How it Works
3COM
Loading...
8.1.2
User Manual
144 pgs827.13 Kb0
User Manual
64 pgs490.34 Kb0
User Manual
170 pgs1.89 Mb0

3COM 812 User Manual

Download
OfficeConnectTM Remote 812
®
ADSL Router CLI User’s Guide
Release 1.0
http://www.3com.com/
3Com Corporation 5400 Bayfront Plaza Santa Clara, California 95052-8145
Copyright © 2000 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the ri ght to revise this documen tation and to make changes in content fr om time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Cor poration provides this documentation without wa rranty of any kind, either implied or expressed, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. 3Com may ma ke improvements or c hanges i n the product(s) an d/or the program(s) described in this documentation at any time.
UNITED STATES GOVERNMENT LEGENDS:
If you are a United States government agency, then this docu mentation and the software descr ibed herein are provided to you subject to the following:
United States Government Legend: All technical data and computer software is commercial in nature and develop ed sol el y at pr i vate exp ense . Soft wa re i s de li ver ed as C ommer c ia l Com pute r Sof tw ar e a s def ine d in DF ARS 252. 227-7014 (June 1995) or as a c ommercial item as defined in FA R2.101(a) and as such is prov ided with only such rights as are prov ided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR
52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend pro vid ed on any lic ens ed progr am or do cum ent a tio n con tai ned in, or del i ver ed to yo u in conj un cti on with this User’s Guide.
Unless o therwise indicated, 3Com regis tered trademarks are registered in th e United States and may or may not be registered in other countries.
3Com, the 3Com logo, and OfficeConnect are registered trademarks of 3Com Corporation. OfficeConnect Remote 812 is a trademark of 3Com Corporation. 3ComF a c ts is a se rvice ma rk of 3Com Corpora tion.
Artisoft and LANtastic are registered trademarks of Artisoft, Inc. Banyan and VINES are registered trademarks of Banyan Systems Incorporated. CompuServe is a registe red trademark of CompuServe, Inc. DEC and PATHWORKS are registered trademarks of Digital Equip ment Corporation. Intel and Pentium are registered trademarks of Intel Corporation. AIX, AT, IBM, NetView, and OS/2 are registered trademarks and Warp is a trademark of International Business Machines Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Nove ll, Inc. PictureTel is a regist ered trademark of Pi ctureTel Corpor ation. UNIX is a registere d trademark of X/Ope n Company, Ltd. in the United States and oth er countri es.
Other brand and product names may be registered trademarks or trademarks of their respective holders.
CONTENTS
1 ACCESSING THE CONFIGURATION INTERFACE
Establishing Communications with the OfficeConnect Remote 812 1
Local Connecti on 1
IBM-PC Compatible Computers 1 Macintosh Computers 1 UNIX-Based Computers 2
Remote Connection 2
2 CLI COMMAND CONVENTIONS AND TERMINOLOGY
Command Structure 1
Format 1
Parameters 1 Values 1 Names or Strings 2
Network Address Formats 2 Abbrevia tion and Command Completion 2 Control Characters 2 Help 2 Conventions 3 Conventions 3 Command Language Terminology 3
3 CONFIGURATION METHO DS
Quick Setup Instructions 1 QuickVC Setup Instructions 1 Manual Setup Instructions 2
4 QUICK SETUP
CLI Quick Setup Script 1
Introduction 1
Instructions 1 Setup Script 1
Password Pr otection 2 Which portions of the network do you want to configure? 2 Quick Setup Identification information 2 Quick Setup Management Information 2 TELNET information 3 Quick Setup IP information 3 Quick Set up IP X inf or mation 4 Quick Setup Bridge Information 5 Sample Identification Information 5
5 QUICK VC SETUP
CLI QuickVC Setup Script 1
Introduction 1 Instructions 1 Starting QuickVC Setup 1 A TM Parameters 1 Network Service 2 PPP Parameters 2 IP Configurat ion (Netwo rk Service PPP) 2 IP Configuration (Network Service RFC1483) 3 IPX Routing (Network Service PPP) 4 IPX Routing (Network Service RFC 1483) 4 Bridging 4 Review 4 Sample Identification Information 4
5 5 5 5
Sample Output Display as Quick Setup Executes 5
6 MANUAL SETUP
Configuration Overview 1 Remote Site Management 2
Managing a Remote Site 2
Configuring Network Service Information 3 Configuring ATM Information 3
IP Routing 4
Enabling IP Routing 5
show ip settings 6
show ip routing settings 6 Configuring an IP Network over the LAN 6 Configuring IP RIP on the LAN 6 Configuring IP for the Remote Site Connection 7 Configuring IP RIP for a Remote Site 8 Configuring Static and Framed IP Routes 8 IP Tools 9
Address Translation 9
Network Address Translatio n (NAT) 9 Configuring NAT 10 Monitoring NAT 11
DHCP 11
Configuring the DHCP Mode 11 Configuring the DHCP Server 11 Monitoring the DHCP Server 12 Configuring the DHCP Relay 13 Monitoring the DHCP Relay 13
DNS 13
Configuring DNS 14 DNS Host Entries 14 Managing the DNS Proxy 14
IPX Routing 15
Enabling IPX Routing 15 Configuring IPX for the LAN 15 Configuring IPX for Remote Site Connections 16 Configuring IPX Static and Framed Routes 16 Configuring IPX Static and Framed Services 17 Configuring IPX RIP and SAP 18
Bridging 19
Configuring Bridging for the LAN 20 Configuring Bridging for the Remote Site Connections 20 Bridging IP Traf fi c 20 Advanced Bridging Options 20
MAC-Encapsulated Routing 21
Configuring MAC-Encapsulated Routing 21 Simultaneous Bridging and Routing 22 System Administr ation 23
Setting Date and Time 23
Setting System Identification 23
Configuring Web Browser and TELNET Login Access 24
Providing TFTP Access 24
Setting Password Protection 25 Introduction 25 Filtering Overview 26 OfficeConnect Remote 812 Filtering Capabilities 26
Filter Classes 26
Filter Types 27
Data Filters 27
Advertisement Filters 27
Gener ic Fi lt e rs 28 Creating Fil ters Overv ie w 28 Creating Filters Using Command Line Interface 28
Filter File Components in CLI 28
Protocol Sections 29
Protocol Rules 29 Generic Filter Rule 31 Applying the Rules Using CLI 31
IP Source and Destination Network Filtering Using CLI 31
IP Source and Destination Port Filtering Using CLI 32
IP Protocol Filtering Using CLI 32
IP RIP Packet Filteri n g Usi ng CLI 32
IPX Source and Destination Network Filtering Using CLI 33
IPX Source and Destination Host Filtering Using CLI 33
IPX Source and Destination Socket Number Filtering Using CLI 33
IPX RIP Packet Filtering Using CLI 33
IPX SAP Packet Filtering Using CLI 34
Bridge / Generic Filtering Using CLI 34 Step by Step Guide to Creatin g Fi lter Files Using CLI 34
Assigning Filters 36
Interface Filters 36 Input Filter 36
Output Filters 36 Input Filters vs. Output Filters 36 VC/Remote Site Filters 36
Applying Filters Using CLI 36
Applying a Filter to an Interface Using CLI 37 Configuring a Filter for a VC/Remote Site Using CLI 37 Setting Fi lter Access Usin g CL I 37
Managing Filters Using CLI 38
Displaying the Managed Filter List Using CLI 38 Adding Filters to the Managed List Using CLI 38
Removing a Filter from an Interface Using CLI 38
38 Removing a Filter from a VC/Remote Site Profile Using CLI 38 Deleting a Packet Filter Using CLI 39 Verifying Filter File Syntax Using CLI 39 Showing Filter File Contents Using CLI 39
A OFFICECONNECT REMOTE 812 SAMPLE
CONFIGURATION
Global Configuration A-2 LAN IP Network Configuration A-2 DHCP and DNS Configuration A-2 LAN IPX Network Confi g u r ation A-3 Bridge Configuration A-3 Remote Site: Internet A-3 Remote Site: Corporate Access A-4
B CLI COMMAND DESCRIPTION
CLI Commands B-1
ADD B-1 add bridge network <network_name> B-1 add dns host <host_name> address <IP_address> B-1 add dns server <domain_name> B-1 add filter <filter_nam e> B-2 add framed_route vc <name> B-2 add ip defaultroute gateway <IP_address> B-2 add ip network <network_name> B-3
add ip route <ip_net_address> B-3 add ipx network <network_name> B-3 add ipx route <ipx_net_address> B-4 add ipx service [service_ na me] B-4 add ipx_rout e vc <name> B-5 add ipx_service vc <name> B-5 add nat tcp vc <user_name> B-7 add nat udp vc <vc_name> B-7 add network service <service_name> Status B-7
Add network service example: B-8 add snmp community <community_name> B-8 add snmp trap_community <name> B-8 add syslog <ip_name_or_addr> loglevel [loglevel] B-9 add tftp client <ip_name_or_addr> B-9 add user [name] password [password] B-9 add vc [name] B-9 ARP B-10 arp <ip_name _or_addr> B-10 DELETE B-10 delete bridge network <network_name> B-10 delete configuration B-10 delete dns host <host_name> B-10 delete dns server <domain_name> B-10 delete filter <filter_name> B-10 delete file <file_name> B-10 delete framed route vc B-10 delete ip network <network_name> B-10 delete ip route <IP_address> B-10 delete ipx network <name> B-10 delete ipx route <ipx_net_address> B-11 delete ipx service <serv ice_n am e> B-11 delete nat tcp vc <vc_name> B-11 delete nat udp vc <vc_name> B-11 delete network service <servic e_n ame> B-11 delete snmp community <name> B-11 delete snmp trap_community <name> B-11 delete syslog <ip_name_or_address> B-11 delete tftp client <ip_name_or_address> B-11
delete user <name> B-11 delete vc <name> B-11 DIAL B-12 dial <vc_name> B-12 DISABLE B-12 disable bridge network <name> B-12 disable bridge spanning_tree B-12 disable icmp B -12 disable interface <interface_name> B-12 disable ip forwarding B-12 disable ip network <network_name> B-12 disable ip rip B-12 disable ip routing B-12 disable ip static_remote_routes B-12 disable ipx network <network_name> B-12 disable link_traps interface <interface_name> B-12 disable network service <service_name> B-13 disable security_option snmp user_access B-13 disable security_option remote_user administration B-13 disable snmp authentication traps B-13 disable telnet escape B-13 disable user <user_name> B-13 disable vc <user_name> B-13 DO B-13 do <command_inputfile> output [outputfile] B-13 ENABLE B-13 enable bridge network <network_name > B-13 enable bridge spanning_tree B-13 enable interface <interfac e_n am e> B-14 enable ip forwarding B-14 enable ip network <network_name> B-14 enable ip rip B-14 enable ip routing B-14 enable ipx network <network_name> B-14 enable link_traps int erfac e <interface_name> B-14 enable network service <service _name> B-14 enable security_option remote_user administration B-14 enable security_optio n snmp user _acc es s B-14
enable snmp authentication tr aps B-14 enable telnet escape B-14 enable user <user name> B-15 enable vc <vc name> B-15 exit CLI B-15 HANGUP B-15 hangup interface <interface_name> B-15 hangup vc <vc_name> B-15 HELP B-15 help <command> B-15 HISTORY B-15 history B-15 KILL B-15 kill <“process n a me ”> B-15 LIST B-16 list active interfaces B-16 list bridge forwarding B-16 list call events B - 16 list call log B-16 list critical events B-16 list dns hosts B-16 list dns servers B-16 list facilities B-17 list filters B-17 list files B-17 list interfaces B-17 list ip addresses B-17 list ip arp B-17 list ip interf a ce _ blo c k B-17 list ip networks B-18 list ip routes B-18 list ipx networks B-18 list ipx routes B-18 list ipx services B -1 8 list lan interfaces B-19 list networks B-19 list processes B-19 list ppp B-19
list services B-19 list snmp communities or list snmp trap_communities B-20 list syslog B-20 list tcp connections B-20 list tftp clients B-20 list udp listeners B-20 list users B-20 list vc B-20 login_required B-21 password B-21 P AUSED COMMANDS B-21 PING B-21 ping <ip_name_or_addr> B-21 QUICKVC B-21 REBOOT B-21 RENAME B-21 rename file <input_file> <output_file> B-21 RESOLVE B-22 resolve name <IP_host_name> B-22 SAVE B-22 save all B- 22 SET B-22 set adsl reset B-22 set adsl wire [pair] B-22 set bridge B-22 set bridge firewall [firewall_mode] B-22 set command B-22 set date <date> B-23 set dhcp mode <mode> B-23 set dhcp relay server1 B-23 set dhcp relay server2 B-23 set dhcp server B-24 set dns B-24 set facility <facili ty_name> loglevel [level] B-25 set ilmi vpi <number> vci <number> B-25 set interface <interface_name> B-25 set ip network <name> B-26 set ip routing B-27
set ipx network <network_name> B-28 set ipx system B-29 set network service <admin_name> B-29 set ppp receiv e_au t h ent ication [NONE | PAP | CHAP | EITHER] B-30 set ppp echo_retries <number> B-30 set snmp community <community_name> B-30 set system B-30 set syslog <IP_address> loglevel [level ] B-31 set time <time> B-31 set user <user_name> B-31 set vc <vc_ n a me> B-31 set vc <vc_name> atm B-34 SHOW B-34 show atm status B-35 show adsl statistics B-35 show adsl performance B-35 show adsl transceiver_status B-35 show adsl version B-36 show bridge network <name> B-36 show bridge settings B-36 show call_log B-36 show command B-37 show configuration B-37 show critical_event settings B-37 show date B-37 show dhcp relay B-37 show dhcp server counters B-38 show dhcp server settings B-38 show dns counters B-39
SPECIFIC ERROR COUNTE R S B-39 show dns settings B-39 show filter <filter_name> B-39 show icmp counters B-40
ICMP COUNTERS B-40 show interface <interface_name> counters B-41
INPUT COUNTERS B-41
OUTPUT COUNTERS B-41
show interface <interface_name> settings B-41 show ip counters B-41
INPUT COUNTERS B-41
OUTPUT COUNTERS B-42 show ip settings B-42 show ip network <network_name> settings B-42 show ipx counters B-43
INPUT COUNTERS B-43
OUTPUT COUNTERS B-43 show ipx network <network_name> counters B-43 show ipx network <network_name> settings B-44 show ipx rip B-44 show ipx sap B-45 show ipx settings B-45 show memory B-45 show network <name> settings B -45 show network <name> counters B-45 show ppp on vc <vc_name> counters B-45 show ppp on vc <vc_name> settings B-45 show ppp on interface <name> counters B-46
COUNTERS for PPP BUNDLE 1 B-46
COUNTERS for PPP LINK 1 - 5 B-46 show ppp on interface <name> settings B-46
SETTINGS for PPP BUNDLE 1 B-46
SETTINGS for PPP BUNDLE 1 COMPRESSION
Operational Status - Opened or Not Opened B-47
SETTINGS for PPP LINK 1 - 5 B-47
SETTINGS for PPP LINK 1 - 5 AUTHENTICATION B-48 show ppp settings B-48 show security_option settings B-48 show snmp counters B-48
INPUT COUNTERS B-48
OUTPUT COUNTERS B-49 show snmp settings B-49
show system B-49 show telnet B-50 show tcp counters B-50
TCP COUNTERS B-50
show tcp settings B-50
TCP SETTINGS B-50
show udp B-50
INPUT COUNTERS B-50
OUTPUT COUNTERS B-50 show user <name> settings B-5 1 show vc <vc_name> settings B-51 TELNET B-51 tel net <ip_name_ or_addr> B-51 telnet <ip_name_or_addr> TCP_port <number> B-51 VERIFY B-51 verify filter <filter_name> B-51
TELNET Commands B-51
close B-51 help B-51 send <string> B-51 set_escape <string> B-52 status B-52
CLI Exit Co mm a n ds B-5 2
Bye, Exit, Leave, Quit B-52 Logout B-52
Command Features B-52
Command Retrieval B-52 Positional Help B-52 Command Completion B-52 Output Pause B-53 Command Kill B-53 Comments B-53
3COM CORPORATION LIMITED WARRANTY
FCC CLASS A VERIFICATION STATEMENT
FCC CLASS B STATEMENT
FCC DECLARATION OF CONFORMITY
ACCESSING THE CONFIGURATION
1
INTERFACE
This chapter explains how to attach to the configuration interface locally via the console port or remotely via a Telnet session. This chapter also int roduces you to the capabilities and conventions associated with management of your OfficeConnect Remote 812.
Establishing Communications with the OfficeConnect Remote 812
Local Connection If you want to attach locally to the OfficeConnect Remote 812 via the console
(serial) port, you will need to connect the supplied serial cable to the Console Port located on th e un it and the Ser ial Po rt on yo ur c omputer. In addition, you wi ll a l so need a terminal emulation program appropriate for your computer. See the following subsections for various emulation options.
No matter which emulator you use, configure your settings to:
9600 baud
8 data bits
no parity
1 stop bit
direct connect
IBM-PC Compatible Computers
Windows Terminal (included with Microsoft Windows) and ProComm Plus are popular communications packages which support VT100 terminal emulation for IBM-PC compatible computers. Hyp erTerm, bundled with Windows 95, also provides terminal emulation.
Macintosh Computers
ProComm, M icroPhone, White Knight, Kermit, Red Ryder, VersaTerm and ZTerm (a shareware application available on the Internet and many online services) are popular communications programs which carry vt100 terminal emulation service for Macintosh computers. If you don’t have a communications package or your program doesn’t support vt100 emulation, ZTerm will function just as well.
1-2 CHAPTER 1: ACCESSING THE CONFIGURATION INTERFACE
UNIX-Based Computers
Kermit, minicom and tip are typical terminal emulation programs for UNIX-based computers. Depending on the pla tform you’re using, you may need to modify a configuration file for vt100 settings.
Remote Connection If you want to attach to the OfficeConnect Remote 812 via the LA N or WAN
interface of the unit, you will need to establish a Telnet connection to the unit.
The OfficeConnect Remote 812 must have an IP address and an administrative login profile (username and password) in order to connect to it with Telnet. The IP address and administrati ve lo gin profile are au tom aticall y cr eated when the u nit is initially configured using the IP Wizard or in DHCP Smar t Mode. The default username is 'r oot' and the def au lt pas swo rd is '! root '. R efe r to th e Of fic eCon ne ct Remote 812 ADSL Router Install Guide for information on the IP Wizard or DHCP Smart Mode initialization. Alternatively, the IP address and administrative login profile can be created with CLI using the QuickSetup program or using individual commands.
From W indows 95, you can go to the DOS Window and run:
telnet <ip_address>
This will bring up the login prompt for the unit. Once you have successfully logged in, the Command Line Interface presentation is the same as if you were locally attached.
When you want to terminate your Telnet session, type quit at the CLI prompt.
Ch
CLI COMMAND CONVENTIONS AND
2
Command Structure
TERMINOLOGY
This chapter describes the command syntax, conventions and terminology used within the Command Line Interface. Reviewing and understanding this chapter is essential for you to understand subsequent chapters.
