ARRIS 2247-N8-10NA Admin Handbook

Administrator’s Handbook

Motorola 2247-N8 DSL Wi-Fi Gateway

Embedded Software Version 9.1-

Administrator’s Handbook

©2013 Motorola Mobility LLC. All rights reserved. MOTOROLA, and the Stylized M Logo are trademarks or registered trademarks of Motorola Trademark Holdings, LLC. All other product or service names are the property of their respective owners. No part of this publication may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from Motorola Mobility LLC. Motorola Mobility reserves the right to revise this publication and to make changes in content from time to time without obligation on the part of Motorola Mobility to provide notification of such revision or change. Motorola Mobility provides this guide without warranty of any kind, implied or expressed, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Motorola Mobility may make improvements or changes in the product(s) described in this manual at any time.

EXCEPT AS INDICATED IN THE APPLICABLE SYSTEM PURCHASE AGREEMENT, THE SYSTEM, DOCUMENTATION AND SERVICES ARE PROVIDED “AS IS”, AS AVAILABLE, WITHOUT WARRANTY OF ANY KIND. MOTOROLA MOBILITY LLC. DOES NOT WARRANT THAT THE SYSTEM WILL MEET CUSTOMER'S REQUIREMENTS, OR THAT THEIR OPERATION WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ANY ERRORS CAN OR WILL BE FIXED. MOTOROLA MOBILITY LLC. HEREBY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, ORAL OR WRITTEN, WITH RESPECT TO THE SYSTEM AND SERVICES INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF TITLE, NON-INFRINGEMENT, INTEGRATION, MERCHANTABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE AND ALL WARRANTIES ARISING FROM ANY COURSE OF DEALING OR PERFORMANCE OR USAGE OF TRADE.

EXCEPT AS INDICATED IN THE APPLICABLE SYSTEM PURCHASE AGREEMENT, MOTOROLA MOBILITY LLC. SHALL NOT BE LIABLE CONCERNING THE SYSTEM OR SUBJECT MATTER OF THIS DOCUMENTATION, REGARDLESS OF THE FORM OF ANY CLAIM OR ACTION (WHETHER IN CONTRACT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE), FOR ANY (A) MATTER BEYOND ITS REASONABLE CONTROL, (B) LOSS OR INACCURACY OF DATA, LOSS OR INTERRUPTION OF USE, OR COST OF PROCURING SUBSTITUTE TECHNOLOGY, GOODS OR SERVICES, (C) INDIRECT, PUNITIVE, INCIDENTAL, RELIANCE, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING, BUT NOT LIMITED TO, LOSS OF BUSINESS, REVENUES, PROFITS OR GOODWILL, OR (D) DIRECT DAMAGES, IN THE AGGREGATE, IN EXCESS OF THE FEES PAID TO IT HEREUNDER FOR THE SYSTEM OR SERVICE GIVING RISE TO SUCH DAMAGES DURING THE 12-MONTH PERIOD PRIOR TO THE DATE THE CAUSE OF ACTION AROSE, EVEN IF COMPANY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THESE LIMITATIONS ARE INDEPENDENT FROM ALL OTHER PROVISIONS OF THIS AGREEMENT AND SHALL APPLY NOTWITHSTANDING THE FAILURE OF ANY REMEDY PROVIDED HEREIN.

All Motorola Mobility LLC products are furnished under a license agreement included with the product. If you are unable to locate a copy of the license agreement, please contact Motorola Mobility LLC.

Part Number

580780-003-00

V9.1.1-sku 1

Administrator’s Handbook

CHAPTER 1 Administering Your Motorola 2247-N8 DSL Wi-Fi Gateway . . . . . . . . . . . 5

CHAPTER 2 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Starting and Ending a CLI Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Logging In. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Ending a CLI Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Using the CLI Help Facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

About SHELL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

SHELL Prompt. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

SHELL Command Shortcuts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

SHELL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Common Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

WAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

About CONFIG Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

CONFIG Mode Prompt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Navigating the CONFIG Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

Entering Commands in CONFIG Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Guidelines: CONFIG Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Displaying Current Gateway Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Step Mode: A CLI Configuration Technique. . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

Validating Your Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

CONFIG Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

Connection commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Filterset commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Global Filterset (“IPv6 Firewall”) commands . . . . . . . . . . . . . . . . . . . . . . . . . . .32

Queue commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

IP Gateway commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

IPv6 Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

IP 6in4 Tunneling Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

IP DNS commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

IP IGMP commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

NTP commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .49

Application Layer Gateway (ALG) commands . . . . . . . . . . . . . . . . . . . . . . . . . . .50

Dynamic DNS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Link commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

Management commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

Remote access commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

Physical interfaces commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

PPPoE relay commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

NAT Pinhole commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

Security Stateful Packet Inspection (SPI) commands . . . . . . . . . . . . . . . . . . . . .64

System commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

Debug Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Disclaimer & Warning Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .70

TR-069 CLI CShell Commands (debug mode). . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Administrator’s Handbook

APPENDIX A Technical Specifications, Copyright and Safety . . . . . . . . . . . . . . . . . . . . .71

Motorola 2247-N8 DSL Wi-Fi Gateway Specifications . . . . . . . . . . . . .71

Communications Interfaces:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

Power requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

Software and protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71

Agency Approvals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72

Regulatory Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

Manufacturer’s Declaration of Conformance . . . . . . . . . . . . . . . . . . .73

47 CFR Part 68 Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .75

FCC Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

FCC Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Electrical Safety Advisory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76

Warranty Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77

Software License, Limited Warranty and Limitation of Remedies. . . . . . . . . . . 77

Software License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

Warranty Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

Open Source Software Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

Caring for the Environment by Recycling . . . . . . . . . . . . . . . . . . . . . .106

Beskyttelse af miljøet med genbrug . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Umweltschutz durch Recycling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Cuidar el medio ambiente mediante el reciclaje . . . . . . . . . . . . . . . . . . . . . . .106

Recyclage pour le respect de l'environnement. . . . . . . . . . . . . . . . . . . . . . . . .106

Milieubewust recycleren . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Dba³oÊç o Êrodowisko - recykling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Cuidando do meio ambiente através da reciclagem . . . . . . . . . . . . . . . . . . . .107

Var rädd om miljön genom återvinning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109

CHAPTER 1 Administering Your Motorola 2247-N8 DSL

Wi-Fi Gateway

This Administrator’s Handbook covers the advanced features of the Motorola 2247-N8 DSL Wi-Fi Gateway.

Your 2247-N8 equipment offers advanced configuration features accessed through the Web-based interface screens and the command line interface (CLI). This Administrator’s Handbook documents the use of the system CLI and provides a list of commands and arguments available.

NOTE:



For installation instructions, configuration procedures, basic troubleshooting, and information on the Web management interface of the 2247-N8, refer to the Motorola 2247-N8 DSL Wi-Fi Gateway User Guide. You should read the User Guide before reading this Administrator’s Handbook.

The 2247-N8 User Guide and the Motorola 2247-N8 Quick Start Guide are both available on the Motorola support web site (http://www.motorola.com/us/support) and on the Documentation CD-ROM included in the product package.

This guide is targeted primarily to residential service subscribers.

The command line interface may also be of use to the support staffs of broadband service providers and advanced residential service subscribers. (See Chapter 2,

SAVE THESE INSTRUCTIONS

Command Line Interface.”)

Administrator’s Handbook

CHAPTER 2 Command Line Interface

The 2247-N8 DSL Wi-Fi Gateway operating software includes a command line interface (CLI) that lets you access your 2247-N8 over a telnet connection. You can use the command line interface to enter and update the unit’s configuration settings, monitor its performance, and restart it.

This chapter covers the following topics:

 “Overview” on page 9  “Starting and Ending a CLI Session” on page 11  “Using the CLI Help Facility” on page 12  “About SHELL Commands” on page 12  “SHELL Commands” on page 13  “About CONFIG Commands” on page 23  “CONFIG Commands” on page 26  “Debug Commands” on page 70

Administrator’s Handbook

CONFIG Commands

“Connection commands” on page 26 “Filterset commands” on page 29 “Queue commands” on page 34 “IP Gateway commands” on page 36 “IPv6 Commands” on page 36 “IP DNS commands” on page 46 “IP IGMP commands” on page 47 “NTP commands” on page 49 “Application Layer Gateway (ALG) commands” on page 50 “Dynamic DNS Commands” on page 51 “Link commands” on page 51 “Management commands” on page 54 “Remote access commands” on page 56 “Physical interfaces commands” on page 58 “PPPoE relay commands” on page 63 “NAT Pinhole commands” on page 63 “Security Stateful Packet Inspection (SPI) commands” on page 64 “System commands” on page 67 “System commands” on page 67

Overview

The CLI has two major command modes: SHELL and CONFIG. Summary tables that list the commands are provided below. Details of the entire command set follow in this section.

SHELL Commands

Command Status and/or Description

arp to send ARP request atmping to check the ATM connection reachability and network

connectivity. clear to erase all stored configuration information clear_certificate to remove an SSL certificate that has been installed clear_https_certkey to remove a secure HTTP certificate key value clear_firewall_log to empty the contents of the firewall event log clear_igmp_log to empty the contents of the igmp log clear_log to erase all stored log info in flash memory configure to configure unit's options debug to activate or deactivate debug diagnose to run self-test download to download config file exit to quit this shell help to get more: “help all” or “help help” install to download and program an image into flash log to add a message to the diagnostic log loglevel to report or change diagnostic log level netstat to show IP information nslookup to send DNS query for host ping to send ICMP Echo request quit to quit this shell 6rd-check to send a 6rd loopback packet to the border gateway remote-access to activate or deactivate remote access reset to reset subsystems restart to restart unit show to show system information start to start subsystem status to show basic status of unit telnet to telnet to a remote host traceroute to send traceroute probes upload to upload config file view to show configuration information who to show who is using the shell wps to enter Wireless Protection Settings mode

Administrator’s Handbook

Command Verbs Status and/or Description

delete Delete configuration list data help Help command option save Save configuration data script Print configuration data set Set configuration data validate Validate configuration settings view View configuration data

Keywords

conn Connection options ip TCP/IP protocol options ip6 IPv6 protocol options gfs Global Filter Set options link WAN link options management System management options physical Physical interface options dsl DSL configuration options enet Ethernet options filterset Filterset options pinhole Pinhole options pppoe-relay Point to Point Protocol over Ethernet relay options preferences Shell environment preferences queue Queue options restricted-hosts Restricted hosts options security Security (firewall) options system Gateway’s system options

top Go to top level of configuration mode quit Exit from configuration mode; return to shell mode exit Exit from configuration mode; return to shell mode

CONFIG Commands

Command Utilities

Starting and Ending a CLI Session

Open a telnet connection from a workstation on your network. You initiate a telnet connection by issuing the following command from an IP host that supports telnet, for

example, a personal computer running a telnet application such as NCSA Telnet.

telnet <ip_address>

You must know the IP address of the 2247-N8 before you can make a telnet connection to it. By default, your 2247-N8 uses 192.168.1.254 as the IP address for its LAN interface. You can use a Web browser to configure the 2247-N8 IP address.

Logging In

The command line interface log-in process emulates the log-in process for a UNIX host. To logon, enter the username and your password.

Entering the administrator password lets you display and update all 2247-N8 settings.

When you have logged in successfully, the command line interface lists the username and the security level associated with the password you entered in the diagnostic log.

Ending a CLI Session

You end a command line interface session by typing quit from the SHELL node of the command line interface hierarchy.

Administrator’s Handbook

Using the CLI Help Facility

The help command lets you display on-line help for SHELL and CONFIG commands. To display a list of the commands available to you from your current location within the command line interface hierarchy, enter or type a question mark (

?).

help

To obtain help for a specific CLI command, type to

h or a question mark when you request help for a CLI command.

help <command>. You can truncate the help command

About SHELL Commands

You begin in SHELL mode when you start a CLI session. SHELL mode lets you perform the following tasks with your 2247-N8:

 Monitor its performance  Display and reset gateway statistics  Issue administrative commands to restart 2247-N8 functions

SHELL Prompt

When you are in SHELL mode, the CLI prompt is the name of the 2247-N8 DSL Wi-Fi Gateway followed by a right angle bracket (>). For example, if you open a CLI connection to the 2247-N8 named “moto1311,” you would see

SHELL Command Shortcuts

You can truncate most commands in the CLI to their shortest unique string. For example, you can use the truncated command for the

The only commands you cannot truncate are munications, you must enter the

moto1311> as your CLI prompt.

q in place of the full quit command to exit the CLI. However, you would need to enter rese

reset command, since the first characters of reset are common to the restart command.

restart and clear. To prevent accidental interruption of com-

restart and clear commands in their entirety.

You can use the Up and Down arrow keys to scroll backward and forward through recent commands you have entered. Alternatively, you can use the

!! command to repeat the last command you entered.

SHELL Commands

Common Commands

arp nnn.nnn.nnn.nnn

Sends an Address Resolution Protocol (ARP) request to match the nnn.nnn.nnn.nnn IP address to an Ethernet hardware address.

clear [ yes ]

Clears the configuration settings in a 2247-N8. You are prompted to confirm the clear command by entering

yes.

clear_certificate

Removes an SSL certificate that has been installed.

clear_firewall_log

Empties the contents of the firewall event log.

clear_igmp_log

Empties the contents of the IGMP log.

clear_https_certkey

Removes any Secure HTTP certificate key value installed in the 2247-N8.

clear_log

Empties the contents of the event log.

configure

Puts the command line interface into Configure mode, which lets you configure your 2247-N8 DSL Wi-Fi Gateway with Config commands. Config commands are described starting on page 26

download [ server_address ] [ filename ] [ confirm ]

This command installs a file of configuration parameters into the 2247-N8 from a TFTP (Trivial File Transfer Protocol) server. The TFTP server must be accessible on your Ethernet network.

You can include one or more of the following arguments with the download command. If you omit arguments, the console prompts you for this information.

 The server_address argument identifies the IP address of the TFTP server from which you want to copy

the 2247-N8 configuration file.

 The filename argument identifies the path and name of the configuration file on the TFTP server.  If you include the optional

confirm keyword, the download begins as soon as all information is entered.

Administrator’s Handbook

You can also download an SSL certificate file from a trusted Certification Authority (CA), on platforms that support SSL, as follows:

download [-cert] [server_address ] [filename] [confirm]

install [ server_address ] [ filename ] [ confirm ]

Downloads a new version of the 2247-N8 DSL Wi-Fi Gateway operating software from a TFTP (Trivial File Transfer Protocol) server, validates the software image, and programs the image into the 2247-N8 memory. After you install new operating software, you must restart the 2247-N8.

The server_address argument identifies the IP address of the TFTP server on which your 2247-N8 operating software is stored. The filename argument identifies the path and name of the operating software file on the TFTP server.

If you include the optional keyword confirm, you will not be prompted to confirm whether or not you want to perform the operation.

log message_string

Adds the message in the message_string argument to the 2247-N8 diagnostic log.

loglevel [ level ]

Displays or modifies the types of log messages you want the 2247-N8 to record. If you enter the loglevel command without the optional level argument, the command line interface displays the current log level setting.

You can enter the sages you want to record. All messages with a level number equal to or greater than the level you specify are recorded. For example, if you specify loglevel 3, the diagnostic log will retain high-level informational messages (level 3), warnings (level 4), and failure messages (level 5).

Use the following values for the level argument:



1 or low – Low-level informational messages or greater; includes trivial status messages.



2 or medium – Medium-level informational messages or greater; includes status messages that can help

monitor network traffic.



3 or high – High-level informational messages or greater; includes status messages that may be significant

but do not constitute errors.

4 or warning – Warnings or greater; includes recoverable error conditions and useful operator informa-



tion.



5 or failure – Failures; includes messages describing error conditions that may not be recoverable.

loglevel command with the level argument to specify the types of diagnostic mes-

netstat -i

Displays the IP interfaces for your 2247-N8.

netstat -r

Displays the IP routes stored in your 2247-N8.

nslookup [ hostname | ip_address ]

Performs a domain name system lookup for a specified host.

 The hostname argument is the name of the host for which you want DNS information; for example,

nslookup klaatu.

 The ip_address argument is the IP address, in dotted decimal notation, of the device for which you want

DNS information.

ping [-s size] [-c count ] [ hostname | ip_address ]

Causes the 2247-N8 to issue a series of ICMP Echo requests for the device with the specified name or IP address.

 The hostname argument is the name of the device you want to ping; for example,

ping ftp.motorola.com.

 The ip_address argument is the IP address, in dotted decimal notation, of the device you want to locate.

If a host using the specified name or IP address is active, it returns one or more ICMP Echo replies, confirming that it is accessible from your network.

 The  The

-s size argument lets you specify the size of the ICMP packet.

-c count argument lets you specify the number of ICMP packets generated for the ping request. Val-

ues greater than 250 are truncated to 250.

You can use the work. You cannot use the

ping command to determine whether a hostname or IP address is already in use on your net-

ping command to ping the 2247-N8’s own IP address.

quit

Exits the 2247-N8 command line interface.

6rd-check [-s size] [-c count] conn_name

Generates and sends 6rd loopback packets to the 6rd gateway.

reset arp

Clears the Address Resolution Protocol (ARP) cache on your unit.

reset crash

Clears crash-dump information, which identifies the contents of the 2247-N8 registers at the point of system malfunction.

reset dhcp server

Clears the DHCP lease table in the 2247-N8.

reset enet [ all ]

Resets Ethernet statistics to zero. Resets individual LAN switch port statistics as well as wireless and WAN Ethernet statistics (where applicable).

reset ipmap

Clears the IPMap table (NAT).

Administrator’s Handbook

reset ipv6 dhcp server

Clears the IPv6 DHCP lease table in the 2247-N8.

reset ipv6 lan

This function resets IPv6 LAN interface statistics.

reset ipv6 statistics

This function resets all IPv6 statistics.

reset lan-discovery

This function resets the LAN discovery table.

reset log

Rewinds the diagnostic log display to the top of the existing 2247-N8 diagnostic log. The reset log command does not clear the diagnostic log. The next of the log file.

show log command will display information from the beginning

reset wan

This function resets WAN interface statistics.

restart [ seconds ]

Restarts your 2247-N8. If you include the optional seconds argument, your 2247-N8 will restart when the specified number of seconds have elapsed. You must enter the complete restart.

restart command to initiate a

show all-info

Displays all settings currently configured in the 2247-N8.

show bridge interfaces

Displays bridge interfaces maintained by the 2247-N8.

show bridge table

Displays the bridging table maintained by the 2247-N8.

show config

Dumps the 2247-N8’s configuration script just as the script command does in config mode.

show crash

Displays the most recent crash information, if any, for your 2247-N8.

show dhcp server leases

Displays the DHCP leases stored in RAM by your 2247-N8.

show dhcp client

Displays the DHCP clients stored in RAM by your 2247-N8.

show dsl [ all ]

Displays DSL port statistics, such as upstream and downstream connection rates and noise levels.

show enet [ all ]

Displays Ethernet interface statistics maintained by the 2247-N8. Supports display of individual LAN switch port statistics as well as WAN Ethernet statistics (where applicable).

