. Example: system addTelnetFilter 192.168.1.5 192.168.1.12 SYSTEM ADDUDPRELAY This command is used to create a UDP port range for packet forwarding. You can specify a port range from 0 to 65535; however, 137 to 139 are reserved for NetBIOS ports.
system authen none | pap | chap none When set to none (the default), the authentication protocol is negotiated, with the minimum best security level as defined for each remote router in the database. pap When set to pap, negotiation will begin with PAP (instead of CHAP) for those entries that have PAP in the remote database and only when the call is initiated locally. chap Overrides all the remote database entries with chap; i.e., only CHAP will be performed.
Example 1: system community fred Example 2: system community SYSTEM DELHOSTMAPPING Undoes an IP address/host translation (remapping) range that was previously established with the command remote addHostMapping on a per-systemwide basis. system delHostMapping first private addr First IP address in the range of IP address, in the format of 4 decimals separated by periods.
me Used to send the incoming server request to the local router, regardless of its IP address. protocolid Protocol used by the selected server; can be tcp or udp. first port First or only port as seen by the remote end. Port used by the selected server. Can be a string such as ftp, telnet, smtp, snmp, or http, or a numeric value between 0 and 65,535.
LAN Local Ethernet LAN. Example: system deltelnetfilter 192.168.1.5 192.168.1.12 SYSTEM DELUDPRELAY Deletes the port range that was previously enabled by the command system addUDPrelay. system delUDPrelay | all [] ipaddr IP address of the server. first port First port in the UDP port range to be deleted. all Deletes all existing UDP ports. last port Last port in the UDP port range to be deleted. Example: system delUDPrelay 192.168.1.
Response: GENERAL INFORMATION FOR System started on.................... 1/7/1998 at 13:29 Authentication override.......... NONE WAN to WAN Forwarding.............. yes BOOTP/DHCP Server address........ none Telnet Port...................... default (23) SNMP Port............................ default (161) System message: Configured January 1998 SYSTEM LOG Allows logging of the router’s activity in a Telnet session. system log start | stop | status start Used to monitor router activity at all times.
system name name Name of the target router (character string). Space characters are not allowed within the name; you may use underscore characters instead. (The system name is a “word” when exchanged with PAP/CHAP.) If you do not enter a name, the current name of the router is displayed. If you type anything after system name, the characters will be taken as the new name. Note: The system name is case sensitive and may be no more than 50 characters.
password Authentication password of the target router. Note: The password is case-sensitive and should be no more than 40 characters. Example: system passwd chwgn1 SYSTEM SECURITYTIMER Automatically logs out a Telnet or console user out of privileged mode when no typing has occurred for 10 minutes. This command allows the user to change the 10-minute default to a different value. system securityTimer minutes Length of time in minutes.
SYSTEM SNMPPORT Manages SNMP port access including disabling SNMP, reestablishing SNMP services, or redefining the SNMP port for security reasons. Refer to Chapter 4. Management Security on page 87. Note: This command requires a save and reboot to take effect. system snmpport default|disabled | default Restores the default values to 161. disabled Disables remote management. port Used to define a new SNMP port number.
Example: system supporttrace SYSTEM TELNETPORT The router has a built-in Telnet server. This command is used to specify which router’s TCP port is to receive a Telnet connection. Note: This command requires a save and reboot to take effect. system telnetport default|disabled| default The default value is 23. disabled The router will not accept any incoming TCP request. port Port number of the Ethernet LAN. It is recommended that this number be > 2048 if not 0 (disabled) or 23 (default).
Target Router Ethernet LAN Bridging and Routing (ETH) The following commands allow you to: • Set the Ethernet LAN IP address • List the current contents of the IP routing table • Enable and disable IP routing • List or save the current configuration settings All of these commands require a reboot. ETH ? Lists the supported keywords.
ETH IP ADDROUTE Defines IP routes reached via the LAN interface. This command is only needed if the system does not support RIP. Note: This command requires a reboot. eth ip addRoute [] ipaddr Ethernet LAN IP address in the format of 4 decimals separated by periods. ipnetmask IP network mask in the format of 4 decimals separated by periods. gateway IP address in the format of 4 decimals separated by periods.
ipaddr Ethernet LAN IP address in the format of 4 decimals separated by periods. ipnetmask IP network mask in the format of 4 decimals separated by periods. port# Port number of the Ethernet LAN; must be 0, or 1, or omitted. Example: eth ip delRoute 128.1.2.0 255.255.255.0 128.1.1.17 1 ETH IP DIRECTEDBCAST Enables or disables the forwarding of packets sent to the network prefix-directed broadcast address of an interface.
ETH IP ENABLE Enables IP routing across the Ethernet LAN. This command acts as a master switch allowing you to enable IP routing. eth ip enable [port#] port# Port number of the Ethernet LAN. This number must be 0 or 1, or it may be omitted. Example: eth ip enable ETH IP FILTER Defines an IP filter on the Ethernet interface of the connection. The filter is used to screen IP packets, and it operates at the interface level.
-sm where , when present, defines a mask to use when comparing the ... with the source IP address in the IP packet. If not specified, the source IP mask is set to 255.255.255.255. -sp [:] where defines the first or only source port and , if present, defines the last source port in a range.
ETH IP FIREWALL The router supports IP Internet Firewall Filtering to prevent unauthorized access to your system and network resources from the Internet. This filter discards packets received from the WAN that have a source IP address recognized as a local LAN address. This command sets Ethernet Firewall Filtering on or off and allows you to list the active state. Note 1: This command requires a reboot Note 2: To perform Firewall Filtering, IP routing must be enabled.
rxrip1 Receive and process RIP-1 packets only. rxrip2 Receive and process RIP-2 packets only. rxdef Receive the default route address from the Ethernet LAN. The default is on. This option is useful if you do not want to configure your router with a default route. txrip Transmit RIP-1 compatible broadcast packets and RIP-2 multicast packets over the Ethernet LAN. The default is on. txrip1 Transmit broadcast RIP-1 packets only. txrip2 Transmit multicast RIP-2 packets only.
