CHAPTER 6 Command Line Interface. Netopia Firmware Version 7.6, Netopia 2200, 3342, Netopia-3000, 3300 Series, 2200 Series, 2200, 3356

CHAPTER 6 Command Line Interface

The Netopia Gateway operating software includes a command line inter face (CLI) that lets you access your Netopia Gateway over a telnet connection. You can use the command line inter face to enter and update the unit’s configuration settings, monitor its per formance, and restar t it.

This chapter covers the following topics:

•

“Over view” on page 222

•

“Star ting and Ending a CLI Session” on page 224

•

“Using the CLI Help Facility” on page 225

•

“About SHELL Commands” on page 225

•

“SHELL Commands” on page 226

•

“About CONFIG Commands” on page 237

•

“CONFIG Commands” on page 242

221

222

Overview

The CLI has two major command modes: SHELL and CONFIG. Summary tables that list the commands are provided below. Details of the entire command set follow in this section.

SHELL Commands

netstat nslookup ping quit reset restart show start status telnet traceroute upload view who

Command arp atmping

Status and/or Description to send ARP request to send ATM OAM loopback clear to erase all stored configuration information clear_certificate to remove an SSL certificate that has been installed clear_log configure to erase all stored log info in flash memory to configure unit's options diagnose download exit help install license log loglevel to run self-test to download config file to quit this shell to get more: “help all” or “help help” to download and program an image into flash to enter an upgrade key to add a feature to add a message to the diagnostic log to report or change diagnostic log level to show IP information to send DNS query for host to send ICMP Echo request to quit this shell to reset subsystems to restart unit to show system information to start subsystem to show basic status of unit to telnet to a remote host to send traceroute probes to upload config file to show configuration information to show who is using the shell

Overview

Command Verbs delete help save script set validate view

Keywords atm bridge dhcp dmt diffserv dns dslf-cpewan dslf-lanmgnt dynamic-dns ethernet igmp ip ip-maps nat-default pinhole ppp pppoe preferences radius security servers snmp system upnp vlan wireless

CONFIG Commands

Status and/or Description

Delete configuration list data

Help command option

Save configuration data

Print configuration data

Set configuration data

Validate configuration settings

View configuration data

ATM options (DSL only)

Bridge options

Dynamic Host Configuration Protocol options

DMT ADSL options

Differentiated Services options

Domain Name System options

TR-069 CPE WAN management

TR-064 LAN management

Dynamic DNS options

Ethernet options

IGMP configuration options

TCP/IP protocol options

IPmaps options

Network Address Translation default options

Pinhole options

Peer-to-Peer Protocol options

PPP over Ethernet options

Shell environment settings

RADIUS Server options

Security options

Internal Server options

SNMP management options

Gateway’s system options

UPnP options

VLAN options

Wireless LAN options

223

224

top quit exit

Command Utilities

Go to top level of configuration mode

Exit from configuration mode; return to shell mode

Exit from configuration mode; return to shell mode

Starting and Ending a CLI Session

Open a telnet connection from a workstation on your network.

You initiate a telnet connection by issuing the following command from an IP host that suppor ts telnet, for example, a personal computer running a telnet application such as NCSA

Telnet.

telnet <ip_address>

You must know the IP address of the Netopia Gateway before you can make a telnet connection to it. By default, your Netopia Gateway uses 192.168.1.254 as the IP address for its LAN inter face. You can use a Web browser to configure the Netopia Gateway IP address.

Logging In

The command line inter face log-in process emulates the log-in process for a UNIX host. To logon, enter the username (either admin or user), and your password.

• Entering the administrator password lets you display and update all Netopia Gateway settings.

• Entering a user password lets you display (but not update) Netopia Gateway settings.

When you have logged in successfully, the command line inter face lists the username and the security level associated with the password you entered in the diagnostic log.

Ending a CLI Session

You end a command line inter face session by typing quit from the SHELL node of the command line inter face hierarchy.

Using the CLI Help Facility

Saving Settings

In CONFIG mode, the save command saves the working copy of the settings to the Gateway. The Gateway automatically validates its settings when you save and displays a warning message if the configuration is not correct.

Using the CLI Help Facility

The help command lets you display on-line help for SHELL and CONFIG commands. To display a list of the commands available to you from your current location within the command line inter face hierarchy, enter help .

To obtain help for a specific CLI command, type help <command> . You can truncate the

help

command to

h

or a question mark when you request help for a CLI command.

About SHELL Commands

You begin in SHELL mode when you star t a CLI session. SHELL mode lets you per form the following tasks with your Netopia Gateway:

• Monitor its per formance

• Display and reset Gateway statistics

• Issue administrative commands to restar t Netopia Gateway functions

SHELL Prompt

When you are in SHELL mode, the CLI prompt is the name of the Netopia Gateway followed by a right angle bracket (>). For example, if you open a CLI connection to the Netopia Gateway named “Netopia-3000/9437188,” you would see

Netopia-3000/9437188>

as your

CLI prompt.

SHELL Command Shortcuts

You can truncate most commands in the CLI to their shortest unique string. For example, you can use the truncated command

q

in place of the full

quit

command to exit the CLI.

However, you would need to enter

rese

for the

reset

command, since the first characters of

reset

are common to the

restart

command.

225

226

The only commands you cannot truncate are

restart

and

clear

. To prevent accidental interruption of communications, you must enter the

restart

and

clear

commands in their entirety.

You can use the Up and Down arrow keys to scroll backward and for ward through recent commands you have entered. Alternatively, you can use the

!!

command to repeat the last command you entered.

SHELL Commands

Common Commands arp nnn.nnn.nnn.nnn

Sends an Address Resolution Protocol (ARP) request to match the nnn.nnn.nnn.nnn IP address to an Ethernet hardware address.

clear [yes]

Clears the configuration settings in a Netopia Gateway. If you do not use the optional yes qualifier, you are prompted to confirm the clear command.

clear_certificate

Removes an SSL cer tificate that has been installed.

clear_log

Erases the log information stored in flash if persistent logging is enabled.

configure

Puts the command line inter face into Configure mode, which lets you configure your Netopia Gateway with Config commands. Config commands are described star ting on page

223 .

SHELL Commands

diagnose

Runs a diagnostic utility to conduct a series of internal checks and loopback tests to verify network connectivity over each inter face on your Netopia Gateway. The console displays the results of each test as the diagnostic utility runs. If one test is dependent on another, the diagnostic utility indents its entr y in the console window. For example, the diagnostic utility indents the Check IP connect to Ethernet (LAN) entr y, since that test will not run if the Check Ethernet LAN Connect test fails.

Each test generates one of the following result codes:

CODE

PASS

FAIL

SKIPPED

PENDING

Description

The test was successful.

The test was unsuccessful.

The test was skipped because a test on which it depended failed, or because the test did not apply to your particular setup or model.

The test timed out without producing a result. Try running the test again.

download [ server_address ] [filename] [confirm]

This command installs a file of configuration parameters into the Netopia Gateway from a

TFTP (Trivial File Transfer Protocol) ser ver. The TFTP ser ver must be accessible on your

Ethernet network.

You can include one or more of the following arguments with the download command. If you omit arguments, the console prompts you for this information.

• The server_address argument identifies the IP address of the TFTP ser ver from which you want to copy the Netopia Gateway configuration file.

• The filename argument identifies the path and name of the configuration file on the

TFTP ser ver.

• If you include the optional confirm keyword, the download begins as soon as all information is entered.

Beginning with Firmware Version 7.5.1, you can also download an SSL cer tificate file from a trusted Cer tification Authority (CA), on platforms that suppor t SSL, as follows:

download [-cert] [ server_address ] [filename] [confirm]

227

228 install [ server_address] [filename] [confirm]

(Not suppor ted on model 3342/3352)

Downloads a new version of the Netopia Gateway operating software from a TFTP (Trivial

File Transfer Protocol) ser ver, validates the software image, and programs the image into the Netopia Gateway memor y. After you install new operating software, you must restar t the Netopia Gateway.

The server_address argument identifies the IP address of the TFTP ser ver on which your Netopia Gateway operating software is stored. The filename argument identifies the path and name of the operating software file on the TFTP ser ver.

If you include the optional keyword confirm, you will not be prompted to confirm whether or not you want to per form the operation.

license [key]

This command installs a software upgrade key. An upgrade key is a purchased item, based on the serial number of the gateway.

log message_string

Adds the message in the message_string argument to the Netopia Gateway diagnostic log.

loglevel [ level]

Displays or modifies the types of log messages you want the Netopia Gateway to record. If you enter the loglevel command without the optional level argument, the command line inter face displays the current log level setting.

You can enter the loglevel command with the level argument to specify the types of diagnostic messages you want to record. All messages with a level number equal to or greater than the level you specify are recorded. For example, if you specify loglevel 3, the diagnostic log will retain high-level informational messages (level 3), warnings (level 4), and failure messages (level 5).

Use the following values for the level argument:

SHELL Commands

• 1 or low – Low-level informational messages or greater; includes trivial status messages.

• 2 or medium – Medium-level informational messages or greater; includes status messages that can help monitor network traffic.

• 3 or high – High-level informational messages or greater; includes status messages that may be significant but do not constitute errors.

• 4 or warning – Warnings or greater; includes recoverable error conditions and useful operator information.

• 5 or failure – Failures; includes messages describing error conditions that may not be recoverable.

netstat -i

Displays the IP inter faces for your Netopia Gateway.

netstat -r

Displays the IP routes stored in your Netopia Gateway.

nslookup { hostname | ip_address }

Per forms a domain name system lookup for a specified host.

• The hostname argument is the name of the host for which you want DNS information; for example,

nslookup klaatu

.

• The ip_address argument is the IP address, in dotted decimal notation, of the device for which you want DNS information.

ping [-s size] [-c count]{ hostname | ip_address }

Causes the Netopia Gateway to issue a series of ICMP Echo requests for the device with the specified name or IP address.

• The hostname argument is the name of the device you want to ping; for example,

ping ftp.netopia.com

.

• The ip_address argument is the IP address, in dotted decimal notation, of the device you want to locate. If a host using the specified name or IP address is active, it returns one or more ICMP Echo replies, confirming that it is accessible from your network.

• The

-s

size argument lets you specify the size of the ICMP packet.

229

230

• The

-c

count argument lets you specify the number of ICMP packets generated for the ping request. Values greater than 250 are truncated to 250.

You can use the ping command to determine whether a hostname or IP address is already in use on your network. You cannot use the ping command to ping the Netopia

Gateway’s own IP address.

quit

Exits the Netopia Gateway command line inter face.

reset arp

Clears the Address Resolution Protocol (ARP) cache on your unit.

reset atm

Resets the Asynchronous Transfer Mode (ATM) statistics.

reset crash

Clears crash-dump information, which identifies the contents of the Netopia Gateway registers at the point of system malfunction.

reset dhcp server

Clears the DHCP lease table in the Netopia Gateway.

reset diffserv

Resets the Differentiated Ser vices (diffser v) statistics.

reset enet

Resets Ethernet statistics to zero

reset heartbeat

Restar ts the hear tbeat sequence.

SHELL Commands

reset ipmap

Clears the IPMap table (NAT).

reset log

Rewinds the diagnostic log display to the top of the existing Netopia Gateway diagnostic log. The reset log command does not clear the diagnostic log. The next show log command will display information from the beginning of the log file.

reset security-log

Clears the security monitoring log to make room to capture new entries.

reset wan-users [all | ip-address]

This function disconnects the specified WAN User to allow for other users to access the

WAN. This function is only available if the number of WAN Users is restricted and NAT is on.

Use the all parameter to disconnect all users. If you logon as Admin you can disconnect any or all users. If you logon as User, you can only disconnect yourself.

restart [ seconds]

Restar ts your Netopia Gateway. If you include the optional seconds argument, your Netopia Gateway will restar t when the specified number of seconds have elapsed. You must enter the complete restart command to initiate a restar t.

show all-info

Displays all settings currently configured in the Netopia Gateway.

show bridge interfaces

Displays bridge inter faces maintained by the Netopia Gateway.

show bridge table

Displays the bridging table maintained by the Netopia Gateway.

231

232 show config

Dumps the Netopia Gateway’s configuration script just as the script command does in config mode.

show crash

Displays the most recent crash information, if any, for your Netopia Gateway.

show dhcp agent

Displays DHCP relay-agent leases.

show dhcp server leases

Displays the DHCP leases stored in RAM by your Netopia Gateway.

show diffserv

Displays the Differentiated Ser vices and QoS values configured in the Netopia Gateway.

show enet

Displays Ethernet inter faces maintained by the Netopia Gateway.

show features

Displays standard and keyed features installed in the Netopia Gateway.

show group-mgmt

Displays the IGMP Snooping Table. See “IGMP (Internet Group Management Protocol)” on page 97 for detailed explanation.

show ip arp

Displays the Ethernet address resolution table stored in your Netopia Gateway.

SHELL Commands

show ip igmp

Displays the contents of the IGMP Group Address table and the IGMP Repor t table maintained by your Netopia Gateway.

show ip interfaces

Displays the IP inter faces for your Netopia Gateway.

show ip ipsec

Displays IPSec Tunnel statistics.

show ip firewall

Displays firewall statistics.

show ip lan-discovery

Displays the LAN Host Discover y Table of hosts on the wired or wireless LAN, and whether or not they are currently online.

show ip routes

Displays the IP routes stored in your Netopia Gateway.

show ip state-insp

Displays whether stateful inspection is enabled on an inter face or not, exposed addresses and blocked packet statistics because of stateful inspection.

show ipmap

Displays IPMap table (NAT).