Example:

Ethernet driver full statistics - LAN 10/100/1000 Ethernet Port Status: Link up

General: Transmit OK : 253 Receive OK : 22 Tx Errors : 0 Rx Errors : 0

Receiver: Dropped Packets : 0

Transmitter: Collisions : 0 Dropped Packet : 0

Upper Layers: Rx No Handler : 0 Rx No Message : 0 Rx Octets : 4781 Rx Unicast Pkts : 22 Rx Multicast Pkts : 0 Tx Discards : 0 Tx Octets : 17204

10/100/1000 Ethernet port 1

Port Status: Link down

10/100/1000 Ethernet port 2

Port Status: Link up Duplex: Full Speed: 1000BASE-T Transmit OK : 253 Transmit unicastpkts : 0 Tx Octets : 16192 Tx Collision : 0 Receive OK : 24 Receive unicastpkts : 0 Receive errors : 0 Rx Octets : 4781

10/100/1000 Ethernet port 3

Port Status: Link down

10/100/1000 Ethernet port 4

Port Status: Link down

Administrator’s Handbook

show enet tx-queue

Displays Ethernet transmit queue statistics maintained by the 2247-N8. Supports display of individual LAN switch port statistics.

Example:

NOS/128600225699776/UNLOCKED> show enet tx-queue

Ethernet switch queue stats: Port 1: TxQ1: 54257 TxQ2: 0 TxQ3: 0 TxQ4: 508

No transmit software queue configured on Ethernet port 2

No transmit software queue configured on Ethernet port 3

No transmit software queue configured on Ethernet port 4

show group-mgmt

Displays the IGMP Snooping Table. See “IP IGMP commands” on page 47 for detailed explanation.

show ip arp

Displays the Ethernet address resolution table stored in your 2247-N8.

show ip igmp

Displays the contents of the IGMP Group Address table and the IGMP Report table maintained by your 2247N8.

show ip igmp-stats [ all | interfaces | group | hosts ]

Displays IGMP statistics information.

show ip interfaces

Displays the IP interfaces for your 2247-N8.

show ip firewall

Displays firewall statistics.

show ip lan-discovery

Displays the LAN Host Discovery Table of hosts on the wired or wireless LAN, and whether or not they are currently online.

show ip routes

Displays the IP routes stored in your 2247-N8.

show ipmap

Displays IPMap table (NAT).

show ipv6 interfaces

Display IPv6 interfaces.

show ipv6 routes

Display IPv6 route table.

show ipv6 neighbors

Display IPv6 neighbor table.

show ipv6 dhcp server leases

Display DHCPv6 server lease table.

show ipv6 lan-discovery

Displays the IPv6 LAN Host Discovery Table of hosts on the wired or wireless LAN, and whether or not they are currently online.

show ipv6 statistics

Display IPv6 statistics information.

show igmp-log

Displays blocks of information from the 2247-N8 IGMP log

show log

Displays blocks of information from the 2247-N8 diagnostic log. To see the entire log, you can repeat the show

command or you can enter show log all.

log

show firewall-log

Displays blocks of information from the 2247-N8 firewall log.

show memory [ all ]

Displays memory usage information for your 2247-N8. If you include the optional all argument, your 2247-N8 will display a more detailed set of memory statistics.

show ptm

Displays statistics information for each PTM session.

show post-results

Displays POST results.

Administrator’s Handbook

show pppoe

Displays status information for each PPPoE socket, such as the socket state, service names, and host ID values.

show status

Displays the current status of a 2247-N8, the device's hardware and software revision levels, a summary of errors encountered, and the length of time the 2247-N8 has been running since it was last restarted. Identical to the

status command.

show summary

Displays a summary of WAN, LAN, and gateway information.

show wireless [ all ]

Shows wireless status and statistics.

show wireless clients [ MAC_address ]

Displays details on connected clients, or more details on a particular client if the MAC address is added as an argument.

telnet [ hostname | ip_address ] [ port ]

Lets you open a telnet connection to the specified host through your 2247-N8.

 The hostname argument is the name of the device to which you want to connect; for example,

ftp.motorola.com

 The ip_address argument is the IP address, in dotted decimal notation, of the device to which you want

to connect.

 The port argument is the number of t he port over which you want to open a telnet session.

telnet

traceroute ( ip_address | hostname )

Traces the routing path to an IP destination.

upload [ server_address ] [ filename ] [ confirm ]

Copies the current configuration settings of the gateway to a TFTP (Trivial File Transfer Protocol) server. The TFTP server must be accessible on your Ethernet network. The server_address argument identifies the IP address of the TFTP server on which you want to store the 2247-N8 settings. The filename argument identifies the path and name of the configuration file on the TFTP server. If you include the optional keyword, you will not be prompted to confirm whether or not you want to perform the operation.

confirm

view config

Dumps the 2247-N8’s configuration just as the view command does in config mode.

who

Displays the names of the current shell and PPP users.

wps

Enters the Wireless (Wi-Fi) Protected Setup mode.

WPS Commands

The following commands are available in Wireless Protected Setup mode:

pushbutton

Sets the 2247-N8 to WPS “pushbutton” mode, initiating protected setup.

Sets the 2247-N8 to PIN mode, enabling authorized devices to be identified and added by MAC address Personal Identification Number.

list

Lists the WPS-ready client devices (enrollees) known to the 2247-N8.

self-pin

Displays the 2247-N8’s own Personal Identification Number (PIN) value.

WAN Commands

atmping vccn [ segment | end-to-end ]

Lets you check the ATM connection reachability and network connectivity. This command sends five Operations, Administration, and Maintenance (OAM) loopback calls to the specified vpi/vci destination. There is a five second total timeout interval.

Use the segment argument to ping a neighbor switch. Use the end-to-end argument to ping a remote end node.

reset atm

Resets any open ATM connections.

Administrator’s Handbook

reset dhcp client release interface-name

Releases the DHCP lease that the 2247-N8 is currently using to acquire the IP settings for the specified DSL port. The interface-name

is the value shown by the show ip interfaces command.

reset dhcp client renew interface-name

Renews the DHCP lease that the 2247-N8 is currently using to acquire the IP settings for the specified DSL port. The interface-name is the value shown by the

show ip interfaces command.

reset dsl

Resets any open DSL connection.

reset ppp vccn

Resets the point-to-point connection over the specified virtual circuit. This command only applies to virtual circuits that use PPP framing.

reset wan

Resets any open WAN connection.

reset xtm

Resets any open XTM connection.

show atm [all]

Displays ATM statistics for the 2247-N8. The optional all argument displays a more detailed set of ATM statistics.

start ppp vccn

Opens a PPP link on the specified virtual circuit.

About CONFIG Commands

You reach the configuration mode of the command line interface by typing configure (or any truncation of

configure, such as con or config) at the CLI SHELL prompt.

CONFIG Mode Prompt

When you are in CONFIG mode, the CLI prompt consists of the name of the 2247-N8 followed by your current

node in the hierarchy and two right angle brackets (>>). For example, when you enter CONFIG mode (by typing

config at the SHELL prompt), the NOS/9437188 (top)>> prompt reminds you that you are at the top

of the CONFIG hierarchy. If you move to the prompt), the prompt changes to

Some CLI commands are not available until certain conditions are met. For example, you must enable IP for an interface before you can enter IP settings for that interface.

NOS/9437188 (ip)>> to identify your current location.

Navigating the CONFIG Hierarchy

 Moving from CONFIG to SHELL — You can navigate from anywhere in the CONFIG hierarchy back to the

SHELL level by entering quit at the CONFIG prompt and pressing Return.

NOS/9437188 (top)>> quit NOS/9437188 >

 Moving from top to a subnode — You can navigate from the top node to a subnode by entering the node

name (or the significant letters of the node name) at the CONFIG prompt and pressing R you move to the IP subnode by entering

NOS/9437188 (top)>> ip NOS/9437188 (ip)>>

ip node in the CONFIG hierarchy (by typing ip at the CONFIG

ETURN. For example,

ip and pressing RETURN.

As a shortcut, you can enter the significant letters of the node name in place of the full node name at the CONFIG prompt. The significant characters of a node name are the letters that uniquely identify the node. For

example, since no other CONFIG node starts with b, you could enter one letter (“ node.



Jumping down several nodes at once — You can jump down several levels in the CONFIG hierarchy by

entering the complete path to a node.



Moving up one node — You can move up through the CONFIG hierarchy one node at a time by entering the

b”) to move to the bridge

up command.

Jumping to the top node — You can jump to the top level from anywhere in the CONFIG hierarchy by enter-



ing the

Moving from one subnode to another — You can move from one subnode to another by entering a partial



path that identifies how far back to climb.



Moving from any subnode to any other subnode — You can move from any subnode to any other subnode

by entering a partial path that starts with a top-level CONFIG command.



Scrolling backward and forward through recent commands — You can use the Up and Down arrow keys

to scroll backward and forward through recent commands you have entered. When the command you want appears, press Enter to execute it.

top command.

Administrator’s Handbook

Entering Commands in CONFIG Mode

CONFIG commands consist of keywords and arguments. Keywords in a CONFIG command specify the action you want to take or the entity on which you want to act. Arguments in a CONFIG command specify the values appropriate to your site. For example, the CONFIG command:

set ip dns domain-name domain_name_value

consists of three keywords (ip, dns and domain-name) and one argument (domain_name_value). When you use the command to configure your 2247-N8, you would replace the argument with a value appropriate to your site.

For example:

set ip dns domain-name motorola.com

Guidelines: CONFIG Commands

The following table provides guidelines for entering and formatting CONFIG commands.

Command

component

Command verbs CONFIG commands must start with a command verb (set, view, delete).

You can truncate CONFIG verbs to three characters (set, vie, del). CONFIG verbs are case-insensitive. You can enter “SET,” “Set,” or “set.”

Keywords Keywords are case-insensitive. You can enter “Ethernet,” “ETHERNET,” or “ethernet” as a keyword

without changing its meaning. Keywords can be abbreviated to the length that they are differentiated from other keywords.

Argument Text Text strings can be as many as 64 characters long, unless otherwise specified. In some cases they

may be as long as 255 bytes. Special characters are represented using backslash notation. Text strings may be enclosed in double (“) or single (‘) quote marks. If the text string includes an

embedded space, it must be enclosed in quotes.

Special characters are represented using backslash notation. Numbers Enter numbers as integers, or in hexadecimal, where so noted. IP addresses Enter IP addresses in dotted decimal notation (0 to 255).

Rules for entering CONFIG commands

If a command is ambiguous or miskeyed, the CLI prompts you to enter additional information. For example, you must specify which virtual circuit you are configuring when you are setting up a 2247-N8.

Displaying Current Gateway Settings

You can use the view command to display the current CONFIG settings for your 2247-N8. If you enter the

view command at the top level of the CONFIG hierarchy, the CLI displays the settings for all enabled func-

tions. If you enter the odes.

view command at an intermediate node, you see settings for that node and its subn-

Step Mode: A CLI Configuration Technique

The 2247-N8 DSL Wi-Fi Gateway command line interface includes a step mode to automate the process of entering configuration settings. When you use the CONFIG step mode, the command line interface prompts you for all required and optional information. You can then enter the configuration values appropriate for your site without having to enter complete CLI commands.

When you are in step mode, the command line interface prompts you to enter required and optional settings. If a setting has a default value or a current setting, the command line interface displays the default value for the command in parentheses. If a command has a limited number of acceptable values, those values are presented in brackets, with each value separated by a vertical line.

For example, the following CLI step command indicates that the default value is limited to

on and off.

off and that valid entries are

option (off) [on | off]: on

You can accept the default value for a field by pressing the Return key. To use a different value, enter it and press Return.

You can enter the CONFIG step mode by entering enter step mode for a particular service by entering

trol-X <Return/Enter> to exit. For example:

set from the top node of the CONFIG hierarchy. You can

set service_name. In stepping set mode (press Con-

NOS/9437188 (top)>> set system ... system name (“NOS/9437188”): Mycroft Diagnostic Level (High): medium Stepping mode ended.

Validating Your Configuration

You can use the validate CONFIG command to make sure that your configuration settings have been entered correctly. If you use the services are present and that settings are consistent.

validate command, the 2247-N8 verifies that all required settings for all

NOS/9437188 (top)>> validate Error: Subnet mask is incorrect Global Validation did not pass inspection!

You can use the validate command to verify your configuration settings at any time. Your 2247-N8 automatically validates your configuration any time you save a modified configuration.

Administrator’s Handbook

CONFIG Commands

This section describes the keywords and arguments for the various CONFIG commands.

Connection commands

conns are used to create connections, for example, a WAN or LAN conn. There may be more than one of each

depending on your model.

set conn name name link-oid value

Sets the connection named name to point to an associated link specified by the link-oid value.

set conn name name type [ static | dhcpc | ppp ]

Specifies whether the type of the connection named name is static, dhcpc, or ppp.

set conn name name side [ lan | wan ]

Specifies whether this conn is LAN- or WAN-side. A conn can be either lan or wan.

set conn name name lan-type [ private | public | public-delegated ]

names correspond to the system object IDs (OIDs) but you can name them yourself.

Specifies whether this conn’s LAN is private, public, or public-delegated. The default is private, the usual type of local network.

set conn name name dhcp-server-enable [ on | off ]

Turns the DHCP server for this connection on or off. The DHCP server can be enabled per connection. The default is

on.

set conn name name mcast-forwarding [ off | on ]

Turns IP IGMP multicast forwarding for this connection off or on. The default is off.

set conn name name rip-send [ off | v1 | v2 | v1-compat | v2-md5 ]

Specifies whether the device should use Routing Information Protocol (RIP) broadcasts to advertise its routing tables to other Gateways. RIP Version 2 (RIP-2) is an extension of the original Routing Information Protocol (RIP-1) that expands the amount of useful information in the RIP packets. While RIP-1 and RIP-2 share the same basic algorithms, RIP-2 supports several additional features, including inclusion of subnet masks in RIP packets and implementation of multicasting instead of broadcasting (which reduces the load on hosts which do not support routing protocols. RIP-2 with MD5 authentication is an extension of RIP-2 that increases security by requiring an authentication key when routes are advertised. Depending on your network needs, you can configure your device to support RIP-1, RIP-2, or RIP-2MD5.

If you specify v2-MD5, you must also specify a rip-send-key. Keys are ASCII strings with a maximum of 31 characters, and must match the other gateway(s) keys for proper operation of MD5 support. The default is

off.

set conn name name rip-receive [ off | v1 | v2 | v1-compat | v2-md5 ]

Specifies whether the device should use Routing Information Protocol (RIP) broadcasts to update its routing tables with information received from other Gateways on the other side of the connection. If you specify

md5

, you must also specify a rip-receive-key. Keys are ASCII strings with a maximum of 31 characters, and must

match the other gateway(s) keys for proper operation of MD5 support. The default is

off.

v2-

set conn name name icmp-echo-drop [ off | on ]

If set to on, drops echo-requests received on the particular WAN IP interface. The default is off.

set conn name name icmp-err-suppress [ off | on ]

An additional option to suppress ICMP error messages on WAN IP interfaces. The default is off.

set conn name name igmp-null-src [ off | on ]

An additional option to allow setting of a 0.0.0.0 IGMP source address. The default is off.

set conn name name static ipaddr ipaddr

Specifies a static IP address when the connection type has been set to static. The default is 192.168.1.254.

NOTE:



Example:

You must also set the gateway address OR turn it off, otherwise the settings cannot be saved. See “IP Gate-

way commands” on page 36.

NOS/128600225634272/conf Config Mode v1.3 NOS/128600225634272 (top)>> conn NOS/128600225634272 (conn)>> set conn (conn) node list ... "LAN" "WAN" Select (name) node to modify from list, or enter new (name) to create. conn name (?): name "LAN" link-oid ("LAN") [ LAN | WAN | PPPoE | ]: type (static) [ static | dhcpc | ppp ]: side (lan) [ lan | wan ]: lan-type (private) [ private | public | public-delegated ]: mcast-forwarding (off) [ off | on ]: rip-send (off) [ off | v1 | v2 | v1-compat | v2-md5 ]: rip-receive (off) [ off | v1 | v2 | v1-compat | v2-md5 ]: fs-egress ("") [ Security | QosUpstream | WanEgress | ]: fs-ingress ("") [ Security | QosUpstream | WanEgress | ]: static ipaddr ("192.168.1.254"): netmask ("255.255.255.0"): dhcp-server-enable (on) [ off | on ]: dhcp-server start-addr ("192.168.1.64"): end-addr ("192.168.1.253"): lease-time (01:00:00:00): subnet-order (1) [ 1 - 8 ]: gen-option (gen-option) node list ... Select (name) node to modify from list, or enter new (name) to create. gen-option name (?): option-group (option-group) node list ... Select (name) node to modify from list, or enter new (name) to create. option-group name (?): filterset (filterset) node list ... Select (name) node to modify from list, or enter new (name) to create. filterset name (?): name "WAN"

Administrator’s Handbook

set ip gateway enable off

set conn name name static netmask netmask

Specifies a static netmask when the connection type has been set to static. The default is 255.255.255.0.

set conn name name dhcp-server start-addr ipaddr

If dhcp-server-enable is set to on, specifies the first address in the DHCP address range. The 2247-N8 can reserve a sequence of up to 253 IP addresses within a subnet, beginning with the specified address for dynamic assignment. The default is 192.168.1.64

set conn name name dhcp-server end-addr ipaddr

If dhcp-server-enable is set to on, specifies the last address in the DHCP address range. The default is

192.168.1.253

set conn name name dhcp-server lease-time lease-time

If dhcp-server-enable is set to on, specifies the default length for DHCP leases issued by the 2247-N8. The lease time is in time format (DD:HH:MM:SS). The default is one day

(01:00:00:00).

set conn name name dhcp-server subnet-order [1... 8]

If dhcp-server-enable is set to on, specifies the order in which to address the first of 8 possible subnets. Ordinarily, this is the first one, the default

set conn name name nat-enable [ on | off ]

Specifies whether you want the 2247-N8 to use network address translation (NAT) when communicating with remote gateways. NAT lets you conceal details of your network from remote gateways. It also permits all LAN devices to share a single IP address. By default, address NAT is turned

on.

set conn name name dhcp-client discover-time seconds

The DHCP client parameters appear when the connection type has been set to dhcpc. discover-time is in seconds; the default is

30.

set conn name name dhcp-client dns-enable [ on | off ]

This allows you to enable or disable the default behavior of acting as a DNS proxy. The default is on.

set conn name name dhcp-client dns-override [ off | on ]

This allows you to enable or disable overriding default DNS behavior. The default is off.

set conn name name dhcp-client vendor-class string

The vendor-class default information varies by model and components. This is information that identifies the unit.

set conn name name fs-egress filterset_name

Attaches a user filterset to a conn which is applied to transmitted packets. See “Filterset commands” on

page 29.

set conn name name fs-ingress filterset_name

Attaches a user filterset to a conn which is applied to received packets. See “Filterset commands” on page 29.

Filterset commands

Filtersets provide packet filtering and QoS configuration. Packets are identified by characteristics that allow QoS and forwarding decisions to be made. These characteristics can be at the MAC layer, IP layer, TCP | UDP | ICMP layer(s), or (in applicable circumstances) 802.1q/p (VLAN-tagging) layer.

Your gateway is capable of adding and stripping 802.1Q tags to and from frames before transmission on its LAN interfaces. See also “Link commands” on page 51

for more information.

A maximum of 8 filtersets are supported. Each filterset can have up to 8 rules configured. A maximum 8 egress queues are supported. Each queue can have up to 8 entries.