Format Commands can be followed by values and/or parameters and values. For example:
add ip network <network_name>
address [ip_addr] { interface [eth:1 ] }
add ip network is the command
<network_name> is the (required) value for the command
address is a required parameter
[ip_addr] is the value for the IP address parameter which you must provide
interface is only required if you want to override the default value, which is eth:1
Parameters
are order independent
{ } parameters enclosed by curly braces are required, and are provided with default values. You do not need to specify these param eter s unless you wish to override t he default.
Values
< > required values for a command or parameter are enclosed by arrows.
[ ] range of values following parameters are enclosed in brackets. Inside the brackets, if you see a:
| (vertical bar) you may select only one of the displayed choices: [FIRST | SECOND | THIRD]
, (comma) you can select one or more of the displayed choices: [FIRST,SECOND,THIRD,...]
The type of value you enter must match the type requested. Numbers are either decimal or hexadecimal. Text can be either a string that you create, or it
2-2 CHAPTER 2: CLI COMMAND CONVENTIONS AND TERMINOLOGY
may be a list of options you must choose from. When choosing an option, type the text of the option exactly.
Names or Strings
Double quotation marks set off user-defin ed st rin gs. If yo u want wh it e spac e or special characters in a string, it must be enclosed by double quotation marks”.
Network Address Formats
Many commands require a network address, to define a link to a remote host, workstation or netwo rk. Net work ad dr esses ar e sho wn in th is d ocument using t he syntax described in the following table:
Address Type Format Range
IP_address a.b.c.d 0.0.0.0 to 255.255.255.255
ip_net_address a.b.c.d/mask 255.255.255.255/A,B,C,H mac_address xx:xx:xx:xx:xx:xx hexadecimal digit pairs
(decimal)
Abbreviation and
Command
Completion
Control Characters
Commands ca n be abbreviated if arguments you write are unique. For example, you can type se vc jay pa bird, short for: set vc jay password bird is acceptable, but se vc jay i 222.111.111.111 isnt unique because i can stan d for ip , ip_rou ting , or ip_source_validation.
As a convention, some commands illustrated in this manual are abbreviated and annotated as such (abbr.) for brevity. Also, some parameters are omitted in examples because they default to standard values and do not require entry, or are unnecessary for common configuration. See the CLI Reference section for more details.
Command completion finishes spelling a unique, abbreviated parameter for you just by pressing the key. It’s handy when youre in a hurry or uncertain about a command. For example, if you type add ip n[ESC], it will spell out the keyword network without losing your place in the command syntax.
Commands ca n be retrieved by typing <ctrl>p [^p] (for previous) and <ctrl>n [^n] (for next). Command retrieval consults the history of previous f ully enter e d commands, defaulting at the last ten commands. If an error occurs while a command is processing, any partial command (up to and including the field in error) is added to the history list.
The current command can be killed by pressing <ctrl>c [^ c].
A partially completed command line can be reprinted - a useful function if, due to interrupted output, youre unsure wh at OfficeConnect Remote 812 has
seen up to now - by pressing <ctrl>l [^ l] (for last).
Help
Help is general or positional. Type help <any command> to get a cursory list of associated commands and its syntax. Type <any command> ? to get more extensive, positional help for a particu lar field. Help is most useful during configuration: query the list of possible parameters by typing ? and, when you find the value you need, type it without losing your place in the argument. Just be sure to leave a space between the keyword and the question mark.
Conventions
Command Structure 2-3
Conventions
Command Language
Terminology
Most commands are not cas e sens iti ve. As a rule, onl y <name> and [password] values require typing the correct case.
Configuration changes occur immediately but are l os t on r ebo ot un les s y ou save them. The save all command places configuration changes in FLASH
ROM (permanent memory) . Th e change s ar e l ost if not sa ved to FLASH ROM or if power is lost before you can save them.
Commands to delete a network user, interface, route, TCP connection, community name, network service and others cannot take place unless the process or function has first been disabled.
Wherever an IP a ddr e ss value is required, you can en t er a host name prov ide d you have configured a DNS server or put the name and address into the DNS Local Host table.
The CLI command language creates, manages, displays and removes system entities. These entities describe system and network connections and processes. Most of the managed entities in the system are slotted in tables. Some common examples are:
Network - defines local and remote networks, network connections, hosts and routers
VC - A table of parameters that describes connection parameters associated with a remote site. These parameters are used when establishing a network connection over the WAN.
User - A table of parameters that describes connec tion parameters associated with Telnet users that wish to attach and remotely manage the unit.
Filter - can be applied to interfaces, connections, and users to control access through the system
Interface - describes phy sical device s; for exampl e, ports
Syslog Host - receives system messages
DNS Server - translates IP addresses to and from host names
Route - describes a path through the network to anothe r system or network
Table entries are created with an add command, and removed with a delete command. The add command specifies the most important parameters of the entry. Ad diti onal p ar ameter s ar e u sual ly s peci fie d with the set command, which is also used to change configured parameters.
The list command displays table entries. For example, list users displays all defined administrative login profiles.
The show command displays detai led info rmati on ab out a s peci fic ta ble en try. For example, show user root displays detailed information for the administrative login profile root.
2-4 CHAPTER 2: CLI COMMAND CONVENTIONS AND TERMINOLOGY
3
CONFIGURATION METHODS
OfficeConnect Remote 812 CLI offers three setup choices, all of whic h are described in this section: the automated, Quick Setup method, the QuickVC Setup method, and the manual method. Review the capabilities of each below and decide which configuration method best suits your needs, then proceed to the appropriate chapter for detailed configuration guidelines for each method.
Quick Setup Instructions
QuickVC Setup Instructions
The Quick Setup program for the CLI is designed to get your OfficeConnect Remote 812 up and running fast. To ensure that you have all the information you need on hand before you engage Quick Setup, we have supplied a script to jot down system, management, and LAN configuration information. We recommend that you fill out either script completely to get the full benefit of the program.
Used in combination with the QuickVC Setup program, Quick Setup allows virtually complete console-based configuration of your OfficeConnect Remote 812 without requiring any knowledge of CLI command syntax.
The questions beginning in the next chapter represent nearly the full text of what Quick Setup would query if you were to use every service available as configured on the CLI. If you are using partial service - just IP configuration, for example ­Quick Setup will skip the Bridging section. Default values are enclosed in brackets [ ].
If at any time you decide to quit Quick Setup, you can type <ctrl>c (^c) throughout the program.
The QuickVC Setup program for the CLI is designed to get virtual circuits for your OfficeConnect Remote 812 configured quickly. To ensure that you have all the information you need on hand before you enga ge QuickVC Setup, we have supplied a script to jot down information for VC connections. We recommend that you fill out either script completely to get the full benefit of the program.
Used in combination with the Quick Setup program, QuickVC Setup allows virtually complete console-based configuration of your OfficeConnect Remote 812 without requiring any knowledge of CLI command syntax.
The questions beginning in Chapter 5 represent nearly the full text of what QuickVC Setup would query if you were to use every service available as configured on the CLI. If you are using partial service Quic kVC Setup will skip some sections. Default values are enclosed in brackets [ ].
3-2 CHAPTER 3: CONFIGURATION METHODS
Manual S etup Instructions
Once you become familiar with the CLI interface, you might find it more efficient to manage the OfficeConnect Remote 812 manually. Manual configuration is most versatile in that you only enter commands that need to effectively change from the current configuration. Also, many of the advanced features can only be accessed through manual configuration (such as filtering).
4
CLI Quick Setup Script
Introduction The CLI Quick Setup pr ogr am all ows you to quic kly c onfi gure LAN- side, global and
QUICK SETUP
This chapter will describe in detail the operations of the Quick Setup program. It will identify the required information, steps involved, and sample output scripts from the execution of this program.
management settings for your OfficeConnect Remote 812. Instead of using cryptic commands, you will simply respond to a series of questions regarding different aspects of your configuration. The program will convert your responses into the appropriate CLI commands and execute them.
The CLI Quick Setup program automatically executes when the OfficeConnect Remote 812 is powered on with no configuration and all DIP switches in the back of the unit are in the OFF position. This boot mo de is called Unconfigured Mode. An OfficeConnect Remote 812 unit can be restored to an unconfigured state by ensuring that all DIP switches are in the OFF position and by deleting the configuration by performing one of the following:
1 Press the Configuration reset button on the back of the unit while powering on. 2 Issue the delete configuration command from the CLI. 3 Use the browser-based OfficeConnect Remote 812 Manager to delete the
configuration.
For more information on the Of ficeConnect Re mote 812 boot modes see Chapter 2: Getting Started in the OfficeConnectRemote 812 A DSL Router Install Guide.
Instructions The following sections contain the CLI Quick Setup script. You will be required to
enter information concerning your network configuration. Questions in the script are presented here in tables. Write the appropriate information for your desired configura tion in the following tables.
Setup Script The OfficeConnect Remote 812 Quick Setup will let you set up LAN-side and
global configuration for your system.To configure wide-area profiles you should run the OfficeConnect Remote 812 VC Wizard using the QUI CKVC command.
Do you want to continue with OfficeConne ct Remote 812 Quick Setup?
4-2 CHAPTER 4: QUICK SETUP
The OfficeConnect Remote 812 Quick Setup allows you to setup a simple configura tion for IP, IPX, and bridging.
Please answer the following questions with "yes" or "no" to indicate which portions of the system you want to configure.
When Quick Setup di splays a question it will display a default answer in square brackets, like "[yes]". If you simply press enter, this is the answer that will be used for you.
Password Protection
Question Default Your System
Do you want the CLI to be password protected?
What is the console login password (no more th a n 8 ch aract er s)?
[no ]
[ ]
Which portions of the network do you want to configure?
Question Default Your System
Network management ? [yes] IP ? [yes] IPX ? [no] Bridging ? [no]
Quick Setup Identification information
Question Default Your System
Enter the name of your system: [ ] Who is the system contact person? [ ] Where is thi s system located? [ ]
Quick Setup Management Information
Question Default Your System
Do you want to be able to manage the system via SNMP?
[yes]
An SNMP community names a group of systems that can manage yo ur system via SNMP. It is a rudimentary form of security.
Question Default Your System
What SNMP community will manage this system? [public]
CLI Quick Setup Script 4-3
Along with a community name, you can limit access to a specific management station. "0.0.0.0" means any station.
Question Default Your System
What is the IP address of the station for this community?
[0.0.0.0]
You also need to specify if this community can only read information, or read and write information.
Question Default Your System
Can this community change management information?
[yes]
This completes the section on SNMP management configuration.
TELNET information
Question Default Your System
Do you want to allow command line management via TELNET?
[yes]
For TELNET management of the system, you need to create a user name and password to control access.
Question Default Your System
What user name wil l be allowed to manage th is system? [root] What password will be used for this user ? [ ]
Quick Setup IP inf ormation
The OfficeConnect Remote 812 uses a network name to identify the network for future managment commands.
Question Default Your System
Enter the network name of your IP network: [ip] Enter the IP add ress for the Office Connect Remote
812:
[192.168.200.25 4]
The IP mask can be specified either as a class ("A", "B", or "C"), the number of one bits in the mask, or as an address in the format 255.x.x.x.
4-4 CHAPTER 4: QUICK SETUP
Question Default Your System
What should the the mask be set to? [C]
You need to specify the frami ng for the IP network. It should be either "ethernet_ii" or "snap".
Question Default Your System
What is the framing for the IP network? [ethernet_ii]
You can use the Routing Information Protocol (RIP) to exchange routing information with other routers on the network.
Question Default Your System
Do you want to run RIP? [yes] Choose the versi on of RIP to run: [v2]
The OfficeConnect Remote 812 can act as a DHCP server , pr oviding IP addr esses to other stations on the local lan.
Question Default Your System
Do you want the OfficeConnect Remote 812 to act as a DHCP server?
Enter the start address for the DHCP IP address pool:
Enter the end address for the DHCP IP address pool:
[yes]
[ ]
[ ]
It is possible to restrict access to the TFTP server to a specific system or a list of systems. Quick Setup will allow you to enter one system that is allowed or allow access to all systems.
Question Default Your System
Do you want to allow all systems to access the TFTP server?
[yes]
IP setup is completed.
Quick Setup IPX information
The network name is used by the OfficeConnect Remote 812 to ide ntify your IPX network.
CLI Quick Setup Script 4-5
Question Default Your System
Enter the name of your network: [ipx]
The network number is a non-zero hexadecimal number of up to 8 digits.
Question Default System
Enter the ipx network number: [ ]
You need to specify the framing for the IPX network. It should be one of the following: ethernet_ii, snap, dsap, novell_8023.
Question Default System What is the fram ing for the IPX netw ork ? [ethernet_ii]
Quick Setup Bridge Informat ion
The network name is used by the OfficeConnect Remote 812 to identify your bridging setup.
Question Default Your System
Enter the network n a m e : [bridge]
The spanning tree algorithm is used to eliminate loops in a network that is linked together with bridges. You should run the spanning tree algorithm in the OfficeConnect Remote 812 if you have multipl e 812s linking your network to another network; or if you think that there might be loops in your network.
Question Default System
Do you want to run the spanning tree algorithm? [no]
Would you like to review your current settings before executing [yes]?
Sample Identific ation Information
This section contains a sampl e of possible settings.
4-6 CHAPTER 4: QUICK SETUP
Management Information:
Console Login Required: yes Console Logi n Password: password SNMP Management: SNMP Community: public SNMP IP Address: 0.0.0.0 SNMP Read&Write: yes
TELNET Management:
TELNET User: root TELNET Password: !root IP Information: IP Network Name: ip IP Network Address: 192.168.200.254 IP Mask: C IP Frame Type: ethernet_ii IP RIP: v2 DHCP Server: Enabled DHCP Pool Start IP Address: 192.168.200.1 DHCP Pool End IP Address: 192.168.200.40
TFTP Server Information:
TFTP Access: Any system
IPX Information:
IPX Network Name: ipx IPX Network Number: 12345661 IPX Frame Type: ethernet_ii
Bridge Information:
Bridge Network Name: bridge Spanning Tree: no
Do you want to change any answers [no]? Do you want to actually execute these commands [yes]?
CLI Quick Setup Script 4-7
Sample Output Display as Quick Setup Executes
OCR-DSL> set system name "name" OCR-DSL>set system location "vienna" OCR-DSL>set system contact "jc" OCR-DSL>set command login “yes” OCR-DSL>se t comman d password “password” OCR-DSL>add snmp community pub lic address 0.0.0.0 access RW OCR-DSL>enable security_option remote_user administration OCR-DSL>add user "root" password "!root" OCR-DSL>add ip network “test” interface eth:1 address 192.168.200.254/C frame ethernet_ii enable no OCR-DSL>set dhcp mode server OCR-DSL>set dhcp server start 192.168.200.1 end 192.168.200. 40 router
192.168.200.254 dnsl 192.168. 200.254 dns2 0. 0.0 .0 wins1 0.0 .0. wins2 0.0.0.0 mask 255.255.255.0 OCR-DSL>add dns host ocrdsl-3com.com addr 192.168.200.254 OCR-DSL>enable dns OCR-DSL>add tftp client 0.0.0.0 OCR-DSL>set ip network “test” routing ripv2 OCR-DSL>enable ip network “test” OCR-DSL>enable ip forwarding OCR-DSL>add ipx network “ipx” address 12345 661 interface eth:1 frame ethernet_ii OCR-DSL>disable bridge spanning_tree OCR-DSL>add bridge network “bridge” OCR-DSL>save all
Saving.... . SAVE ALL
SAVE ALL Complete OCR-DSL>Spawned Process CFP 282002 /./QuickSetup.commands Completed Successfully
Quick Setup (CLI) is designed only for initial set up of the OfficeConnect Remote
812. When setup is complete, this one-time program will alter your configuration files, whic h the p rogr am cann ot edit . If yo u make an err or an d ne ed to rest art , u se the delete configuration command to reboot and return to factory -set default.C
4-8 CHAPTER 4: QUICK SETUP
5
CLI Qu ickVC Setup Script
Introduction The CLI QuickVC Setup program allows you to quickly configure remote site
QUICK VC SETUP
This chapter will describe in detail the operations of the OfficeConnect Remote 812 VC Setup Wizard program. It will identify the required information, steps involved, and sample output scripts from the execution of this program.
profiles (virtual channel connections) for your OfficeConnect Remote 812. Instead of using cryptic commands you will simply respond to a series of questions regarding different aspects of your configuration. The program will convert your responses into the appropriate CLI commands and execute them.
The OfficeConnect Remote 812 can be configured as an ATM device. Depending on the present configuration, the QuickVc script will prompt you for the appropriate parameters.
Instructions This section contains the CLI QuickVC Setup script for all possible OfficeConnect
Starting QuickVC Setup
ATM Parameters The characteristics of the ATM Virtual Circuit must be configured.
Remote 812 Virtual Channel (VC) configurations. You will be required to enter information concerning network configurations. Questions in the CLI QuickVC Setup script are presented here in tables.
Write the appropriate information for your desired configuration in the following tables.
OCR-DSL> quickvc
Welcome to the OfficeConnect Remote 812 VC Setup Wizard The VC Setup Wizard allows you to add and configure a VC profile on your
OfficeConnect Remote 812. Each profile must have a unique name.
Question Default Your System
What is the name to be added? [ ]
Question Default Your System
Enter the Virtual Path Id entifier [0] Enter the Virtua l C h annel Identifier [0] Is the Category of Service (U)br, (V)br or (C)br? [U]
5-2 CHAPTER 5: QUICK VC SETUP
Network Service The OfficeC onnect Remote 812 suppports either PPP, RFC 1483 encapsulation.
PPP Parameters (Only applicable if PPP is chosen as the network service.)
Enter the Peak Cell Rate: [0] Enter the Sustainable Cell Rat e: (VBR only) [0] Enter the Maxi mum Burst Tolerance: (VBR only) [0]
The Category of Service and cell rate parameters only affect data transmitted from the OfficeConnect Remote 812 to the remote site (upstream direction). The default value of UBR with a Peak Cell Rate of 0 will attempt to use all available upstream bandwidth when transmitting to the remote site.
The ATM Configuration for VC “name” is now complete.
Question Default Your System
Select the encapsulati on type [ppp]
IP Configuration
(Network Service PPP)
You must configure a name and password that will be used during the PPP authentication process.
Question Default Your System
What is the authentication name ? [name] What is the authentication password? [ ]
The authentication name for VC “name” is now complete.
(Only applicable if PPP is chosen as the network service.) Network Address Translation (NAT) allows a single WAN-side IP address to be
shared by multiple LAN-side devices. Local an d remote IP adresses can be configured in two different ways:
Specified: the IP adress is always a specific address.
Learned: the IP address is learned when the PPP connection is established.
One active VC profile ca n have its rem ote router installed as the de fa ult router in the OfficeConnect Remote 812’s IP route table.
You can use Routing Information Protocol (RIP) to exchange routing information with other routers on the network.
Question Default Your System
Is IP traf fi c go ing to be ro ut e d o ve r VC “name”? [yes] Do you want to enab le IP Networ k Address Translation (NAT)? [yes] Is the remote IP address (S)pecified or (L)earned? [L] Enter the IP address of the router across the WAN: (specif ied
only)
[ ]
CLI QuickVC Setup Scr ipt 5-3
IP Configuration
(Network Service
RFC1483)
Enter the IP mask for the router a cross the WAN : (specified only)
Is the local IP address (S) pe c if ie d o r (L )e ar n e d ? [L] Enter the local ip address for the WAN connection: (specified
only) Do you want to use “name”’s remote rou te r a s th e def a u lt
gateway ? Do you want to run RIP ? [no] Enter the version of RIP to run: (if applicable) [v2]
[C]
[ ]
[no]
The IP configuration for VC “name” is now complete.
