CHAPTER 6 Command Line Interface. Netopia Firmware Version 7.6, Netopia 2200, 3342, Netopia-3000, 3300 Series, 2200 Series, 2200, 3356
Add to My manuals351 Pages
advertisement
CHAPTER 6 Command Line Interface
The Netopia Gateway operating software includes a command line inter face (CLI) that lets you access your Netopia Gateway over a telnet connection. You can use the command line inter face to enter and update the unit’s configuration settings, monitor its per formance, and restar t it.
This chapter covers the following topics:
•
•
“Star ting and Ending a CLI Session” on page 224
•
“Using the CLI Help Facility” on page 225
•
“About SHELL Commands” on page 225
•
•
“About CONFIG Commands” on page 237
•
221
222
Overview
The CLI has two major command modes: SHELL and CONFIG. Summary tables that list the commands are provided below. Details of the entire command set follow in this section.
SHELL Commands
netstat nslookup ping quit reset restart show start status telnet traceroute upload view who
Command arp atmping
Status and/or Description to send ARP request to send ATM OAM loopback clear to erase all stored configuration information clear_certificate to remove an SSL certificate that has been installed clear_log configure to erase all stored log info in flash memory to configure unit's options diagnose download exit help install license log loglevel to run self-test to download config file to quit this shell to get more: “help all” or “help help” to download and program an image into flash to enter an upgrade key to add a feature to add a message to the diagnostic log to report or change diagnostic log level to show IP information to send DNS query for host to send ICMP Echo request to quit this shell to reset subsystems to restart unit to show system information to start subsystem to show basic status of unit to telnet to a remote host to send traceroute probes to upload config file to show configuration information to show who is using the shell
Overview
Command Verbs delete help save script set validate view
Keywords atm bridge dhcp dmt diffserv dns dslf-cpewan dslf-lanmgnt dynamic-dns ethernet igmp ip ip-maps nat-default pinhole ppp pppoe preferences radius security servers snmp system upnp vlan wireless
CONFIG Commands
Status and/or Description
Delete configuration list data
Help command option
Save configuration data
Print configuration data
Set configuration data
Validate configuration settings
View configuration data
ATM options (DSL only)
Bridge options
Dynamic Host Configuration Protocol options
DMT ADSL options
Differentiated Services options
Domain Name System options
TR-069 CPE WAN management
TR-064 LAN management
Dynamic DNS options
Ethernet options
IGMP configuration options
TCP/IP protocol options
IPmaps options
Network Address Translation default options
Pinhole options
Peer-to-Peer Protocol options
PPP over Ethernet options
Shell environment settings
RADIUS Server options
Security options
Internal Server options
SNMP management options
Gateway’s system options
UPnP options
VLAN options
Wireless LAN options
223
224
top quit exit
Command Utilities
Go to top level of configuration mode
Exit from configuration mode; return to shell mode
Exit from configuration mode; return to shell mode
Starting and Ending a CLI Session
Open a telnet connection from a workstation on your network.
You initiate a telnet connection by issuing the following command from an IP host that suppor ts telnet, for example, a personal computer running a telnet application such as NCSA
Telnet.
telnet <ip_address>
You must know the IP address of the Netopia Gateway before you can make a telnet connection to it. By default, your Netopia Gateway uses 192.168.1.254 as the IP address for its LAN inter face. You can use a Web browser to configure the Netopia Gateway IP address.
Logging In
The command line inter face log-in process emulates the log-in process for a UNIX host. To logon, enter the username (either admin or user), and your password.
• Entering the administrator password lets you display and update all Netopia Gateway settings.
• Entering a user password lets you display (but not update) Netopia Gateway settings.
When you have logged in successfully, the command line inter face lists the username and the security level associated with the password you entered in the diagnostic log.
Ending a CLI Session
You end a command line inter face session by typing quit from the SHELL node of the command line inter face hierarchy.
Using the CLI Help Facility
Saving Settings
In CONFIG mode, the save command saves the working copy of the settings to the Gateway. The Gateway automatically validates its settings when you save and displays a warning message if the configuration is not correct.
Using the CLI Help Facility
The help command lets you display on-line help for SHELL and CONFIG commands. To display a list of the commands available to you from your current location within the command line inter face hierarchy, enter help .
To obtain help for a specific CLI command, type help <command> . You can truncate the
help
command to
h
or a question mark when you request help for a CLI command.
About SHELL Commands
You begin in SHELL mode when you star t a CLI session. SHELL mode lets you per form the following tasks with your Netopia Gateway:
• Monitor its per formance
• Display and reset Gateway statistics
• Issue administrative commands to restar t Netopia Gateway functions
SHELL Prompt
When you are in SHELL mode, the CLI prompt is the name of the Netopia Gateway followed by a right angle bracket (>). For example, if you open a CLI connection to the Netopia Gateway named “Netopia-3000/9437188,” you would see
Netopia-3000/9437188>
as your
CLI prompt.
SHELL Command Shortcuts
You can truncate most commands in the CLI to their shortest unique string. For example, you can use the truncated command
q
in place of the full
quit
command to exit the CLI.
However, you would need to enter
rese
for the
reset
command, since the first characters of
reset
are common to the
restart
command.
225
226
The only commands you cannot truncate are
restart
and
clear
. To prevent accidental interruption of communications, you must enter the
restart
and
clear
commands in their entirety.
You can use the Up and Down arrow keys to scroll backward and for ward through recent commands you have entered. Alternatively, you can use the
!!
command to repeat the last command you entered.
SHELL Commands
Common Commands arp nnn.nnn.nnn.nnn
Sends an Address Resolution Protocol (ARP) request to match the nnn.nnn.nnn.nnn IP address to an Ethernet hardware address.
clear [yes]
Clears the configuration settings in a Netopia Gateway. If you do not use the optional yes qualifier, you are prompted to confirm the clear command.
clear_certificate
Removes an SSL cer tificate that has been installed.
clear_log
Erases the log information stored in flash if persistent logging is enabled.
configure
Puts the command line inter face into Configure mode, which lets you configure your Netopia Gateway with Config commands. Config commands are described star ting on page
SHELL Commands
diagnose
Runs a diagnostic utility to conduct a series of internal checks and loopback tests to verify network connectivity over each inter face on your Netopia Gateway. The console displays the results of each test as the diagnostic utility runs. If one test is dependent on another, the diagnostic utility indents its entr y in the console window. For example, the diagnostic utility indents the Check IP connect to Ethernet (LAN) entr y, since that test will not run if the Check Ethernet LAN Connect test fails.
Each test generates one of the following result codes:
CODE
PASS
FAIL
SKIPPED
PENDING
Description
The test was successful.
The test was unsuccessful.
The test was skipped because a test on which it depended failed, or because the test did not apply to your particular setup or model.
The test timed out without producing a result. Try running the test again.
download [ server_address ] [filename] [confirm]
This command installs a file of configuration parameters into the Netopia Gateway from a
TFTP (Trivial File Transfer Protocol) ser ver. The TFTP ser ver must be accessible on your
Ethernet network.
You can include one or more of the following arguments with the download command. If you omit arguments, the console prompts you for this information.
• The server_address argument identifies the IP address of the TFTP ser ver from which you want to copy the Netopia Gateway configuration file.
• The filename argument identifies the path and name of the configuration file on the
TFTP ser ver.
• If you include the optional confirm keyword, the download begins as soon as all information is entered.
Beginning with Firmware Version 7.5.1, you can also download an SSL cer tificate file from a trusted Cer tification Authority (CA), on platforms that suppor t SSL, as follows:
download [-cert] [ server_address ] [filename] [confirm]
227
228 install [ server_address] [filename] [confirm]
(Not suppor ted on model 3342/3352)
Downloads a new version of the Netopia Gateway operating software from a TFTP (Trivial
File Transfer Protocol) ser ver, validates the software image, and programs the image into the Netopia Gateway memor y. After you install new operating software, you must restar t the Netopia Gateway.
The server_address argument identifies the IP address of the TFTP ser ver on which your Netopia Gateway operating software is stored. The filename argument identifies the path and name of the operating software file on the TFTP ser ver.
If you include the optional keyword confirm, you will not be prompted to confirm whether or not you want to per form the operation.
license [key]
This command installs a software upgrade key. An upgrade key is a purchased item, based on the serial number of the gateway.
log message_string
Adds the message in the message_string argument to the Netopia Gateway diagnostic log.
loglevel [ level]
Displays or modifies the types of log messages you want the Netopia Gateway to record. If you enter the loglevel command without the optional level argument, the command line inter face displays the current log level setting.
You can enter the loglevel command with the level argument to specify the types of diagnostic messages you want to record. All messages with a level number equal to or greater than the level you specify are recorded. For example, if you specify loglevel 3, the diagnostic log will retain high-level informational messages (level 3), warnings (level 4), and failure messages (level 5).
Use the following values for the level argument:
SHELL Commands
• 1 or low – Low-level informational messages or greater; includes trivial status messages.
• 2 or medium – Medium-level informational messages or greater; includes status messages that can help monitor network traffic.
• 3 or high – High-level informational messages or greater; includes status messages that may be significant but do not constitute errors.
• 4 or warning – Warnings or greater; includes recoverable error conditions and useful operator information.
• 5 or failure – Failures; includes messages describing error conditions that may not be recoverable.
netstat -i
Displays the IP inter faces for your Netopia Gateway.
netstat -r
Displays the IP routes stored in your Netopia Gateway.
nslookup { hostname | ip_address }
Per forms a domain name system lookup for a specified host.
• The hostname argument is the name of the host for which you want DNS information; for example,
nslookup klaatu
.
• The ip_address argument is the IP address, in dotted decimal notation, of the device for which you want DNS information.
ping [-s size] [-c count]{ hostname | ip_address }
Causes the Netopia Gateway to issue a series of ICMP Echo requests for the device with the specified name or IP address.
• The hostname argument is the name of the device you want to ping; for example,
ping ftp.netopia.com
.
• The ip_address argument is the IP address, in dotted decimal notation, of the device you want to locate. If a host using the specified name or IP address is active, it returns one or more ICMP Echo replies, confirming that it is accessible from your network.
• The
-s
size argument lets you specify the size of the ICMP packet.
229
230
• The
-c
count argument lets you specify the number of ICMP packets generated for the ping request. Values greater than 250 are truncated to 250.
You can use the ping command to determine whether a hostname or IP address is already in use on your network. You cannot use the ping command to ping the Netopia
Gateway’s own IP address.
quit
Exits the Netopia Gateway command line inter face.
reset arp
Clears the Address Resolution Protocol (ARP) cache on your unit.
reset atm
Resets the Asynchronous Transfer Mode (ATM) statistics.
reset crash
Clears crash-dump information, which identifies the contents of the Netopia Gateway registers at the point of system malfunction.
reset dhcp server
Clears the DHCP lease table in the Netopia Gateway.
reset diffserv
Resets the Differentiated Ser vices (diffser v) statistics.
reset enet
Resets Ethernet statistics to zero
reset heartbeat
Restar ts the hear tbeat sequence.
SHELL Commands
reset ipmap
Clears the IPMap table (NAT).
reset log
Rewinds the diagnostic log display to the top of the existing Netopia Gateway diagnostic log. The reset log command does not clear the diagnostic log. The next show log command will display information from the beginning of the log file.
reset security-log
Clears the security monitoring log to make room to capture new entries.
reset wan-users [all | ip-address]
This function disconnects the specified WAN User to allow for other users to access the
WAN. This function is only available if the number of WAN Users is restricted and NAT is on.
Use the all parameter to disconnect all users. If you logon as Admin you can disconnect any or all users. If you logon as User, you can only disconnect yourself.
restart [ seconds]
Restar ts your Netopia Gateway. If you include the optional seconds argument, your Netopia Gateway will restar t when the specified number of seconds have elapsed. You must enter the complete restart command to initiate a restar t.
show all-info
Displays all settings currently configured in the Netopia Gateway.
show bridge interfaces
Displays bridge inter faces maintained by the Netopia Gateway.
show bridge table
Displays the bridging table maintained by the Netopia Gateway.
231
232 show config
Dumps the Netopia Gateway’s configuration script just as the script command does in config mode.
show crash
Displays the most recent crash information, if any, for your Netopia Gateway.
show dhcp agent
Displays DHCP relay-agent leases.
show dhcp server leases
Displays the DHCP leases stored in RAM by your Netopia Gateway.
show diffserv
Displays the Differentiated Ser vices and QoS values configured in the Netopia Gateway.
show enet
Displays Ethernet inter faces maintained by the Netopia Gateway.
show features
Displays standard and keyed features installed in the Netopia Gateway.
show group-mgmt
show ip arp
Displays the Ethernet address resolution table stored in your Netopia Gateway.
SHELL Commands
show ip igmp
Displays the contents of the IGMP Group Address table and the IGMP Repor t table maintained by your Netopia Gateway.
show ip interfaces
Displays the IP inter faces for your Netopia Gateway.
show ip ipsec
Displays IPSec Tunnel statistics.
show ip firewall
Displays firewall statistics.
show ip lan-discovery
Displays the LAN Host Discover y Table of hosts on the wired or wireless LAN, and whether or not they are currently online.
show ip routes
Displays the IP routes stored in your Netopia Gateway.
show ip state-insp
Displays whether stateful inspection is enabled on an inter face or not, exposed addresses and blocked packet statistics because of stateful inspection.
show ipmap
Displays IPMap table (NAT).
233
234 show log
Displays blocks of information from the Netopia Gateway diagnostic log. To see the entire log, you can repeat the show log command or you can enter show log all.
show memory [all]
Displays memor y usage information for your Netopia Gateway. If you include the optional
all
argument, your Netopia Gateway will display a more detailed set of memor y statistics.
show pppoe
Displays status information for each PPP socket, such as the socket state, ser vice names, and host ID values.
show security-log
Displays blocks of information from the Netopia Gateway security log.
show status
Displays the current status of a Netopia Gateway, the device's hardware and software revision levels, a summar y of errors encountered, and the length of time the Netopia Gateway has been running since it was last restar ted. Identical to the status command.
show summary
Displays a summar y of WAN, LAN, and Gateway information.
show wireless [all]
Shows wireless status and statistics.
show wireless clients [ MAC_address ]
Displays details on connected clients, or more details on a par ticular client if the MAC address is added as an argument.
SHELL Commands
telnet { hostname | ip_address } [port]
Lets you open a telnet connection to the specified host through your Netopia Gateway.
• The hostname argument is the name of the device to which you want to connect; for example,
telnet ftp.netopia.com
.
• The ip_address argument is the IP address, in dotted decimal notation, of the device to which you want to connect.