233

234 show log

Displays blocks of information from the Netopia Gateway diagnostic log. To see the entire log, you can repeat the show log command or you can enter show log all.

show memory [all]

Displays memor y usage information for your Netopia Gateway. If you include the optional

all

argument, your Netopia Gateway will display a more detailed set of memor y statistics.

show pppoe

Displays status information for each PPP socket, such as the socket state, ser vice names, and host ID values.

show security-log

Displays blocks of information from the Netopia Gateway security log.

show status

Displays the current status of a Netopia Gateway, the device's hardware and software revision levels, a summar y of errors encountered, and the length of time the Netopia Gateway has been running since it was last restar ted. Identical to the status command.

show summary

Displays a summar y of WAN, LAN, and Gateway information.

show wireless [all]

Shows wireless status and statistics.

show wireless clients [ MAC_address ]

Displays details on connected clients, or more details on a par ticular client if the MAC address is added as an argument.

SHELL Commands

telnet { hostname | ip_address } [port]

Lets you open a telnet connection to the specified host through your Netopia Gateway.

• The hostname argument is the name of the device to which you want to connect; for example,

telnet ftp.netopia.com

.

• The ip_address argument is the IP address, in dotted decimal notation, of the device to which you want to connect.

• The port argument is the number of t he por t over which you want to open a telnet session.

traceroute ( ip_address | hostname )

Traces the routing path to an IP destination.

upload [ server_address] [filename] [confirm]

Copies the current configuration settings of the Netopia Gateway to a TFTP (Trivial File

Transfer Protocol) ser ver. The TFTP ser ver must be accessible on your Ethernet network.

The server_address argument identifies the IP address of the TFTP ser ver on which you want to store the Netopia Gateway settings. The filename argument identifies the path and name of the configuration file on the TFTP ser ver. If you include the optional confirm keyword, you will not be prompted to confirm whether or not you want to per form the operation.

view config

Dumps the Netopia Gateway’s configuration just as the view command does in config mode.

who

Displays the names of the current shell and PPP users.

235

236

WAN Commands atmping vccn [ segment | end-to-end ]

Lets you check the ATM connection reachability and network connectivity. This command sends five Operations, Administration, and Maintenance (OAM) loopback calls to the specified vpi/vci destination. There is a five second total timeout inter val.

Use the segment argument to ping a neighbor switch.

Use the end-to-end argument to ping a remote end node.

reset dhcp client release [ vcc-id ]

Releases the DHCP lease the Netopia Gateway is currently using to acquire the IP settings for the specified DSL por t. The

vcc-id

identifier is an “index” letter in the range B-I, and does not directly map to the VCC in use. Enter the reset dhcp client release command without the variable to see the letter assigned to each vir tual circuit.

reset dhcp client renew [ vcc-id ]

Releases the DHCP lease the Netopia Gateway is currently using to acquire the IP settings for the specified DSL por t. The

vcc-id

identifier is an “index” letter in the range B-I, and does not directly map to the VCC in use. Enter the reset dhcp client release without the variable to see the letter assigned to each vir tual circuit.

reset dsl

Resets any open DSL connection.

reset ppp vccn

Resets the point-to-point connection over the specified vir tual circuit. This command only applies to vir tual circuits that use PPP framing.

show atm [all]

Displays ATM statistics for the Netopia Gateway. The optional all argument displays a more detailed set of ATM statistics.

About CONFIG Commands

show dsl

Displays DSL por t statistics, such as upstream and downstream connection rates and noise levels.

show ppp [{ stats | lcp | ipcp }]

Displays information about open PPP links. You can display a subset of the PPP statistics by including an optional stats , lcp , or ipcp argument for the show ppp command.

start ppp vccn

Opens a PPP link on the specified vir tual circuit.


You reach the configuration mode of the command line inter face by typing

configure

(or any truncation of

configure

, such as

con

or

config

) at the CLI SHELL prompt.

CONFIG Mode Prompt

When you are in CONFIG mode, the CLI prompt consists of the name of the Netopia Gateway followed by your current node in the hierarchy and two right angle brackets (>>). For example, when you enter CONFIG mode (by typing

config

at the SHELL prompt), the

Netopia-3000/9437188 (top)>> prompt reminds you that you are at the top of the CONFIG hierarchy. If you move to the ip node in the CONFIG hierarchy (by typing ip at the CONFIG prompt), the prompt changes to Netopia-3000/9437188 (ip)>> to identify your current location.

Some CLI commands are not available until cer tain conditions are met. For example, you must enable IP for an inter face before you can enter IP settings for that inter face.

Navigating the CONFIG Hierarchy

• Moving from CONFIG to SHELL — You can navigate from anywhere in the CONFIG hierarchy back to the SHELL level by entering quit at the CONFIG prompt and pressing

R ETURN .

237

238

Netopia-3000/9437188 (top)>> quit

Netopia-3000/9437188 >

• Moving from

top

to a subnode — You can navigate from the top node to a subnode by entering the node name (or the significant letters of the node name) at the CONFIG prompt and pressing R ETURN . For example, you move to the IP subnode by entering ip and pressing R ETURN .

Netopia-3000/9437188 (top)>> ip

Netopia-3000/9437188 (ip)>>

As a shor tcut, you can enter the significant letters of the node name in place of the full node name at the CONFIG prompt. The significant characters of a node name are the letters that uniquely identify the node. For example, since no other CONFIG node star ts with I, you could enter one letter (“

i

”) to move to the IP node.

• Jumping down several nodes at once — You can jump down several levels in the

CONFIG hierarchy by entering the complete path to a node.

• Moving up one node — You can move up through the CONFIG hierarchy one node at a time by entering the up command.

• Jumping to the top node — You can jump to the top level from anywhere in the CON-

FIG hierarchy by entering the top command.

• Moving from one subnode to another — You can move from one subnode to another by entering a par tial path that identifies how far back to climb.

• Moving from any subnode to any other subnode — You can move from any subnode to any other subnode by entering a par tial path that star ts with a top-level CONFIG command.

• Scrolling backward and forward through recent commands — You can use the Up and Down arrow keys to scroll backward and for ward through recent commands you have entered. When the command you want appears, press Enter to execute it.


Entering Commands in CONFIG Mode

CONFIG commands consist of keywords and arguments. Keywords in a CONFIG command specify the action you want to take or the entity on which you want to act. Arguments in a

CONFIG command specify the values appropriate to your site. For example, the CONFIG command

set ip ethernet A ip_address

consists of two keywords (

ip

,

and

ethernet A

) and one argument (ip_address).

When you use the command to configure your Gateway, you would replace the argument with a value appropriate to your site.

For example:

set ip ethernet A 192.31.222.57

239

240

Guidelines: CONFIG Commands

The following table provides guidelines for entering and formatting CONFIG commands.

Command component

Command verbs

Rules for entering CONFIG commands

Keywords

Argument Text

Numbers

IP addresses

CONFIG commands must start with a command verb (set, view, delete).

You can truncate CONFIG verbs to three characters (set, vie, del).

CONFIG verbs are case-insensitive. You can enter “SET,” “Set,” or “set.”

Keywords are case-insensitive. You can enter “Ethernet,” “ETHERNET,” or

“ethernet” as a keyword without changing its meaning.

Keywords can be abbreviated to the length that they are differentiated from other keywords.

Text strings can be as many as 64 characters long, unless otherwise specified. In some cases they may be as long as 255 bytes.

Special characters are represented using backslash notation.

Text strings may be enclosed in double (“) or single (‘) quote marks. If the text string includes an embedded space, it must be enclosed in quotes.

Special characters are represented using backslash notation.

Enter numbers as integers, or in hexadecimal, where so noted.

Enter IP addresses in dotted decimal notation (0 to 255).

If a command is ambiguous or miskeyed, the CLI prompts you to enter additional information. For example, you must specify which vir tual circuit you are configuring when you are setting up a Netopia Gateway.

Displaying Current Gateway Settings

You can use the

view

command to display the current CONFIG settings for your Netopia

Gateway. If you enter the

view

command at the top level of the CONFIG hierarchy, the CLI displays the settings for all enabled functions. If you enter the

view

command at an intermediate node, you see settings for that node and its subnodes.

Step Mode: A CLI Configuration Technique

The Netopia Gateway command line inter face includes a step mode to automate the process of entering configuration settings. When you use the CONFIG step mode, the command line inter face prompts you for all required and optional information. You can then enter the configuration values appropriate for your site without having to enter complete

CLI commands.


When you are in step mode, the command line inter face prompts you to enter required and optional settings. If a setting has a default value or a current setting, the command line inter face displays the default value for the command in parentheses. If a command has a limited number of acceptable values, those values are presented in brackets, with each value separated by a ver tical line. For example, the following CLI step command indicates that the default value is off and that valid entries are limited to on and off .

option (off) [on | off]: on

You can accept the default value for a field by pressing the Return key. To use a different value, enter it and press Return.

You can enter the CONFIG step mode by entering

set

from the top node of the CONFIG hierarchy. You can enter step mode for a par ticular ser vice by entering

set

service_name

.

In stepping set mode (press Control-X <Return/Enter> to exit. For example:

Netopia-3000/9437188 (top)>> set system

...

system

name (“Netopia-3000/9437188”): Mycroft

Diagnostic Level (High): medium

Stepping mode ended.

Validating Your Configuration

You can use the validate CONFIG command to make sure that your configuration settings have been entered correctly. If you use the validate command, the Netopia Gateway verifies that all required settings for all ser vices are present and that settings are consistent.

Netopia-3000/9437188 (top)>> validate

Error: Subnet mask is incorrect

Global Validation did not pass inspection!

You can use the validate command to verify your configuration settings at any time.

Your Netopia Gateway automatically validates your configuration any time you save a modified configuration.

241

242

CONFIG Commands

This section describes the keywords and arguments for the various CONFIG commands.

DSL Commands

ATM Settings. You can use the CLI to set up each ATM vir tual circuit.

set atm option {on | off }

Enables the WAN inter face of the Netopia Gateway to be configured using the Asynchronous Transfer Mode (ATM) protocol.

set atm [vcc n] option {on | off }

Selects the vir tual circuit for which fur ther parameters are set. Up to eight VCCs are suppor ted; the maximum number is dependent on your Netopia Operating System tier and the capabilities that your Ser vice Provider offers.

set atm [vcc n] qos service-class { cbr | ubr | vbr }

Sets the Quality of Ser vice class for the specified vir tual circuit – Constant (cbr), Unspecified (ubr), or Variable (vbr) Bit Rate.

• ubr: No configuration is needed for UBR VCs. Leave the default value 0 (maximum line rate).

• cbr: One parameter is required for CBR VCs. Enter the Peak Cell Rate that applies to the VC. This value should be between 1 and the line rate. You set this value according to specifications defined by your ser vice provider.

• vbr: Three parameters are required for VBR VCs. Enter the Peak Cell Rate, the Sus-

tained Cell Rate, and the Maximum Burst Size that apply to the VC. You set these values according to specifications defined by your ser vice provider.

set atm [vcc n] qos peak-cell-rate { 1 ...n }

If QoS class is set to cbr or vbr then specify the peak-cell-rate that should apply to the specified vir tual circuit. This value should be between 1 and the line rate.

The Peak Cell Rate (PCR) should be set to the maximum rate a PVC can oversubscribe its

Sustained Cell Rate (SCR). The Peak Cell Rate (see below) must be less than, or equal to

CONFIG Commands the raw WAN (DSL) bit rate. The Maximum Burst Size (MBS) is the number of cells that can be sent at the PCR rate, after which the PVC must fall back to the SCR rate.

set atm [vcc n] qos sustained-cell-rate { 1 ...n }

If QoS class is set to vbr, then specify the sustained-cell-rate that should apply to the specified vir tual circuit. This value should be less than, or equal to the Peak Cell Rate, which should be less than, or equal to the line rate.

set atm [vcc n] qos max-burst-size { 1 ...n }

If QoS class is set to vbr then specify the max-burst-size that should apply to the specified vir tual circuit. This value is the maximum number of cells that can be transmitted at the Peak Cell Rate after which the ATM VC transmission rate must drop to the Sustained

Cell Rate.

set atm [vcc n] vpi { 0 ... 255 }

Select the vir tual path identifier (vpi) for VCC n.

Your Ser vice Provider will indicate the required vpi number.

set atm [vcc n] vci { 0 ... 65535 }

Select the vir tual channel identifier (vci) for VCC n. Your Ser vice Provider will indicate the required vci number.

set atm [vccn] encap { ppp-vcmux | ppp-llc | ether-llc |

ip-llc | ppoe-vcmux | pppoe-llc }

Select the encapsulation mode for VCC n. The options are: ppp-vcmux ppp-llc ether-llc ip-llc pppoe-vcmux pppoe-llc

PPP over ATM, VC-muxed

PPP over ATM, LLC-SNAP

RFC-1483, bridged Ethernet, LLC-SNAP

RFC-1483, routed IP, LLC-SNAP

PPP over Ethernet, VC-muxed

PPP over Ethernet, LLC-SNAP

243

244

Your Ser vice Provider will indicate the required encapsulation mode.

set atm [vccn] pppoe-sessions { 1 ... 8 }

Select the number of PPPoE sessions to be configured for

VCC 1, up to a total of eight. The total number of pppoe-sessions and PPPoE VCCs configured must be less than or equal to eight.

Bridging Settings

Bridging lets the Netopia Gateway use MAC (Ethernet hardware) addresses to for ward non-

TCP/IP traffic from one network to another. When bridging is enabled, the Netopia Gateway maintains a table of up to 512 MAC addresses. Entries that are not used within 30 seconds are dropped. If the bridging table fills up, the oldest table entries are dropped to make room for new entries.

Vir tual circuits that use IP framing cannot be bridged.

