FlowPoint™ FlowPoint™ DSL Router Family Command Line Interface
Second Edition (February, 1999) Copyright FlowPoint provides this publication “as is” without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. All rights reserved. No part of this book may be reproduced in any form or by any means without written permission from FlowPoint. Changes are periodically made to the information in this book. They will be incorporated in subsequent editions.
FlowPoint™ DSL Router Family 3
Federal Communications Commission (FCC) Part 15 CLASS B Statement Section 15.105(b) of the Code of Federal Regulations NOTE: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant of Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation.
FlowPoint Corporation Program License Agreement IMPORTANT: Before utilizing this product, carefully read this License Agreement. This document is an agreement between you, the end user, and FlowPoint Corporation ("FlowPoint") that sets forth your rights and obligations with respect to the FlowPoint software program ("the Program") contained in this package. The Program may be contained in firmware, chips, or other media.
Limited Warranty on Hardware FlowPoint warrants that Products delivered hereunder shall be free from defects in materials and workmanship for a period of one (1) year from the date of purchase. The liability of FlowPoint is limited to replacing or repairing, at Manufacturer’s option, any defective Products that are returned F.O.B. Manufacturer’s factory, California.
Preface About This Book The Command Line Interface contains information on the syntax and use of the Command Line Interface for the family of DSL routers. It provides the steps and information needed to configure the Router software and troubleshoot problems using the Command Line Interface. Configuration of network connections, bridging, routing, and security features are essentially the same for all DSL routers, unless otherwise noted.
Troubleshooting Describes diagnostic tools used for identifying and correcting hardware and software problems. Reference User Guide Contains an overview of the Router’s software and hardware features and details on hardware installation and software configuration using the Windows-based Configuration Manager. Quick Start Guide Describes the configuration process involved in setting up a specific router model.
Table of Contents Preface About This Book How This Book Is Organized Reference Typographic Conventions 7 7 7 8 8 Introduction 13 Chapter 1.
Configuring MAC Encapsulated Routing: RFC 1483MER / RFC 1490MER with IP Routing Configuring FRF8 with IP Routing Configuring Mixed Network Protocols Configuring a Dual Ethernet Router for IP Routing Verify the Router Configuration Test IP Routing Test Bridging to a Remote Destination Test IPX Routing Sample Configurations Sample Configuration 1 — PPP with IP and IPX Sample Configuration 2 — RFC 1483 with IP and Bridging Sample Configuration 3 — Configuring a Dual Ethernet Router for IP Routing Chapter 4.
Sample Configurations 106 Chapter 5.
Investigating Hardware Installation Problems Check the LEDs to Solve Common Hardware Problems Problems with the Terminal Window Display Problems with the Factory Configuration Investigating Software Configuration Problems Problems Connecting to the Router Problems with the Login Password Problems Accessing the Remote Network Problems Accessing the Router via TELNET Problems Downloading Software System Messages Time-Stamped Messages History Log How to Obtain Technical Support 225 225 225 225 226 226 226 227
Introduction This guide provides steps and information needed to configure the DSL or Dual Ethernet router software, using the Command Line Interface1.
Command Line Interface Access You can access the Command Line Interface from: • A terminal session running under Windows (for local access) • The terminal window from the Configuration Manager (for local access) (see note 2) • An ASCII terminal (for local access) • A TELNET session (for remote access) Note 1: For local access, the PC or ASCII terminal is connected to the Console port.
Chapter 1. Advanced Topics This chapter provides information on advanced topics useful to network administrators. Refer to the User Guide for a general overview of the router basic features. Interoperability The router uses industry-wide standards to ensure compatibility with routers and equipment from other vendors. To interoperate, the router supports standard protocols on the physical level, data link level for frame type or encapsulation method, and network level.
Numerous network protocols have evolved and within each protocol are associated protocols for routing, error handling, network management, etc. The following chart displays the networking and associated protocols supported by the router.
Bridging and Routing Operation The router can operate as a bridge, as a router, or as both (sometimes called a brouter). • The router will operate as a router for network protocols that are enabled for routing (IP or IPX). • The router will operate as a bridge for protocols that are not supported for routing. • Routing takes precedence over bridging; i.e., when routing is active, the router uses the packet’s protocol address information to route the packet.
IP/IPX Routing ON Bridging To/From Remote Router ON Data Packets Carried IP/IPX routed; all other packets bridged Operational Characteristics IP/IPX routing and allows other protocols, such as NetBEUI (that can’t be routed), to be bridged. Typical Usage When only IP/IPX traffic is to be routed but some non-routed protocol is required. Used for client/server configurations.
General Security Authentication Information Security authentication may be required by the remote end. The following information describes how authentication occurs. PAP provides verification of passwords between routers using a 2-way handshake. One router (peer) sends the system name and password to the other router. Then the other router (known as the authenticator) checks the peer’s password against the configured remote router’s password and returns acknowledgment.
Security Configuration Settings The router has one default system password used to access any remote router. This “system authentication password” is utilized by remote sites to authenticate the local site. The router also allows you to assign a unique “system override password” used only when connecting to a specific remote router for authentication by that remote site.
Protocol Conformance Protocol Standards The router conforms to RFCs designed to address performance, authentication, and multi-protocol encapsulation.
Encapsulation Options This section describes in technical terms the format of each packet associated with a particular encapsulation option supported by the router. The encapsulation type for each remote entry is defined using the remote setProtocol command. PPP Each packet begins with a one or two-byte protocol ID.
RFC 1483 or RFC 1490 Bridging User data packets are prepended by the sequence 0xAAAA0300 0x80c20007 0x0000 followed by the Ethernet frame containing the packet. 802.1D Spanning Tree packets are prepended with the header 0xAAAA0300 0x80C2000E. Routing IP packets are prepended with the header 0xAAAA0300 0x00000800. IPX packets are prepended with the header 0xAAAA0300 0x00008137.
rawIP IP packets do not have any protocol headers prepended to them; they appear as IP packets on the wire. Only IP packets can be transported since there is no possible method to discriminate other types of packets (bridged frames or IPX). The command for this encapsulation option is: remote setProtocol rawIP System Files The router’s file system is a DOS-compatible file system. The following list describes the contents of the file system: • SYSTEM.
Bridging Filtering You can control the flow of packets across the router using bridging filtering. Bridging filtering lets you “deny”or “allow” packets to cross the network based on position and hexadecimal content within the packet. This enables you to restrict or forward messages with a specified address, protocol, or data content. Common uses are to prevent access to remote networks, control unauthorized access to the local network, and limit unnecessary traffic.
Chapter 2. Planning For Router Configuration This chapter describes the terminology and the information that you need to collect before configuring the router. The information needed to configure the router is contingent on the chosen Link Protocol. It is therefore important to know which Link Protocol you are using (this is determined by your Network Service Provider) to be able to refer to the configuration sections that apply to your setup.
Collect your Configuration Information This section describes the configuration information associated with each Link Protocol/Network Protocol combination and also provides configuration information for the Dual Ethernet router. It is organized as follows: Link Protocols/Network Protocols Configurations 1. Determine which Link Protocol/Network Protocol association you are using. This information is obtained from your Network Service Provider (NSP). 2.
PPP Link Protocol (over ATM or Frame Relay) The PPP Link Protocol is an encapsulation method that can be used over ATM (for ATM routers) or Frame Relay (for Frame Relay routers) Combined with the IP, IPX, or Bridging Network Protocols, PPP over ATM and PPP over Frame Relay share the same configuration characteristics, except for the connection identifiers: VPI/VCI numbers are used for ATM and a DLCI number is used for Frame Relay.
DNS Internet Account Information (optional) This information is obtained from your Network Service Provider. Consult with you Network Service Provider to find out if you need to enter the following information: • DNS Server Address • DNS Second Server Address • DNS Domain Name IP Routing Addresses For the Ethernet Interface This information is defined by the user or your Network Administrator.
IPX Routing Network Protocol System Names and Authentication Passwords For the Target Router This information is defined by the user. You must choose a name and authentication password for the target router. They are used by a remote router to authenticate the target router. For the Remote Site(s) This information is obtained from the Network Service Provider. For each remote site, you must have the site name and its authentication password.
Internal Network Number It is a logical network number that identifies an individual Novell server. It is needed to specify a route to the services (i.e., file services, print services) that Novell offers. It must be a unique number. External Network (a.k.a. IPX Network Number) It refers to a physical LAN/wire network segment to which servers, routers, and PCs are connected (Ethernet cable-to-router segment). It must be a unique number.
Bridging Network Protocol System Names and Authentication Passwords For the Target Router This information is defined by the user. You must choose a name and authentication password for the target router. They are used by a remote router to authenticate the target router. For the Remote Site(s) This information is obtained from the Network Service Provider. For each remote site, you must have the site name and its authentication password.
RFC 1483 / RFC 1490 Link Protocols The Link Protocol RFC 1483 is a multiprotocol encapsulation method over ATM and is used by ATM routers. RFC 1490 is a multiprotocol encapsulation method over Frame Relay and is used by Frame Relay routers. RFC 1483 and RFC 1490 combined with the IP, IPX, or Bridging Network Protocols share the same configuration characteristics, except for the connection identifiers: VPI/VCI numbers are used for RFC 1483 and a DLCI number is used for RFC 1490.
Ethernet IP Address (Local LAN) An Ethernet LAN IP address and subnet mask are required for the router’s local Ethernet LAN connection. TCP/IP Ethernet Routes You normally do not need to define an Ethernet IP route. An Ethernet IP route consists of an IP address, a mask, a metric, and a gateway. An Ethernet route is usually defined when there are multiple routers on the Ethernet which cannot exchange routing information between them.
IPX Routing Network Protocol VPI and VCI Numbers (for RFC 1483) The VPI and VCI numbers apply to ATM routers only. Your router may have been preconfigured with VPI/VCI numbers. If not, you will have to obtain these numbers from your Network Service Provider and then configure them. If you are connecting to multiple remote sites, you will need to obtain additional VPI and VCI numbers from your Network Service Provider and/or Network Access Provider.
Frame Type With local servers on your LAN, make sure to select the proper frame type for the IPX network number. To determine this, consult with your network administrator. When you have only NetWare clients on your LAN, leave the default (802.2) selected as most clients support any type. The frame type choices are: 802.2 802.3 DIX 36 Default recommended by Novell Other most common type For DEC, Intel, Xerox; this setting is also referred to as “Ethernet II”, and is rapidly becoming obsolete.
Bridging Network Protocol VPI and VCI Numbers (with RFC 1483) The VPI and VCI numbers apply to ATM routers only. Your router may have been preconfigured with VPI/VCI numbers. If not, you will have to obtain these numbers from your Network Service Provider and then configure them. If you are connecting to multiple remote sites, you will need to obtain additional VPI and VCI numbers from your Network Service Provider and/or Network Access Provider.