ETH IPX DISABLE Disables IPX routing across the Ethernet LAN. This acts as a master switch allowing you to disable IPX Routing for testing or control purposes. Note: This command requires a reboot. eth ipx disable [port#] port# Port number of the Ethernet LAN. This number must be 0 or 1, or it may be omitted. Example: eth ipx disable ETH IPX ENABLE Enables IPX routing across the Ethernet LAN. This acts as a master switch that allows you to enable IPX routing. Note: This command requires a reboot.
ETH LIST Lists the Ethernet LAN port number, status of bridging and routing, IP protocol controls, and IP address and subnet mask. eth list Example: eth list Response: ETHERNET INFORMATION FOR Hardware MAC address .............. Bridging enabled .................. IP Routing enabled ................ Firewall filter enabled ......... Send IP RIP to the LAN .......... Advertise me as default router Process IP RIP packets received . Receive default route by RIP .. RIP Multicast address .........
Remote Router Access Configuration (REMOTE) The following commands allow you to add, delete, and modify remote routers to which the target router can connect.
REMOTE ADD Adds a remote router entry into the remote router database. remote add remoteName Name of the remote router (character string). The name is case-sensitive. Example: remote add HQ REMOTE ADDHOSTMAPPING Remaps a range of local LAN IP addresses to a range of public IP addresses on a per-remote-router basis. These local addresses are mapped one-to-one to the public addresses. Note: The range of public IP addresses is defined by only.
ipnetmask IP network mask of the remote network or station, in the format of 4 decimals separated by periods. hops Number between 1 and 15 that represents the perceived cost in reaching the remote network or station. ipgateway Enter a gateway address only if you are configuring RFC 1483MER. The gateway address that you enter is the address of a router on the remote LAN. Check with your system administrator for details. remoteName Name of the remote router (character string).
Note: A reboot must be performed on the target router for the addition of a SAP to take effect. remote addIpxSap servicename Name of server. ipxNet IPX network number represented by 8 hexadecimal characters. ipxNode IPX node address represented by 12 hexadecimal characters. socket Socket address of the destination process within the destination node. The processes include services such as file and print servers.
REMOTE BLOCKNETBIOS This command will filter out all NetBIOS packets over this WAN connection. remote blockNetBIOS on|off REMOTE DEL Deletes a remote router entry from the remote router database. remote del remoteName Name of the remote router (character string). Example: remote del HQ REMOTE DELATMNASP This command delets the atm snap setting.
first public addr Defines the range of public IP addresses, in the format of 4 decimals separated by periods. The rest of the range is computed automatically. remoteName Name of the remote router (character string). Example: remote delHostMapping 192.168.207.40 192.168.207.49 10.0.20.11 HQ REMOTE DELIPROUTE Deletes an IP address for a network or station on the LANconnected beyond the remote router. Note: the reboot command must be issued on the target router for a deleted static route to take effect.
REMOTE DELOURPASSWD Removes the unique CHAP or PAP authentication password entries established by the command remote setOurPasswd. remote delOurPasswd remoteName Name of the remote router (character string). Example: remote delOurPasswd HQ REMOTE DELOURSYSNAME Removes the unique CHAP or PAP authentication system name entries established by the command remote setOurSysName. remote delOurSysName remoteName Name of the remote router (character string).
remoteName Name of the remote router (character string). Example: remote delServer 192.168.1.5 tcp ftp router1 REMOTE DISABLE Disables communications with the remote router. This command allows you to enter routers into the remote router database, but it sets them inactive. Note: The routing information defined for is still in effect when the entry is disabled until you save and reboot. However, no calls will be made to that remote router.
REMOTE ENAAUTHEN With this command the target router will try to negotiate authentication as defined in the remote router's database. remote enaAuthen remoteName Name of the remote router (character string). Example: remote enaAuthen HQ REMOTE ENABLE Enables communications with the remote router. This command allows you to activate the entry in the remote router database when you are ready. remote enable remoteName Name of the remote router (character string).
command append insert delete flush check list watch on | off type action parameters Append a filter to the end of this . Insert a filter at the front of this . Delete the first filter matching this filter. Delete all filters of this from this interface. Check the action to take (Accept, Drop, Reject) based on the parameters.
-dp [:] where defines the first or only destination port and , if present, defines the last destination port in a range. If not specified, the is assumed to be 0, the is assumed to be 0xffff.
remoteName Name of the remote router (character string). Example: remote list HQ Response: INFORMATION FOR Status............................... enabled Our Password used when dialing out... no Protocol in use...................... RFC1483 (SNAP) - Frame Relay IP Connection Identifier (VPI*VCI)...... 0*38 IP address translation............... off Compression Negotiation.............. off Source IP address/subnet mask........ 0.0.0.0/0.0.0.0 Remote IP address/subnet mask........ 0.0.0.0/0.0.0.
REMOTE LISTIPROUTES Lists all network or station IP addresses defined for the LAN connected beyond the remote router. If the remote name is not specified, a list of IP routes is displayed for each remote router in the database. remote listIproutes [remoteName] remoteName Name of the remote router (character string). Example: remote listIproutes HQ Response: IP INFORMATION FOR Send IP RIP to this dest ............... rip-1 compatible Send IP default route if known .....
remoteName Name of the remote router (character string.) Example: remote listIpxsaps HQ Response: IPX SAP INFORMATION FOR Total IPX SAPs ................. 1 SERV312_FP 00001001 00:00:00:00:00:01 0451 0004 1 IPX SAP INFORMATION FOR Total IPX SAPs ................. 0 SERV312_FP 00001001 00:00:00:00:00:01 0451 0004 1 REMOTE LISTPHONES Lists the PVC numbers available for connecting to the remote router. remote listPhones remoteName Name of the remote router (character string).
REMOTE SETATMTRAFFIC SCR MBS This command applies only to ATM routers. Refer to Asynchronous Transfer Mode Commands (ATM), on page 168 for more syntax information. remote setATMTraffic scr mbs REMOTE SETAUTHEN Sets the authentication protocol used communicate with the remote router. The authentication protocol is the minimum security level that the target router must use with the remote router; this level is verified during security negotiation.
REMOTE SETCOMPRESSION Enables or disables compression between the local router and the remote router. remote setCompression on|off on Compression will be negotiated between the local and the remote router if both routers are set to perform compression and if they both share a common compression protocol. off Disables compression. The default is off. remoteName Name of the remote router (character string).