☛

NOTE:

For bridging in the 3341 (or any model with a USB por t), you cannot set the

bridge option off, or bridge ethernet option off; these are on by default because of the USB por t.

Common Commands set bridge sys-bridge {on | off }

Enables or disables bridging ser vices in the Netopia Gateway. You must enable bridging ser vices within the Netopia Gateway before you can enable bridging for a specific interface.

set bridge concurrent-bridging-routing {on | off }

Enables or disables Concurrent Bridging/Routing.

CONFIG Commands

set bridge ethernet option { on | off }

Enables or disables bridging ser vices for the specified vir tual circuit using Ethernet framing.

set bridge dsl vcc n option { on | off }

Enables or disables bridging ser vices for the specified inter face. Specified inter face must be par t of a VLAN if bridge is turned on. Only RFC-1483 Bridged encapsulation is suppor ted currently.

• show log command will show that WAN Bridge is enabled when at least one WAN interface is bridged.

• show ip interfaces and show bridge interfaces commands will show the inter faces that are not in bridged mode and that are in bridged modes, respectively.

set bridge table-timeout [ 30 ... 6000 ]

Sets the timeout value for bridging table timeout. Default = 30 secs; range = 30 secs –

6000 secs (.5–100 mins).

DHCP Settings

As a Dynamic Host Control Protocol (DHCP) ser ver, your Netopia Gateway can assign IP addresses and provide configuration information to other devices on your network dynamically. A device that acquires its IP address and other TCP/IP configuration settings from the

Netopia Gateway can use the information for a fixed period of time (called the DHCP lease).

Common Commands set dhcp option { off | server | relay-agent }

Enables or disables DHCP ser vices in the Netopia Gateway. You must enable DHCP services before you can enter other DHCP settings for the Netopia Gateway.

If you turn off DHCP ser vices and save the new configuration, the Netopia Gateway clears its DHCP settings.

245

246 set dhcp start-address ip_address

If you selected server , specifies the first address in the DHCP address range. The Netopia Gateway can reser ve a sequence of up to 253 IP addresses within a subnet, beginning with the specified address for dynamic assignment.

set dhcp end-address ip_address

If you selected server , specifies the last address in the DHCP address range.

set dhcp lease-time lease-time

If you selected server

,

specifies the default length for DHCP leases issued by the

Netopia Gateway. Enter lease time in dd:hh:mm:ss (day/hour/minute/second) format.

set dhcp server-address ip_address

If you selected relay-agent , specifies the IP address of the relay agent ser ver.

CONFIG Commands

DMT Settings

DSL Commands set dmt type [ lite | dmt | ansi | multi | adsl2 | adsl2+ | readsl2 |

adsl2anxm | adsl2+anxm ]

Selects the type of Discrete Multitone (DMT) asynchronous digital subscriber line (ADSL) protocol to use for the WAN inter face.

Beginning with Firmware Version 7.6, the type value also supports the following settings on cer tain model units: adsl2, adsl2+, readsl2, adsl2anxm, adsl2+anxm.

☛

NOTE:

Some dmt type settings are now supported for many Annex B (335xN) platforms. 2200 Series and 33xxN Series models are suppor ted. Currently,

adsl2anxm and adsl2+anxm are not supported in Annex B.

set dmt autoConfig [ off | on ]

Enables suppor t for automatic VPI/VCI detection and configuration. When set to on (the default), a pre-defined list of VPI/VCI pairs are searched to find a valid configuration for your ADSL line. Entering a value for the VPI or VCI setting will disable this feature.

set dmt wiringMode [ auto | tip_ring | A_A1 ]

(not suppor ted on all models) This command configures the wiring mode setting for your

ADSL line. Selecting auto (the default) causes the Gateway to detect which pair of wires

(inner or outer pair) are in use on your phone line. Specifying tip_ring forces the inner pair to be used; and A_A1 the outer pair.

set dmt metallic-termination [ auto | disabled | always_on ]

(not suppor ted on all models) Beginning with firmware version 7.5.2, this command allows you to apply a sealing current to “dr y” DSL lines so that the wiring doesn’t corrode.

247

248

• auto - The device will scan for standard telephone service (POTS). If it finds POTS, it disables metallic termination. If it does not find POTS during the search period, then metallic termination is enabled.

• disabled - There is no POTS detection, and metallic termination is disabled.

• always_on - The device will scan for POTS for information only. Metallic termination is always enabled.

Domain Name System Settings

Domain Name System (DNS) is an information ser vice for TCP/IP networks that uses a hierarchical naming system to identify network domains and the hosts associated with them. You can identify a primar y DNS ser ver and one secondar y ser ver.

Common Commands set dns domain-name domain-name

Specifies the default domain name for your network. When an application needs to resolve a host name, it appends the default domain name to the host name and asks the DNS ser ver if it has an address for the “fully qualified host name.”

set dns primary-address ip_address

Specifies the IP address of the primar y DNS name ser ver.

set dns proxy-enable

This allows you to disable the default behavior of acting as a DNS proxy. The default is on.

set dns secondary-address ip_address

Specifies the IP address of the secondar y DNS name ser ver. Enter

0.0.0.0

if your network does not have a secondar y DNS name ser ver.

Dynamic DNS Settings

These commands are suppor ted beginning with Firmware Version 7.4.2.

Dynamic DNS suppor t allows you to use the free ser vices of www.dyndns.org. Dynamic

DNS automatically directs any public Internet request for your computer's name to your cur-

CONFIG Commands rent dynamically-assigned IP address. This allows you to get to the IP address assigned to your Gateway, even though your actual IP address may change as a result of a PPPoE connection to the Internet.

set dynamic-dns option [ off | dyndns.org ] set dynamic-dns ddns-host-name myhostname.dyndns.org

set dynamic-dns ddns-user-name myusername set dynamic-dns ddns-user-password myuserpassword

Enables or disables dynamic DNS ser vices. The default is off. If you specify dyndns.org, you must supply your hostname, username for the ser vice, and password.

Because different dynamic DNS vendors use different proprietar y protocols, currently only www.dyndns.org is suppor ted.

IGMP Settings

These commands are suppor ted beginning with Firmware Version 7.5.1.

set igmp snooping [ off | on ]

Enables IGMP Snooping. See “IGMP (Internet Group Management Protocol)” on page 97

for detailed explanation.

set igmp robustness value

Sets IGMP robustness range: from 2 – 255. The default is 2. See

“IGMP (Internet Group

Management Protocol)” on page 97 for detailed explanation.

set igmp query-intvl value

Sets the quer y-inter val range: from 10 seconds – 600 seconds, The default is 125 sec-

onds. See “IGMP (Internet Group Management Protocol)” on page 97

for detailed explanation.

set igmp query-response-intvl value

Sets the quer y-response inter val range: from 5 deci-seconds (tenths of a second) – 255 deci-seconds. The default is 100 deci-seconds. See

“IGMP (Internet Group Management

Protocol)” on page 97 for detailed explanation.

249

250

IP Settings

You can use the command line inter face to specify whether TCP/IP is enabled, identify a default Gateway, and to enter TCP/IP settings for the Netopia Gateway LAN and WAN por ts.

☛

NOTE:

For the DSL platform you must identify the vir tual PPP inter face [ vccn], a number from 1 to 8.

Common Settings set ip option { on | off }

Enables or disables TCP/IP ser vices in the Netopia Gateway. You must enable TCP/IP services before you can enter other TCP/IP settings for the Netopia Gateway. If you turn off

TCP/IP ser vices and save the new configuration, the Netopia Gateway clears its TCP/IP settings.

ARP Timeout Settings set ip arp-timeout [ 60 ... 6000 ]

Sets the timeout value for ARP timeout. Default = 600 secs (10 mins); range = 60 secs -

6000 secs (1–100 mins).

DSL Settings set ip dsl vccn address ip_address

Assigns an IP address to the vir tual circuit. Enter 0.0.0.0 if you want the vir tual circuit to obtain its IP address from a remote DHCP ser ver.

set ip dsl vccn broadcast broadcast_address

Specifies the broadcast address for the TCP/IP network connected to the vir tual circuit. IP hosts use the broadcast address to send messages to ever y host on your network simultaneously.

CONFIG Commands

The broadcast address for most networks is the network number followed by 255. For example, the broadcast address for the 192.168.1.0 network would be 192.168.1.255.

set ip dsl vccn netmask netmask

Specifies the subnet mask for the TCP/IP network connected to the vir tual circuit. The subnet mask specifies which bits of the 32-bit binar y IP address represents network information. The default subnet mask for most networks is 255.255.255.0 (Class C subnet mask).

set ip dsl vccn restriction { admin-disabled | none }

Specifies restrictions on the types of traffic the Netopia Gateway accepts over the DSL virtual circuit. The admin-disabled argument means that access to the device via telnet, web, and SNMP is disabled. RIP and ICMP traffic is still accepted. The none argument means that all traffic is accepted.

set ip dsl vccn addr-mapping { on | off }

Specifies whether you want the Netopia Gateway to use network address translation (NAT) when communicating with remote routers. Address mapping lets you conceal details of your network from remote routers. It also permits all LAN devices to share a single IP address. By default, address mapping is turned “On”.

set ip dsl vccn rip-send { off | v1 | v2 | v1-compat | v2-MD5 }

Specifies whether the Netopia Gateway should use Routing Information Protocol (RIP) broadcasts to adver tise its routing tables to other routers. RIP Version 2 (RIP-2) is an extension of the original Routing Information Protocol (RIP-1) that expands the amount of useful information in the RIP packets. While RIP-1 and RIP-2 share the same basic algorithms, RIP-2 suppor ts several additional features, including inclusion of subnet masks in

RIP packets and implementation of multicasting instead of broadcasting (which reduces the load on hosts which do not suppor t routing protocols. RIP-2 with MD5 authentication is an extension of RIP-2 that increases security by requiring an authentication key when routes are adver tised.

Depending on your network needs, you can configure your Netopia Gateway to suppor t RIP-

1, RIP-2, or RIP-2MD5.

251

252

If you specify v2-MD5, you must also specify a rip-send-key. Keys are ASCII strings with a maximum of 31 characters, and must match the other router(s) keys for proper operation of MD5 suppor t.

set ip dsl vccn rip-receive

{ off | v1 | v2 | v1-compat | v2-MD5 }

Specifies whether the Netopia Gateway should use Routing Information Protocol (RIP) broadcasts to update its routing tables with information received from other routers.

If you specify v2-MD5, you must also specify a rip-receive-key. Keys are ASCII strings with a maximum of 31 characters, and must match the other router(s) keys for proper operation of MD5 suppor t.

Ethernet LAN Settings set ip ethernet A option { on | off }

Enables or disables communications through the designated Ethernet por t in the Gateway.

You must enable TCP/IP functions for an Ethernet por t before you can configure its network settings.

set ip ethernet A address ip_address

Assigns an IP address to the Netopia Gateway on the local area network. The IP address you assign to the local Ethernet inter face must be unique on your network. By default, the

Netopia Gateway uses 192.168.1.254 as its LAN IP address.

set ip ethernet A broadcast broadcast_address

Specifies the broadcast address for the local Ethernet inter face. IP hosts use the broadcast address to send messages to ever y host on your network simultaneously.

The broadcast address for most networks is the network number followed by 255. For example, the broadcast address for the 192.168.1.0 network would be 192.168.1.255.

CONFIG Commands

set ip ethernet A netmask netmask

Specifies the subnet mask for the local Ethernet inter face. The subnet mask specifies which bits of the 32-bit binar y IP address represent network information. The default subnet mask for most networks is 255.255.255.0 (Class C subnet mask).

set ip ethernet A restrictions { none | admin-disabled }

Specifies whether an administrator can open a telnet connection to a Netopia Gateway over an Ethernet inter face ( A = the LAN; B = the WAN, in the case of Ethernet WAN models) to monitor and configure the unit.

The admin-disabled argument prevents access to the device via telnet, web, and SNMP.

By default, administrative restrictions are none on the LAN, but admin-disabled is set on the WAN. This means that, by default, an administrator can open, for example, a telnet connection from the LAN, but not the WAN.

set ip ethernet A rip-send

{ off | v1 | v2 | v1-compat | v2-MD5 }

Specifies whether the Netopia Gateway should use Routing Information Protocol (RIP) broadcasts to adver tise its routing tables to other routers on your network. RIP Version 2

(RIP-2) is an extension of the original Routing Information Protocol (RIP-1) that expands the amount of useful information in the RIP packets. While RIP-1 and RIP-2 share the same basic algorithms, RIP-2 suppor ts several additional features, including inclusion of subnet masks in RIP packets and implementation of multicasting instead of broadcasting (which reduces the load on hosts which do not suppor t routing protocols. RIP-2 with MD5 authentication is an extension of RIP-2 that increases security by requiring an authentication key when routes are adver tised.


Depending on your network needs, you can configure your Netopia Gateway to suppor t RIP-

1, RIP-2, or RIP-2MD5.

253

254 set ip ethernet A rip-receive { off | v1 | v2 | v1-compat | v2-MD5 }

Specifies whether the Netopia Gateway should use Routing Information Protocol (RIP) broadcasts to update its routing tables with information received from other routers on your network.


Default IP Gateway Settings set ip gateway option { on | off }

Specifies whether the Netopia Gateway should send packets to a default Gateway if it does not know how to reach the destination host.

set ip gateway interface {

ip-address | ppp-vccn }

Specifies how the Netopia Gateway should route information to the default Gateway. If you select ip-address, you must enter the IP address of a host on a local or remote network.

If you specify ppp, the Netopia unit uses the default gateway being used by the remote

PPP peer.

IP-over-PPP Settings. Use the following commands to configure settings for routing IP over a vir tual PPP inter face.