MAC Encapsulated Routing: RFC 1483MER / RFC 1490MER Link Protocols MAC Encapsulated Routing (MER) allows IP packets to be carried as bridged frames (bridged format). The Link Protocol RFC 1483 with MER (referred to as RFC 1483MER) is a multiprotocol encapsulation method over ATM used by ATM routers. RFC 1490 with MER (referred to as RFC 1490MER) is a multiprotocol encapsulation method over Frame Relay used by Frame Relay routers.
IP Routing Entries For the Ethernet Interface This information is defined by the user or the Network Administrator. Ethernet IP Address (Local LAN) An Ethernet LAN IP address and subnet mask are required for the router’s local Ethernet LAN connection. TCP/IP Ethernet Routes You normally do not need to define an Ethernet IP route. An Ethernet IP route consists of an IP address, a mask, a metric, and a gateway.
FRF8 Link Protocol The FRF8 Link Protocol is an encapsulation method, which allows an ATM router to interoperate with a Frame Relay network. FRF8 is only used in conjunction with the IP Network Protocol. Collect the information described below. This data will be later used to configure your router using the Command Line Interface (see Configuration Tables, Chapter 3). IP Routing Network Protocol VPI and VCI Numbers Your router may have been preconfigured with VPI/VCI numbers.
For the ATM WAN Interface This information is obtained from the Network Administrator or the NSP. Source (Target/Local) WAN Port Address and Mask You must specify a Source WAN IP address for the WAN connection to the remote router (whether or not NAT is enabled). The Source WAN Address is the address of the local router on the remote network. The mask is the mask used on the remote network. Check with your system administrator for details.
Dual Ethernet Router Configuration General Information To configure the Dual Ethernet router, access the router using the Command Line Interface (CLI). The CLI can be accessed from a Telnet or a console session (using the console cable) connected to the router’s default IP address of 192.169.254.254. You can also configure the router using the Web browser GUI. Refer to the Dual Ethernet Router Quick Start Guide.
Chapter 3. Configuring Router Software This chapter covers the following configuration topics: Configuration Tables Configuration commands are outlined for each Link Protocol/Network Protocol supported by the router. The information needed to configure the router is contingent on the chosen Link Protocol. It is therefore important to know which Link Protocol you are using (this is determined by your Network Service Provider) to be able to refer to the configuration sections that apply to your setup.
Configuration Tables The following tables give you step-by-step instructions for standard configurations of the following Network Protocols / Link Protocol associations, as well as a configuration table for a Dual Ethernet Router: • PPP Link Protocol with IP Routing Network Protocol • PPP Link Protocol with IPX Routing Network Protocol • PPP Link Protocol with Bridging Network Protocol • RFC 1483/RFC 1490 Link Protocols with IP Routing Network Protocol • RFC 1483/RFC 1490 Link Protocols with IPX Ro
Configuring PPP with IP Routing This table outlines configuration commands for the PPP Link Protocol with the IP Routing Network Protocol.
Configuring PPP with IPX Routing This table outlines configuration commands for the PPP Link Protocol with the IPX Routing Network Protocol. Note: Appendix B provides step-by-step information on how to configure IPX routing.
Configuring PPP with Bridging This table outlines configuration commands for the PPP Link Protocol with the Bridging Network Protocol.
Configuring RFC 1483 / RFC 1490 with IP Routing This table outlines configuration commands for the RFC 1483 and the RFC 1490 Link Protocols with the IP Routing Network Protocol.
Configuring RFC 1483 / RFC 1490 with IPX Routing This table outlines configuration commands for the RFC 1483 and RFC 1490 Link Protocols with the IPX Routing Network Protocol. Note: Appendix B provides step-by-step information on how to configure IPX routing.
Configuring RFC 1483 / RFC 1490 with Bridging This table outlines configuration commands for the RFC 1483 and RFC 1490 Link Protocols with the Bridging Network Protocol.
Configuring MAC Encapsulated Routing: RFC 1483MER / RFC 1490MER with IP Routing This table outlines configuration commands for the RFC 1483MER and RFC 1490MER Link Protocols with the IP Routing Network Protocol.
Configuring FRF8 with IP Routing This table outlines configuration commands for the FRF8 Link Protocol with the IP Routing Network Protocol.
Configuring Mixed Network Protocols Several Network Protocols can be configured concurrently in the same router. The possible combinations are: • • • • Bridging + IP Routing Bridging + IPX Routing Bridging + IP Routing + IPX Routing IP Routing + IPX Routing General Configuration Rules: IP (and IPX) Routing takes precedence over Bridging. Each Network Protocol in the combination is individually configured as described in the preceding tables.
Configuring a Dual Ethernet Router for IP Routing This table outlines commands used to configure a Dual Ethernet router for IP Routing.
Verify the Router Configuration Test IP Routing Test IP Routing over the Local Ethernet LAN (from PC) • Use the TCP/IP ping command or a similar method to contact the configured target router specifying the Ethernet LAN IP address. • If you cannot contact the router, verify that the Ethernet IP address and subnet mask are correct and check the cable connections. • Make sure that you have saved and rebooted after setting the IP address. • Check Network TCP/IP properties under Windows 95.
Test IPX Routing One way to test IPX Routing is to check for access to servers on the remote LAN. Under Windows, use the “NetWare Connections” selection provided with NetWare User Tools. Under DOS, use the command pconsole or type login on the login drive (usually F:). Select the printer server and verify that the server you have defined is listed. When you attempt to access the server, the router will connect to the remote router using the DSL line.
Sample Configurations Sample Configuration 1 — PPP with IP and IPX This configuration example comprises: • A scenario describing the configuration • A diagram showing the configuration of the SOHO router • Tables containing the configuration settings for this example • Several “list” commands outputs that are used to check the information entered for this particular configuration.
Sample Configuration 1 — Diagram for Target Router (SOHO) Small Home Office SOHO (Target/Local Router) IPX = 456 0,39 (HQ) SOHO Target Router IP:192.168.254.254 255.255.255.0 Workstation/Server 192.168.254.3 255.255.255.0 PC/Client 192.168.254.2 255.255.255.0 2 Virtual Circuits 0,38 (ISP) DSL / ATM Network PPP/IP 192.168.200.20 IPX WAN = 789 Remote Router HQ 0.0.0.0 255.255.255.255 IP:172.16.0.1 255.255.255.0 ISP PPP/IP and IPX IPX NET = 123 Network Service Provider (ISP) DNS: 192.168.200.
Sample Configuration 1 — Tables For Target Router (SOHO) SOHO SYSTEM SETTINGS Configuration Section Item Commands System Settings System Name system name SOHO Message (optional) system msg Configured_Dec_1998 Authentication Password system password SOHOpasswd Ethernet IP Address Ethernet IP Address and Subnet Mask (default IP eth ip addr 192.168.254.254 255.255.255.
SOHO REMOTE ROUTER DATABASE ENTRY: HQ Configuration Section Item Commands Remote Routers Remote Router’s Name remote add HQ Link Protocol Link Protocol remote setProtocol PPP HQ PVC VPI Number/VCI Number remote setPVC 0*39 HQ Minimum Authentication (PAP is the default) remote setauthen PAP HQ Remote Router’s Password remote setpasswd HQpasswd HQ Bridging On/Off (Bridging is OFF by default) remote disbridge HQ Remote Network’s IP Addresses, Subnet Masks, and Metric remote addiproute 172.16.
SOHO REMOTE ROUTER DATABASE ENTRY: ISP Configuration Section Item Commands Remote Routers New Entry Remote Router’s Name remote add ISP Remote Routers Link Protocol PVC Link Protocol VPI Number/VCI Number remote setProtocol PPP ISP remote setPVC 0*38 ISP Minimum Authentication (PAP is the default) Remote Router’s Password remote setauthen PAP ISP Bridging On/Off (Bridging is OFF by default) remote disbridge ISP Remote Network’s IP Addresses, Subnet Masks, and Metric remote addiproute 0.0.0.
Sample Configuration 1 - Check the Configuration with the “list” Commands Type the following commands to obtain a list of your configuration. system list GENERAL INFORMATION FOR System started on.................... 12/1/1998 at 17:41 Authentication override.............. NONE WAN to WAN Forwarding................ yes BOOTP/DHCP Server address............ none Telnet Port.......................... default (23) SNMP Port............................
Total IP remote routes............... 0.0.0.0/255.255.255.255/1 IPX network number................... Total IPX remote routes.............. Total IPX SAPs....................... Bridging enabled..................... Exchange spanning tree with dest... 1 00000000 0 0 no yes dhcp list bootp server ................. none bootp file ................... n/a DOMAINNAMESERVER (6) ......... 192.168.200.1 DOMAINNAME (15) .............. myISP.com WINSSERVER (44) .............. 172.16.0.2 Subnet 192.168.254.
Information About Names And Passwords In this configuration example, the PPP Link Protocol requires using systems names and passwords. System Passwords SOHO has a system password “SOHOpasswd” This password is used when SOHO communicates with HQ for authentication by that site, and at any time when HQ challenges SOHO. HQ has a system password “HQpasswd” which is, likewise, used when HQ communicates with site SOHO for authentication by SOHO, and at any time SOHO challenges HQ.
Sample Configuration 2 — RFC 1483 with IP and Bridging This configuration example comprises: • A scenario describing this configuration of the router SOHO • A diagram showing the configuration information needed for this example • Tables containing the configuration settings for this example • Several “list” commands outputs that are used to check the information entered for this particular configuration. Note 1: Names and Passwords are not required with the RFC 1483 Link Protocol.
Sample Configuration 2 — Diagram for Target Router SOHO Small Home Office SOHO (Target Router) 0,39 (HQ) SOHO Target Router Workstation/Server 192.168.254.3 255.255.255.0 PC/Client 192.168.254.2 255.255.255.0 IP:192.168.254.254 255.255.255.0 2 Virtual Circuits 0,38 (ISP) DSL / ATM Network RFC 1483 / IP 192.168.200.20 Remote Router HQ 0.0.0.0 255.255.255.255 IP:172.16.0.1 255.255.255.0 ISP RFC 1483 / IP + Bridging Network Service Provider (ISP) DNS: 192.168.200.1 DNS Domain: myISP.
Sample Configuration 2 — Tables For Target Router (SOHO) SOHO SYSTEM SETTINGS Configuration Section Item Commands System Settings Message Message (optional) system msg RFC1483_dec98 Ethernet IP Address and Subnet Mask eth ip addr 192.168.254.254 255.255.255.0 System Settings Ethernet IP Address (default IP address) System Settings DHCP Settings DNS Domain Name dhcp set valueoption domainname myISP.com DNS Server dhcp set valueoption domainnameserver 192.168.200.
