iS5 iSG4F User Manual

Download

Intelligent Flexible Secure Gateway

IEC 61850-3 and IEEE 1613 compliant

iSG4F User’s Manual

Version 1.1

September 2014

iS5 Communications Inc.

#3-7490 Pacific Circle Mississauga, Ontario, L5T 2A3 Tel: + 905 670 0004 Fax: + 289 401 5201 Website: www.iS5Com.com E-mail: support@iS5Com.com

iSG4F User’s Manual

No part of this publication may be reproduced in any form without the prior written consent of

iS5 Communications Inc. (iS5).

TRADEMARKS

iS5Com is a registered trademark of iS5. All other trademarks belong to their respective owners.

REGULATORY COMPLIANCE STATEMENT

Product(s) associated with this publication complies/comply with all applicable regulations.

Please refer to the Technical Specifications section for more details.

WARRANTY

iS5 warrants that all products are free from defects in material and workmanship for a specified

warranty period from the invoice date (5 years for most products). iS5 will repair or replace

products found to be defective within this warranty period including shipping costs. This

warranty does not cover product modifications or repairs done by persons other than

iS5-approved personnel, and this warranty does not apply to products that are misused,

abused, improperly installed, or damaged by accident.

Please refer to the Technical Specifications section for the actual warranty period(s) of the

product(s) associated with this publication.

DISCLAIMER

Information in this publication is intended to be accurate. iS5 shall not be responsible for its use

or infringements on third-parties as a result of its use. There may occasionally be

unintentional errors on this publication. iS5 reserves the right to revise the contents of this

publication without notice.

CONTACT INFORMATION

iS5 Communications Inc.

#3-7490 Pacific Circle, Mississauga, Ontario, L5T 2A3

Tel: + 905-670-0004 // Fax: + 289-401-5206

Technical Support E-mail: support@iS5Com.com

Sales Contact E-mail: sales@iS5Com.com

Website: www.iS5Com.com

iS5 Communications Inc.

Table of Content

iSG4F User’s Manual

CAUTION: LASER

CAUTION: SERVICE

CAUTION: PHYSICAL ACCESS

......................................................................................... 9

..................................................................................... 9

..................................................................... 9

Getting to Know Your Router ......................................................................10

1.1 About the iSG4F Intelligent Flexible Secure Gateway ................................................................ 10

1.2 Software Features ............................................................................................................................... 10

1.3 Hardware Features ............................................................................................................................. 10

Hardware Overview ...................................................................................... 11

2.1 Front Panel .......................................................................................................................................... 11

2.2 Rear ....................................................................................................................................................... 12

2.3 Bottom ................................................................................................................................................. 12

2.4 Side view .............................................................................................................................................. 12

2.5 Logical System Diagram ................................................................................................................... 13

Hardware Installation ................................................................................... 13

3.1 DIN Rail Mounting ........................................................................................................................... 13

3.2 Panel Mounting Option .................................................................................................................... 14

3.3 Chassis Ground Connection ............................................................................................................ 14

3.4 Power Connections ............................................................................................................................ 15

3.5 Console Connection .......................................................................................................................... 16

Configuration ............................................................................................... 16

5.1 Command Line Interface .................................................................................................................. 16

5.2 Supported Functionalities ................................................................................................................. 17

5.3 System Default State .......................................................................................................................... 18

5.4 Main Commands ................................................................................................................................ 18

System Version and Data Base ................................................................... 19

6.1 Configuration Database .................................................................................................................... 19

6.2 OS VERSION .................................................................................................................................... 20

6.3 Commands Hierarchy ........................................................................................................................ 20

6.4 OS Upgrade Example........................................................................................................................ 21

6.5 Safe Mode ............................................................................................................................................ 23

iS5 Communications Inc.

iSG4F User’s Manual

6.5.1 Safe Mode View .................................................................................................................................. 23

6.5.2 SW Image Installation ....................................................................................................................... 25

Ethernet Port Interfaces .............................................................................. 27

7.1 Commands Hierarchy ........................................................................................................................ 28

7.2 Port Commands Example ................................................................................................................ 28

8.1 Serial Console Port .......................................................................................................... 30

8.1.1 Connecting to the Console Port ....................................................................................... 30

8.1.2 CLI Terminal Commands ................................................................................................ 31

8.2 Management .................................................................................................................... 31

8.2.1 Default state .................................................................................................................... 31