☛

NOTE:

For a DSL platform you must identify the vir tual PPP inter face [ vccn], a number from 1 to 8.

set ip ip-ppp [ vccn] option { on | off }

Enables or disables IP routing through the vir tual PPP inter face. By default, IP routing is turned on. If you turn off IP routing and save the new configuration, the Netopia Gateway clears IP routing settings

CONFIG Commands

set ip ip-ppp

[

vccn

]

address ip_address

Assigns an IP address to the vir tual PPP inter face. If you specify an IP address other than

0.0.0.0, your Netopia Gateway will not negotiate its IP address with the remote peer. If the remote peer does not accept the IP address specified in the ip_address argument as valid, the link will not come up.

The default value for the ip_address argument is 0.0.0.0, which indicates that the virtual PPP inter face will use the IP address assigned to it by the remote peer. Note that the remote peer must be configured to supply an IP address to your Netopia Gateway if you enter 0.0.0.0 for the ip_address argument.

set ip ip-ppp [ vccn] peer-address ip_address

Specifies the IP address of the peer on the other end of the PPP link. If you specify an IP address other than 0.0.0.0, your Netopia Gateway will not negotiate the remote peer's IP address. If the remote peer does not accept the address in the ip_address argument as its IP address (typically because it has been configured with another IP address), the link will not come up.

The default value for the ip_address argument is 0.0.0.0, which indicates that the virtual PPP inter face will accept the IP address returned by the remote peer. If you enter

0.0.0.0, the peer system must be configured to supply this address.

set ip ip-ppp [ vccn] restriction { admin-disabled | none }

Specifies restrictions on the types of traffic the Netopia Gateway accepts over the PPP virtual circuit. The admin-disabled argument means that access to the device, via telnet, web and SNMP is disabled. The none argument means that all traffic is accepted.

set ip ip-ppp [ vccn] addr-mapping { on | off }

Specifies whether you want the Netopia Gateway to use network address translation (NAT) when communicating with remote routers. Network address translation lets you conceal details of your network from remote routers. By default, address mapping is turned on.

255

256 set ip ip-ppp [ vccn] rip-send { off | v1 | v2 | v1-compat | v2-MD5 }

Specifies whether the Netopia Gateway unit should use Routing Information Protocol (RIP) broadcasts to adver tise its routing tables to routers on the other side of the PPP link. An extension of the original Routing Information Protocol (RIP-1), RIP Version 2 (RIP-2) expands the amount of useful information in the packets. While RIP-1 and RIP-2 share the same basic algorithms, RIP-2 suppor ts several new features. For example, inclusion of subnet masks in RIP packets and implementation of multicasting instead of broadcasting.

This last feature reduces the load on hosts which do not suppor t routing protocols. RIP-2 with MD5 authentication is an extension of RIP-2 that increases security by requiring an authentication key when routes are adver tised.

This command is only available when address mapping for the specified vir tual circuit is turned “off”.


set ip ip-ppp [ vccn] rip-receive { off | v1 | v2 | v1-compat | v2-MD5 }

Specifies whether the Netopia Gateway should use Routing Information Protocol (RIP) broadcasts to update its routing tables with information received from other routers on the other side of the PPP link.


CONFIG Commands

Static ARP Settings

Your Netopia Gateway maintains a dynamic Address Resolution Protocol (ARP) table to map

IP addresses to Ethernet (MAC) addresses. Your Netopia Gateway populates this ARP table dynamically, by retrieving IP address/MAC address pairs only when it needs them. Optionally, you can define static ARP entries to map IP addresses to their corresponding Ethernet

MAC addresses. Unlike dynamic ARP table entries, static ARP table entries do not time out.

You can configure as many as 16 static ARP table entries for a Netopia Gateway. Use the following commands to add static ARP entries to the Netopia Gateway static ARP table:

set ip static-arp

ip-address

ip_address

Specifies the IP address for the static ARP entr y. Enter an IP address in the ip_address argument in dotted decimal format. The ip_address argument cannot be 0.0.0.0.

set ip static-arp

ip-address

ip_address

hardware-address

MAC_address

Specifies the Ethernet hardware address for the static ARP entr y. Enter an Ethernet hardware address in the MAC_address argument in

nn.nn.nn.nn.nn.nn

(hexadecimal) format.

IGMP Forwarding set ip igmp-forwarding [ off | on ]

Turns IP IGMP for warding off or on. The default is off.

IPsec Passthrough set ip ipsec-passthrough [ off | on ]

Turns IPsec client passthrough off or on. The default is on.

257

258

IP Prioritization set ip prioritize [ off | on ]

Allows you to suppor t traffic that has the TOS bit set. This defaults to off.

Differentiated Services (DiffServ)

The commands in this section are suppor ted beginning with Firmware Version 7.4.2.

set diffserv option [ off | on ]

Turns the DiffSer v option off (default) or on. on enables the service and IP TOS bits are used, even if no flows are defined. Consequently, if the end-point nodes provide TOS settings from an application that can be interpreted as one of the suppor ted states, the Gateway will handle it as if it actively marked the TOS field itself.

☛

NOTE:

The Gateway itself will not override TOS bit settings made by the endpoints.

Suppor t for source-provided IP TOS priorities within the Gateway is achieved simply by turning the DiffSer ve option “on” and by setting the lohi-asymmetr y to adjust the behavior of the Gateway’s internal queues.

set diffserv lohi-ratio [ 60 - 100 percent ]

Sets a percentage between 60 and 100 used to regulate the level of packets allowed to be pending in the low priority queue. The default is 92. It can be used in some degree to adjust the relative throughput bandwidth for low- versus high-priority traffic.

CONFIG Commands

set diffserv custom-flows name name

protocol [ TCP | UDP | ICMP | other ]

direction [ outbound | inbound | both ]

start-port [ 0 - 49151 ]

end-port [ 0 - 49151 ]

inside-ip inside-ip-addr

inside-ip-mask inside-ip-netmask outside-ip outside-ip-addr

outside-ip-mask outside-ip-netmask

qos [ off | assure | expedite ]

Defines or edits a custom flow. Select a name for the custom-flow from the set command.

The CLI will step into the newly-named or previously-defined flow for editing.

• protocol – Allows you to choose the IP protocol for the stream: TCP, UDP, ICMP, or

other.

other is appropriate for setting up flows on protocols with non-standard port definitions, for example, IPSEC or PPTP. If you select other, an additional field, numbered-proto-

col will appear with a range of 0–255. Choose the protocol number from this field.

• direction – Allows you to choose whether to apply the marking and gateway queue behavior for inbound packets, outbound packets, or to both. If the Gateway is used as an “edge” gateway, its more impor tant function is to mark the packets for high-priority streams in the outbound direction.

• start-port/end-port – Allows you to specify a range of ports to check for a particular flow, if the protocol selection is TCP or UDP.

• inside-ip/mask – If you want packets originating from a certain LAN IP address to be marked, enter the IP address and subnet mask here. If you leave the address equal to zero, this check is ignored for outbound packets. The check is always ignored for inbound packets. The DiffSer ve queuing function must be applied ahead of NAT; and, before NAT re-maps the inbound packets, all inbound packets are destined for the Gateway's WAN IP address.

• outside-ip/mask – If you want packets destined for and originating from a certain WAN

IP address to be marked, enter this address and subnet mask here. If you leave the address equal to zero, the outside address check is ignored. For outbound flows, the outside address is the destination IP address for the packets. For inbound packets, the outside address is the source IP address for the packets.

Note:

When setting the Inside/Outside IP Address/Netmask settings, note that a netmask value can be used to configure for a network rather than a single IP address.

259

260

• qos – Allows you to specify the Quality of Service for the flow: off, assure, or expedite.

These are used both to mark the IP TOS byte and to distribute packets into the queues as if they were marked by the source.

SIP Passthrough set ip sip-passthrough [ on | off ]

Turns Session Initiation Protocol application layer gateway client passthrough on or off.

The default is on.

Session Initiation Protocol, is a signaling protocol for Internet conferencing, telephony, presence, events notification and instant messaging.

Static Route Settings

A static route identifies a manually configured pathway to a remote network. Unlike dynamic routes, which are acquired and confirmed periodically from other routers, static routes do not time out. Consequently, static routes are useful when working with PPP, since an intermittent PPP link may make maintenance of dynamic routes problematic.

You can configure as many as 32 static IP routes for a Netopia Gateway. Use the following commands to maintain static routes to the Netopia Gateway routing table:

set ip static-routes

destination-network

net_address

Specifies the network address for the static route. Enter a network address in the net_address argument in dotted decimal format. The net_address argument cannot be 0.0.0.0.

set ip static-routes

destination-network

net_address

netmask netmask

Specifies the subnet mask for the IP network at the other end of the static route. Enter the netmask argument in dotted decimal format. The subnet mask associated with the destination network must represent the same network class (A, B, or C) or a lower class (such as a class C subnet mask for class B network number) to be valid.

CONFIG Commands

set ip static-routes destination-network net_address

interface { ip-address | ppp-vccn }

Specifies the inter face through which the static route is accessible.


gateway-address gate_address

Specifies the IP address of the Gateway for the static route. The default Gateway must be located on a network connected to the Netopia Gateway configured inter face.


metric integer

Specifies the metric (hop count) for the static route. The default metric is 1. Enter a number from 1 to 15 for the integer argument to indicate the number of routers (actual or best guess) a packet must traverse to reach the remote network.

You can enter a metric of 1 to indicate either:

• The remote network is one router away and the static route is the best way to reach it;

• The remote network is more than one router away but the static route should not be replaced by a dynamic route, even if the dynamic route is more efficient.


rip-advertise [ SplitHorizon | Always | Never ]

Specifies whether the gateway should use Routing Information Protocol (RIP) broadcasts to adver tise to other routers on your network and which mode to use. The default is SplitHorizon.

delete ip static-routes destination-network net_address

Deletes a static route. Deleting a static route removes all information associated with that route.

261

262

IPMaps Settings set ip-maps name < name> internal-ip <ip address>

Specifies the name and static ip address of the LAN device to be mapped.

set ip-maps name < name> external-ip <ip address>

Specifies the name and static ip address of the WAN device to be mapped.

Up to 8 mapped static IP addresses are suppor ted.

Network Address Translation (NAT) Default Settings

NAT default settings let you specify whether you want your Netopia Gateway to for ward NAT traffic to a default ser ver when it doesn’t know what else to do with it. The NAT default host function is useful in situations where you cannot create a specific NAT pinhole for a traffic stream because you cannot anticipate what por t number an application might use. For example, some network games select arbitrar y por t numbers when a connection is being opened. By identifying your computer (or another host on your network) as a NAT default ser ver, you can specify that NAT traffic that would other wise be discarded by the Netopia

Gateway should be directed to a specific hosts.

set nat-default mode [ off | default-server | ip-passthrough ]

Specifies whether you want your Netopia Gateway to for ward unsolicited traffic from the

WAN to a default ser ver or an IP passthrough host when it doesn’t know what else to do with it. See

“Default Ser ver” on page 85

for more information.

set nat-default dhcp-enable [ on | off ]

Allows the IP passthrough host to acquire its IP address via DHCP, if ip-passthrough is enabled.

set nat-default address ip_address

Specifies the IP address of the NAT default ser ver.

CONFIG Commands

set nat-default host-hardware-address MAC_address }

Specifies the hardware (MAC) address of the IP passthrough host.

Network Address Translation (NAT) Pinhole Settings

NAT pinholes let you pass specific types of network traffic through the NAT inter faces on the Netopia Gateway. NAT pinholes allow you to route selected types of network traffic, such as FTP requests or HTTP (Web) connections, to a specific host behind the Netopia

Gateway transparently.

To set up NAT pinholes, you identify the type(s) of traffic you want to redirect by por t number, and you specify the internal host to which each specified type of traffic should be directed.

The following list identifies protocol type and por t number for common TCP/IP protocols:

• FTP (TCP 21)

• telnet (TCP 23)

• SMTP (TCP 25),

• TFTP (UDP 69)

• SNMP (TCP 161, UDP 161)

set pinhole name name

Specifies the identifier for the entr y in the router's pinhole table. You can name pinhole table entries sequentially (1, 2, 3), by por t number (21, 80, 23), by protocol, or by some other naming scheme.

set pinhole name name protocol-select { tcp | udp }

Specifies the type of protocol being redirected.

set pinhole name name external-port-start [ 0 - 49151 ]

Specifies the first por t number in the range being translated.

263

264 set pinhole name name external-port-end [ 0 - 49151 ]

Specifies the last por t number in the range being translated.

set pinhole name name internal-ip internal-ip

Specifies the IP address of the internal host to which traffic of the specified type should be transferred.

set pinhole name name internal-port [ 0 - 65535 ]

Specifies the por t number your Netopia Gateway should use when for warding traffic of the specified type. Under most circumstances, you would use the same number for the external and internal por t.

PPPoE /PPPoA Settings

You can use the following commands to configure basic settings, por t authentication settings, and peer authentication settings for PPP inter faces on your Netopia Gateway.

Configuring Basic PPP Settings.

☛

NOTE:

For the DSL platform you must identify the vir tual PPP inter face [ vccn], a number from 1 to 8.

set ppp module [vccn] option { on | off }

Enables or disables PPP on the Netopia Gateway.

set ppp module [vccn] auto-connect { on | off }

Suppor ts manual mode required for some vendors. The default on is not normally changed. If auto-connect is disabled ( off), you must manually start/stop a ppp connection.