DESE_1_KEY Specifies that the same key is used in both directions DESE_2_KEY Specifies that the keys are different filename Name of the file containing the Diffie-Hellman values. If the file is not specified, default values built into the router’s kernel are automatically selected. remoteName Name of the remote router (character string). Example: remote setEncryption DESE_1_KEY dh96.num HQ Chapter 5.
REMOTE SETIPOPTIONS RIP is a protocol used for exchanging IP routing information among routers. The following RIP options allow you to set IP routing information protocol controls over a point-to-point WAN. remote setipoptions
REMOTE SETIPSSLAVEPPP remote setIPsslavePPP yes|no If SetIPSlaveModePPP is yes the router will accept the IP address that the remote end informs the router that it has without reguard to how the router was previously configured. If setIPSlaveModePPP is no the router will try to use the address that it was configured for.
REMOTE SETLNS This command is specific to L2TP tunnel configuration. Refer to the L2TP commands section, for usage information. remote setLNS REMOTE SETOURPASSWD Sets a unique CHAP or PAP authentication password for the local router that is used for authentication when the local router connects to the specified remote router. This password overrides the password set in the system passwd command. A common use is to set a password assigned to you by Internet Service Providers.
remote setPasswd password Authentication password of the remote router. Note that the password is case-sensitive. remoteName Name of the remote router (character string). Example: remote setPasswd s2dpxl7 HQ REMOTE SETPROTOCOL Sets the link protocol for the remote router. remote setProtocol [PPP | PPPLLC | RFC1483 | RFC1483MER | FRF8 | RAWIP] PPP PPP protocol with no encapsulation.
remote setPVC * vpi number Virtual Path ID — number that identifies the link formed by the virtual path. vci number Virtual Circuit ID — number that identifies a channel within a virtual path in a DSL/ATM environment. remoteName Name of the remote router (character string). Example: remote setPVC 0*38 HQ REMOTE SETRMTIPADDR Sets the WAN IP address for the remote router.
REMOTE STATS Shows the current status of the connection to the remote router, including the bandwidth and data transfer rate. remote stats [] remoteName Name of the remote router (character string). Example: remote stats HQ Response: STATISTICS FOR : Current state .................... Current output bandwidth .......... Current input bandwidth ........... Current bandwidth allocated ....... On port ATM_VC/1 .................. Total connect time ................ Total bytes out ..........
Asymmetric Digital Subscriber Line Commands (ADSL) The following ADSL commands are used to manage the ADSL link for an ADSL router. ADSL ? Lists the supported keywords. adsl ? Response: ADSL commands: ? restart stats speed ADSL RESTART Resynchronizes the modem with the Central Office equipment.
ADSL STATS Shows the current error status for the ADSL connection. adsl stats [clear] clear Option used to reset the counters. Example: adsl stats Response: ASDL Statistics: Out of frame errors ... HEC errors received ... CRC errors received ... FEBE errors received .. Remote Out-of-frame ..... Remote HEC errors ....... 0 0 0 0 0 0 Chapter 5.
Asynchronous Transfer Mode Commands (ATM) The following ATM commands are used to manage the ATM link for an ATM router. ATM ? Lists the supported keywords. atm ? Example: atm ? Response: ATM commands: ? help echoPVC voicePVC findPVC Note: Other ATM-specific commands are also included in this section: atom dumpUnknownCells atom findPVC remote setatmtraffic ATM PCR Sets the speed of the ATM link in cells per second. This command is similar to atm speed (speed in kilobytes).
ATM SAVE Saves the ATM configuration settings. atm save Example: atm save ATM SPEED Sets the speed of the ATM link in kilobits per second. This command is similar to atm pcr (speed in cells per second). Refer to the command atm pcr. The upstream speed default is 326 Kb/s. Use this command if the upstream speed exceeds 326 Kb/s. The speed value is generally obtained from your Network Service Provider.
ATOM FINDPVC This command is normally used to find the ATM VPI*VCI number necessary for configuring a remote when the Service Provider either has supplied the wrong value or simply is not able to supply one.This command should only be used when there are no remotes defined or when the remote entries are disabled. The command output is directed to the console. If Telnet is used to log into the router, then issue the system log start command to direct the console output to the Telnet session.
DMT Command DMT MODE The dmt mode has three values. dmt mode ansi|no_trellis_ansi|uawg UAWG mode is becoming obsolete. No Trellis encoding for T1.413 ANSI ADSL is only needed where auto-negotiation is not supported for Trellis. Chapter 5.
Dual-Ethernet Router Commands (ETH) The following Ethernet commands are used to manage the Ethernet interfaces for the Dual-Ethernet (Ethernet-toEthernet) router and thus are specific to this type of router only. Note: For non-specific Ethernet commands, refer to Target Router Ethernet LAN Bridging and Routing (ETH), on page 134. General information This Dual-Ethernet router may be configured via the Web Browser GUI or from the Command Line Interface (CLI).
ETH IP ADDHOSTMAPPING Remaps a range of local LAN IP addresses to a range of public IP addresses on a per-interface basis. These local addresses are mapped one-to-one to the public addresses. Note: The range of public IP addresses is defined by only. The rest of the range is computed automatically (from to + number of addresses remapped - 1) inclusive.
Example: eth ip addServer 192.168.1.5 tcp smtp 1 eth ip addServer 192.168.1.10 tcp 9000 9000 telnet 0 ETH IP DELHOSTMAPPING Undoes an IP address/ host translation (remapping) range that was previously established with the command eth ip addHostMapping on a per-interface basis. eth ip delHostMapping first private addr First IP address in the range of IP address, in the format of 4 decimals separated by periods.
Example: eth ip delServer 192.168.1.5 tcp ftp 0 ETH IP TRANSLATE This command is used to control Network Address Translation on a per-interface basis. It allows several PCs to share a single IP address to the Internet. eth ip translate on|off port# Ethernet interface number. Can be 0 or 1. Example: eth ip translate on 0 Chapter 5.
High-Speed Digital Subscriber Line Commands (HDSL) The following HDSL commands are used to manage the HDSL link for an HDSL router. General Information about HDSL ! Line activation Line activation is independent of network settings. During activation, the Link light (on the front panel of the router) first is yellow and then turns green when the link becomes active.