8.2.2 Commands Hierarchy ...................................................................................................... 31

8.2.3 Commands Description ................................................................................................... 32

IP Interfaces .................................................................................................. 33

9.1 IP Interfaces .................................................................................................................... 33

9.1.1 Interface Assignment Rules .............................................................................................. 34

9.1.2 IP interface id .................................................................................................................. 35

9.1.3 IP interface VLAN id ....................................................................................................... 35

9.1.4 IP Interface Commands Hierarchy ................................................................................... 35

9.1.5 IP Interface Commands Description ................................................................................ 36

9.1.6 IP Interface Example ....................................................................................................... 36

9.1.7 DHCP Example............................................................................................................... 39

Diagnostic..................................................................................................... 40

10.1 System logs export ........................................................................................................... 40

10.1.1 Commands Hierarchy ...................................................................................................... 40

10.1.2 Commands Description ................................................................................................... 40

10.2 Capture Ethernet service traffic ....................................................................................... 40

10.2.1 Commands Hierarchy ...................................................................................................... 41

10.2.2 Commands Description ................................................................................................... 41

10.2.3 Example .......................................................................................................................... 42

10.3 Syslog .............................................................................................................................. 43

10.3.1 Syslog Priority indicator ................................................................................................... 43

10.3.2 Syslog Commands Hierarchy ............................................................................................ 44

10.3.3 Syslog Output example .................................................................................................... 44

Alarm Relay .................................................................................................. 45

11.1 Alarm Relay Wiring example ............................................................................................ 45

iS5 Communications Inc.

iSG4F User’s Manual

11.2 Alarm Relay Contact Capabilities ..................................................................................... 46

11.3 Supported Alarms ............................................................................................................ 46

11.3.1 SFP port state .................................................................................................................. 46

11.3.2 L2 VPN state ................................................................................................................... 46

11.3.3 System up/down .............................................................................................................. 46

11.4 Default state .................................................................................................................... 46

11.5 Commands Hierarchy ...................................................................................................... 46

11.6 Commands Description ................................................................................................... 47

Clock and Time ............................................................................................ 48

12.1 Local Clock Commands Hierarchy ................................................................................... 48

12.2 Local Clock Commands Description ................................................................................ 49

12.3 Set Local Clock Example ................................................................................................. 49

ACLs ............................................................................................................. 49

13.1 ACL Commands Hierarchy .............................................................................................. 50

13.2 ACL Commands Descriptions ......................................................................................... 50

13.3 Configuration Example .................................................................................................... 53

QOS ............................................................................................................... 53

14.1 QOS Commands Hierarchy ............................................................................................. 53

14.2 QOS Commands Descriptions ......................................................................................... 53

NAT ................................................................................................................ 54

15.1 NAT Networking ............................................................................................................. 54

15.2 NAT Commands Hierarchy ............................................................................................. 55

15.3 NAT Commands Description .......................................................................................... 56

15.4 NAT Example ................................................................................................................. 56

OSPF ............................................................................................................. 59

16.1 OSPF Application Commands Hierarchy ......................................................................... 59

16.2 OSPF Application Commands Descriptions .................................................................... 59

16.3 OSPF setup example ........................................................................................................ 60

RIPv2 ............................................................................................................. 66

17.1 RIP Commands Hierarchy ............................................................................................... 66

17.2 RIP Commands Descriptions ........................................................................................... 67

Serial Ports and Services ............................................................................ 68

18.1 Serial interfaces ................................................................................................................ 69

18.2 Services configuration structure ....................................................................................... 69

iS5 Communications Inc.

iSG4F User’s Manual

18.3 Serial Commands Hierarchy ............................................................................................. 70

18.4 Serial Commands Description .......................................................................................... 71

18.5 Declaration of ports ........................................................................................................ 74

18.6 Serial Port Default State ................................................................................................... 75

18.7 RS- 232 Port Pin Assignment ........................................................................................... 75

18.8 RS- 232 Serial cable .......................................................................................................... 76

18.9 Led States ........................................................................................................................ 76

Transparent Serial Tunneling ...................................................................... 77

19.1 Concept of Operation ..................................................................................................... 77

19.2 Supported Network Topologies ....................................................................................... 78

19.2.1 Point to Point .................................................................................................................. 78

19.2.2 Point to multipoint point ................................................................................................. 78

19.2.3 Multi Point to multipoint point ........................................................................................ 79