Network Address Translation (NAT) allows a single WAN-side IP address to be shared by multiple LAN-side devices.
If you choose to run NAT the WAN interface must be Numbered. (i.e., there must be a local WAN-side IP address specified that must be on a different IP network than the LAN-side IP address). See Appendix B of the OfficeConnect Remote 812 ADSL Router User’s Guide for a discussion of Numbered and Unnumbered interfaces.
Local and remote IP adresses can be configured in two different ways:
Specified: the IP adress is always a specific address.
Learned: the IP address is learned when the PPP connection is established.
One active VC profile can have its remote router installed as the default router in the OfficeConnect Remote 812’s IP route table.
You can use Routing Information P rotocol (RIP) to exchange routin g information with other routers on the network.
The IP mask can be specified either as a class (“A”, “B”, or “C”), the number of one bits in the mask, or as an address in the format 255.x.x.x.
Question Default Your System
Is IP traffi c going to be routed over VC “name” ? [yes] Do you want to enable IP Network Address Translation (NAT) ? [yes] Enter the IP address of th e router across the WAN: [ ] Enter the IP mask for the router across the WAN: [C] Is the WAN interface (U)nnumbered or (N)umbered ? [N] Enter the local ip address for the WAN connection: (numbered
only) Do you want to use “name”’s remote rou te r a s th e def a u lt
gateway ? Do you want to run RIP ? [no] Enter the version of RIP to run: [v2]
[ ]
[no]
The IP configuration for VC “name” is now complete.
5-4 CHAPTER 5: QUICK VC SETUP
IPX Routing (Network
Service PPP)
IPX Routing (Network
Service RFC 1483)
Question Default Your System
Is IPX traffic going to be routed over VC “name”? [no] Is the IPX WAN interf ace (S)pecified or (L)earned? [L] Is the IPX WAN interfac e (U)nnumbered or (N)umbered? [N] Enter the IPX network number for the WAN? [ ] Do you want IPX routing (RI P) to run over the WAN? [yes]
The IPX configuration for VC “name ” is now complete.
Question Default Your System
Is IPX traffic going to be routed over VC “name”? [no] Is the IPX WAN interfac e (U)nnumbered or (N)umbered? [N] Enter the IPX network number for the WAN? [ ] Do you want IPX Routing (RIP) to run over the WAN? [yes]
Bridging
Review
The IPX configuration for VC “name ” is now compl ete.
Question Default Your System
Do you want to Bridge any traffic over VC “name”? [no]
The OfficeConnect Remote 812 can be configured to send and receive the routed (IP and IPX) packets using bridged encapsulation (i.e., Bridged-1483 or BRCP or PP), where the MAC-header is included in each packet. The routing rules for [IP and IPX] will be applied to each packet.
Question Default Your System
Do you want to enable MAC- encapsulated r outing? [no]
Question Default Your System
Would you like to rev iew your answers before executing them ?
[yes]
Sample Identification
Information
This section contains a sample of possible settings.
Encapsulation type: PPP ATM information:
VPI/VCI: 0/33
CLI QuickVC Setup Scr ipt 5-5
Category of Service: UBR Peak Cell Rate: 0
IP: Enabled Local WAN IP Address: Learned Remote WAN IP Address: Learned WAN Interface Type: Numbered Address Translation (NAT): Enabled
RIP: no Remote is Default Gateway: yes
IPX: Enabled IPX WAN Network Number: Learned IPX WAN RIP: Yes
Bridging: Enabled
Question Default Your System
Do you want to change any answers ? [no] Do you want to actually execute these commands? [yes]
Sample Output Display
as Quick Setup Executes
OCR-DSL> a dd vc “name” OCR-DSL>set vc “name” ip disable ipx disable bridging disable OCR-DSL>set vc “name” network_service ppp OCR-DSL>set vc “name” atm vpi 0 vci 0 category_of_service unspecified pcr 0 OCR-DSL>set vc “name” ip enable OCR-DSL>set vc “name” remote_ip_address 0.0.0.0/C OCR-DSL>set vc “name” local_ip_add ress 0.0.0.0 OCR-DSL>set vc “name” ip_routing listen rip ripv2 OCR-DSL>set vc “name” nat enable OCR-DSL>set vc "name" ipx enable OCR-DSL>set vc "name" ipx_enable ipx_address 00000000 ipx_routing all OCR-DSL>set vc “name” bridging enable OCR-DSL> OCR-DS L>enable vc “name” OCR-DSL>_save users _SAVE USERS Complete OCR-DSL>Spawned Process CFP 272016 /./QuickSetup.commands Completed Successfully OCR-DSL>
h
5-6 CHAPTER 5: QUICK VC SETUP
6
MANUAL SETUP
This chapter describes how to manually setup the OfficeConnect Remote 812 for Routing or Bridging.
Configuration Overview
The following steps provide an outline to follow when configuring the OfficeConnect Remote 812 to route or bridge to remote networks.
1 Determine how the OfficeConnect Re mote 812 will be used (as an IP, IPX Router
and/or Bridge) and gather information about your remote site connection using the Configuration Planning Forms provided with the unit.
2 Set up a remote site profile for each remote location including Network Service
(PPP/RFC 1483), and WAN configuration.
Set up network (IP, IPX and/or Bridge) informatio n:
Configure the network(s) over the LAN.
Add the network information to the remote site profile(s).
Turn RIP (IP and IPX) and SAP (IPX) on or off as needed for your configuration.
Add static and framed routes (IP and IPX) or services (IPX) if needed.
3 Optionally set up DHCP and DNS information. 4 Optionally perform system administrat ion tasks such as setting the date and time,
providing a system name and contact, adding or changing Web browser or TELNET login access, and providing TFTP access.
5 Save the configuration.
The rest of this chapter provides an overview of the OfficeConnect Remote 812 basic oper ations and configuration. The chapter is broken into t he following sections:
Remote Site Management
IP Routing
Address Translation
DHCP
DNS
IPX Routing
Bridging
System Administration
6-2 CHAPTER 6: MANUAL SETUP
Remote Site Management
Each remote site that you w ant to connect to is accessed through a single ATM Virtual Channel connection. To set up connections over the WAN, a VC (remote site) profile must be created and edited. With this profile, you specify ATM Virtual Channel information, protocols, and addresses that determine the method of connection and communication to that remote site.
You create VC profiles using the add vc command (e.g., add vc Internet will create a profile called “Internet”), and then you modify the profile using set vc commands to setup the WAN connection and network information. The following list summarizes the necessary information.
WAN - Network Service (PPP/RFC 1483) information, ATM VC information IP - IP addresses, address translation tables, static routes, RIP usage. IPX - IPX network address information, static routes and services, RIP usage. Bridging - Enable or disable bridging to the remote site.
If you need to connect to multiple remote sites (i.e., the Internet and a remote office) you should set up a remote site profile for each location.
Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory.
Managing a Remote Site
You can obtain a list of all currently configured VC profiles using the command:
list vcs
You can view the contents of a particular profile using the command: show vc <vc name> The OfficeConnect R emote 812 always has a default profile. Any value th at is not
set in a profile that you create will assume the values that are present in the default profile. The default profile can not be created or deleted, but it can be modified using the set vc command.
You can view the default profile using the command:
show vc default
VC profiles can be enabled or disabled. When a profile is enabled using the enable vc command, the OfficeConnect Remote 812 reads the connection parameters for
the remote site from the profile and continuously attempts to establish a connection to the remote site. When a profile is disabled using the disable vc command, the connection will be terminated and no other data will be directed to the remote site. Configuration changes to a remote site profile do not take effect until the next time the profile is enabled. Thus, if you want to make changes to the profile you should disable the profile, make your changes, and then re-enable the profile.
Remote Site Management 6-3
For example, if you want to change the PPP authentication password to testpassword for a profile called Internet you would do the following:
disable vc Internet set vc Interne t send_p ass w ord testpas swo rd enable vc Internet
Configuring Network
Service Information
A Network Service defin es the data encapsulation and protocol characteristics for the connection between the OfficeConnect Remote 812 and the remote site. The OfficeConnect Remote 812 suppor ts two types of Network Services: PPP and RFC
1483. The OfficeConnect Remote 812 and the remote site must both use the same Network Service in order for a connection to established and maintaine d.
For PPP, the authentication na me and password must be provided to allow the connection to be establ ished. The Offic eConnect Remote 812 supports both PAP and CHAP authentication.
To set up a profile for PPP, use the following commands:
set vc <vc name> network_service ppp set vc <vc name> send_name <authentication name > set vc <vc name> send_password <authentication password>
RFC 1483 does not support any type of authentication. Therefore, to set up a profile for RFC 1483 you simply configure the Network Service using the command:
set vc <vc name> network_service rfc_1483
Configuring ATM
Information
The ATM parameters are supplied by your service provider. These parameters consist of:
ATM VC information
ATM Category of Service parameters
ATM allows for permanent connections (PVCs) and switched c onnections (SVCs). For a PVC, the required VC information parameters consist of the Virtual Path Identifier (VPI) and Virtual Channel Identifier (VCI).
The VPI/VCI uniquely specify the path to the remote site and are placed in the ATM cell header that is used to route each cell to the remote site.
Two VC profiles with the same VPI and VCI can not be enabled simultaneously. Y ou may encounter this situation if you want to login to the same remote site with different PPP authentication parameters. You should disable all profiles using the same VPI/VCI and then enable the one that should be active.
For SVCs, there is not a fixed VPI/VCI. Instead , a destinati on addr ess is used to set up a path through the ATM backbone network when the connection is to be established.
6-4 CHAPTER 6: MANUAL SETUP
Currently, the SVC capability is disabled in the OfficeConnect Re mote 812.
ATM Category of Service parameters specify characteristics (sometimes called traffic shaping parameters) for data transmitted from the OfficeConnect Remote 812 to the remote site. They have no effect on data transmitted from the remote site to the OfficeConnect Remote 812.
The ATM VC inf ormatio n and Categor y of Servic e paramet ers ar e entered into the profile using the set vc <vc name> atm command. For PVCs, you must enter VPI and VCI information for each profile.
set vc name <vc name> atm vci <vci value> vpi <vpi value> You should have been provided with Category Of Service parameters.
UBR - Unspecified Bit Rate; No limit has been specified for the upstream data
flow.
CBR - Constant Bit Rate; A constant rate has been specified for the upstream
data flow.
The cell rate transm ission para meters are used to specif y upstr eam transmi ssion
rates for the particular Category of Service.
PCR - the Peak Cell Rate is the maximum number of cells/second transmitted
over this connection. T he Peak Cell Rate is optional for UBR and required for
VBR and CBR.
SCR - the Sustainable Cell Rate, in cells/second. This is the maximum average
rate. The SCR is required for VBR.
BT - the Burst Tolerance or Maximum Burst Size, in cell/second. The is the
maximu m number of cells that can be sent at th e peak rate. The BT i s required
for VBR.
To configure the profile for UBR, use: set vc <vc name> atm category_of_service unspecifed pcr <cell rate >
To configure the profile for VBR: set vc <vc name> atm category_of_s ervice variable pcr <cell rate> scr < cell
rate > bt < cell rate >
To configure the profile for CBR: set vc <vc name> atm category_of_service constant pcr < cell rate > where the pcr parameter is used for the constant bit rate that is desired instead of
as the peak cell rate.
If no traffic shaping parameters have been provided you should choose UBR with a PCR value of 0. The OfficeConnect Remote 812 will attempt to use all of the upstream bandwidth when transmitting data to the remote site.
IP Routing The OfficeConnect Remote 812 can be configured as an IP Router to forward
packets between the local LAN interface and one or more Remote Sites.
IP Routing 6-5
A forwarding table is maintained which specifies which interface to route an IP packet based on the destination IP address. Entries in the forwarding table are both static and dynamic. Static entries are based on the LAN’s and remote site's subnet addresses and user configured static routes. Dynamic entries are added when RIP is enabled and routes are learned from neighboring routers.
To configure IP routing, IP must be d efined on both the LAN interface and one or more VC prof iles. O n the LAN, an IP n etwork must exist with a spec ifi ed IP ad dr ess and subnet mask. In the VC profile, IP routing needs to be enabled, and the remote router address, a remote subnet mask and local WAN interface address need to be configured. The remote site address configuration can be l earned dynamically when the connection is established if the Network Service is PPP, otherwise it has to be specified.
Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory.
Enabling IP Routi ng When the OfficeConnect Remote 812 is to be used for IP Routing, IP forwarding
must be enabled. This is a global setting for the entire router.
To enable IP routing, use the command:
enable ip forwarding
To disable IP routing, use the command:
disable ip forwarding
IP Forwarding refers to the routing of IP packets from one interface to another. It does not affect comm unic ating to the Of ficeC on nect Rem ote 812 itsel f. Even when IP Forwarding is disabled, you can perform non-routing functions suc h as use a Web browser to manage the unit and use PING.
In ad d i tion to IP fo rw a rding , there is a globa l RI P setting. I f R I P is g l o b a ll y d i s ab l e d , it is disabled for all LAN and WAN networks. If RIP is globally enabled, it can then be specifically enabled or disabled on the LAN IP networks and in each remote site’s VC profile.
To globally enable I P RIP, use the command:
enable ip RIP
To globally disable IP RIP, use the command:
disable ip RIP
To see the current IP Forwarding and RIP status, use the following commands:
6-6 CHAPTER 6: MANUAL SETUP
show ip settings show ip routing settings
Configuring an IP
Network over the LAN
To configure IP over the LAN, you need to assign an IP network to the LAN port with the add ip network command. Each network has a network name. You will use the network name when entering commands related to the network.
The CIDR-supported network address includes a local station address and subnet mask using the format: nnn.nnn.nnn.nnn/A B C or 8-30. The firs t 4 octets de scribe the IP address, followed by the subnet mask (contiguous) designator.
You can specify t he subnet in one of t wo ways: a clas s or numeric al des ignation. If you specify a Class C s ubnet mask, for instance, this command will generate a
255.255.255.0 subnet value for you. If you specify the number of bits (to be set to
1), the acceptable range is 8-30. The network address is invalid if the portion of the station address not covered by the mask is 0.
Defining a numerical subnet is useful when your value falls in between classes. You can also omit the ma sk alt oget her; it wi ll au t omati cal ly be calc u late d fr om t he address.
To add an IP network over the LAN, use the command:
add ip network <network name>
address <ip address/mask> frame [ETHERNET_II | SNAP]
Configuring IP RIP on
the LAN
You can obtain a list of all configured networks using the command list networks. To only list IP networks, use list ip networks.
By default, the network is enabled when it is created. You can disable the
network using the following command: disable ip network <network name>
You can delete a disabled network using the command: delete ip network <network name> The reconfigure ip network command can be used to modify an existing IP
network’s address or frame type.
IP RIP is configurable on each LAN IP network. The OfficeConnect Rem o te 812 supports two versions of RIP, V1 or V2. You can also disable RIP completely.
To set enable/disable RIP or set the version to use for a particular LAN IP
network, use the command:
set ip network <network name>
routing_protocol [NONE | RIPV1 | RIPV2]
Other permut ations of the set ip network command c an be used to configure advanced RIP features and policies.
IP Routing 6-7
Configuring IP for the
Remote Site Connection
In order to enable IP to be routed to a remote site, you must configure the following items in the VC profile associated with the remote site connection.
You must enable IP routing in the profile
You must enter the remote IP address information
You must enter the local IP address information
To enable or disable IP routing in a VC profile, use the command:
set vc <vc name>
ip [DIS ABLE | ENA BLE]
The remote IP address information consists of the IP address of the router at the other end of the VC connection. This address can be either specified by you, or (if you are using PPP as the Network Service for the connection) it can be learned when the PPP session is established.
To specify the remote IP address, use the command:
set vc <vc name>
remote_ip_address <ip address/mask>
To specify that the remote IP address should be learned you can enter
255.255.255.255/H for the <ip address/mask> parameter, or you can use the command:
set vc <vc name>
address_selection negotiate
The IP address associated with the local side of the WAN connection can be specified by y ou, l earned f r om the remote sit e (if y ou are using PPP as t he Network Service for the conn ecti on), or the inter fac e can be Unnumb ered.
To specify the local IP address use the command:
set vc <vc name>
local_ip_address <ip address>
To specify that the local IP address should be learned you must enter
255.255.255.255 for the <ip address> p arameter. To specify that the interface is Unnumbered you must enter 0.0.0.0 for the <ip address> parameter. (See Appendix B of the OfficeConnect R emote 812 ADSL Router User’s Guide for a discussion of Unnumbered interfaces.)
Optionally, you can specify that the remote site should be used as the default gateway.
To designate the remote site as the default gateway use the command:
set vc <vc name>
default_route_option [DISABLE | ENABLE]
6-8 CHAPTER 6: MANUAL SETUP
The default_route_option can onl y be enabled in one VC profile.
Also, you can configure IP Source Validation for the connection. When IP Source Validation is enabled, the source address of all IP frames received from the remote site will be validated. A packet’s source address is valid if the OfficeConnect Remote 812 will route an IP fram e desti ned to th e sour ce addr ess on the same VC it came in on.
To enable IP Source Validation in a profile, use the command:
set vc <vc name>
ip_source_validation [DISABLE | ENABLE]
Configuring IP RIP for a
Remote Site
Configuring Static and
Framed IP Routes
IP RIP can be enabled or disabled for each remote site connecti on. The OfficeConnect Remote 812 supports two versions of RIP, V1 or V2. Additionally, you can configure whether the OfficeConnect Remote 812 should advertise local routes, on ly listen for routes from the remote site, or both.
To configure RIP for a remote site connection:
set vc <vc name>
ip_routing [BOTH | LISTEN | NONE | SEND]
If you ar e using address translation for a r emote site connection (NAT) you mu st set ip_routing to LISTEN or NONE. This is because you have set up a private LAN network and therefore do not want to be broadcasting information to other routers. The OfficeConnect Remote 812 will not allow a profile using address translation to be enabled if ip_routing is set to BOTH or SEND.
To configure the RIP version for the remote site connection use:
set vc <vc name>
rip [RIPV1 | RIPV2]
A Static route is a configured route that will remain in the routing table until deleted. Static routes differ from Dynamic routes in that Dynamic routes are learned real-time via RIP.
A Framed route is much like a Static route in that you manually configure the route. The difference is that a Static route is defined for the LAN while a Framed route is associated with a remote site connection. Also, while a Static route is active when the LAN is connected, a Framed route is active only when the connection to the associated remote site is active.
If you wish to set up a route to a network on the other side of a remote site, use a Framed route. If you wish to set up a route to a network through the LAN, use a Static route. Only use Static and Framed routes for networks not learned using RIP.
To add a Static route over the LAN, use the command:
add ip route <ip network address>
gateway <ip address>
metric <metric>
Address Translation 6-9
The route will appear in the IP rout ing table. You can displ ay all IP routes with the list ip routes command.