SOHO REMOTE ROUTER DATABASE ENTRY: ISP Configuration Section Item Commands Remote Routers New Entry Remote Router’s Name remote add ISP Link Protocol Link Protocol remote setProtocol RFC1483 ISP PVC VPI Number/VCI Number remote setPVC 0*38 ISP Bridging On/Off remote disbridge ISP Remote Routers Remote Routers Bridging (Bridging is Off by default) Remote Routers TCP/IP Route Addresses Remote Network’s IP Addresses, Subnet Masks, and Metric remote addiproute 0.0.0.0 255.255.255.
Sample Configuration 2 - Check the Configuration with the “list” Commands system list GENERAL INFORMATION FOR System started on.................... 12/1/1998 at 17:48 Authentication override.............. NONE WAN to WAN Forwarding................ yes BOOTP/DHCP Server address............ none Telnet Port.......................... default (23) SNMP Port............................ default (161) System message: ADSL RFC1483 sample eth list ETHERNET INFORMATION FOR Hardware MAC address...
Connection Identifier (VPI*VCI)...... IP address translation............... Compression Negotiation.............. Source IP address/subnet mask........ Remote IP address/subnet mask........ Send IP RIP to this dest............. Send IP default route if known..... 0*38 on off 192.168.200.20/255.255.255.255 0.0.0.0/0.0.0.0 no no Receive IP RIP from this dest........ no Receive IP default route by RIP.... no Keep this IP destination private..... yes Total IP remote routes............... 1 0.0.0.0/255.255.
Sample Configuration 3 — Configuring a Dual Ethernet Router for IP Routing Scenario The following example provides a simple sample configuration for a Dual Ethernet router with IP Routing enabled. The router’s hub (ETH/0) belongs to the 192.168.254.0 subnet. The router’s ETH/1 belongs to the 192.168.253.0 subnet. ETH/0 will route packets to ETH/1 at the address 192.168.253.254. DHCP is enabled for both subnets.
Chapter 4. Configuring Special Features The features described in this chapter are advanced topics. They are primarily intended for experienced users and network administrators to perform network management and more complex configurations.
• “Allow” mode will only pass the packets that match the “allow” filters in the filter database and discard all others. Up to 40 “allow” filters or 40 “deny” filters can be activated from the filter database. You enter the filters, including the pattern, offset, and filter mode, into a filter database. If you intend to restrict specific stations or subnetworks from bridging, then add the filters with a “deny’ designation. Then enable filtering for deny.
IP (RIP) Protocol Controls You can configure the router to send and receive RIP packet information to and from, respectively, the remote router. This means that the local site will ‘learn’ all about the routes beyond the remote router and the remote router will ‘learn’ all about the local site’s routes. You may not want this to occur in some cases.
DHCP (Dynamic Host Configuration Protocol) This section describes how to configure DHCP using the Command Line Interface. Configuring DHCP can be a complex process; this section is therefore intended for network managers. Please refer to Chapter 4 for a complete list of the DHCP commands. General Information The router supports DHCP and acts as the DHCP server.
Manipulating Subnetworks and Explicit Client Leases Enabling/disabling a subnetwork or a client lease To enable/disable a subnetwork or a client lease, use the commands: dhcp enable all | dhcp disable all | Examples: To enable the subnetwork 192.168.254.0 if that subnetwork exists, type: dhcp enable 192.168.254.0 To enable the client lease 192.168.254.17 if that client lease exists, enter: dhcp enable 192.168.254.17 To disable the client lease 192.168.254.
Adding explicit or dynamic client leases Client leases may either be created dynamically or explicitly. Usually client leases are created dynamically when PCs boot and ask for IP addresses. Explicit client leases To add an explicit client lease, a subnetwork MUST already exist (use dhcp add to add the subnetwork) before the client lease may be added.
2. If the client lease option is "default", then the server goes up one level (to the subnetwork) and uses the lease time explicitly specified for the subnetwork. 3. If the client and subnetwork lease options are both "default", then the server goes up one level (global) and uses the lease time defined at the global level (server). 4. Lease time: The minimum lease time is 1 hour. The global default is 168 hours.
Setting Option Values Administrators will want to set the values for global options, for options specific to a subnetwork, or for options specific to a client lease. Note: See RFC 2131/2132 for the description of various options. Concepts The server returns values for options explicitly requested in the client request. It selects the values to return based on the following algorithm: 1. If the value is defined for the client, then the server will return the requested value for an option. 2.
Example: To set the global value for the domain name server option, enter: dhcp set valueoption domainnameserver 192.168.254.2 192.168.254.3 Commands for specific option values for a subnetwork To set the value for an option associated with a subnetwork, use: dhcp set valueoption ... To clear the value for an option associated with a subnetwork, use: dhcp clear valueoption Examples: dhcp set valueoption 192.168.254.0 gateway 192.168.254.254 dhcp set valueoption 6 192.84.
Example: This command lists the subnet 192.168.254.0 including any options set specifically for that subnet: dhcp list 192.168.254.0 BootP Administrators may wish to specify that certain client leases AND certain subnetworks can satisfy BootP requests. About BootP and DHCP BootP and DHCP provide services that are very similar. However, as an older service, BootP offers only a subset of the services provided by DHCP.
Examples: To set the global BootP server IP address to 192.168.254.7: dhcp bootp tftpserver 192.168.254.7 To set the subnet 192.168.254.0 server IP address to 192.168.254.8: dhcp bootp tftpserver 192.168.254.0 192.168.254.8 To set the client 192.168.254.21 server IP address to 192.168.254.9 dhcp bootp tftpserver 192.168.254.21 192.168.254.9 To set the subnet 192.168.254.0 boot file to "kernel.100": dhcp bootp file 192.168.254.0 kernel.
To list the definition for option 1, if option 1 is defined, type: dhcp list definedoptions 1 To list the definition for all options that are well-known AND have a name starting with 'h', type: dhcp list definedoptions h Example: To define a new option with a code of 128, a minimum number of IP addresses of 1, a maximum number of IP addresses of 4, of type “IP address”, type: dhcp add 128 1 4 ipAddress This information implies that: • Some DHCP client will know about the option with code 128.
Other Information DHCP information is kept in the file DHCP.DAT. This file is self contained. This file contains ALL of the DHCP information including: • the option definitions • the subnetwork that have been added • the client lease information • the option values that have been set • This file can be uploaded/downloaded from one router to another.
NAT (Network Address Translation) The router supports classic NAT (one NAT IP address assigned to one PC IP address) and a NAT technique known as masquerading (one single NAT IP address assigned to many PC IP addresses). General NAT Rules 1. IP Routing must be enabled. 2. NAT can be run on a per-remote-router basis. 3. Any number of PCs on the LAN may be going to the same or different remote routers at the same time.
Client Configuration Enable NAT To enable NAT, use the commands: remote setIpTranslate on save The save command makes the above changes persistent across boots which turn NAT on when connected to this remote router. Obtain an IP Address for NAT Translation The IP address (the IP address “known” by the remote ISP) used for this type of NAT translation can be assigned in two ways. The ISP dynamically assigns the IP address. Use the commands: remote setSrcIpAddr 0.0.0.0 0.0.0.
first private port: if specified, it is a port remapping of the incoming request from the remote end. first port maps to first private port. first port + 1 maps to first private port + 1. last port maps to first private port + last port - first port first port through last port are the ports as seen by the remote end. first private port through first private port + last port - first port are the equivalent ports the server on your local LAN will receive the request.
• Port overlap: One or more of the ports that would be visible to the remote end overlap. Example: remote addserver 192.168.1.10 tcp 9000 9000 telnet router1 Let us assume this command is accepted. remote addserver 192.168.1.11 tcp 9000 9000 telnet router1 Let us assume this command gets an error. For the remote end sending a server request to port 9000, it is impossible to know to which server, 192.168.1.10 -or- 192.168.1.11, to send the request, if both entries exist.
Server Request Hierarchy When handling a request from a remote router (to which the local router has NAT enabled), the local router selects a server based on the following priority (order) algorithm: 1. remote addserver — The local router selects a server for the remote router that handles that particular protocol/port. 2. system addserver — The local router selects a global server that handles that particular protocol/ port. 3.
System Commands Use these commands to enable or disable host remapping systemwide: system addHostMapping system delHostMapping Use the system addHostMapping when a host on the local LAN is known by the same IP address on all remotes. IP Address Range The range of local LAN IP addresses to be remapped is defined by to inclusive.
For example, to enable IP/port translation to a remote router and make the IP addresses 10.1.1.7 through 10.1.1.10 globally visible, it is permissible to use either one of the following commands: remote addHostMapping 10.1.1.7 10.1.1.10 10.1.1.7 remoteName system addHostMapping 10.1.1.7 10.1.1.10 10.1.1.
Management Security With the following security control features, the user can prevent the router from being remotely managed via Telnet and/or SNMP. Disabling SNMP will stop the Configuration Manager from accessing the router. In some environments this is desirable. Disable Telnet and SNMP To completely disable remote management, the following commands should be entered from the command line.
Note 2: The following commands are used to delete client ranges previously defined by the system addtelnetFilter, system addSNMPFilter, system addHTTPFilter commands: system deltelnetFilter [] | LAN system delSNMPFilter [] | LAN system delHTTPFilter [] | LAN Note 3: To list the range of allowed clients, use the command system list when logged in with read and write permission (login with password).
Software Options Keys This router has several optional software features that can be purchased as software options keys, when ordering the router. These optional features are: • DES encryption (For more information on this feature, refer to Encryption, page 95) • IP filters (For more information on this feature, refer to IP Filtering, page 98) • L2TP Tunneling (For more information on this feature, refer to L2TP Tunneling - Virtual Dial-Up, page 101) These options are usually ordered with the router.
Encryption Note: Encryption is a software option. The following section applies only for routers with this option. For routers shipped with the following encryption options, two variants of encrypted data links over PPP have been implemented: • PPP DES (RFC1969) • Diffie-Hellman Encryption requires PPP. Caution: DES and Diffie-Hellman encryption options are not available for export outside of the United States or Canada.
Sample Configuration Refer to the section Sample Configurations, Chapter 3 of this manual, page 57. The routers SOHO (the target router) and HQ (the remote router) are configured in the same manner as shown in chapter 3, but the following encryption commands are added. Don’t forget to save the configuration and reboot the router (save and reboot commands). Remember that the transmit key (tx) of SOHO is the receive key (rx) of HQ. Inversely, the receive key of SOHO is the transmit key of HQ.
• routers’ “receive” key and “sender” Tx key don't match. • Different keys and key files may be used with different remote destinations. • For maximum security, as shown in these examples, Telnet and SNMP access should be disabled and Use the console port to view error messages and progress. If you see “Unknown protocol” errors, the PPP CHAP used.