HDSL ? Lists the supported keywords. hdsl ? Example: hdsl ? Response: HDSL commands: ? help save speed terminal HDSL SPEED CO end: Sets the speed manually on the Central Office (CO) end only. CPE end: The router on the Customer Premises End (CPE) is always in auto-speed mode: it uses an auto-speed algorithm to attempt to match the CO speed. The command hdsl speed noauto is used to override auto-speed.
Example: hdsl save HDSL TERMINAL The router is by default configured as the Customer Premises Equipment (CPE). Use this command if you intend to configure the router as the Central Office equipment (CO). hdsl terminal cpe defines the CPE end (default configuration) hdsl terminal co defines the CO end. hdsl terminal displays the current settings. hdsl terminal [cpe|co] co This option lets you define the router as the CO.
ISDN Digital Subscriber Line (IDSL) General Information about IDSL ! Data Link Connection Identifier (DLCI) The IDSL router can support several DLCI virtual circuits over a Frame-Relay IDSL link. However, a typical connection to the Internet will require only one DLCI. The DLCI number must match the DLCI of the remote end. An activated router should all green lights for LINE, CH1, CH2, and NT1 LEDs. The following IDSL commands are used to manage the IDSL link for an IDSL router.
Example: isdn save ISDN SET SWITCH Specifies link speeds of 64, 128, or 144 Kbps for the IDSL connection. isdn set switch [FR64 | FR128 | FR144] FR64 Link speed of 64 Kbps FR128 Link speed of 128 Kbps FR144 Link speed of 144 Kbps Example: isdn set switch fr144 REMOTE SETDLCI This command allows the user to set the Data Link Connection Identifier—an address identifying a logical connection—in a Frame-Relay environment. This number is generally provided by the Network Service Provider.
Symmetric Digital Subscriber Line Commands (SDSL) The following SDSL commands are used to manage the SDSL link for an SDSL router. General information about SDSL ! Line activation Line activation is independent of network settings. During activation, the Link light (on the front panel of the router) first is yellow and then turns green when the link becomes active.
SDSL ? Lists the supported keywords. sdsl ? Example: sdsl ? Response: SDSL commands: speed stats terminal SDSL SPEED CO end: Sets the speed manually on the Central Office (CO) end only. CPE end: The router on the Customer Premises End (CPE) end is always in auto-speed mode: it uses an autospeed algorithm to attempt to match the CO speed. The command sdsl speed noauto is used to override autospeed.
SDSL SAVE Saves the SDSL-related changes across reboots. sdsl save Example: sdsl save SDSL TERMINAL The router is by default configured as the Customer Premises End (CPE). Use this command if you intend to configure the router as a Central Office equipment (CO). sdsl terminal cpe defines the CPE end (default configuration). sdsl terminal co defines the CO (central office) end. sdsl terminal displays the current settings.
SD STATS CLEAR This command displays and clears the frame statistics. sd stats clear 184 Chapter 5.
Dynamic Host Configuration Protocol Commands (DHCP) The following DHCP commands allow you to: • Enable and disable subnetworks and client leases. • Add subnetworks and client leases. • Set the lease time. • Change client leases manually. • Set option values globally, for a subnetwork, or for a client lease. • Enable/disable BootP. • Use BootP to specify the boot server. • Define option types. DHCP ? Lists the supported keywords.
type Byte | word | long | longint | binary | ipaddress | string Example 1: dhcp add 192.168.254.0.255.255.255.0 (adds this subnetwork) Example 2: dhcp add 192.168.254.31 (adds this client lease Example 3: dhcp add 128 1 4 ipAddress (adds this option type Note: In example 3, 128 allows IP addresses, the server has a minimum of one IP address, the server can have up to four IP addresses, and the type is “ipaddress”).
net IP address of the subnetwork lease in the format of 4 decimals separated by periods. ipaddr IP address of the client lease in the format of 4 decimals separated by periods. name Name of the file to boot from; the default name for this file is KERNEL.F2K. Example: dhcp bootp file 192.168.254.0 Kernel.f2k DHCP BOOTP TFTPSERVER Specifies the TFTP server (boot server).
Note: The client does not get updated; it will still have the old value. DHCP CLEAR VALUEOPTION Clears the value for a global option, for an option associated with a subnetwork, or with a specific client. dhcp clear valueoption [|] net IP address of the subnetwork lease in the format of 4 decimals separated by periods. ipaddr IP address of the client lease in the format of 4 decimals separated by periods. code Code can be a number between 1 and 61 or a keyword.
net IP address of the subnetwork lease in the format of 4 decimals separated by periods. ipaddr IP address of the client lease in the format of 4 decimals separated by periods. Examples: dhcp disable 192.168.254.0 dhcp disable 192.168.254.17 DHCP ENABLE Enables a subnetwork or a client lease. dhcp enable all | | all Enables all subnets. net IP address of the subnetwork lease in the format of 4 decimals separated by periods.
bootp file .............. GATEWAY (3) ................ 192.168.254.254 client 192.168.254.2, Ena, jo-computer, Expired client 192.168.254.3, Ena, Jo, 1999/5/16 11:31:33 Example 2: To list information for client 192.168.254.3, enter dhcp list 192.168.254.3 Response: Client 192.168.254.3, Enabled lease ......................... expires ....................... bootp ......................... bootp server .................. bootp file .................... HOSTNAME (12) .................
string Character string.
code code code code code code code code code code code code code code code code code code code code code code code code code code code code code XWSFONTSERVER (48), 1 to 63 occurrences, type IPADDRESS XWSDISPLAYMANAGER (49), 1 to 63 occurrences, type IPADDRESS REQUESTEDIPADDR (50), 1 occurrence, type IPADDRESS-RESERVED IPADDRLEASETIME (51), 1 occurrence, type LONGINT-RESERVED OPTIONOVERLOAD (52), 1 occurrence, type BYTE-RESERVED MESSAGETYPE (53), 1 occurrence, type BYTE-RESERVED SERVERIDENTIFIER (54), 1 oc
DHCP RELAY Lets the router relay DHCP or BootP requests to a DHCP server on the WAN when a PC attempts to acquire an IP address using DHCP. This command disables the router’s DHCP server. dhcp relay ipaddr IP address of the target router in the format of 4 decimals separated by periods. Example: dhcp relay 128.1.210.64 DHCP SET ADDRESSES Creates or changes a pool of IP addresses that are associated with a subnetwork.