19.3 Modes of Operation ........................................................................................................ 79

19.3.1 Port Mode ....................................................................................................................... 80

19.3.2 Service Buffer Mode ........................................................................................................ 80

19.3.3 Service Connection Mode ................................................................................................ 81

19.4 Addressing Aware Modes ................................................................................................. 81

19.5 Reference drawing ............................................................................................................ 82

19.6 Serial Traffic Direction ..................................................................................................... 83

19.6.1 Serial ports counters ........................................................................................................ 83

19.7 Allowed Latency .............................................................................................................. 84

19.8 Tx Delay .......................................................................................................................... 84

19.9 Bus Idle Time .................................................................................................................. 84

19.9.1 Byte mode ....................................................................................................................... 84

19.9.2 Frame mode..................................................................................................................... 84

19.10 Example Serial Tunneling................................................................................................. 85

Protocol Gateway IEC 101 to IEC 104 ........................................................ 86

20.1 Modes of Operation ........................................................................................................ 87

20.2 IEC101/104 Gateway properties IEC 101 ....................................................................... 88

20.3 IEC101/104 Gateway Configuration ................................................................................ 89

20.4 Gateway 101/104 Configuration Flow ............................................................................. 90

20.5 Gateway 101/104 Commands Hierarchy .......................................................................... 92

20.6 Gateway 101/104 Commands .......................................................................................... 93

20.7 Example Gateway 101/104 .............................................................................................. 96

Terminal Server ............................................................................................ 98

21.1 Terminal Server service .................................................................................................... 98

iS5 Communications Inc.

iSG4F User’s Manual

21.2 Terminal Server Commands Hierarchy ........................................................................... 100

21.3 Terminal Server Commands ........................................................................................... 101

21.4 Example local Service .................................................................................................... 107

21.5 Example Networking ..................................................................................................... 111

Modbus Gateway ....................................................................................... 113

22.1 Modbus Gateway Implementation ................................................................................. 113

22.2 Modbus Gateway Commands Hierarchy ........................................................................ 113

22.3 Modbus Gateway Commands Description ..................................................................... 115

22.4 Modbus Gateway Example ............................................................................................ 116

DNP3 Gateway ............................................................................................ 119

23.1 DNP3 Gateway Example ............................................................................................... 119

VPN ............................................................................................................. 120

24.1 Background ................................................................................................................... 120

24.2 Modes supported ........................................................................................................... 120

24.3 Layer 2 VPN .................................................................................................................. 120

24.4 Layer 3 DM-VPN .......................................................................................................... 121

24.5 L2-VPN Commands Hierarchy ...................................................................................... 121

24.6 L2-VPN Commands ...................................................................................................... 122

24.7 L3 DM-VPN Commands Hierarchy ............................................................................... 122

24.8 L3 IPSec-VPN Commands Hierarchy ............................................................................ 123

24.9 IPSec ............................................................................................................................. 124

24.10 Applications ................................................................................................................... 124

24.11 Authentication Header (AH) .......................................................................................... 124

24.12 Encapsulating Security Payload (ESP) ............................................................................ 124

24.13 Security Associations...................................................................................................... 124

24.14 ISAKMP ........................................................................................................................ 125

24.15 IKE ............................................................................................................................... 125

24.15.1 ISAKMP Phase 1 ........................................................................................................... 125

24.15.2 ISAKMP Phase 2 ........................................................................................................... 132

24.16 IPSec Command Association ......................................................................................... 133

24.17 IPSec Commands Hierarchy .......................................................................................... 134

24.18 IPsec Commands ........................................................................................................... 136

24.19 IPSec defaults ................................................................................................................ 142

GPRS/UMTS Interface ................................................................................ 142

25.1 Overview ....................................................................................................................... 142

25.2 Method of operation ..................................................................................................... 143

iS5 Communications Inc.

iSG4F User’s Manual

25.2.1 SIM card state ................................................................................................................ 144

25.2.2 Backup and redundancy ................................................................................................. 146

25.3 GPRS/UMTS Commands Hierarchy ............................................................................. 147

25.4 GPRS/UMTS Commands Description .......................................................................... 148

25.5 Default State .................................................................................................................. 152

25.6 Led States ...................................................................................................................... 152

25.7 Example for retrieving the IMEI .................................................................................... 152

25.8 Example for SIM Status ................................................................................................. 153

VPN Setup Examples ................................................................................. 154