To delete an IP Static route, use the command:
delete ip route <ip network address>
To add a Framed route that will be installed in the IP routing table when a connection is established, use the command:
add framed_route vc <vc name>
ip_route <ip network address>
metric <metric>
where gateway is the address of the remote router. The route will be removed from the routing table when the VC profile is disabled.
To delete a Framed route so that it no longer will be installed in the routing table when the connection is established use the command:
Address Translation
delete framed_route vc <vc name>
ip_route <ip network address>
Remember to disable and then re-enable the VC profile for the change to take effect.
IP Tools The OfficeConnect Remote 812 CLI provides a standard set of IP utility programs
including Ping, TELNET and RLOGIN.
Public IP addresses are registered and can be used within a public network (e.g., the Internet). Due to the limitation of IP version 4 address space and the growth of the Internet, public addresses are becoming more scarce. One solution to this problem is to use private addresses on small LANs and to use Address Translation when accessing devices on the public network. Address Translation changes an IP frame’s private address to a publi c add r ess at th e gateway of a p ubl ic net work (i .e. the OfficeConnect Remote 812 router).
The router maintains a table of active port numbers in order to support simultaneous connections from different workstations on the LAN with one public IP address. The public address is the WAN interface address of the Remote Site profile, which can be statically configured or dyanmically learned (PPP).
Network Address
Translation (NAT)
NAT is used when several privately addressed workstations share a single public address. NAT uses the TCP and UDP port numbers to map multiple private addresses to the single public address. For normal applications such as Web browsing and FTP transfers, NAT can be configured by just enabling the feature. When accesses are originated from the private addressed LAN, a mapping is established between the source port number and the source private a ddress. When the response is received on the public addressed WAN port, the destination port is mapped back to the private address.
6-10 CHAPTER 6: MANUAL SETUP
Configuring NAT Typically, NAT only needs to be enabled or disabled for a remote site connection.
Static NAT port mappings or the NAT default address need to be configured when an application will initiate a TCP or UDP connection from the public network. If a public accessible Server resides on a privately addressed LAN, static ports can be defined for the applications they are running. For example, TCP port 80 for a Web Server and TCP port 21 for an FTP server can be statically assigned. The NAT default address can be used with or instead of static port a ssignments, and is set to the private address of a workstation on the local LAN. If an incoming IP data packet is received on a WAN port and there is no existing dynamic or static port mapping , the packet will be translated using the N AT default address.
Use the following command to configure NAT in a VC profile: set vc <vc name> nat enable As stated in the above overview, it is sometime necessary to configure the
Workstation default address. This field should be set to the private address of a workstation on the local LAN. If a data packet is received on the WAN port and a port mapping does not exist, the frame will be translated using the Workstation default address.
Use the following command to set this field : set vc <vc name> nat_default_address <ip address> Static port configurations map a public port to a private IP address/port. Both TCP
and UDP static ports can be defined. Remote sites can have multiple static ports defined. If static ports and the Workstation Default Address are defin ed, the st atic ports take precedence.
Static ports are defined for TCP and UDP ports with th e following commands:
add nat tcp vc <vc name>
public_port <por t> private_address <ip address>
private_port <port>
add nat udp vc <vc name>
public_port <por t> private_address <ip address> private_port <port>
Note: Typically the private and public port numbers are configured for the same value (i.e. 21 for an FTP Server). However, you can map multiple public port numbers to the same private port number. For example, if you want to support a Web Server on the LAN and be able to manage your OfficeConnect Remote 812 with the Web Browser, you would define 2 static ports for the Web Server (TCP port 80). Configure your LAN Server with public port 80, private port 80, and the private address of the LAN Server . Configure yourocr812 manager with public port 8080, private port 80 and the private address equal to the ethernet port IP address. To access the ocr812 from a Web Browser, type in: public Address:8080. The value 8080 was chosen for example purposes only, you can use any value within the port number range (i.e. 81).
DHCP 6-11
Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory.
Monitoring NAT The NAT configuration is displayed when viewing the remote site configuration
using the show vc command. The Network Address Translation field should indicate enabled. The NAT Default Address field will contain 0.0.0.0 if the option is disabled or a valid workstation IP address on the local LAN if it is enabled. The static port definitions are appended to the display only w hen configured.
When the remote site is active, current port mappings are displayed with the following command:
list nat vc <vc name> port
DHCP Dynamic Host Configuration Protocol (DHCP) is designed to provide a centralized
approach for configuration of IP addresses and parameters. When a workstation is configured for automatic assignment of IP addresses, it
broadcasts a request out on the LAN. The DHCP Server responds with an IP address for th e work st ati on, t he dom ain n ame, and t he IP addr e sse s of t he defaul t router, two DNS Servers, and two WINS Servers.
Configuring the DHCP
Mode
The assignment of an IP address to the workstation is for a specified period of time, referred to as the lease period. Before the lease is set to ex pire, the workstation will s end a req ues t to th e ser ver t o exten d th e lease perio d. The s erver maintains a list of assigned IP addresses and the duration period of the leases. When a lease expires, the IP address can be reassigned to another workstation.
The OfficeConnect Remot e 812 can be configured to support up to 40 workstations on the local LAN. In addition, the OfficeConnect Remote 812 can be configured to be a DHCP Relay. When enabled, the Relay will process the broadcast request from the local workstation and send it to one or two remote DHCP servers. The response f rom the remote DHCP servers is processed and forwarded to the local workstation.
Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory.
The OfficeConnect Remote 812 has three DHCP modes: Server , Relay and Disable.
To configure the mode, use the following command:
set dhcp mode [SERVER | RELAY | DISABLE]
Configuring the DHCP
Server
The OfficeConnect Remote 812’s DHCP Server has the followi ng fields that will need to be configured:
Hostname
Domain Name
6-12 CHAPTER 6: MANUAL SETUP
IP Address Pool, Start and End address
IP Subnet address mask
Lease period
WINS Server addresses
DNS Server addresses The Hostname is the base name assigned to the workstation . A numeric suffix is
appended to the base name and incremented after each assignment. For example, if the Hostname unit is configured, the first workstation will be assigned the Hostname unit01, the second workstation will be assigned unit02 and so forth.
Use the following commands to configure the DHCP Mode, base Hostname
and the ne twork’s Domain Name:
set dhcp mode server set dhcp server hostname <host name> set dhcp server domain <domain name>
The DHCP address pool is configured by specifying the starting and ending addresses of th e pool. The range of the pool must be 40 addresses or less and must be ent ered on the same command line.
The following set of commands configure the address pool and the network
subnet IP address mask:
set dhcp server start_address <ip address> end_address <ip address> set dhcp server mask <ip address>
The final set of DHCP Server commands configure the Lease period and IP addresses of the Default gateway, WINS Servers, and DNS Servers. There can be up to two WINS and DNS Servers specified. If this functionality is to be disabled, an IP address of 0.0.0.0 i s entered. If the OfficeConnect Remote 812 is functioning as the DNS Proxy, the OfficeConnect Remote 812’s LAN IP address should be configured as the first (primary) DNS address.
set dhcp server lease <seconds> set dhcp server router <ip address> set dhcp server wins1 <ip address> wins 2 <ip address>
Monitoring the DHCP
Server
set dhcp server dns1 <ip address> dns2 <ip address>
There are monitoring commands which display the DHCP protocol counters and current lease information. The DHCP protocol counters indicate the requests received, responses transmitted, and error indicators. The lease information indicates which IP addresses have been assigned, the corresponding workstation MAC addresses, and remaining time before the lease expires.
DNS 6-13
show dhcp server counters list dhcp server leases
The DHCP Server configuration is displayed with the show dhcp server settings command.
Configuring the DHCP
Relay
Monitoring the DHCP
Relay
The OfficeConnect Remote 812 can relay DHCP requests to up to two Remote Servers.
The OfficeConnect Remote 812 DHCP relay can be configured with two Remote Server entries. Each entry consists of a server IP address, a specified maximum number of hops a request can take before being discarded, and enable flag.
The following commands are used to configure the entries:
set dhcp mode relay set dhcp relay server1 <ip address> max_hops <count> enabled [YES | NO] set dhcp relay server2 <ip address> max_hops <count> enabled [YES | NO]
The DHCP relay has one command which displays the configuration and related counters. Counters include the number of requests transmitted and responses recei ved from the remote servers.
To show the configuration, use the command:
show dhcp relay
DNS A Domain Name Server (DNS) provides an IP address for a host computer for a
given Domain Name. A DNS Proxy receives requests and attempts to find an entry in its local tables, and if one is not found, forwards the request to a remote server. The remote DNS Server can be learned dynamically through PPP or can be statically assigned.
The OfficeConnect Remote 812’s DNS Proxy enables you to configure remote DNS Servers for specific Domains. For instance, assume you have two remote sites configured, one to the Internet and the other to a corporate site which has a domain name of 3com.com. Two DNS remote servers can be configured, one which uses the corporate site for 3com.com and the other to use the Internet as the default.
The OfficeConnect Remote 812’s DNS Proxy also enables you to configure Static Host entries. The static table is checked first before the DNS request is forwarded on to the remote server. If the OfficeConnect Remote 812 was first booted in DHCP Smart Mode, an entry, ocrdsl-3com.com, was automatically added to the table which maps to the OfficeConnect Remote 812’s local LAN IP address. This entry was added to simplify access to the OfficeConnect Remote 812.
Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory.
6-14 CHAPTER 6: MANUAL SETUP
Configuring DNS
To enable DNS functionality on the OfficeConnect Remote 812, use the
command:
enable dns
To disable DNS functionality, use the command:
disable dns
You can configure three global DNS parameters that control the operation of the DNS proxy.
Number of Retries: the number of retry attempts when accessing a primary or
secondary DNS server. The default is 1 retry.
Timeout: the amount of time to wait for request to be serviced. The default is 5
seconds.
Cache size: the number resolved names to cache. The default is 100 entries.
You can view the current DNS settings with the comman d:
show dns settings
You can alter the current DNS settings with the command:
DNS Host Ent ries
Managing the DNS
Proxy
set dns
cache_size <size>
number_retries <number>
timeout <seconds>
To add a DNS Host entry to the DNS Static Host table, use the command: add dns host <host name> address <ip address>
To view the contents of the Static Host table, use the command: list dns hosts
To delete a specific Host entry, use the command: delete dns host <host name>
When resolving a DNS nam e, the OfficeConnect Remote 812 first searches for a match in the Static Host table. If a match is not found it will perform a proxy function. The DNS Server table contai ns a list of DNS Servers for specifi c domains. Each domain listed in the table can have up to two DNS Server addresses associated with it. The default domain has the name ‘*’.
Using PPP it is possible to learn DNS server addresses when the PPP session is established. I n addi tion to sp ecify in g ser ver add r esses i n the DNS Ser v er t able, y ou can specify a VC profile name that should be used to learn the addresses.
To create a DNS Server entry when specific addresses are known, use the
command:
IPX Routing 6-15
add dns server <domain name> primary_a ddress <ip address> secondary_address <ip address>
To create an entry that will learn addresses using PPP, use the command:
add dns server <domain name> vc <vc name>
To display the contents of the DNS Server table, use the command:
list dns servers
To delete a domain entry, use the command:
delete dns server <domain name>
IPX Routin g The OfficeConnect Remote 812 can be configured as an IPX router to forward IPX
packets between the local LAN interface and one or more remote sites. A forwarding table is maintained which specifies which interface to route an IPX packet based on the destina tion IPX network number. Entries into the forwarding table are both static and dynamic. Static entries are based on the LAN's network number, the remote site WAN interface number, and user configured static routes. Dynamic entries are added when RIP is enabled and routes are learned from neighboring routers.
To configure IPX routing, IPX must be defined on both the LAN interface and one or more remote sites. On the LAN, an IPX network must exist with a specified IPX network number. On the remote sites, IPX forwarding needs to be enabled, and the WAN interface address need to be configured. The WAN interface can be Unnumbered (set to 0), Numbered, or dynamically learned if PPP is used.
Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory.
Enabling IPX Routing Unlike IP, there is no setting on the OfficeConnect Remote 812 that enables or
disables IPX routing functionality on a global basis.
Configuring IPX for the
LAN
To configure IPX over the LAN you need to assign an IPX network to the LAN port with the add ip x networ k command. Each network has a name . You will use the name w hen entering commands related to the network.
add ipx network <network name>
address <ipx network address>
frame [DSAP | ETHERNET_II | NOVELL | SNAP]
You can obt ain a list of all configured networks using the command list networks. To only list IPX networks, use list ipx networks.
By default, the network is enabled when it is created. You can disable the network usi ng the followi ng command:
disable ipx network <network name>
6-16 CHAPTER 6: MANUAL SETUP
You can delete a disabled network using the command:
delete ipx network <network name>
Configuring IPX for
Remote Site
Connections
In order to enable IPX to be routed to a remote site, you must configure the following items in the VC profile associated with the remote site connection.
You must enable IPX routing in the profile
You must enter the WAN IPX network information
To enable or disable IPX routing in a VC profile use the command:
set vc <vc name>
ipx [DISABLE | ENABLE]
The WAN IPX network information consists of the IPX network address for the wide area connection. The IPX network address associated with the WAN connection can be specified by you, learned from the remote site (if you are using PPP as the Network Service for the connection), or the interface can be Unnumbered.
To specify the WAN IPX address using up to 8 hexadecimal characters, use the
command:
set vc <vc name>
ipx_address <ipx network address>
To specify that the WAN IPX network address should be learned via PPP you
can enter FFFFFFFF for the <ipx network address> parameter:
Configuring IPX Static
and Framed Routes
set vc <vc name>
ipx_address FFFFFFFF
To specify that the interface is Unnumbered you must enter 00000000 for the
<ipx network address> parameter. set vc <vc name>
ipx_address 00000000
A Static route is a configured route that will remain in the routing table until deleted. Static routes differ from Dynamic routes in that Dynamic routes are learned real-time via RIP or when new connections are established.
A Framed route is much like a Static route in that you manually configure the route. The difference is that a Static route is defined for the LAN while a Framed route is associated with a remote site connection. Also, while a Static route is active when the LAN is connected, a Framed route is active only when the connection to the associated remote site is active.
If you wish to set up a route to a network on the other side of a remote site, use a Framed route. If you wish to set up a route to a network through the LAN, use a Static route. Only use Static and Framed routes for networks not learned using RIP.
IPX Routing 6-17
To add a Static IPX route over the LAN, use the command:
add ipx route <ipx network address>
gateway <ipx network address> metric <number>
ticks <number >
The route will appear in the IPX routing table. You can display all IPX routes with the list ipx routes command.
To delete an IPX Static route, use the command:
delete ipx route <ipx network address>
To add a Framed route that will be installed in the IPX routing table when a connection is established use the command:
add ipx_route vc <vc name>
ipx_net <ipx network address> metric <num ber>
ticks <number>
Configuring IPX Static
and Framed Service s
The route will be removed from the IPX routing table when the VC profile is disabled.
To delete a Framed route so that it no longer will be installed in the routing table when the connection is established use the command:
delete ipx_route vc <vc name>
ipx_route <ipx network address
Remember to disable and then re-enable the VC profile for the change to take effect.
The Service table contains IPX server names, the services they provide, their network a nd node addresses, and their relative distances. Examples of Services include file serv ers and print ers. Once cr eated, a Stati c Service en try rem ains in the Service table until deleted. Static Services differ from Dynamic Services in that Dynamic Services are learned real-time via SAP packet exchange between routers.
A Static Service entry is a manually configured Service accessible from the LAN. A Framed Service is a manually configured Service accessible from the WAN. A Framed Service is acti ve only when the conne ctio n to the ass oci ated re mote s i te i s active.
Use Static and Framed Services for servers not learned using SAP.
To add a Static IPX Service over the LAN, use the command:
add ipx service <service name>
gateway <network.node address> ipx_net <server network address> metric <num ber> node <server node address>
6-18 CHAPTER 6: MANUAL SETUP
socket <hex number>
type <hex number>
The service will appear in the IPX Services table. For example:
add ipx service Serv411 gateway 98.0:0: 0:0:0:0 ipx_net 31ab17c9
metric 1 node 0:0:0:0:0:1 socket 451 type 4 You can display all IPX Services with the list ipx services command.
To delete an Static IPX Service, use the command: delete ipx service <name> type <hex numbe r>
To add a Framed Service that will be installed in the IPX Services table when a
connection is established, use the command:
add ipx_service vc <vc name>
hops <number> ipx_ne t <server network address> name <service name> node <server node address> socket <hex number>
type <hex number>
Configuring IPX RIP and
SAP
The route will be removed from the IPX routing table when the VC profile is disabled.
To delete a Framed route so that it no longer will be installed in the routing
table when the connection is esta blished use the command:
delete ipx_service vc <vc name>
name <service name> type <type>
Remember to disable and then re-enable the VC profile for the change to take effect.
IPX RIP is used to exchange IPX routing information with other IPX routers. SAP is a protocol used by IPX servers and routers to exchange information about the location of servers.
For IPX networks over the LAN you can separately enable or disable RIP and SAP. When enabled you can also specify whether RIPs or SAPs are sent, received, or both.
To configure RIP for a LAN network, use the command:
set ipx network <network name>
rip [BOTH | DISABLE | LISTEN | RESPOND_ONLY | SEND]
To configure SAP for a LAN network use the command:
Bridging 6-19
set ipx network <network name>
sap [BOTH | DISABLE | LISTEN | RESPOND_ONLY | SEND]
Other permutations of the set ipx network command can be used to configure advanced RIP features and policies.
IPX RIP and SAP can be enabled or disabled for each remote site connection. You cannot individually enable or disable RIP or SAP; they are enabled or disabled together for each remote site connection. You can configure whether the OfficeConnect Remote 812 should advertise local routes and services, only listen for routes and services from the remote site, or both.
To configure IPX RIP and SAP for the remote site connection, use the command:
set vc < vc name>
ipx_routing [ALL | LISTEN | NONE | RESPOND | SEND]
Bridging A bridge connects two or more physical networks together to function as one big
network. The OfficeConnect Remote 812 can be configured to be a learning bridge. A l earning bridge does more tha n just link networks; it separates network traffic and forwards only the packets that need to be forwarded.
Bridges separate traffic by examining the Media Access Control (MAC) addresses contained in data packets. MAC addresses uniquely ident ify each machi ne attached to a network segment. A data packet is not forwarded to another segment if its destination MAC address resides on the same segment as its source.
To efficiently separate traffic, the bridge maintains a Bridge Forwarding Table. The table contains a list of MAC addresses and th eir associa ted network segments. The table is built dynamically from the source MAC addresses of data packets passing through the bridge.
The OfficeConnect Remote 812 bridge supports the Spanning Tree Protocol (STP). This feature is used when two networks are joined by two bridges forming a looped network. STP prevents the data packets from circling the two networks.
The OfficeConnect Remote 812 provides a Bridge Firewall function which allows flexible configuration of simul taneous bridging and routing. For more information on the Bridge Firewall, see the Bridging and Routing section.
To set up bridging on the OfficeConnect Remote 812, you must:
Configure bridging for the LAN.
Configure bridging for the remote site connection.
You may also want to:
Set up to bridge IP traffic.
Modify advanced bridging options.
Details are provided in the following sections.