A filterset rule identifies packet attributes to match with its its

default action parameters.

match parameters. It acts on these packets using

set filterset name filterset_name rule number order number

Determines order of execution of filterset rules (1 before 2, etc). If order is unspecified, the value of order is set to 1 more than the last order in the filterset. If of other rules are incremented automatically.

order is set to an already existing order value, order values

set filterset name filterset_name rule number enable [ on | off ]

Dynamically enables or disables the specified filterset rule.

set filterset name filterset_name rule number match-eth-proto number

Matches Ethernet protocol field to the supplied value.

set filterset name filterset_name rule number match-eth-length number

Matches Ethernet length field to the supplied value.

set filterset name filterset_name rule number match-eth-p-bits number

Matches VLAN priority bits.

Administrator’s Handbook

set filterset name filterset_name rule number match-eth-vid number

Matches VLAN ID number.

set filterset name filterset_name rule number match-eth-src-mac-addr mac_address

Matches supplied source MAC address field.

set filterset name filterset_name rule number match-eth-dst-mac-addr mac_address

Matches supplied destination MAC address field.

set filterset name filterset_name rule number match-src-ip-addr ip_address_range

Matches supplied value with packet's source IP address field.

set filterset name filterset_name rule number match-dst-ip-addr ip_address_range

Matches supplied value with packet's destination IP address field.

set filterset name filterset_name rule number match-protocol protocol_string

Matches supplied value with packet's protocol field.

set filterset name filterset_name rule number match-tos [ number | descriptive_value ]

Matches tos field from numeric value 0-255; or one of the following descriptive values:

Minimize-Delay (0x10) Maximize-Throughput (0x08) Maximize-Reliability (0x04) Minimize-Cost (0x02) Normal-Service (0x00)

set filterset name filterset_name rule number match-dscp [ number | diffserv_class_string ]

Matches diffserv class with supplied numerical value, which can be in decimal(ex: 32) or in Hexadecimal(ex: 0x20) format;

Or match the supplied diffserv class. This value may be any of the BE, EF, AFxx or CSx classes. A full list is:

{ "CS0", 0x00 } { "CS1", 0x08 } { "CS2", 0x10 } { "CS3", 0x18 } { "CS4", 0x20 } { "CS5", 0x28 } { "CS6", 0x30 } { "CS7", 0x38 } { "BE", 0x00 } { "AF11", 0x0a } { "AF12", 0x0c } { "AF13", 0x0e } { "AF21", 0x12 } { "AF22", 0x14 } { "AF23", 0x16 }

{ "AF31", 0x1a } { "AF32", 0x1c } { "AF33", 0x1e } { "AF41", 0x22 } { "AF42", 0x24 } { "AF43", 0x26 } { "EF", 0x2e }

set filterset name filterset_name rule number match-src-port number [ number ]

Matches TCP|UDP source port field or port range.

set filterset name filterset_name rule number match-dst-port number [ number ]

Matches TCP|UDP destination port field or port range.

set filterset name filterset_name rule number match-tcp-flags tcp_flag_string

Matches TCP flags in a packet. The flag string is comma-delimited.

set filterset name filterset_name rule number match-packet-length number [ number ]

Matches packet length against value or range.

set filterset name filterset_name rule number match-qos-marker-enable [ off | on ]

Turns the function of tagging the packet according to the queue marker name on or off. Default is off.

set filterset name filterset_name rule number action forward [ pass | drop | reject ]

Executes the named filterset’s default action: pass, drop, or reject.

set filterset name filterset_name rule number action set-qos-marker qos_marker_string

Tags the packet according to the queue marker name. See “Queue commands” on page 34.

set filterset name filterset_name rule number action set-tos number

Sets the packet tos field to the supplied value.

set filterset name filterset_name rule number action set-dscp [ number | diffserv_class_string ]

Sets the DSCP field to the supplied value.

set filterset name filterset_name rule number action set-eth-p-bits number

Sets VLAN priority bits to the supplied value.

set filterset filterset_name rule number action do-filterset name

Executes the supplied filterset.

Administrator’s Handbook

Default actions

If a packet passes through all of a filter's rules without a match, then the filterset's default-actions come into play. These behave the same way that rule actions behave.

set filterset name filterset_name default-action set-qos-marker qos_marker_string

Tags the packet according to the queue marker name.

set filterset name filterset_name default-action set-tos number

Sets the packet TOS field to the supplied value.

set filterset name filterset_name default-action set-dscp [ number |diffserv_class_string ]

Sets the DSCP field to the supplied value.

set filterset name filterset_name default-action set-eth-p-bits number

Sets VLAN priority bits to the supplied value.

set filterset name filterset_name default-action do-filterset name

Executes the supplied filterset.

set filterset name filterset_name default-action forward [ pass | drop | reject ]

Executes the named filterset’s default action: pass, drop, or reject.

Global Filterset (“IPv6 Firewall”) commands

Global filtersets exist at the root level of the hierarchy, outside the umbrella of both the “ip” and “ip6” subtrees, since they pertain to both.

Global filterset rules allow for the specification of these match attributes:

 IP Protocol  Source and/or Destination Port

UDP TCP

 TCP flags, for rules that specify TCP traffic  ICMP Type, for IP-protocol types 1 (ICMP) and 58 (IPv6-ICMP)  LAN-side device/range

By MAC address (or current IPv4/6 address, host name, equivalently) IPv4 address, range, or subnet IPv6 address or subnet

 WAN-side range

IPv4 address, range, or subnet IPv6 address or subnet

 Ingress and egress interface, by link-oid (e.g. “LAN”)

set gfs name filterset_name enable [ on | off ]

Dynamically enables or disables the specified filterset rule.

set gfs name filterset_name default-action value [ pass | drop ]

Executes the named filterset’s default action: pass, or drop.

set gfs name filterset_name rule number enable [ on | off ]

Dynamically enables or disables the specified filterset rule.

set gfs name filterset_name rule number active [ on | off ]

Activates or deactivates the specified filterset rule.

set gfs name filterset_name rule number type [ either | ipv4 | ipv6 ]

Specifies whether the named filterset rule applies to IPv4, IPv6, or both (either).

set gfs name filterset_name rule number action value [ pass | drop | accept ]

Executes the named filterset’s action: pass, drop, or accept.

set gfs name filterset_name rule number order number

order is set to an already existing order value, order values

Matches on the following categories:

src-ip-addr (ip[4|6] address or subnet spec (type ip4 or ip6 only))

dst-ip-addr (ip[4|6] address or subnet spec (type ip4 or ip6 only))

ip-proto (0-255 or iana-defined string equivalents)

src-port (1-65535[:1-65535], only if ip-proto == TCP or UDP)

dst-port (1-65535[:1-65535], only if ip-proto == TCP or UDP)

tcp-flags (only if ip-proto == TCP)

icmp-type (only if ip-proto == ICMP or IPv6 ICMP)

src-host-mac (MAC address of src)

dst-host-mac (MAC address of dest)

in-link-oid (oid of ingress link oid)

out-link-oid (oid of egress link oid)

Administrator’s Handbook

set gfs name filterset_name rule number match number value [ value (category-specific) ]

NOTE:



A rule cannot contain data that specifies both IPv6 and IPv4 at the same time, and thus be applicable to neither iptables nor ip6tables; however, a rule can be IP-version-agnostic, in which case it will be applied to both iptables and ip6tables, given the proper conditions. For instance, if a LAN-side device has both an IPv4 address and a routable IPv6 address, then one can specify a rule for this device by referring to its MAC address, and if no other match attributes of the rule preclude its use in both tables, the rule will be applied to both iptables and ip6tables (given the assumption that the LAN Host Discovery database contains both addresses).

Queue commands

Queue configuration typically requires a classification component to set a QoS marker to a packet and a queueing component to schedule the marked packets to the link. This is accomplished using filtersets (“Filterset com-

mands” on page 29).

The

basic queue's size and “length” are controls for how many packets and total bytes can be enqueued

before it is considered to be full. Once it is full, any attempts to enqueue another packet will result in a “taildrop.”

Both constraints are simultaneously used, such that it is full when either packet count OR byte count exceeds the limit. This allows flexibility in obtaining a balance, where a large number of small packets, but only a small number of large packets can be enqueued.

If there are no tail-drops – that is, the queue is not blocked from sending and doesn't over-fill and dump packets – then these queue size/bytes parameters do not affect anything. Their only function is to adjust the threshold at which the queue is considered full, which dictates when tail drops will occur. So if there are no tail-drops, then increasing the queue length will have no effect. Increasing the queue length has no effect unless there are tail-drops.

The maximum size/bytes of a queue balances how much burstiness can be buffered versus having a queue that is simply too long.

Burstiness smoothing requires queueing up the buffers. For example, if the upstream line rate is 1mbps, but the traffic source sends 100mbps bursts for 10ms every second (which coincidentally averages 1mbps) then the router will have to buffer enough (about a full second worth of traffic) so that the burst of traffic doesn't get tail-dropped when it arrives and is enqueued at the same time in the same burst.

On the other hand, it is undesirable to buffer too much data in the queue(s) since the packets may be stale by the time they are sent. It may be desirable to drop the traffic sufficiently that there are queuing disciplines such as Random Early Discard ( towards the front of the queue, so that the congestion is noticed more quickly in order for the sender to scale back bandwidth usage to avoid drops.

the following types of queue “building blocks” are supported:



basic queue



ingress queue



priority queue



wfq (weighted fair queue)

red) that don't drop from the tail of the queue. Instead, red drops packets

Basic queues have three different packet dropping options

 byte|packet fifo (bpfifo)  random early discard (  stochastic fairness queuing (

red)

sfq)

set queue name queue_name type [ basic | ingress | priority | wfq ]

Sets the type of queue.

set queue name queue_name options [ off | red | sfq ]

Sets the queue packet dropping options.

set queue name queue_name size [ 1... 128 ]

Sets the maximum number of packets that can be enqueued.

set queue name queue_name bytes [ 2048... 131072 ]

Sets the maximum total number of bytes that can be enqueued.

set queue name queue_name perturb [ 0... 100 ]

Sets the interval in seconds for queue algorithm perturbation when queue option is sfq.

set queue name queue_name police-rate [ 0... 100000000 ]

Sets the rate in milliseconds that is used for policing traffic when the queue type is ingress.

set queue name queue_name police-burst [ 0... 100000000 ]

Sets the burst rate in milliseconds that is used for policing traffic when the queue type is ingress.

set queue name queue_name bw-sharing [ on | off ]

Enables or disables bandwidth sharing, when the queue type is wfq.

set queue name queue_name bps-mode [ bps | relative ]

Sets the mode of the weighted fair queue. bps indicates that weights are defined as “bits-per-second”. relative indicates that weights are defined as a proportion of the sum of the weights of all inputs to the

wfq.

set queue name queue_name entry number input queue_name

Sets the input to a priority or weighted fair queue.

set queue name queue_name entry number marker queue_marker

Sets the marker with which packets must be marked to be directed to this queue entry's input queue when the type is

priority or wfq.

Administrator’s Handbook

set queue name queue_name entry number priority [ 0... 255 ]

Sets the priority level of this queue. A lower value indicates a higher priority. All entries of equal priority will be subject to a round robin algorithm.

 for (strict)  for

excess bandwidth is offered to higher priority entry first; otherwise any excess bandwidth is distributed to the weights ratio.

priority queue, the higher priority gets link resource first.

wfq queue, each entry gets reserved bandwidth according to its weight. If different priority is given, any

set queue name queue_name entry number weight [ 0... 100 ]

Sets the weight level of this weighted fair queue. Weight units are dependent on bps-mode setting.

 If

bps-mode is set to bps, then setting the weight to 0 will allocate the remaining available bandwidth to the

queue entry.

 If no priority specified, excess bandwidth will be distributed proportionately to the weight ratio.

set queue name queue_name entry number peak [ 0... 100000000 ]

Sets the peak level of this weighted fair queue. The peak parameter is a number of 0 through 100,000,000 in bits/second. It must be at least 50,000 for best effect. It is the peak data rate allowed on the queue entry, and usually supports bandwidth sharing, that is, if other queues are not busy and there is spare bandwidth, then a busy queue is allowed to go up to the peak rate.

set queue name queue_name default-entry queue_name

Indicates the input queue which is used if there is no match between the packet queue marker and the configured markers in any of the queue's inputs when the queue type is

priority or wfq.

IP Gateway commands

set ip gateway enable [ on | off ]

Specifies whether the 2247-N8 should send packets to a default gateway if it does not know how to reach the destination host.

set ip gateway conn-oid value

Sets the default gateway to point to an associated link specified by the conn-oid value.

set ip gateway address ip_address

Specifies the IP address of a host on a local or remote network in standard dotted-quad format.

IPv6 Commands

set ip6 enable [ on | off ]

Enables/disables IPv6 globally. The default is off. When enabled, the following default configuration is created:

set ip6 enable on set ip6 conn name "WANv6" enable on set ip6 conn name "WANv6" type rd set ip6 conn name "WANv6" mtu 1472 set ip6 conn name "WANv6" side wan set ip6 conn name "WANv6" mcast-forwarding off set ip6 conn name "WANv6" icmp-echo-drop on set ip6 conn name "WANv6" traffic-class-clear on

set ip6 conn name "WANv6" 6rd-tunnel type cpe set ip6 conn name "WANv6" 6rd-tunnel ipv4-conn "WAN" set ip6 conn name "WANv6" 6rd-tunnel use-dhcp-values off set ip6 conn name "WANv6" 6rd-tunnel prefix "::" set ip6 conn name "WANv6" 6rd-tunnel prefix-length 1 set ip6 conn name "WANv6" 6rd-tunnel ipv4-common-bits 0 set ip6 conn name "WANv6" 6rd-tunnel relay-ipv4-addr "0.0.0.0" set ip6 conn name "WANv6" 6rd-tunnel ipv4-tx-tos-mode off set ip6 conn name "WANv6" 6rd-tunnel force-tx-to-br on set ip6 conn name "WANv6" 6rd-tunnel anti-spoof-enable on set ip6 conn name "WANv6" 6rd-tunnel tx-df-bit-set on set ip6 conn name "LANv6" enable off set ip6 gateway enable on set ip6 gateway conn "WANv6" set ip6 gateway address "::" set ip6 dhcp-server enable on set ip6 dhcp-server information-only off set ip6 dhcp-server preference 255 set ip6 dhcp-server authoritative on set ip6 dhcp-server rapid-commit on set ip6 dhcp-server unicast off set ip6 dhcp-server leasequery off set ip6 dhcp-server pd-enable on set ip6 dhcp-server default-lease-time 2592000 set ip6 dhcp-server preferred-lifetime 604800 set ip6 dhcp-server T1 302400 set ip6 dhcp-server T2 483840 set ip6 dhcp-server info-refresh-time 86400 set ip6 dns primary-address "" set ip6 dns secondary-address ""

Default IPv6 security configuration values:

set security spi ip6 src-mcast-drop off set security spi ip6 invalid-mcast-scope-drop on set security spi ip6 forbidden-addr-drop on set security spi ip6 deprecated-ext-hdr-drop on set security spi ip6 src-addr-from-lan-unassigned-drop on set security spi ip6 lan-assigned-src-addr-from-wan-drop on set security spi ip6 ula-drop on set security spi ip6 ignore-dns-from-wan on set security spi ip6 ignore-dhcp-from-wan on set security spi ip6 esp-hdr-drop on set security spi ip6 ah-hdr-drop on set security spi ip6 allow-inbound off set security spi ip4 invalid-addr-drop on set security spi ip4 private-addr-drop off set security spi flood-limit enable off set security ip6 firewall-level low set security ip6 enable on

ip6 gateway conn

set ip6 gateway enable [ on | off ]

Enables or disables IPv6 default gateway.

set ip6 gateway conn value

Sets the default gateway to point to an associated link specified by the conn-oid value. Normally, this would be the WAN connection.

set ip6 gateway address ipv6_address

Specifies the IPv6 address of a host on a local or remote network in standard IPv6 format.

Administrator’s Handbook

ip6 conn

set ip6 conn name name enable [ on | off ]

Enables/disables the IPv6 connection named name. The default is off.

Specifies the type of tunnel for the IPv6 tunnel. The default is static.

set ip6 conn name name mtu [ 1280 - 1500 ]

Specifics the size of the maximum transfer unit. The default is 1500.

set ip6 conn name name side [ lan | wan ]

Specifies which connection uses tunnelling. The default is wan.

set ip6 conn name name mcast-forwarding [ off | on ]

Specifies the multicast forwarding is enabled for the tunnel. The default is on.

set ip6 conn name name icmp-echo-drop [ off | on ]

If enabled, all ICMP echo requests coming from the Internet will be dropped. The default is off.

set ip6 conn name name old-prefix-purge-timer

The time in seconds for which old, invalid prefixes are advertised with a lifetime of zero. The intent is to “flush out” global prefixes on attached IPv6 hosts which suddenly become invalid.

set ip6 conn name name traffic-class-clear [ off | on ]

Specifies the traffic class. The default is off.

Static Connections

ip6 conn (type = static): Statically configured IPv6 connection.

set ip6 conn name name static link-oid link_name

Sets the connection named name to point to an associated link specified by the link-oid link_name.

set ip6 conn name name static ipaddr ipv6_address

Specifies a static IPv6 address.

set ip6 conn name name static prefix-length value

Specifies the prefix length of the connection's static IPv6 address. Default is 64.

6rd Connections

ip6 conn (type = rd, side = wan): This WAN connection type is a 6rd tunnel over an IPv4 conn in accordance

with RFC 5569.

set ip6 conn name name 6rd-tunnel type [ cpe | gateway ]

The 6rd connection can operate in “cpe” or “gateway” mode as configured by the type parameter. “cpe” mode is used when operating as a CPE; “gateway” mode is used when operating as a “6rd relay” as per RFC 5569.

set ip6 conn name name 6rd-tunnel ipv4-conn-oid ipv4_name

Sets the 6rd connection named name to tunnel over an associated IPv4 connection named ipv4_name.

set ip6 conn name name 6rd-tunnel use-dhcp-values [ off | on ]

If this parameter is on, 6rd-provisioned parameters are obtained via the underlying DHCPv4 client associated with IPv4 connection named ipv4-name. See “draft-ietf-softwire-ipv6-6rd-10” for DHCP format description.

ip6 conn (type = rd, 6rd-tunnel use-dhcp-values = off)

set ip6 conn name name 6rd-tunnel prefix IPv6_address

6rd domain prefix.

set ip6 conn name name 6rd-tunnel prefix-length [ 1 - 63 ]

6rd domain prefix length.

set ip6 conn name name 6rd-tunnel ipv4-common-bits [ 0 - 31 ]

The number of bits common to all IPv4 addresses within the 6rd domain. The top-most bits of the IPv4 address will be “subtracted” from the 6rd address. If the whole 32-bit IPv4 address is contained in the 6rd IPv6 address, this value is set to zero. Default is 0, meaning all 42 bits of the IPv4 address are embedded in the 6rd prefix.

set ip6 conn name name 6rd-tunnel relay-ipv4-addr IPv4_address

The IPv4 anycast address of the 6rd border gateway.

set ip6 conn name name 6rd-tunnel ipv4-tx-tos-mode [ off | use-ipv6 ]

off means the TOS field in the IPv4 header is set to zero for transmitted 6rd packets. use-ipv6 means the the

TOS field in the IPv4 header is set to the DS field of the 6rd-encapsulated IPv6 packet.

set ip6 conn name name 6rd-tunnel force-tx-to-br [ off | on ]

off means each packet set to a destination IPv6 address within the originating 6rd domain is sent directly to the

6rd endpoint.

on means that all packets are transmitted to the 6rd border gateway.

set ip6 conn name name 6rd-tunnel anti-spoof-enable [ off | on ]

Enables 6rd tunnel anti-spoofing. The default is off.

set ip6 conn name name 6rd-tunnel tx-df-bit-set [ off | on ]

Enables 6rd tunnel to set the Dont Fragment bit in the IPv4 header when transmitting. The default is off.