CONFIG Commands

set ppp module [vccn] mru integer

Specifies the Maximum Receive Unit (MRU) for the PPP inter face. The integer argument can be any number between 128 and 1492 for PPPoE; 1500 other wise.

set ppp module [vccn] magic-number { on | off }

Enables or disables LCP magic number negotiation.

set ppp module [vccn] protocol-compression { on | off }

Specifies whether you want the Netopia Gateway to compress the PPP Protocol field when it transmits datagrams over the PPP link.

set ppp module [vccn] lcp-echo-requests { on | off }

Specifies whether you want your Netopia Gateway to send LCP echo requests. You should turn off LCP echoing if you do not want the Netopia Gateway to drop a PPP link to a nonresponsive peer.

set ppp module [vccn] echo-period integer

Specifies the number of seconds the Netopia Gateway should wait before sending another echo from an LCP echo request. The integer argument can be any number from between 5 and 300 (seconds).

set ppp module [vccn] lost-echoes-max integer

Specifies the maximum number of lost echoes the Netopia Gateway should tolerate before bringing down the PPP connection. The integer argument can be any number from between

1 and 20.

set ppp module [vccn] failures-max integer

Specifies the maximum number of Configure-NAK messages the PPP module can send without having sent a Configure-ACK message. The integer argument can be any number between 1 and 20.

265

266 set ppp module [vccn] configure-max integer

Specifies the maximum number of unacknowledged configuration requests that your Netopia Gateway will send. The integer argument can be any number between 1 and 20.

set ppp module [vccn] terminate-max integer

Specifies the maximum number of unacknowledged termination requests that your Netopia

Gateway will send before terminating the PPP link. The integer argument can be any number between 1 and 10.

set ppp module [vccn] restart-timer integer

Specifies the number of seconds the Netopia Gateway should wait before retransmitting a configuration or termination request. The integer argument can be any number between 1 and 30.

set ppp module [vccn] connection-type

{ instant-on | always-on }

Specifies whether a PPP connection is maintained by the Netopia Gateway when it is unused for extended periods. If you specify always-on, the Netopia Gateway never shuts down the PPP link. If you specify instant-on, the Netopia Gateway shuts down the PPP link after the number of seconds specified in the time-out setting (below) if no traffic is moving over the circuit.

set ppp module [vccn] time-out integer

If you specified a connection type of instant-on, specifies the number of seconds, in the range 30 - 3600, with a default value of 300, the Netopia Gateway should wait for communication activity before terminating the PPP link.

Configuring Port Authentication. You can use the following command to specify how your Netopia Gateway should respond when it receives an authentication request from a remote peer.

The settings for por t authentication on the local Netopia Gateway must match the authentication that is expected by the remote peer. For example, if the remote peer requires CHAP authentication and has a name and CHAP secret for the Netopia Gateway, you must enable

CONFIG Commands

CHAP and specify the same name and secret on the Netopia Gateway before the link can be established.

set ppp module [vccn] port-authentication

option [ off | on | pap-only | chap-only ]

Specifying on turns both PAP and CHAP on, or you can select PAP or CHAP. Specify the username and password when por t authentication is turned on (both CHAP and PAP,

CHAP or PAP.) Authentication must be enabled before you can enter other information.

set ppp module [vccn] port-authentication username username

The username argument is 1 – 255 alphanumeric characters. The information you enter must match the username configured in the PPP peer's authentication database.

set ppp module [vccn] port-authentication password password

The password argument is 1 – 128 alphanumeric characters. The information you enter must match the password used by the PPP peer.

Ethernet Port Settings set ethernet ethernet A mode { auto | 100M-full | 100M-full-fixed |

100M-half-fixed | 10M-full-fixed | 10M-half-fixed |

100M-half | 10M-full | 10M-half }

Allows mode setting for the ethernet por t. Only suppor ted on units without a LAN switch, or dual ethernet products (338x). In the dual ethernet case, “ethernet B” would be specified for the WAN por t. The default is auto.

Command Line Interface Preference Settings

You can set command line inter face preferences to customize your environment.

set preference verbose { on | off }

Specifies whether you want command help and prompting information displayed. By default, the command line inter face verbose preference is turned off. If you turn it on, the command line inter face displays help for a node when you navigate to that node.

267

268 set preference more lines

Specifies how many lines of information you want the command line inter face to display at one time. The lines argument specifies the number of lines you want to see at one time.

The range is 1-65535. By default, the command line inter face shows you 22 lines of text before displaying the prompt: More …[y|n] ?.

If you enter 1000 for the lines argument, the command line inter face displays information as an uninterrupted stream (which is useful for capturing information to a text file).

CONFIG Commands

Port Renumbering Settings

If you use NAT pinholes to for ward HTTP or telnet traffic through your Netopia Gateway to an internal host, you must change the por t numbers the Netopia Gateway uses for its own configuration traffic. For example, if you set up a NAT pinhole to for ward network traffic on

Por t 80 (HTTP) to another host, you would have to tell the Netopia Gateway to listen for configuration connection requests on a por t number other than 80, such as 6080.

After you have changed the por t numbers the Netopia Gateway uses for its configuration traffic, you must use those por t numbers instead of the standard numbers when configuring the Netopia Gateway. For example, if you move the router's Web ser vice to por t

“6080” on a box with a system (DNS) name of “superbox”, you would enter the URL http:/

/superbox:6080 in a Web browser to open the Netopia Gateway graphical user inter face.

Similarly, you would have to configure your telnet application to use the appropriate por t when opening a configuration connection to your Netopia Gateway.

set servers web-http [ 1 - 65534 ]

Specifies the por t number for HTTP (web) communication with the Netopia Gateway.

Because por t numbers in the range 0-1024 are used by other protocols, you should use numbers in the range 1025-65534 when assigning new por t numbers to the Netopia Gateway web configuration inter face. A setting of 0 (zero) will turn the server off.

set servers telnet-tcp [ 1 - 65534 ]

Specifies the por t number for telnet (CLI) communication with the Netopia Gateway.

Because por t numbers in the range 0-1024 are used by other protocols, you should use numbers in the range 1025-65534 when assigning new por t numbers to the Netopia Gateway telnet configuration inter face. A setting of 0 (zero) will turn the server off.

☛

NOTE:

You cannot specify a por t setting of 0 (zero) for both the web and telnet ports at the same time. This would prevent you from accessing the Gateway.

269

270

Security Settings

Security settings include the Firewall and IPSec parameters. All of the security functionality is keyed.

Firewall Settings (for BreakWater Firewall) set security firewall option [ ClearSailing | SilentRunning |

LANdLocked ]

The 3 settings for BreakWater are discussed in detail on page

page 125

.

SafeHarbour IPSec Settings

SafeHarbour VPN is a tunnel between the local network and another geographically dispersed network that is interconnected over the Internet. This VPN tunnel provides a secure, cost-effective alternative to dedicated leased lines. Internet Protocol Security

(IPsec) is a series of ser vices including encr yption, authentication, integrity, and replay protection. Internet Key Exchange (IKE) is the key management protocol of IPsec that establishes keys for encr yption and decr yption. Because this VPN software implementation is built to these standards, the other side of the tunnel can be either another Netopia unit or another IPsec/IKE based security product. For VPN you can choose to have traffic authenticated, encr ypted, or both.

When connecting the Netopia unit in a telecommuting scenario, the corporate VPN settings will dictate the settings to be used in the Netopia unit. If a parameter has not been specified from the other end of the tunnel, choose the default unless you fully understand the ramifications of your parameter choice.

set security ipsec option (off) {on | off}

Turns on the SafeHarbour IPsec tunnel capability. Default is off. See

“IPSec” on page 130


set security ipsec tunnels name "123"

The name of the tunnel can be quoted to allow special characters and embedded spaces.

CONFIG Commands

set security ipsec tunnels name "123" tun-enable

(on) {on | off}

This enables this par ticular tunnel. Currently, one tunnel is suppor ted.

set security ipsec tunnels name "123" dest-ext-address ip-address

Specifies the IP address of the destination gateway.

set security ipsec tunnels name "123" dest-int-network ip-address

Specifies the IP address of the destination computer or internal network.

set security ipsec tunnels name "123" dest-int-netmask netmask

Specifies the subnet mask of the destination computer or internal network. The subnet mask specifies which bits of the 32-bit IP address represents network information. The default subnet mask for most networks is 255.255.255.0 (class C subnet mask).

set security ipsec tunnels name "123" encrypt-protocol

(ESP) { ESP | none }

See

page 130 for details about SafeHarbour IPsec tunnel capability.

set security ipsec tunnels name "123" auth-protocol

(ESP) {AH | ESP | none}

See


set security ipsec tunnels name "123" IKE-mode

pre-shared-key-type (hex) {ascii | hex}

See


271

272 set security ipsec tunnels name "123" IKE-mode

pre-shared-key ("") {hex string}

See


Example: 0x1234


neg-method {main | aggressive}

See


Note: Aggressive Mode is a little faster, but it does not provide identity protection for negotiations nodes.


DH-group (1) { 1 | 2 | 5}

See



isakmp-SA-encrypt (DES) { DES | 3DES }

See



ipsec-mtu mtu_value

This command is suppor ted beginning with Version 7.4

The Maximum Transmission Unit is a link layer restriction on the maximum number of bytes of data in a single transmission. The maximum allowable value (also the default) is

1500, and the minimum is 100.

set security ipsec tunnels name "123" IKE-mode isakmp-SA-hash

(MD5) {MD5 | SHA1}

See


CONFIG Commands

set security ipsec tunnels name "123" IKE-mode PFS-enable

{ off | on }

See


set security ipsec tunnels name "123" IKE-mode invalid-spi-recovery

{ off | on }

Enables the Gateway to re-establish the tunnel if either the Netopia Gateway or the peer gateway is rebooted.

set security ipsec tunnels name "123" xauth enable {off | on }

Enables or disables Xauth extensions to IPsec, when IKE-mode neg-method is set to

aggressive. Default is off.

set security ipsec tunnels name "123" xauth username username

Sets the Xauth username, if Xauth is enabled.

set security ipsec tunnels name "123" xauth password password

Sets the Xauth password, if Xauth is enabled.

set security ipsec tunnels name "123" nat-enable { on | off }

Enables or disables NAT on the specified IPsec tunnel. The default is off.

set security ipsec tunnels name "123" nat-pat-address ip-address

Specifies the NAT por t address translation IP address for the specified IPsec tunnel.

set security ipsec tunnels name "123" local-id-type

{ IP-address | Subnet | Hostname | ASCII }

Specifies the NAT local ID type for the specified IPsec tunnel, when Aggressive Mode is set.

273

274 set security ipsec tunnels name "123" local-id id_value

Specifies the NAT local ID value as specified in the local-id-type for the specified IPsec tunnel, when Aggressive Mode is set.

☛

Note: If subnet is selected, the following two values are used instead:

set security ipsec tunnels name "123" local-id-addr ip-address set security ipsec tunnels name "123" local-id-mask ip-mask set security ipsec tunnels name "123" remote-id-type

{ IP-address | Subnet | Hostname | ASCII }

Specifies the NAT remote ID type for the specified IPsec tunnel, when Aggressive Mode is set.

set security ipsec tunnels name "123" remote-id id_value

Specifies the NAT remote ID value as specified in the remote-id-type for the specified

IPsec tunnel, when Aggressive Mode is set.

☛

Note: If subnet is selected, the following two values are used instead:

set security ipsec tunnels name "123" remote-id-addr ip-address set security ipsec tunnels name "123" remote-id-mask ip-mask

CONFIG Commands

Internet Key Exchange (IKE) Settings

The following four IPsec parameters configure the rekeying event.


ipsec-soft-mbytes (1000) {1-1000000} set security ipsec tunnels name "123" IKE-mode

ipsec-soft-seconds (82800) {60-1000000} set security ipsec tunnels name "123" IKE-mode

ipsec-hard-mbytes (1200) {1-1000000} set security ipsec tunnels name "123" IKE-mode

ipsec-hard-seconds (86400) {60-1000000}

• The soft parameters designate when the system negotiates a new key. For example, after 82800 seconds (23 hours) or 1 Gbyte has been transferred (whichever comes first) the key will be renegotiated.

• The hard parameters indicate that the renegotiation must be complete or the tunnel will be disabled. For example, 86400 seconds (24 hours) means that the renegotiation must be complete within one day.

Both ends of the tunnel set parameters, and typically they will be the same. If they are not the same, the rekey event will happen when the longest time period expires or when the largest amount of data has been sent.

275

276

Stateful Inspection

Stateful inspection options are accessed by the security state-insp tag.

set security state-insp [ ip-ppp | dsl ] vcc n option [ off | on ] set security state-insp ethernet [ A | B ] option [ off | on ]

Sets the stateful inspection option off or on on the specified inter face. This option is disabled by default. Stateful inspection prevents unsolicited inbound access when NAT is disabled.

set security state-insp [ ip-ppp | dsl ] vcc n

default-mapping [ off | on ] set security state-insp ethernet [ A | B ]

default-mapping [ off | on ]

Sets stateful inspection default mapping to router option off or on on the specified interface.

set security state-insp [ ip-ppp | dsl ] vcc n tcp-seq-diff

[ 0 - 65535 ] set security state-insp ethernet [ A | B ] tcp-seq-diff

[ 0 - 65535 ]

Sets the acceptable TCP sequence difference on the specified inter face. The TCP sequence number difference maximum allowed value is 65535. If the value of tcp-seq-diff is 0, it means that this check is disabled.

set security state-insp [ ip-ppp | dsl ] vcc n

deny-fragments [ off | on ] set security state-insp ethernet [ A | B ]

deny-fragments [ off | on ]

Sets whether fragmented packets are allowed to be received or not on the specified interface.

set security state-insp tcp-timeout [ 30 - 65535 ]

Sets the stateful inspection TCP timeout inter val, in seconds.