6-20 CHAPTER 6: MANUAL SETUP
Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory.
Configuring Bridging for
the LAN
Configuring Bridging for
the Remote Site
Connections
To configure a protocol over the LAN, you need to assign a protocol network to the LAN port by providing a name. After adding a network, you can modify advanced parameters.
To add a bridge network over the Ethernet interface, use the command: add bridge network <network name> You can obtain a list of all configured networks using the command list
networks. To only list bridge networks, use list bridge networks.
By default, the network is enabled when it is created. You can disable the
network using the following command: disable bridge network <network name>
You can delete a disabled network using the command: delete bridge network <network name>
To configure bridging to a remote site you must enable bridging in the VC profile using the command:
set vc <vc name>
bridge [DISABLE | ENABLE]
Bridging IP Traffic By default the OfficeConnect Remote 812 is set up to route IP traffic. To bridge IP
traff ic you must turn off IP Forwarding.
IP Forwarding refers to the routing of IP packets from one interface to another. It does not affect communicating to the OfficeConnect Remote 812 itself. Even when IP Forwarding is disabled, you can perform non-routing functions such as use a Web browser to manage the unit and use PING.
To see the current IP Forwarding status use the command: show ip settings
To disable IP Forw arding use the command:
disable ip forwarding
Advanced Bridging
Options
The advanced bridging configuration options include Aging Time, Forward Delay, Spanning Tree, and Spanning Tree Priority.
To see the current settings for these options, use the command: show bridge settings
MAC-Encapsulated Routing 6-21
Except for enabling Spanning Tree, most users do not need to change the advanced parameters from their default settings
The Aging Time is the time (in seconds) for aging out forwarding table information.
To change the Aging Time, use the command: set bridge aging_time <seconds> The Forward Delay is the time (in seconds) to wait while learning forwarding
information before starting to bridge packets.
To change the Forwarding Delay, use the command: set bridge forward_delay <seconds> Spanning Tree refers to the Spanning Tree Protocol which is used to eliminate
network loops between bridges.
To disable or enable Spanning Tree, use the commands:
MAC-Encapsulated Routing
disable bridge spanning_tree enable bridge spanning_tree
The Spanning Tree Priority is the priority assigned to a bridge that is running the Spanning Tree Protocol. It is used for prioritizing the bridges when Spanning Tree is enabled.
To change the Spanning Tree Priority, use the command: set bridge spanning_tree_priority <priority value>
Because routers base their forwarding decision on network-level addresses, packets that are routed over a WAN are transmitted without MAC-layer addresses. Additionally, address resolution procedures that can be used to determine the destination MAC address for a packet are not required.
Conversely, packets that are bridged over a Wide Area Connection include MAC-layer information. Address resolution procedures are required.
MAC-Encapsulated Routing uses network-level addresses for forwarding decisions but transmits MAC-layer addresses over the Wide Area Connection. Additionally, address resolution procedures are used. To the remote site, the packets appear as if they had been bridged.
Configuring
MAC-Encapsulated
Routing
This feature allows the routing features of the OfficeConnect Remote 812 (i.e., address translation, DHCP Server, DNS Proxy, etc.) to be employed in a bridged environment.
MAC-Encapsulated Routing is specified on a per-VC basis. When MAC-Encapsulated Routing is enabled in a VC profile, packets for the routed protocols configured by the profile (i.e., IP and/or IPX) will be sent using the appropriate b ridged enca psulat ion. If the confi gured network serv ic e is RFC 1483,
6-22 CHAPTER 6: MANUAL SETUP
then the packets will be encapsulated in a bridged-1483 form at. If th e configur ed service is PPP, the packets will be encapsulated in BRCP.
To enable MAC-Encapsulated Routing in a VC profile, use the command:
set vc <vc_name> mac _routing enable
To disable the M AC-Encapsulated Routing in a VC profile, use the command:
set vc <vc_name> mac_routing disable
Simultaneous Bridging and Routing
The OfficeC onnect Remote 812 can be configured for simultaneous bridging and routing. IP routing is configured if IP forwarding is enabled (see Enabling IP Routing). IPX routing is enabled if an IPX network is present over the Ethernet interface (see Configuring IPX for the LAN). Bridging is enabled by adding a bridge network over the Ethernet interface. (see Configuring Bridging for the LAN). Routing and bridging a re enabled for eac h destination in its remote site profile.
When configured for simultaneous bridging and routing, packets received from the LAN are first passed through the router for any configured protocols. If the packet can not be routed it is passed to the bridge depending on the setting of the Bridge Firewall function.
The Bridge Firewall has three modes:
1 Discard Routed Protocols:
This is the default mode. If a protocol is configured for routing and a packet for that protocol type is received from the LAN that is not a ddressed to the MAC address of th e OfficeConnect Remote 812, it is discarded.Additionally, broadcasts (including ARPs) for the protocol are not passed to the bridge. To configure the Bridge Firewall for this mode, use the command:
set bridge firewall discard_routed_protocols
2 Forward Unicast Packets Only:
If a protocol is configured for routing, and a packet for that protocol type is received from the LAN that is not addressed to the MAC address of the OfficeConnect Remote 812, it is bridged. Additionally, ARP broadcasts for IP addresses other than that of the OfficeConne ct Remote 812 are also bridged. Other broadcasts for the configured protocol are not bridged. To configure the Bridge Firewall for this mode, use the command:
set bridge firewall fwd_unicast_only
3 Forward Broadcast/Unicast Packets:
Unicast packets for a configured protocol received from the LAN that are not addressed to the MAC address of the OfficeConnect Remote 812 are bridged. Received broadcasts (e.g., DHCP) are bridged. To configure the Bridge Firewall for this mode, use the command:
set bridge firewall fwd_bc_and_unicast
System Administration 6-23
Packets received from the WAN do not pass through the Bridge Firewall. Instead, packets received from the WAN are delivered to the router or bridging function based on their encaps ulation and on the state of the MAC-Encapsulated Routing parameter in the remote site profile.
In general, a packet received in a routed encapsulation (i.e., IPCP or Routed RFC
1483) is delivered to the router. A packet received in a bridg ed encapsulation is passed on to the bridge. If MAC-Encapsulated Routing is enabled, the received (bridge-enc apsul ated) packet s are delivered to the router.
System Administration
This section provides details and examples for performing the following system administr a tio n ta s ks :
Setting Date and Time
Setting System Identification
Configuring Web Browser and TELNET Login Access
Providing TFTP Access
Setting Password Protection
Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory.
Setting Date and Time You can obtain the current date, time and system uptime using the command:
show date
The date and time information is provided in the following format:
System Date: 02-MAR-1998 05:17:00 System UpTime: 2d 08:37:54
Setting System
Identification
You can set the date using the command: set d ate which sets the system date, and leaves the time unchanged. The format is: dd-mmm-yyyy. The month should be the first three characters of the month name. The year can be either 2 or 4 digits - 97 or 1997. Example: set date 01-JAN-199 8
To set the time, use the command: set time which sets the system time, and leaves the date unchanged. The format is: hh:mm:ss. The seconds (ss) field is optional. Military time is used. For example, to set the time to 4:10 am enter the command: set time 04:10 and to set the time to 4:10 pm enter the command: set time 16:10.
The system name, loca tion and cont act info rmati on is u sef ul when m onit oring the OfficeConnect Remote 812 remotely. You should choose a name, loca tion and contact that is appropriate for the unit.
You can view the settings using the command:
show system .
6-24 CHAPTER 6: MANUAL SETUP
To set these parameters use the command: set system name <name> location <location> contact <contact>
The name, location, and contact can be up to 32 characters long. For example,
set system name OCR1 location Rack4 contact SysAdmin@555-1212
Configuring Web
Browser and TELNET
Login Access
Setting up a login user allows you to provide controlled access to the OfficeConnect Remote 812 from a Web browser or through TELNET. Connecting with a Web browser allows you to configure and monitor your unit using the OfficeConnect Remote 812 Manager. Connecting using TELNET on a workstation allows you to remotely manage the unit using CLI.
A default user name of root and password !root are provided by DHCP Smart Mode and the IP Wizard during the initial installation. For secure access, you should add a private login name and password and delete the default name.
To view the current login users, use the command:
list users
To add a lo g in u ser, use th e co m m a nd: add user <name> password <password>
The name can be up to 32 characters long and the password can be up to 15 characters long.
To delete a login user, use the command: delete user <name>
To change the password, use the command: set user <name> password <new password>
To enable the use of CLI for TELNET users, issue the additional command:
enable security_option remote_user administration
Providing TFTP Access Trivial File Transfer Protocol (TFTP) provides a simple way to transfer files from one
machine to another. The OfficeConnect Remote 812 has a TFTP server that allows you to copy files to or from the unit. All you have to do is set up TFTP access on the OfficeConnect Remote 812 and run a TFTP client program on a workstation.
You can configure the OfficeConnect Remote 812 to provide access to all TFTP clients or you can specify the IP addresses of the TFTP clients for restricted access.
To view the current TFTP client access list, use the command:
list tftp clients
To add a TFTP client to the list, use the command: add tftp client <host name or IP address or 0.0.0.0>
Provide eith er the h ost n ame o r t he IP addr ess of the wo rk stat ion r unnin g th e TFTP client. An address of 0.0.0.0 allows all TFTP clients unrestricted access.
To remove a TFTP client from the list, use the command:
delete tftp client <host name or IP address or 0.0.0.0>
Introduction 6-25
Setting Password
Protection
The OfficeConnect Remote 812 provides the capability to password-protect access to the CLI. When the password protection feature is enabled, a user connecting to the CLI via the serial console port will be prompted for the CLI password.
After the corr ect password is entere d, all CLI commands are accessible b y the user. The user can 'exit' from the CLI to disable further a ccess or can configure an id le timeout period. If no commands are executed by the CLI for a period longer than the idle timeout period, the user will automatically be logged out of the console. The password will have to be re-entered in order to access the CLI again.
CLI password protection is disabled by default. Password protection can be configured by the QuickSetup program or by using
CLI commands. The Console password is independent of the Login Access passwords described on
6-25. Only the Console password can be u sed to gain access to the Conso le port.
To enable or disable CLI password protection, use the co mmands:
set command login_required yes or
set command login_required no
To configure the login password, use the command:
set command password <password>
where <password> is an alphanumeric string of 1 to 8 characters. The default
password is "password."
Be sure to save your configuration af ter entering a new password.
After logging in to the CLI, you can exit the CLI with the command:
exit cli
To set the idle timeout period, use the command:
set command idle_timeout <timeout>
where <timeout> specifies the idle timeout period in minutes.
By default, there is no idle timeout period.
This capability is useful for system administrators or users who wish to restrict
access to the OfficeConnect Remote 812.
Care should be taken to remember the configured password. If the password is forgotten, the unit must be sent back to 3Com support to have the feature disabled.
Introduction The OfficeConnect Remote 812 provides an extensive set of data filtering
capabilities. For instance, filters can accept packets only from specific addresses to provide added security, or filters can be ad ded to reduce network traffic and improve overall performance.
6-26 CHAPTER 6: MANUAL SETUP
Packet filters control inter-network data transmission by accepting or rejecting the passage of specific packets through network interfaces based on packet header information. When data packets are received by a network interface such as an Ethernet (LAN) or WAN port, a pac ket filter analyzes the packet information using a set of rul es you define. A filter then lets the packet pass through or discards it.
This chapter contains information on the filtering capabilities for your OfficeConnect Remote 812. It is divided into the following sections:
Filtering Overview
OfficeConnect Remote 812 Filtering Capabilities
Creating Filters
Assigning Filte rs
Applying Filters
Managing Filters
Filtering Overview Filters can provide added security by accepting packets only from specific
addresses or they can be added to reduce network traffic and improve overall performance. Filters can also be used to approximate spoofing when routers with different or incompatible spoofing methods are linked over the WAN. Spoofing is the use of a forged IP source address to circumvent a firewall.
OfficeConnect Remote 812 Filt er in g Capabilities
Packet filters control inter-network data transmission by accepting or rejecting the passage of specific packets through network interfaces based on packet header information. When data packets are received by a network interface such as an Ethernet LAN or WAN port, a packet filter analyzes packet header information against a set of rules you define. A filter then lets the packet pass through or discards it.
The OfficeConnect Remote 812 provides an extensive set of data and call filtering capabilities. The OfficeConnect Remote 812 supports the following filtering capabilities:
Input and output data filtering.
Source and destination addres s filtering.
Protocol filtering.
Source and destination port filtering. A packet filter can control what services local or remote users can access.
Call filtering can control whether a packet ca n initiate an outgoing call.
Route filtering can filter source and destination addresses in packets that exchange routing table information.
Established session filterin g. A packet filter can permit users to connect with a remote network without letting remote users have access to the local network (or vice versa ).
Filter Classes The OfficeConnect Remote 812 supports three filter classes:
OfficeConnect Remote 812 Filtering Capabilities 6-27
Input data - filter packets as they enter.
Outp ut da ta - filter packets as they exit.
Embedded bypas s for periodic router protocol packets (IP RIP, IPX RIP and IPX
SAP) Each filter class can be identified further by the following types:
Filter Types Filters can be classified by the following types:
Data filters - based on protocol-sp ecific packet information.
Advertisement filters - ba sed on broadcast packet information (IP RIP, IPX
RIP, and IPX SAP).
Generic filters - based on packet structure.
Data Filters Data filters control network access based on the protocol, source / destination
address, and port designation (e.g., TCP and UDP port designations) of the packet. The following table describes the data filters suppor ted.
Table 6- 1 Data Filters
Filter Action
IP Controls networ k access based on the pr otocol and source/destination address.
IPX Controls network access based on the protocol and sourc e/destinatio n network.
Bridge Controls network acc ess based on the source and destination MAC addresses.
IP filter rules allow filtering based on the source address, destination address, protocol typ e, source port, and port designation of the IP packet.
IPX filter rules allow filtering based on the source network, destination network, protocol typ e, source socket , destination socket, source node, and node designation of the IPX packet.
Advertisement Filters Advertisement filters operate on network protocol packets that contain varying
information such as SAP or RIP. Filtering of these packets is performed by the specific protocol process. The following table describes the advertisement filters supported:
.
Table 0-1 Advertisement Filters
Filter Action
IP-RIP Controls the content of IP Routin g Information Protocol (RIP) packet s that are
sent out or received on specific ports. The IP RIP filtering process filters addresses from the RIP packet upon transmission, and does not enter route s into the routing table upon receipt.
IPX-SAP Controls the content of Service Advertisi ng Protocol (SAP ) packets that are sent
IPX-RIP Controls t he content IPX RIP packets that are sent out or received on specific
out or received on specific ports. The IPX-SAP filter rules allow filtering on service type, server nam e, network addres s, node address, and socket number fields of the service entry. The forwarding process uses the filter information to prevent the service information from being included in the SAP packet.
ports. The IPX RIP filtering pr ocess filter s addresses from the RIP packet upon transmission, and does not enter routes into th e routing table upon r eceipt.
6-28 CHAPTER 6: MANUAL SETUP
Generic Filters Generic filters are protocol-independent and are specified by byte and offset
values in a packet. Packets are filtered by comparing each packet’s offset value and byte information with the values that you define in the filter. The router will accept or reject the packet based on the result.
Creating generic filters can be a complex task. Only experienced users should employ generic filters, and strictly in cases where data and advertising filters cannot provide the filtering capabilities that you require.
Creating Filters Overview
Creating Filters Using Command Line Interface
Filters can be set one of two ways in the OfficeConnect Remote 812: Using CLI or using the OfficeConnect Remote 812 Manager.
The more flexible way of setting filters is through the Command Line Interface (CLI). Both data and advertisement filters can be set using CLI. For more information on accessing CLI, refer to the OfficeConnect Remote 812 ADSL Router CLI Users Guide.
Data Filt ers can be set usi ng the HTML Manager (the OfficeConnect Remote 812 Manager). Data filters are used to remove packets from the normal flow of data traffic. They can be applied to IP, IPX, and/or Bridge traffic. Advertisement filters are used to restrict information in outgoing or incoming advertisement packets, i.e. IP RIP, IPX RIP, and IPX SAP packets.
Before creating a filter file, you should carefully identify the information you want to filter. Decide if you want a filter that discards packets (such as reject all IP packets whose IP source address is 192.168.200.50) or accept only a subset of packets (such as accept only bridged packets if the destination MAC address is 002069000001 or 002069000002). Also determine where you want to place the filter. For example, figure out if yo u want to appl y the fil ter to pa ckets comin g int o the Ethernet port, to packets going out the WAN (ATM) port, or to packets coming from a specific VC/remote site.
Filter File Components in
CLI
The first step in creating a filter on the OfficeConnect Remote 812 is to create a file using a text editor on a workstation. The file will contain filters defined in the OfficeConnect Remote 812 filter syntax (described be low). File names should b e short and descriptive, such as IP.FLT.
The next step is to use TFTP (T riv ial Fil e Transfer Protocol) to copy th e fi lter fil e fr om the workstation to the OfficeConnect Remote 812.
You then use CLI commands to add the filter file to the list of filters and apply the filter to the appropriate interface or VC / remote site profile.
You define the filtering rules used by the router within filter files. Filter files are text files that are stored in the unit’s FLASH memory. You can create and modify filter files using an off-line tex t editor, then TFTPing the finished file on to the unit.
To be valid, a filter file must always have the following file descriptor on the first line: #filter
Be sure that no blank space precedes the descriptor, or an error will occur.
Creating Filters Using Command Line Interface 6-29
The remainder of the filter fi le is partitioned into protocol sections. Each protocol section has a descriptive header and contains the filter rules for that protocol.
Protocol Sections A single filter file can contain all valid protocol sections in any order, but the
sections ca nnot be repeated. The follo wing conditions will generate errors or prevent normal filter operation:
If you do not specify a protocol section in the filter file, no filtering will occur
and packets of that protocol type will be accepted.
If you specify a protocol section but do not define any rules, an error will occur.
The following table describes the valid protocol sections that you can define in
the filter file.
To comment out a protocol section, you must place a pound (#) sign before the section header and before all rules defined in the section.
Table 6- 2 Protocol Sections
Protocol Sections Descriptions
IP IP protocol data filter section IP-RIP IP RIP advertising filter section IPX IPX protocol data filter section IPX-RIP IPX RIP advertising filt er section IPX-SAP IPX SAP advertising filter section BR-ETH Bridge pr otocol data filter
Protoc ol Ru le s
You can define protocol rules within each protocol section in the filter file. Protocol ru les deter mine wh ich pac kets may and may not access th e netwo rk. Th e rule syntax is:
<line #> <verb> <keyword> <operator> <value>
The line # range is 1-10. This means you can combine up to 10 rules to create a filter for a specific protocol. Additionally, line number 999 is used for the DENY verb.
The combination of keyword, operator, and value forms the condition which (when combined with the verb) determines whether a packet is accepted or rejected.
When a packet is filtered, the router parses each rule defined in the protocol section sequentially accord ing to the line number. Filtering is performed based on the first match that o ccur s. If ther e is no match , by defau lt the pa cket i s accept ed. For this reason, you should order your protocol rules so that the rules you expect to be most frequently matched are in the beginning of the section. Thi s reduces the amount of parsing time that occurs during filtering. The following table describes each field used in the rule syntax:
Table 6- 3 Protocol Rules
6-30 CHAPTER 6: MANUAL SETUP
Field Description
line # Eac h rule must hav e a unique line number from 1-10 p lus 999 fo r the DE NY ve rb.