IP Filtering Note: Filtering is a software option. The following section applies only for routers with this option. IP Filtering is a type of Firewall used to control network traffic: the process involves filtering packets received from one interface then and deciding whether to route them to another interface or discard them. When filtering packets, the router examines information such as the source and destination address contained in the IP packet, the type of connection, etc.
Input Phase When an IP packet comes in through an interface (i.e., the Input interface), the router tries to recognize the packet. The router then examines the Input filters for this interface and based on the first Input filter that matches the IP packet, it decides how to handle the packet (forward or discard it). If NAT translation is enabled for the Input interface, NAT translation is performed.
Accept When the packet is accepted at a filter interface (Input, Forward, or Output), the router lets it proceed for further processing. Drop With Deny, the packet is silently discarded. Reject With Reject, an ICMP REJECT (Internet Control Management Protocol) is sent to reject the packet. IP filter commands The following two commands are used respectively to define IP filters on the Ethernet interface and on the remote interface.
L2TP Tunneling - Virtual Dial-Up This document has four parts: • The Introduction provides a general overview of L2TP tunneling. • The L2TP Concepts section explains LNS, L2TP client, LAC, dial user, tunnels, and sessions. • Configuration describes preliminary configuration steps and verification steps and lists commands associated with the configuration of L2TP and PPP sessions.
LNS (L2TP Network Server) The LNS is the point where the call is actually managed and terminated (e.g. within a corporate network). L2TP Client With an L2TP client, the dial user and LAC are combined in the same hardware device. In this case, the PPP session is between the LAC and the LNS. As shown in the following illustration (figure 1), an L2TP client is used to tunnel a PPP session between a small office (our router) and a corporate office through the Internet.
Figure 1 Company Remote User Logical Link PPP session running over the tunnel PC L2TP Client: Dial User+LAC (ISDN router) LNS Router TUNNEL Physical Link Company LAN/server Physical Link IP traffic to the Internet PPP session ISDN line DSL/ATM traffic INTERNET LNS and L2TP Client Relationship The LNS acts as the supervising system. The L2TP client acts both as the dial user and the LAC. One end of the tunnel terminates at the L2TP client. The other end of the tunnel terminates at the LNS.
Sessions Sessions can be thought of as switched virtual circuit “calls” carried within a tunnel and can only exist within tunnels. One session carries one “call”. This “call” is one PPP session. Multiple sessions can exist within a tunnel. The following briefly discusses how sessions are created and destroyed. Session creation Traffic destined to a remote entry (located at the end of the tunnel) will cause a tunnel session to be initiated.
2. Trying to establish IP connectivity (using the ping or tracert commands). a. “Pinging” from the L2TP client or LNS to the opposite tunnel endpoint will succeed (this tests the tunnel path). b. “Pinging” from a tunnel endpoint IP address to an IP address within the tunnel will probably fail due to the existence of the IP firewall..
Note: For more information on names and password usage, refer to the Names and Passwords Rules section, found later in this document. l2tp set ourSysName l2tp set ourPassword Miscellaneous commands Commands used to delete a tunnel, close a tunnel, or set up advanced L2TP configuration features such as traffic performance fine-tuning are discussed in the L2TP command section of the Command Line Interface Reference chapter.
Note: Below is an example of configuration commands that would be used to enable IP routing and establish a route to the Internet. remote remote remote remote remote remote remote eth ip eth ip add internet disauthen internet setoursysname name_isp_expects internet setourpass secret_isp_expects internet addiproute 0.0.0.0 0.0.0.0 1 internet setphone isdn 1 5551000 internet setphone isdn 2 5553000 internet enable address 192.168.254.254 255.255.255.
2. What is the home router’s secret for PPP authentication? 3. Does the home router need PPP authentication for the remote router (company router)? If yes: a. What is the remote router’s name for PPP authentication? b. What is the remote router’s secret for PPP authentication? If no: a. Use the command remote disauthen where is the name used to refer to the company’s router. 4. Does the remote router dynamically assign an IP address for this PPP session? If yes: a.
remote remote remote remote setlns Work_Router ppp_work setpasswd ppp_work_secret ppp_work setiptranslate on ppp_work addiproute 172.16.0.0 255.240.0.0 1 ppp_work l2tp set oursysname ppp_soho Work_Router l2tp set ourpassword ppp_soho_secret Work_Router Complete LNS and L2TP Client Configuration Example The following provides a configuration example of an LNS and L2TP Client. Assumptions IP Addresses The LNS server’s LAN IP address is 192.168.100.1 (LNSserver) with a mask of 255.255.255.0.
Figure 2 Remote User Company PPP session running over the tunnel L2TP Client: soho router PC (ISDN) lacclient (see note 1) lnsserver (see note 3) TUNNEL tunnelAtHome (see note 2) tunnelAtWork (see note 2) LNS: LNSserver router (DSL) 192.168.100.1 Router on LAN side: 192.168.101.1 CO LAN 192.168.110.1 LAN: 192.168.10 0.0 IP traffic to the Internet IP traffic to the Internet LAN: 192.168.101.0 Frame relay ATM traffic isp router 172.16.0.254 INTERNET internet router CO end: 172.16.0.
Set up ISDN parameters: isdn set switch ni1 isdn set dn 5551000 5553000 isdn set spids 0555100001 0555300001 Define DHCP settings for DNS servers, domain, wins server: dhcp set value DOMAINNAMESERVER 192.168.100.68 dhcp set value DOMAINNAME flowpoint.com dhcp set value WINSSERVER 192.168.100.
Set up DSL parameters: sd term co sd speed 1152 Define a remote LNSserver remote remote remote remote remote remote save reboot add lnsserver setauthen chap lnsserver setpasswd serverpassword lnsserver addiproute 192.168.110.1 255.255.255.255 1 lnsserver setprotocol ppp lnsserver setpvc 0*38 lnsserver Configuration commands for isp Note: isp is an ISDN router. The router soho calls the router isp.
Configuration commands for LNSserver Note: LNSserver is a DSL router. Define LNSserver: system system system system name lnsserver passwd serverpassword msg Script_for_LNS_called_HQ securitytimer 60 Enable IP routing: eth ip enable eth ip addr 192.168.100.1 255.255.255.0 Define DHCP settings for DNS servers, domain: dhcp set value domainname flowpoint.com dhcp set value domainnameserver 192.168.100.
Chapter 5. Command Line Interface Reference Command Line Interface Conventions Command Input The router Command Line Interface follows these conventions: • Command line length may be up to 120 characters long. • The Command Line Interface is not case-sensitive except for passwords and router names. • Items that appear in bold type must be typed exactly as they appear. However, commands can be shortened to just those characters necessary to make the command unique.
dhcp l2tp filters save erase • File system commands ? or HELP Lists the commands at the current level as well as subcommands. At the lowest level of the subcommand, entering a ? may return the syntax of the command. Note that some commands require a character string and the ? will be taken as the character string if entered in that position.
System Level Commands These commands are online action and status commands.
BI Lists the root bridge. bi Response: # bi GROUP 0Our ID=8000+00206f0249fc Root ID=8000+00206f0249fc Port ETHERNET/0 00+00 FORWARDING BI LIST Lists MAC addresses and corresponding bridge ports as learned by the bridge function. This list includes several flags and the number of seconds elapsed since the last packet was received by the MAC address.
IFS Lists the communications interfaces installed in the router and the status of the interfaces. ifs Response: # ifs Interface ETHERNET/0 ATM_VC/1 ATM-25/0 CONSOLE/0 Speed 10.0mb 25.6mb 25.6mb 9600 b In % 0%/0% 0%/0% 0%/0% 0%/0% Out % 0%/0% 0%/0% 0%/0% 0%/0% Protocol (Ethernet) (CLEAR) (ATM) (TTY) State OPENED OPENED OPENED OPENED Connection to HQ IPIFS Lists the IP interface. ipifs Response: ATM_VC/1 ETHERNET/0 192.168.254.1 (FFFFFF00) dest 192.168.254.2 sub 192.168.254.0 net 192.168.254.
IPXROUTES Lists the current entries in the IPX routing table. ipxroutes Response: # ipxroutes Network 00001001: 00000456: where: Gateway HQ (DIRECT) Interface [down] ETHERNET/0 STATIC DOD Hops Ticks Flags 1 4 STATIC FORWARD DOD 0 1 FORWARD Static Route Initiate Link dial-up FORWARD DIRECT IPXSAPS Lists the current services in the IPX SAPs table.
LOGOUT Logs out to reinstate administrative security after you have completed changing the router’s configuration. logout MEM Lists memory and buffer usage. mem Response: # mem Small buffers used.......18 (7% of 256 used) Large buffers used.......41 (16% of 256 used) Buffer descriptors used..59 (7% of 768 used) Number of waiters s/l....
PING An echo message, available within the TCP/IP protocol suite, sent to a remote node and returned; it is used to test connectivity to the remote node and is particularly useful for locating connection problems on a network. By default, the router will try to “ping” the remote device for five consecutive times and will issue status messages. ping [-c count] [-i wait] [- s size (or -l size)] -c count Number of packets; count is a value between 1 and 10.
TID: NAME: FL: P: BOTTOM: CURRENT: SIZE: task ID field name of the task flag field number from 1 to 7 with the highest priority equal to 1. address of the task stack current stack pointer stack size in byte REBOOT This command causes a reboot of the system. You must perform a reboot after you have configured the router the first time or when you modify the configuration.
VERS Displays the software version level, source, software options, and amount of elapsed time the router has been running. vers Response: FlowPoint/2025 ATM25 Router FlowPoint-2000 BOOT/POST V3.0.0 (12-Dec-98 18:10) Software version 3.0.
Router Configuration Commands Configuration commands are used to set configuration information for each functional capability of the router.
Target Router System Configuration Commands (SYSTEM) The following commands set basic router configuration information: • name of the router • optional system message • authentication password • security authentication protocol • management security • system administration password • IP address translation • NAT configuration • Host mapping • WAN-to-WAN forwarding • filters SYSTEM ? Lists the supported keywords.
system addHostMapping first private addr First IP address in the range of IP address to be remapped, in the format of 4 decimals separated by periods. second private addr Last address in the range of IP address to be remapped, in the format of 4 decimals separated by periods. first public addr Defines the range of public IP addresses, in the format of 4 decimals separated by periods. The rest of the range is computed automatically.
last port If specified, is used with to specify a range of ports as seen by the remote end for the server on the LAN. first private port If specified, is a port remapping of the incoming request from the remote end. Example: system addServer 192.168.1.5 tcp smtp SYSTEM ADDSNMPFILTER This command is used to validate SNMP clients by defining a range of IP addresses that are allowed to access the router via SNMP. This validation feature is off by default.
system addUDPrelay |all [] ipaddr IP address of the server to which the UDP packet will be forwarded. first port First port in the UDP port range to be created. all Incorporates all the available UDP ports in the new range last port Last port in the UDP port range to be created Example: system addudprelay 192.168.1.5 all SYSTEM ADMIN Sets the administration password used to control write access to the target router configuration.