Administrator’s Handbook

AICCU (SixXS tunnel broker) Connections

ip6 conn (type = aiccu, side = wan): This connection type enables an IPv6 connection to the IPv6 internet over

an IPv4/NAT/UDP tunnel to a tunnel endpoint administered by tunnel broker SIXXS (www.sixxs.net).

You set up an account with SIXXS, and subsequently get assigned a tunnel and a subnet (usually a /48 subnet).

set ip6 conn name name aiccu username username

Sets the connection’s SIXXS username.

set ip6 conn name name aiccu password password

Sets the connection’s SIXXS password.

Delegated Prefix Connections

ip6 conn (type = delegated-prefix, side = lan): A conn of type “delegated prefix” obtains its global prefix infor-

mation from one or more prefix from another IPv6 conn (typically a WAN conn), if available. In order for a “dp” connection to become fully operational, its underlying link must be up AND the IPv6 connection which delegates the prefix must have created one or more prefixes from which to draw the “dp” connection's global prefix.

set ip6 conn name name delegated-prefix link-oid link_name

Sets the connection to obtain its prefix from the specified link.

set ip6 conn name name delegated-prefix conn-oid ipv6_conn_name

Sets the delegated prefix connection named “name” to obtain its prefix from IPv6 connection named

ipv6_conn_name.

set ip6 conn name name delegated-prefix subnet-length [ 0 - 16 ]

The length of the subnet portion of the delegated prefix. Default is 0.

set ip6 conn name name delegated-prefix subnet-id [ 0 - 65535 ]

If a subnet length is specified, the value that would occupy the of the subnet portion of the conn's IPv6 prefix. Default is

set ip6 conn name name delegated-prefix stay-up [ off | on ]

If the delegated prefix parameter stay-up is set to on, the global prefix assigned from the conn delegating the prefix remains active in the event that the conn delegating the prefix goes down, and the prefix becomes invalid. This enables local LAN-side hosts to continue to use the global prefix uninterrupted. If parameter

is set to off, the connection's delegated prefix becomes invalid when the connection named ipv6-conn-

name

delegating the prefix goes down.

stay-

set ip6 conn name name delegated-prefix follow-wan-mtu [ off | on ]

Sets the MTU for the connection delegated prefix to be dependent on the upstream WAN MTU.

set ip6 conn name name delegated-prefix host-addr-type [ eui-64 | static ]

Sets the connection delegated prefix Host address type.

set ip6 conn name name delegated-prefix host-addr address

Sets the connection delegated prefix Static Host address if the address type is static.

Router Advertisement and DHCPv6 Server

ip6 conn (side = lan): Router Advertisements and the DHCPv6 server are available on LAN-side connections as

the means to provide clients with stateful or stateless IPv6 prefixes and addresses, as well as addition client parameters such as MTU size and IPv6-addressable DNS servers.

set ip6 conn name name radv enable [ off | on ]

on means radv is enabled for this conn.

set ip6 conn name name radv min-adv-interval [ 3 - 1350 ]

The minimum time allowed between sending unsolicited multicast router advertisements from the link, in seconds.

set ip6 conn name name radv max-adv-interval [ 4 - 1800 ]

The maximum time allowed between sending unsolicited multicast router advertisements from the interface, in seconds.

set ip6 conn name name radv router-life-time seconds

Sets the connection router advertisements Router Life time to be specified in RA.

set ip6 conn name name radv router-reachable-time seconds

Sets the connection router advertisements Router Reachable time to be specified in RA.

set ip6 conn name name radv router-retrans-time seconds

Sets the connection router advertisements Router Advertisement retransmit time.

set ip6 conn name name radv router-hop-limit hops

Sets the connection router advertisements hop count to be specificed in RA. The valid values are 0-255.

set ip6 conn name name radv send-dns-server-info [ off | on ]

Enables the connection router advertisements to send DNS Server information.

set ip6 conn name name radv send-dns-domain-info [ off | on ]

Enables the connection router to send DNS Domain information.

Administrator’s Handbook

set ip6 conn name name dhcp-server enable [ off | on ]

Enables the DHCPv6 server for this connection.

set ip6 conn name name dhcp-server T1-override [ off | on ]

Enables the DHCP server T1 override for this connection.

set ip6 conn name name dhcp-server T2-override [ off | on ]

Enables the DHCP server T2 override for this connection.

set ip6 conn name name dhcp-server na enable [ off | on ]

Enables DHCP server NA for this connection.

set ip6 conn name name dhcp-server na addr-count count

Sets the DHCP server NA address count. The default is 64.

set ip6 conn name name dhcp-server na start-addr-offset offset

Sets the DHCP server NA start address offset. The default is 10.

set ip6 conn name name dhcp-server ta enable [ off | on ]

Enables DHCP server TA for this connection.

set ip6 conn name name dhcp-server pd name name enable [ off | on ]

Enables DHCP server PD for this connection.

set ip6 conn name name dhcp-server pd name name conn-oid conn-oid

Sets the DHCP server PD conn-oid.

set ip6 conn name name dhcp-server pd name name subnet-length length

Sets the DHCP server PD subnet length. The default is 64.

set ip6 conn name name dhcp-server pd name name subnet-id id

Sets the DHCP server PD subnet ID. The default is 0x0.

set ip6 conn name name dhcp-server pd name name stay-up [ off | on ]

Enables DHCP server PD stay up. The default is off.

set ip6 conn name name dhcp-server pd-add-length length

Sets the DHCP server PD add length. The default is 0.

set ip6 conn name name dhcp-server addr-count value [ 0 - 256 ]

The number of IPv6 addresses available to serve to DHCPv6 stateful clients. If the addr-count parameter is set to zero, the DHCPv6 server operates in “stateless” mode.

set ip6 conn name name dhcp-server start-addr-offset value [ 0 - 65536 ]

If the addr-count parameter is greater than zero, the start address is an offset from the base address of the prefix which is assigned to the LAN conn.

set ip6 conn name name dhcp-server dns-server optional IPv6 address

IPv6 address of advertised DNS server (optiona).

IPv6 DHCP Server

set ip6 dhcp-server enable [ on | off ]

Globally enables or disables DHCPv6 servers on all IPv6 LAN conns. The default is on.

set ip6 dhcp-server information-only [ off | on ]

When set to on DHCPv6 servers on all IPv6 LAN conns operate in stateless “information-only” mode. The default is

off.

set ip6 dhcp-server preference 255

Sets the preference option, as defined in RFC1315, sec. 22.8. The preference option in the server’s Advertise message may assist a DHCPv6 client in selecting from more than one server on the LAN.

set ip6 dhcp-server authoritative [ on | off ]

If a client requests an IP address on a given network segment that the server knows is not valid for that segment, and forget its IP address and try to get a new one. If request. The default is

authoritative is set to on, the server will respond with a DHCPNAK message, causing the client to

authoritative is set to off, the server will ignore the client’s

on.

set ip6 dhcp-server rapid-commit [ on | off ]

Enables or disables the rapid commit option per rfc3315 sec 22.14. (http://tools.ietf.org/html/rfc3315#section-22.14) The default is

on.

set ip6 dhcp-server unicast [ off | on ]

Enables or disables server unicast option per rfc3315 sec 22.12. (http://tools.ietf.org/html/rfc3315#section-

22.12) The default is

off.

set ip6 dhcp-server leasequery [ off | on ]

Enables or disables DHCPv6 Leasequery option per rfc5007. (http://tools.ietf.org/rfc/rfc5007.txt) The default is

off.

Administrator’s Handbook

set ip6 dhcp-server pd-enable [ on | off ]

Enables or disables prefix delegation globally on all DHCPv6 servers on all IPv6 LAN conns, overriding individual DHCPv6 server settings. The default is

on.

set ip6 dhcp-server default-lease-time seconds

Sets the global DHCPv6 lease time setting in seconds. The default is 2592000 (30 days).

set ip6 dhcp-server preferred-lifetime seconds

Sets the global DHCPv6 preferred lifetime of prefixes in seconds, per RFC 3633. (http://www.ietf.org/rfc/ rfc3633.txt) The default is

604800 (7 days).

set ip6 dhcp-server T1 seconds set ip6 dhcp-server T2 seconds

Sets global DHCPv6 T1, T2 values, per RFC 3315 for local NA addresses:

The time at which the client contacts the server from which the addresses in the IA_NA were obtained to extend the lifetimes of the addresses assigned to the IA_NA; T1 is a time duration relative to the current

time expressed in units of seconds. Defaults to 302400 (3.5 days).

The time at which the client contacts any available server to extend the lifetimes of the addresses assigned to the IA_NA; T2 is a time duration relative to the current time expressed in units of seconds.

Defaults to 483840 (5.6 days).

and also per global DHCPv6 T1, T2 values, per RFC 3633 for PD prefixes:

The time at which the requesting router should contact the delegating router from which the prefixes in the IA_PD were obtained to extend the lifetimes of the prefixes delegated to the IA_PD; T1 is a time dura-

tion relative to the current time expressed in units of seconds.

The time at which the requesting router should contact any available delegating router to extend the lifetimes of the prefixes assigned to the IA_PD; T2 is a time duration relative to the current time expressed in

units of seconds.

set ip6 dhcp-server info-refresh-time seconds

In seconds, per rfc 4242: The information refresh time option specifies an upper bound for how long a client should wait before refreshing information retrieved from DHCPv6 in stateless mode. (http://tools.ietf.org/ html/rfc4242) The default is

86400 (24 hours).

set ip6 dhcp-server provide-dns-domain domain-name

Specifies the default domain name for your network.

set ip6 dhcp-server provide-dns-server [ on | off ]

Determines whether DNS services are provided for IPv6. The default is on.

set ip6 dns primary_address primary_address

Specifies the address of the primary DNS server for IPv6.

set ip6 dns secondary_address secondary_address

Specifies the address of the secondary DNS server for IPv6. Enter 00:00:00:00:00:00 if your network does not have a secondary DNS server for IPv6.

set ip6 ula enable [ on | off ]

Enables ULA for IPv6. The default is off.

set ip6 ula L-bit [ off | on ]

Sets the Unique Local Address (ULA) L-bit field. The default is on.

Static Routes

ip6 static-route: Manages static IPv6 routes.

set ip6 static-route name conn ipv6_conn_name

Route is directed to IPv6 connection named ipv6_conn_name.

set ip6 static-route name next-hop IPv6_address

Next-hop IPv6 address for forwarding. Can be a global or link-local address.

set ip6 static-route name prefix IPv6_prefix

IPv6 prefix.

set ip6 static-route name prefix-length value [ 1 - 64 ]

IPv6 prefix-length.

set ip6 static-route name metric value [ 0 - 255 ]

metric assigned to route.

IP 6in4 Tunneling Commands

This section describes the commands used to configure and activate IPv6 over IPv4 tunnelling.

set ip6 conn name name ip6in4-tunnel type [ cpe | gateway ]

Specifies the tunnel type. The default is cpe.

set ip6 conn name name ip6in4-tunnel ipv4-conn [ LAN | WAN | connection name ]

Specifies IPv6 tunnelling over the named IPv4 connection.

set ip6 conn name name ip6in4-tunnel pop-ipv4-addr pop-ipv4-address

Specifies the pop-ipv4 address. The default is 0.0.0.0.

Administrator’s Handbook

set ip6 conn name name ip6in4-tunnel local-ipv6-addr local-ipv6-address

Specifies the local IPv6 address. The default is ::

set ip6 conn name name ip6in4-tunnel prefix ip6in4-prefix

Specifies the local IPv6 tunnel prefix. The default is ::

set ip6 conn name name ip6in4-tunnel prefix-length [ 1 - 64 ]

Specifies the local IPv6 tunnel prefix length. The default is 1.

set ip6 conn name name ip6in4-tunnel ipv4-tx-tos-mode [ off | use-ipv6 ]

Specifies the tunnel transmit IPv4 ToS mode. The default is off.

IP DNS commands

set ip dns domain-name domain_name

Specifies the default domain name for your network. When an application needs to resolve a host name, it appends the default domain name to the host name and asks the DNS server if it has an address for the “fully qualified host name.”

set ip dns primary-address ip_address

Specifies the IP address of the primary DNS name server.

set ip dns secondary-address ip_address

Specifies the IP address of the secondary DNS name server. Enter 0.0.0.0 if your network does not have a secondary DNS name server.

set ip dns prefer-v4-over-v6 [ on | off ]

Specifies IPv4 (traditional) addresses are preferred when resolving domain names. The default is on.

set ip dns proxy-enable [ on | off ]

This allows you to disable the default behavior of acting as a DNS proxy. The default is on.

set ip dns override allowed [ on | off ]

Allows DNS information received dynamically to override static values. The default is on.

IP IGMP commands

Multicasting is a method for transmitting large amounts of information to many, but not all, computers over

an internet. One common use is to distribute real time voice, video, and data services to the set of computers which have joined a distributed conference. Other uses include updating the address books of mobile computer users in the field, or sending out company newsletters to a distribution list.

Since a router should not be used as a passive forwarding device, Motorola gateways use a protocol for forwarding multicasting: Internet Group Management Protocol (IGMP).

Motorola gateways support IGMP Version 1, Version 2, or Version 3.

IGMP “Snooping” is a feature of Ethernet layer 2 switches that “listens in” on the IGMP conversation between

computers and multicast routers. Through this process, it builds a database of where the multicast routers reside by noting IGMP general queries used in the querier selection process and by listening to other router protocols.

From the host point of view, the snooping function listens at a port level for an IGMP report. The switch then processes the IGMP report and starts forwarding the relevant multicast stream onto the host's port. When the switch receives an IGMP leave message, it processes the leave message, and if appropriate stops the multicast stream to that particular port. Basically, customer IGMP messages although processed by the switch are also sent to the multicast routers.

In order for IGMP snooping to function with IGMP Version 3, it must always track the full source filter state of each host on each group, as was previously done with Version 2 only when Fast Leave support was enabled.

IGMP Version 3 supports:

IGMP Source Filtering: the ability for group memberships to incorporate source address filtering. This allows “Source-Specific Multicast” (SSM). By adding source filtering, a gateway that proxies IGMP can more selectively join the specific multicast group for which there are interested LAN multicast receivers.

These features require no user configuration on the gateway.

You can set the following options:



IGMP Snooping – enables the 2247-N8 to “listen in” to IGMP traffic. The 2247-N8 discovers multicast group

membership for the purpose of restricting multicast transmissions to only those ports which have requested them. This helps to reduce overall network traffic from streaming media and other bandwidth-intensive IP multicast applications.



Robustness – a way of indicating how sensitive to lost packets the network is. IGMP can recover from

robustness minus 1 lost IGMP packet. The default value is 2.



Query Interval– the amount of time in seconds between IGMP General Query messages sent by the querier

gateway. The default query interval is 125 seconds.



Query Response Interval – the maximum amount of time in tenths of a second that the IGMP gateway

waits to receive a response to a General Query message. The default query response interval is 10 seconds and must be less than the query interval.



Unsolicited Report Interval – the amount of time in seconds between repetitions of a particular computer’s

initial report of membership in a group. The default unsolicited report interval is 10 seconds.

Administrator’s Handbook

 Querier Version – select a version of the IGMP Querier: version 1, version 2, or version 3. If you know you

will be communicating with other hosts that are limited to v1 or v2, for backward compatibility, select accordingly; otherwise, allow the default v3.

NOTE:





Fast Leave – set to off by default, fast leave enables a non-standard expedited leave mechanism. The que-

rier keeps track of which client is requesting which channel by IP address. When a leave message is received, the querier can check its internal table to see if there are any more clients on this group. If there are none, it immediately sends an IGMP leave message to the upstream querier.



Log Enable – If set to on, all IGMP messages on both the LAN and the WAN will be logged.



Wireless Multicast to Unicast conversion – Only available if IGMP Snooping is enabled. If set to on, the

gateway replaces the multicast MAC-address with the physical MAC-address of the wireless client. If there is more than one wireless client interested in the same multicast group, the gateway will revert to multicasting the stream immediately. When one or more wireless clients leave a group, and the gateway determines that only a single wireless client is interested in the stream, it will once again unicast the stream.

IGMP Querier version is relevant only if the gateway is configured for IGMP forwarding. If any IGMP v1 routers are present on the subnet, the querier must use IGMP v1. The use of IGMP v1 must be administratively configured, since there is no reliable way of dynamically determining whether IGMP v1 routers are present on a network. IGMP forwarding is enabled per IP Profile and WAN Connection Profile.

set ip igmp querier-version [ 1 | 2 | 3 ]

Sets the IGMP querier version: version 1, version 2, or version 3. If you know you will be communicating with other hosts that are limited to v1, for backward compatibility, select 1; otherwise, allow the default 3.

set ip igmp robustness value

Sets IGMP robustness range: from 2 – 255. The default is 2.

set ip igmp query-interval value

Sets the query-interval range: from 10 seconds – 600 seconds, The default is 125 seconds.

set ip igmp query-response-interval value

Sets the query-response interval range: from 5 deci-seconds (tenths of a second) – 255 deci-seconds. The default is 100 deci-seconds.

set ip igmp unsolicited-report-interval value

Sets the unsolicited report interval: the amount of time in seconds between repetitions of a particular computer’s initial report of membership in a group. The default is 10 seconds.

set ip igmp fast-leave [ off | on ]

Sets fast leave on or off. Set to on by default, fast leave enables a non-standard expedited leave mechanism. The querier keeps track of which client is requesting which channel by IP address. When a leave message is received, the querier can check its internal table to see if there are any more clients on this group. If there are none, it immediately sends an IGMP leave message to the upstream querier.

set ip igmp fowarding-filters multicast-group group name

Sets an IGMP fowarding filter for a multicast group.

set ip igmp max-group-memberships value

Sets the maximum number of IGMP group memberships. Default is 20.

set ip igmp default-fwd-allow [ on | off ]

Turns default forwarding on or off. The default is on.

set ip igmp snoop-entry-time seconds

The snoop-entry-time is the amount of time an entry will remain in the snooping table (in seconds) after being added. An entry is added when a “JOIN” is seen from a multicast client. Any new joins (triggered by upstream queries) will reset the timeout back to seconds. If no additional joins are seen, the entry will expire after sec- onds. Default is

130.

set ip igmp snooping-unreg-mode [ block | flood ]

The snooping-unreg-mode can be set to block or flood. This indicates what should happen to unregistered multicast traffic – traffic that hasn't been subscribed to by any clients. If set to all LAN ports. If set to

block, the traffic will not be sent to any LAN ports; it will be dropped. Default is block.

flood, the traffic will be sent to

set ip static-routes destination-network network_address enable [ on | off ]

Enables a static IP route in the 2247-N8 routing table

set ip static-routes destination-network network_address conn-oid connection_name WAN

Sets the connection identifier for the static route.

set ip static-routes destination-network network_address next-hop gateway_address

Sets the address of the gateway for the static route.

set ip static-routes destination-network network_address network network

Defines a static IP route in the 2247-N8 routing table

set ip static-routes destination-network network_address netmask netmask

Sets the netmask for the static route.

set ip static-routes destination-network network_address metric [ 0 - 255 ]

Sets the number of hops for the static route. The default is 1.