You must arrange rules in increasing order.
Verb This field can be one of the following:
ACCEPT - Allow the packet access if the condition is met (use with DENY verb to indicate reject all other packe ts).
REJECT - Do not allow the pac ket access if the condition is met. AND - Logically use the AND condition with condition of the next rule to
determine if the packet is accepted or rej ected. Both de fined conditions m ust be
met. Keyword The keywords for all protoc ol, descripti ons, corresponding operators and values. Operator Describes the relationship between th e keyword and its value. The operator field
must be one of the following:
= Equal
!= Not equal
> Greate r than
< Less th a n
>= Greater or Equal
<= Less or Equal
=> Generic value Contains a entity that is appropriate for the keywor d.
The OR operation can be implemented by successive rules. For example, to accept a packet if the source address is xxx, or the destination address is yyy, the following rules are used:
IP: 1 ACCEPT src-addr=xxx; 2 ACCEPT dst-addr=yyy; 999 DENY;
(This will only accept packets from the specified address(es); all other packets will be rejected.)
The following table describes the keywords f or each protocol section and their legal operators used in the rule syntax. Value ranges are also given where ddd is a decimal between 1 and 255, mask is a decimal between 1 and 32, and xx is a hex number:
Table 6-4 Protocol Keywords
Protocol Section
IP src-addr
IP-RIP network =, != IP netwo rk number (ddd.ddd.ddd.ddd/mask)
Keyword Operators Description and Value Range
dst-addr tcp-src-port tcp-dst-port udp-src-port udp-dst-port protocol generic
=, != =, != all all all all =, != =
Source IP Addres s (ddd.ddd.ddd.ddd/mask) Destinati on IP Address (ddd.ddd. ddd.ddd/mask) TCP source port (1 - 65535) TCP destination port (1 - 65535) UDP source port (1-65535) UDP destination port (1-65535) IP protocol (UDP, TCP , I CMP ) Generic filter
Creating Filters Using Command Line Interface 6-31
IPX src-net
dst-net src-host dst-host src-socket dst-socket
generic IPX-RIP network =, != IPX network (xx -xx-xx-xx ) IPX-SAP network
node
server
service-type
socket BR-ETH src-addr
dst-addr
generic
=, != =, != =, != =, != all all =
=, != =, != =, != =, != all
=, != =, != =
Source IPX n etw ork (xx-xx-xx-xx) Destina tion IPX network ( xx-xx-xx-xx) Source IPX h ost node address (xx-xx-xx -xx-xx-xx) Destina tion IPX host node address (xx-xx-xx-xx-xx-xx) Source IPX socket (0x1 - 0xFFFF) Destination IPX socket (0x1 - 0xFFFF) Generic Filt er
IPX network (xx-xx-xx-xx) IPX node (xx-xx-xx-xx-xx-xx) Server name (character string to 32 characters) Service type (0x0 - 0xFFFF) Socket (0x1 - 0xFFFF)
Source MAC address (xx-xx-xx-xx- xx-xx) Destination MAC address (xx-xx-xx-xx-xx-xx) Generi c filter
Generic Filter Rule The syntax for generic filters is slightly different than that for other filters:
<line #> <verb> GENERIC => ORIGIN = <FRAME > DATA>/OFFSET = <# of bytes>/ LENGTH = <# of bytes>/MASK = < 0x Mask>/VALUE = <0x value>
ORIGIN - The location in the packet to start the offset count. This location can be at byte 0 (FRAME) or at the start of the protocol data (DATA).
OFFSET - The number of bytes from the origin to skip before comparing the value to the packet contents.
Applying the Rules
Using CLI
LENGTH - The number of bytes in the packet to compare to the value.
MASK - The mask to logically "and" with the packet contents before comparing with the value (hex).
VALUE - The value (hex) to compare to the packet contents.
For example, a generic bridge filter to prevent all IP pa ckets from being bridged is:
BR-ETH: 1 reject generic=>origin=frame/offset=12/length=2/mask=0xFFFF/value=0x0800;
The following sections provide detailed information and examples for creating specific filters based on protocol.
IP Source and Destination Network Filtering Using CLI
Source and destination address filtering is generally used to limit permitted access to trusted hosts and networks only, to explicitly deny access to hosts and networks that are not t rusted , or to lim it exte rnal access t o a given host ( for ex ample , a web server or a firewall).
Note that only the part of the IP address specified by the mask field is used in the comparison. If a match is found, the packet is forwarded (rules containing accept) or discarded (rules containing reject).
The following rule example allows forwarding of only IP packets with source addresses that match the first 16 bi ts of the given IP address (addresses beginning with 192.77):
6-32 CHAPTER 6: MANUAL SETUP
IP: 1 ACCEPT src-addr = 192.77.200.203/16; 999 DENY;
The following rule example rejects IP packets with a source address: 144.133.20.1.
IP: 1 REJECT src-addr =144.133.20.1;
The following rule example allows forwarding of only IP packets with source address 192.77.100.32 and destination address 201.128.11.34:
IP: 1 AND src-addr = 192.77.100.32; 2 ACCEPT dst-addr = 201.128.11.34; 999 DENY;
IP Source and Destination Port Filtering Using CLI
You can also filter against UDP and TCP ports. The following rule example rejects IP packets with a TCP port number of 80.
IP: 1 REJECT tcp_dst_port = 80;
IP Protocol Filtering Using CLI
Filtering can be done on protocol as well. The protocols that ca n be filtered are UDP, TCP and ICMP. The following rule example rejects TCP packets.
IP: 1 REJECT protocol = TCP;
IP RIP Packet Filtering Using CLI
Routing Information Protocol (RIP) packets are used to identify all attached networks as well as the number of router hops required to reach them. The responses are used to update a router's routing table
If the router is listening for, or broadcasting RIP messages, you should allow them to pass in th e appropriate direction(s). You define IP RIP filtering rules in the IP-RIP protocol section of the filter file.
For example, if you want to filter all routes except the one specified by the IP network address 195.12.254.45, you would create this rule:
IP-RIP: 1 ACCEPT network = 195.12.254.45; 999 DENY;
This filter only allows the route 195.12.254.45 into the route table. All other routes are rejected.
Spurious RIP messages can disrupt your routing tables. If you a re listening for RIP messages on a given interface, you may wish to consider filtering out RIP updates from untrusted netwo rks.
Creating Filters Using Command Line Interface 6-33
IPX Source and Destination Network Filtering Using CLI
IPX network numbers must be specified as an network number no greater than 8-digits in hexadecimal format. The following rule example rejects IPX packets with a source address: 00-03-42-BF.
IPX: 1 REJECT src-net = 00-03-42-BF;
IPX Source and Destination Host Filtering Using CLI
Host addresses must consist of the 8-digit network number, followed by the four digit node number in hexadecimal format.
The following rule example accepts IPX packets with a destination address of 04-0B-43-AA:
IPX: 1 ACCEPT dest-host = 04-0B-43-AA; 999 DENY;
IPX Source and Destination Socket Number Filtering Using CLI
Sockets numbers represent communications interfaces that let an application access a net work protocol by opening a socket and declaring a destination. Sockets are usef ul because t hey pr o vide a si mple way to dir e ct an applic atio n onto the network.
You can compare the source or destination IPX socket number contained in the packet to the socket number defined in the filter rules. You must specify the type of the comparison.
For example, the following rule example accepts IPX packets with the IPX source socket number 0x001:
IPX: 1 ACCEPT src-socket = 0x001; 999 DENY;
IPX RIP Packet Filtering Using CLI
Routing Information Protocol (RIP) packets are used to identify all attached networks as well as the number of router hops required to reach them. The responses are used to update a router's routing table.
You define IPX RIP packet filtering rules in the IPX-RIP protocol section of the filter file. You can filter IPX RIP packets by network only.
The following rule example filters the route specified by the IPX network address 00-03-55-BF:
IPX-RIP: 1 REJECT network = 00-03-55-BF;
6-34 CHAPTER 6: MANUAL SETUP
IPX SAP Packet Filterin g Usin g CLI
SAP packets are used to identify the services and addresses of servers attached to the network. The responses are used to update a table in the router known as the Server Information Table.
You define IPX SAP packet filtering rules in the IPX-SAP protocol section of the filter file. You can filter SAP packets by network, node, server, service-type, and socket.
The following rule example accepts SAP services from the server name sales_1, with a socket number is less than 32:
IPX-SAP: 1 AND server = sales_1; 2ACCEPTsocket<32; 999 DENY;
Bridge / Generic Filtering Using CLI
The rules in this filter file section are setup to allow bridging of only IP and IPX packe ts (as sumi ng th at al l traffi c is bei ng bri dge d an d th at the IPX prot oco l i s usi ng Ethernet_II framing). To stop traffic in both directions, you can apply the filter as an input_filter on both the Ethernet and the WAN or User Profile interfaces. However, to i mpro ve ef fi cienc y ov er t he W AN in ter face, it would be bet ter to have the same type of filter applied on the equipment at the other side of the WAN to keep non-IP and IPX traffic off the WAN completely.
Step by Step Guide to
Creating Filter Files
Using CLI
BR-ETH: # Allow IP traffic 1 ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x0800; # Allow ARP traffic 2 ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x0806; # Allow IPX traffic 3 ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x8136; 4 ACCEPT generic=>origin=FRAME/offset=12/length=2/mask=0xFFFF/value=0x8137; 999 DENY;
You can create filter files using any text editor. Once the file is created, use the Trivial File Transfer Protocol (TFTP) to place the filter file in the router FLASH memory.
To create a filter file using CLI:
1 Open a new text file. Enter the file descriptor on the first line: #filter 2 Enter a file section header followed by a colon for the protocol rules you want to
define. For example, if you want to define IP f iltering rules, enter the following section header: IP:
Creating Filters Using Command Line Interface 6-35
3 You can comment a section header out by placing a # sign before the section
header. This is useful if you want to insert a placeholder for a protocol section you will define in the future.
4 Enter the protocol rules for the protocol section you are defining. Observe the
following guidelines.
Begin each rule with a unique line number ranging from 1 - 10.
Arrange rules in increasing li ne number order within each protocol section.
Arrange rules so that the rules you expect to be matched most frequently are toward the top of the list
Delimit each rule with a semi-colon. Example:
IP 1 ACCEPT src-addr = 128.100.33.1; 2 ACCEPT dst-addr = 200.135.38.9; 999 DENY;
5 Continue to define protocol rules for each protocol section you want to filter. 6 Inspect the file to ensure that it meets all filtering rules. 7 This step is important since you cannot edit the filter file from within the CLI. To
edit the file, you must modify the it using a text editor, TFTP the modified file into the FLASH (replacing the original file) and verify the filter using the verify filter command.
8 Save the fil ter file using a 12.3 FLT extension. The fil ter fi le exten sion wil l all ow you
to differentiate the filter file from other files stored in the router FLASH memory.
9 You can use the list files command to ensure the filter file was successfully stored
in the router FLASH memory.
10 Configure a PC as a Trivial File Transfer Protocol (TFTP) client of the router by
entering add TFTP client <hostname or IP address>.
To use CLI, see the CLI User’s Guide for instructions for connecting the console cable and communicating with the OfficeConn ect Remote 812 using a terminal emulator like Microsoft’s HyperTerminal.
11 From a machine that has access to the same network as the router, use a TFTP
command to transf er t h e fi lte r f ile to t he ro uter FL ASH memory. For example, fr om the workstation command line enter:
tftp <OfficeConnect Remote 812 IP address> put <filter filename>
12 The router does n ot r ec ogniz e a fi lter file s tor ed in i ts F LASH memory u ntil you add
it to the managed filter table. To notify the unit about the filter file for the first time, you must issue the CLI com mand add filter <name> to add the filte r to th e managed filter table. When the filter is added, the unit automatically verifies the filter file syntax. If you mo dified a fi le t hat h ad already been add ed, use the delete fil t er <n ame > command to remove the old file before TFTPing the new file. Then use the add filter <name> command again.
13 If the syntax is valid, no message is generated and the command prompt returns. If
the syntax is not valid, error messages are generated detailing the source of the errors.
14 Apply the filter to the appropriate interface or VC / remote site profile. After
replacing a file, you need to re-apply the filter for it the new filter file to take effect.
6-36 CHAPTER 6: MANUAL SETUP
For more details, refer to the next two sections. Assigning Filters discusses how to decide where to apply a filter, and Applying Filters explains the appropriate CLI commands to use.
Assigning Filters Once a filter has been add ed to ro uter’s list of managed filters, you can assign it to
the unit’s:
Interfaces
VC / Remote Site Profile
Interface Filters You can configure interface filters for any interface. Interface filters control access
to all networks available for both modem and non-modem interfaces. You can specify whether a filter applies to packets entering the interface (input
filter) or leavi ng th e inte rfa ce (o utput f ilt er). The r o uter ex amines the fil ter ing r ules to determine whether the interface accepts or rejects the packet.
Input Filter If an input filter is configured on an interface, all received packets are checked
against the filtering rules before being forwarded to another interface.
Output Filters If an output filter is configured on an interface, all outbound packets are checked
against the filtering rules before exiting the router.
Input F ilters vs. Output
Filters
When possible, u se t he input fi lte r t o fi lter an i nco ming pac ket rat he r tha n waiti ng to catch a packet as it attempts to exit the router. This is recommended because:
A packet is prevented from entering the router, keeping potential intruders from attacking the unit itself.
The routing en gine does no t wa ste t ime pr o cessi ng a packet t hat is going to b e discarded anyway.
Most importantly, the router does not know which interface an outgoing packet came in through. If a potential intruder forges a packet with a false source address (in order to appear as a trusted host or network), there is no way for an output filter to tell if that packet came in through the wrong interface. An input fil ter, on the other hand, can fi lter out packets purporting to be from networks that are actually connected to a different interface.
VC/Remote Site Filters You can configure filters for a specific VC / remote site profile that controls access
to the network for that location. This filter is only applied for the duration of the remote network connection. As with interface filters, a remote site filter can be configured to apply to input or output data traffic.
Applying Filters Usi ng CLI
You can apply filters to interfaces and/or users using the CLI. If you modify a file, you need to re-assign it to make the changes take effect immediately. Otherwise the changes will not take effect until the protocol network (IP, IPX, or bridge) that the filter affects goes down and comes back up. This occurs when a network is disabled, the WAN connection goes down then up, or when the OfficeConnect Remote 812 is rebooted.
Applying Filters Using CLI 6-37
Do not apply a filter to more than one interface or VC / remote site profile. Also, do not apply an input and an output filter to more than one Ethernet interface.
Applying a F ilter to an
Interface Using CLI
Configuring a Filter for a
VC/Remote Site Usi ng
CLI
To configure an input or output filter on an interface, use the following CLI commands:
set interface <interface name> inp ut_filter <filter name> set interface <interface name> output_filter <filter name>
Interface name is eth:1 for the Ethernet interface and atm:1 for the ATM interface. For example, to apply an input filter to the ethernet interface: set
interface eth:1 input_filter filter.fil
When assigning the filter to the Ethernet interface, you must turn off filter access by entering the CLI command set interface eth:1 filter_access off.
For more information about the filter access, refer to the Setting Filter Access section below.
Do not apply a filter to more than one interface or VC / remote site profile. Also, do not apply an input and an output filter to more than one Ethernet interface.
Do not apply a filter to more than one interface or VC/remote site profile. To configure an input or output filter for a specific user, use the CLI commands:
Setting Filter Ac cess
Using CLI
set vc <vc or remote site name>input_filter <filter_name> set vc <vc or remote site name>output_filter <filter_name>
For example, to apply an output filter to a user: set vc corpoffice input_filter filter.fil
When filters are assigne d to both the WAN interf ace and a VC/remo te site prof ile , you need to tell the router which one to use using the filter access parameter. If filter access is ON, the VC / remote site filters will override interface filters. If filter access is OFF, then the interface filters are used.
Always turn filter access OFF for the Ethernet interface since there are no profiles associated with it. If you do not turn if off, the filter will not be applied.
To set the filter access parameter to ON for a specific interface, use the CLI command
set interface <interface_name> filter_access ON
To set the filter access parameter to OFF for a specific interface, use the CLI command
set interface <interface_name> filter_access OFF
6-38 CHAPTER 6: MANUAL SETUP
Managing Filters Using CLI
Displaying the Ma naged
Filter List Using CLI
Adding Filters to the
Managed List Using CLI
This section provides information about how to perform filter management tasks.
To display the list of managed filters, use the following command:
list filters <filter_name>
The resulting display might look like this:
Filter Name Status Protocols
ip.fil NORMAL IP IP-RIP
The add filter command verifies filter syntax prior to adding the filter to the managed list. If the syntax is valid, no message is generated and the comm and prompt returns. If syntax errors exist, error messages are generated detailing the cause of the errors.
If the syntax is invalid, the filter is still added to the managed list with a status of verify failed. To correct filter file err or s, you must make the changes to the orig inal filter file using a text editor, and re-TFTP the file to the router’s FLA S H mem or y.
Then use the verify filter command to check the filter file syntax.
Removing a Filter from a
VC/Remot e Site Profile
Using CLI
To add a filter file to the list of managed filters, use the CLI command
add filter <filter name>
It may be helpful to use the list files command to see files successfully stored in the FLASH memory.
Removing a Filter from an Interface Using CLI
To remove a filter that is assigned to an interface, use the following command:
set interface <interface name> input_filter "" set interface <interface name> output_filter ""
The " " value represents a null value and removes the defined filter from the interface. For example, to remove an output filter from an interface named eth:1, you would use the following command:
set interface eth:1 output_filter ""
To remove a filter that is assigned to a remote site profile, use the following command:
set vc <VCorremotesitename>input_filter ""output_filter ""
The " " value represents a null value and removes the defined filter from the user profile. For example, to remove an input filter from a VC / remote site profile named corpoffice, you would use the CLI command:
set vc corpoffice input_filter ""
Managing Filters Using CLI 6-39
Deleting a Packet Filter
Using CLI
Verifying Filter File
Syntax Using CLI
Showing Filter File
Contents Using CLI
To delete a specific packet filter, removing the filter file permanently from the FLASH memory, use the CLI command
delete filter <filter_name>
The verify filter command must be used if you make changes to a filter file that has already been added to the managed list and re-TFTP it back to the router’s FLASH memory (using the same filename). The verify filter file will check the filter syntax. If the syntax is valid, no message is generated and the command prompt returns. If the syntax is not valid, error messages are generated detailing the source of the errors.
To verify a filter file, use the CLI command
verify filter <filter_name>
To view the contents of an entire filter file that has been added to the managed list of filters, use this command:
show filter <filter_name>
To display the contents of the filter file by protocol, use the CLI command
show filter <filter_name> protocol BR-ETH | IP | IP-RIP | IPX | IPX-RIP | IPX-SAP
6-40 CHAPTER 6: MANUAL SETUP
OFFICECONNECT REMOTE 8 12 SAMPLE
A
CONFIGURATION
This section describes a sample configuration which illustrates the following OfficeConnect Remot e 812 ADSL Router features:
Address Translation
Internal DHCP Server and DNS Proxy.