SYSTEM COMMUNITY This command is used to enhance SNMP security. It allows the user to change the SNMP community name from its default value of “public” to a different value. Refer to Management Security, page 92. Note: The command system community (with no value) will display the current community name.
SYSTEM DELSERVER This Network Address Translation (NAT) command is used to delete an entry created by the system addServer command. system delServer | discard|me |tcp|udp |ftp|telnet|smtp|snmp|http [ []] ipaddr IP address of the host selected as server in the format of 4 decimals separated by periods discard Used to discard the incoming server request.
Note 2: To list the range of allowed clients, use the command system list when logged in with read and write permission (log in with password). system delTelnetFilter [] | LAN first ip addr First IP address in the client range last ip addr Last IP address in the client range. May be omitted if the range contains only one IP address. LAN Local Ethernet LAN Example: system deltelnetfilter 192.168.1.5 192.168.1.
Authentication override.............. NONE WAN to WAN Forwarding................ yes BOOTP/DHCP Server address............ none Telnet Port.......................... default (23) SNMP Port............................ default (161) System message: Configured January 1998 SYSTEM LOG Allows logging of the router’s activity in a TELNET session.
SYSTEM ONEWANDIALUP This command is useful when security concerns dictate than the router can only have one connection active at one time. For example, a connection to the Internet and to another location such as one's company at the same time can be prevented. The command system oneWANdialup on forces the router to have at most ONE connection to a remote entry to be active at one time. (Multiple links to the same remote are allowed).
time in Minute Length of time in minutes Auto logout can be disabled by setting the
• ipxroutes system supporttrace Example: system supporttrace SYSTEM TELNETPORT The router has a built-in Telnet server. This command is used to specify which router’s TCP port is to receive a Telnet connection. Note: This command requires a save and reboot to take effect. system telnetport default|disabled| default The default value is 23. disabled The router will not accept any incoming TCP request. port Port number of the Ethernet LAN.
Target Router Ethernet LAN Bridging and Routing (ETH) The following commands allow you to: • Set the Ethernet LAN IP address • List the current contents of the IP routing table • Enable and disable IP routing • List or save the current configuration settings All of these commands will require a reboot. ETH ? Lists the supported keywords.
ETH IP ADDROUTE Allows to define IP routes reached via the LAN interface. It is only needed if the system does not support RIP. Note: This command requires a reboot. eth ip addRoute [] ipaddr Ethernet LAN IP address in the format of 4 decimals separated by periods. ipnetmask IP network mask in the format of 4 decimals separated by periods. gateway IP address in the format of 4 decimals separated by periods.
ETH IP DIRECTEDBCAST This command is used to enable or disable the forwarding of packets sent to the network-prefix-directed broadcast address of an interface. A network-prefix-directed broadcast address is the broadcast address for a particular network. For example, a network’s IP address is 192.168.254.0 and its mask is 255.255.255.0. Its network-prefix-directed broadcast address is 192.168.254.255.
ETH IP FILTER This command is used to define an IP filter on the Ethernet interface of the connection. The filter is used to screen IP packets and operates at the interface level. Each interface is defined by 3 types of filters: Input, Forward, and Output filters. For more information on IP filters and Firewall, please refer Configuring Special Features, IP Filtering - Chapter 4.
--da [:] where defines the first or only destination IP address and , if present, defines the last destination IP address in a range. If not specified, is assumed to be 0.0.0.0, is assumed to be 255.255.255.255. -dm where , when present, defines a mask to use when comparing the ...
ETH IP FIREWALL The router supports IP Internet Firewall Filtering to prevent unauthorized access to your system and network resources from the Internet. This filter discards packets received from the WAN that have a source IP address recognized as a local LAN address. This command requires a reboot. This command sets Ethernet Firewall Filtering ON or OFF and allows you to list the active state. Note: To perform Firewall Filtering, IP routing must be enabled.
txdef/avdfr Advertise this router as the default router over the Ethernet LAN (provided it has a default route!). This default is set to ON. Set this to OFF if another router on the local LAN is the default router. port# Port number of the Ethernet LAN. This number must be 0 or 1, or may be omitted. Example: eth ip options avdfr off ETH IP RIPMULTICAST This commands lets you change the multicast address for RIP-1 compatible and RIP-2 packets. The default address is 224.0.0.9.
ETH IPX ENABLE Enables IPX routing across the Ethernet LAN. This acts as a master switch allowing you to enable IPX routing. Note: This command requires a reboot. eth ipx enable [port#] port# Port number of the Ethernet LAN. This number must be 0 or 1, or may be omitted. Example: eth ipx enable ETH IPX FRAME Sets the frame encapsulation method. The default is 802.2. eth ipx frame type 802.2 (DEC standard) 802.3 (Intel standard) dix (Xerox/Ethernet II standard) Example: eth ipx frame 802.
Remote Router Access Configuration (REMOTE) The following commands allow you to add, delete, and modify remote routers to which the target router can connect.
REMOTE ADD Adds a remote router entry into the remote router database. remote add remoteName Name of the remote router (character string). The name is case-sensitive. Example: remote add HQ REMOTE ADDHOSTMAPPING This command is used to remap a range of local LAN IP addresses to a range of public IP addresses on a perremote-router basis. These local addresses are mapped one-to-one to the public addresses. Note: The range of public IP addresses is defined by only.
hops Number between 1 and 15 that represents the perceived cost in reaching the remote network or station. ipgateway Enter a gateway address only if you are configuring RFC 1483MER. The gateway address that you enter is the address of a router on the remote LAN. Check with your system administrator for details. remoteName Name of the remote router (character string). Examples: remote remote remote remote remote remote addIpRoute addIpRoute addIpRoute addIpRoute addIpRoute addIproute 128.1.210.
ipxNet IPX network number represented by 8 hexadecimal characters. ipxNode IPX node address represented by 12 hexadecimal characters. socket Socket address of the destination process within the destination node. The processes include services such as file and print servers. type Number representing the type of server. hops Number of routers through which the packet must go to get to the network/station. remoteName Name of the remote router (character string).
REMOTE DELENCRYPTION Deletes encryption files associated with a remote router. remote delencryption remoteName Name of the remote router (character string). Example: remote delEncryption HQ REMOTE DELHOSTMAPPING This command is used to undo an IP address/ host translation (remapping) range that was previously established with the command remote addhostmapping on a per-remote-router basis.
REMOTE DELIPXROUTE Deletes an IPX address for a network on the LAN network connected beyond the remote router. Note: A reboot must be performed on the target router for a deletion of a static route to take effect. remote delIpxroute ipxNet IPX network number represented by 8 hexadecimal characters. remoteName Name of the remote router (character string).
REMOTE DELSERVER This Network Address Translation (NAT) command is used to delete an entry created by the remote addServer command. Please refer to the section Server Configuration, page 86, for detailed information.
remoteName Name of the remote router (character string). Example: remote disAuthen HQ REMOTE DISBRIDGE Disables bridging from the target router to the remote router. Note: This command requires rebooting the target system for the change to take effect. remote disBridge remoteName Name of the remote router (character string). Example: remote disBridge HQ REMOTE ENAAUTHEN With this command the target router will try to negotiate authentication as defined in the remote router's database.
REMOTE IPFILTER This command is used to define an IP filter on the remote/WAN interface of the connection to establish a Firewall. The filter is used to screen IP packets and operates at the interface level. Each interface is defined by 3 types of filters: Input, Forward, and Output filters. For more information on IP filters, please refer to the topic IP Filtering, page 98.
if present, defines the last destination IP address in a range. If not specified, is assumed to be 0.0.0.0, is assumed to be 255.255.255.255. -dm where , when present, defines a mask to use when comparing the ... with the destination IP address in the IP packet. If not specified, the destination IP mask is set to 255.255.255.255.
REMOTE LIST Lists the remote router entry in the remote router database or all the entries in the database. The result is a complete display of the current configuration settings for the remote router(s), except for the authentication password/secret. remote list [] remoteName Name of the remote router (character string) Example: remote list HQ Response: INFORMATION FOR Status............................... enabled Our Password used when dialing out... no Protocol in use................
REMOTE LISTIPROUTE Lists all network or station IP addresses defined for the LAN network connected beyond the remote router. If the remote name is not specified, a list of IP Routes is displayed for each remote router in the database. remote listIproutes [remoteName] remoteName Name of the remote router (character string). Example: remote listIpRoute HQ Response: IP INFORMATION FOR Send IP RIP to this dest............. rip-1 compatible Send IP default route if known.....
IPX SAP INFORMATION FOR Total IPX SAPs....................... 0 SERV312_FP 00001001 00:00:00:00:00:01 0451 0004 1 REMOTE LISTPHONES Lists the PVC numbers available for connecting to the remote router. remote listPhones remoteName Name of the remote router (character string). Example: remote listPhone HQ Response: PHONE NUMBER(s) FOR Connection Identifier (VPI*VCI)......
REMOTE SETBROPTIONS Sets controls on the bridging process. Warning: Do not change this setting without approval of your system administrator. remote setBrOptions
key Key in the format of an eight-hexadecimal number remoteName Name of the remote router (character string). Example: remote setEncryption dese tx 1111111111111111 HQ remote setEncryption dese rx 2222222222222222 HQ REMOTE SETENCRYPTION (Diffie-Hellman Encryption) This command is used to specify encryption based on the Diffie-Hellman key exchange protocol. Each router possesses an internal encryption file that is associated with a public key providing 768-bit security.
txrip1 Transmit broadcast RIP-1 packets only. txrip2 Transmit multicast RIP-2 packets only. txdef Transmit the local router’s default IP route. Set on, the local router will send the default route to the remote site. The default is off. private Keep IP routes private. Used to prevent advertisement of this route to other sites by the remote router.