DHCP SET LEASE Controls lease time. dhcp set lease [|]|default|infinite net IP address of the subnetwork lease in the format of 4 decimals separated by periods. ipaddr IP address of the client lease in the format of 4 decimals separated by periods. hours Lease time; minimum is 1 hour; the global d efault is 168 hours. default Lease time that has been specified at the subnetwork or global level. infinite No lease time limit; the lease becomes permanent.
DHCP SET MASK Used to conveniently change the mask of a DHCP subnet without having to delete and recreate the subnet and all its entries. dhcp set mask net IP address of the subnetwork lease in the format of 4 decimals separated by periods. mask IP network mask, in the format of 4 decimals separated by periods. Example: dhcp set mask 192.168.254.0 255.255.255.0 DHCP SET VALUEOPTION Sets values for global options, options specific to a subnetwork, or options specific to a client lease.
L2TP — Virtual Dial-Up Configuration (L2TP) The following L2TP commands allow you to add, delete, and modify tunnels. L2TP router information that can be configured includes: • Names • Security authentication protocols and passwords • Addresses • Management of traffic performance Note: Two remote commands specific to L2TP are also included in this section. L2TP ? Lists the supported keywords. l2tp ? Response: L2tp Sub-commands: ? add forward list call close del set L2TP ADD Creates a tunnel entry.
Note 2: If this command is not used, then defaults to 0.0.0.0, and this end cannot initiate the tunnel. l2tp set address ipaddr IP address of the remote LAC or LNS. TunnelName Name of the tunnel (character string). The name is case-sensitive. Example: l2tp set address 192.168.100.1 PacingAtWork L2TP SET AUTHEN Enables or disables authentication of the remote router during tunnel establishment using the CHAP secret, if it exists.
TunnelName Name of the tunnel (character string). The name is case sensitive. Example: l2tp set CHAPSecret PacingAtWork L2TP CLOSE Closes an L2TP tunnel and/or session. l2tp close |-n|-t|-s|-c L2TP unit number -n TunnelName Name of the tunnel (character string). The name is case sensitive. -t tunnelid Local tunnel id. -s serialnum Serial number of the call within the tunnel. -c callid ID of the local call for the session.
none No incoming calls are allowed to be forwarded through the tunnel to an LNS TunnelName Name of the tunnel (character string). The name is case-sensitive. Example: l2tp forward PacingAtWork L2TP LIST Provides a complete display of the current configuration settings for tunnel(s), except for the authentication password/secret. l2tp list || TunnelName Name of the tunnel (character string). The name is case sensitive.
L2TP SET DIALOUT Lets the LNS instruct the L2TP client to use an ISDN phone line to place a call on its behalf. l2tp set dialout yes|no yes This option lets the router place outgoing calls. no This option prevents the router from placing outgoing calls.The default is no. TunnelName Name of the tunnel (character string). The name is case-sensitive.
L2TP SET OURSYSNAME Specifies the router’s name for PPP authentication on a per-tunnel basis. l2tp set oursysname name Name of the router that is used for authentication when challenged by another router. TunnelName Name of the tunnel (character string). The name is case sensitive. Example: l2tp set oursysname myName PacingAtWork L2TP SET OURTUNNELNAME This command creates local router’s host name.
L2TP SET TYPE Defines the type of L2TP support for the tunnel. The router’s role is defined on a per-tunnel basis. l2tp set type all|lac|lns|l2tpclient|disabled all The router is configured to act as both a LAC/L2TP client and an LNS server. lac The router is configured to act as a LAC for this tunnel. lns The router is configured to act as an LNS for this tunnel. l2tpclient The router is configured to act as an L2TP client for this tunnel. disabled The tunnel entry is disabled.
REMOTE SETL2TPCLIENT With this command, this remote is the path to the L2TP client and accepts tunnel calls. Use this command if your router acts as an LNS. You must also specify PPP authentication and IP routes for this remote. remote setl2tpclient TunnelName Name of the tunnel (character string) associated with the remote LAC. The name is casesensitive. remoteName Name of the remote entry (character string). The name is case sensitive.
Bridge Filtering Commands (FILTER BR) Bridge filtering allows you to control the packets transferred across the router. This feature can be used to enhance security or improve performance. Filtering is based on matched patterns within the packet at a specified offset. Two filtering modes are available. • Deny mode will discard any packet that matches the deny filter database and let all other packets pass.
FILTER BR LIST Lists the bridging filters in the filtering database. filter br list Example: filter br list Response: Allow Filter: Deny Filter: pos:12, len=2, <80><35> FILTER BR USE Sets the mode of filtering to either deny, allow, or none. filter br use none | deny | allow Example: filter br use allow Chapter 5.
Save Configuration Commands (SAVE) These commands save the entire router’s configuration or parts of it to FLASH memory. The parts that can be saved include: • System • Ethernet LAN • DHCP settings • Remote router database settings • Filters SAVE ALL Saves the configuration settings for the system, Ethernet LAN, DSL line, and remote router database into FLASH memory.
SAVE DOD Saves the current state of the remote router database. All new entries and changed entries are saved into FLASH memory. save dod Example: save dod SAVE ETH Saves the configuration settings for the Ethernet LAN into FLASH memory. save eth Example: save eth SAVE FILTER Saves the bridging filtering database to FLASH memory. A reboot must be executed to load the database for active use.
Erase Configuration Commands (ERASE) These commands can be used to erase the entire router’s configuration or parts of it from FLASH memory. The parts that can be erased include: • System • Ethernet LAN • DSL and remote router database settings • DHCP settings • Filters Once you erase part of the configuration, you will need to completely reconfigure that part. Important: All of the following erase commands require a reboot without a save command to take effect.