Multiple Remote Sites, with different routing and bridging configurations.
Our sample SOHO network, shown be low, has the OfficeConnect Remote 812 connected to a LAN that is using private IP addresses. The OfficeConnect Remote 812 is configured as the DHCP Server, dynamically assigning IP addresses and configura tion inform ation to eac h locally con nect ed work stati on. Two Remote Sites are defined, one to an ISP for Internet access, and another to the main Corporate office. IP routing is enabled for the Internet site and both IP and IPX routing as well as bridging is enabled for the Corporate site.
Our sample network is configured in 6 steps:
Global Configuration
IP LAN Network
DHCP and DNS
IPX LAN Network
Bridge LAN Network
Remote Sites
Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory.
A-2 APPENDIX A: OFFICECONNECT REMOTE 812 SAMPLE CONFIG URATION
Global Configuration Global configuration includes some optional system commands to identify the
OfficeConn ect Remote 812’s name, location, and support contact. Next the Remote access security op tion is enabled t o allow remote CL I access using TELNET. Finally, a Remote Login User is defined to provide access for Web Browser ba sed management and TELNET. The following commands are executed:
set system name OfficeConnect_1 set system location Vienna set system contact John_Doe enable security_option remote_user administration add user root password !root
LAN IP Network
Configuration
DHCP and DNS
Configuration
A IP network is defined over the interface with the private address,
192.168.200.254 with a class C subnet mask. The IP network is identified by the name “ip” and uses Ethernet II framing. TF TP acce ss is allo wed for al l cli ents. The following commands are executed:
add ip network ip address 192.168.200.254/C frame ethernet_ii enable yes add tftp client 0.0.0.0 enable ip forwarding
The OfficeConnect Remote 812’s DHCP and DNS functionality is enabled to simplify configuration of the workstation on the LAN. A DHCP Server is defined with an address pool, and the default router and the DNS Server addresses are set to the OfficeConnect Remo te 812’s LAN address. The DNS proxy is enabled and a Host statement is added for the OfficeConnect Remote 812 to simplify access from the Web Browser. Finally, a Remote Server is defined for the Corporate remote site a nd a default Remote Server is setup to be dynamically learned over the Internet remote site. The following commands are executed:
set dhcp mode server set dhcp s erv e r st ar t 192.168.200.1 end 192.168.200.40 mask 255.255.255.0 set dhcp server router 192.168.200.254 set dhcp server dns1 192.168.200.254 dns2 0.0.0.0 set dhcp server wins1 0.0.0.0 wins2 0.0.0.0 add dns host ocrdsl-3com.com addr 192.168 .200 .25 4 add dns server MyCorp.com primary 192.168.1.253 add dns server * vc Internet enable dns
A-3
When a DNS request is received from a locally attached workstation, the OfficeConnect Remote 812 will search the local static table to find an entry . If one is not fou nd, the request will be forwarded to a Remote DNS Server. The DNS Server is selected by comparing the domain name within the Request. If the Request was for www.MyCorp.com /even ts/loc al the domain MyCorp.c om wo uld match give n our configuration and the request would be forwarded to the DNS Server at 192.168.1.253. If a re quest was for www.3com.com, a match would not be found in the Remote server table and therefore the request would be forwarded to the default Remote DNS Server. In this case, the Remote DNS Server is dynamically learned when the connection to the remote site “Internet” is first established.
After a workstation is rebooted and is configured automatically by the OfficeConnect Remote 812’s DHCP Server, the 812’s browser-based manager can attach to the OfficeConnect Remote 812 by typing in ocrdsl-3com.com in the Browser’s location field. If the OfficeConnect Remote 812’s DNS functionality is disabled, the manager can still be accessed by using the OfficeConnect Remote 812’s LAN address (i.e ., 192.168.200.254 for this configuration).
LAN IPX Network
Configuration
The local IPX Network is defined with a Network Number of 10 and an identifyin g name of “ipx”. Routes and Servic es will be dy namicall y le arned using RIP and SAP once the Remote Site to MyCorp is established. The following commands are executed:
add ipx network ipx address 10 frame ethernet_ii enable yes set ipx net ipx rip both sap both
Bridge Configuration A Bridge network is configured for the LAN. With our example, IP and IPX are
routed over th e Corpor ate Remot e Sit e and all o ther p ro toc ols (e .g. Apple Talk) will be bridge d. The Bridge network is added with the following commands:
disable bridge spanning_tree add bridge network bridge
Remote Site: Internet In our example, we have two defined Remote Sites. In this section, the Remote
Site to the ISP is defined with the identifying name of “Internet”. The configured network service is PPP, our local WAN address and the remote router address will be dynamically learned when the connection is established. In addition, we will dynamically learn the addresses for two remote DNS Servers. The login name for this account is “internet-user and the password is 1a2b3c”.
Network Address Translation will be enabled, allowing all the workstations on our local LAN to share one public IP address. This Remote Site will be used as our default gateway. The ATM virtual channel is VPI 0 and VCI 32 and the Peak Cell Rate is set to the default access rate. This remote site is configured with the following commands:
add vc Internet
A-4 APPENDIX A: OFFICECONNECT REMOTE 812 SAMPLE CONFIG URATION
set vc Internet ip enable ipx disable bridging disable set vc Internet network_service ppp set vc Internet send_name internet-user send_password 1a2b3c set vc Internet atm vpi 0 vci 32 category_of_service unspecified pcr 0 set vc Internet address_selection negotiate set vc Internet local_ip_address 255.255.255.255 set vc Internet nat enable set vc Internet ip_routing listen set vc Internet default_route_option enable enable vc Internet
Remote Site: Corporate
Access
In this section, the Remote Site to the Corporate office is defined with the identifying name of “corp-net”. IP and IPX are both routed over this remote site and all other protocols are bridged. The configured network service is RFC 1483 and the remote router address is specified (192.168.1.254). The WAN IPX interface is Unnumbered.
Network Address Translation is disabled on this Remote Site Profile. The ATM virtual channel is VPI 0 and VCI 33 and the Peak Cell Rate is set to the default access rate. This remote site is configured with the following commands:
add vc corp-net set vc corp-net ip enable ipx enable bridging enable set vc corp-net network_service rfc_1483 set vc corp-net atm vpi 0 vci 33 category_of_service unspecified pcr 0 set vc corp-net remote_ip_address 192.168.1.254 set vc corp-net local_ip_address 0.0.0.0 set vc corp-net nat_option disable set vc corp-net ip_routing both set vc corp-net ipx_address 0 ipx_routing all enable vc corp-net
B
CLI Commands
CLI COMMAND DESCRIPTION
ADD Use the ADD command to define:
networks you will connect to
hosts you need to access
SNMP communities
users who will dial out, dial in, access the network, or use the CLI
Note that some parameters have default values.
add bridge network
<network_name>
add dns host
<host_name> address
<IP_address>
{ enabled [yes]}
Defines a bridge network connection, so your LAN users can bridge to other LANs across the WAN. bridging is supported over the WAN. Note that routing takes precedence over bridging, so that bridging will not occur unless you disable routing for the protocols you wish to bridge. The protocols to bridge, and other important parameters, are specified in the user you use to establish this connection . You must use add user to create a network type user for this command, and set user to specify the protocol and other parameters related to bridging.
Parameters Description
<network_name> Designation you wish to give to this bridge network. enabled Default is to enable the bridge network.
Adds the named host to the Local Host Table. When the system needs to resolve an address for an IP host name, the Local Host table is checked first, before a request is sent to the remote DNS Name Server.
The add login_host command may also add to this table. See that command’s description for details.
add dns serv er
<domain_name>
Parameters Description
<host_name> Designation of the local host. <IP_address> IP Address of a named host in nnn.nnn.nnn.nnn format.
primary_address [ip_address]
B-2 APPENDIX B: CLI COMMAND DESCRIPTION
secondary_address [ip_address]
vc_name [vc_name]
Adds the IP Addres s of a r emot e DNS Server fo r the specif ied Domain Name to t he Domain Name Serv er Table. The first specified server is sent the IP Host Name to be resolved, first without, and then with the default domain name (see set dns for more information about the default domain na me). If that server cannot resolve the name, it is sent t o the next spec ifi ed se rver. If PPP is being used for a wide ar ea connection, the vc_name parameter to specify a remote connection from which the primary and secondary addresses will be learned.
Parameters Description
<domain_name> D o m a in na me . U se * fo r a ll domains. Status The status concerning the DNS serv er. primary_address The prima ry IP address of the DNS server. secondary_address The secondary IP address of the DNS server. vc_name The VC profile to use for obtaining the DNS addresses
add filter
<filter_name>
add framed_route vc
<name>
Adds a filter file name to the filter table. The filter table is a managed list of filter names used by SNMP. A filter file is a text file stored in the FLASH file system, that you load using TFTP. Add filter also verifies the syntax of the filter file. If syntax verifi cat ion f ail s, you ll r ecei ve an e rro r message, and the f ilt er wi ll st ill be ad ded t o the table, but is not usable. You must correct the filter file in a text editor, use TFTP to export the updated file to the system’s FLASH file system, and use the verify filter command to check the filter’s syntax.
Parameters Description
<filter_name> Designation of a filter file, up to twenty ASCII characters.
ip_route [ip_address]
metric [number]
Adds a fr amed (static) network to the VC profile for WAN connections. This method of creating a static route does not run RIP to learn routes, so you must specify IP route and gateway addresses. See add ip route.
Parameters Description
<VC profile name> VC profile name speci fied for the framed network. This is limited to 32
ip_route IP address of the rem o te network metric Integer represen tin g ho w fa r away th e ro u te is, i n hops from other
characters.
routers. Values are 1 through 15.
add ip defaultroute
gateway <IP_address>
{ metric [1] }
Defines a default gateway IP router, which acts as the default route for IP packets des tined for remote hosts.
CLI Commands B-3
Parameters Description
<IP_address > IP Address of the gateway router. metric Integer representing how far away the default router is, in “hops” through
other routers. Val ues: 1-15.
add ip network
<network_name>
add ip route
<ip_net_address>
address [ip_net_address]
frame [ETHERNET_II | SNAP | LOOPBACK]
{ interface [eth:1] }
{ enabled [yes] }
Adds an IP network to the list of IP networks available over the specified interface.
Parameters D escription
<network_name> Name of IP network, consisting of up to 32 unique ASCII characters; space
must be surrounded by double quotes.
address IP address of the netwo rk, in th e format nnn. nnn.nnn. nnn , with or without
a mask specif ier. The Mask Spec ifi er ca n be ‘A’, ‘B’, ‘C’, or ‘H’, or a nu m e ric value from 8 to 30 t hat descr ibes t he nu mber of one bit s in t he mas k. If you do not sp ecify a mask, the system will generate it for you from t he network address.
frame Frame encapsulation to be used on this IP network. The options are:
interface Name of the interface which this IP network will com m unicate over. Th e
enabled This optional parameter indicates whether the network is enabled (YES) or
gateway [gateway_addr]
metric [hop_count]
ETHERNET_II, LOOP BACK (for diagnostics), or SNAP.
defau lt i s th e firs t LA N in te rf ace (eth:1).
disabled (NO). YES is the default.
add ipx network
<network_name>
Adds an entry to the IP routing table. IP packets destined for networ ks that match this network will be routed to this address. The command list ip routes displays your current ly defined routes .
Parameters D escription
<net_address> IP address of the re mote network, in the format nnn.nnn.nnn.nnn, with or
without a mask specifier. The Mask Specifier can be ‘A’, ‘B’, ‘C’, or ‘H’, or a numeric value fr om 8 to 30 that des cribe s th e number of one bits in t he mask. If you do not specify a mas k, the system wil l generate it from the net w ork
address. gateway IP address of gateway use d to reach this remote network. metric A n in te g e r re pr esenti ng how fa r a w ay th e rou te is, in hops through other
routers. Values are 1-15.
address [ipx_address]
{ interface [eth:1] }
{ enabled [yes] }
frame [ETHERNET_II | SNAP | DSAP | NOVELL_8023]
B-4 APPENDIX B: CLI COMMAND DESCRIPTION
Adds an IPX network to the list of IPX networks available over the specified interface.
Parameters Description
<network_name> Name of IPX network. A unique ASCI I string of up to 32 characte rs; space
address Address of the IPX network. interface Name of the interface with which this IPX network is to be associated. The
enabled Optional parameter in dicates whether the network is enabled (YES) or
frame Frame encapsulation chosen for this IPX network.
must be surrounded by double quotes.
default is the first LAN inte rface (eth:1).
disabled (NO) by this command. YES is the default.
add ipx route
<ipx_net_address>
add ipx service [service_name]
gateway [ipx_host_address]
metric [metric_number]
ticks [tick_number]
Adds an IPX static route (for the LAN) to the system’s IPX Route table, which defines static routes to remote IPX networks. The command list ip x routes displays currently defined static routes.
Parameters Description
<ipx_net_address> IPX network address requiring a route. gateway IPX address of the host whic h will act as a gateway. The format is
nnnn.xx:xx:xx:xx:xx:xx (net_addr.mac_address).
metric Number of hops through different routers needed to reach the remote
IPX network.
ticks Esti m ated interva l in ticks it takes to deliver a packe t to the remote
address [internal network number]
gateway [n etwo rk_n umb er.mac_address]
metric [metric]
node [internal_node_number]
network. There are approximately 18 ticks per second.
socket [socket_number]
type [service_type]
Adds a static IPX service (for the LAN) to the IPX services table. You must supply the name, internal ipx network number, node number, socket, and type of service for this service. The user must also supply gateway information to indicate the next router hop. To remove this service, use the delete ipx service command.
Parameters Description
service name Designation of IPX service. address Internal network number for the IPX service on which this service resides. Gateway Address of the router you defined as the gateway. metric An integer representin g how fa r awa y the def ault r outer is, i n hops thro ugh
other routers. Values: 1-15.
CLI Commands B-5
node The internal MAC address of the server on which the se rvice resides. This is
type Type of service: hex num ber referring to file server, pri nt server, etc. Re fer to
socket Socket number that the service uses.
typically 00:00:00:00:00:01.
the table belo w.
Below is a partial list of the IPX services available:
Type Description
04 file server 05 job server 07 print server 09 archive server 0A job queue 21 NAS SNA gateway 2E dynamic SAP 47 advertisi ng print ser ve r 4B B trieve VAP 5.0 4C SQL VAP 7A TES-NetWare VMS 98 Ne tWare access server 9A Named Pipes server 9E PortableNetWare-UNIX 107 NetWare 386 111 Tes t server 166 NetWare management 26A NetWare manageme nt 26B Time synchronization 278 NetWare Director y server
add ipx_route vc
<name>
add ipx_service vc
<name>
ipx_net [ipx_address]
metric [hop_count]
ticks [tick_num ber]
Adds an IPX route for the a user over the WAN.
Parameters Description
<name> The name of the user for the IPX route. Ipx_net IPX address of the route, in IPX (xxxxxxxx) form. Metric An in te g e r re pr esenti ng how fa r a w ay th e route is, i n hops through other
ticks Estimated interval in ticks it takes to deliver a packet to the remote networ k.
ipx_net [ipx_address]
hops [number]
routers. Values are 1-15.
There are approximately 18 ticks per second.
B-6 APPENDIX B: CLI COMMAND DESCRIPTION
name [name]
node [internal_node_number]
socket [socket_number]
type [service_type]
Adds a static IPX service (for the WAN) to the IPX services table. You must supply the name, internal ipx network number, node number, socket, and type of service for this service. The user must also supply gateway information to indicate the next router hop.
Parameters Description
<name> The name of the user for the I PX route. Petitioned IPX address of the route, in IPX (xxxxxxxx) form. Hops An integer representi ng how far away the route is, in “hops” through other
name Estimated interval in ticks it takes to del iver a packet to t he rem ote network.
node The internal MAC address of the server on wh ich the servic e resides. This is
socket Indicates which “socket” the server listens on. type Type of service: hex number referring to f il e server, print server, etc. Re fer to
routers. Values are 1-15.
There are app roximately 18 ti cks per second.
typically 00:00:00:00:00:01.
the table belo w.
Below is a partial list of the IPX services available:
Type Description
04 file server 05 job server 07 print server 09 archive server 0A job queue 21 NAS SNA gateway 2E dynamic SAP 47 advertising prin t server 4B Btrieve VAP 5.0 4C SQL VAP 7A TES-NetWar e VMS 98 NetWare access server 9A Named Pipes server 9E PortableNetWare-UNIX 107 NetWare 386 111 Test server 166 NetWare management 26A NetWare management 26B Time synchronization 278 NetWare Directory server
CLI Commands B-7
add nat tcp vc
<user_name>
add nat udp vc
<vc_name>
private_address [ip_ address]
private_port [number]
public_port [number]
Parameters Description
<vc_name> VC profile name. private_address IP address of the server on the LAN. private_port Port number associated with the service. public_port Public port number.
Note: Typically, the private and public port numbers are set to the same value. See “Configuring Network Address Translation’ in Chapter 6 for an example in which they differ.
private_address [ip_ address]
private_port [number]
public_port [number]
Parameters Description
<vc_name> VC profile name. private_address IP address of the server on the LAN. private_port Port number associated with the service. public_port Public port number.
add network service
<service_name> Status
Note: Typically, the private and public port numbers are set to the same value. See “Configuring Network Address Translation’ in Chapter 6 for an example in which they differ.
server_type [server_type]
socket [socket_nu mbe r]
enabled [YE S]
data [“string”]
close_active_connections [TRUE | FALSE]
This configures a network listener process that provides a certain type of service. To see the available server types, use list services.
Parameters Description
<service_name> Name of this type of service. Limit of 32 character ASCII string. server_type Designates the type of server:
HTTP SNMPD - SNMP agent TFTPD - server for file transfers TELNETD - TELNET server to the CLI
B-8 APPENDIX B: CLI COMMAND DESCRIPTION
socket I ndicat es whi ch socket the server listens on. For TFTP and TELNET, it is t he
enabled This indicates whether the network service is ena bled. Enter YES or NO. data Ancillary Data. This field contains server-specific configuration data. See the
close_active_ connections
TCP or UDP port #.
table on the next page for settable ancillary data parameters for TELNET. Indicates whether or not to close any active connections when a ser vice is
disabled by the disable network_service command. Default: FALSE.
The table below shows configurable parameters for TELNET services, which are specified with the data parameter.
Ancillary Data Parameters
auth On indicates that login/password authentication should be performed on
login_prompt ASCII string specifying the login prompt to be sent during authentication.
login_banner ASCII string sent to a client when the connection is made. It must be
Description
incoming co nnections. Default: on.
Format: auth=[ on/off]
It must be quoted. Default:
Format: login_prompt=[string]
quoted. Default: none. Format: lo gin_banner=[string]
login: “
add snmp co m mun it y
<commun ity_ name>
add snmp
trap_community
<name>
Add ne t w ork se rvi ce example:
To configure a TELNET service to offer CLI access on port 23, doing authentication upon connect:
add network_service CLI_access server_type TELNETD socket 23
address [IP_address]
access [RO | RW]
Adds to the list o f SNMP auth oriz ed user s. Th e communi ty na me and IP a ddr ess o f SNMP requests from managers on the network must match the list, which you can see using list snmp communities.