• The port argument is the number of t he por t over which you want to open a telnet session.
traceroute ( ip_address | hostname )
Traces the routing path to an IP destination.
upload [ server_address] [filename] [confirm]
Copies the current configuration settings of the Netopia Gateway to a TFTP (Trivial File
Transfer Protocol) ser ver. The TFTP ser ver must be accessible on your Ethernet network.
The server_address argument identifies the IP address of the TFTP ser ver on which you want to store the Netopia Gateway settings. The filename argument identifies the path and name of the configuration file on the TFTP ser ver. If you include the optional confirm keyword, you will not be prompted to confirm whether or not you want to per form the operation.
view config
Dumps the Netopia Gateway’s configuration just as the view command does in config mode.
who
Displays the names of the current shell and PPP users.
235
236
WAN Commands atmping vccn [ segment | end-to-end ]
Lets you check the ATM connection reachability and network connectivity. This command sends five Operations, Administration, and Maintenance (OAM) loopback calls to the specified vpi/vci destination. There is a five second total timeout inter val.
Use the segment argument to ping a neighbor switch.
Use the end-to-end argument to ping a remote end node.
reset dhcp client release [ vcc-id ]
Releases the DHCP lease the Netopia Gateway is currently using to acquire the IP settings for the specified DSL por t. The
vcc-id
identifier is an “index” letter in the range B-I, and does not directly map to the VCC in use. Enter the reset dhcp client release command without the variable to see the letter assigned to each vir tual circuit.
reset dhcp client renew [ vcc-id ]
Releases the DHCP lease the Netopia Gateway is currently using to acquire the IP settings for the specified DSL por t. The
vcc-id
identifier is an “index” letter in the range B-I, and does not directly map to the VCC in use. Enter the reset dhcp client release without the variable to see the letter assigned to each vir tual circuit.
reset dsl
Resets any open DSL connection.
reset ppp vccn
Resets the point-to-point connection over the specified vir tual circuit. This command only applies to vir tual circuits that use PPP framing.
show atm [all]
Displays ATM statistics for the Netopia Gateway. The optional all argument displays a more detailed set of ATM statistics.
About CONFIG Commands
show dsl
Displays DSL por t statistics, such as upstream and downstream connection rates and noise levels.
show ppp [{ stats | lcp | ipcp }]
Displays information about open PPP links. You can display a subset of the PPP statistics by including an optional stats , lcp , or ipcp argument for the show ppp command.
start ppp vccn
Opens a PPP link on the specified vir tual circuit.
About CONFIG Commands
You reach the configuration mode of the command line inter face by typing
configure
(or any truncation of
configure
, such as
con
or
config
) at the CLI SHELL prompt.
CONFIG Mode Prompt
When you are in CONFIG mode, the CLI prompt consists of the name of the Netopia Gateway followed by your current node in the hierarchy and two right angle brackets (>>). For example, when you enter CONFIG mode (by typing
config
at the SHELL prompt), the
Netopia-3000/9437188 (top)>> prompt reminds you that you are at the top of the CONFIG hierarchy. If you move to the ip node in the CONFIG hierarchy (by typing ip at the CONFIG prompt), the prompt changes to Netopia-3000/9437188 (ip)>> to identify your current location.
Some CLI commands are not available until cer tain conditions are met. For example, you must enable IP for an inter face before you can enter IP settings for that inter face.
Navigating the CONFIG Hierarchy
• Moving from CONFIG to SHELL — You can navigate from anywhere in the CONFIG hierarchy back to the SHELL level by entering quit at the CONFIG prompt and pressing
R ETURN .
237
238
Netopia-3000/9437188 (top)>> quit
Netopia-3000/9437188 >
• Moving from
top
to a subnode — You can navigate from the top node to a subnode by entering the node name (or the significant letters of the node name) at the CONFIG prompt and pressing R ETURN . For example, you move to the IP subnode by entering ip and pressing R ETURN .
Netopia-3000/9437188 (top)>> ip
Netopia-3000/9437188 (ip)>>
As a shor tcut, you can enter the significant letters of the node name in place of the full node name at the CONFIG prompt. The significant characters of a node name are the letters that uniquely identify the node. For example, since no other CONFIG node star ts with I, you could enter one letter (“
i
”) to move to the IP node.
• Jumping down several nodes at once — You can jump down several levels in the
CONFIG hierarchy by entering the complete path to a node.
• Moving up one node — You can move up through the CONFIG hierarchy one node at a time by entering the up command.
• Jumping to the top node — You can jump to the top level from anywhere in the CON-
FIG hierarchy by entering the top command.
• Moving from one subnode to another — You can move from one subnode to another by entering a par tial path that identifies how far back to climb.
• Moving from any subnode to any other subnode — You can move from any subnode to any other subnode by entering a par tial path that star ts with a top-level CONFIG command.
• Scrolling backward and forward through recent commands — You can use the Up and Down arrow keys to scroll backward and for ward through recent commands you have entered. When the command you want appears, press Enter to execute it.
About CONFIG Commands
Entering Commands in CONFIG Mode
CONFIG commands consist of keywords and arguments. Keywords in a CONFIG command specify the action you want to take or the entity on which you want to act. Arguments in a
CONFIG command specify the values appropriate to your site. For example, the CONFIG command
set ip ethernet A ip_address
consists of two keywords (
ip
,
and
ethernet A
) and one argument (ip_address).
When you use the command to configure your Gateway, you would replace the argument with a value appropriate to your site.
For example:
set ip ethernet A 192.31.222.57
239
240
Guidelines: CONFIG Commands
The following table provides guidelines for entering and formatting CONFIG commands.
Command component
Command verbs
Rules for entering CONFIG commands
Keywords
Argument Text
Numbers
IP addresses
CONFIG commands must start with a command verb (set, view, delete).
You can truncate CONFIG verbs to three characters (set, vie, del).
CONFIG verbs are case-insensitive. You can enter “SET,” “Set,” or “set.”
Keywords are case-insensitive. You can enter “Ethernet,” “ETHERNET,” or
“ethernet” as a keyword without changing its meaning.
Keywords can be abbreviated to the length that they are differentiated from other keywords.
Text strings can be as many as 64 characters long, unless otherwise specified. In some cases they may be as long as 255 bytes.
Special characters are represented using backslash notation.
Text strings may be enclosed in double (“) or single (‘) quote marks. If the text string includes an embedded space, it must be enclosed in quotes.
Special characters are represented using backslash notation.
Enter numbers as integers, or in hexadecimal, where so noted.
Enter IP addresses in dotted decimal notation (0 to 255).
If a command is ambiguous or miskeyed, the CLI prompts you to enter additional information. For example, you must specify which vir tual circuit you are configuring when you are setting up a Netopia Gateway.
Displaying Current Gateway Settings
You can use the
view
command to display the current CONFIG settings for your Netopia
Gateway. If you enter the
view
command at the top level of the CONFIG hierarchy, the CLI displays the settings for all enabled functions. If you enter the
view
command at an intermediate node, you see settings for that node and its subnodes.
Step Mode: A CLI Configuration Technique
The Netopia Gateway command line inter face includes a step mode to automate the process of entering configuration settings. When you use the CONFIG step mode, the command line inter face prompts you for all required and optional information. You can then enter the configuration values appropriate for your site without having to enter complete
CLI commands.
About CONFIG Commands
When you are in step mode, the command line inter face prompts you to enter required and optional settings. If a setting has a default value or a current setting, the command line inter face displays the default value for the command in parentheses. If a command has a limited number of acceptable values, those values are presented in brackets, with each value separated by a ver tical line. For example, the following CLI step command indicates that the default value is off and that valid entries are limited to on and off .
option (off) [on | off]: on
You can accept the default value for a field by pressing the Return key. To use a different value, enter it and press Return.
You can enter the CONFIG step mode by entering
set
from the top node of the CONFIG hierarchy. You can enter step mode for a par ticular ser vice by entering
set
service_name
.
In stepping set mode (press Control-X <Return/Enter> to exit. For example:
Netopia-3000/9437188 (top)>> set system
...
system
name (“Netopia-3000/9437188”): Mycroft
Diagnostic Level (High): medium
Stepping mode ended.
Validating Your Configuration
You can use the validate CONFIG command to make sure that your configuration settings have been entered correctly. If you use the validate command, the Netopia Gateway verifies that all required settings for all ser vices are present and that settings are consistent.
Netopia-3000/9437188 (top)>> validate
Error: Subnet mask is incorrect
Global Validation did not pass inspection!
You can use the validate command to verify your configuration settings at any time.
Your Netopia Gateway automatically validates your configuration any time you save a modified configuration.
241
242
CONFIG Commands
This section describes the keywords and arguments for the various CONFIG commands.
DSL Commands
ATM Settings. You can use the CLI to set up each ATM vir tual circuit.
set atm option {on | off }
Enables the WAN inter face of the Netopia Gateway to be configured using the Asynchronous Transfer Mode (ATM) protocol.
set atm [vcc n] option {on | off }
Selects the vir tual circuit for which fur ther parameters are set. Up to eight VCCs are suppor ted; the maximum number is dependent on your Netopia Operating System tier and the capabilities that your Ser vice Provider offers.
set atm [vcc n] qos service-class { cbr | ubr | vbr }
Sets the Quality of Ser vice class for the specified vir tual circuit – Constant (cbr), Unspecified (ubr), or Variable (vbr) Bit Rate.
• ubr: No configuration is needed for UBR VCs. Leave the default value 0 (maximum line rate).
• cbr: One parameter is required for CBR VCs. Enter the Peak Cell Rate that applies to the VC. This value should be between 1 and the line rate. You set this value according to specifications defined by your ser vice provider.
• vbr: Three parameters are required for VBR VCs. Enter the Peak Cell Rate, the Sus-
tained Cell Rate, and the Maximum Burst Size that apply to the VC. You set these values according to specifications defined by your ser vice provider.
set atm [vcc n] qos peak-cell-rate { 1 ...n }
If QoS class is set to cbr or vbr then specify the peak-cell-rate that should apply to the specified vir tual circuit. This value should be between 1 and the line rate.
The Peak Cell Rate (PCR) should be set to the maximum rate a PVC can oversubscribe its
Sustained Cell Rate (SCR). The Peak Cell Rate (see below) must be less than, or equal to
CONFIG Commands the raw WAN (DSL) bit rate. The Maximum Burst Size (MBS) is the number of cells that can be sent at the PCR rate, after which the PVC must fall back to the SCR rate.
set atm [vcc n] qos sustained-cell-rate { 1 ...n }
If QoS class is set to vbr, then specify the sustained-cell-rate that should apply to the specified vir tual circuit. This value should be less than, or equal to the Peak Cell Rate, which should be less than, or equal to the line rate.
set atm [vcc n] qos max-burst-size { 1 ...n }
If QoS class is set to vbr then specify the max-burst-size that should apply to the specified vir tual circuit. This value is the maximum number of cells that can be transmitted at the Peak Cell Rate after which the ATM VC transmission rate must drop to the Sustained
Cell Rate.
set atm [vcc n] vpi { 0 ... 255 }
Select the vir tual path identifier (vpi) for VCC n.
Your Ser vice Provider will indicate the required vpi number.
set atm [vcc n] vci { 0 ... 65535 }
Select the vir tual channel identifier (vci) for VCC n. Your Ser vice Provider will indicate the required vci number.
set atm [vccn] encap { ppp-vcmux | ppp-llc | ether-llc |
ip-llc | ppoe-vcmux | pppoe-llc }
Select the encapsulation mode for VCC n. The options are: ppp-vcmux ppp-llc ether-llc ip-llc pppoe-vcmux pppoe-llc
PPP over ATM, VC-muxed
PPP over ATM, LLC-SNAP
RFC-1483, bridged Ethernet, LLC-SNAP
RFC-1483, routed IP, LLC-SNAP
PPP over Ethernet, VC-muxed
PPP over Ethernet, LLC-SNAP
243
244
Your Ser vice Provider will indicate the required encapsulation mode.
set atm [vccn] pppoe-sessions { 1 ... 8 }
Select the number of PPPoE sessions to be configured for
VCC 1, up to a total of eight. The total number of pppoe-sessions and PPPoE VCCs configured must be less than or equal to eight.
Bridging Settings
Bridging lets the Netopia Gateway use MAC (Ethernet hardware) addresses to for ward non-
TCP/IP traffic from one network to another. When bridging is enabled, the Netopia Gateway maintains a table of up to 512 MAC addresses. Entries that are not used within 30 seconds are dropped. If the bridging table fills up, the oldest table entries are dropped to make room for new entries.
Vir tual circuits that use IP framing cannot be bridged.
☛
NOTE:
For bridging in the 3341 (or any model with a USB por t), you cannot set the
bridge option off, or bridge ethernet option off; these are on by default because of the USB por t.
Common Commands set bridge sys-bridge {on | off }
Enables or disables bridging ser vices in the Netopia Gateway. You must enable bridging ser vices within the Netopia Gateway before you can enable bridging for a specific interface.
set bridge concurrent-bridging-routing {on | off }
Enables or disables Concurrent Bridging/Routing.
CONFIG Commands
set bridge ethernet option { on | off }
Enables or disables bridging ser vices for the specified vir tual circuit using Ethernet framing.
set bridge dsl vcc n option { on | off }
Enables or disables bridging ser vices for the specified inter face. Specified inter face must be par t of a VLAN if bridge is turned on. Only RFC-1483 Bridged encapsulation is suppor ted currently.
• show log command will show that WAN Bridge is enabled when at least one WAN interface is bridged.
• show ip interfaces and show bridge interfaces commands will show the inter faces that are not in bridged mode and that are in bridged modes, respectively.
set bridge table-timeout [ 30 ... 6000 ]
Sets the timeout value for bridging table timeout. Default = 30 secs; range = 30 secs –
6000 secs (.5–100 mins).
DHCP Settings
As a Dynamic Host Control Protocol (DHCP) ser ver, your Netopia Gateway can assign IP addresses and provide configuration information to other devices on your network dynamically. A device that acquires its IP address and other TCP/IP configuration settings from the
Netopia Gateway can use the information for a fixed period of time (called the DHCP lease).
Common Commands set dhcp option { off | server | relay-agent }
Enables or disables DHCP ser vices in the Netopia Gateway. You must enable DHCP services before you can enter other DHCP settings for the Netopia Gateway.
If you turn off DHCP ser vices and save the new configuration, the Netopia Gateway clears its DHCP settings.