ERASE DOD Erases the current state of the remote router database. All new entries and changed entries are erased from FLASH memory. erase dod Example: erase dod ERASE ETH Erases the configuration settings for the Ethernet LAN from FLASH memory. erase eth Example: erase eth ERASE FILTER Erases the current bridging filtering database from FLASH memory. When you issue this command you must reboot (without a save).
File System Commands The file system commands allow you to perform maintenance and recovery on the router. These commands allow you to: • Format the file system • List the contents of the file system • Copy, rename, and delete files The router file system is DOS-compatible, and the file system commands are similar to the DOS commands of the same name. COPY Copies a file from the source to the destination.
DELETE Removes a file from the file system. delete filename Name of the file to be deleted. The filename is in the format xxxxxxxx.xxx. Example: delete kernel.f2k Response: kernel.f2k deleted. DIR Displays the directory of the file system. The size of each file is listed in bytes. dir Example: dir EXECUTE This command loads batch files of configuration commands into the router. This allows for customization and simpler installation of the router.
indicates the file system is corrupted, you may wish to reformat the disk, reboot the router, and recopy the router software. format disk Example: format disk Response: NEWFS: erasing disk... NEWFS: fs is 381k and will have 762 sectors NEWFS: 128 directory slots in 8 sectors NEWFS: 747 fat entries in 3 sectors NEWFS: writing boot block...done. NEWFS: writing fat tables...done. NEWFS: writing directory...done. Filesystem formatted! MSFS Checks the structure of the file system.
RENAME Renames a file in the file system. rename oldName Existing name of the file. The filename is in the format xxxxxxxx.xxx. newName New name of the file. The filename is in the format xxxxxxxx.xxx. Example: rename ether.dat oldeth.dat Response: ‘ether.dat’ renamed to ‘oldeth.dat’ SYNC Commits the changes made to the file system to FLASH memory. sync sync Example: Response: Syncing Warning: file systems...done. Syncing is not complete until you see the message “done”.
Chapter 5.
Chapter 6. Managing the Router This chapter describes the options available for booting software, tells you how to upgrade the router with new releases of software, and explains the process for maintaining copies of configuration files. Simple Network Management Protocol (SNMP) SNMP, a member of the TCP/IP protocol suite, was designed to provide network management interoperability among different vendors’ management applications and equipment.
Telnet Remote Access The router supports Telnet access. Telnet allows you to log in to the router as if you are directly connected through the Console port. You can issue commands, using the command line interface, to configure the router and perform status monitoring from any remote location. You can use one of the available TCP/IP packages containing the Telnet application. To access the router using Telnet, issue the appropriate command syntax and assign the IP address of the router.
BootP Server BootP is the Bootstrap Protocol server; it is installed on your PC with the DSL Tools software. The BootP Server waits for incoming BootP broadcasts from BootP clients. The server looks up the MAC addresses of the incoming BootP request in its database. If the MAC Address is found, the server normally responds to the requestor with an IP address, the IP address of a TFTP server, and the name of a file to use for booting.
To return to automatic boot mode 1. When you are ready to return to automatic boot mode, set switch 6 up. 2. Reboot by selecting options 1, 2, 3, or 4. If you reboot with switch 6 in the up position, the router will boot router software automatically in the order and manner that you have specified. Option 1: Retry Start-Up If you are in Manual Boot mode, you can reboot the router in the boot procedure order by selecting option 1, “Retry start-up”.
• the router software filename on the server The boot IP address is the router LAN IP address used during the boot procedure. This address may differ from the LAN IP address that the router is ultimately assigned. This address is different so that a system can be booted from one subnetwork and then moved to its operational network, if necessary. The boot IP address is in the form: zzz.zzz.zzz.zzz. The TFTP boot server address is specified as: xxx.xxx.xxx.xxx (where xxx.xxx.xxx.
If the date is set to zero, the real-time clock is disabled for long-term storage. The time and date fields are overwritten by the GUI, when the router is configured by a PC. The time and date values are then read from the PC. Option 7: Set Console Baud Rate Select option 7 to alter the baud rate that is used by the router to communicate over the Console port with the terminal-emulation program. You can override the default rate of 9600.
Identifying Fatal Boot Failures Fatal boot failures can be identified by the LEDs light patterns displayed on the front panel of the router. Note: Normal LED states are described in the Hardware Reference section of the Quick Start Guide.
the network into the router’s FLASH memory. When it first connects to the router, the GUI backs up all the files to a directory called Sxxxxx, where x is the router’s serial number. Note: We strongly recommend that you use the Configuration Manager’s Upgrade/Backup tool to upgrade or back up the kernel. The Configuration Manager’s tool is more convenient to use than the Command Line Interface. Upgrade Instructions Read the following steps very carefully before you perform an upgrade: 1.
where xxx.xxx.xxx.xxx is the TFTP server IP address, SFILENAME is the server filename of the kernel, and KERNEL.F2K is the name of the file loaded from FLASH memory by the boot procedure. If you do not specify the server address, a permanent or more recent override TFTP server address will be used, if you have previously defined one. Enter the sync command to commit the changes to FLASH memory.
Backup and Restore Configuration Files To successfully save configuration files to the server, those files must already exist and be writeable by everyone. This restriction is part of the TFTP protocol. Moreover, all the files accessed by the TFTP server must be under a single root directory. Multiple sub-directories can exist below this root directory, but they must be created manually at the server. Neither the sub-directories nor the files can be created remotely.
FLASH Memory Recovery Procedures Recovering Kernels for Routers with Configuration Switches In the unlikely event that the FLASH file system should become corrupted, there is a series of steps that you can take to attempt to recover. Perform the following procedures in the order listed: 1. Try to repair the file system by issuing the msfs command. While logged in, issue a sync command followed by an msfs command.
Recovering Kernels for Routers with a Reset Button A router that fails to boot may be an indication that the kernel has been corrupted. The following recovery steps can help, but you need to have a kernel for your particular router model. If you installed the DSL Tools and successfully connected to the router, an automatic backup process was started that saved a copy of the kernel and other files to the PC in a subdirectory under DSL Tools called Sxxxxxx, where xxxxxx is the serial number of the unit.
Recovery Steps Using BootP You may want to connect a console cable, if one is available, and start a terminal emulator session so that you can see the router’s console messages. 1. Make sure that the PC path and directory information to a valid kernel are correct. 2. Start the Configuration Manager or Quick Start application (refer to your Quick Start Guide). 3. Select Tools and BootP. 4.