Parameters Description
<community_name> Group name that authorizes SNMP requests. address IP address of the SN MP manager, in the form nnn.nnn. nnn.nnn access Determines what type of access to SNMP MIBs the added user will have.
Options: Read Only (RO) and Read Writ e (RW) .
address <IP_address>
CLI Commands B-9
Adds to the list of community name/IP address pairs that are allowed to receive SNMP traps. You can see the list of authorized users with the list snmp communities command.
Parameters Description
<name> Group name defining who can receive SNMP traps. address IP address of the SNMP m anager, in the form nnn.nnn.nnn.nnn
add syslog
<ip_name_or_addr>
loglevel [loglevel]
add tftp client
<ip_name_or_addr>
add user [name]
password [password]
Adds an IP host to the list of IP hosts that will receive syslog entries. You can see the current log levels for the system using list facilities, and modify the current log level for each facility using set facility loglevel.
Parameters Description
<ip_name_or_address> Host name or IP addr ess of the Unix host that wi ll receive syslog
information.
loglevel There are five l evels of logging:
CRITICAL - a serious system error, w hich may effect system integrity UNUSUAL - an abnormal even t, wh ich the syste m shoul d be able to
recover from
COMMON - a regularly occurring event that is not frequent VERBOSE - a regular periodic event, e.g. a rou ting update message DEBUG - for debugging only
Adds the tftp client to the authorization table for tftp access.
Parameters Description
<ip_ name_or_addr> Host name or IP address of a host to be added. An address of 0.0.0.0
{enabled [yes]}
allows all clients TFTP access.
Adds a Telnet user to the local user table. The list users command displays these parameters for all users.
Parameters Description
Name Name of the user to be added, up to 32 ASCII characters. Password Users password, up to 15 ASCI I characters. Enabled This indicates whether the user is enabled. Ent er YES or NO.
add vc [name] Creates a virtual channel (VC) profile. Each profile represents a connection to a
remote site. The list vc command displays a list of all configured VCs and their status. Use the set vc command to modify VC parameters. When a VC profile is created, all of the different configurable parameters associated with the profile assume default values. The default values are specified in the VC profile named 'default'. You can display the current default values with the command show vc
default.
Parameters Description
name Name of the user to be added, up to 32 ASCII characters.
B-10 APPENDIX B: CLI COMMAND DESCRIPTION
ARP
arp
output [outputfile_name]
<ip_name_or_addr>
Prints the IP address (and Media Access Control Address [MAC] if on a locally connected network) of a network node to a file or the CLI (default). If a node is not in the ARP cache, an ARP request will be sent out.
Parameters Description
<ip_name_or_addr> IP address or node name for the IP and MAC address you seek.
DELETE Delete commands remove anything you previously added.
delete bridge network
<network_name>
delete configuration Deletes all your configuration files, reboots the system and restores system
delete dns host
<host_name>
Deletes the previously added bridge network. Make sure you have disabled the bridge network, using the disable bridge network command, before trying to delete it. Use list bridge forwarding to see if there is any activity over the bridge connection.
configura tion to default values.
Deletes the specified host from the DNS Local Host Table. Use list DNS hosts to view the DNS Local Host table. A fter deletion, requests for that host will be processed through a DNS server, instead of locally. Use list DNS servers to see which server s are defined.
delete dns server
<domain_name>
delete filter
<filter_name>
Removes the name server addresses associated with the specified domain from the Domain Name Server Table.
Removes the named filt er f r o m the fi lter ta bl e, and d ele tes t he fil e stor ed i n FL ASH memory. Use list filters to see what filter files are in FLASH memory.
delete file < file _name> Deletes a file from the FLASH file system. Use list files to see which files are
currently stored.
delete framed route vc Delet es a framed route from the virtual channel prof ile.
delete ip network
<network_name>
delete ip route
<IP_address>
delete ipx network
<name>
Deletes an IP network from the interface that you specified when adding the network. Use list ip networks to see which networks are associated with which interfaces. Always use disable ip network before deleting it.
Deletes an IP address from the IP routing table, that you previously added with add ip route. Deleting this route will cause IP packets destined for this network to use the defaul t route, which you can see using list ip routes. See add defaultroute gateway to find out how to add a default route.
Deletes an IPX network on the interface you specified with the add ipx network comman d. You can li s t i p x network s to see which are available, and the network’s
CLI Commands B-11
status. Be sure to use the disable ipx netw ork co mmand before deleting the network.
delete ipx route
<ipx_net_address>
delete ipx se rvice
<service_name>
delete nat tcp vc
<vc_name>
delete nat udp vc
<vc_name>
delete network service
<service_name>
Deletes an IPX route on the interface you specified with the add ipx route command. The list ipx routes command displays the current IPX routes.
type [service_type]
Deletes a static IPX service from the IPX services table. This command will work only if a complete match on all p arameters is found. Refer to add ipx service command for more information.
Parameters Description
service name Designat i on of IPX se r v i c e . type Type of service: file/server, print, etc.
public_port [number]
public_port [number]
Deletes the specified network service from the list of available services. You must use disable network service before deleti ng t he s ervic e. You can see which ser vi ces are available and active using list available services and list services.
delete snmp
community <name>
delete snmp
trap_community
<name>
delete syslog
<ip_name_or_address>
delete tftp client
<ip_name_or_address>
Deletes an SNMP community that was previously added with the add snmp community command. You can use list snmp communi ties to see the current
entries.
Deletes an SNMP trap community name from the list of names and IP addresses that are allowed to receive SNMP trap commands. You can use list snmp communities to see the current entries.
Deletes the sp ecified IP host name or IP address from the l ist of addresses which are authorized to receive syslog information. Use list syslog to see the currently allowed addresses.
Deletes the sp ecified IP host name or IP address from the l ist of addresses which are authorized to TFTP. Use list tftp clients to see the currently allowed addresses.
delete user <name> Deletes a user you p r eviously add ed to the local user tabl e. Us e li st users to s ee t he
currently defined user, and show user to see the attributes you assigned to that user using the add user or set user command.
delete vc <name> Deletes a virtual channel profile. Use list vc to see the currently defined VCs, and
show vc to see the attributes of a specific VC. A VC must be disab led b efor e it can
be deleted.
B-12 APPENDIX B: CLI COMMAND DESCRIPTION
DIAL
dial <vc_name> Generates an outgoing connection to the location specified by the vc name. You
can use list vcs to list the defined vc profiles, and their current status.
DISABLE
disable bridge network
<name>
disable bridge spanning_tree
Disables the bridge network you previously defined using the add bridge network command. You can see which bridge networks are currently running using list bridge forwarding.
Disables u se of the spanning tree algorithm on bridge networks. The spanning tree algorithm is required if there is more than one bridge between the same two LAN segments. You can use list bridge forwarding to see which bridges are defined, and show bridge network settings to see which options are enabled on a particular bridg e netw ork.
disable icmp Disables the Internet Control Message Protocol .
disable interface
<interface_name>
Disables the specified interface. A disabled interface remains in the interface table, but will not transmit or receive any data. Use list interfaces to see the currently defined interfaces, and their status.
disable ip forwarding Causes the system to stop forwarding any packets over IP networks.
disable ip network
<network_name>
Disables the specified IP network. Make sure there is no activity on this network before disabling it.
disable ip rip Disables the RIP routing algorithm on all IP networks. You can use show ip routing
to see the current status of IP routing. This saves system space by preventing a large RIP database, which is useful for networks connecting over the WAN interface.
disable ip routing Disables all routing protocols on all IP networks. Currently, the only routing
protocol is RIP, which means that disable ip rip performs the same function. Use show ip routing to see the current status of IP routing.
disable ip
static_remote_routes
disable ipx network
<network_name>
disable link_traps
interface
<interface_name>
Disables all statically defined remote routes on all IP networks, that you previously defined using add ip route. You can list the current IP routes using list ip routes.
Disables the specified IPX network. Use list ipx networks to see which IPX networks are defined, and their current status.
Prevents SNMP from sendin g li nkup an d l in kdown t raps f or t he s pec ifi ed in ter face. You can see if the interface is currently enabled for traps by using the show
interface settings command.
CLI Commands B-13
disable network service
<service_name>
disable security_option
snmp user_access
disable security_option
remote_user
administration
disable snmp
authentication traps
Disables a network service, such as TELNET or TFTP. If close_active_connection’ was specified as TRUE in th e add network_service command, then all active connections will be closed when the server is disabled.
Turns off SNMP access to the CLI. This prevents remote users from using SNMP and possibly damage the configuration. You can use enable security_option snmp
user_access to re-en able full SNMP access. NOTE: This function is not supported in the current release.
Disables CLI access to remote TELNET users. All CLI configuration must be done from the console port. You can use enable security_option remote_user administration to re-enable remote CLI access.
Instructs SNMP to stop recording trap information for user (either local or remote) authentication.
disable telnet escape Disables the TELNET escape character for all TELNET clients. When disabled,
TELNET clients who press the escape character during their session will not get a local TELNET command line.
disable user
<user_name>
Disables the specified user from being used. It also causes all active sessions established using that particular user to terminate, and does not allow any new sessions to occur using that user name. Disabling a user is useful when prohibiting a user’s access temporarily.
disable vc
<user_name>
DO
do
<command_inputfile>
output [outputfile]
ENABLE
enable bridge network
<network_name>
enable bridge
spanning_tree
Disables the specified virtual channel from being used. It also causes any active session established using that particular VC to terminate, and does not allow any new sessions to occur using that VC. Disabling a VC is useful when prohib iting a VC’s access tempo rarily.
Runs a script file that is stored in FLASH memory, which contains a series of CLI commands.
Enables bridging over the specified network. You must have previously run add bridge ne twork to add bridging over this network. bridge networking i s enabled by default, so you will only need t o use this command if yo u have previously disabled this bridge. Note that bridging will not occur for a protocol, if routing is enabled for that protocol.
Enables the spanning tree algorithm for the bridge connection. The spanning tree algorithm is required if there is more than one bridge between the same two LAN segments. You can use list brid ge forwarding to see which bridges are defined, and show bridge network <netw ork_n ame > setting s to see which options are enabled on a particular bridge network.
B-14 APPENDIX B: CLI COMMAND DESCRIPTION
ena ble in terf ace
<interface_name>
Enables the specified interface. Enabling an interface enables it to transmit and receive data. You can use list interfaces to see which interfaces are defined, and whether they are currently disabled.
ena ble ip forw ardi ng Enables all IP networks to forward (route) packets. You should only need to use
this command if you previously used disable ip forwarding.
enable ip network
<network_name>
Enables the specified IP network, which you previously defined using add ip network. You can use list ip networks to see the currently defined IP networks, as
well as their current status.
ena ble ip rip Enables t h e RIP protoc o l f o r all IP n e t w or k s . RIP pr otoco l is s e t t o NO NE by d e fa u l t .
You ca n check th e RI P versio n u s in g s h ow i p networ k s e ttings , and modify it using set ip network. RIP is enabled by default.
ena ble ip routing Enables all routing protocols for all IP network s. Currently, the only IP routing
protocol this command enables is RIP, so it is functionally the same as en able ip rip.
enable ipx netw o r k
<network_name>
Enables the specified IPX network, which you previously defined using the add ipx network command. You can list currently defined IP X networks using list ipx networks.
enable link_traps
interface
<interface_name>
enable network service
<service _name>
enable security_option
remote_user
administration
enable security_option
snmp user_access
enable snmp
authentication traps
This command tells SNMP to send linkup and linkdown traps for the specified interface. You can see if the interface is c urr ently enab led fo r t raps usi ng the show interface settings command.
Enables the network service that you previously defined with the add network service command. You can see which services are currently defined and their state using list network services.
Enables CLI access to remote TELNET and dial-in users. This prevents remote users from modifying the configuration. CLI configuration can be done from the console port and remote users. You can use disable secur ity_option remote_user
administration to restric t CLI access to the console port only and enable security_option remote_user administration to re-open full TELNET access.
Enables SNMP access to the user table. This allows remote users to use SNMP to update the user table, and gain unauthorized access to the CLI. Use show security_options to see the current security values.
This command tells SNMP to send traps for both local and remote authentication. You can use show snmp to see the current setting.
enable telnet escape If the TELNET escape character was disabled by the disable TELNET escape
command, this command re-enables it. When enabled, TELNET client users who press the TELNET escape key during their session will get a TELNET command line.
CLI Commands B-15
By default the escape character is control-]. A TELNET user can change it using set escape in the TELNET program.
enable user <user
name>
Enables a user to establish TELNET sessions for remote management. You must have previously added the user using the add user command, where enabled is the default. The list users command displays a summary of all configured user profiles.
enable vc <vc name > Enables a virtual channel to establish data sessions over the WAN. You must have
previously added the VC using the add vc command, where disabled is the default. T he list vc command displays a summary of all configured VC profiles.
exit CLI If CLI password protection is enabled, this command forces an immediate logout
from the CLI. The CLI password must be entered in order to access the CLI again.
HANGUP
hangup interface
<interface_name>
hangup vc <vc_name> Causes the connection for the specified VC to drop. You can see which VCs have
Causes the connection on the specified interface to hangup (drop).
active connections using list vcs. Also see disable vc, which causes a VC’s session to drop, and prevents new sessions which use that VC from being established.
HELP
help <command> Provides information about possible commands and their formats. Typing help
alone lists the possible commands. Typing help <command name> lists the possible parameters for that command.
Typing part of a keyword (command or parameter) and pressing Esc completes the keyword. If you have not yet entered enough of the keyword to be unique, pressing Esc causes the bell to ring.
Typing ? after a command string displays the possible keywords and values for that command.
HISTORY
history Displays your previous CLI commands. You can recall commands from the history
using ^P ( C-P) to recall commands up the list, and ^N ( C-N) to recall commands working down the list. The default depth is 10 commands. You can modify the history depth using the set command history com mand.
KILL
kill <process name> Kills an active process. Use list processes to see which processes are currently
active. You can only kill a process that you started. An example would be a ping that you started that you now wish to kill.
B-16 APPENDIX B: CLI COMMAND DESCRIPTION
LIST
list active interfaces Displays the index, name, operational stat us, and adminis tration statu s of all active
interfaces. The output is the same as the list interfaces command, except non-active interfaces are not displayed. Inactive interfaces are interfaces with no current connections.
list bridge forwarding Displays the forwarding and filtering information
MAC address - A unicast MAC address for which the bridge has forwarding and/or filtering data
Status - One of:
other - not one of the following
invalid - aged out
learned - learned, and in use
self - statically defined, and in use
mgmt - unknown, but filtering information exists
RxPkt - Number of packets received from this MAC station
RxOctets - No. of bytes (octe ts) rec eived from this MAC station
Fltr - Number of packets received from this MAC station that were filtered out (discarded)
Fwd - Number of packets received from this MAC station that were forwarded
TxPkt - Number of packets forwarded to this MAC station
TxOctets - Number of bytes forwarded to this MAC station
list call even t s Displays the last twenty call events. This is useful when trying to determine why a
call over the WAN is not being established. The table disp lays the system, the up time, and the event.
list call log Displays the current call status for all VCs for which a call has been attemped.
Each entry will include the VC name, the current call state (Disconnected, Connecting, or Connected), and the r easo n why the last call was cleared . Rea sons for clearing include: line down, PPP timeout, Authentication error, Network configuration error, and termination initiated from either the local or remote side.
list critical events Displays the last ten critical status events, and the system time when each
occurred. You can change which events are logged as cri tical, using the set facility command. The table displays the system, the up time, and the event.
list dns hosts Displays the DNS Local Host name and its IP address, which you configured using
the add dns host.
list dns serv er s Displays DN S Name Servers, which you configured using the ad d dns server
command. The domain name and the server address are listed for each DNS server.
CLI Commands B-17
list facilities Displays the system facilities (processes) currently running, plus the default log
level. The log level is the severity of error that facility will produce syslog entries for. You can change the log level using the set facility loglevel command.
list filters Displays all the filter names in the filter table, which you previously defined using
the add filter command. You can remove filters using delete filter. The command lists the fi lter f ile na me, the st atu s of th e f ilt er, and the protocols the file appl ies t o. For example:
Filter Name Status Protocols easyfilter.fil NORMAL IP IP-RIP
list file s Displays the files currently stored in the FLASH file system. You can remove files
using delete f ile, but you can add them using TFTP only.
list interfaces Displays the installed inte rfa ces, along with t heir operati onal statu s, administr ation
status, and i nterf ac e ind ex. I f a n int erf ace is down, you can use enable in ter face to try to bring it up. The command li sts:
Index - number used to identify the interfaces position in the table
Name - interface name: eth:1, DA:1 or loopback
Oper Status - current, operating status of interface; UP or DOWN
Admin Status - admin istr ati ve stat us you designat ed interfac e to be, up or down. If it doesnt match Oper Status, a problem exists with the interface.
list ip addresses Displays the IP address for each interface. It lists:
Address - IP address of the interface
Bcast Algo - broadcast algorithm used
Reassembly Max Size - maximum allowable size of packet that can be reassembled from a fragmented packet
Interface - interface this IP address uses to connect to the system
list ip arp Displays the contents of the ARP cache. It lists:
IP Address - IP address for this entry
Phys Address - MAC address that the IP address maps to
Type - interfac e type: Ethernet or Token Ring
If Name - eth:1, DA:1 or loopback
list ip interface_block Displays the IP add res ses as sociat ed wi th ea ch sy ste m in ter face. I f the inter fac e has
a point-to-point connection, then the neighbor field contains the address of the remote system. This command lists:
Address - IP address of the interface
Neighbor - IP address of the remote system
Status - status of the connection; ENABLED or DISABLED
Interface - eth:1, DA:1 or loopback
B-18 APPENDIX B: CLI COMMAND DESCRIPTION
list ip networks Displays all the IP networks you previously defined using the add ip network
command. It also lists:
Name - network designation
Prot - always the IP protocol
Int - name of the interface this network runs on
State - state of the network; ENABLED or DISABLED
Type - STATIC or DYNAMIC network
Network Address - address of the IP network
list ip routes Displays all the statically defined IP routes that you previously defined using the
add ip route command. It lists:
Destination - IP address that the route resolves to
Prot - LOCAL or RIP
NextHop - address of the gateway used to reach this route
Metric - number of router hops away this route is from the system
If - interface that the route uses
list ipx networks Displays the IPX networks that you previously defin ed using the add ipx network
command. It lists:
Name - designation you assigned this network
Prot - protocol; always IPX
Int - interface each IPX network runs on
State - ENABLED or DISABLED
Type - STATIC or DYNAMIC
Network Address - network address of this IPX network
list ipx routes Displays the IPX routes that you previou sly defined using the add ipx route
command, plus the defined IPX nodes. It lists:
Network Addr - network address of this route
Prot - protocol used to find this route: LOCAL, RIP, STATIC, NLSP, OTHER
NextHopNIC - network address of the nex t router (the next hop to the destination), or the MA C address for the l ocal IPX nodes (on the LAN)
Gateway - address of the gateway to this network
Metric Ticks - number of hops through routers this network is distant from
list ipx services Displays IPX services. It lists:
Name - name of the IPX service
NetNum - network number that the service is on
Node - name of the IPX node running the service
Socket Type - socket number of the service
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use