26.1 L2 VPN over Layer 3 cloud ........................................................................................... 154

26.1.1 Network drawing ........................................................................................................... 154

26.1.2 Configuration................................................................................................................. 154

26.1.3 Implementing IPSec ....................................................................................................... 157

26.2 L3 IPSec VPN over Layer 3 cloud .................................................................................. 157

26.2.1 Network drawing ........................................................................................................... 158

26.2.2 Configuration................................................................................................................. 158

26.3 DM-VPN Setup ............................................................................................................. 163

26.3.1 Network drawing ........................................................................................................... 163

26.3.2 Configuration................................................................................................................. 164

26.4 DM-VPN over Cellular Setup ........................................................................................ 167

26.4.1 Network drawing ........................................................................................................... 168

26.4.2 Configuration................................................................................................................. 169

26.4.3 Testing the setup ............................................................................................................ 172

26.4.4 Adding a terminal server service .................................................................................... 175

26.4.5 Adding a transparent serial tunneling service .................................................................. 176

Application Aware Firewall........................................................................ 177

27.1 Firewall Service Flow ..................................................................................................... 177

27.2 Firewall Flow Illustration ............................................................................................... 178

27.3 Supported Hardware ...................................................................................................... 178

27.4 Configuration................................................................................................................. 178

27.5 Example ........................................................................................................................ 179

27.6 Firewall Commands Hierarchy ....................................................................................... 180

27.7 Firewall Commands ....................................................................................................... 180

Technical Specifications ........................................................................... 182

iS5 Communications Inc.

iSG4F User’s Manual

FCC Statement and Cautions

Federal Communications Commission Radio Frequency Interference Statement

This equipment has been tested and found to comply with the limits for a Class A digital device

pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection

against harmful interference when the equipment is operated in a commercial environment.

This equipment can generate, use, and radiate radio frequency energy. If not installed and used in

accordance with the instruction manual, may cause harmful interference to radio

communications. Operation of this equipment in a residential area is likely to cause harmful

interference in which case the user will at his/her own expense, be required to correct the

interference.

Caution: LASER

This product contains a laser system and is classified as a CLASS 1 LASER PRODUCT. Use of controls

or adjustments or performance of procedures other than those specified herein may result in

hazardous radiation exposure.

Caution: Service

This product contains no user-serviceable parts. Attempted service by unauthorized personnel shall

render all warranties null and void.

Changes or modifications not expressly approved by iS5 Communications Inc. could invalidate

specifications, test results, and agency approvals, and void the user's authority to operate the

equipment.

Should this device require service, please contact support@iS5Com.com.

Caution: Physical Access

This product should be installed in a restricted access location. Access should only be gained by qualified

service personnel or users who have been instructed on the reasons for the restrictions applied at the

location, and any precautions that have been taken. Access must only be via the use of a tool or lock

and key, or other means of security, and is controlled by the authority responsible for the location.

iS5 Communications Inc.

iSG4F User’s Manual

Getting to Know Your Router

1.1 About the iSG4F Intelligent Flexible Secure Gateway

The iSG4F Flexible Secure Gateway is designed for use in remote sites that require secure remote connections over a public network (via serial or IP connection). A serial RTU/IED connected to an iSG4F would communicate its data over a landline or a cellular public/private connection for those sites that are remotely distributed and connected to a SCADA control center. The user data can either be transparently encapsulated over an IP tunnel, or converted to an IP SCADA session using the integrated SCADA gateway. Network connectivity is secured using a Layer 2 or Layer 3 VPN with IPSec, as well a SCADA firewall for validating all traffic to the device. The iSG4F can be managed centrally and conveniently by our powerful Windows utility called the iManage Software Suite. The product is made from galvanized steel and has a wide operating temperature from -40°C to 85°C suitable for the harshest of environments without the use of fans.