NTP commands

set ip ntp enable [ on | off ]

Enables or disables acquiring the time of day from an NTP (Network Time Protocol) server.

set ip ntp server-address server_address

Administrator’s Handbook

set ip ntp alt-server-address alt_server_address

Specify the NTP server(s) to use for time updates. The NTP server-address and alt-server-address can be entered as DNS names as well as IP addresses.

set ip ntp update-period minutes

update-period specifies how often, in minutes, the gateway should update the clock. Default is 60.

Application Layer Gateway (ALG) commands

These commands allow you to enable or disable the router’s support for a variety of Application Layer Gateways (ALGs). An application layer gateway (ALG) is a NAT component that helps certain application sessions to pass cleanly through NAT. Each ALG has a slightly different function based on the particular application’s protocol-specific requirements.

An internal client first establishes a connection with the ALG. The ALG determines if the connection should be allowed or not and then establishes a connection with the destination computer. All communications go through two connections – client to ALG and ALG to destination. The ALG monitors all traffic against its rules before deciding whether or not to forward it. The ALG is the only address seen by the public Internet so the internal network is concealed. In some situations, it may be desirable to disable some of the ALGs.

set ip alg esp-enable [ on | off ]

Turns the ESP (Encapsulated Security Payload) ALG for file transfers on or off. Default is on.

set ip alg esp-setup-timeout value

Specifies the timeout value for the ESP ALG setup. Default is 180.

set ip alg esp-stream-timeout value

Specifies the timeout value for the ESP ALG streaming. Default is 300.

set ip alg ftp-enable [ on | off ]

Turns the FTP (File Transfer Protocol) ALG for file transfers on or off. Default is on.

set ip alg h323-enable [ on | off ]

Turns the H323 ALG for audio, video, and data communications across IP-based networks on or off. Default is

on.

set ip alg pptp-enable [ on | off ]

Turns the PPTP (Point-to-Point Transfer Protocol) ALG for authentication on or off. Default is on.

set ip alg sip-enable [ on | off ]

Turns the SIP (Session Initiation Protocol) ALG for voice communication initiation on or off. Default is on.

set ip alg tftp-enable [ on | off ]

Turns the TFTP (Trivial File Transfer Protocol) ALG for simple file transfers and firmware updates on or off. Default is

on.

Dynamic DNS Commands

set ip dynamic-dns enable [ off | on ]

Enables or disables Dynamic DNS. Dynamic DNS support allows you to use the free services of www.dyndns.org. Dynamic DNS automatically directs any public Internet request for your computer's name to your current dynamically-assigned IP address. This allows you to get to the IP address assigned to your gateway, even though your actual IP address may change as a result of a PPPoE connection to the Internet.

set ip dynamic-dns service-type [ dyndns ] set ip dynamic-dns username myusername set ip dynamic-dns password mypassword set ip dynamic-dns hostname myhostname set ip dynamic-dns retries [ 1 - 64 ]

Enables or disables dynamic DNS services. The default is off. If you specify dyndns.org, you must supply your hostname, username for the service, and password. Number of retries defaults to

Default server settings

Set ip wan-allocation mode [ normal | defaultserver | passthrough ]

Sets the WAN mode to direct your gateway to forward all externally initiated IP traffic (TCP and UDP protocols only) to a default host on the LAN, otherwise this feature is disabled.

defaultserver: Allows the gateway to forward all externally initiated IP traffic (TCP and UDP protocols only) to a default host on the LAN.

passthrough: Allows the gateway public IP address to be assigned to a single LAN client.

Default is

normal.

Link commands

links represent physical connections. Currently, port-based VLAN support is provided at this level. Your gate-

way is capable of adding and stripping 802.1Q tags to and from frames before transmission on its LAN interfaces. See also “Filterset commands” on page 29

and “Queue commands” on page 34 for more information.

set link name name type [ ethernet | ppp | atm ]

Specifies whether the type of the link named name is ethernet or ppp.

set link name name mtu-override [ 0 - 1500 ]

Specifies whether the Maximum Transmission Unit value should be set to other than the standard 1500. A setting of 0 (zero) turns off override.

set link name name igmp-snooping [ off | on ]

Tur ns igmp-snooping off or on on the link named name.

set link name name port-vlan ports [ lan-1... 4 | ssid-1...4 | vc-1 | vc-2 | vc-3 | vc-4 | vc-5 | vc-6 | vc-7 | vc-8 ]

Specifies a port-based VLAN on the selected ports on the link named name.

Administrator’s Handbook

set link name name port-vlan priority [ 0 - 7 ]

Specifies the 802.1p priority bit. If you set this to a value greater than 0, all packets of this VLAN with unmarked priority bits (pbits) will be re-marked to this priority.

set link name name tagged-vlan name integer ports [ lan-1... 4 | ssid-1...4 | vc-1 | vc-2 |vc-3 | vc-4 | vc-5 | vc-6 | vc-7 | vc-8 ]

Specifies a tagged VLAN on the selected port on the link named name. Default is ptm.

set link name name tagged-vlan name integer vid vlan_id

Specifies a VLAN ID (vid) on the selected link named name. Default is 0.

set link name name tagged-vlan name integer priority [ 0 - 7 ]

Specifies the 802.1p priority bit. If you set this to a value greater than 0, all packets of this VLAN with unmarked priority bits (pbits) will be re-marked to this priority.

set link name name ppp sub-link link_name

Specifies a name link_name for this secondary link when one is required.

set link name name ppp auth-type [ on | off ]

Enables or disables PPP login authorization.

set link name name ppp username uname

Specifies a username uname for authentication on the specified link when ppp auth-type is set to on.

set link name name ppp password pwd

Specifies a password pwd for authentication on the specified link when ppp auth-type is set to on.

set link name name ppp magic-number [ on | off ]

Enables or disables LCP magic number negotiation.

set link name name ppp protocol-compression [ off | on ]

Specifies whether you want the gateway to compress the PPP Protocol field when it transmits datagrams over the PPP link.

set link name name ppp max-failures integer

Specifies the maximum number of Configure-NAK messages the PPP module can send without having sent a Configure-ACK message. The

integer argument can be any number between 1 and 20.

set link name name ppp max-configures integer

Specifies the maximum number of unacknowledged configuration requests that your gateway will send. The

integer argument can be any number between 1 and 20.

set link name name ppp max-terminates integer

Specifies the maximum number of unacknowledged termination requests that your gateway will send before terminating the PPP link. The

integer argument can be any number between 1 and 10.

set link name name ppp restart-timer integer

Specifies the number of seconds the gateway should wait before retransmitting a configuration or termination request. The

integer argument can be any number between 1 and 30.

set link name name ppp connection-type [ instant-on | always-on | manual ]

Specifies whether a PPP connection is maintained by the 2247-N8 when it is unused for extended periods. If you specify shuts down the PPP link after the number of seconds specified in the time-out setting (below) if no traffic is moving over the circuit.

always-on, the gateway never shuts down the PPP link. If you specify instant-on, the gateway

set link name name ppp echo-request [ on | off ]

Specifies whether you want your gateway to send LCP echo requests. You should turn off LCP echoing if you do not want the gateway to drop a PPP link to a nonresponsive peer.

set link name name ppp echo-failures integer

Specifies the maximum number of lost echoes the gateway should tolerate before bringing down the PPP connection. The

integer argument can be any number from between 1 and 20.

set link name name ppp echo-interval integer

Specifies the number of seconds the gateway should wait before sending another echo from an LCP echo request. The

integer argument can be any number from between 5 and 300 (seconds).

set link name name ppp mru integer

Specifies the Maximum Receive Unit (MRU) for the PPP interface. The integer argument can be any number between 128 and 1492 for PPPoE; 1500 otherwise.

set link name name ppp peer-dns [ on | off ]

Controls whether the gateway accepts nameserver addresses from the peer.

 The default is

up. This especially applies when the primary WAN connection is PPP.

 However, there are some unusual situations where the PPP connection is

when the connection is used only for management. In that situation it may be desirable to nameserver addresses. You can do that by setting the parameter to



Specifies an ISP name or a class or quality of service. The Service Name tells the access concentrator which network service the 2247-N8 is trying to reach.

on, which means the gateway expects to get nameserver addresses when the PPP link comes

not the primary WAN, for example

not pick up more

off.

NOTE: This is an expert-mode setting that will rarely be used. The setting should be left on, unless you are an expert user who knows you do not want the gateway to acquire any nameserver addresses from this PPP connection.

Administrator’s Handbook

set link name name pppoe service-name name

Specifies the PPPoE service name.

Management commands

All management related items are grouped in this section.

set management account administrator username username

Specifies the username for the administrative user – the default is admin.

set management account user username username

Specifies the username for the non-administrative user – the default is user.

set management cwmp enable [ off | on ]

Tur ns cwmp (TR-069 CPE WAN Management Protocol) on or off. TR-069 allows a remote Auto-Config Server (ACS) to provision and manage the 2247-N8. TR-069 protects sensitive data on the gateway by not advertising its presence, and by password protection.

set management cwmp acs-url acs_url:port_number

set management cwmp acs-username acs_username

set management cwmp acs-password acs_password

If TR-069 WAN side management services are enabled, specifies the auto-config server URL and port number. A username and password must also be supplied, if TR-069 is enabled.

The auto-config server is specified by URL and port number. The format for the ACS URL is as follows:

http://some_url.com:port_number

http://123.45.678.910:port_number

On units that support SSL, the format for the ACS URL can also be:

https://some_url.com:port_number

https://123.45.678.910:port_number

TR-064

DSL Forum LAN Side CPE Configuration (TR-064) is an extension of UPnP. It defines more services to locally manage the Motorola

requires a password to execute any command that changes the Device's configuration.

Device. While UPnP allows open access to configure the Device's features, TR-064

set management cwmp prefer-ipv6 [ off | on ]

Sets CWMP to prefer IPv6 addressing. The default is off.

set management cwmp tr69-cli-wait-time [ 5 - 600]

Sets the session wait time for a CWMP client to the specified number of minutes. The default is 15.

set management lanmgmt enable [ off | on ]

Turns TR-064 LAN side management services on or off. The default is on.

set management lanmgmt notify [ off | on ]

Controls whether we send out UPnP SSDP NOTIFY messages on a regular basis. The default is on.

set management lanmgmt port [ 0 - 65535 ]

Sets the TR-064 LAN management service port number. The default is 5000.

set management lanmgmt session-timeout [ 0 - 1800 ]

Sets the session timeout value fot TR064 LAN management sessions to the specified number of seconds. The default is 1800.

set management shell idle-timeout [ 1...120 ]

Specifies a timeout period of inactivity for telnet access to the gateway, after which a user must re-login to the gateway. Default is

15 minutes for telnet.

set management shell ssh-port [ 1 - 65534 ]

Specifies the port number for secure shell (SSH) communication with the 2247-N8. Defaults to port 0 (off).

set management shell telnet-port [ 1 - 65534 ]

Specifies the port number for telnet (CLI) communication with the 2247-N8. Because port numbers in the range 0-1024 are used by other protocols, you should use numbers in the range 1025-65534 when assigning new port numbers to the 2247-N8 telnet configuration interface. A setting of

0 (zero) will turn the server off.

set management upnp enable [ off | on ]

Turns Universal Plug-and-Play (UPnP) on or off. The default is on.

set management upnp log [ off | on ]

Set the 2247-N8 to store a log of UPNP activity. The default is off.

set management upnp port [ 1 - 65535 ]

Set the universal plug and play port number. The default is 5000.

set management upnp read-only [ off | on ]

Allows read only access for UPNP sessions. The default is off.

Administrator’s Handbook

set management web http-port [ 1 - 65534 ]

Specifies the port number for HTTP (web) communication with the 2247-N8. Because port numbers in the range 0-1024 are used by other protocols, you should use numbers in the range 1025-65534 when assigning new port numbers to the 2247-N8 web configuration interface. A setting of

0 (zero) will turn the server off.

set management web https-port [ 1 - 65534 ]

Sets the secure web access port for secure management of the 2247-N8. Default is port 443.

set management web https-cert-cn string

Specifies a certificate from a trusted certificate authority to identify the secure web access.

set management web idle-timeout [ 1...120 ]

Specifies a timeout period of inactivity for HTTP access to the gateway, after which a user must re-login to the gateway. Default is



30 minutes for HTTP.

NOTE: You cannot specify a port setting of 0 (zero) for both the web and telnet ports at the same time. This would prevent you from accessing the gateway.

Remote access commands

set management remote-access http-port [ 1 - 65534 ]

Sets the web access port for remote access management of the gateway. Default is port 51003.

set management remote-access http-idle-timeout [ 1...120 ]

Specifies a timeout period of inactivity for remote HTTP access to the gateway, after which a user must re-login to the gateway. Default is

5 minutes for HTTP.

set management remote-access http-total-timeout [ 1...120 ]

Specifies a total timeout period of inactivity for remote HTTP access to the gateway, after which a user must relogin to the gateway. Default is

20 minutes for HTTP.

set management remote-access http-max-clients number

Specifies the maximum number of client sessions for remote web access management. Defaults to 0 (unlimited).

set management remote-access https-port [ 1 - 65534 ]

Sets the secure web access port for remote access management of the gateway. Default is port 51443.

set management remote-access https-idle-timeout [ 1...120 ]

Specifies a timeout period of inactivity for secure remote HTTPS access to the gateway, after which a user must re-login to the gateway. Default is

20 minutes for HTTPS.

set management remote-access https-total-timeout [ 1...120 ]

Specifies a total timeout period of inactivity for secure remote HTTPS access to the gateway, after which a user must re-login to the gateway. Default is

20 minutes for HTTPS.

set management remote-access https-max-clients number

Specifies the maximum number of client sessions for secure remote web access management. Defaults to 1 (one).

set management remote-access telnet-port [ 1 - 65534 ]

Specifies the port number for remote access telnet (CLI) communication with the 2247-N8. Because port numbers in the range 0-1024 are used by other protocols, you should use numbers in the range 1025-65534 when assigning new port numbers to the 2247-N8 telnet configuration interface. A setting of server off. Defaults to port

23.

0 (zero) will turn the

set management remote-access telnet-idle-timeout [ 1...120 ]

Specifies a timeout period of inactivity for remote telnet access to the gateway, after which a user must relogin to the gateway. Default is

5 minutes for telnet.

set management remote-access telnet-total-timeout [ 1...120 ]

Specifies a total timeout period of inactivity for remote telnet access to the gateway, after which a user must re-login to the gateway. Default is

20 minutes for telnet.

set management remote-access telnet-max-clients number

Specifies the maximum number of client sessions for remote telnet access management. Defaults to 4.

set management remote-access ssh-port [ 1 - 65534 ]

Specifies the port number for secure shell (SSH) communication with the 2247-N8. Defaults to port 22.

set management remote-access ssh-idle-timeout [ 1...120 ]

Specifies a timeout period of inactivity for remote secure shell (SSH) access to the gateway, after which a user must re-login to the gateway. Default is

5 minutes for SSH.

set management remote-access ssh-total-timeout [ 1...120 ]

Specifies a total timeout period of inactivity for remote secure shell (SSH) access to the gateway, after which a user must re-login to the gateway. Default is

20 minutes for SSH.

set management remote-access ssh-max-clients number

Specifies the maximum number of client sessions for remote secure shell (SSH) access management. Defaults to

Administrator’s Handbook

set management lan-redirect enable [ off | on ]

If set to on, if a WAN failure condition is detected, the LAN client's browser is redirected to a web page of failure and help text information. The redirect will only occur once, as the web UI maintains a state variable to determine whether the redirect has occurred; to continually redirect would block the user from reconfiguring the router.

set management lan-redirect missing-filter-notify [ on | off ]

If set to on, if a missing filter on the line is detected, the LAN client's browser is redirected to a web page of failure and help text information. The redirect will only occur once, as the web UI maintains a state variable to determine whether the redirect has occurred; to continually redirect would block the user from reconfiguring the router.

set management lan-access wan-cpe-mgmt-block [ off | web | all ]

Blocks management of the device WAN interface from the LAN via the web or all interface(s).

Physical interfaces commands

DSL interfaces

set physical dsl enable [ off | on ]

Turns the physical DSL interface off or on. Default is on.

set physical dsl annexm [ off | on ]

Turns optional DSL Annex M off or on. Default is off. If enabled, data rates can be as high as 12 or 24 Mbit/s downstream and 3 Mbit/s upstream depending on the distance from the DSLAM to the customer's premises.

set physical dsl modulation auto [ off | on ]

Turns automatic DSL modulation off or on. Default is on.

set physical dsl modulation adsl2 [ off | on ]

Turns adsl2 DSL modulation off or on. Default is on.

set physical dsl modulation adsl2+ [ off | on ]

Turns adsl2+ DSL modulation off or on. Default is on.

set physical dsl modulation annex-l [ off | on ]

Turns annex-l DSL modulation off or on. Default is off.

set physical dsl modulation annex-m [ off | on ]

Turns annex-m DSL modulation off or on. Default is off.

set physical dsl bit-swap [ on | off ]

Turns DSL bit-swapping on or off. Bit-swapping is resilient to loss of hand-shake commands. Default is on.

set physical dsl trellis [ on | off ]

Turns trellis error correction encoding on or off. Default is on.

set physical dsl nlnm-threshold [ 0 - 480 ]

Specifies the New Low Noise Model (NLNM) value between 0 and 480. Default is 60.

set physical dsl transport [ atm ]

Sets the DSL transport modeto Asynchronous (atm). Default is atm.

set physical dsl atm vcc [ 1 - 8 ] enable [ off | on ]

Tur ns atm on or off on selected vcc 1 through 8. Default is on.

set physical dsl atm vcc [ 1 - 8 ] vpi [ 0 - 255 ]

Sets the Virtual Path Identifier (vpi) for the selected vcc. Default is 0.

set physical dsl atm vcc [ 1 - 8 ] vci [ 32 - 65535 ]

Sets the Virtual Channel Identifier (vci) for the selected vcc. Default is 35.

set physical dsl atm vcc [ 1 - 8 ] tx-queue queue_name

Attaches the egress queue template to the atm vc when the queue type is egress.

set physical dsl atm vcc [ 1 - 8 ] rx-queue queue_name

Attaches the ingress queue to the atm vc when the queue type is ingress.

set physical dsl atm vcc [ 1 - 8 ] auto-vpi-vci [ on | off ]

Turns Automatic VPI/VCI Detection on or off. If you leave the default on, the device will try a series of VPI/VCI pairs that are commonly used by service providers. When one pair succeeds, the device will use this one for future connections.

set physical dsl atm vcc [ 1 - 8 ] vpi-vci-list vpi_vci_pairs

Specifies the series of VPI/VCI pairs that the device will use to attempt a connection. The default set ("0/35 8/35 0/43 0/51 0/59 8/43 8/51 8/59") may changed. The list is the default.

set physical dsl atm vcc [ 1 - 8 ] qos enable [ off | on ]

Turns QoS off or on on the virtual circuit. Default is off.

Administrator’s Handbook

Specifies how data is encapsulated over ATM connections.

ether-lic = RFC-1483, bridged Ethernet, LLC-SNAP

ip-lic = RFC-1483, routed IP, LLC-SNAP

ppp-lic = PPP over ATM, LLC-SNAP

ether-vcmux = RFC-1483, bridged Ethernet, VC-muxed

ip-vcmux = RFC-1483, routed IP, VC-muxed

ppp-vcmux = PPP over ATM, VC-muxed

VC-muxed is the abbreviation for Virtual Circuit multiplexing

LLC-SNAP is the abbreviation for Logical Link Control Subnetwork Access Protocol

The default is ether-lic.