CONFIG Commands

set security state-insp udp-timeout [ 30 - 65535 ]

Sets the stateful inspection UDP timeout inter val, in seconds.

set security state-insp xposed-addr exposed-address# " n"

Allows you to add an entr y to the specified list, or, if the list does not exist, creates the list for the stateful inspection feature. xposed-addr settings only apply if NAT is off.

Example:

set security state-insp xposed-addr exposed-address# (?): 32

32 has been added to the xposed-addr list.

Sets the exposed list address number.

set security state-insp xposed-addr

exposed-address# " n" start-ip ip_address

Sets the exposed list range star ting IP address, in dotted quad format.


exposed-address# " n" end-ip ip_address

Sets the exposed list range ending IP address, in dotted quad format.

32 exposed addresses can be created. The range for exposed address numbers are from

1 through 32.


exposed-address# " n" protocol [ tcp | udp | both | any ]

Sets the protocol for the stateful inspection feature for the exposed address list. Accepted values for protocol are tcp, udp, both, or any.

If protocol is not any, you can set por t ranges:

277

278 set security state-insp xposed-addr

exposed-address# " n" start-port [ 1 - 65535 ] set security state-insp xposed-addr

exposed-address# " n" end-port [ 1 - 65535 ]

Packet Filtering Settings

Packet Filtering settings are suppor ted beginning with Firmware Version 7.4.

Packet Filtering has two par ts:

• Create/Edit/Delete Filter Sets, create/edit/delete rules to a Filter Set.

• Associate a created Filter Set with a WAN or LAN inter face

See

“Packet Filter” on page 154 for more information.

set security pkt-filter filterset filterset-name [ in | out ] index

forward [ on | off ]

Creates or edits a filter rule, specifying whether packets will be for warded or not.

☛

NOTE:

If this is the first rule, it will create the filter-set called filterset-name, otherwise it will edit the filterset.

If the index is not consecutive, the system will select the next consecutive index. If the index does not exist, a rule will be created. If a rule exists, the rule will be edited.


idle-reset [ on | off ]

Turns idle reset on or off for the specified filter rule. A match on this rule resets idle-timeout status and keeps the WAN connection alive. The default is off.

CONFIG Commands


frc-rte [ on | off ]

Turns forced routing on or off for the specified filter rule. A match on this rule will force a route for packets. The default is off.


gateway ip_addr

Specifies the gateway IP address for forced routed packets, if forced routing is enabled.


src-ip ip_addr

Specifies the source IP address to match packets (where the packet was sent from).


src-mask mask

Specifies the source IP mask to match packets (where the packet was sent from).


dest-ip ip_addr

Specifies the destination IP address to match packets (where the packet is going).


dest-mask mask

Specifies the destination IP mask to match packets (where the packet is going).


tos value

Specifies the TOS (Type Of Ser vice) value to match packets. The value for tos can be from

0 – 255.

279

280 set security pkt-filter filterset filterset-name [ in | out ] index

tos-mask value

Specifies the TOS (Type Of Ser vice) mask to match packets. The value for tos-mask can be from 0 – 255.


protocol value

Specifies the protocol value to match packets, the type of higher-layer Internet protocol the packet is carr ying, such as TCP or UDP. The value for protocol can be from 0 – 255.


src-compare [ nc | ne | lt | le | eq | gt | ge ]

Sets the source compare operator action for the specified filter rule.

Operator Action le eq ge gt nc ne lt

No compare

Not equal to

Less than

Less than or equal to

Equal to

Greater than or equal to

Greater than


dst-compare [ nc | ne | lt | le | eq | gt | ge ]

Sets the destination compare operator action for the specified filter rule.

Operator Action nc ne lt

No compare

Not equal to

Less than

CONFIG Commands

Operator Action le eq ge gt

Less than or equal to

Equal to

Greater than or equal to

Greater than


src-port value

Specifies the source IP por t to match packets (the por t on the sending host that originated the packet, if the underlying protocol is TCP or UDP).


dst-port value

Specifies the destination IP por t to match packets (the por t on the receiving host that the packet is destined for, if the underlying protocol is TCP or UDP).

set security pkt-filter interface

assigned-filterset filterset-name

Associates a filterset with a LAN or WAN inter face.

Example:

set security pkt-filter ethernet A assigned-filterset set1

281

282

SNMP Settings

The Simple Network Management Protocol (SNMP) lets a network administrator monitor problems on a network by retrieving settings on remote network devices. The network administrator typically runs an SNMP management station program on a local host to obtain information from an SNMP agent such as the Netopia Gateway.

set snmp community read name

Adds the specified name to the list of communities associated with the Netopia Gateway.

By default, the Netopia Gateway is associated with the public community.

set snmp community write name


set snmp community trap name


set snmp trap ip-traps ip-address

Identifies the destination for SNMP trap messages. The ip-address argument is the IP address of the host acting as an SNMP console.

set snmp sysgroup contact contact_info

Identifies the system contact, such as the name, phone number, beeper number, or email address of the person responsible for the Netopia Gateway. You can enter up to 255 characters for the contact_info argument. You must put the contact_info argument in double-quotes if it contains embedded spaces.

set snmp sysgroup location location_info

Identifies the location, such as the building, floor, or room number, of the Netopia Gateway.

You can enter up to 255 characters for the location_info argument. You must put the location_info argument in double-quotes if it contains embedded spaces.

CONFIG Commands

SNMP Notify Type Settings

SNMP Notify Type is suppor ted beginning with Firmware Version 7.4.2.

set snmp notify type [ v1-trap | v2-trap | inform ]

Sets the type of SNMP notifications that the system will generate:

• v1-trap – This selection will generate notifications containing an SNMPv1 Trap Protocol

Data Unit (PDU)

• v2-trap – This selection will generate notifications containing an SNMPv2 Trap PDU

• inform – This selection will generate notifications containing an SNMPv2 InformRequest PDU.

System Settings

You can configure system settings to assign a name to your Netopia Gateway and to specify what types of messages you want the diagnostic log to record.

set system name name

Specifies the name of your Netopia Gateway. Each Netopia Gateway is assigned a name as par t of its factor y initialization. The default name for a Netopia Gateway consists of the word “Netopia-3000/XXX” where “XXX” is the serial number of the device; for example,

Netopia-3000/9437188. A system name can be 1 – 255 characters long. Once you have assigned a name to your Netopia Gateway, you can enter that name in the Address text field of your browser to open a connection to your Netopia Gateway.

☛

NOTE:

Some broadband cable-oriented Ser vice Providers use the System Name as an impor tant identification and suppor t parameter. If your Gateway is par t of this type of network, do NOT alter the System Name unless specifically instructed by your Ser vice Provider.

283

284 set system diagnostic-level

{ off | low | medium | high | alerts | failures }

Specifies the types of log messages you want the Netopia Gateway to record. All messages with a level equal to or greater than the level you specify are recorded. For example, if you specify set system diagnostic-level medium, the diagnostic log will retain medium-level informational messages, aler ts, and failure messages. Specifying off turns off logging.

Use the following guidelines:

• low - Low-level informational messages or greater; includes trivial status messages.

• medium - Medium-level informational messages or greater; includes status messages that can help monitor network traffic.

• high - High-level informational messages or greater; includes status messages that may be significant but do not constitute errors. The default.

• alerts - Warnings or greater; includes recoverable error conditions and useful operator information.

• failures - Failures; includes messages describing error conditions that may not be recoverable.

set system log-size [ 10240... 65536 ]

Specifies a size for the system log. The most recent entries are posted to the beginning of the log. When the log becomes full, the oldest entries are dropped. The default is 30000.

set system persistent-log [ off | on ]

When set to on, causes the log information to be kept in flash memory.

set system idle-timeout { telnet [ 1...120 ] | http [ 1... 120 ] }

Specifies a timeout period of inactivity for telnet or HTTP access to the Gateway, after which a user must re-login to the Gateway. Defaults are 5 minutes for HTTP and 15 minutes for telnet.

set system username { administrator name | user name }

Specifies the usernames for the administrative user – the default is admin; and a nonadministrative user – the default is user.

CONFIG Commands

set system password { admin | user }

Specifies the administrator or user password for a Netopia Gateway. When you enter the set system password command, you are prompted to enter the old password (if any) and new password. You are prompted to repeat the new password to verify that you entered it correctly the first time. To prevent anyone from obser ving the password you enter, characters in the old and new passwords are not displayed as you type them. For security, you cannot use the “step” method to set the system password.

A password can be as many as 8 characters. Passwords are case-sensitive.

Passwords go into effect immediately. You do not have to restar t the Netopia Gateway for the password to take effect. Assigning an administrator or user password to a Netopia

Gateway does not affect communications through the device.

set system heartbeat option { on | off }

protocol [ udp | tcp ]

port-client [ 1 - 65535 ]

ip-server [ ip_address | dns_name ]

port-server [ 1 - 65535 ]

url-server (" server_name")

number [ 1 – 1073741823 ]

interval (00:00:00:20)

sleep (00:00:30:00)

contact-email (" string@domain_name")

location (" string"):

The hear tbeat setting is used in conjunction with the configuration ser ver to broadcast contact and location information about your Gateway. You can specify the protocol, port, IP-,

port-, and URL-server.

• The interval setting specifies the broadcast update frequency. Part of sequence control. The inter val is the spacing between hear tbeats, in d:h:m:s.

• The contact-email setting is a quote-enclosed text string giving an email address for the Gateway’s administrator.

• The location setting is a text string allowing you to specify your geographical or other location, such as “Secaucus, NJ.”

• The number setting is part of the sequence control. This is the number of heartbeats to send, at each “inter val”, before sleeping. For example, if this is 20, in the above lay-

285

286

out, each hear tbeat sequence will send out a total 20 hear tbeats, spaced at 30 second inter vals, and then sleep for 30 minutes. So to have the Gateway send out packets

“forever”, this number can be set ver y high. If it is 1440 and the inter val is 1 minute, say, the hear tbeat will go out ever y minute for 1440 minutes, or one day, before sleeping.

• The sleep setting is part of sequence control. This is the time to sleep before starting another hear tbeat sequence, in d:h:m:s.

CONFIG Commands

set system ntp option [ off | on ]: server-address (204.152.184.72) alt-server-address (18.72.0.3): time-zone [ -12 - 12 ] update-period (60) [ 1 - 65535 ]:

daylight-savings [ off | on ]

Specifies the NTP ser ver address, time zone, and how often the Gateway should check the time from the NTP ser ver. NTP time-zone of 0 is GMT time; options are -12 through 12 (+/-

1 hour increments from GMT time). update-period specifies how often, in minutes, the

Gateway should update the clock. daylight-savings specifies whether daylight savings time is in effect; it defaults to off.

set system zerotouch option [ on | off ]

Enables or disables the Zero Touch option.

Zero Touch refers to automatic configuration of your Netopia Gateway. The Netopia Gateway has default settings such that initial connection to the Internet will succeed. If the

zerotouch option is set to on, HTTP requests to any destination IP address except the IP address(es) of the configured redirection URL(s) will access a redirection ser ver. DNS traffic will not be blocked. Other traffic from the LAN to all destinations will be dropped.

set system zerotouch redirect-url redirection-URL

Specifies the URL(s) of the desired redirection ser ver(s) when the zerotouch option is set to on. URLs may be a maximum of 192 characters long, and may be in any of the following forms: http://<domain-name OR IP address>/optionalPath:port http://<domain-name OR IP address>/optionalPath https://<domain-name OR IP address>/optionalPath:port https://<domain-name OR IP address>/optionalPath

<domain-name OR IP address>/optionalPath:port

<domain-name OR IP address>/optionalPath

If the por t number is omitted, por t 80 will be assumed. Save and Restar t are required to enforce these commands.

287

288

Syslog set system syslog option [ off | on ]

Enables or disables system syslog feature. If syslog option is on, the following commands are available:

set system syslog host-nameip [ ip_address | hostname ]

Specifies the syslog ser ver’s address either in dotted decimal format or as a DNS name up to 64 characters.

set system syslog log-facility [ local0 ... local7 ]

Sets the UNIX syslog Facility. Acceptable values are local0 through local7.

set system syslog log-violations [ off | on ]

Specifies whether violations are logged or ignored.

set system syslog log-accepted [ off | on ]

Specifies whether acceptances are logged or ignored.

set system syslog log-attempts [ off | on ]

Specifies whether connection attempts are logged or ignored.

Default syslog installation procedure

1.

Access the router via telnet from the private LAN.

DHCP ser ver is enabled on the LAN by default.

2.

The product’s stateful inspection feature must be enabled in order to examine TCP, UDP and ICMP packets destined for the router or the private hosts.

This can be done by entering the CONFIG inter face.

• Type config

• Type the command to enable stateful inspection

CONFIG Commands

3.

set security state-insp eth B option on

• Type the command to enable the router to drop fragmented packets set security state-insp eth B deny-fragments on

Enabling syslog:

• Type config

• Type the command to enable syslog set system syslog option on

• Set the IP Address of the syslog host set system syslog host-nameip <ip-addr>

(example: set system syslog host-nameip 10.3.1.1

)

• Enable/change the options you require

set system syslog log-facility local1

set system syslog log-violations on

4.

set system syslog log-accepted on

set system syslog log-attempts on

Set NTP parameters

• Type config

• Set the time-zone – Default is 0 or GMT set system ntp time-zone <zone>

(example: set system ntp time-zone –8 )

• Set NTP ser ver-address if necessar y (default is 204.152.184.72) set system ntp server-address <ip-addr>

(example: set system ntp server-address 204.152.184.73

)

• Set alternate ser ver address

set system ntp alt-server-address <ip-addr>

5.

Type the command to save the configuration

• Type

save

• Exit the configuration inter face by typing

exit

• Restar t the router by typing

restart

The router will reboot with the new configuration in effect.