245
246 set dhcp start-address ip_address
If you selected server , specifies the first address in the DHCP address range. The Netopia Gateway can reser ve a sequence of up to 253 IP addresses within a subnet, beginning with the specified address for dynamic assignment.
set dhcp end-address ip_address
If you selected server , specifies the last address in the DHCP address range.
set dhcp lease-time lease-time
If you selected server
,
specifies the default length for DHCP leases issued by the
Netopia Gateway. Enter lease time in dd:hh:mm:ss (day/hour/minute/second) format.
set dhcp server-address ip_address
If you selected relay-agent , specifies the IP address of the relay agent ser ver.
CONFIG Commands
DMT Settings
DSL Commands set dmt type [ lite | dmt | ansi | multi | adsl2 | adsl2+ | readsl2 |
adsl2anxm | adsl2+anxm ]
Selects the type of Discrete Multitone (DMT) asynchronous digital subscriber line (ADSL) protocol to use for the WAN inter face.
Beginning with Firmware Version 7.6, the type value also supports the following settings on cer tain model units: adsl2, adsl2+, readsl2, adsl2anxm, adsl2+anxm.
☛
NOTE:
Some dmt type settings are now supported for many Annex B (335xN) platforms. 2200 Series and 33xxN Series models are suppor ted. Currently,
adsl2anxm and adsl2+anxm are not supported in Annex B.
set dmt autoConfig [ off | on ]
Enables suppor t for automatic VPI/VCI detection and configuration. When set to on (the default), a pre-defined list of VPI/VCI pairs are searched to find a valid configuration for your ADSL line. Entering a value for the VPI or VCI setting will disable this feature.
set dmt wiringMode [ auto | tip_ring | A_A1 ]
(not suppor ted on all models) This command configures the wiring mode setting for your
ADSL line. Selecting auto (the default) causes the Gateway to detect which pair of wires
(inner or outer pair) are in use on your phone line. Specifying tip_ring forces the inner pair to be used; and A_A1 the outer pair.
set dmt metallic-termination [ auto | disabled | always_on ]
(not suppor ted on all models) Beginning with firmware version 7.5.2, this command allows you to apply a sealing current to “dr y” DSL lines so that the wiring doesn’t corrode.
247
248
• auto - The device will scan for standard telephone service (POTS). If it finds POTS, it disables metallic termination. If it does not find POTS during the search period, then metallic termination is enabled.
• disabled - There is no POTS detection, and metallic termination is disabled.
• always_on - The device will scan for POTS for information only. Metallic termination is always enabled.
Domain Name System Settings
Domain Name System (DNS) is an information ser vice for TCP/IP networks that uses a hierarchical naming system to identify network domains and the hosts associated with them. You can identify a primar y DNS ser ver and one secondar y ser ver.
Common Commands set dns domain-name domain-name
Specifies the default domain name for your network. When an application needs to resolve a host name, it appends the default domain name to the host name and asks the DNS ser ver if it has an address for the “fully qualified host name.”
set dns primary-address ip_address
Specifies the IP address of the primar y DNS name ser ver.
set dns proxy-enable
This allows you to disable the default behavior of acting as a DNS proxy. The default is on.
set dns secondary-address ip_address
Specifies the IP address of the secondar y DNS name ser ver. Enter
0.0.0.0
if your network does not have a secondar y DNS name ser ver.
Dynamic DNS Settings
These commands are suppor ted beginning with Firmware Version 7.4.2.
Dynamic DNS suppor t allows you to use the free ser vices of www.dyndns.org. Dynamic
DNS automatically directs any public Internet request for your computer's name to your cur-
CONFIG Commands rent dynamically-assigned IP address. This allows you to get to the IP address assigned to your Gateway, even though your actual IP address may change as a result of a PPPoE connection to the Internet.
set dynamic-dns option [ off | dyndns.org ] set dynamic-dns ddns-host-name myhostname.dyndns.org
set dynamic-dns ddns-user-name myusername set dynamic-dns ddns-user-password myuserpassword
Enables or disables dynamic DNS ser vices. The default is off. If you specify dyndns.org, you must supply your hostname, username for the ser vice, and password.
Because different dynamic DNS vendors use different proprietar y protocols, currently only www.dyndns.org is suppor ted.
IGMP Settings
These commands are suppor ted beginning with Firmware Version 7.5.1.
set igmp snooping [ off | on ]
Enables IGMP Snooping. See “IGMP (Internet Group Management Protocol)” on page 97
for detailed explanation.
set igmp robustness value
Sets IGMP robustness range: from 2 – 255. The default is 2. See
Management Protocol)” on page 97 for detailed explanation.
set igmp query-intvl value
Sets the quer y-inter val range: from 10 seconds – 600 seconds, The default is 125 sec-
onds. See “IGMP (Internet Group Management Protocol)” on page 97
for detailed explanation.
set igmp query-response-intvl value
Sets the quer y-response inter val range: from 5 deci-seconds (tenths of a second) – 255 deci-seconds. The default is 100 deci-seconds. See
“IGMP (Internet Group Management
Protocol)” on page 97 for detailed explanation.
249
250
IP Settings
You can use the command line inter face to specify whether TCP/IP is enabled, identify a default Gateway, and to enter TCP/IP settings for the Netopia Gateway LAN and WAN por ts.
☛
NOTE:
For the DSL platform you must identify the vir tual PPP inter face [ vccn], a number from 1 to 8.
Common Settings set ip option { on | off }
Enables or disables TCP/IP ser vices in the Netopia Gateway. You must enable TCP/IP services before you can enter other TCP/IP settings for the Netopia Gateway. If you turn off
TCP/IP ser vices and save the new configuration, the Netopia Gateway clears its TCP/IP settings.
ARP Timeout Settings set ip arp-timeout [ 60 ... 6000 ]
Sets the timeout value for ARP timeout. Default = 600 secs (10 mins); range = 60 secs -
6000 secs (1–100 mins).
DSL Settings set ip dsl vccn address ip_address
Assigns an IP address to the vir tual circuit. Enter 0.0.0.0 if you want the vir tual circuit to obtain its IP address from a remote DHCP ser ver.
set ip dsl vccn broadcast broadcast_address
Specifies the broadcast address for the TCP/IP network connected to the vir tual circuit. IP hosts use the broadcast address to send messages to ever y host on your network simultaneously.
CONFIG Commands
The broadcast address for most networks is the network number followed by 255. For example, the broadcast address for the 192.168.1.0 network would be 192.168.1.255.
set ip dsl vccn netmask netmask
Specifies the subnet mask for the TCP/IP network connected to the vir tual circuit. The subnet mask specifies which bits of the 32-bit binar y IP address represents network information. The default subnet mask for most networks is 255.255.255.0 (Class C subnet mask).
set ip dsl vccn restriction { admin-disabled | none }
Specifies restrictions on the types of traffic the Netopia Gateway accepts over the DSL virtual circuit. The admin-disabled argument means that access to the device via telnet, web, and SNMP is disabled. RIP and ICMP traffic is still accepted. The none argument means that all traffic is accepted.
set ip dsl vccn addr-mapping { on | off }
Specifies whether you want the Netopia Gateway to use network address translation (NAT) when communicating with remote routers. Address mapping lets you conceal details of your network from remote routers. It also permits all LAN devices to share a single IP address. By default, address mapping is turned “On”.
set ip dsl vccn rip-send { off | v1 | v2 | v1-compat | v2-MD5 }
Specifies whether the Netopia Gateway should use Routing Information Protocol (RIP) broadcasts to adver tise its routing tables to other routers. RIP Version 2 (RIP-2) is an extension of the original Routing Information Protocol (RIP-1) that expands the amount of useful information in the RIP packets. While RIP-1 and RIP-2 share the same basic algorithms, RIP-2 suppor ts several additional features, including inclusion of subnet masks in
RIP packets and implementation of multicasting instead of broadcasting (which reduces the load on hosts which do not suppor t routing protocols. RIP-2 with MD5 authentication is an extension of RIP-2 that increases security by requiring an authentication key when routes are adver tised.
Depending on your network needs, you can configure your Netopia Gateway to suppor t RIP-
1, RIP-2, or RIP-2MD5.
251
252
If you specify v2-MD5, you must also specify a rip-send-key. Keys are ASCII strings with a maximum of 31 characters, and must match the other router(s) keys for proper operation of MD5 suppor t.
set ip dsl vccn rip-receive
{ off | v1 | v2 | v1-compat | v2-MD5 }
Specifies whether the Netopia Gateway should use Routing Information Protocol (RIP) broadcasts to update its routing tables with information received from other routers.
If you specify v2-MD5, you must also specify a rip-receive-key. Keys are ASCII strings with a maximum of 31 characters, and must match the other router(s) keys for proper operation of MD5 suppor t.
Ethernet LAN Settings set ip ethernet A option { on | off }
Enables or disables communications through the designated Ethernet por t in the Gateway.
You must enable TCP/IP functions for an Ethernet por t before you can configure its network settings.
set ip ethernet A address ip_address
Assigns an IP address to the Netopia Gateway on the local area network. The IP address you assign to the local Ethernet inter face must be unique on your network. By default, the
Netopia Gateway uses 192.168.1.254 as its LAN IP address.
set ip ethernet A broadcast broadcast_address
Specifies the broadcast address for the local Ethernet inter face. IP hosts use the broadcast address to send messages to ever y host on your network simultaneously.
The broadcast address for most networks is the network number followed by 255. For example, the broadcast address for the 192.168.1.0 network would be 192.168.1.255.
CONFIG Commands
set ip ethernet A netmask netmask
Specifies the subnet mask for the local Ethernet inter face. The subnet mask specifies which bits of the 32-bit binar y IP address represent network information. The default subnet mask for most networks is 255.255.255.0 (Class C subnet mask).
set ip ethernet A restrictions { none | admin-disabled }
Specifies whether an administrator can open a telnet connection to a Netopia Gateway over an Ethernet inter face ( A = the LAN; B = the WAN, in the case of Ethernet WAN models) to monitor and configure the unit.
The admin-disabled argument prevents access to the device via telnet, web, and SNMP.
By default, administrative restrictions are none on the LAN, but admin-disabled is set on the WAN. This means that, by default, an administrator can open, for example, a telnet connection from the LAN, but not the WAN.
set ip ethernet A rip-send
{ off | v1 | v2 | v1-compat | v2-MD5 }
Specifies whether the Netopia Gateway should use Routing Information Protocol (RIP) broadcasts to adver tise its routing tables to other routers on your network. RIP Version 2
(RIP-2) is an extension of the original Routing Information Protocol (RIP-1) that expands the amount of useful information in the RIP packets. While RIP-1 and RIP-2 share the same basic algorithms, RIP-2 suppor ts several additional features, including inclusion of subnet masks in RIP packets and implementation of multicasting instead of broadcasting (which reduces the load on hosts which do not suppor t routing protocols. RIP-2 with MD5 authentication is an extension of RIP-2 that increases security by requiring an authentication key when routes are adver tised.
If you specify v2-MD5, you must also specify a rip-send-key. Keys are ASCII strings with a maximum of 31 characters, and must match the other router(s) keys for proper operation of MD5 suppor t.
Depending on your network needs, you can configure your Netopia Gateway to suppor t RIP-
1, RIP-2, or RIP-2MD5.
253
254 set ip ethernet A rip-receive { off | v1 | v2 | v1-compat | v2-MD5 }
Specifies whether the Netopia Gateway should use Routing Information Protocol (RIP) broadcasts to update its routing tables with information received from other routers on your network.
If you specify v2-MD5, you must also specify a rip-receive-key. Keys are ASCII strings with a maximum of 31 characters, and must match the other router(s) keys for proper operation of MD5 suppor t.
Default IP Gateway Settings set ip gateway option { on | off }
Specifies whether the Netopia Gateway should send packets to a default Gateway if it does not know how to reach the destination host.
set ip gateway interface {
ip-address | ppp-vccn }
Specifies how the Netopia Gateway should route information to the default Gateway. If you select ip-address, you must enter the IP address of a host on a local or remote network.
If you specify ppp, the Netopia unit uses the default gateway being used by the remote
PPP peer.
IP-over-PPP Settings. Use the following commands to configure settings for routing IP over a vir tual PPP inter face.
☛
NOTE:
For a DSL platform you must identify the vir tual PPP inter face [ vccn], a number from 1 to 8.
set ip ip-ppp [ vccn] option { on | off }
Enables or disables IP routing through the vir tual PPP inter face. By default, IP routing is turned on. If you turn off IP routing and save the new configuration, the Netopia Gateway clears IP routing settings
CONFIG Commands
set ip ip-ppp
[
vccn
]
address ip_address
Assigns an IP address to the vir tual PPP inter face. If you specify an IP address other than
0.0.0.0, your Netopia Gateway will not negotiate its IP address with the remote peer. If the remote peer does not accept the IP address specified in the ip_address argument as valid, the link will not come up.
The default value for the ip_address argument is 0.0.0.0, which indicates that the virtual PPP inter face will use the IP address assigned to it by the remote peer. Note that the remote peer must be configured to supply an IP address to your Netopia Gateway if you enter 0.0.0.0 for the ip_address argument.
set ip ip-ppp [ vccn] peer-address ip_address
Specifies the IP address of the peer on the other end of the PPP link. If you specify an IP address other than 0.0.0.0, your Netopia Gateway will not negotiate the remote peer's IP address. If the remote peer does not accept the address in the ip_address argument as its IP address (typically because it has been configured with another IP address), the link will not come up.
The default value for the ip_address argument is 0.0.0.0, which indicates that the virtual PPP inter face will accept the IP address returned by the remote peer. If you enter
0.0.0.0, the peer system must be configured to supply this address.
set ip ip-ppp [ vccn] restriction { admin-disabled | none }
Specifies restrictions on the types of traffic the Netopia Gateway accepts over the PPP virtual circuit. The admin-disabled argument means that access to the device, via telnet, web and SNMP is disabled. The none argument means that all traffic is accepted.
set ip ip-ppp [ vccn] addr-mapping { on | off }
Specifies whether you want the Netopia Gateway to use network address translation (NAT) when communicating with remote routers. Network address translation lets you conceal details of your network from remote routers. By default, address mapping is turned on.
255
256 set ip ip-ppp [ vccn] rip-send { off | v1 | v2 | v1-compat | v2-MD5 }
Specifies whether the Netopia Gateway unit should use Routing Information Protocol (RIP) broadcasts to adver tise its routing tables to routers on the other side of the PPP link. An extension of the original Routing Information Protocol (RIP-1), RIP Version 2 (RIP-2) expands the amount of useful information in the packets. While RIP-1 and RIP-2 share the same basic algorithms, RIP-2 suppor ts several new features. For example, inclusion of subnet masks in RIP packets and implementation of multicasting instead of broadcasting.