REMOTE SETLNS This command is specific to L2TP tunnel configuration. Please, refer to the L2TP commands section, page 197, for more usage information. remote setLNS REMOTE SETOURPASSWD Sets a unique CHAP or PAP authentication password for the local router used for authentication when the local router connects to the specified remote router. This password overrides the password set in the system passwd command.
remoteName Name of the remote router (character string). Example: remote setPasswd s2dpxl7 HQ REMOTE SETPROTOCOL Sets the link protocol for the remote router.
mask IP network mask of the remote router, in the format of 4 decimals separated by periods. remoteName Name of the remote router (character string). Example: remote setRmtIpAddr 128.1.210.65 255.255.255.192 HQ REMOTE SETSRCIPADDR Sets the IP address for the target WAN connection to the remote router. You may set this address when the remote router requires the target and remote WAN IP addresses to be on the same subnetwork.
where: Current state: connected, not connected, currently connecting, currently attempting to connect, currently closing, out of service, or not known Bandwidth state: idle, increasing, decreasing, decreasing hold, unknown, and idle REMOTE STATSCLEAR Allows to reset the statistics counter for a given remote router. remote statsclear remoteName Name of the remote router (character string).
Asymmetric Digital Subscriber Line Commands (ADSL) The following ADSL commands are used to manage the ADSL link for an ADSL router. ADSL ? Lists the supported keywords. adsl ? Response: ADSL commands: ? restart stats speed ADSL RESTART This command is used to resynchronize the modem with the Central Office equipment.
ADSL STATS Shows the current error status for the ADSL connection. adsl stats [clear] clear Option used to reset the counters Example: adsl stats Response: ASDL Statistics: Out of frame errors.... HEC errors received... CRC errors received.... FEBE errors received... Remote Out-of-frame.... Remote HEC errors......
Asynchronous Transfer Mode Commands (ATM) The following ATM commands are used to manage the ATM link for an ATM router. ATM ? Lists the supported keywords. atm ? Example: atm? Response: ATM commands: ? save reset pcr speed Note: Other ATM-specific commands are also included in this section: atom dumpUnknownCells atom findPVC remote setatmtraffic ATM PCR This command sets the speed of the ATM link in cells per second. This command is similar to atm speed (speed in kilobytes).
atm save Example: atm save ATM SPEED This command sets the speed of the ATM link in kilobits per second. This command is similar to atm pcr (speed in cells per second). Please refer to the command atm pcr. The upstream speed default is 326 Kb/s. Use this command if the upstream speed exceeds 326 Kb/s. The speed value is generally obtained from your Network Service Provider. Note: This command requires privileged access (login password).
1 is the number of the VPI as found in the ATM stream. 2 is the number of the VCI as found in the ATM stream. The discovered number may be used as the VPI*VCI value in the remote, to determine if communications are possible. REMOTE SETATMTRAFFIC This command sets ATM traffic shaping on a remote router. ATM traffic shaping allows the user to set the average rate at which cells are sent (SCR, Sustained Cell Rate) to a value lower than the ATM link speed (PCR, Peak Cell Rate).
Dual Ethernet Router Commands (ETH) The following Ethernet commands are used to manage the Ethernet interfaces for the Dual Ethernet (Ethernet-toEthernet) router and thus are specific to this type of router only. Note: For non-specific Ethernet commands, refer to the Ethernet Commands section of this chapter, page 136. General information This device may be configured via the Web Browser GUI or from the Command Line Interface (CLI).
ETH IP ADDHOSTMAPPING This command is used to remap a range of local LAN IP addresses to a range of public IP addresses on a perinterface basis. These local addresses are mapped one-to-one to the public addresses. Note: The range of public IP addresses is defined by only. The rest of the range is computed automatically ( from to + number of addresses remapped - 1) inclusive.
ETH IP DELHOSTMAPPING Note: This command is used to undo an IP address/ host translation (remapping) range that was previously established with the command eth ip addhostmapping on a per-interface basis. eth ip delHostMapping first private addr First IP address in the range of IP address, in the format of 4 decimals separated by periods.
ETH IP TRANSLATE Note: This command is used to control Network Address Translation on a per-interface basis. It allows several PCs to share a single IP address to the Internet eth ip translate on|off port# Ethernet interface number. Can be 0 or 1.
High-Speed Digital Subscriber Line Commands (HDSL) The following HDSL commands are used to manage the HDSL link for an HDSL router. General information about HDSL Line activation Line activation is independent of network settings. During activation, the Link light (on the front panel of the router) is yellow and then turns green when the link becomes active. The router at the CPE end will try auto-speed detection starting at 384 and try to the next higher speed (for about 30 seconds per speed).
HDSL ? Lists the supported keywords. hdsl ? Example: hdsl? Response: HDSL commands: ? help save speed terminal HDSL SPEED CO end: This command is used to set the speed manually on the CO end only. CPE end: The router on the CPE end is always in auto-speed mode: it uses an auto-speed algorithm to attempt to match the CO speed. The command hdsl speed noauto is used to override auto-speed. Note 1: The command hdsl speed (with no option) displays the current speed if the modem has activated successfully.
HDSL TERMINAL The router is by default configured as the CPE. Use this command if you intend to configure the router as a Central Office equipment (CO). hdsl terminal cpe is used to define the CPE (customer premise) end (default configuration) hdsl terminal co is used to define the CO (central office) end. hdsl terminal displays the current settings. hdsl terminal [cpe|co] co This option lets you define the router as the central office (CO).
ISDN Digital Subscriber Line (IDSL) General information about IDSL DLCI (Data Link Connection Identifier) The IDSL router can support several DLCI virtual circuits over a Frame Relay IDSL link. However, a typical connection to the Internet will require only one DLCI. The DLCI number must match the DLCI of the remote end. An activated router should have the LINE, CH1, CH2, and NT1 LEDs all lit green. The following IDSL commands are used to manage the IDSL link for an IDSL router.
ISDN SET SWITCH This command is used to specify link speeds of 64, 128, or 144 Kbps for the IDSL connection. isdn set switch [FR64 | FR128 | FR144] FR64 Link speed of 64 Kbps FR128 Link speed of 128 Kbps FR144 Link speed of 144 Kbps Example: isdn set switch fr144 REMOTE SETDLCI This command allows the user to set the Data Link Connection Identifier – an address identifying a logical connection – in a Frame Relay environment. This number is generally provided by the Network Service Provider.
Symmetric Digital Subscriber Line Commands (SDSL) The following SDSL commands are used to manage the SDSL link for an SDSL router. General information about SDSL Line activation Line activation is independent of network settings. During activation, the Link light (on the front panel of the router) is yellow and then turns green when the link becomes active. The router at the CPE end will try auto-speed detection starting at 384 and try to the next higher speed (for about 30 seconds per speed).
SDSL ? Lists the supported keywords. sdsl ? Example: sdsl? Response: SDSL commands: ? help save speed terminal SDSL SPEED CO end: This command is used to set the speed manually on the CO end only. CPE end: The router on the CPE end is always in auto-speed mode: it uses an auto-speed algorithm to attempt to match the CO speed. The command sdsl speed noauto is used to override auto-speed. Note 1: The command sdsl speed (with no option) displays the current speed if the modem has activated successfully.
SDSL TERMINAL The router is by default configured as the CPE. Use this command if you intend to configure the router as a Central Office equipment (CO). sdsl terminal cpe is used to define the CPE (customer premise) end (default configuration). sdsl terminal co is used to define the CO (central office) end. sdsl terminal displays the current settings.
Dynamic Host Configuration Protocol Commands (DHCP) The following DHCP commands allow you to: • Enable and disable subnetworks and client leases • Add subnetworks and client leases • Set the lease time • Change client leases manually • Set option values globally, for a subnetwork, or for a client lease • Enable/disable BootP • Use BootP to specify the boot server • Define option types DHCP ? Lists the supported keywords.
Examples: dhcp add 192.168.254.0.255.255.255.0 (adds this subnetwork) dhcp add 192.168.254.31 (adds this client lease) dhcp add 128 1 4 ipAddress (adds this option type). Note: In the above example, 128 allows IP addresses, the server has a minimum of one IP address, the server can have up to four IP addresses, and the type is “ipaddress”). DHCP BOOTP ALLOW This command allows a BootP request to be processed for a particular client or subnet.
DHCP BOOTP TFTPSERVER This command lets you specify the TFTP server (boot server). dhcp bootp tftpserver [|] net IP address of the subnetwork lease in the format of 4 decimals separated by periods. ipaddr IP address of the client lease in the format of 4 decimals separated by periods. tftpserver ipaddr IP address of the TFTP server in the format of 4 decimals separated by periods 0.0.0.0 is used to clear the IP address of the server.
code Code can be a number between 1 and 61 or a keyword. Use the command dhcp list definedoptions to list the codes and keywords. Examples: dhcp clear valueoption 4 dhcp clear valueoption 192.168.254.0 7 dhcp clear valueoption 192.168.254.2 gateway DHCP DEL This command is used to delete a subnetwork lease, a specific client lease, or a code. dhcp del | net IP address of the subnetwork lease in the format of 4 decimals separated by periods.
ipaddr IP address of the client lease in the format of 4 decimals separated by periods. Examples: dhcp enable 192.168.254.0 dhcp enable 192.168.254.17 DHCP LIST This command lists global, subnetwork, and client lease information. dhcp list | | net IP address of the subnetwork lease in the format of 4 decimals separated by periods. ipaddr IP address of the client lease in the format of 4 decimals separated by periods.
To list information for the subnetwork 192.168.254.0, use: dhcp list 192.168.254.0 Response: Subnet 192.168.254.0, Enabled Mask .................. 255.255.255.0 first ip address ...... 192.168.254.2 last ip address ....... 192.168.254.253 lease ..................Default bootp ..................not allowed bootp server ...........none bootp file ............. GATEWAY (3) ............192.168.254.254 client 192.168.254.2, Ena, Jo-computer, Expired client 192.168.254.
code POLICYFILTER (21), 1 to 31 occurrences, type IPADDRESS code MAXDGMREASSEMBLY (22), 1 occurrence, type WORD code DEFAULTIPTTL (23), 1 occurrence, type BYTE code PATHMTUAGETMOUT (24), 1 occurrence, type LONGINT code PATHMTUPLATEAUTBL (25), 1 to 127 occurrences, type WORD code INTERFACEMTU (26), 1 occurrence, type WORD code ALLSUBNETSLOCAL (27), 1 occurrence, type BINARY code BROADCASTADDRESS (28), 1 occurrence, type IPADDRESScode PERFORMMASKDSCVR (29), 1 occurrence, type BINARY code MASKSUPPLIER (30), 1
To list options starting with the string “ga”, use: dhcp list definedoptions ga Response: code, number of values, type of value code GATEWAY (3), occurrence 1, type IPADDRESS DHCP LIST LEASE This command lists the lease time. dhcp list lease Example: dhcp list lease Response: Default lease time ......... 168 hours DHCP RELAY Lets the router relay DHCP or BootP requests to a DHCP server on the WAN, when a PC attempts to acquire an IP address using DHCP. This command disables the router’s DHCP server.
dhcp set expire |default|infinite ipaddr IP address of the client lease in the format of 4 decimals separated by periods. hours Lease time; minimum is 1 hour; 168 hours is the global default. default Lease time that has been specified at the subnetwork or global level. infinite No lease time limit; the lease becomes permanent. Example: dhcp set expire 192.168.254.18 8 DHCP SET LEASE This command is used to control lease time.