289

290

Wireless Settings (supported models) set wireless option ( on | off )

Administratively enables or disables the wireless inter face.

set wireless network-id ssid { network_name }

Specifies the wireless network id for the Gateway. A unique ssid is generated for each

Gateway. You must set your wireless clients to connect to this exact id, which can be changed to any 32-character string.

set wireless auto-channel mode { off | at-startup | continuous }

Specifies the wireless AutoChannel Setting for 802.11G models. AutoChannel is a feature that allows the Netopia Gateway to determine the best channel to broadcast automatically.

For details, see

“Advanced” on page 57 .

set wireless default-channel { 1...14 }

Specifies the wireless 2.4GHz sub channel on which the wireless Gateway will operate. For

US operation, this is limited to channels 1–11. Other countries var y; for example, Japan is channel 14 only. The default channel in the US is 6. Channel selection can have a significant impact on per formance, depending on other wireless activity in proximity to this AP.

Channel selection is not necessar y at the clients; clients will scan the available channels and look for APs using the same ssid as the client.

set wireless network-id closed-system { on | off }

When this setting is enabled, a client must know the ssid in order to connect or even see the wireless access point. When disabled, a client may scan for available wireless access points and will see this one. Enable this setting for greater security. The default is on.

CONFIG Commands

set wireless mode { both-b-and-g | b-only | g-only }

Beginning with Netopia Firmware Version 7.5.1. specifies the wireless operating mode for connecting wireless clients: both-b-and-g, b-only, or g-only, and locks the Gateway in that mode.

☛

NOTE:

If you choose to limit the operating mode to B or G only, clients using the mode you excluded will not be able to connect.

set wireless multi-ssid option { on | off }

Beginning with Netopia Firmware Version 7.5.1. enables or disables the multi-ssid feature which allows you to add additional network identifiers (SSIDs or Network Names) for your wireless network. When enabled, you can specify up to three additional SSIDs with separate privacy settings for each. See below.

set wireless multi-ssid {second-ssid | third-ssid | fourth-ssid } name

Specifies a descriptive name for each SSID. when multi-ssid option is set to on.

291

292 set wireless multi-ssid second-ssid-privacy { off | WEP | WPA-PSK |

WPA-802.1x } set wireless multi-ssid third-ssid-privacy { off | WEP | WPA-PSK |

WPA-802.1x } set wireless multi-ssid fourth-ssid-privacy { off | WEP | WPA-PSK |

WPA-802.1x }

Specifies the type of privacy enabled on multiple SSIDs when multi-ssid option is set to

on. off = no privacy; WEP = WEP encryption; WPA-PSK = Wireless Protected Access/Pre-

Shared Key; WPA-802.1x = Wireless Protected Access/802.1x authentication. See “Wireless Privacy Settings” on page 293 for more information.

☛

NOTE:

WEP is suppor ted on only one SSID at a time, and should not be available if another SSID already has it configured.

set wireless multi-ssid second-ssid-wpa-ver { all | WPA1-only |

WPA2-only } set wireless multi-ssid third-ssid-wpa-ver { all | WPA1-only |

WPA2-only } set wireless multi-ssid fourth-ssid-wpa-ver { all | WPA1-only |

WPA2-only }

Specifies the type of WPA version enabled on multiple SSIDs when multi-ssid option is set to on and privacy is set tp WPA-PSK. See

“Wireless Privacy Settings” on page 293


set wireless multi-ssid second-ssid-weplen [ 40/64bit | 128bit | 256bit ] set wireless multi-ssid third-ssid-weplen [ 40/64bit | 128bit | 256bit ] set wireless multi-ssid fourth-ssid-weplen [ 40/64bit | 128bit | 256bit ]

Specifies the WEP key length for the multiple SSIDs, when second-, third-, or fourth-

ssid-privacy is set to WEP. 40bit encryption is equivalent to 64bit encryption. The longer the key, the stronger the encr yption and the more difficult it is to break the encr yption.

CONFIG Commands

set wireless multi-ssid second-ssid-wepkey { hexadecimal digits } set wireless multi-ssid third-ssid-wepkey { hexadecimal digits } set wireless multi-ssid fourth-ssid-wepkey { hexadecimal digits }

Specifies a WEP key for the multiple SSIDs, when second-, third-, or fourth-ssid-privacy is set to WEP. For 40/64bit encryption, you need 10 digits; 26 digits for 128bit, and 58 digits for 256bit WEP. Valid hexadecimal characters are 0 – 9, a – f.

set wireless no-bridging [ off | on ]

When set to on, this will block wireless clients from communicating with other wireless clients on the LAN side of the Gateway.

set wireless tx-power [ full | medium | fair | low | minimal ]

Sets the wireless transmit power, scaling down the router's wireless transmit coverage by lowering its radio power output. Default is full power. Transmit power settings are useful in large venues with multiple wireless routers where you want to reuse channels. Since there are only three non-overlapping channels in the 802.11b spectrum, it helps to size the router's cell to match the location. This allows you to install a router to cover a small

“hole” without conflicting with other routers nearby.

Wireless Privacy Settings set wireless network-id privacy option { off | WEP | WPA-PSK |

WPA-802.1x }

Specifies the type of privacy enabled on the wireless LAN. off = no privacy; WEP = WEP encr yption; WPA-PSK = Wireless Protected Access/Pre-Shared Key; WPA-802.1x = Wireless

Protected Access/802.1x authentication. See

“Wireless” on page 53

for a discussion of these options.

WPA provides Wireless Protected Access, the most secure option for your wireless network. This mechanism provides the best data protection and access control. PSK requires a Pre-Shared Key; 802.1x requires a RADIUS ser ver for authentication.

WEP is Wired Equivalent Privacy, a method of encr ypting data between the wireless Gateway and its clients. It is strongly recommended to turn this on as it is the primary way to

293

294

protect your network and data from intruders. Note that 40bit is the same as 64bit and will work with either type of wireless client. The default is off.

A single key is selected (see default-key) for encr yption of outbound/transmitted packets.

The WEP-enabled client must have the identical key, of the same length, in the identical slot (1..4) as the wireless Gateway, in order to successfully receive and decr ypt the packet. Similarly, the client also has a ‘default’ key that it uses to encr ypt its transmissions. In order for the wireless Gateway to receive the client’s data, it must likewise have the identical key, of the same length, in the same slot. For simplicity, a wireless Gateway and its clients need only enter, share, and use the first key.

set wireless network-id privacy pre-shared-key string

The Pre Shared Key is a passphrase shared between the Router and the clients and is used to generate dynamically changing keys, when WPA-PSK is selected or enabled. The passphrase can be 8 – 63 characters. It is recommended to use at least 20 characters for best security.

set wireless network-id privacy default-keyid { 1...4 }

Specifies which WEP encr yption key (of 4) the wireless Gateway will use to transmit data.

The client must have an identical matching key, in the same numeric slot, in order to successfully decode. Note that a client allows you to choose which of its keys it will use to transmit. Therefore, you must have an identical key in the same numeric slot on the Gateway.

For simplicity, it is easiest to have both the Gateway and the client transmit with the same key. The default is 1.

set wireless network-id privacy encryption-key1-length

{40/64bit, 128bit, 256bit} set wireless network-id privacy encryption-key2-length



{40/64bit, 128bit, 256bit}

Selects the length of each encr yption key. 40bit encr yption is equivalent to 64bit encr yption. The longer the key, the stronger the encr yption and the more difficult it is to break the encr yption.

CONFIG Commands

set wireless network-id privacy encryption-key1 { hexadecimal digits } set wireless network-id privacy encryption-key2 { hexadecimal digits } set wireless network-id privacy encryption-key3 { hexadecimal digits } set wireless network-id privacy encryption-key4 { hexadecimal digits }

The encr yption keys. Enter keys using hexadecimal digits. For 40/64bit encr yption, you need 10 digits; 26 digits for 128bit, and 58 digits for 256bit WEP. Valid hexadecimal characters are 0 – 9, a – f.

Example 40bit key: 02468ACE02.

Example 128bit key: 0123456789ABCDEF0123456789.

Example 256bit key:

592CA140F0A238B0C61AE162F592CA140F0A238B0C61AE162F21A09C.

You must set at least one of these keys, indicated by the default-keyid.

295

296

Wireless MAC Address Authorization Settings set wireless mac-auth option { on | off }

Enabling this feature limits the MAC addresses that are allowed to access the LAN as well as the WAN to specified MAC (hardware) addresses.

set wireless mac-auth wrlss-MAC-list mac-address

MAC-address_string

Enters a new MAC address into the MAC address authorization table. The format for an

Ethernet MAC address is six hexadecimal values between 00 and FF inclusive separated by colons or dashes (e.g., 00:00:C5:70:00:04).

set wireless mac-auth wrlss-MAC-list mac-address

“ MAC-address_string” allow-access { on | off }

Designates whether the MAC address is enabled or not for wireless network access. Disabled MAC addresses cannot be used for access until enabled.

RADIUS Server Settings set radius radius-name " server_name_string"

Specifies the default RADIUS ser ver name or IP address.

set radius radius-secret " shared_secret"

Specifies the RADIUS secret key used by this ser ver. The shared secret should have the same characteristics as a normal password.

set radius alt-radius-name " server_name_string"

Specifies an alternate RADIUS ser ver name or IP address to be used if the primar y ser ver is unreachable.

set radius alt-radius-secret " shared_secret"

Specifies the secret key used by the alternate RADIUS ser ver.

CONFIG Commands

set radius radius-port port_number

Specifies the por t on which the RADIUS ser ver is listening. The default value is 1812.

VLAN Settings

These settings are suppor ted beginning with Firmware Version 7.4.2.

You can create up to 32 VLANs, and you can also restrict any VLAN, and the computers on it, from administering the Gateway. See

“VLAN” on page 106 for more information.

set vlan name string

Sets the descriptive name for the VLAN. If no name is specified, displays a selection list of node names to select for editing.

Once a new VLAN name is specified, presents the list of VLAN characteristics to define:

• id – numerical range of possible IDs is 1 - 4095

• type [ by-port ] – currently the only selection is by-port

• admin-restricted [ off | on ] – default is off. If you select on, administrative access to the Gateway is blocked from this VLAN.

• port – VLAN’s physical port or wireless SSID.

You must save the changes, exit out of configuration mode, and restar t the Gateway for the changes to take effect.

Example:

• Navigate to the VLAN item:

Netopia-3000/9459252 (top)>> vlan

Netopia-3000/9459252 (vlan)>> set

vlan

name

(name) node list ...

Select (name) node to modify from list, or enter new (name) to create.

name (?): vlan1

(vlan1) has been added to the (name) list

"vlan1"

297

298

id (1) [ 1 - 4095 ]: 52

type (by-port) [ by-port ]:

admin-restricted (off) [ off | on ]: off

port

(port) node list ...

Select (port) node to modify from list, or enter new (port) to create.

• At this point you have created a VLAN. It is called vlan1, with vlan-id 52, without any admin restrictions.

• Next, add the por t ethernet0 port to this VLAN:

port (?): 1

(1) has been added to the (port) list

1

interface ()

[ lan-uplink | ethernet0 | vcc1 ]: ethernet0

Netopia-3000/9459252 (vlan)>>

• To make the VLAN vlan1 routable add the por t lan-uplink:

Netopia-3000/9459252 (vlan)>> name vlan1

Netopia-3000/9459252 (vlan name "vlan1")>> set

"vlan1"

id (52) [ 1 - 4095 ]:

type (by-port) [ by-port ]:

admin-restricted (off) [ off | on ]:

port

(port) node list ...

1

Select (port) node to modify from list, or enter new (port) to create.

port (?): 2

(2) has been added to the (port) list

2

interface ()

[ lan-uplink | ethernet0 | vcc1 ]: lan-uplink

Netopia-3000/9459252 (vlan name "vlan1")>>

CONFIG Commands

☛

Note:

To make a set of VLANs non-routable, the lan-uplink por t must be included in at least one VLAN and must be excluded from any VLANs that are nonroutable.

UPnP settings set upnp option [ on | off ]

PCs using UPnP can retrieve the Gateway’s WAN IP address, and automatically create NAT por t maps. This means that applications that suppor t UPnP, and are used with a UPnPenabled Netopia Gateway, will not need application layer gateway suppor t on the Netopia

Gateway to work through NAT. The default is on.

You can disable UPnP, if you are not using any UPnP devices or applications.

DSL Forum settings

TR-064 is a LAN-side DSL CPE configuration specification and TR-069 is a WAN-side DSL

CPE Management specification.

TR-064. DSL Forum LAN Side CPE Configuration (TR-064) is an extension of UPnP. It defines more ser vices to locally manage the Netopia Gateway. While UPnP allows open access to configure the Gateway's features, TR-064 requires a password to execute any command that changes the Gateway's configuration.

set dslf-lanmgmt option [ off | on ]

Turns TR-064 LAN side management ser vices on or off. The default is on.

299

300

TR-069. DSL Forum CPE WAN Management Protocol (TR-069) provides ser vices similar to

UPnP and TR-064. The communication between the Netopia Gateway and management agent in UPnP and TR-064 is strictly over the LAN, whereas the communication in TR-069 is over the WAN link for some features and over the LAN for others. TR-069 allows a remote

Auto-Config Ser ver (ACS) to provision and manage the Netopia Gateway. TR-069 protects sensitive data on the Gateway by not adver tising its presence, and by password protection.

set dslf-cpewan option [ off | on ] set dslf-cpewan acs-url " acs_url:port_number" set dslf-cpewan acs-user-name “ acs_username” set dslf-cpewan acs-user-password “ acs_password” set dslf-cpewan acs-filter1-ip filter1-ip_addr set dslf-cpewan acs-filter1-mask filter1-mask set dslf-cpewan acs-filter2-ip filter2-ip_addr set dslf-cpewan acs-filter2-mask filter2-mask set dslf-cpewan acs-filter3-ip filter3-ip_addr set dslf-cpewan acs-filter3-mask filter3-mask

Turns TR-069 WAN side management ser vices on or off. For 3300-Series Gateways, the default is off; for 2200-Series Gateways, the default is on. If TR-069 WAN side management ser vices are enabled, specifies the auto-config ser ver URL and por t number. A username and password must also be supplied, if TR-069 is enabled.