Ethernet interfaces

set physical enet [ 1 - 4 ] port media [ auto | 100-fd | 100-hd | 10-fd | 10-hd ]

Sets the Ethernet port’s media flow control: Automatic, 100 Mbps Full-Duplex, 100 Mbps Half-Duplex, 10 Mbps Full-Duplex, or 10 Mbps Half-Duplex. Default is

auto.

set physical enet [ 1 - 4 ] port mdix [ auto | on | off ]

Sets the Ethernet port’s crossover detection. Default is off.

set physical enet [ 1 - 4 ] tx-queue queue_name

Attaches the egress queue template to the ethernet interface when the queue type is egress.

set physical enet [ 1 - 4 ] rx-queue queue_name

Attaches the ingress queue to the ethernet interface when the queue type is ingress.

set physical ensw max-age seconds

Sets the maximum delay on the Ethernet switch in seconds. Default is 300 (5 minutes).

set physical ensw qos-mode [ off | p-bit ]

Sets QoS up on Ethernet switch, classified by priority-bit mapping. Default is off. When p-bit is selected, packets will be mapped from their priority (even if untagged) to one of four queues per-port in the Ethernet switch.

NOTE:



Wireless interfaces

This only applies to packets sent from the host CPU to a switch port; it does not apply to port-to-port traffic.

set physical wireless enable [ on | off ]

Enables or disables the wireless capability for supported Wi-Fi Gateways. Default is on.

Sets and locks the gateway into the wireless transmission mode you want: bg, b-only, g-only, bgn, n-only, an, or

a-only. For compatibility with clients using 802.11b (up to 11 Mbps transmission), 802.11g (up to 20+

Mbps), 802.11a (up to 54 Mbit/s using the 5 GHz band), or 802.11n (from 54 Mbit/s to 600 Mbit/s with the use of four spatial streams at a channel width of 40 MHz), select the other, select

bgn.

G-only, N-only, A-only, or B-only, or some combination that applies to your setup. Default is

B/G/N. To limit your wireless LAN to one mode or

set physical wireless auto-channel [ off | on ]

Turns auto-channel selection on or off.

set physical wireless band-lock [ 2.4 | 5.0 ]

Sets the Wi-Fi radio to use only the 2.4 GHz or 5.0 GHz frequency bands. This only applies when in n-only mode. The default is 2.4.

set physical wireless bandwidth [ narrow | wide ]

Specifies whether the Wi-Fi channel is narrow or wide band. Default is narrow in compliance with FCC requirements.

set physical wireless default-channel [ 1... 11 ]

(1 through 11, for North America) on which the network will broadcast. This is a frequency range within the

2.4Ghz band. Channel selection can have a significant impact on performance, depending on other wireless activity close to this Router. Channel selection is not necessary at the client computers; the clients will scan the available channels seeking access points using the same SSID as the client. Defaults to

set physical wireless power [ 1 - 100 ]

Sets some value lower than 100 percent transmit power if your gateway is located close to other Wi-Fi Gateways and causes interference. Defaults to

100 (percent).

set physical wireless mul2uni [ off | on ]

Turns wireless “many-to-one” packet scheduling off or on. Default is off.

Administrator’s Handbook

set physical wireless ssid [ 1 - 4 ] enable [ on | off ]

Enables or disables the first (default) Wi-Fi SSID.

set physical wireless ssid [ 1 - 4 ] name name

Specifies a name for the first Wi-Fi SSID. Defaults to a unique value per router of the form “ATTxxx”.

set physical wireless ssid [ 1 - 4 ] access-type [ none | allow | deny ]

Specifies the type of address list for defining MAC address filtering. If set to allow, only hosts with the specified addresses will be permitted to join the WLAN of the specified SSID. If set to the specified addresses will be permitted to join the specified SSID. Default is

deny, any hosts except those with

none.

set physical wireless ssid [ 1 - 4 ] access-list mac_address

Specifies the MAC address of devices controlled by MAC address filtering.

set physical wireless ssid [ 1 - 4 ] hidden [ off | on ]

Enables or disables SSID hiding for the specified SSID. If set to on, the specified SSID will not appear on client scans. Clients must log into the SSID with the exact SSID name and credentials specified for that SSID.

set physical wireless ssid [ 1 - 4 ] isolate [ off | on ]

If set to on, blocks wireless clients from communicating with other wireless clients on the WLAN side of the gateway. Defaults to

off.

set physical wireless ssid [ 1 - 4 ] security [ none | wep | wpa ]

Sets the wireless privacy type: none, wep, or wpa-psk. Default is none.

NOTE:



The WEP standard is not available when you are running in 802.11n mode.

set physical wireless ssid [ 1 - 4 ] key-length [ 10 | 26 ]

Sets the WEP key length to 10 or 26 characters.

set physical wireless ssid [ 1 - 4 ] pre-shared key-value

Sets the Pre-Shared Key (PSK) value to use when resolving WPA credentials from wireless devices. If no key value is specified, the 2247-N8 uses its default key value, printed on the Device Access Code label on the bottom of the gateway.

set physical wireless ssid [ 1 - 4 ] wpa-version [ 1 | 2 | both ]

When the specified SSID is using WPA security, sets the version of WPA the 2247-N8 will use for resolving WPA credentials. WPA may not be changed from 2 if the 2247-N8 is using 802.11N mode. The default is 2.

set physical wireless wps [ on | off ]

Enables or disables Wi-Fi Protected Setup (WPS) for simplified security configuration with Wi-Fi clients that support it.

set physical wireless wmm enable [ off | on ]

Enables or disables Wi-Fi Multimedia settings for multimedia queueing characteristics.

set physical wireless wmm power-save [ off | on ]

Turns power saving mode off or on for wireless multimedia when wmm enable is on. Default is on.

PPPoE relay commands

NOTE:



When configuring a PPPoE connection, you must also configure the required PPPoE authentication details (such as user name and password combinations) on the client computer.

set pppoe-relay enable [ on | off ]

Allows the gateway to forward PPPoE packets. Default is on.

set pppoe-relay max-sessions [ 0... 4 ]

Specifies the maximum number of PPPoE relay sessions. Default is 4.

NAT Pinhole commands

NAT pinholes let you pass specific types of network traffic through the NAT interfaces on the 2247-N8. NAT pinholes allow you to route selected types of network traffic, such as FTP requests or HTTP (Web) connections, to a specific host behind the 2247-N8 transparently.

To set up NAT pinholes, you identify the type(s) of traffic you want to redirect by port number, and you specify the internal host to which each specified type of traffic should be directed.

The following list identifies protocol type and port number for common TCP/IP protocols:

 FTP (TCP 21)  telnet (TCP 23)  SMTP (TCP 25),  TFTP (UDP 69)

set pinhole name name enable [ off | on ]

Enables or disables the named NAT pinhole. The defualt is on.

set pinhole name name protocol [ tcp | udp | both ]

Specifies the identifier for the entry in the gateway's pinhole table. You can name pinhole table entries sequentially (1, 2, 3), by port number (21, 80, 23), by protocol, or by some other naming scheme. Specifies the type of protocol being redirected.

set pinhole name name ext-port-range [ 0 - 49151 ]

Specifies the first and last port number in the range being translated.

set pinhole name name int-addr ipaddr

Specifies the IP address of the internal host to which traffic of the specified type should be transferred.

Administrator’s Handbook

set pinhole name name int-start-port [ 0 - 65535 ]

Specifies the port number your 2247-N8 should use when forwarding traffic of the specified type. Under most circumstances, you would use the same number for the external and internal port.

Security Stateful Packet Inspection (SPI) commands

set security firewall-level [ low | high | off ]

All computer operating systems are vulnerable to attack from outside sources, typically at the operating system or Internet Protocol (IP) layers. Stateful Inspection firewalls intercept and analyze incoming data packets to determine whether they should be admitted to your private LAN, based on multiple criteria, or blocked. Stateful inspection improves security by tracking data packets over a period of time, examining incoming and outgoing packets. Outgoing packets that request specific types of incoming packets are tracked; only those incoming packets constituting a proper response are allowed through the firewall.

The

high setting is recommended, but for special circumstances, a low level of firewall protection is available.

You can also turn all firewall protection

off. Defaults to low.

set security spi icmp downstream-echo-rqst-drop [ on | off ]

If enabled all ICMP echo requests coming from the Internet will be dropped.

set security spi unknown-ethertypes-drop [ on | off ]

Enables or disables whether packets with unknown ether types are to be dropped. Default is on.

set security spi portscan-protect [ on | off ]

Enables or disables whether to detect and drop port scans. Default is on.

set security spi invalid-tcp-flags-drop [ on | off ]

Enables or disables whether packets with invalid TCP flag settings (NULL, FIN, Xmas, etc.) are to be dropped. Default is

on.

set security spi ip4 invalid-addr-drop [ on | off ]

Broad sets of addresses exist that should not be used as one or both of source or destination addresses. These include the following:

IP address/mask Source or destination

10.0.0.0/8 source

192.168.0.0.0/16 source

169.254.0.0/16 source

172.16.0.0/12 source

224.0.0.0/4 Source / destination

224.0.0.0/5 Source / destination

0.0.0.0/8 Source / destination

255.255.255.255 destination

The default is on.

set security spi ip4 private-addr-drop [ on | off ]

Enables or disables whether Broadband packets with private source or destination addresses should be dropped. Default is

off.

set security spi flood-limit enable [ on | off ]

Enables or disables whether packet flooding should be detected and offending packets be dropped. Default is

on.

set security spi flood-limit limit pps_value

Sets a maximum Packets Per Second (PPS) value for packet flood criterion. Defaults to 4.

set security spi flood-limit burst-limit max_value

Sets a maximum value in a packet-burst for packet flood criterion. Defaults to 8.

set security spi flood-limit icmp enable [ on | off ]

Enables or disables whether ICMP packet flooding should be detected and offending packets be dropped. Defaults to

on.

set security spi flood-limit udp enable [ off | on ]

Allows you to include or exclude UDP traffic rom flood limiting. Defaults to off.

set security spi flood-limit udp pass-multicast [ off | on ]

Allows you to exclude UDP multicast traffic from throttling. Defaults to on.

set security spi flood-limit tcp enable [ off | on ]

Enables or disables whether TCP packet flooding should be detected and offending packets be dropped. Defaults to

off.

set security spi flood-limit tcp syn-cookie [ on | off ]

Allows TCP SYN cookies flooding to be excluded. Defaults to on.

Administrator’s Handbook

Reflexive ACL

set security spi ip6 allow-inbound [ on | off ]

Turns reflexive ACL on or off for IPv6.

Reflexive Access Control Lists (ACL) provide that layer 4 Session information is used to make decisions about what packets to route. Reflexive ACL reduces exposure to spoofing and denial-of-service attacks, because desired inbound packet flows are usually in response to outbound traffic.

Motorola 9.x DSL Gateways use the relevant session information about whether the packet flow was initiated from the LAN side (upstream) or WAN side (downstream). If the parameter security. set to

off, then sessions which are initiated from the WAN side are disallowed. Upstream sessions are never

precluded because of reflexive ACL. (Of course there may be other reasons that particular packets are dropped.)

For IPv4, NAT is generally enabled, so reflexive ACL is usually not an issue.

spi.ip6.allow-inbound is

set security spi ip6 src-mcast-drop [ off | on ]

Drop IPv6 packets with source multicast address. The default is off.

set security spi ip6 invalid-mcast-scope-drop [ off | on ]

Drop IPv6 packets with invalid multicast scope. Default is on.

set security spi ip6 forbidden-addr-drop [ off | on ]

Drop IPv6 packets with forbidden addresses. Default is on.

set security spi ip6 deprecated-ext-hdr-drop [ off | on ]

Drop IPv6 packets with deprecated extension headers. Default is on.

set security spi ip6 src-addr-from-lan-unassigned-drop [ off | on ]

Drop IPv6 packets from LAN with source address not derived from WAN. Default is on.

set security spi ip6 lan-assigned-src-addr-from-wan-drop [ off | on ]

Drop IPv6 packets from WAN with source address derived from LAN. Default is on.

set security spi ip6 ula-drop [ off | on ]

Drop IPv6 packets with unique local address (ULA). Default is on.

set security spi ip6 ignore-dns-from-wan [ off | on ]

Drop IPv6 packets from WAN to DNS proxy. Default is on.

set security spi ip6 ignore-dhcp-from-wan [ off | on ]

Drop IPv6 packets from WAN to local DHCPv6 server. Default is on.

set security spi ip6 esp-hdr-drop [ off | on ]

Drop IPv6 packets which contain ESP headers. Default is off.

set security spi ip6 ah-hdr-drop [ off | on ]

Drop IPv6 packets which contain AH headers. Default is off.

System commands

set system name name

Specifies the name of your 2247-N8. Each 2247-N8 is assigned a name as part of its factory initialization. The default name for a 2247-N8 consists of the word “Motorola-7000/XXX” where “XXX” is the serial number of the device; for example, Motorola-7000/9437188. A system name can be 1 – 255 characters long. Once you have assigned a name to your 2247-N8, you can enter that name in the Address text field of your browser to open a connection to your 2247-N8.

NOTE:



Some broadband cable-oriented Service Providers use the System Name as an important identification and support parameter. If your gateway is part of this type of network, do NOT alter the System Name unless specifically instructed by your Service Provider.

set system time-zone

time-zone of 0 is Coordinated Universal Time (UTC); options are -12 through 12 (+/- 1 hour increments from

UTC time).

set system auto-daylight-savings [ on | off ]

Time zones honoring Daylight Saving Time may be automatically designated.

set system firewall-log enable [ on | off ]

Turns firewall logging on or off. The firewall log tracks attempted violations of the firewall rules. Default is on.

set system firewall-log persist [ on | off ]

When set to on, causes the log information to be kept in flash memory. Default is off.

set system firewall-log file-size [ 4096... 65536 ]

Specifies a size for the firewall logs. The most recent entries are posted to the beginning of the log. When the log becomes full, the oldest entries are dropped. The default is 16384.

set system firewall-log file-count [ 2... 8 ]

Specifies the number of possible log files. The default is 4.

set system fastpath software-enable [ on | off ]

Enables or disables the fastpath accelerator processor. Fastpath works on only TCP and UDP. Default is on.

Administrator’s Handbook

set system fastpath hardware-enable [ off | on ]

Enables or disables the fastpath accelerator processor. Default is off.

set system lan-log [ on | off ]

Sets the 2247-N8 to collect or discard LAN log information. The default is on.

set system lan-log file-size [ 4096... 65536 ]

Assigns the maximum size (in bytes) for the LAN log file. The default is 16384.

set system lan-log file-count [ 2... 8 ]

Set the number of previous log files to store. The default is 4.

set system syslog enable [ on | off ]

Enables (on) or disables (off) the NVG589 syslog function. The syslog function is disabled by default. If syslog is enabled, the following additional syslog settings may be configured:

 set system syslog server-ip <IPv4/IPv6 Address>  set system syslog server-port <port>  set system syslog facility [ local0 ... local7 ]  set system syslog level [ 0 ... 7 ]  set system syslog log-system [ on | off ]  set system syslog log-firewall [ on | off ]  set system syslog log-igmp [ on | off ]

You must specify the syslog server’s IP address and any custom UDP port number to identify system logging messages with the set system syslog server-ip <IPv4/IPv6 Address> commands. After the syslog server is specified, you may turn on any or all of the logging categories.

The receiving server must have a properly configured syslog server package active.

and set system syslog server-port <port>

set system syslog server-ip <IPv4/IPv6 Address>

Specifies the IP address (in IPv4 dotted decimal notation or IPv6 colon-separated hexadecimal notation) of the server that syslog messages will be sent to.

set system syslog server-port <port>

Customizes the UDP port number that the syslog function marks messages to the logging server package with (range: 1 - 65535, default: 514).

set system syslog facility [ local0 ... local7 ]

Specifies the local facility number that syslog messages are sent to (range: local0 - local7, default: local0).

set system syslog level [ 0 ... 7 ]

Sets the severity level of syslog messages the NVG589 will send to the syslog server. Each severity level includes all higher-level messages (e.g; a level of 2 [Critical] will also send Alert and Emergency messages) . The severity levels are arranged and enumerated as follows:

 0 : Emergency

 1 : Alert  2 : Critical  3 : Error  4 : Warning  5 : Notice (default)  6 : Info  7 : Debug

set system syslog log-system [ on | off ]

Enables (on) or disables (off) the generation of system log messages for the syslog server. If the syslog function is enabled, system log is enabled (on) by default.

set system syslog log-firewall [ on | off ]

Enables (on) or disables (off) the delivery of firewall log messages to the syslog server. Firewall log is disabled by default.

set system syslog log-igmp [ on | off ]

Enables (on) or disables (off) the delivery of IGMP log messages to the syslog server. The igmp log is disabled by default.

set system syslog log-hndp [ on | off ]

This controls whether we syslog HNDP log data or not. (HNDP stands for “Home Network Discovery Protocol”

- a proprietary protocol we support to gather information about hosts on the LAN to report back to our Home Center network mapping application.)

set system log buffer-size [ 4096... 65536 ]

Specifies a size for the system log. The most recent entries are posted to the beginning of the log. When the log becomes full, the oldest entries are dropped. The default is 16384.

set system log level [ low | medium | high | alerts | failures ]

Specifies the types of log messages you want the 2247-N8 to record. All messages with a level equal to or greater than the level you specify are recorded. For example, if you specify set system diagnostic-level

medium, the diagnostic log will retain medium-level informational messages, alerts, and failure messages.

Use the following guidelines:



low - Low-level informational messages or greater; includes trivial status messages.



medium - Medium-level informational messages or greater; includes status messages that can help monitor

network traffic.



high - High-level informational messages or greater; includes status messages that may be significant but do

not constitute errors. The default.



alerts - Warnings or greater; includes recoverable error conditions and useful operator information.



failures - Failures; includes messages describing error conditions that may not be recoverable.

Administrator’s Handbook

Debug Commands

When you are in SHELL mode, the DEBUG prompt is the name of the 2247-N8/DEBUG followed by a right angle bracket (>). For example, if you open a CLI connection to the 2247-N8 named “Motorola-3000/9437188,” then type “debug” you would see

Debug level is available for field debugging purposes.There is no service and quality level guarantee from Motorola. This level is intended for SEs or Telcos lab people, not for normal operation at home for end users.

Motorola-3000/9437188/DEBUG> as your prompt.

More commands are available. To display the options, type “

help all”.

Disclaimer & Warning Text

The following is displayed when entering Debug level from normal Config level.

“Warning: Accessing these commands may impact the normal operation of this device. Exit now if you entered by mistake.”

Commands

console

Make this session the console.

mirror <src-port> <dst-port>

To mirror one port's traffic to another. Causes traffic transmitted or received on <src-port> to be mirrored on <dst-port>. Ports must support Ethernet (IPoA and PPPoA ATM ports are not supported).

mirror off

Turns off port mirroring.

show fastpath

Displays entries in fastpath.

show cpu

Displays CPU Usage as a percentage and CPU Load Averages over 1, 5 and 15 minute periods.

TR-069 CLI CShell Commands (debug mode)

tr69 GetParameterValues <path> tr69 SetParameterValues <path> = <value> tr69 GetParameterNames <path> <nextlevel> tr69 Addobject <path> tr69 Deleteobject <path>

Example:

tr69 GetParameterValues InternetGatewayDevice.DeviceInfo.