Routers with a Reset Button The following step will assist you in recovering the router’s administrative password or IP address, should you forget them. Push the reset button and hold it for 3 seconds while the router is running. With this step, the following features are enabled for a period of 10 minutes: • The system password can be overridden by using the router’s serial number as a password.
Caution: If you create a one-time script file (copied to the router under the name AUTOEXEC.BAT), do not include the commands rename < autoexec.bat> and reboot at the same time. This will result in an endless loop of starting the router, executing the script, restarting the router, re-executing the script. Chapter 6.
Chapter 6.
Chapter 7. Troubleshooting Software problems usually occur when the router’s software configuration contains incomplete or incorrect information. This chapter discusses: • Diagnostic tools that are available to help identify and solve problems that may occur with your router • Symptoms of software configuration problems • Actions for you to take • System messages Diagnostic Tools Using LEDs Most hardware problems can be diagnosed and solved by checking the LEDs on the front panel of your router.
Normal LED Sequence State Length State 1 Power ON PWR - green TEST - amber LINK - off 5 sec State 2 All lights flash Problem If the LED sequence stops at this stage: Hardware problem has been detected. Contact Technical Support. 1 sec State 3 PWR - green TEST - green LINK - off 5 sec State 4 PWR - green TEST - green LINK - amber 5 to 10 sec State 5 PWR - green TEST - green LINK - green Ready State 1. Check that the DIP switches are all up. 2. Check that the correct software was loaded. 1.
Accessing History Log through Configuration Manager 1. Select Tools and Terminal Window (the console cable is required). 2. Log in with your administration password into the router (e.g. “admin”). 3. Use the command system history to view the buffer contents. Other Logging Commands • If you wish to monitor your router activity at all times, use the command system log start to view a continuous log, using Telnet. (This command will not work in a Terminal Window session, but only from Telnet.
Interpretation and Troubleshooting To isolate a problem with the TCP/IP protocol, perform the following three tests: 1. Try to ping the IP address of your PC. If you get a response, proceed directly with step 2. If you don’t get a response, check that: • The network adapter card is installed. • The TCP/IP protocol is installed. • The TCP/IP protocol is bound to the network adapter. 2. Try to ping the IP address of your router. If you get a response, proceed directly to step 3.
Investigating Software Configuration Problems Problems Connecting to the Router If you cannot connect your PC to the target router for configuration: • For a LAN connection, verify that the router’s IP address matches the IP address previously stored into the router’s configuration. You must have previously set the router’s Ethernet LAN IP address and subnet mask, saved the Ethernet configuration changes, and rebooted the router for the new IP address to take effect.
Problems Accessing the Remote Network Bridging • Make sure to reboot if you have made any bridging destination or control changes. • All IP addresses must be in the same IP subnetwork (IP is being bridged). • Check that a bridging default destination has been configured and is enabled. • Be sure to reboot if the bridging destination or status has been changed. • Check that bridging is enabled locally (use the remote listBridge command).
• Windows 95 may remember MAC addresses: if you have changed MAC addresses, reboot the router and the PC. • In Windows 3.1., check that the TCP driver is installed correctly. Ping (ping command) your PC’s IP address from the PC. • Successful “pinging” results let you know that the TCP driver is working properly. • If you have changed an IP address to map to a different MAC device, and ping or IP fails, reboot your PC.
Incorrect VPI/VCI (ATM Routers) If you are given an incorrect VCI/VPI number or none at all to use for the remote, and you need to determine what the possible value might be, refer to the command ATOM FINDPVC, on page 170, for more information. Problems Accessing the Router via Telnet • Ensure that the router has a valid IP address. • Check that the Ethernet cable is plugged in. Problems Downloading Software • Ensure that a TFTP server is properly set up to locate the router software.
Time-Stamped Messages didn't negotiate our IP address correctly Explanation: The remote router did not negotiate the IP address options as was expected by the local router. terminated IPCP prematurely Explanation: IP failed to negotiate. Try to change the remote or the source WAN IP address. Far Avg SQ #: <2-digit number> dB [4-digit number] Explanation: Message about the average signal quality for the remote router.
No system name known - using defaults Explanation: The router does not have a system name. For PAP/CHAP negotiation, the router will use a default name and password. Note: IPX is misconfigured for - no IPX WAN network Explanation: IPX WAN address is wrong or missing. Note: There is no IPX route statically defined for Informational message.
History Log The History Log utility is a troubleshooting tool that displays the router’s activity. It can be accessed from a terminal emulation session (including the Configuration Manager) or from Telnet. Follow the steps described below: 1. If you are accessing the logging utility through Telnet, enter the router’s IP address and connect. If you are accessing the logging utility through the Configuration Manager, select Tools and Terminal Window (the console cable is required). 2.
Chapter 7.
Appendix A.
Configuring PPP with IP Routing PPP with IP Routing Steps Commands Your settings System Settings System Name system name .............................................. System Message system msg .............................................. Authentication system passwd .............................................. Ethernet IP Address eth ip addr [] ..............................................
Configuring PPP with IPX Routing PPP with IPX Routing Steps Commands Your Settings System Settings System Name system name ............................................... System Message system msg ............................................... Authentication Passwd system passwd ............................................... Ethernet IP Address eth ip addr [] ...............................................
Configuring PPP with Bridging PPP with Bridging Steps Commands Your Settings System Settings System Name system name .............................................. System Message system msg .............................................. Authorization Password system passwd .............................................. DHCP Settings dhcp set valueoption domainname ..............................................
Configuring RFC 1483 / RFC 1490 with IP Routing RFC 1483 / RFC 1490 with IP Routing Steps Commands Your Settings System Settings System Message system msg .............................................. Ethernet IP Address eth ip addr [port#>] .............................................. DHCP Settings dhcp set valueoption domainname .............................................. dhcp set valueoption domainnameserver < ipaddr> .........................
Configuring RFC 1483 / RFC 1490 with IPX Routing RFC 1483 / RFC 1490 with IPX Routing Steps Commands Your Settings System Settings System Message system msg ............................................... Ethernet IP Address eth ip addr [port#>] ............................................... DHCP Settings dhcp set valueoption domainname dhcp set valueoption domainnameserver ...............................................