The auto-config ser ver is specified by URL and por t number. The format for the ACS URL is as follows: http:// some_url.com:port_number or http:// 123.45.678.910:port_number

CONFIG Commands

On units that suppor t SSL, the format for the ACS URL can also be: https:// some_url.com:port_number or https:// 123.45.678.910:port_number

301

302

VDSL Settings

☛

CAUTION!

These settings are for ver y advanced users and lab technicians. Exercise extreme caution when modifying any of these settings.

set vdsl sys-option [ 0x00 - 0xff ]

sys-bandplan [ 0x00 - 0xff ]

psd-mask-level [ 0x00 - 0xff ]

pbo-k1_1 [ 0x00000000 - 0xffffffff ]

pbo-k1_2 [ 0x00000000 - 0xffffffff ]

pbo-k1_3 [ 0x00000000 - 0xffffffff ]

pbo-k2_1 [ 0x00000000 - 0xffffffff ]

pbo-k2_2 [ 0x00000000 - 0xffffffff ]

pbo-k2_3 [ 0x00000000 - 0xffffffff ]

line-type [ 0x00 - 0xff ]

us-max-inter-delay [ 0x00 - 0xff ]

ds-max-inter-delay [ 0x00 - 0xff ]

us-target-noise-margin [ 0x0000 - 0xffff ]

ds-target-noise-margin [ 0x0000 - 0xffff ]

min-noise-margin [ 0x0000 - 0xffff ]

port-bandplan [ 0x00 - xff ]

framing-mode [ 0x00 - 0xff ]

band-mod [ 0x00 - 0xff ]

port-option [ 0x00 - 0xff ]

power-mode [ 0x00 - 0xff ]

tx-filter [ 0x00 - 0xff ]

rx-filter [ 0x00 - 0xff ]

dying-gasp [ off | on ]

CONFIG Commands

VDSL Parameter Defaults

Parameter sys-option 0x00

Default sys-bandplan psd-mask-level

0x02

0x00 pbo-k1_1 pbo-k1_2 pbo-k1_3 pbo-k2_1 pbo-k2_2 pbo-k2_3 line-type us-max-inter-delay ds-max-inter-delay us-target-noise-margin ds-target-noise-margin min-noise-margin port-bandplan framing-mode

0x04

0x04

0x0C

0x0C

0x0A

0x02

0x90 band-mod port-option power-mode tx-filter rx-filter dying-gasp

0x00

0x00

0x00

0x00

0x00

0x00

0x81

0x11

0x0A - Annex B

0x06 - Annex A

0x01

0x02

0x02 off

Meaning

VDSL system option(bit0=ntr, 1=margin, 2=ini,

3=pbo, 4=tlan, 5=pbo)

VDSL system bandplan(bp_3_998_4=2, bp4_997_3=3, bp5_997_3=4…)

VDSL system psd mask(def=0, 1=ansim1cab,

2=ansim2cab, 3=etsim1cab, 4=etsim2cab)

VDSL system power back-off k1_1






VDSL port line type(auto=0x80, vdsl=0x81, vdsl_etsi=0x82)

VDSL port upstream max inter delay

VDSL port downstream max inter delay

VDSL port upstream target noise margin

VDSL port downstream target noise margin

VDSL port minimum noise margin

VDSL port bandplan

DSL port frame mode(0-ATM; 0x80-PTM;

0x90-Auto(EFM/PTM)

VDSL port band mod

VDSL port portoption(bit0=I43, bit1=v43, bit2=a43, bit3=b43)

VDSL port power mode

VDSL port txPathFilterMode

VDSL port rxPathFilterMode

Dying Gasp On/Off

303

304

VDSL Parameters Accepted Values

Parameter Accepted Values

Bit[1]: ALW_MARGIN_ADJUST.

1: the SNR margin for the optional band is reduced by up to 2.5 dB, but never below a minimum of 4 dB.

Bit[2]: SUPPORT_INI

Bit[4]: TLAN Enable

Bit[5]: PBO Weak mode Enable (Applicable only when PBO

Bit[3]=0.

Bit[6]: ADSL_SAFE_MODE Enable

Bit[7]: TLAN_SAFE_MODE Enable (Applicable only when TLAN

Enable Bit[4] is set. If TLAN_SAFE_MODE not set, line will attempt to retrain at higher rates, but less stable line)

CONFIG Commands


Parameter sys-bandplan

Accepted Values

BP1_998_3 (0x00)

BP2_998_3 (0x01)

BP998_3B_8_5M (0x01)

BP3_998_4 (0x02)

BP998_4B_12M (0x02)

BP4_997_3 (0x03)

BP997_3B_7_1M (0x03)

BP5_997_3 (0x04)

BP6_997_4 (0x05)

BP997_4B_7_1M (0x05)

BP7_MXU_3 (0x06)

FLEX_3B_8_5M (0x06)

BP8_MXU_2 (0x07)

BP9_998_2 (0x08)

BP10_998_2 (0x09)

BP998_2B_3_8M (0x09)

BP11_998_2 (0x0A)

BP12_998_2 (0x0B)

BP13_MXU_3 (0x0C)

BP14_MXU_3 (0x0D)

BP15_MXU_3 (0x0E)

BP16_997_4B_4P (0x0F)

BP17_998_138_4400 (0x10)

BP18_997_138_4400(0x11)

BP19_997_32_4400(0x12)

BP20_998_138_4400_opBand (0x15)

BP21_997_138_4400_opBand (0x16)

BP22_998_138_4400_opBand(0x16)

BP23_998_138_16000 (0x17)

BP24_998_3B_8KHZ (0x18)

BP25_998_138_17600 (0x19)

BP26_CH1_3 (0x1A)

BP27_CH1_4 (0x1B)

305

306


Parameter psd-mask-level pbo-k1_1 pbo-k1_2 pbo-k1_3 pbo-k2_1 pbo-k2_2 pbo-k2_3 line-type us-max-inter-delay ds-max-inter-delay us-target-noise-margin ds-target-noise-margin min-noise-margin

Accepted Values

0x00 -- default mask (old gains from before)

0x01 -- ANSI M1 CAB

0x02 -- ANSI M2 CAB

0x03 -- ETSI M1 CAB

0x04 -- ETSI M2 CAB

0x05 -- ITU-T Annex F (Japan)

0x06 - ANSI M1 Ex

0x07 - ANSI M2 Ex

0x08 -- ETSI M1 Ex

0x09 - ETSI M2 Ex

0x0A - RESERVED

0x0B - PSD_K (Korean M1 FTTCab -59dBm/Hz)

K1 and K2 parameters allow the user more flexibility in using

Upstream Power Back-Off (UPBO) on CPE modem. Changing

K1 and K2 values will affect the CPE TX PSD. Refer to VDSL standards for exact relation between K1, K2 parameters and TX

PSD. There is an individual set of K1/K2 parameters associated with each upstream band in the PSD: Upstream Band 0 or

Optional band, Upstream band 1, Upstream band 2 and

Upstream Band 3. Setting all K2 parameters to 0 and all K1 to a high power level(ie low number) will essentially disable UPBO.

VDSL_AUTO_DETECT – (0x80)

VDSL – (0x81)

VDSL_ETSI – (0x82)

Maximum upstream interleave delay.

Provisioned in steps of 0.5 ms. User defined.

Maximum downstream interleave delay.

Provisioned in steps of 0.5 ms. User defined.

Range 0-31.0dB, increments of 0.5dB (e.g., 0 =

0dB, 1 = 0.5dB, ...)


0dB, 1 = 0.5dB, ...)


0dB, 1 = 0.5dB, ...)

CONFIG Commands


Parameter port-bandplan

Accepted Values

BP1_998_3 (0x00)

BP2_998_3 (0x01)

BP998_3B_8_5M (0x01)

BP3_998_4 (0x02)

BP998_4B_12M (0x02)

BP4_997_3 (0x03)

BP997_3B_7_1M (0x03)

BP5_997_3 (0x04)

BP6_997_4 (0x05)

BP997_4B_7_1M (0x05)

BP7_MXU_3 (0x06)

FLEX_3B_8_5M (0x06)

BP8_MXU_2 (0x07)

BP9_998_2 (0x08)

BP10_998_2 (0x09)

BP998_2B_3_8M (0x09)

BP11_998_2 (0x0A)

BP12_998_2 (0x0B)

BP13_MXU_3 (0x0C)

BP14_MXU_3 (0x0D)

BP15_MXU_3 (0x0E)

BP16_997_4B_4P (0x0F)

BP17_998_138_4400 (0x10)

BP18_997_138_4400(0x11)

BP19_997_32_4400(0x12)

BP20_998_138_4400_opBand (0x15)

BP21_997_138_4400_opBand (0x16)

BP22_998_138_4400_opBand(0x16)

BP23_998_138_16000 (0x17)

BP24_998_3B_8KHZ (0x18)

BP25_998_138_17600 (0x19)

BP26_CH1_3 (0x1A)

BP27_CH1_4 (0x1B)

307

308


Parameter framing-mode band-mod port-option power-mode tx-filter

Accepted Values

HDLC – 0x80

AUTO – 0x90

ATM – 0x00

Bit 0, 1: Tx Cfg band

1- All tones on

2- All tones below 640 Khz are turned off

3- All tones below 1.1 Mhz are turned off

Bit 2,3: Not used

Bit 4,5: Rx Cfg band

1- All tones on

2- All tones below 640 Khz are turned off

3- All tones below 1.1 Mhz are turned off

Bit 6, 7:Optional band

0- No Optional band

1- ANNEX_A_6_32 ( ie. 25KHz to 138 KHz)

2- ANNEX_B_32_64 (ie. 138 KHz to 276 KHz)

3- ANNEX_B_6_64 (ie. 25KHz to 276 KHz)

Bit [0]: I 43 G.hs carrier set.

Bit [1]: V 43 G.hs carrier set.

Bit [2]. A 43 G.hs carrier set.

Bit [3]: B 43 G.hs carrier set.

Bit[4:7]: shall be set to 0.

0: 8.5dBm power output

1: 11.5 dBm power output

0: using internal filter in Tx path

1: using K1 external filter in Tx path

(for Korea VLR Application)

2: using U1 external filter in Tx path

(for US / Korea VLR Application)

3: using H1 external filter in Tx path

(for 100/100 Application)

CONFIG Commands


Parameter rx-filter dying-gasp

Accepted Values

0: using internal filter in Rx path

1: using K1 external filter in Rx path

(for Korea VLR Application)

2: using U1 external filter in Rx path

(for US / Korea VLR Application)

3: using H1 external filter in Rx path

(for 100/100 Application)

Dying Gasp is a message sent from CPE to CO using the indicator bit. It indicates that the CPE is experiencing an impending loss of power.

Off: Dying Gasp off (don't send a message to CO).

On: Dying Gasp on.

309

310

CHAPTER 6 Command Line Interface. Netopia Firmware Version 7.6, Netopia 2200, 3342, Netopia-3000, 3300 Series, 2200 Series, 2200, 3356

CHAPTER 6 Command Line Interface

221

222

Overview

SHELL Commands

CONFIG Commands

223

224

Starting and Ending a CLI Session

telnet <ip_address>

Logging In

Ending a CLI Session

Saving Settings

Using the CLI Help Facility

help

h

About SHELL Commands

SHELL Prompt

Netopia-3000/9437188>

SHELL Command Shortcuts

q

quit

rese

reset

reset

restart

225

226

restart

clear

restart

clear

!!

SHELL Commands

Common Commands arp nnn.nnn.nnn.nnn

clear [yes]

clear_certiﬁcate

clear_log

conﬁgure

diagnose

CODE

Description

download [ server_address ] [ﬁlename] [conﬁrm]

download [-cert] [ server_address ] [ﬁlename] [conﬁrm]

227

228 install [ server_address] [ﬁlename] [conﬁrm]

license [key]

log message_string

loglevel [ level]

netstat -i

netstat -r

nslookup { hostname | ip_address }

nslookup klaatu

ping [-s size] [-c count]{ hostname | ip_address }

ping ftp.netopia.com

-s

229

230

-c

quit

reset arp

reset atm

reset crash

reset dhcp server

reset diffserv

reset enet

reset heartbeat

reset ipmap

reset log

reset security-log

reset wan-users [all | ip-address]

restart [ seconds]

show all-info

show bridge interfaces

show bridge table

231

232 show conﬁg

show crash

show dhcp agent

**download [ server_address ] [ﬁlename] [conﬁrm]**

**download [-cert] [ server_address ] [ﬁlename] [conﬁrm]**

**228 install [ server_address] [ﬁlename] [conﬁrm]**

**loglevel [ level]**

**nslookup { hostname | ip_address }**

**ping [-s size] [-c count]{ hostname | ip_address }**

**reset wan-users [all | ip-address]**

**restart [ seconds]**

**show wireless clients [ MAC_address ]**

**telnet { hostname | ip_address } [port]**

**traceroute ( ip_address | hostname )**

**upload [ server_address] [ﬁlename] [conﬁrm]**

**WAN Commands atmping vccn [ segment | end-to-end ]**

**reset dhcp client release [ vcc-id ]**

**reset dhcp client renew [ vcc-id ]**