1.2 Software Features

Layer 2 and Layer 3 VPN with IPSec SCADA firewall for validating all traffic to the device Supports Layer 3 protection Supports Gateway Translation for IES 101, IEC 104, Modbus and DNP3 ACL (Access Control Lists) NAT (Network Address Translation) OSPF (Open Shortest Path First) protocol RIPv2 (Routing Information Protocol) Transparent Serial Tunneling Terminal Server service for transposing of a TCP session to serial session Modbus RTU to Modbus TCP GPRS/UMTS Interface

1.3 Hardware Features

Network Uplink over Ethernet or Cellular Supports 2 x RS232 ports, or 1 x RS232 and 1x RS485 port (RJ45 sockets) Supports 1x 10/100 Base (TX) and 1 x 1000 Base (X) Ethernet Ports Supports 2 SIM Cellular Interfaces for connecting to remote sites over a cellular network Console Port Dual Redundant Power Input Wide Operating Temperature: -40 to 85

iS5 Communications Inc.

iSG4F User’s Manual

Port

Description

Console

RJ45, EIA232 VT-100 compatible port

Ethernet Port 1, 1 X 10/100/1000 Base- T(X) RJ45 port

Ethernet Port 2, 1 x 100/1000Base-X on SFP port (SFP located on

bottom side)

S1, S2

Serial port 1 and Serial port 2, RS232 Serial RJ45 Ports

Optional: 1 X RS232 Serial RJ45 Port and 1 X RS485 Serial RJ45 Port

Cellular

Dual SIM GPRS/UMTS

Storage Temperature: -40 to 85 Operating Humidity: 5% to 95%, non-condensing DIN Rail or Wall mount option Chassis: IP-40 Galvanized Steel Dimensions(W x D x H) : 127 mm(W)x 163.6 mm( D )x 154.2 mm(H) (5 in x 6.44 in x 6.07 in)

Hardware Overview

2.1 Front Panel

Product description:

iS5 Communications Inc.

iSG4F User’s Manual

2.2 Rear

The image below shows the DIN bracket on the back of the router. Circled in red are the mounting holes

for the Panel bracket mounting option.

2.3 Bottom

The image below shows the 10 position terminal block and ground lug of the iSG4F.

2.4 Side view

The image below shows the side of the iSG4F with the product label displaying router information. Circled

in red are the side mounting holes for the Panel bracket mounting option.

iS5 Communications Inc.

2.5 Logical System Diagram

iSG4F User’s Manual

Hardware Installation

3.1 DIN Rail Mounting

Each router has a DIN-Rail bracket on the rear panel that allows the router to be mounted on

a DIN Rail. To mount the iSG4F on a DIN Rail follow the steps below.

1. Slant the top of the router back and hook the top of the DIN bracket onto the top of the

DIN rail.

2. Push the bottom of the router towards the DIN Rail until in clicks in to place.

iS5 Communications Inc.

Note: To release the router from the DIN Rail, pull the latch at the bottom of the router down

to release the DIN bracket from the DIN Rail. While pulling the latch down, pull the bottom of

the router away from the DIN Rail. The router will now lift off of the DIN rail.

3.2 Panel Mounting Option

The router can also has an option to be panel or wall mounted. The following steps show how

to mount the router on a panel or wall.

1. Install the Panel mounting hardware onto the router. The user can choose rear mounting

or side mounting. Note: To avoid damage to the unit please use the 4 screws provided to

attach the panel mount brackets onto the router.

iSG4F User’s Manual

2. Use the holes in the brackets to secure the router to a wall or panel.

3.3 Chassis Ground Connection

The iSG4F chassis ground connection uses a #6-32 Screw. We recommend terminating the ground

connection using a #6 ring lug, and a torque setting of 15 in.lbs (1.7Nm). The red outline indicates the

location of the chassis ground.

iS5 Communications Inc.

iSG4F User’s Manual

Terminal

Number

Description

Connection

- PWR1 (+/L) – Line or Positive

- PWR1 (+): Positive

Connected to the line or positive

terminal of the first power source.

- PWR1 – Ground

Power supply 1 ground connection.

- PWR1 (-/N) – Neutral or Negative

- PWR1 (-) : Negative

Connected to the neutral or negative

terminal of the first power source.

– Chassis Ground

Connected to the safety ground terminal

for AC units or the ground bus for DC

inputs. Chassis ground connects to both

power supply surge grounds via a

removable jumper.

- PWR2 (+/L) – Line or Positive

Connected to the line or positive

3.4 Power Connections

The iSG4F router supports dual redundant power supplies (PWR1 and PWR2). There are 3 options for

each power supply:

1. LV: Dual Input 10-48VDC

2. MV: Dual Input 36-75VDC

3. HV: Single Input 85-264VAC or 88-370VDC.

The label on the terminal block will indicate the accepted voltage range for PWR1 and PWR2. Positions 2,

4 and 6 are all for ground connections (connected via a removable jumper) and can be used for any ground

connection.