This last feature reduces the load on hosts which do not suppor t routing protocols. RIP-2 with MD5 authentication is an extension of RIP-2 that increases security by requiring an authentication key when routes are adver tised.
This command is only available when address mapping for the specified vir tual circuit is turned “off”.
If you specify v2-MD5, you must also specify a rip-send-key. Keys are ASCII strings with a maximum of 31 characters, and must match the other router(s) keys for proper operation of MD5 suppor t.
set ip ip-ppp [ vccn] rip-receive { off | v1 | v2 | v1-compat | v2-MD5 }
Specifies whether the Netopia Gateway should use Routing Information Protocol (RIP) broadcasts to update its routing tables with information received from other routers on the other side of the PPP link.
If you specify v2-MD5, you must also specify a rip-receive-key. Keys are ASCII strings with a maximum of 31 characters, and must match the other router(s) keys for proper operation of MD5 suppor t.
CONFIG Commands
Static ARP Settings
Your Netopia Gateway maintains a dynamic Address Resolution Protocol (ARP) table to map
IP addresses to Ethernet (MAC) addresses. Your Netopia Gateway populates this ARP table dynamically, by retrieving IP address/MAC address pairs only when it needs them. Optionally, you can define static ARP entries to map IP addresses to their corresponding Ethernet
MAC addresses. Unlike dynamic ARP table entries, static ARP table entries do not time out.
You can configure as many as 16 static ARP table entries for a Netopia Gateway. Use the following commands to add static ARP entries to the Netopia Gateway static ARP table:
set ip static-arp
ip-address
ip_address
Specifies the IP address for the static ARP entr y. Enter an IP address in the ip_address argument in dotted decimal format. The ip_address argument cannot be 0.0.0.0.
set ip static-arp
ip-address
ip_address
hardware-address
MAC_address
Specifies the Ethernet hardware address for the static ARP entr y. Enter an Ethernet hardware address in the MAC_address argument in
nn.nn.nn.nn.nn.nn
(hexadecimal) format.
IGMP Forwarding set ip igmp-forwarding [ off | on ]
Turns IP IGMP for warding off or on. The default is off.
IPsec Passthrough set ip ipsec-passthrough [ off | on ]
Turns IPsec client passthrough off or on. The default is on.
257
258
IP Prioritization set ip prioritize [ off | on ]
Allows you to suppor t traffic that has the TOS bit set. This defaults to off.
Differentiated Services (DiffServ)
The commands in this section are suppor ted beginning with Firmware Version 7.4.2.
set diffserv option [ off | on ]
Turns the DiffSer v option off (default) or on. on enables the service and IP TOS bits are used, even if no flows are defined. Consequently, if the end-point nodes provide TOS settings from an application that can be interpreted as one of the suppor ted states, the Gateway will handle it as if it actively marked the TOS field itself.
☛
NOTE:
The Gateway itself will not override TOS bit settings made by the endpoints.
Suppor t for source-provided IP TOS priorities within the Gateway is achieved simply by turning the DiffSer ve option “on” and by setting the lohi-asymmetr y to adjust the behavior of the Gateway’s internal queues.
set diffserv lohi-ratio [ 60 - 100 percent ]
Sets a percentage between 60 and 100 used to regulate the level of packets allowed to be pending in the low priority queue. The default is 92. It can be used in some degree to adjust the relative throughput bandwidth for low- versus high-priority traffic.
CONFIG Commands
set diffserv custom-flows name name
protocol [ TCP | UDP | ICMP | other ]
direction [ outbound | inbound | both ]
start-port [ 0 - 49151 ]
end-port [ 0 - 49151 ]
inside-ip inside-ip-addr
inside-ip-mask inside-ip-netmask outside-ip outside-ip-addr
outside-ip-mask outside-ip-netmask
qos [ off | assure | expedite ]
Defines or edits a custom flow. Select a name for the custom-flow from the set command.
The CLI will step into the newly-named or previously-defined flow for editing.
• protocol – Allows you to choose the IP protocol for the stream: TCP, UDP, ICMP, or
other.
other is appropriate for setting up flows on protocols with non-standard port definitions, for example, IPSEC or PPTP. If you select other, an additional field, numbered-proto-
col will appear with a range of 0–255. Choose the protocol number from this field.
• direction – Allows you to choose whether to apply the marking and gateway queue behavior for inbound packets, outbound packets, or to both. If the Gateway is used as an “edge” gateway, its more impor tant function is to mark the packets for high-priority streams in the outbound direction.
• start-port/end-port – Allows you to specify a range of ports to check for a particular flow, if the protocol selection is TCP or UDP.
• inside-ip/mask – If you want packets originating from a certain LAN IP address to be marked, enter the IP address and subnet mask here. If you leave the address equal to zero, this check is ignored for outbound packets. The check is always ignored for inbound packets. The DiffSer ve queuing function must be applied ahead of NAT; and, before NAT re-maps the inbound packets, all inbound packets are destined for the Gateway's WAN IP address.
• outside-ip/mask – If you want packets destined for and originating from a certain WAN
IP address to be marked, enter this address and subnet mask here. If you leave the address equal to zero, the outside address check is ignored. For outbound flows, the outside address is the destination IP address for the packets. For inbound packets, the outside address is the source IP address for the packets.
Note:
When setting the Inside/Outside IP Address/Netmask settings, note that a netmask value can be used to configure for a network rather than a single IP address.
259
260
• qos – Allows you to specify the Quality of Service for the flow: off, assure, or expedite.
These are used both to mark the IP TOS byte and to distribute packets into the queues as if they were marked by the source.
SIP Passthrough set ip sip-passthrough [ on | off ]
Turns Session Initiation Protocol application layer gateway client passthrough on or off.
The default is on.
Session Initiation Protocol, is a signaling protocol for Internet conferencing, telephony, presence, events notification and instant messaging.
Static Route Settings
A static route identifies a manually configured pathway to a remote network. Unlike dynamic routes, which are acquired and confirmed periodically from other routers, static routes do not time out. Consequently, static routes are useful when working with PPP, since an intermittent PPP link may make maintenance of dynamic routes problematic.
You can configure as many as 32 static IP routes for a Netopia Gateway. Use the following commands to maintain static routes to the Netopia Gateway routing table:
set ip static-routes
destination-network
net_address
Specifies the network address for the static route. Enter a network address in the net_address argument in dotted decimal format. The net_address argument cannot be 0.0.0.0.
set ip static-routes
destination-network
net_address
netmask netmask
Specifies the subnet mask for the IP network at the other end of the static route. Enter the netmask argument in dotted decimal format. The subnet mask associated with the destination network must represent the same network class (A, B, or C) or a lower class (such as a class C subnet mask for class B network number) to be valid.
CONFIG Commands
set ip static-routes destination-network net_address
interface { ip-address | ppp-vccn }
Specifies the inter face through which the static route is accessible.
set ip static-routes destination-network net_address
gateway-address gate_address
Specifies the IP address of the Gateway for the static route. The default Gateway must be located on a network connected to the Netopia Gateway configured inter face.
set ip static-routes destination-network net_address
metric integer
Specifies the metric (hop count) for the static route. The default metric is 1. Enter a number from 1 to 15 for the integer argument to indicate the number of routers (actual or best guess) a packet must traverse to reach the remote network.
You can enter a metric of 1 to indicate either:
• The remote network is one router away and the static route is the best way to reach it;
• The remote network is more than one router away but the static route should not be replaced by a dynamic route, even if the dynamic route is more efficient.
set ip static-routes destination-network net_address
rip-advertise [ SplitHorizon | Always | Never ]
Specifies whether the gateway should use Routing Information Protocol (RIP) broadcasts to adver tise to other routers on your network and which mode to use. The default is SplitHorizon.
delete ip static-routes destination-network net_address
Deletes a static route. Deleting a static route removes all information associated with that route.
261
262
IPMaps Settings set ip-maps name < name> internal-ip <ip address>
Specifies the name and static ip address of the LAN device to be mapped.
set ip-maps name < name> external-ip <ip address>
Specifies the name and static ip address of the WAN device to be mapped.
Up to 8 mapped static IP addresses are suppor ted.
Network Address Translation (NAT) Default Settings
NAT default settings let you specify whether you want your Netopia Gateway to for ward NAT traffic to a default ser ver when it doesn’t know what else to do with it. The NAT default host function is useful in situations where you cannot create a specific NAT pinhole for a traffic stream because you cannot anticipate what por t number an application might use. For example, some network games select arbitrar y por t numbers when a connection is being opened. By identifying your computer (or another host on your network) as a NAT default ser ver, you can specify that NAT traffic that would other wise be discarded by the Netopia
Gateway should be directed to a specific hosts.
set nat-default mode [ off | default-server | ip-passthrough ]
Specifies whether you want your Netopia Gateway to for ward unsolicited traffic from the
WAN to a default ser ver or an IP passthrough host when it doesn’t know what else to do with it. See
for more information.
set nat-default dhcp-enable [ on | off ]
Allows the IP passthrough host to acquire its IP address via DHCP, if ip-passthrough is enabled.
set nat-default address ip_address
Specifies the IP address of the NAT default ser ver.
CONFIG Commands
set nat-default host-hardware-address MAC_address }
Specifies the hardware (MAC) address of the IP passthrough host.
Network Address Translation (NAT) Pinhole Settings
NAT pinholes let you pass specific types of network traffic through the NAT inter faces on the Netopia Gateway. NAT pinholes allow you to route selected types of network traffic, such as FTP requests or HTTP (Web) connections, to a specific host behind the Netopia
Gateway transparently.
To set up NAT pinholes, you identify the type(s) of traffic you want to redirect by por t number, and you specify the internal host to which each specified type of traffic should be directed.
The following list identifies protocol type and por t number for common TCP/IP protocols:
• FTP (TCP 21)
• telnet (TCP 23)
• SMTP (TCP 25),
• TFTP (UDP 69)
• SNMP (TCP 161, UDP 161)
set pinhole name name
Specifies the identifier for the entr y in the router's pinhole table. You can name pinhole table entries sequentially (1, 2, 3), by por t number (21, 80, 23), by protocol, or by some other naming scheme.
set pinhole name name protocol-select { tcp | udp }
Specifies the type of protocol being redirected.
set pinhole name name external-port-start [ 0 - 49151 ]
Specifies the first por t number in the range being translated.
263
264 set pinhole name name external-port-end [ 0 - 49151 ]
Specifies the last por t number in the range being translated.
set pinhole name name internal-ip internal-ip
Specifies the IP address of the internal host to which traffic of the specified type should be transferred.
set pinhole name name internal-port [ 0 - 65535 ]
Specifies the por t number your Netopia Gateway should use when for warding traffic of the specified type. Under most circumstances, you would use the same number for the external and internal por t.
PPPoE /PPPoA Settings
You can use the following commands to configure basic settings, por t authentication settings, and peer authentication settings for PPP inter faces on your Netopia Gateway.
Configuring Basic PPP Settings.
☛
NOTE:
For the DSL platform you must identify the vir tual PPP inter face [ vccn], a number from 1 to 8.
set ppp module [vccn] option { on | off }
Enables or disables PPP on the Netopia Gateway.
set ppp module [vccn] auto-connect { on | off }
Suppor ts manual mode required for some vendors. The default on is not normally changed. If auto-connect is disabled ( off), you must manually start/stop a ppp connection.
CONFIG Commands
set ppp module [vccn] mru integer
Specifies the Maximum Receive Unit (MRU) for the PPP inter face. The integer argument can be any number between 128 and 1492 for PPPoE; 1500 other wise.
set ppp module [vccn] magic-number { on | off }
Enables or disables LCP magic number negotiation.
set ppp module [vccn] protocol-compression { on | off }
Specifies whether you want the Netopia Gateway to compress the PPP Protocol field when it transmits datagrams over the PPP link.
set ppp module [vccn] lcp-echo-requests { on | off }
Specifies whether you want your Netopia Gateway to send LCP echo requests. You should turn off LCP echoing if you do not want the Netopia Gateway to drop a PPP link to a nonresponsive peer.
set ppp module [vccn] echo-period integer
Specifies the number of seconds the Netopia Gateway should wait before sending another echo from an LCP echo request. The integer argument can be any number from between 5 and 300 (seconds).
set ppp module [vccn] lost-echoes-max integer
Specifies the maximum number of lost echoes the Netopia Gateway should tolerate before bringing down the PPP connection. The integer argument can be any number from between
1 and 20.
set ppp module [vccn] failures-max integer
Specifies the maximum number of Configure-NAK messages the PPP module can send without having sent a Configure-ACK message. The integer argument can be any number between 1 and 20.
265
266 set ppp module [vccn] configure-max integer
Specifies the maximum number of unacknowledged configuration requests that your Netopia Gateway will send. The integer argument can be any number between 1 and 20.
set ppp module [vccn] terminate-max integer
Specifies the maximum number of unacknowledged termination requests that your Netopia
Gateway will send before terminating the PPP link. The integer argument can be any number between 1 and 10.
set ppp module [vccn] restart-timer integer
Specifies the number of seconds the Netopia Gateway should wait before retransmitting a configuration or termination request. The integer argument can be any number between 1 and 30.
set ppp module [vccn] connection-type
{ instant-on | always-on }
Specifies whether a PPP connection is maintained by the Netopia Gateway when it is unused for extended periods. If you specify always-on, the Netopia Gateway never shuts down the PPP link. If you specify instant-on, the Netopia Gateway shuts down the PPP link after the number of seconds specified in the time-out setting (below) if no traffic is moving over the circuit.
set ppp module [vccn] time-out integer
If you specified a connection type of instant-on, specifies the number of seconds, in the range 30 - 3600, with a default value of 300, the Netopia Gateway should wait for communication activity before terminating the PPP link.
Configuring Port Authentication. You can use the following command to specify how your Netopia Gateway should respond when it receives an authentication request from a remote peer.
The settings for por t authentication on the local Netopia Gateway must match the authentication that is expected by the remote peer. For example, if the remote peer requires CHAP authentication and has a name and CHAP secret for the Netopia Gateway, you must enable
CONFIG Commands
CHAP and specify the same name and secret on the Netopia Gateway before the link can be established.
set ppp module [vccn] port-authentication
option [ off | on | pap-only | chap-only ]
Specifying on turns both PAP and CHAP on, or you can select PAP or CHAP. Specify the username and password when por t authentication is turned on (both CHAP and PAP,
CHAP or PAP.) Authentication must be enabled before you can enter other information.
set ppp module [vccn] port-authentication username username
The username argument is 1 – 255 alphanumeric characters. The information you enter must match the username configured in the PPP peer's authentication database.
set ppp module [vccn] port-authentication password password
The password argument is 1 – 128 alphanumeric characters. The information you enter must match the password used by the PPP peer.