DHCP SET MASK Used to conveniently change the mask of a DHCP subnet without deleting and recreating the subnet and all of its entries. dhcp set mask net IP address of the subnetwork lease in the format of 4 decimals separated by periods. mask IP network mask, in the format of 4 decimals separated by periods. Example: dhcp set mask 192.168.254.0 255.255.255.
L2TP — Virtual Dial-Up Configuration (L2TP) The following L2TP commands allow you to add, delete, and modify tunnels. L2TP router information that can be configured includes: • Names • Security authentication protocols and passwords • Addresses • Management of traffic performance Note: Two remote commands specific to L2TP are also included in this section. L2TP ? Lists the supported keywords.
l2tp set address ipaddr IP address of the remote LAC or LNS TunnelName Name of the tunnel (character string). The name is case sensitive. Example: l2tp set address 192.168.100.1 PacingAtWork L2TP SET AUTHEN Used to enable or disable authentication of the remote router during tunnel establishment using the CHAP secret, if it exists.
L2TP CLOSE Used to close an L2TP tunnel and/or session. l2tp close |-n|-t|-s|-c L2TP unit number -n TunnelName Name of the tunnel (character string). The name is case sensitive. -t tunnelid Local tunnel id -s serialnum Serial number of the call within the tunnel -c callid ID of the local call for the session Note: Either or must be specified.
L2TP LIST The result of this command provides a complete display of the current configuration settings for tunnel(s), except for the authentication password/secret. l2tp list || TunnelName Name of the tunnel (character string). The name is case sensitive. Example: l2tp list PacingAtWork # l2tp list INFORMATION FOR type................................. L2TPClient (LAC-will not dial)/LNS All Incoming Calls Tunneled here..... no CHAP challenge issued................
L2TP SET DIALOUT Used to let LNS instruct the L2TP client to use an ISDN phone line to place a call on its behalf. l2tp set dialout yes|no yes This option lets the router place outgoing calls. no This option prevents the router from placing outgoing calls. No is the default. TunnelName Name of the tunnel (character string). The name is case sensitive.
The name is case sensitive TunnelName Name of the tunnel (character string). The name is case sensitive. Example: l2tp set ourTunnelName isp PacingAtWork L2TP SET REMOTENAME This command creates the host name of the remote tunnel. Note: If this command is not used, then of the tunnel entry is used. l2tp set remoteName name Host name of the remote tunnel. This is the fully qualified domain name of the remote host. TunnelName Name of the tunnel (character string).
pacing Sequence numbers are placed in the L2TP payload packets. When a session is created, the router specifies a window size. Acknowledgements for received packets are issued. nosequencing No sequence numbers are placed in the L2TP payload packets carrying the PPP packets. If the remote end carries out sequencing or pacing, the router can still send and receive sequenced packets. optional Used to allow dynamic switching of a session from pacing or sequencing to nosequencing.
Bridging Filtering Commands (FILTER BR) Bridging filtering allows you to control the packets transferred across the router. This feature can be used to enhance security or improve performance. Filtering occurs based on matched patterns within the packet at a specified offset. Two filtering modes are available: • Deny mode will discard any packet matched to the deny filter database and let all other packets pass.
FILTER BR LIST Lists the bridging filters in the filtering database. filter br list Example: filter br list Response: Allow Filter: Deny Filter: pos:12, len=2, <80><35> FILTER BR USE Sets the mode of filtering to either deny, allow, or none.
Save Configuration Commands (SAVE) These commands can be used to save the entire configuration of parts of the router’s configuration to FLASH memory. The parts of the configuration you can save include: • System • Ethernet LAN • DHCP settings • Remote Router Database settings • Filters SAVE ALL Saves the configuration settings for the system, Ethernet LAN, DSL line, and remote router database into FLASH memory.
SAVE DOD Saves the current state of the remote router database. All new entries and changed entries are saved into FLASH memory. save dod Example: save dod SAVE ETH Saves the configuration settings for the Ethernet LAN into FLASH memory. save eth Example: save eth SAVE FILTER Saves the bridging filtering database to FLASH memory. A reboot must be executed to load the database for active use.
Erase Configuration Commands (ERASE) These commands can be used to erase the entire configuration or parts of the router’s configuration from FLASH memory. The parts of the configuration you can erase include: • System • Ethernet LAN • DSL and Remote Router Database settings • DHCP settings • Filters Once you erase part of the configuration, you will need to reconfigure that part of the configuration entirely.
ERASE DOD Erases the current state of the remote router database. All new entries and changed entries are erased from FLASH memory. erase dod Example: erase dod ERASE ETH Erases the configuration settings for the Ethernet LAN from FLASH memory. erase eth Example: erase eth ERASE FILTER Erases the current bridging filtering database from FLASH memory. This command requires a reboot (without a save).
File System Commands The file system commands allow you to perform maintenance and recovery on the router. These commands allow you to: • Format the file system • List the contents of the file system • Copy, rename, and delete files The router file system is DOS-compatible and the file system commands are similar to the DOS commands of the same name. COPY Copies a file from the source to the destination.
DELETE Removes a file from the file system. delete filename Name of the file to be deleted. The filename is in the format xxxxxxxx.xxx. Example: delete kernel.f2k Response: kernel.f2k deleted. DIR Displays the directory of the file system. The size of each file is listed (bytes).
FORMAT DISK Erases and reformats the router file system. This command should only be used when the file system is unusable. If the router does not execute the POST test and software boot successfully, and the result of the dir command indicates the file system is corrupted, you may wish to reformat the disk, reboot the router, and recopy the router software. format disk Example: format disk Response: NEWFS: erasing disk...
RENAME Renames a file in the file system to a new name. rename oldName Existing name of the file to be renamed. The filename is in the format xxxxxxxx.xxx. newName New name of the file. The filename is in the format xxxxxxxx.xxx. Example: rename ether.dat oldeth.dat Response: ‘ether.dat’ renamed to ‘oldeth.dat’ SYNC Commits the changes to the file system to FLASH memory. sync Example: sync Response: Syncing Warning: Syncing is not complete until you see ‘done’.
Chapter 6. Managing the Router This chapter describes the options available for booting software, how to upgrade the router with new releases of software, and explains the process for maintaining copies of configuration files. Simple Network Management Protocol (SNMP) SNMP, a member of the TCP/IP protocol suite, was designed to provide network management interoperability among different vendors' management applications and equipment.
TELNET Remote Access TELNET access to the router is supported. TELNET allows you to log in to the router as if you are directly connected through the Console port. In this manner you can issue commands, using the command line interface, to configure the router and perform status monitoring from any remote location. You can use one of the available TCP/IP packages containing the TELNET application.
BootP Server BootP is the Bootstrap Protocol server and is installed on your PC with the DSL Tools software. The BootP Server waits for incoming BootP broadcasts from BootP clients. The server looks up the MAC addresses of the incoming BootP request in its database. If the Mac Address is found, the server normally responds to the requestor with an IP address, the IP address of a TFTP server and the name of a file to use for booting.
To Return to Automatic Boot Mode 1. When you are ready to return to automatic boot mode, set switch 6 UP 2. Reboot by selecting 1, 2, 3, or 4. Rebooting with switch 6 in the UP position will cause the router to boot router software automatically in the order and manner you have specified. Option 1: Retry Start-up When in Manual Boot mode, you can reboot the router in the boot procedure order by selecting option 1, “Retry start-up”.
• the TFTP boot server address • the router software filename on the server The boot IP address is the router LAN IP address used during the boot procedure. This address may differ from the LAN IP address that the router is ultimately assigned. This address is different so that a system can be booted from one subnetwork and then moved to its operational network, if necessary. The boot IP address is of the form: zzz.zzz.zzz.zzz. The TFTP boot server address is specified as: xxx.xxx.xxx.xxx (where xxx.
format HH[:MM[:SS]]). You are shown the current date and time. If you set the date to 0/0/0, the real-time clock will be disabled. Note: This router is Y2K compliant. If you choose to only enter 2 digits for the year, values greater than 93 translate to 19xx. Values less or equal to 93 translate to 20xx. The router has a one-hundred-year date range (from 1994 to 2093). If the date is set to 0, the real-time clock is disabled for long-term storage.
Identifying Fatal Boot Failures Fatal boot failures can be identified by the LEDs light patterns displayed on the front panel of the router. Note: Normal LED states are described in the in the Hardware Reference section of the Quick Start Guide.
Note: It is strongly suggested that you use the Configuration Manager’s Upgrade/Backup tool to upgrade or backup the kernel. The Configuration Manager’s tool is more convenient to use than the Command Line Interface. Upgrade Instructions Read the following steps very carefully! 1. WARNING: Before performing this procedure, make sure that you can successfully boot from the network using the manual boot procedure option 3 or 4. Refer to the section Option 3: Boot from Network. 2.
not specify the server address, a permanent or more recent override TFTP server address will be used, if defined. Enter the sync command to commit the changes to FLASH memory. WARNING: After the kernel is copied, DO NOT power down the router until you have either issued a sync or reboot command to reboot the router. Otherwise the file is not written to FLASH memory. 8.
The copy command is used to upload configuration files to the TFTP server where the destination is in the form: tftp@xxx.xxx.xxx.xxx:filename.ext Backup Configuration Files (Recommended Procedure) 1. Create a directory under the TFTP root directory corresponding to the system name you want to back up. 2. Create files called SYSTEM.CNF, DHCP.DAT, and FILTER.DAT in this subdirectory. The files can be empty or not, but should be writeable by everyone.
format disk save copy tftp@xxx.xxx.xxx.xxx:kernel.f2k kernel.f2k sync The above assumes that the software presently running from RAM is correctly configured and still functional. The save command re-creates all the configuration files (except the FILTER.DAT file, which you may recreate manually by typing save filter). The copy command reinstalls the operational software on the FLASH file system and sync commits all this information to disk. 3.
Recovery Steps Using BootP If available, you may want to connect a console cable and start a terminal emulator session to see the router’s console messages. 1. Make sure that the PC path and directory information to a valid kernel are correct. 2. Start Configuration Manager or Quick Start (refer to your Quick Start Guide). 3. Select Tools and BootP. 4.
Routers with a Reset Button (models 2210) The following step will assist you in recovering the router’s administrative password or IP address, should you forget them. Push in the reset button and hold it for 3 second while the router is running. With this step, the following features are enabled for a length of 10 minutes: • The system password can be overridden by using the router’s serial number as a password.
script to execute on every startup, whereas the reboot command is useful to apply changes and have them take effect (almost) immediately. However, be aware of the following caution note. Caution: If you create a one-time script file (copied to the router under the name AUTOEXEC.BAT), do not include both the following commands: rename < autoexec.bat> and reboot. This would result in an endless loop of starting the router, executing the script, restarting the router, re-executing the script.