Configuring RFC 1483 / RFC 1490 with Bridging RFC 1483 / RFC 1490 with Bridging Steps Commands Your Settings System Settings System Message system msg .............................................. DHCP Settings dhcp set valueoption domainname .............................................. dhcp set valueoption domainnameserver Change Login system admin .............................................. Remote Routers New Entry remote add ...
Configuring RFC 1483MER / RFC 1490MER with IP Routing RFC 1483MER/RFC 1490MER with IP Routing Steps Commands Your Settings System Settings System Message system msg .................................................... Ethernet IP Address eth ip addr [] .................................................... DHCP Settings dhcp set valueoption domainname < domainname> dhcp set valueoption domainnameserver ..................................................
Configuring FRF8 with IP Routing RFC 1483FR with IP Routing Steps Commands Your Settings System Settings System Message system msg .............................................. Ethernet IP Address eth ip addr [] .............................................. DHCP Settings dhcp set valueoption domainname < domainname> dhcp set valueoption domainnameserver .............................................. Change Login system admin .........
Configuring a Dual-Ethernet Router for IP Routing This table outlines commands used to configure a Dual-Ethernet router for IP Routing. Dual-Ethernet Router - IP Routing Steps Commands Your Settings System Settings System Name system name ............................................................. Message system msg ............................................................. Ethernet Settings Routing/ Bridging Controls eth ip enable eth br disable ...........................
Appendix B. Configuring IPX Routing IPX Routing Concepts To establish IPX Routing, you will need to enter all remote routers in the remote router database to which your router will connect. 1. For each remote router, enter the network addresses and services that may be accessed beyond the remote router. 2. Also enter a network number for the WAN link. 3. After you have specified the route addressing and services, you can then enable IPX routing across the Ethernet LAN.
Step 1: Collect Your Network Information for the Target (Local) Router The remote side of the WAN link has all of the file and print services. Enter the needed network information in the blank boxes of the diagram. Then match the boxes’ numbers with the numbers in the Command Table below to configure the target router for IPX. 1 2 Server Name Enable IPX routing External Network # (Local Wire address) Ex: 123 3 IPX Frame Type Ex: 802.
Step 2: Review your Settings Commands used to review your IPX configuration: – eth list – remote list – ipxsaps > eth list ETHERNET INFORMATION FOR Hardware MAC address................. 00:20:6F:02:4C:35 Bridging enabled..................... no IP Routing enabled................... no Firewall filter enabled ........... yes Process IP RIP packets received.... yes Send IP RIP to the LAN............. yes Advertise me as the default router. Yes Receive default route using RIP....
Appendix B.
Appendix C. Access the Command Line Interface Th This section provides step-by-step instructions on how to connect the PC to the Console Port of the router. It then describes how to access the Command Line Interface from different environments. Connect the PC to the Console Port of the Router For local access, the PC (or ASCII) terminal is connected to the Console port of the router.
Terminal Window under Quick Start To access the terminal window from within the Quick Start application, click Tools and Terminal Window from the main menu. The menu selection Commands provides shortcuts to most of the commands described in this manual. These shortcuts will substantially reduce your amount of keying. Terminal Session under Windows (HyperTerminal) 1. To open the HyperTerminal emulator available in Windows, click Start on your desktop, select Programs, Accessories, and HyperTerminal. 2.
Index A accessing the Command Line Interface, 257 B boot code, 217 manual boot mode (configuration switches models), 217 manual boot mode (reset button models), 226 boot failures, 221 boot options baud rate for console, 220 booting from the network, 218 extended diagnostics, 220 manual boot mode, 217 time and date, 219 BootP server, 217 bridge filtering, 69 bridge filtering commands, 204 bridging configuration information (for dual- Ethernet router), 39 configuration information (with PPP), 29 configuratio
execute, 211 exit, 113 filter br ?, 204 filter br add, 204 filter br del, 204 filter br list, 205 filter br use, 205 format disk, 212 hdsl ?, 177 hdsl save, 177 hdsl speed, 177 hdsl terminal, 178 help, 110 ifs, 113 ipifs, 114 iproutes, 114 ipxroutes, 114 ipxsaps, 115 isdn ?, 179 isdn list, 179 isdn save, 179 isdn set switch, 180 l2tp ?, 196 l2tp add, 196 l2tp call, 197 l2tp close, 198 l2tp del, 198 l2tp forward, 198 l2tp list, 199 l2tp set address, 196 l2tp set authen, 197 l2tp set chapsecret, 197 l2tp set
sdsl ?, 182 sdsl save, 183 sdsl speed, 182 sdsl terminal, 183 sync, 213 system ?, 121, 123, 128 system addhostmapping, 121 system addhttpfilter, 122 system addserver, 122 system addsnmpfilter, 123 system addtelnetfilter, 123 system addudprelay, 124 system admin, 124 system authen, 124 system bootpserver, 125 system community, 125 system delhostmapping, 126 system delsnmpfilter, 127 system deltelnetfilter, 127 system deludprelay, 128 system history, 128 system list, 128 system log, 129 system msg, 129 system
Routing), 48 configuration table (with RFC 1483/RFC 1490), 45 configuration table (with RFC 1483MER/RFC 1490MER), 48 configuration tables (with PPP), 42 test, 52 IPX routing concepts, 253 configuration information (with RFC 1483), 32 configuration information (with RFC 1490), 32 configuration table (with PPP), 43 configuration table (with RFC 1483/RFC 1490), 46 test, 53 K kernel upgrade from the LAN, 221 upgrade from the WAN line, 223 L L2TP, 96 L2TP commands, 196 L2TP configurations, 99 LED sequence, 231
IP routing, 236 IPX routing, 237 login password, 235 normal LED sequence, 232 PC connection, 235 power light off, 231 remote network access, 236 terminal window display, 234 using history log, 241 using LEDs, 231 using ping, 233 tunneling, 96 Dial User, 97 L2TP, 97 LAC, 97 LNS, 97 tunneling configurations, 99 V VPI/VCI find value, 238 VPN, 96 Y Y2K compliance, 219 263