The Phillips Screw Terminal Block has Phillips screws with compression plates, allowing either bare wire

connections or crimped terminal lugs. The use of #6 size ring lugs is recommended to ensure secure and

reliable connections under severe shock or vibration. The terminal block comes with a safety cover which

must be removed before connecting any wires. This cover must be re-attached after wiring to ensure

personnel safety.

The table below lists the connections for the terminal block.

iS5 Communications Inc.

iSG4F User’s Manual

- PWR2 (+): Positive

terminal of the second power source.

- PWR2 – Ground

Power supply 2 ground connection.

- PWR2 (-/N) – Neutral or Negative

- PWR2 (-) : Negative

Connected to the neutral or negative

terminal of the second power source.

RLY NO

Failsafe relay, normally open contact.

RLY CM

Failsafe relay, common contact.

N/C

No connection

100-240VAC rated equipment: A 250VAC appropriately rated circuit

breaker must be installed.

Equipment must be installed according to the applicable country wiring

codes.

When equipped with a HI voltage power supply and DC backup,

88-300VDC rated equipment: A 300VDC appropriately rated circuit breaker

must be installed.

A circuit breaker is not required for DC power supply voltages of 10-48VDC. For Dual DC power supplies, separate circuit breakers must be installed and

separately identified.

Equipment must be installed according to the applicable country wiring

3.5 Console Connection

To manage the router via the console port, connect the console cable (provided with the iSG4F) from a PC

serial port (DB9) to the Console port on the front of the router (RJ45).

Configuration

5.1 Command Line Interface

iS5 Communications Inc.

The CLI (Command Line Interface) is used to configure the iSG4F from a console attached to

the serial port of the router or from a remote terminal using SSH. The following table lists the

CLI environments and modes.

iSG4F User’s Manual

Command Mode

Access Method

Prompt

Exit Method

Global

Configuration

Environment

(GCE)

Following user log in this

mode is available to the user.

iSG4F#

To exit this mode

would mean the user

to log out from the

system.

Use the command

‘exit’

Global Hierarchy

Configuration

From the Global

Configuration mode

command you may drill down

to specific feature sub tree.

Example is shown here for

router configuration sub tree.

router/

To exit one level back,

the ‘..’ (Two dots) is

used.

Application

Configuration

Environment

(ACE)

The ACE is an alternative

configuration environment for

supported features

ACE#

To exit back to the GCE

mode use the ‘exit’

command.

ACE Config

Use the command ‘configure’

to access the ACE

Configuration mode

ACE(config)#

To exit back to the ACE

mode use the ‘exit’

command.

Application

Hierarchy

Configuration

Access the target feature. For

example :

‘interface vlan 1’

ACE(config-if-eth1.1)#

To return one level up

use ‘exit’.

To return to the ACE

use ‘end’.

5.2 Supported Functionalities

iS5 Communications Inc.

The iSG4F is a feature rich industrial router supporting:

L3 dynamic and static Routing SCADA services Firewall Secure networking

Supported features include:

Ethernet Ports Serial Ports

Cellular Modem VPN

TFTP OSPF

iSG4F User’s Manual

Feature

Default state

Ethernet Ports

All ports are enabled

Serial interfaces

Disabled

Cellular modem

Disabled

Layer 3 interface

No default IP

DHCP Client

disabled

SSH

Disabled

Telnet

Enabled

Syslog

Disabled

ACLs

Disabled

Firewall

Disabled

VPN

Disabled

Vlan Tagging IPSec Management Authentication

5.3 System Default State

The following table details the default state of features and interfaces.

SCADA Gateway SCADA Firewall QOS Serial Services

Terminal Services NAT RIP DHCP Client

5.4 Main Commands

The Application Configuration Environment list of main CLI commands is shown below.