Ethernet Port Settings set ethernet ethernet A mode { auto | 100M-full | 100M-full-fixed |
100M-half-fixed | 10M-full-fixed | 10M-half-fixed |
100M-half | 10M-full | 10M-half }
Allows mode setting for the ethernet por t. Only suppor ted on units without a LAN switch, or dual ethernet products (338x). In the dual ethernet case, “ethernet B” would be specified for the WAN por t. The default is auto.
Command Line Interface Preference Settings
You can set command line inter face preferences to customize your environment.
set preference verbose { on | off }
Specifies whether you want command help and prompting information displayed. By default, the command line inter face verbose preference is turned off. If you turn it on, the command line inter face displays help for a node when you navigate to that node.
267
268 set preference more lines
Specifies how many lines of information you want the command line inter face to display at one time. The lines argument specifies the number of lines you want to see at one time.
The range is 1-65535. By default, the command line inter face shows you 22 lines of text before displaying the prompt: More …[y|n] ?.
If you enter 1000 for the lines argument, the command line inter face displays information as an uninterrupted stream (which is useful for capturing information to a text file).
CONFIG Commands
Port Renumbering Settings
If you use NAT pinholes to for ward HTTP or telnet traffic through your Netopia Gateway to an internal host, you must change the por t numbers the Netopia Gateway uses for its own configuration traffic. For example, if you set up a NAT pinhole to for ward network traffic on
Por t 80 (HTTP) to another host, you would have to tell the Netopia Gateway to listen for configuration connection requests on a por t number other than 80, such as 6080.
After you have changed the por t numbers the Netopia Gateway uses for its configuration traffic, you must use those por t numbers instead of the standard numbers when configuring the Netopia Gateway. For example, if you move the router's Web ser vice to por t
“6080” on a box with a system (DNS) name of “superbox”, you would enter the URL http:/
/superbox:6080 in a Web browser to open the Netopia Gateway graphical user inter face.
Similarly, you would have to configure your telnet application to use the appropriate por t when opening a configuration connection to your Netopia Gateway.
set servers web-http [ 1 - 65534 ]
Specifies the por t number for HTTP (web) communication with the Netopia Gateway.
Because por t numbers in the range 0-1024 are used by other protocols, you should use numbers in the range 1025-65534 when assigning new por t numbers to the Netopia Gateway web configuration inter face. A setting of 0 (zero) will turn the server off.
set servers telnet-tcp [ 1 - 65534 ]
Specifies the por t number for telnet (CLI) communication with the Netopia Gateway.
Because por t numbers in the range 0-1024 are used by other protocols, you should use numbers in the range 1025-65534 when assigning new por t numbers to the Netopia Gateway telnet configuration inter face. A setting of 0 (zero) will turn the server off.
☛
NOTE:
You cannot specify a por t setting of 0 (zero) for both the web and telnet ports at the same time. This would prevent you from accessing the Gateway.
269
270
Security Settings
Security settings include the Firewall and IPSec parameters. All of the security functionality is keyed.
Firewall Settings (for BreakWater Firewall) set security firewall option [ ClearSailing | SilentRunning |
LANdLocked ]
The 3 settings for BreakWater are discussed in detail on page
.
SafeHarbour IPSec Settings
SafeHarbour VPN is a tunnel between the local network and another geographically dispersed network that is interconnected over the Internet. This VPN tunnel provides a secure, cost-effective alternative to dedicated leased lines. Internet Protocol Security
(IPsec) is a series of ser vices including encr yption, authentication, integrity, and replay protection. Internet Key Exchange (IKE) is the key management protocol of IPsec that establishes keys for encr yption and decr yption. Because this VPN software implementation is built to these standards, the other side of the tunnel can be either another Netopia unit or another IPsec/IKE based security product. For VPN you can choose to have traffic authenticated, encr ypted, or both.
When connecting the Netopia unit in a telecommuting scenario, the corporate VPN settings will dictate the settings to be used in the Netopia unit. If a parameter has not been specified from the other end of the tunnel, choose the default unless you fully understand the ramifications of your parameter choice.
set security ipsec option (off) {on | off}
Turns on the SafeHarbour IPsec tunnel capability. Default is off. See
for more information.
set security ipsec tunnels name "123"
The name of the tunnel can be quoted to allow special characters and embedded spaces.
CONFIG Commands
set security ipsec tunnels name "123" tun-enable
(on) {on | off}
This enables this par ticular tunnel. Currently, one tunnel is suppor ted.
set security ipsec tunnels name "123" dest-ext-address ip-address
Specifies the IP address of the destination gateway.
set security ipsec tunnels name "123" dest-int-network ip-address
Specifies the IP address of the destination computer or internal network.
set security ipsec tunnels name "123" dest-int-netmask netmask
Specifies the subnet mask of the destination computer or internal network. The subnet mask specifies which bits of the 32-bit IP address represents network information. The default subnet mask for most networks is 255.255.255.0 (class C subnet mask).
set security ipsec tunnels name "123" encrypt-protocol
(ESP) { ESP | none }
See
page 130 for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" auth-protocol
(ESP) {AH | ESP | none}
See
page 130 for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" IKE-mode
pre-shared-key-type (hex) {ascii | hex}
See
page 130 for details about SafeHarbour IPsec tunnel capability.
271
272 set security ipsec tunnels name "123" IKE-mode
pre-shared-key ("") {hex string}
See
page 130 for details about SafeHarbour IPsec tunnel capability.
Example: 0x1234
set security ipsec tunnels name "123" IKE-mode
neg-method {main | aggressive}
See
page 130 for details about SafeHarbour IPsec tunnel capability.
Note: Aggressive Mode is a little faster, but it does not provide identity protection for negotiations nodes.
set security ipsec tunnels name "123" IKE-mode
DH-group (1) { 1 | 2 | 5}
See
page 130 for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" IKE-mode
isakmp-SA-encrypt (DES) { DES | 3DES }
See
page 130 for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" IKE-mode
ipsec-mtu mtu_value
This command is suppor ted beginning with Version 7.4
The Maximum Transmission Unit is a link layer restriction on the maximum number of bytes of data in a single transmission. The maximum allowable value (also the default) is
1500, and the minimum is 100.
set security ipsec tunnels name "123" IKE-mode isakmp-SA-hash
(MD5) {MD5 | SHA1}
See
page 130 for details about SafeHarbour IPsec tunnel capability.
CONFIG Commands
set security ipsec tunnels name "123" IKE-mode PFS-enable
{ off | on }
See
page 130 for details about SafeHarbour IPsec tunnel capability.
set security ipsec tunnels name "123" IKE-mode invalid-spi-recovery
{ off | on }
Enables the Gateway to re-establish the tunnel if either the Netopia Gateway or the peer gateway is rebooted.
set security ipsec tunnels name "123" xauth enable {off | on }
Enables or disables Xauth extensions to IPsec, when IKE-mode neg-method is set to
aggressive. Default is off.
set security ipsec tunnels name "123" xauth username username
Sets the Xauth username, if Xauth is enabled.
set security ipsec tunnels name "123" xauth password password
Sets the Xauth password, if Xauth is enabled.
set security ipsec tunnels name "123" nat-enable { on | off }
Enables or disables NAT on the specified IPsec tunnel. The default is off.
set security ipsec tunnels name "123" nat-pat-address ip-address
Specifies the NAT por t address translation IP address for the specified IPsec tunnel.
set security ipsec tunnels name "123" local-id-type
{ IP-address | Subnet | Hostname | ASCII }
Specifies the NAT local ID type for the specified IPsec tunnel, when Aggressive Mode is set.
273
274 set security ipsec tunnels name "123" local-id id_value
Specifies the NAT local ID value as specified in the local-id-type for the specified IPsec tunnel, when Aggressive Mode is set.
☛
Note: If subnet is selected, the following two values are used instead:
set security ipsec tunnels name "123" local-id-addr ip-address set security ipsec tunnels name "123" local-id-mask ip-mask set security ipsec tunnels name "123" remote-id-type
{ IP-address | Subnet | Hostname | ASCII }
Specifies the NAT remote ID type for the specified IPsec tunnel, when Aggressive Mode is set.
set security ipsec tunnels name "123" remote-id id_value
Specifies the NAT remote ID value as specified in the remote-id-type for the specified
IPsec tunnel, when Aggressive Mode is set.
☛
Note: If subnet is selected, the following two values are used instead:
set security ipsec tunnels name "123" remote-id-addr ip-address set security ipsec tunnels name "123" remote-id-mask ip-mask
CONFIG Commands
Internet Key Exchange (IKE) Settings
The following four IPsec parameters configure the rekeying event.
set security ipsec tunnels name "123" IKE-mode
ipsec-soft-mbytes (1000) {1-1000000} set security ipsec tunnels name "123" IKE-mode
ipsec-soft-seconds (82800) {60-1000000} set security ipsec tunnels name "123" IKE-mode
ipsec-hard-mbytes (1200) {1-1000000} set security ipsec tunnels name "123" IKE-mode
ipsec-hard-seconds (86400) {60-1000000}
• The soft parameters designate when the system negotiates a new key. For example, after 82800 seconds (23 hours) or 1 Gbyte has been transferred (whichever comes first) the key will be renegotiated.
• The hard parameters indicate that the renegotiation must be complete or the tunnel will be disabled. For example, 86400 seconds (24 hours) means that the renegotiation must be complete within one day.
Both ends of the tunnel set parameters, and typically they will be the same. If they are not the same, the rekey event will happen when the longest time period expires or when the largest amount of data has been sent.
275
276
Stateful Inspection
Stateful inspection options are accessed by the security state-insp tag.
set security state-insp [ ip-ppp | dsl ] vcc n option [ off | on ] set security state-insp ethernet [ A | B ] option [ off | on ]
Sets the stateful inspection option off or on on the specified inter face. This option is disabled by default. Stateful inspection prevents unsolicited inbound access when NAT is disabled.
set security state-insp [ ip-ppp | dsl ] vcc n
default-mapping [ off | on ] set security state-insp ethernet [ A | B ]
default-mapping [ off | on ]
Sets stateful inspection default mapping to router option off or on on the specified interface.
set security state-insp [ ip-ppp | dsl ] vcc n tcp-seq-diff
[ 0 - 65535 ] set security state-insp ethernet [ A | B ] tcp-seq-diff
[ 0 - 65535 ]
Sets the acceptable TCP sequence difference on the specified inter face. The TCP sequence number difference maximum allowed value is 65535. If the value of tcp-seq-diff is 0, it means that this check is disabled.
set security state-insp [ ip-ppp | dsl ] vcc n
deny-fragments [ off | on ] set security state-insp ethernet [ A | B ]
deny-fragments [ off | on ]
Sets whether fragmented packets are allowed to be received or not on the specified interface.
set security state-insp tcp-timeout [ 30 - 65535 ]
Sets the stateful inspection TCP timeout inter val, in seconds.
CONFIG Commands
set security state-insp udp-timeout [ 30 - 65535 ]
Sets the stateful inspection UDP timeout inter val, in seconds.
set security state-insp xposed-addr exposed-address# " n"
Allows you to add an entr y to the specified list, or, if the list does not exist, creates the list for the stateful inspection feature. xposed-addr settings only apply if NAT is off.
Example:
set security state-insp xposed-addr exposed-address# (?): 32
32 has been added to the xposed-addr list.
Sets the exposed list address number.
set security state-insp xposed-addr
exposed-address# " n" start-ip ip_address
Sets the exposed list range star ting IP address, in dotted quad format.
set security state-insp xposed-addr
exposed-address# " n" end-ip ip_address
Sets the exposed list range ending IP address, in dotted quad format.
32 exposed addresses can be created. The range for exposed address numbers are from
1 through 32.
set security state-insp xposed-addr
exposed-address# " n" protocol [ tcp | udp | both | any ]
Sets the protocol for the stateful inspection feature for the exposed address list. Accepted values for protocol are tcp, udp, both, or any.
If protocol is not any, you can set por t ranges:
277
278 set security state-insp xposed-addr
exposed-address# " n" start-port [ 1 - 65535 ] set security state-insp xposed-addr
exposed-address# " n" end-port [ 1 - 65535 ]
Packet Filtering Settings
Packet Filtering settings are suppor ted beginning with Firmware Version 7.4.
Packet Filtering has two par ts:
• Create/Edit/Delete Filter Sets, create/edit/delete rules to a Filter Set.
• Associate a created Filter Set with a WAN or LAN inter face
See
“Packet Filter” on page 154 for more information.
set security pkt-filter filterset filterset-name [ in | out ] index
forward [ on | off ]
Creates or edits a filter rule, specifying whether packets will be for warded or not.
☛
NOTE:
If this is the first rule, it will create the filter-set called filterset-name, otherwise it will edit the filterset.
If the index is not consecutive, the system will select the next consecutive index. If the index does not exist, a rule will be created. If a rule exists, the rule will be edited.
set security pkt-filter filterset filterset-name [ in | out ] index
idle-reset [ on | off ]
Turns idle reset on or off for the specified filter rule. A match on this rule resets idle-timeout status and keeps the WAN connection alive. The default is off.
CONFIG Commands
set security pkt-filter filterset filterset-name [ in | out ] index
frc-rte [ on | off ]
Turns forced routing on or off for the specified filter rule. A match on this rule will force a route for packets. The default is off.
set security pkt-filter filterset filterset-name [ in | out ] index
gateway ip_addr
Specifies the gateway IP address for forced routed packets, if forced routing is enabled.
set security pkt-filter filterset filterset-name [ in | out ] index
src-ip ip_addr
Specifies the source IP address to match packets (where the packet was sent from).
set security pkt-filter filterset filterset-name [ in | out ] index
src-mask mask
Specifies the source IP mask to match packets (where the packet was sent from).
set security pkt-filter filterset filterset-name [ in | out ] index
dest-ip ip_addr
Specifies the destination IP address to match packets (where the packet is going).
set security pkt-filter filterset filterset-name [ in | out ] index
dest-mask mask
Specifies the destination IP mask to match packets (where the packet is going).
set security pkt-filter filterset filterset-name [ in | out ] index
tos value
Specifies the TOS (Type Of Ser vice) value to match packets. The value for tos can be from
0 – 255.
279
280 set security pkt-filter filterset filterset-name [ in | out ] index
tos-mask value
Specifies the TOS (Type Of Ser vice) mask to match packets. The value for tos-mask can be from 0 – 255.
set security pkt-filter filterset filterset-name [ in | out ] index
protocol value
Specifies the protocol value to match packets, the type of higher-layer Internet protocol the packet is carr ying, such as TCP or UDP. The value for protocol can be from 0 – 255.
set security pkt-filter filterset filterset-name [ in | out ] index
src-compare [ nc | ne | lt | le | eq | gt | ge ]
Sets the source compare operator action for the specified filter rule.