Chapter 7. Troubleshooting Software problems usually occur when the router’s software configuration contains incomplete or incorrect information.
Normal LED Sequence State 1 Power ON PWR - green TEST - amber LINK - off State 2 All lights flash State Length 5 sec Problem If the LED sequence stops at this stage: Hardware problem has been detected. Contact Technical Support. 1 sec State 3 PWR - green TEST - green LINK - off 5 sec State 4 PWR - green TEST - green LINK - amber 5 to 10 sec 1. Check that the DIP switches are all up. 2. Check that the correct software was loaded. 1. Check your DSL cable. 2.
Accessing History Log through the Configuration Manager 1. Select Tools and Terminal Window (the console cable is required). 2. Log in with your administration password into the router (e.g. “admin”). 3. Use the command system history to view the buffer contents. Other Logging Commands • If you wish to monitor your router activity at all times, use the command system log start to view a continuous log, using TELNET. (This command will not work in a Terminal Window session, but only from TELNET.
Interpretation and Troubleshooting To isolate a problem with the TCP/IP protocol, perform the following three tests: 1. Try to ping the IP address of your PC. If you get a response back, proceed directly with step 2. If you don’t get a response back, check that: • The network adapter card is installed. • The TCP/IP protocol is installed. • The TCP/IP protocol is bound to the network adapter. 2. Try to ping the IP address of your router. If you get a response back, proceed directly with step 3.
Investigating Software Configuration Problems Problems Connecting to the Router If you cannot connect your PC to the target router for configuration: • For a LAN connection, verify that the router’s IP address matches the IP address previously stored into the router’s configuration. You must have previously set the router’s Ethernet LAN IP address and subnet mask, saved the Ethernet configuration changes, and rebooted the router for the new IP address to take effect.
Problems Accessing the Remote Network If Bridging • Make sure to reboot if you have made any bridging destination or control changes. • All IP addresses must be in the same IP subnetwork (IP is being bridged). • Check that a bridging default destination has been configured and is enabled. • Be sure to reboot if the bridging destination or status has been changed. • Check that bridging is enabled locally (use the remote listBridge command).
• Verify that the IP and gateway addresses are correct on the PC. • Windows 95 may remember MAC addresses: if you have changed MAC addresses, reboot the router and the PC. • In Windows 3.1., check that the TCP driver is installed correctly. Ping (ping command) your PC’s IP address from the PC. • Successful “pinging” results let you know that the TCP driver is working properly. • If you have changed an IP address to map to a different MAC device, and ping or IP fails, reboot your PC.
Incorrect VPI/VCI (ATM Routers) If you are given an incorrect or no VCI/VPI number to use for the remote and need to determine what the possible value might be, refer to described page 167 under the command atom findpvc, for more information. Problems Accessing the Router via TELNET • Ensure that the router has a valid IP address. • Check that the Ethernet cable is plugged in.
Time-Stamped Messages didn't negotiate our IP address correctly Explanation: The remote router did not negotiate the IP address options as was expected by the local router. terminated IPCP prematurely Explanation: IP failed to negotiate. Try to change the remote or the source WAN IP address. Far Avg SQ #: <2-digit number> dB [4-digit number] Explanation: Message about the average signal quality for the remote router.
No system name known - using defaults Explanation: The router does not have a system name. For PAP/CHAP negotiation, the router will use a default name and password. Note: IPX is misconfigured for - no IPX WAN network Explanation: IPX WAN address is wrong or missing. Note: There is no IPX route statically defined for Informational message.
User is disabled in remote database Informative message. User not found in remote database Explanation: The authentication is coming from an unknown remote router. History Log The History Log utility is a troubleshooting tool which displays the router’s activity. It can be accessed from a terminal emulation session (including the Configuration Manager) or from Telnet. Follow the steps described below: 1.
How to Obtain Technical Support Before you contact Technical Support, please have the following information ready: • Router model number • Router software version • Date of purchase • Type of Operating System (Windows 95, 98, NT, or Windows for Workgroups) • Description of the problem List of other equipment such as personal computers, modems, etc. and third party software you are using, including revision levels.
Appendix A.
Configuring PPP with IP Routing PPP with IP Routing STEPS COMMANDS YOUR SETTINGS System Settings System Name system name .............................................. System Message system msg .............................................. Authentication Password system passwd .............................................. Ethernet IP Address eth ip addr [] ..............................................
Configuring PPP with IPX Routing PPP with IPX Routing STEPS COMMANDS YOUR SETTINGS System Settings System Name system name ............................................... System Message system msg ............................................... Authentication Passwd system passwd ............................................... Ethernet IP Address eth ip addr [] ...............................................
Configuring PPP with Bridging PPP with Bridging STEPS COMMANDS YOUR SETTINGS System Settings System Name system name .............................................. System Message system msg .............................................. Authorization Password system passwd .............................................. DHCP Settings dhcp set valueoption domainname ..............................................
Configuring RFC 1483 / RFC 1490 with IP Routing RFC 1483 / RFC 1490 with IP Routing STEPS COMMANDS YOUR SETTINGS System Settings System Message system msg .............................................. Ethernet IP Address eth ip addr [port#>] .............................................. DHCP Settings dhcp set valueoption domainname .............................................. Change Login dhcp set valueoption domainnameserver < ipaddr> ...........
Configuring RFC 1483 / RFC 1490 with IPX Routing RFC 1483 / RFC 1490 with IPX Routing STEPS COMMANDS YOUR SETTINGS System Settings System Message system msg Ethernet IP Address eth ip addr [port#>] DHCP Settings dhcp set valueoption domainname ............................................... ............................................... dhcp set valueoption domainnameserver ............................................... ......................
Configuring RFC 1483 / RFC 1490 with Bridging RFC 1483 / RFC 1490 with Bridging STEPS COMMANDS YOUR SETTINGS System Settings System Message system msg .............................................. DHCP Settings dhcp set valueoption domainname .............................................. dhcp set valueoption domainnameserver .............................................. system admin ..............................................
Configuring RFC 1483MER / RFC 1490MER with IP Routing RFC 1483MER/RFC 1490MER with IP Routing STEPS COMMANDS YOUR SETTINGS System Settings System Message system msg .................................................... Ethernet IP Address eth ip addr [] .................................................... DHCP Settings dhcp set valueoption domainname < domainname> ....................................................
Configuring FRF8 with IP Routing RFC 1483FR with IP Routing STEPS COMMANDS YOUR SETTINGS System Settings System Message system msg .............................................. Ethernet IP Address eth ip addr [] .............................................. DHCP Settings dhcp set valueoption domainname < domainname> .............................................. dhcp set valueoption domainnameserver ..............................................
Configuring a Dual Ethernet Router for IP Routing This table outlines commands used to configure a Dual Ethernet router for IP Routing. Dual Ethernet Router - IP Routing Steps Commands Your Settings System Settings System Name system name .............................................................. system msg .............................................................. eth ip enable .............................................................. eth br disable ................
Appendix B. Configuring IPX Routing IPX Routing Concepts IPX Routing is established by entering all remote routers in the remote router database to which this router will connect. 1. For each remote router, enter network addresses and services that may be accessed beyond the remote router. 2. Also enter a network number for the WAN link. 3. After specifying the route addressing and services, you then enable IPX routing across the Ethernet LAN.
Step 1: Collect your Network Information for the Target (Local) Router The remote side of the WAN link has all of the file and print services. Enter the needed network information in the blank boxes of the diagram. Then match the boxes’ numbers with the numbers in the Command Table below to configure the target router for IPX. 1 Enable IPX routing 2 External Network # (Local ’Wire’ address) Ex: 123 Server Name 3 IPX Frame Type Ex: 802.
Step 2: Review your Settings Commands used to review your IPX configuration: – eth list – remote list – ipxsaps > eth list ETHERNET INFORMATION FOR Hardware MAC address................. 00:20:6F:02:4C:35 Bridging enabled..................... no IP Routing enabled................... no Firewall filter enabled ........... yes Process IP RIP packets received.... yes Send IP RIP to the LAN............. yes Advertise me as the default router. Yes Receive default route using RIP....
Index B boot code, 210 manual boot mode (configuration switches models), 210 manual boot mode (reset button models), 218 boot failures, 214 boot options baud rate for console, 213 booting from the network, 211 extended diagnostics, 213 manual boot mode, 210 time and date, 213 BootP server, 210 bridging configuration information (for dual Ethernet router), 42 configuration information (with PPP), 32 configuration information (with RFC 1483), 37 configuration information (with RFC 1490), 37 configuration tabl
filter br ?, 198 filter br add, 198 filter br del, 198 filter br list, 199 filter br use, 199 format disk, 206 hdsl ?, 174 hdsl save, 174 hdsl speed, 174 hdsl terminal, 175 help, 115 ifs, 118 ipifs, 118 iproutes, 118 ipxroutes, 119 ipxsaps, 119 isdn ?, 176 isdn list, 176 isdn save, 176 isdn set switch, 177 l2tp ?, 191 l2tp add, 191 l2tp call, 192 l2tp close, 193 l2tp del, 193 l2tp forward, 193 l2tp list, 194 l2tp set address, 191 l2tp set authen, 192 l2tp set chapsecret, 192 l2tp set dialout, 195 l2tp set h
system addhttpfilter, 126 system addserver, 126 system addsnmpfilter, 127 system addtelnetfilter, 127 system addudprelay, 127 system admin, 128 system authen, 128 system bootpserver, 128 system community, 129 system delhostmapping, 129 system delhttpfilter, 129 system delserver, 130 system delsnmpfilter, 130 system deltelnetfilter, 130 system deludprelay, 131 system history, 131 system list, 131 system log, 132 system msg, 132 system name, 132 system onewandialup, 133 system passwd, 133 system securitytimer
configuration information (with RFC 1490), 35 configuration table (with PPP), 46 configuration table (with RFC 1483/RFC 1490), 49 test, 56 K kernel upgrade from the LAN, 214 upgrade from the WAN line, 216 L L2TP, 101 L2TP commands, 191 L2TP configurations, 104 LED sequence, 222 login password reset, 226 M MAC Encapsulated Routing, 38 management security, 92 N Network Address Translation classic NAT, 89 IP filtering, 99 masquerading, 85 Network Address Translation configuration, 85 network information exampl
L2TP, 101 LAC, 101 LNS, 101 tunneling configurations, 104 find value, 229 VPN, 101 Y Y2K compliance, 213 V VPI/VCI 253