+ root

+ Router {interface | route |static |ospf |ip |rip}

+ cellular {connection | continuous-echo| disable |enable| modem|

network| refresh| settings| show| wan}

+ commit

+ capture {delete |export |help |show |start |stop}

+ date

+ discrete {service| show}

+ dns {host| resolver}

+ exit

+ firewall {log| profile| tcp| serial}

iS5 Communications Inc.

iSG4F User’s Manual

+ idle-timeout

+ iec101-gw {cnt| operation| config iec-101| config iec-104| config

gw| show}

+ ipsec {enable| disable| isakmp update| policy| preshared| log-show| show|

show-sa proto}

+ ipsec-vpn tunnel {show | create | remove}

+ vpn {gre| ipsec| l2}

+ ping

+ reload {cancel| schedule| show}

+ schedule {add |show |remove}

+ serial {card |port| local-end-point| remote-end-point}

+ ssh

+ syslog show

+ telnet

+ terminal-server {admin-status| counters| settings| connections| serial-tunnel|

telnet-service}

+ trace

+ version

System Version and Data Base

6.1 Configuration Database

By default User configuration is saved in a file called iSG4F.conf. Configuration saved in this

file will be available at system startup. If this file is deleted, the system will boot with the

iSG4Fnvram.txt file holding factory configuration.

User Configuration is taking effect immediately upon entering. No specific COMMIT command

is required.

The user can as well save his running configuration in a file with a chosen name for backup

and boot the system with this file when needed.

Multiple running configuration files can be saved with different names locally on the flash or

a TFTP /SFTP server.

However, configuration which will not be saved as bellow example will not be available

following system reboot.

User configuration is saved (to the iSG4F.conf) using the following command:

iSG4F# commit

iS5 Communications Inc.

iSG4F User’s Manual

NOTE

iSG4F.conf and iSG4Fnvram.txt files are not accessible for the user to do file

operations on (copy ,rename and such)

NOTE

The iSG4F can hold at its disk maximum two OS image files. Before

downloading a new OS file to the router make sure the iSG4F has on it only one

(the active) file. If needed, delete the unused file before attempting to

download new.

Building configuration...

[OK]

Removing all user configuration and setting the router to its factory defaults is done by

erasing the iSG4F.conf with the following command:

iSG4F# delete startup-cfg

iSG4F# reload

6.2 OS VERSION

Updating of system version is available by TFTP/SFTP server or safe mode.

Available OS files on the router can be seen with command showed below.

Running OS file is marked with “active”.

iSG4F#os-image show-list

Versions list:

IS5_iSG4F_4.0.02.08.tar (active)

6.3 Commands Hierarchy

+ Root

- commit

+ delete

iS5 Communications Inc.

- diagnostics

- logs

- startup-cfg

- os-image show-list

- os-image activate version-name <file_name>

- os-image delete version-name <file_name>

- os-image download-sw sftp://user:password@aa.bb.cc.dd/file_name

- os-image download-sw tftp://aa.bb.cc.dd/file_name

- os-image download-status

- Reload

- db import {remote-host <IP, A.B.C.D>} [filename <>]

- db export {remote-host <IP, A.B.C.D>} [filename <>]

- show disk info

6.4 OS Upgrade Example

iSG4F User’s Manual

The following flow will show how to upgrade the OS image file and export the data base.

1. Connect your PC via serial console cable to the iSG4F console port.

2. Create an IP interface over eth1.

iSG4F#router interface create address-prefix 172.18.212.231/24

physical-interface eth1 purpose application-host

3. Check connectivity to the TFTP server from which the software will be downloaded.

PING 172.18.212.240 (172.18.212.240): 56 data bytes

64 bytes from 172.18.212.240: seq=0 ttl=64 time=1.026 ms

64 bytes from 172.18.212.240: seq=1 ttl=64 time=0.642 ms

64 bytes from 172.18.212.240: seq=2 ttl=64 time=0.647 ms

4. Display available OS files.

iS5 Communications Inc.

iSG4F User’s Manual

iSG4F# os-image show-list

Versions list:

IS5_iSG4F_4.0.02.07.tar (active)

IS5_iSG4F_4.0.02.06.tar

5. Delete unneeded OS files.

iSG4F# os-image delete version-name IS5_iSG4F_4.0.02.06.tar

iSG4F# os-image show-list

Versions list:

IS5_iSG4F_4.0.02.07.tar (active)

iSG4F#

6. Download OS file from TFTP server.

Command syntax:

iSG4F# os-image download download tftp://aa.bb.cc.dd/file_name

Example:

os-image download download-sw

tftp://172.18.212.240/IS5_iSG4F_4.0.02.09.tar

7. Following download progress.

iSG4F#os-image download-status

In progress 3 MB

iSG4F#os-image download-status

In progress 10 MB

iSG4F#os-image download-status

In progress 16 MB

iSG4F#os-image download-status

Finished Download

8. Activating desired OS file (will automatically reboot the device).

iSG4F# os-image activate version-name IS5_iSG4F_4.0.02.09.tar

iSG4F# os-image show-list

iS5 Communications Inc.