Operator Action le eq ge gt nc ne lt
No compare
Not equal to
Less than
Less than or equal to
Equal to
Greater than or equal to
Greater than
set security pkt-filter filterset filterset-name [ in | out ] index
dst-compare [ nc | ne | lt | le | eq | gt | ge ]
Sets the destination compare operator action for the specified filter rule.
Operator Action nc ne lt
No compare
Not equal to
Less than
CONFIG Commands
Operator Action le eq ge gt
Less than or equal to
Equal to
Greater than or equal to
Greater than
set security pkt-filter filterset filterset-name [ in | out ] index
src-port value
Specifies the source IP por t to match packets (the por t on the sending host that originated the packet, if the underlying protocol is TCP or UDP).
set security pkt-filter filterset filterset-name [ in | out ] index
dst-port value
Specifies the destination IP por t to match packets (the por t on the receiving host that the packet is destined for, if the underlying protocol is TCP or UDP).
set security pkt-filter interface
assigned-filterset filterset-name
Associates a filterset with a LAN or WAN inter face.
Example:
set security pkt-filter ethernet A assigned-filterset set1
281
282
SNMP Settings
The Simple Network Management Protocol (SNMP) lets a network administrator monitor problems on a network by retrieving settings on remote network devices. The network administrator typically runs an SNMP management station program on a local host to obtain information from an SNMP agent such as the Netopia Gateway.
set snmp community read name
Adds the specified name to the list of communities associated with the Netopia Gateway.
By default, the Netopia Gateway is associated with the public community.
set snmp community write name
Adds the specified name to the list of communities associated with the Netopia Gateway.
set snmp community trap name
Adds the specified name to the list of communities associated with the Netopia Gateway.
set snmp trap ip-traps ip-address
Identifies the destination for SNMP trap messages. The ip-address argument is the IP address of the host acting as an SNMP console.
set snmp sysgroup contact contact_info
Identifies the system contact, such as the name, phone number, beeper number, or email address of the person responsible for the Netopia Gateway. You can enter up to 255 characters for the contact_info argument. You must put the contact_info argument in double-quotes if it contains embedded spaces.
set snmp sysgroup location location_info
Identifies the location, such as the building, floor, or room number, of the Netopia Gateway.
You can enter up to 255 characters for the location_info argument. You must put the location_info argument in double-quotes if it contains embedded spaces.
CONFIG Commands
SNMP Notify Type Settings
SNMP Notify Type is suppor ted beginning with Firmware Version 7.4.2.
set snmp notify type [ v1-trap | v2-trap | inform ]
Sets the type of SNMP notifications that the system will generate:
• v1-trap – This selection will generate notifications containing an SNMPv1 Trap Protocol
Data Unit (PDU)
• v2-trap – This selection will generate notifications containing an SNMPv2 Trap PDU
• inform – This selection will generate notifications containing an SNMPv2 InformRequest PDU.
System Settings
You can configure system settings to assign a name to your Netopia Gateway and to specify what types of messages you want the diagnostic log to record.
set system name name
Specifies the name of your Netopia Gateway. Each Netopia Gateway is assigned a name as par t of its factor y initialization. The default name for a Netopia Gateway consists of the word “Netopia-3000/XXX” where “XXX” is the serial number of the device; for example,
Netopia-3000/9437188. A system name can be 1 – 255 characters long. Once you have assigned a name to your Netopia Gateway, you can enter that name in the Address text field of your browser to open a connection to your Netopia Gateway.
☛
NOTE:
Some broadband cable-oriented Ser vice Providers use the System Name as an impor tant identification and suppor t parameter. If your Gateway is par t of this type of network, do NOT alter the System Name unless specifically instructed by your Ser vice Provider.
283
284 set system diagnostic-level
{ off | low | medium | high | alerts | failures }
Specifies the types of log messages you want the Netopia Gateway to record. All messages with a level equal to or greater than the level you specify are recorded. For example, if you specify set system diagnostic-level medium, the diagnostic log will retain medium-level informational messages, aler ts, and failure messages. Specifying off turns off logging.
Use the following guidelines:
• low - Low-level informational messages or greater; includes trivial status messages.
• medium - Medium-level informational messages or greater; includes status messages that can help monitor network traffic.
• high - High-level informational messages or greater; includes status messages that may be significant but do not constitute errors. The default.
• alerts - Warnings or greater; includes recoverable error conditions and useful operator information.
• failures - Failures; includes messages describing error conditions that may not be recoverable.
set system log-size [ 10240... 65536 ]
Specifies a size for the system log. The most recent entries are posted to the beginning of the log. When the log becomes full, the oldest entries are dropped. The default is 30000.
set system persistent-log [ off | on ]
When set to on, causes the log information to be kept in flash memory.
set system idle-timeout { telnet [ 1...120 ] | http [ 1... 120 ] }
Specifies a timeout period of inactivity for telnet or HTTP access to the Gateway, after which a user must re-login to the Gateway. Defaults are 5 minutes for HTTP and 15 minutes for telnet.
set system username { administrator name | user name }
Specifies the usernames for the administrative user – the default is admin; and a nonadministrative user – the default is user.
CONFIG Commands
set system password { admin | user }
Specifies the administrator or user password for a Netopia Gateway. When you enter the set system password command, you are prompted to enter the old password (if any) and new password. You are prompted to repeat the new password to verify that you entered it correctly the first time. To prevent anyone from obser ving the password you enter, characters in the old and new passwords are not displayed as you type them. For security, you cannot use the “step” method to set the system password.
A password can be as many as 8 characters. Passwords are case-sensitive.
Passwords go into effect immediately. You do not have to restar t the Netopia Gateway for the password to take effect. Assigning an administrator or user password to a Netopia
Gateway does not affect communications through the device.
set system heartbeat option { on | off }
protocol [ udp | tcp ]
port-client [ 1 - 65535 ]
ip-server [ ip_address | dns_name ]
port-server [ 1 - 65535 ]
url-server (" server_name")
number [ 1 – 1073741823 ]
interval (00:00:00:20)
sleep (00:00:30:00)
contact-email (" string@domain_name")
location (" string"):
The hear tbeat setting is used in conjunction with the configuration ser ver to broadcast contact and location information about your Gateway. You can specify the protocol, port, IP-,
port-, and URL-server.
• The interval setting specifies the broadcast update frequency. Part of sequence control. The inter val is the spacing between hear tbeats, in d:h:m:s.
• The contact-email setting is a quote-enclosed text string giving an email address for the Gateway’s administrator.
• The location setting is a text string allowing you to specify your geographical or other location, such as “Secaucus, NJ.”
• The number setting is part of the sequence control. This is the number of heartbeats to send, at each “inter val”, before sleeping. For example, if this is 20, in the above lay-
285
286
out, each hear tbeat sequence will send out a total 20 hear tbeats, spaced at 30 second inter vals, and then sleep for 30 minutes. So to have the Gateway send out packets
“forever”, this number can be set ver y high. If it is 1440 and the inter val is 1 minute, say, the hear tbeat will go out ever y minute for 1440 minutes, or one day, before sleeping.
• The sleep setting is part of sequence control. This is the time to sleep before starting another hear tbeat sequence, in d:h:m:s.
CONFIG Commands
set system ntp option [ off | on ]: server-address (204.152.184.72) alt-server-address (18.72.0.3): time-zone [ -12 - 12 ] update-period (60) [ 1 - 65535 ]:
daylight-savings [ off | on ]
Specifies the NTP ser ver address, time zone, and how often the Gateway should check the time from the NTP ser ver. NTP time-zone of 0 is GMT time; options are -12 through 12 (+/-
1 hour increments from GMT time). update-period specifies how often, in minutes, the
Gateway should update the clock. daylight-savings specifies whether daylight savings time is in effect; it defaults to off.
set system zerotouch option [ on | off ]
Enables or disables the Zero Touch option.
Zero Touch refers to automatic configuration of your Netopia Gateway. The Netopia Gateway has default settings such that initial connection to the Internet will succeed. If the
zerotouch option is set to on, HTTP requests to any destination IP address except the IP address(es) of the configured redirection URL(s) will access a redirection ser ver. DNS traffic will not be blocked. Other traffic from the LAN to all destinations will be dropped.
set system zerotouch redirect-url redirection-URL
Specifies the URL(s) of the desired redirection ser ver(s) when the zerotouch option is set to on. URLs may be a maximum of 192 characters long, and may be in any of the following forms: http://<domain-name OR IP address>/optionalPath:port http://<domain-name OR IP address>/optionalPath https://<domain-name OR IP address>/optionalPath:port https://<domain-name OR IP address>/optionalPath
<domain-name OR IP address>/optionalPath:port
<domain-name OR IP address>/optionalPath
If the por t number is omitted, por t 80 will be assumed. Save and Restar t are required to enforce these commands.
287
288
Syslog set system syslog option [ off | on ]
Enables or disables system syslog feature. If syslog option is on, the following commands are available:
set system syslog host-nameip [ ip_address | hostname ]
Specifies the syslog ser ver’s address either in dotted decimal format or as a DNS name up to 64 characters.
set system syslog log-facility [ local0 ... local7 ]
Sets the UNIX syslog Facility. Acceptable values are local0 through local7.
set system syslog log-violations [ off | on ]
Specifies whether violations are logged or ignored.
set system syslog log-accepted [ off | on ]
Specifies whether acceptances are logged or ignored.
set system syslog log-attempts [ off | on ]
Specifies whether connection attempts are logged or ignored.
Default syslog installation procedure
1.
Access the router via telnet from the private LAN.
DHCP ser ver is enabled on the LAN by default.
2.
The product’s stateful inspection feature must be enabled in order to examine TCP, UDP and ICMP packets destined for the router or the private hosts.
This can be done by entering the CONFIG inter face.
• Type config
• Type the command to enable stateful inspection
CONFIG Commands
3.
set security state-insp eth B option on
• Type the command to enable the router to drop fragmented packets set security state-insp eth B deny-fragments on
Enabling syslog:
• Type config
• Type the command to enable syslog set system syslog option on
• Set the IP Address of the syslog host set system syslog host-nameip <ip-addr>
(example: set system syslog host-nameip 10.3.1.1
)
• Enable/change the options you require
set system syslog log-facility local1
set system syslog log-violations on
4.
set system syslog log-accepted on
set system syslog log-attempts on
Set NTP parameters
• Type config
• Set the time-zone – Default is 0 or GMT set system ntp time-zone <zone>
(example: set system ntp time-zone –8 )
• Set NTP ser ver-address if necessar y (default is 204.152.184.72) set system ntp server-address <ip-addr>
(example: set system ntp server-address 204.152.184.73
)
• Set alternate ser ver address
set system ntp alt-server-address <ip-addr>
5.
Type the command to save the configuration
• Type
save
• Exit the configuration inter face by typing
exit
• Restar t the router by typing
restart
The router will reboot with the new configuration in effect.
289
290
Wireless Settings (supported models) set wireless option ( on | off )
Administratively enables or disables the wireless inter face.
set wireless network-id ssid { network_name }
Specifies the wireless network id for the Gateway. A unique ssid is generated for each
Gateway. You must set your wireless clients to connect to this exact id, which can be changed to any 32-character string.
set wireless auto-channel mode { off | at-startup | continuous }
Specifies the wireless AutoChannel Setting for 802.11G models. AutoChannel is a feature that allows the Netopia Gateway to determine the best channel to broadcast automatically.
For details, see
set wireless default-channel { 1...14 }
Specifies the wireless 2.4GHz sub channel on which the wireless Gateway will operate. For
US operation, this is limited to channels 1–11. Other countries var y; for example, Japan is channel 14 only. The default channel in the US is 6. Channel selection can have a significant impact on per formance, depending on other wireless activity in proximity to this AP.
Channel selection is not necessar y at the clients; clients will scan the available channels and look for APs using the same ssid as the client.
set wireless network-id closed-system { on | off }
When this setting is enabled, a client must know the ssid in order to connect or even see the wireless access point. When disabled, a client may scan for available wireless access points and will see this one. Enable this setting for greater security. The default is on.
CONFIG Commands
set wireless mode { both-b-and-g | b-only | g-only }
Beginning with Netopia Firmware Version 7.5.1. specifies the wireless operating mode for connecting wireless clients: both-b-and-g, b-only, or g-only, and locks the Gateway in that mode.
☛
NOTE:
If you choose to limit the operating mode to B or G only, clients using the mode you excluded will not be able to connect.
set wireless multi-ssid option { on | off }
Beginning with Netopia Firmware Version 7.5.1. enables or disables the multi-ssid feature which allows you to add additional network identifiers (SSIDs or Network Names) for your wireless network. When enabled, you can specify up to three additional SSIDs with separate privacy settings for each. See below.
set wireless multi-ssid {second-ssid | third-ssid | fourth-ssid } name
Specifies a descriptive name for each SSID. when multi-ssid option is set to on.
291
292 set wireless multi-ssid second-ssid-privacy { off | WEP | WPA-PSK |
WPA-802.1x } set wireless multi-ssid third-ssid-privacy { off | WEP | WPA-PSK |
WPA-802.1x } set wireless multi-ssid fourth-ssid-privacy { off | WEP | WPA-PSK |
WPA-802.1x }
Specifies the type of privacy enabled on multiple SSIDs when multi-ssid option is set to
on. off = no privacy; WEP = WEP encryption; WPA-PSK = Wireless Protected Access/Pre-
☛
NOTE:
WEP is suppor ted on only one SSID at a time, and should not be available if another SSID already has it configured.
set wireless multi-ssid second-ssid-wpa-ver { all | WPA1-only |
WPA2-only } set wireless multi-ssid third-ssid-wpa-ver { all | WPA1-only |
WPA2-only } set wireless multi-ssid fourth-ssid-wpa-ver { all | WPA1-only |
WPA2-only }
Specifies the type of WPA version enabled on multiple SSIDs when multi-ssid option is set to on and privacy is set tp WPA-PSK. See
“Wireless Privacy Settings” on page 293
for more information.
set wireless multi-ssid second-ssid-weplen [ 40/64bit | 128bit | 256bit ] set wireless multi-ssid third-ssid-weplen [ 40/64bit | 128bit | 256bit ] set wireless multi-ssid fourth-ssid-weplen [ 40/64bit | 128bit | 256bit ]
Specifies the WEP key length for the multiple SSIDs, when second-, third-, or fourth-
ssid-privacy is set to WEP. 40bit encryption is equivalent to 64bit encryption. The longer the key, the stronger the encr yption and the more difficult it is to break the encr yption.