NOTE:



CLI and ACS sessions are mutually exclusive and should not be used at the same time

APPENDIX A Technical Specifications, Copyright

and Safety

Motorola 2247-N8 DSL Wi-Fi Gateway Specifications

Communications Interfaces:

The 2247-N8 DSL Wi-Fi Gateway has an RJ-11 jack for DSL line connections or an RJ-45 jack for cable/DSL modem connections and a 4–port 10/100Base-T Ethernet switch for your LAN connections. The 2247-N8 also contains an 802.11b/g/n wireless LAN transmitter.

Power requirements

12V,1.5A

Environment

Operating temperature: 0° to +40° C

Storage temperature: 0° to +70° C

Relative storage humidity: 20 to 80% noncondensing

Software and protocols

Software media: Software preloaded on internal flash memory; field upgrades done via download to internal

flash memory via TFTP or web upload.

Routing: TCP/IP Internet Protocol Suite, RIP

WAN support: PPPoE, DHCP, static IP address

Security: PAP, CHAP, UI password security, IPsec, Secure Sockets Layer (SSL) certificate (supported models)

Management/configuration methods: HTTP (Web server), Telnet, SNMP, TR-069 DSL Forum CPE WAN

Management Protocol

Diagnostics: Ping, event logging, routing table displays, statistics counters, web-based management, trace-

route, nslookup, and diagnostic commands.

Administrator’s Handbook

Agency Approvals

North America

Safety Approvals:

United States – UL 60950, Third Edition

 Canada – CSA: CAN/CSA-C22.2 No. 60950-00  EMC:  United States – FCC Part 15 Class B  Canada – ICES-003

Te le co m :

 United States – 47 CFR Part 68  Canada – CS-03

International

Safety Approvals:

 Low Voltage (European directive) 73/23  EN 60950-1 (Europe)

EMI Compatibility:

 89/336/EEC (European directive)  EN55022:1994 CISPR22 Class B  EN300 386 V1.2.1 (non-wireless products)  EN 301-489 (wireless products)

Regulatory Notices

European Community. This Motorola product conforms to the European Community CE Mark standard for

the design and manufacturing of information technology equipment. This standard covers a broad area of product design, including RF emissions and immunity from electrical disturbances.

The 2247-N8 complies with the following EU directives:

 Low Voltage, 73/23/EEC  EMC Compatibility, 89/336/EEC, conforming to EN 55 022

This Motorola product is in conformity with the essential requirements and other relevant requirements of the Radio Equipment and Telecommunications Terminal Equipment Directive (R&TTE) 1999/5/EC, following the provision of the Electromagnetic Compatibility Directive (EMC) No. 89/336/EEC and Low Voltage Directive (LVD) No. 73/23/EEC. The product is compliant with the following standards and other normative documents: LEMC – Emissions and Immunity: EN 301 489-1 V1.2.1 (2002-08), EN 301 489-17 (2002-08), EN 55022 Class B (1998) EMC – Radio Data Transmission: EN 300 328 V1.4.1 (2003-04) EMC - Resistibility: ITU-T K.21 (1996) LVD - Safety: EN 60950 (2000) + A1 + A2 + A3 + A4 + A11

Manufacturer’s Declaration of Conformance

 Warnings:

This is a Class B product. In a domestic environment this product may cause radio interference, in which case the user may be required to take adequate measures. Adequate measures include increasing the physical distance between this product and other electrical devices. Changes or modifications to this unit not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.

United States. This equipment has been tested and found to comply with the limits for a Class B digital

device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:

 Reorient or relocate the receiving antenna.  Increase the separation between the equipment and receiver.  Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.  Consult the dealer or an experienced radio TV technician for help.

Service Requirements. In the event of equipment malfunction, if under warranty we will exchange a product

deemed defective.

Under FCC rules, no customer is authorized to repair this equipment. This restriction applies regardless of whether the equipment is in or our of warranty. It is the responsibility of users requiring service to report the need for service to our Company or to one of our authorized agents.

Technical Support for Hardware Products 1-877-466-8646

http://www.motorola.com/us/support/

Important:



Canada. This Class B digital apparatus meets all requirements of the Canadian Interference -Causing Equip-

ment Regulations.

Cet appareil numérique de la classe B respecte toutes les exigences du Réglement sur le matériel brouilleur du Canada.

Declaration for Canadian Users

This product was tested for FCC compliance under conditions that included the use of shielded cables and connectors between system components. Changes or modifications to this product not authorized by the manufacturer could void your authority to operate the equipment.

NOTICE: The Canadian Industry Canada label identifies certified equipment. This certification means that the equipment meets certain telecommunications network protective, operation, and safety requirements. The Department does not guarantee the equipment will operate to the user’s satisfaction.

Administrator’s Handbook

Before installing this equipment, users should ensure that it is permissible to be connected to the facilities of the local telecommunications company. The equipment must also be installed using an acceptable method of connection. In some cases, the company’s inside wiring associated with a single line individual service may be extended by means of a certified connector assembly (telephone extension cord). The customer should be aware that compliance with the above conditions may not prevent degradation of service in some situations.

Repairs to the certified equipment should be made by an authorized Canadian maintenance facility designated by the supplier. Any repairs or alterations made by the user to this equipment, or equipment malfunctions, may give the telecommunications company cause to request the user to disconnect the equipment.

Users should ensure for their own protection that the electrical ground connections of the power utility, telephone lines, and internal metallic water pipe system, if present, are connected together. This precaution may be particularly important in rural areas.

Caution

Users should not attempt to make such connections themselves, but should contact the appropriate electric inspection authority, or electrician, as appropriate.

The Ringer Equivalence Number (REN) assigned to each terminal device provides an indication of the maximum number of terminals allowed to be connected to a telephone interface. The termination on an interface may consist of any combination of devices subject only to the requirement that the sum of the Ringer Equivalence Numbers of all the devices does not exceed 5.

47 CFR Part 68 Information

FCC Requirements

1. The Federal Communications Commission (FCC) has established Rules which permit this device to be directly connected to the telephone network. Standardized jacks are used for these connections. This equipment should not be used on party lines or coin phones.

2. If this device is malfunctioning, it may also be causing harm to the telephone network; this device should be disconnected until the source of the problem can be determined and until repair has been made. If this is not done, the telephone company may temporarily disconnect service.

3. The telephone company may make changes in its technical operations and procedures; if such changes affect the compatibility or use of this device, the telephone company is required to give adequate notice of the changes. You will be advised of your right to file a complaint with the FCC.

4. If the telephone company requests information on what equipment is connected to their lines, inform them of:

a. The telephone number to which this unit is connected. b. The ringer equivalence number. [0.XB] c. The USOC jack required. [RJ11C] d. The FCC Registration Number. [XXXUSA-XXXXX-XX-E] Items (b) and (d) are indicated on the label. The Ringer Equivalence Number (REN) is used to deter-

mine how many devices can be connected to your telephone line. In most areas, the sum of the REN's of all devices on any one line should not exceed five (5.0). If too many devices are attached, they may not ring properly.

FCC Statements

a) This equipment complies with Part 68 of the FCC rules and the requirements adopted by the ACTA. On the bottom of this equipment is a label that contains, among other information, a product identifier in the format US:AAAEQ##TXXXX. If requested, this number must be provided to the telephone company.

b) List all applicable certification jack Universal Service Order Codes (“USOC”) for the equipment: RJ11.

c) A plug and jack used to connect this equipment to the premises wiring and telephone network must comply with the applicable FCC Part 68 rules and requirements adopted by the ACTA. A compliant telephone cord and modular plug is provided with this product. It is designed to be connected to a compatible modular jack that is also compliant. See installation instructions for details.

d) The REN is used to determine the number of devices that may be connected to a telephone line. Excessive RENs on a telephone line may result in the devices not ringing in response to an incoming call. In most but not all areas, the sum of RENs should not exceed five (5.0). To be certain of the number of devices that may be connected to a line, as determined by the total RENs, contact the local telephone company. For products approved after July 23, 2002, the REN for this product is part of the product identifier that has the format US:AAAEQ##TXXXX. The digits represented by ## are the REN without a decimal point (e.g., 03 is a REN of 0.3). For earlier products, the REN is separately shown on the label.

e) If this equipment, the Motorola Modem or gateway, causes harm to the telephone network, the telephone company will notify you in advance that temporary discontinuance of service may be required. But if advance notice isn’t practical, the telephone company will notify the customer as soon as possible. Also, you will be advised of your right to file a complaint with the FCC if you believe it is necessary.

Administrator’s Handbook

f) The telephone company may make changes in its facilities, equipment, operations or procedures that could affect the operation of the equipment. If this happens the telephone company will provide advance notice in order for you to make necessary modifications to maintain uninterrupted service.

g) If trouble is experienced with this equipment, the Motorola gateway, for warranty information, please contact:

Technical Support for Hardware Products 1-877-466-8646

http://www.motorola.com/us/support

If the equipment is causing harm to the telephone network, the telephone company may request that you disconnect the equipment until the problem is resolved.

h) This equipment not intended to be repaired by the end user. In case of any problems, please refer to the troubleshooting section of the Product User Manual before calling Motorola Technical Support.

i) Connection to party line service is subject to state tariffs. Contact the state public utility commission, public service commission or corporation commission for information.

j) If your home has specially wired alarm equipment connected to the telephone line, ensure the installation of this Motorola gateway does not disable your alarm equipment. If you have questions about what will disable alarm equipment, consult your telephone company or qualified installer.

RF Exposure Statement:

NOTE: Installation of the wireless models must maintain at least 20 cm between the wireless gateway and

any body part of the user to be in compliance with FCC RF exposure guidelines.

PRODUCT VENTILATION

The Motorola gateway is intended for use in a consumer's home. Ambient temperatures around this product should not exceed 104°F (40°C). It should not be used in locations exposed to outside heat radiation or trapping of its own heat. The product should have at least one inch of clearance on all sides except the bottom when properly installed and should not be placed inside tightly enclosed spaces unless proper ventilation is provided.

Electrical Safety Advisory

Telephone companies report that electrical surges, typically lightning transients, are very destructive to customer terminal equipment connected to AC power sources. This has been identified as a major nationwide problem. Therefore it is advised that this equipment be connected to AC power through the use of a surge arrestor or similar protection device.

Warranty Information

Software License, Limited Warranty and Limitation of Remedies

Motorola Mobility, LLC, Broadband Communications Sector (“Motorola Mobility”) 101 Tournament Drive, Horsham, PA 19044

IMPORTANT: PLEASE READ THIS SOFTWARE LICENSE (“LICENSE”) CAREFULLY BEFORE YOU INSTALL, DOWNLOAD OR USE ANY APPLICATION SOFTWARE, USB DRIVER SOFTWARE, FIRMWARE AND RELATED DOCUMENTATION (“SOFTWARE”) PROVIDED WITH MOTOROLA MOBILITY’S DATA PRODUCT (THE “PRODUCT”). BY USING THE PRODUCT AND/OR INSTALLING, DOWNLOADING OR USING ANY OF THE SOFTWARE, YOU INDICATE YOUR ACCEPTANCE OF EACH OF THE TERMS OF THIS LICENSE. UPON ACCEPTANCE, THIS LICENSE WILL BE A LEGALLY BINDING AGREEMENT BETWEEN YOU AND MOTOROLA MOBILITY. THE TERMS OF THIS LICENSE APPLY TO YOU AND TO ANY SUBSEQUENT USER OF THIS SOFTWARE.

IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS LICENSE (I) DO NOT INSTALL OR USE THE SOFTWARE AND (II) RETURN THE PRODUCT AND THE SOFTWARE (COLLECTIVELY, “PRODUCT”), INCLUDING ALL COMPONENTS, DOCUMENTATION AND ANY OTHER MATERIALS PROVIDED WITH THE PRODUCT, TO YOUR SERVICE PROVIDER.

The Software includes associated media, any printed materials, and any “on-line” or electronic documentation. Software provided by third parties may be subject to separate end-user license agreements from the manufacturers of such Software. This License shall also apply to any updates, bug fixes, or newer versions of the software provided by Motorola Mobility for use with this product.

The Software is never sold. Motorola Mobility licenses the Software to the original customer and to any subsequent licensee for personal use only on the terms of this License. Motorola Mobility and its 3rd party licensors retain the ownership of the Software.

Software License

You may:

USE the Software only in connection with the operation of the Product. TRANSFER the Software (including all component parts and printed materials) permanently to another person, but only if the person agrees to accept all of the terms of this License. If you transfer the Software, you must at the same time transfer the Product and all copies of the Software (if applicable) to the same person or destroy any copies not transferred. TERMINATE this License by destroying the original and all copies of the Software (if applicable) in whatever form.

You may not:

(1) Loan, distribute, rent, lease, give, sublicense or otherwise transfer the Software, in whole or in part, to any other person, except as permitted under the TRANSFER paragraph above. (2) Copy or translate the User Guide included with the Software, other than for personal use. (3) Copy, alter, translate, decompile, disassemble or reverse engineer the Software, including but not limited to, modifying the Software to make it operate on noncompatible hardware. (4) Remove, alter or cause not to be displayed, any copyright notices or startup message contained in the Software programs or documentation. (5) Export the Software or the Product components in violation of any United States export laws. The Product is not designed or intended for use in on-line control of aircraft, air traffic, aircraft navigation or aircraft communications; or in design, construction, operation or maintenance of any nuclear facility. MOTOROLA MOBILITY, LLC AND ITS 3RD PARTY LICENSORS DISCLAIM ANY EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR SUCH USES. YOU REPRESENT AND WARRANT THAT YOU SHALL NOT USE THE PRODUCT FOR SUCH PURPOSES. Title to this Software, including the ownership of all copyrights, mask work rights, patents, trademarks

Administrator’s Handbook

and all other intellectual property rights subsisting in the foregoing, and all adaptations to and modifications of the foregoing shall at all times remain with Motorola Mobility and its 3rd party licensors. Motorola Mobility retains all rights not expressly licensed under this License. The Software, including any images, graphics, photographs, animation, video, audio, music and text incorporated therein is owned by Motorola Mobility or its 3rd party licensors and is protected by United States copyright laws and international treaty provisions. Except as otherwise expressly provided in this License, the copying, reproduction, distribution or preparation of derivative works of the Software, any portion of the Product or the documentation is strictly prohibited by such laws and treaty provisions. Nothing in this License constitutes a waiver of Motorola Mobility’s rights under United States copyright law. This License and your rights regarding any matter it addresses are governed by the laws of the Commonwealth of Pennsylvania, without reference to conflict of laws principles. THIS LICENSE SHALL TERMINATE AUTOMATICALLY if you fail to comply with the terms of this License. Motorola Mobility is not responsible for any third party software provided as a bundled application, or otherwise, with the Software.

U.S. GOVERNMENT RESTRICTED RIGHTS The Product and documentation is provided with RESTRICTED RIGHTS. The use, duplication or disclosure by the Government is subject to restrictions as set forth in subdivision (c)(1)(ii) of The Rights in Technical Data and Computer Software clause at 52.227-7013. The contractor/ manufacturer is Motorola Mobility, LLC, Broadband Communications Sector, 101 Tournament Drive, Horsham, PA 19044.

Warranty Information

Retail Purchasers. If you purchased this Product directly from Motorola Mobility or from an authorized Motorola Mobility retail reseller, Motorola Mobility warrants to you, the original end user customer, that (A) the Product, excluding Software, will be free from defects in materials and workmanship under normal use, and (B) with respect to Software, (i) the media on which the Software is provided will be free from defects in material and workmanship under normal use, and (ii) the Software will perform substantially as described in its documentation. This Limited Warranty to you, the original end user customer, continues (A) for Software and the media upon which it is provided, for a period of ninety (90) days from the date of purchase from Motorola or an authorized Motorola Mobility reseller, and (B) for the Product (excluding Software), for a period of one (1) year from the date of purchase from Motorola Mobility or from an authorized Motorola Mobility reseller. To take advantage of this Limited Warranty or to obtain technical support, you must call the Motorola Mobility support phone number (below). Motorola Mobility’s sole and exclusive obligation under this Limited Warranty for retail sales shall be to repair or replace any Product or Software that does not meet this Limited Warranty. All warranty claims must be made within the applicable Warranty Period.

Cable Operator or Service Provider Arrangements. If you did not purchase this Product directly from Motorola Mobility or from a Motorola Mobility authorized retail reseller, Motorola Mobility does not warrant this Product to you, the end-user. A limited warranty for this Product (including Software) may have been provided to your cable operator or Internet Service Provider (“Service Provider”) from whom you obtained the Product. Please contact your Service Provider if you experience problems with this Product.

General Information. The warranties described in this Section shall not apply: (i) to any Product subjected to accident, misuse, neglect, alteration, Acts of God, improper handling, improper transport, improper storage, improper use or application, improper installation, improper testing or unauthorized repair; or (ii) to cosmetic problems or defects which result from normal wear and tear under ordinary use, and do not affect the performance or use of the Product. Motorola Mobility’s warranties apply only to a Product that is manufactured by Motorola Mobility and identified by Motorola Mobility owned trademark, trade name or product identification logos affixed to the Product. Motorola Mobility does not warrant to you, the end user, or to anyone else that the Software will perform error free or without bugs. MOTOROLA MOBILITY, LLC IS NOT RESPONSIBLE FOR, AND PROVIDES “AS IS” ANY SOFTWARE SUPPLIED BY 3RD PARTIES. EXCEPT AS EXPRESSLY STATED IN THIS SECTION (“WARRANTY INFORMATION”), THERE ARE NO WARRANTIES OF ANY KIND RELATING TO THE PRODUCT, EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANT-

ABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR THE WARRANTY AGAINST INFRINGEMENT PROVIDED IN THE UNIFORM COMMERCIAL CODE. Some states do not allow for the exclusion of implied warranties, so the above exclusion may not apply to you.

What additional provisions should I be aware of? Because it is impossible for Motorola Mobility, LLC to know the purposes for which you acquired this Product or the uses to which you will put this Product, you assume full responsibility for the selection of the Product for its installation and use. While every reasonable effort has been made to insure that you will receive a Product that you can use and enjoy, Motorola Mobility does not warrant that the functions of the Product will meet your requirements or that the operation of the Product will be uninterrupted or error-free. MOTOROLA MOBILITY LLC IS NOT RESPONSIBLE FOR PROBLEMS OR DAMAGE CAUSED BY THE INTERACTION OF THE PRODUCT WITH ANY OTHER SOFTWARE OR HARDWARE. ALL WARRANTIES ARE VOID IF THE PRODUCT IS OPENED, ALTERED, AND/OR DAMAGED.

THESE ARE YOUR SOLE AND EXCLUSIVE REMEDIES for any and all claims that you may have arising out of or in connection with this Product, whether made or suffered by you or another person and whether based in contract or tort.

IN NO EVENT SHALL MOTOROLA MOBILITY, LLC BE LIABLE TO YOU OR ANY OTHER PARTY FOR ANY DIRECT, INDIRECT, GENERAL, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR OTHER DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PRODUCT (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF INFORMATION OR ANY OTHER PECUNIARY LOSS), OR FROM ANY BREACH OF WARRANTY, EVEN IF MOTOROLA MOBILITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN NO CASE SHALL MOTOROLA MOBILITY’S LIABILITY EXCEED THE AMOUNT YOU PAID FOR THE PRODUCT.