CONFIG Commands
set wireless multi-ssid second-ssid-wepkey { hexadecimal digits } set wireless multi-ssid third-ssid-wepkey { hexadecimal digits } set wireless multi-ssid fourth-ssid-wepkey { hexadecimal digits }
Specifies a WEP key for the multiple SSIDs, when second-, third-, or fourth-ssid-privacy is set to WEP. For 40/64bit encryption, you need 10 digits; 26 digits for 128bit, and 58 digits for 256bit WEP. Valid hexadecimal characters are 0 – 9, a – f.
set wireless no-bridging [ off | on ]
When set to on, this will block wireless clients from communicating with other wireless clients on the LAN side of the Gateway.
set wireless tx-power [ full | medium | fair | low | minimal ]
Sets the wireless transmit power, scaling down the router's wireless transmit coverage by lowering its radio power output. Default is full power. Transmit power settings are useful in large venues with multiple wireless routers where you want to reuse channels. Since there are only three non-overlapping channels in the 802.11b spectrum, it helps to size the router's cell to match the location. This allows you to install a router to cover a small
“hole” without conflicting with other routers nearby.
Wireless Privacy Settings set wireless network-id privacy option { off | WEP | WPA-PSK |
WPA-802.1x }
Specifies the type of privacy enabled on the wireless LAN. off = no privacy; WEP = WEP encr yption; WPA-PSK = Wireless Protected Access/Pre-Shared Key; WPA-802.1x = Wireless
Protected Access/802.1x authentication. See
for a discussion of these options.
WPA provides Wireless Protected Access, the most secure option for your wireless network. This mechanism provides the best data protection and access control. PSK requires a Pre-Shared Key; 802.1x requires a RADIUS ser ver for authentication.
WEP is Wired Equivalent Privacy, a method of encr ypting data between the wireless Gateway and its clients. It is strongly recommended to turn this on as it is the primary way to
293
294
protect your network and data from intruders. Note that 40bit is the same as 64bit and will work with either type of wireless client. The default is off.
A single key is selected (see default-key) for encr yption of outbound/transmitted packets.
The WEP-enabled client must have the identical key, of the same length, in the identical slot (1..4) as the wireless Gateway, in order to successfully receive and decr ypt the packet. Similarly, the client also has a ‘default’ key that it uses to encr ypt its transmissions. In order for the wireless Gateway to receive the client’s data, it must likewise have the identical key, of the same length, in the same slot. For simplicity, a wireless Gateway and its clients need only enter, share, and use the first key.
set wireless network-id privacy pre-shared-key string
The Pre Shared Key is a passphrase shared between the Router and the clients and is used to generate dynamically changing keys, when WPA-PSK is selected or enabled. The passphrase can be 8 – 63 characters. It is recommended to use at least 20 characters for best security.
set wireless network-id privacy default-keyid { 1...4 }
Specifies which WEP encr yption key (of 4) the wireless Gateway will use to transmit data.
The client must have an identical matching key, in the same numeric slot, in order to successfully decode. Note that a client allows you to choose which of its keys it will use to transmit. Therefore, you must have an identical key in the same numeric slot on the Gateway.
For simplicity, it is easiest to have both the Gateway and the client transmit with the same key. The default is 1.
set wireless network-id privacy encryption-key1-length
{40/64bit, 128bit, 256bit} set wireless network-id privacy encryption-key2-length
{40/64bit, 128bit, 256bit} set wireless network-id privacy encryption-key3-length
{40/64bit, 128bit, 256bit} set wireless network-id privacy encryption-key4-length
{40/64bit, 128bit, 256bit}
Selects the length of each encr yption key. 40bit encr yption is equivalent to 64bit encr yption. The longer the key, the stronger the encr yption and the more difficult it is to break the encr yption.
CONFIG Commands
set wireless network-id privacy encryption-key1 { hexadecimal digits } set wireless network-id privacy encryption-key2 { hexadecimal digits } set wireless network-id privacy encryption-key3 { hexadecimal digits } set wireless network-id privacy encryption-key4 { hexadecimal digits }
The encr yption keys. Enter keys using hexadecimal digits. For 40/64bit encr yption, you need 10 digits; 26 digits for 128bit, and 58 digits for 256bit WEP. Valid hexadecimal characters are 0 – 9, a – f.
Example 40bit key: 02468ACE02.
Example 128bit key: 0123456789ABCDEF0123456789.
Example 256bit key:
592CA140F0A238B0C61AE162F592CA140F0A238B0C61AE162F21A09C.
You must set at least one of these keys, indicated by the default-keyid.
295
296
Wireless MAC Address Authorization Settings set wireless mac-auth option { on | off }
Enabling this feature limits the MAC addresses that are allowed to access the LAN as well as the WAN to specified MAC (hardware) addresses.
set wireless mac-auth wrlss-MAC-list mac-address
MAC-address_string
Enters a new MAC address into the MAC address authorization table. The format for an
Ethernet MAC address is six hexadecimal values between 00 and FF inclusive separated by colons or dashes (e.g., 00:00:C5:70:00:04).
set wireless mac-auth wrlss-MAC-list mac-address
“ MAC-address_string” allow-access { on | off }
Designates whether the MAC address is enabled or not for wireless network access. Disabled MAC addresses cannot be used for access until enabled.
RADIUS Server Settings set radius radius-name " server_name_string"
Specifies the default RADIUS ser ver name or IP address.
set radius radius-secret " shared_secret"
Specifies the RADIUS secret key used by this ser ver. The shared secret should have the same characteristics as a normal password.
set radius alt-radius-name " server_name_string"
Specifies an alternate RADIUS ser ver name or IP address to be used if the primar y ser ver is unreachable.
set radius alt-radius-secret " shared_secret"
Specifies the secret key used by the alternate RADIUS ser ver.
CONFIG Commands
set radius radius-port port_number
Specifies the por t on which the RADIUS ser ver is listening. The default value is 1812.
VLAN Settings
These settings are suppor ted beginning with Firmware Version 7.4.2.
You can create up to 32 VLANs, and you can also restrict any VLAN, and the computers on it, from administering the Gateway. See
“VLAN” on page 106 for more information.
set vlan name string
Sets the descriptive name for the VLAN. If no name is specified, displays a selection list of node names to select for editing.
Once a new VLAN name is specified, presents the list of VLAN characteristics to define:
• id – numerical range of possible IDs is 1 - 4095
• type [ by-port ] – currently the only selection is by-port
• admin-restricted [ off | on ] – default is off. If you select on, administrative access to the Gateway is blocked from this VLAN.
• port – VLAN’s physical port or wireless SSID.
You must save the changes, exit out of configuration mode, and restar t the Gateway for the changes to take effect.
Example:
• Navigate to the VLAN item:
Netopia-3000/9459252 (top)>> vlan
Netopia-3000/9459252 (vlan)>> set
vlan
name
(name) node list ...
Select (name) node to modify from list, or enter new (name) to create.
name (?): vlan1
(vlan1) has been added to the (name) list
"vlan1"
297
298
id (1) [ 1 - 4095 ]: 52
type (by-port) [ by-port ]:
admin-restricted (off) [ off | on ]: off
port
(port) node list ...
Select (port) node to modify from list, or enter new (port) to create.
• At this point you have created a VLAN. It is called vlan1, with vlan-id 52, without any admin restrictions.
• Next, add the por t ethernet0 port to this VLAN:
port (?): 1
(1) has been added to the (port) list
1
interface ()
[ lan-uplink | ethernet0 | vcc1 ]: ethernet0
Netopia-3000/9459252 (vlan)>>
• To make the VLAN vlan1 routable add the por t lan-uplink:
Netopia-3000/9459252 (vlan)>> name vlan1
Netopia-3000/9459252 (vlan name "vlan1")>> set
"vlan1"
id (52) [ 1 - 4095 ]:
type (by-port) [ by-port ]:
admin-restricted (off) [ off | on ]:
port
(port) node list ...
1
Select (port) node to modify from list, or enter new (port) to create.
port (?): 2
(2) has been added to the (port) list
2
interface ()
[ lan-uplink | ethernet0 | vcc1 ]: lan-uplink
Netopia-3000/9459252 (vlan name "vlan1")>>
CONFIG Commands
☛
Note:
To make a set of VLANs non-routable, the lan-uplink por t must be included in at least one VLAN and must be excluded from any VLANs that are nonroutable.
UPnP settings set upnp option [ on | off ]
PCs using UPnP can retrieve the Gateway’s WAN IP address, and automatically create NAT por t maps. This means that applications that suppor t UPnP, and are used with a UPnPenabled Netopia Gateway, will not need application layer gateway suppor t on the Netopia
Gateway to work through NAT. The default is on.
You can disable UPnP, if you are not using any UPnP devices or applications.
DSL Forum settings
TR-064 is a LAN-side DSL CPE configuration specification and TR-069 is a WAN-side DSL
CPE Management specification.
TR-064. DSL Forum LAN Side CPE Configuration (TR-064) is an extension of UPnP. It defines more ser vices to locally manage the Netopia Gateway. While UPnP allows open access to configure the Gateway's features, TR-064 requires a password to execute any command that changes the Gateway's configuration.
set dslf-lanmgmt option [ off | on ]
Turns TR-064 LAN side management ser vices on or off. The default is on.
299
300
TR-069. DSL Forum CPE WAN Management Protocol (TR-069) provides ser vices similar to
UPnP and TR-064. The communication between the Netopia Gateway and management agent in UPnP and TR-064 is strictly over the LAN, whereas the communication in TR-069 is over the WAN link for some features and over the LAN for others. TR-069 allows a remote
Auto-Config Ser ver (ACS) to provision and manage the Netopia Gateway. TR-069 protects sensitive data on the Gateway by not adver tising its presence, and by password protection.
set dslf-cpewan option [ off | on ] set dslf-cpewan acs-url " acs_url:port_number" set dslf-cpewan acs-user-name “ acs_username” set dslf-cpewan acs-user-password “ acs_password” set dslf-cpewan acs-filter1-ip filter1-ip_addr set dslf-cpewan acs-filter1-mask filter1-mask set dslf-cpewan acs-filter2-ip filter2-ip_addr set dslf-cpewan acs-filter2-mask filter2-mask set dslf-cpewan acs-filter3-ip filter3-ip_addr set dslf-cpewan acs-filter3-mask filter3-mask
Turns TR-069 WAN side management ser vices on or off. For 3300-Series Gateways, the default is off; for 2200-Series Gateways, the default is on. If TR-069 WAN side management ser vices are enabled, specifies the auto-config ser ver URL and por t number. A username and password must also be supplied, if TR-069 is enabled.
The auto-config ser ver is specified by URL and por t number. The format for the ACS URL is as follows: http:// some_url.com:port_number or http:// 123.45.678.910:port_number
CONFIG Commands
On units that suppor t SSL, the format for the ACS URL can also be: https:// some_url.com:port_number or https:// 123.45.678.910:port_number
301
302
VDSL Settings
☛
CAUTION!
These settings are for ver y advanced users and lab technicians. Exercise extreme caution when modifying any of these settings.
set vdsl sys-option [ 0x00 - 0xff ]
sys-bandplan [ 0x00 - 0xff ]
psd-mask-level [ 0x00 - 0xff ]
pbo-k1_1 [ 0x00000000 - 0xffffffff ]
pbo-k1_2 [ 0x00000000 - 0xffffffff ]
pbo-k1_3 [ 0x00000000 - 0xffffffff ]
pbo-k2_1 [ 0x00000000 - 0xffffffff ]
pbo-k2_2 [ 0x00000000 - 0xffffffff ]
pbo-k2_3 [ 0x00000000 - 0xffffffff ]
line-type [ 0x00 - 0xff ]
us-max-inter-delay [ 0x00 - 0xff ]
ds-max-inter-delay [ 0x00 - 0xff ]
us-target-noise-margin [ 0x0000 - 0xffff ]
ds-target-noise-margin [ 0x0000 - 0xffff ]
min-noise-margin [ 0x0000 - 0xffff ]
port-bandplan [ 0x00 - xff ]
framing-mode [ 0x00 - 0xff ]
band-mod [ 0x00 - 0xff ]
port-option [ 0x00 - 0xff ]
power-mode [ 0x00 - 0xff ]
tx-filter [ 0x00 - 0xff ]
rx-filter [ 0x00 - 0xff ]
dying-gasp [ off | on ]
CONFIG Commands
VDSL Parameter Defaults
Parameter sys-option 0x00
Default sys-bandplan psd-mask-level
0x02
0x00 pbo-k1_1 pbo-k1_2 pbo-k1_3 pbo-k2_1 pbo-k2_2 pbo-k2_3 line-type us-max-inter-delay ds-max-inter-delay us-target-noise-margin ds-target-noise-margin min-noise-margin port-bandplan framing-mode
0x04
0x04
0x0C
0x0C
0x0A
0x02
0x90 band-mod port-option power-mode tx-filter rx-filter dying-gasp
0x00
0x00
0x00
0x00
0x00
0x00
0x81
0x11
0x0A - Annex B
0x06 - Annex A
0x01
0x02
0x02 off
Meaning
VDSL system option(bit0=ntr, 1=margin, 2=ini,
3=pbo, 4=tlan, 5=pbo)
VDSL system bandplan(bp_3_998_4=2, bp4_997_3=3, bp5_997_3=4…)
VDSL system psd mask(def=0, 1=ansim1cab,
2=ansim2cab, 3=etsim1cab, 4=etsim2cab)
VDSL system power back-off k1_1
VDSL system power back-off k1_2
VDSL system power back-off k1_3
VDSL system power back-off k2_1
VDSL system power back-off k2_2
VDSL system power back-off k2_3
VDSL port line type(auto=0x80, vdsl=0x81, vdsl_etsi=0x82)
VDSL port upstream max inter delay
VDSL port downstream max inter delay
VDSL port upstream target noise margin
VDSL port downstream target noise margin
VDSL port minimum noise margin
VDSL port bandplan
DSL port frame mode(0-ATM; 0x80-PTM;
0x90-Auto(EFM/PTM)
VDSL port band mod
VDSL port portoption(bit0=I43, bit1=v43, bit2=a43, bit3=b43)
VDSL port power mode
VDSL port txPathFilterMode
VDSL port rxPathFilterMode
Dying Gasp On/Off
303
304
VDSL Parameters Accepted Values
Parameter Accepted Values
Bit[1]: ALW_MARGIN_ADJUST.
1: the SNR margin for the optional band is reduced by up to 2.5 dB, but never below a minimum of 4 dB.
Bit[2]: SUPPORT_INI
Bit[4]: TLAN Enable
Bit[5]: PBO Weak mode Enable (Applicable only when PBO
Bit[3]=0.
Bit[6]: ADSL_SAFE_MODE Enable
Bit[7]: TLAN_SAFE_MODE Enable (Applicable only when TLAN
Enable Bit[4] is set. If TLAN_SAFE_MODE not set, line will attempt to retrain at higher rates, but less stable line)
CONFIG Commands
VDSL Parameters Accepted Values
Parameter sys-bandplan
Accepted Values
BP1_998_3 (0x00)
BP2_998_3 (0x01)
BP998_3B_8_5M (0x01)
BP3_998_4 (0x02)
BP998_4B_12M (0x02)
BP4_997_3 (0x03)
BP997_3B_7_1M (0x03)
BP5_997_3 (0x04)
BP6_997_4 (0x05)
BP997_4B_7_1M (0x05)
BP7_MXU_3 (0x06)
FLEX_3B_8_5M (0x06)
BP8_MXU_2 (0x07)
BP9_998_2 (0x08)
BP10_998_2 (0x09)
BP998_2B_3_8M (0x09)
BP11_998_2 (0x0A)
BP12_998_2 (0x0B)
BP13_MXU_3 (0x0C)
BP14_MXU_3 (0x0D)
BP15_MXU_3 (0x0E)
BP16_997_4B_4P (0x0F)
BP17_998_138_4400 (0x10)
BP18_997_138_4400(0x11)
BP19_997_32_4400(0x12)
BP20_998_138_4400_opBand (0x15)
BP21_997_138_4400_opBand (0x16)
BP22_998_138_4400_opBand(0x16)
BP23_998_138_16000 (0x17)
BP24_998_3B_8KHZ (0x18)
BP25_998_138_17600 (0x19)
BP26_CH1_3 (0x1A)
BP27_CH1_4 (0x1B)
305
306
VDSL Parameters Accepted Values
Parameter psd-mask-level pbo-k1_1 pbo-k1_2 pbo-k1_3 pbo-k2_1 pbo-k2_2 pbo-k2_3 line-type us-max-inter-delay ds-max-inter-delay us-target-noise-margin ds-target-noise-margin min-noise-margin
Accepted Values
0x00 -- default mask (old gains from before)
0x01 -- ANSI M1 CAB
0x02 -- ANSI M2 CAB
0x03 -- ETSI M1 CAB
0x04 -- ETSI M2 CAB
0x05 -- ITU-T Annex F (Japan)
0x06 - ANSI M1 Ex
0x07 - ANSI M2 Ex
0x08 -- ETSI M1 Ex
0x09 - ETSI M2 Ex
0x0A - RESERVED
0x0B - PSD_K (Korean M1 FTTCab -59dBm/Hz)
K1 and K2 parameters allow the user more flexibility in using
Upstream Power Back-Off (UPBO) on CPE modem. Changing
K1 and K2 values will affect the CPE TX PSD. Refer to VDSL standards for exact relation between K1, K2 parameters and TX
PSD. There is an individual set of K1/K2 parameters associated with each upstream band in the PSD: Upstream Band 0 or
Optional band, Upstream band 1, Upstream band 2 and
Upstream Band 3. Setting all K2 parameters to 0 and all K1 to a high power level(ie low number) will essentially disable UPBO.
VDSL_AUTO_DETECT – (0x80)
VDSL – (0x81)
VDSL_ETSI – (0x82)
Maximum upstream interleave delay.
Provisioned in steps of 0.5 ms. User defined.
Maximum downstream interleave delay.
Provisioned in steps of 0.5 ms. User defined.
Range 0-31.0dB, increments of 0.5dB (e.g., 0 =
0dB, 1 = 0.5dB, ...)
Range 0-31.0dB, increments of 0.5dB (e.g., 0 =
0dB, 1 = 0.5dB, ...)
Range 0-31.0dB, increments of 0.5dB (e.g., 0 =
0dB, 1 = 0.5dB, ...)
CONFIG Commands
VDSL Parameters Accepted Values
Parameter port-bandplan
Accepted Values
BP1_998_3 (0x00)
BP2_998_3 (0x01)
BP998_3B_8_5M (0x01)
BP3_998_4 (0x02)
BP998_4B_12M (0x02)
BP4_997_3 (0x03)
BP997_3B_7_1M (0x03)
BP5_997_3 (0x04)
BP6_997_4 (0x05)
BP997_4B_7_1M (0x05)
BP7_MXU_3 (0x06)
FLEX_3B_8_5M (0x06)
BP8_MXU_2 (0x07)
BP9_998_2 (0x08)
BP10_998_2 (0x09)
BP998_2B_3_8M (0x09)
BP11_998_2 (0x0A)
BP12_998_2 (0x0B)
BP13_MXU_3 (0x0C)
BP14_MXU_3 (0x0D)
BP15_MXU_3 (0x0E)
BP16_997_4B_4P (0x0F)
BP17_998_138_4400 (0x10)
BP18_997_138_4400(0x11)
BP19_997_32_4400(0x12)
BP20_998_138_4400_opBand (0x15)
BP21_997_138_4400_opBand (0x16)
BP22_998_138_4400_opBand(0x16)
BP23_998_138_16000 (0x17)
BP24_998_3B_8KHZ (0x18)
BP25_998_138_17600 (0x19)
BP26_CH1_3 (0x1A)
BP27_CH1_4 (0x1B)
307
308
VDSL Parameters Accepted Values
Parameter framing-mode band-mod port-option power-mode tx-filter
Accepted Values
HDLC – 0x80
AUTO – 0x90
ATM – 0x00
Bit 0, 1: Tx Cfg band
1- All tones on
2- All tones below 640 Khz are turned off
3- All tones below 1.1 Mhz are turned off
Bit 2,3: Not used
Bit 4,5: Rx Cfg band
1- All tones on
2- All tones below 640 Khz are turned off
3- All tones below 1.1 Mhz are turned off
Bit 6, 7:Optional band
0- No Optional band
1- ANNEX_A_6_32 ( ie. 25KHz to 138 KHz)
2- ANNEX_B_32_64 (ie. 138 KHz to 276 KHz)
3- ANNEX_B_6_64 (ie. 25KHz to 276 KHz)
Bit [0]: I 43 G.hs carrier set.
Bit [1]: V 43 G.hs carrier set.
Bit [2]. A 43 G.hs carrier set.
Bit [3]: B 43 G.hs carrier set.
Bit[4:7]: shall be set to 0.
0: 8.5dBm power output
1: 11.5 dBm power output
0: using internal filter in Tx path
1: using K1 external filter in Tx path
(for Korea VLR Application)
2: using U1 external filter in Tx path
(for US / Korea VLR Application)
3: using H1 external filter in Tx path
(for 100/100 Application)
CONFIG Commands
VDSL Parameters Accepted Values
Parameter rx-filter dying-gasp
Accepted Values
0: using internal filter in Rx path
1: using K1 external filter in Rx path
(for Korea VLR Application)
2: using U1 external filter in Rx path
(for US / Korea VLR Application)
3: using H1 external filter in Rx path
(for 100/100 Application)
Dying Gasp is a message sent from CPE to CO using the indicator bit. It indicates that the CPE is experiencing an impending loss of power.
Off: Dying Gasp off (don't send a message to CO).
On: Dying Gasp on.
309
310
advertisement
Related manuals
advertisement
Table of contents
- 2 Copyright
- 3 Table of Contents
- 13 CHAPTER 1 Introduction
- 13 What’s New in 7.6
- 14 About Netopia Documentation
- 14 Intended Audience
- 15 Documentation Conventions
- 15 General
- 15 Internal Web Interface
- 15 Command Line Interface
- 17 Organization
- 17 A Word About Example Screens
- 19 CHAPTER 2 Basic Mode Setup
- 20 Important Safety Instructions
- 20 POWER SUPPLY INSTALLATION
- 20 TELECOMMUNICATION INSTALLATION
- 21 Wichtige Sicherheitshinweise
- 21 NETZTEIL INSTALLIEREN
- 21 INSTALLATION DER TELEKOMMUNIKATION
- 22 Setting up the Netopia Gateway
- 26 Configuring the Netopia Gateway
- 27 MiAVo VDSL and Ethernet WAN models Quickstart
- 28 PPPoE Quickstart
- 30 Netopia Gateway Status Indicator Lights
- 31 Home Page - Basic Mode
- 33 Link: Manage My Account
- 34 Link: Status Details
- 35 Link: Enable Remote Management
- 36 Link: Expert Mode
- 37 Link: Update Firmware
- 38 Link: Factory Reset
- 39 CHAPTER 3 Expert Mode
- 39 Accessing the Expert Web Interface
- 39 Open the Web Connection
- 41 Home Page - Expert Mode
- 42 Home Page - Information
- 44 Toolbar
- 44 Navigating the Web Interface
- 44 Link: Breadcrumb Trail
- 45 Restart
- 45 Button: Restart
- 46 Link: Alert Symbol
- 47 Help
- 47 Button: Help
- 48 Configure
- 48 Button: Configure
- 48 Link: Quickstart
- 50 Link: LAN
- 53 Wireless
- 54 Privacy
- 57 Advanced
- 62 Multiple SSIDs
- 63 Wireless MAC Authorization
- 68 Link: WAN
- 72 Link: Advanced
- 73 Link: IP Static Routes
- 75 Link: IP Static ARP
- 75 Link: Pinholes
- 82 Link: IPMaps
- 83 Configure the IPMaps Feature
- 85 Link: Default Server
- 89 Link: Differentiated Services
- 92 Link: DNS
- 92 Link: DHCP Server
- 94 Link: RADIUS Server
- 95 Link: SNMP
- 97 Link: IGMP (Internet Group Management Protocol)
- 100 Link: UPnP
- 101 Link: LAN Management
- 102 Link: Advanced -> Ethernet Bridge
- 103 Configuring for Bridge Mode
- 106 Link: VLAN
- 111 Link: System
- 111 Link: Syslog Parameters
- 113 Log Event Messages
- 116 Link: Internal Servers
- 116 Link: Software Hosting
- 119 Rename a User(PC)
- 120 Link: Clear Options
- 121 Link: Time Zone
- 122 Security
- 122 Button: Security
- 123 Link: Passwords
- 125 Link: Firewall
- 130 Link: IPSec
- 131 SafeHarbour IPSec VPN
- 140 Link: Stateful Inspection
- 140 Stateful Inspection Firewall installation procedure
- 141 Exposed Addresses
- 144 Stateful Inspection Options
- 145 Open Ports in Default Stateful Inspection Installation
- 146 Firewall Tutorial
- 146 General firewall terms
- 146 Basic IP packet components
- 147 Basic protocol types
- 148 Firewall design rules
- 151 Filter basics
- 152 Example filters
- 154 Link: Packet Filter
- 155 What’s a filter and what’s a filter set?
- 155 How filter sets work
- 156 How individual filters work
- 163 Design guidelines
- 164 Working with IP Filters and Filter Sets
- 164 Adding a filter set
- 165 Adding filters to a filter set
- 170 Deleting a filter set
- 171 Associating a Filter Set with an Interface
- 173 Policy-based Routing using Filtersets
- 173 TOS field matching
- 176 Link: Security Log
- 179 Install
- 179 Button: Install
- 180 Link: Install Software
- 181 Step 1: Required Files
- 181 Step 2: Netopia firmware Image File
- 184 Link: Install Keys
- 184 Use Netopia Software Feature Keys
- 188 Link: Install Certificate
- 191 CHAPTER 4 Basic Troubleshooting
- 192 Status Indicator Lights
- 201 LED Function Summary Matrix
- 203 Factory Reset Switch
- 205 CHAPTER 5 Advanced Troubleshooting
- 206 Home Page
- 208 Button: Troubleshoot
- 208 Expert Mode
- 209 Link: System Status
- 210 Link: Ports: Ethernet
- 211 Link: Ports: DSL
- 212 Link: IP: Interfaces
- 213 Link: DSL: Circuit Configuration
- 214 Link: System Log: Entire
- 215 Link: Diagnostics
- 216 Link: Network Tools
- 221 CHAPTER 6 Command Line Interface
- 222 Overview
- 224 Starting and Ending a CLI Session
- 224 Logging In
- 224 Ending a CLI Session
- 225 Saving Settings
- 225 Using the CLI Help Facility
- 225 About SHELL Commands
- 225 SHELL Prompt
- 225 SHELL Command Shortcuts
- 226 SHELL Commands
- 226 Common Commands
- 236 WAN Commands
- 237 About CONFIG Commands
- 237 CONFIG Mode Prompt
- 237 Navigating the CONFIG Hierarchy
- 239 Entering Commands in CONFIG Mode
- 240 Guidelines: CONFIG Commands
- 240 Displaying Current Gateway Settings
- 240 Step Mode: A CLI Configuration Technique
- 241 Validating Your Configuration
- 242 CONFIG Commands
- 242 DSL Commands
- 244 Bridging Settings
- 245 DHCP Settings
- 247 DMT Settings
- 248 Domain Name System Settings
- 249 IGMP Settings
- 250 IP Settings
- 262 IPMaps Settings
- 262 Network Address Translation (NAT) Default Settings
- 263 Network Address Translation (NAT) Pinhole Settings
- 264 PPPoE /PPPoA Settings
- 267 Ethernet Port Settings
- 267 Command Line Interface Preference Settings
- 269 Port Renumbering Settings
- 270 Security Settings
- 282 SNMP Settings
- 283 System Settings
- 288 Syslog
- 290 Wireless Settings (supported models)
- 302 VDSL Settings
- 311 CHAPTER 7 Glossary
- 327 CHAPTER 8 Technical Specifications and Safety Information
- 327 Description
- 327 Power requirements
- 327 Environment
- 328 Software and protocols
- 329 Agency approvals
- 329 Regulatory notices
- 330 Manufacturer’s Declaration of Conformance
- 332 Important Safety Instructions
- 333 47 CFR Part 68 Information
- 333 FCC Requirements
- 333 FCC Statements
- 334 Electrical Safety Advisory
- 335 CHAPTER 9 Overview of Major Capabilities
- 336 Wide Area Network Termination
- 336 PPPoE/PPPoA (Point-to-Point Protocol over Ethernet/ATM)
- 336 Instant-On PPP
- 337 Simplified Local Area Network Setup
- 337 DHCP (Dynamic Host Configuration Protocol) Server
- 337 DNS Proxy
- 338 Management
- 338 Embedded Web Server
- 339 Security
- 339 Remote Access Control
- 345 Index