These matters are governed by the laws of the Commonwealth of Pennsylvania, without regard to conflict of laws principles and excluding the provisions of the United Nations Convention on Contracts for the International Sale of Goods.

Retail Purchasers Only. If you purchased this Product directly from Motorola Mobility, LLC or from a Motorola authorized retail reseller, please call the Motorola support number, 1-877-466-8646 for technical support or warranty service.

Cable Operator or Service Provider Arrangements. If you did not purchase this Product directly from Motorola Mobility, LLC or from a Motorola authorized retail reseller, please contact your Service Provider for technical support.

Administrator’s Handbook

Copyright Acknowledgments

Because Motorola Mobility, LLC has included certain software source code in this product, Motorola Mobility includes the following text required by the respective copyright holders:

Portions of this software are based in part on the work of the following:

Open Source Software Information

For instructions on how to obtain a copy of any source code being made publicly available by Motorola Mobility related to software used in this Motorola Mobility product you may send your request in writing to:

Motorola Mobility, LLC. OSS Management 2450 Walsh Avenue Santa Clara, CA 95051 USA The Motorola Mobility website opensource.motorola.com also contains information regarding Motorola Mobility’s use of

open source. Motorola Mobility has created the opensource.motorola.com to serve as a portal for interaction with the software community-at-large.

This document contains additional information regarding licenses, acknowledgments and required copyright notices for open source packages used in this Motorola Mobility product.

aiccu 2007.01.15

The SixXS License - http://www.sixxs.net/

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. Neither the name of SixXS nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior permission.

THIS SOFTWARE IS PROVIDED BY SIXXS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SIXXS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

ASN.1 object dumping code

c-ares async resolver library

http://daniel.haxx.se/projects/c-ares/

Original ares library by Greg Hudson, MIT

ftp://athena-dist.mit.edu/pub/ATHENA/ares

Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty.

Bonjour - mDNSResponder daemon from Apple v320.10.80

The majority of the source code in the mDNSResponder project is licensed under the terms of the Apache License, Version

2.0: Version 2.0, January 2004 http://www.apache.org/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of

this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under

common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.

"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code,

documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but

not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as

indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work

and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.

"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."

"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.

2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.

3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.

4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:

You must give any other recipients of the Work or Derivative Works a copy of this License; and

You must cause any modified files to carry prominent notices stating that You changed the files; and

Administrator’s Handbook

You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and

If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.

5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.

6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.

7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.

8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.

9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.

END OF TERMS AND CONDITIONS

To accommodate license compatibility with the widest possible range of client code licenses, the shared library code, which is linked at runtime into the same address space as the client using it, is licensed under the terms of the "Three-Clause BSD License".

The Linux Name Service Switch code, contributed by National ICT Australia Ltd (NICTA) is licensed under the terms of the NICTA Public Software Licence (which is substantially similar to the "Three-ClauseBSD License", with some additional language pertaining to Australian law).

NICTA Public Software Licence

Version 1.0

By this licence, National ICT Australia Ltd (NICTA) grants permission, free of charge, to any person who obtains a copy of this software and any associated documentation files ("the Software") to use and deal with the Software in source code and binary forms without restriction, with or without modification, and to permit persons to whom the Software is furnished to do so, provided that the following conditions are met:

- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimers.

- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimers in the documentation and/or other materials provided with the distribution.

- The name of NICTA may not be used to endorse or promote products derived from this Software without specific prior written permission.

EXCEPT AS EXPRESSLY STATED IN THIS LICENCE AND TO THE FULL EXTENT PERMITTED BY APPLICABLE LAW, THE SOFTWARE IS PROVIDED "AS-IS" AND NICTA MAKES NO REPRESENTATIONS, WARRANTIES OR CONDITIONS OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY REPRESENTATIONS, WARRANTIES OR CONDITIONS REGARDING THE CONTENTS OR ACCURACY OF THE SOFTWARE, OR OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT, THE ABSENCE OF LATENT OR OTHER DEFECTS, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT DISCOVERABLE.

TO THE FULL EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL NICTA BE LIABLE ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, NEGLIGENCE) FOR ANY LOSS OR DAMAGE WHATSOEVER, INCLUDING (WITHOUT LIMITATION) LOSS OF PRODUCTION OR OPERATION TIME, LOSS, DAMAGE OR CORRUPTION OF DATA OR RECORDS; OR LOSS OF ANTICIPATED SAVINGS, OPPORTUNITY, REVENUE, PROFIT OR GOODWILL, OR OTHER ECONOMIC LOSS; OR ANY SPECIAL, INCIDENTAL, INDIRECT, CONSEQUENTIAL, PUNITIVE OR EXEMPLARY DAMAGES ARISING OUT OF OR IN CONNECTION WITH THIS LICENCE, THE SOFTWARE OR THE USE OF THE SOFTWARE, EVEN IF NICTA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

If applicable legislation implies warranties or conditions, or imposes obligations or liability on NICTA in respect of the Software that cannot be wholly or partly excluded, restricted or modified, NICTA's liability is limited, to the full extent permitted by the applicable legislation, at its option, to:

a. in the case of goods, any one or more of the following: i. the replacement of the goods or the supply of equivalent goods; ii. the repair of the goods; iii. the payment of the cost of replacing the goods or of acquiring equivalent goods; iv. the payment of the cost of having the goods repaired; or b. in the case of services: i. the supplying of the services again; or ii. the payment of the cost of having the services supplied again.

dhcpcd - DHCP client daemon 5.5.0

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

dhcp (dhcp-isc) 4.1.1-P1

Administrator’s Handbook

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

dhcpcd - DHCP client daemon 5.5.0

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

dhcpcv6

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

3. Neither the name of the project nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Encryption

Aaron D. Gifford License Copyright (c) 2000-2001, Aaron D. Gifford All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following

conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

3. Neither the name of the copyright holder nor the names of contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

RSA Data Security License

Digest Algorithm" in all material mentioning or referencing this software or this function. License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA

Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of

this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind. These notices must be retained in any copies of any part of this documentation and/or software.

expat 2.1.0

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

GNU General Public License 2.0 (GPL)

This Motorola Mobility product contains the following open source software packages licensed under the terms of the GPL

2.0 license:

• Linux 2.6.30

• Arptables 0.0.3-4 (also Copyright (c) Jay Fenlason)

• bridge-utils 1.2 (also Copyright (c) Stephen Hemminger, Copyright (c) Lennery Buytenhek)

•conntrack 1.0.1

• dnsmasq 2.45 (also Copyright (c) Simon Kelley)

• ebtables 2.0.10-2 (also Copyright (c) Bart De Schuymer)

• ez-ipupdate 3.0.11b7 (also Copyright (c) Angus Mackay)

• inetd (also Copyright (c) Kenneth Albanowski Copyright (c) D. Jeff Dionne Copyright (c) Lineo, Inc.)

• iproute2 (also Copyright (c) Rusty Russell, Copyright (c) The Regents of the University of California, Copyright (c) USAGI WIDE Project, Copyright (c) Free Software Founcation, Copyright (c) Intel Corp. Copyright (c) Robert Olsson Uppsala University Sweden, Copyright (c) Harald Welte)

• iptables 1.4.0 (also Copyright (c) Netfilter Core Team)

Administrator’s Handbook

• mtd-utils 1.4.9 (also Copyright Texas Instruments)

• ntfs-3g 1.1.4

• ntpclient 2003_194 (also Copyright (c) Larry Doolittle)

• pppd 2.4.4 (also Copyright Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>, Copyright Donald Becker,

<becker@super.org>, Copyright Alan Cox, <alan@lxorguk.ukuu.org.uk>, Copyright Steve Whitehouse, <gw7rrm@eeshack3.swan.ac.uk>)

• rp-pppoe 3.10

• samba 3.0.25a (also Copyright (c) Ricky Poulten 1995-1998, Copyright (c) Richard Sharpe 1998)

• udev 136 (also Copyright (C) Kay Sievers)

• vconfig 1.6 (also Copyright (c) Ben Greear)

• wget 1.10.2 (also copyright (c) GNU Wget Authors)

GNU GENERAL PUBLIC LICENSE

Version 2, June 1991

Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU

General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too.

When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.

To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.

For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.

We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.

Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations.

Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.

The precise terms and conditions for copying, distribution and modification follow.

GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may

be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".

Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.

1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided

that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.

You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and

copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:

a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.

b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)

These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.

In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.

3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form

under the terms of Sections 1 and 2 above provided that you also do one of the following:

a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

Administrator’s Handbook

b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.

4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject tothese terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.

7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement orotherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.

It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.

This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to

time. Such new versions will be similar in spirit to the present version, but may differ in detail toaddress new problems or concerns.

Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.

10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different,

write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.

NO WARRANTY

11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT

PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR

ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

END OF TERMS AND CONDITIONS

GNU Lesser General Public License 2.1 (LGPL)

This Motorola Mobility product contains the following open source software packages licensed under the terms of the LGPL 2.1 license:

Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

[This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.]

Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU

General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users.

This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries-of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below.

When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things.

Administrator’s Handbook

To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it.

For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights.

We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library.

To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others.

Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license.

Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs.

When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library.

We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances.

For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License.

In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system.

Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library.

The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run.

TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you".

A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables.

The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".)

"Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library.

Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does.

1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library.

You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:

* a) The modified work must itself be a software library.

* b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change.

* c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. * d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that

uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful.

(For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.)

These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.

3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the

Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices.

Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy.

This option is useful when you wish to copy part of the code of the Library into a program that is not a library.

4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable

form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.

If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code.

5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being

compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License.

However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables.

When a "work that uses the Library" uses material f rom a header file that is part of the Library, the o bject code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law.

If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.)

Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself.

6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to

produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications.

You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things:

* a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.)

Administrator’s Handbook

* b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with.

* c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution.

* d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place.

* e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed

for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute.

7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things:

* a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above.

* b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work.

8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it.

10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License.

11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library.

If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances.

It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.

This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation.

14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.

NO WARRANTY

15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT

PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR

ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

END OF TERMS AND CONDITIONS

libtecla 1.6.1

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, provided that the above copyright notice(s) and this permission notice appear in all copies of the Software and that both the above copyright notice(s) and this permission notice appear in supporting documentation. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESSOR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Except as contained in this notice, the name of a copyright holder shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization of the copyright holder.

lua 5.1.5

Lua is licensed under the terms of the MIT license reproduced below. This means that Lua is free software and can be used for both academic and commercial purposes at absolutely no cost.

For details and rationale, see http://www.lua.org/license.html .

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

miniupnp 20070228

Thomas BERNARD License Copyright (c) 2006-2007, Thomas BERNARD All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following

conditions are met:

Administrator’s Handbook

* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

* The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

muhttp 1.1.5

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

OpenSSL 0.9.8x

OpenSSL SSLeay License

LICENSE ISSUES

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

OpenSSL License

----------------------Copyright (c) 1998-2008 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following

conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://

www.openssl.org/)"

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://

www.openssl.org/)"

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License

-----------------------

Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved. This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following

disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)" The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-).

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must

include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

pcre 5.0

HIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE MPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.]

PCRE is a library of functions to support regular expressions whose syntax and semantics are as close as possible to those of the Perl 5 language. Release 5 of PCRE is distributed under the terms of the "BSD" licence, as specified below. The documentation for PCRE, supplied in the "doc" directory, is distributed under the same terms as the software itself.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

Administrator’s Handbook

* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following

disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the University of Cambridge nor the names of its contributors may be used to endorse or promote

products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED

WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BELIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

PPPD Composite Licenses

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

3. The name "Carnegie Mellon University" must not be used to endorse or promote products derived from this software without prior written permission. For permission or any legal details, please contact

Office of Technology Transfer Carnegie Mellon University 5000 Forbes Avenue Pittsburgh, PA 15213-3890 (412) 268-4387, fax: (412) 268-7395 tech-transfer@andrew.cmu.edu

4. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/

computing/)."

CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

------------------------------------------------------------------------------

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. The name(s) of the authors of this software must not be used to endorse or promote products derived from this software without prior written permission.

3. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by Paul Mackerras <paulus@samba.org>". THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL

IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

------------------------------------------------------------------------------

Author: Arvin Schnell <arvin@suse.de> . (No copyright, but listed the author for attribution.)

------------------------------------------------------------------------------

This plugin may be distributed according to the terms of the GNU General Public License, version 2 or (at your option) any later version.

MPPE support is by Ralf Hofmann, <ralf.hofmann@elvido.net>, with modification from Frank Cusack, <frank@google.com>.

This plugin may be distributed according to the terms of the GNU General Public License, version 2 or (at your option) any later version.

------------------------------------------------------------------------------

Author: Ben McKeegan ben@netservers.co.uk

This plugin may be distributed according to the terms of the GNU General Public License, version 2 or (at your option) any later version. See the respective source files to find out which copyrights apply.

------------------------------------------------------------------------------

Permission to use, copy, modify, and distribute this software for any purpose and without fee is hereby granted, provided that this copyright and permission notice appear on all copies and supporting documentation, the name of Roaring Penguin Software Inc. not be used in advertising or publicity pertaining to distribution of the program without specific prior permission, and notice be given in supporting documentation that copying and distribution is by permission of Roaring Penguin Software Inc.. Roaring Penguin Software Inc. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty.

------------------------------------------------------------------------------

Permission to use, copy, modify, and distribute this software for any purpose and without fee is hereby granted, provided that this copyright and permission notice appear on all copies and supporting documentation, the name of Lars Fenneberg not be used in advertising or publicity pertaining to distribution of the program without specific prior permission, and notice be given in supporting documentation that copying and distribution is by permission of Lars Fenneberg. Lars Fenneberg makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty.

Administrator’s Handbook

------------------------------------------------------------------------------

Livingston Enterprises, Inc. 6920 Koll Center Parkway Pleasanton, CA 94566

Permission to use, copy, modify, and distribute this software for any purpose and without fee is hereby granted, provided that this copyright and permission notice appear on all copies and supporting documentation, the name of Livingston Enterprises, Inc. not be used in advertising or publicity pertaining to distribution of the program without specific prior permission, and notice be given in supporting documentation that copying and distribution is by permission of Livingston Enterprises, Inc. Livingston Enterprises, Inc. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty.

------------------------------------------------------------------------------

Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies of the software and derivative works or modified versions thereof, and that both the copyright notice and this permission and disclaimer notice appear in supporting documentation. THIS SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE REGENTS OF THE UNIVERSITY OF MICHIGAN AND MERIT NETWORK, INC. DO NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET LICENSEE'S REQUIREMENTS OR THAT OPERATION WILL BE UNINTERRUPTED OR ERROR FREE. The Regents of the University of Michigan and Merit Network, Inc. shall not be liable for any special, indirect, incidental or consequential damages with respect to any claim by Licensee or any third party arising from use of the software.

------------------------------------------------------------------------------

License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 MessageDigest Algorithm" in all material mentioning or referencing this software or this function.

License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work. RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this software for any particular purpose. It is provided "as is" without express or implied warranty of any kind.

These notices must be retained in any copies of any part of this documentation and/or software.

------------------------------------------------------------------------------

Permission to use, copy, modify, and distribute this software and its documentation is hereby granted, provided that the above copyright notice appears in all copies.

SUN MAKES NO REPRESENTATION OR WARRANTIES ABOUT THE SUITABILITY OF THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. SUN SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES

------------------------------------------------------------------------------

This code is derived from software contributed to Berkeley by James A. Woods, derived from original work by Spencer Thomas and Joseph Orost.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following

disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This

product includes software developed by the University of California, Berkeley and its contributors.

4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products

derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Redistribution and use in source and binary forms are permitted provided that the above copyright notice and this paragraph are duplicated in all such forms and that any documentation, advertising materials, and other materials related to such distribution and use acknowledge that the software was developed by the University of California, Berkeley. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989:

- Initial distribution.

Modified June 1993 by Paul Mackerras, paulus@cs.anu.edu.au, so that the entire packet being decompressed doesn't have to be in contiguous memory (just the compressed header).

--------------------------------------

Updated to ppp-2.4.2 by David Woodhouse 2004.

- disconnect method added

- remove_options() abuse removed.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

Administrator’s Handbook

------------------------------------------------------------------------------

This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.

3. This notice may not be removed or altered from any source distribution. Jean-loup Gailly Mark Adler gzip@prep.ai.mit.edu madler@alumni.caltech.edu

---------------------------------------

Copyright (C) 2003 Andrew Bartlet <abartlet@samba.org> Copyright 1999 Paul Mackerras, Alan Curry. Copyright (C) 2002 Roaring Penguin Software Inc. Copyright (C) 1996, Matjaz Godec <gody@elgo.si> Copyright (C) 1996, Lars Fenneberg <in5y050@public.uni-hamburg.de> Copyright (C) 1997, Miguel A.L. Paraz <map@iphil.net> Copyright (C) 1995,1996,1997,1998 Lars Fenneberg <lf@elemental.net> Copyright (C) 2002 Roaring Penguin Software Inc. Copyright (C) 2003, Sean E. Millichamp <sean at bruenor dot org>

This plugin may be distributed according to the terms of the GNU General Public License, version 2 or (at your option) any later version.

------------------------------------------------------------

This program may be distributed according to the terms of the GNU General Public License, version 2 or (at your option) any later version.

------------------------------------------------------------

This program may be distributed according to the terms of the GNU General Public License, version 2 or (at your option) any later version.

----------------------------------------------------------------

Non-exclusive rights to redistribute, modify, translate, and use this software in source and binary forms, in whole or in part, is hereby granted, provided that the above copyright notice is duplicated in any source form, and that neither the name of the copyright holder nor the author is used to endorse or promote products derived from this software.

100

THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

ARRIS 2247-N8-10NA Admin Handbook

Specifications and Main Features

Frequently Asked Questions

User Manual

Table of Contents

CHAPTER 2 Command Line Interface

Overview

Starting and Ending a CLI Session

Logging In

Ending a CLI Session

Using the CLI Help Facility

About SHELL Commands

SHELL Prompt

SHELL Command Shortcuts

SHELL Commands

Common Commands

WAN Commands

About CONFIG Commands

CONFIG Mode Prompt

Navigating the CONFIG Hierarchy

Entering Commands in CONFIG Mode

Guidelines: CONFIG Commands

Displaying Current Gateway Settings

Step Mode: A CLI Configuration Technique

Validating Your Configuration

CONFIG Commands

Connection commands

Filterset commands

Global Filterset (“IPv6 Firewall”) commands

Queue commands

IP Gateway commands

IPv6 Commands

IP 6in4 Tunneling Commands

IP DNS commands

IP IGMP commands

NTP commands

Application Layer Gateway (ALG) commands

Dynamic DNS Commands

Link commands

Management commands

Remote access commands

Physical interfaces commands

PPPoE relay commands

NAT Pinhole commands

Security Stateful Packet Inspection (SPI) commands

System commands

Debug Commands

Disclaimer & Warning Text

Commands

TR-069 CLI CShell Commands (debug mode)

Motorola 2247-N8 DSL Wi-Fi Gateway Specifications

Communications Interfaces:

Power requirements

Environment

Software and protocols

Agency Approvals

Regulatory Notices

Manufacturer’s Declaration of Conformance

47 CFR Part 68 Information

FCC Requirements

FCC Statements

Electrical Safety Advisory

Warranty Information

Software License, Limited Warranty and Limitation of Remedies

Software License

Warranty Information

Copyright Acknowledgments

Open Source Software Information