Versions list:

IS5_iSG4F_4.0.02.07.tar

IS5_iSG4F_4.0.02.09.tar (active)

9. Exporting configuration data base to TFTP server.

Command syntax:

iSG4F# db export filename my-file-name remote-host aa.bb.cc.dd

Example:

iSG4F# db export filename db-May-14 remote-host 172.18.212.240

6.5 Safe Mode

The system has two safe mode menus available.

iSG4F User’s Manual

To access safe mode, connect to the router via console cable, reboot the unit and interrupt

the boot process at the safe mode prompt.

The first Safe mode is for use by approved technicians only and should not be used unless

specified by iS5 Communications. This safe mode state is available at the prompt:

“For first safe mode Press 's'...”

The second safe mode is accessible at the following prompt:

##########################

For safe mode Press 's'...

##########################

The screenshot in Safe Mode View details the 2 safe mode menus and their options for:

1. system reset

2. Loading the factory-default configuration for the device

3. Writing to the EEPROM (should be used only after consulting with iS5 Communications)

4. Recovering the device's images from a package file

5. Export / Import DB (running configuration)

6.5.1 Safe Mode View

For first safe mode Press 's'...

PHY: fixed-0:02 - Link is Up - 100/Full

iS5 Communications Inc.

iSG4F User’s Manual

-------------------------------------------------------------------------------

----------

|safe mode menu: |

| reset | 1 : Reset the device |

| format | 2 : Format flash |

| activate | 3 : Activate sw version on flash |

| install | 4 : Install first sw version from TFTP |

| continue | c : Continue with start up process |

| help | H : Display help about this utility |

Extracting software

01/01/70 00:01:09 Running applications

##########################

For safe mode Press 's'...

##########################

-------------------------------------------------------------------------------

----------

|safe mode menu:

| reset | 1 : Reset the device

| defcfg | 2 : Load the factory-default configuration for the device

| eeprom | 3 : Write to EEPROM

| recover | 4 : Recover the device's images from a package file

| db | 5 : Export / Import DB

| continue | c : Continue in start up process

| help | H : Display help about this utility

iS5 Communications Inc.

6.5.2 SW Image Installation

The Following steps are for the first software installation.

1. Connect your PC via serial console cable to the iSG4F console port.

2. Reboot the unit and Enter first safe mode. Select option 4.

-------------------------------------------------------------------------------

----------

|safe mode menu: |

| reset | 1 : Reset the device |

| format | 2 : Format flash |

| activate | 3 : Activate sw version on flash |

| install | 4 : Install first sw version from TFTP |

| continue | c : Continue with start up process |

iSG4F User’s Manual

| help | H : Display help about this utility |

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!! This choice will delete data from flash

!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!! Continue [y/n]

!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!

3. Assign IP address and subnet to the iSG4F.

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!

! Connect an ethernet cable to the ETH port and Enter the following parameters

(xxx.xxx.xxx.xxx) !

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!

DEVICE IP ADDRESS [10.10.10.5]: [enter an IP for the iSG4F]

DEVICE IP ADDRESS NETMASK [255.255.255.0]: [enter subnet ip for the iSG4F]

iS5 Communications Inc.

iSG4F User’s Manual

4. Choose the interface at which the telnet server is connected to the iSG4F.

Select Interface (press 1 or 2)[1]:

1) ETH1 10/100 MB

2) ETH2

5. Set the IP address of the TFTP server holding the OS-Image file

TFTP SERVER IP ADDRESS [10.10.10.10]: 10.10.10.6

6. Connect the iSG4F at port ETH1 (RJ45) to your tftp server.

Verify ping availability between the two.

7. Enter the OS-image file name.

Enter version number on TFTP Server.

For main menu press X

IS5_iSG4F_4.0.02.08.tar

iS5 Communications Inc.

iSG4F User’s Manual

8. OS-Image file will be downloaded and activated.

01/01/70 00:03:18 downloading IS5_iSG4F_4.0.02.08.tar from server

10.10.10.6 to /opt/iS5com,try #1

============25%===========50%===========75%=75%===========100%Version

Download Complete

OEM Ver IS5_iSG4F

OEM NEW_VERSION IS5_iSG4F_4.0.02.03.tar

Detected OEM 3

Veryfing sw version IS5_iSG4F_4.0.02.03.tar

=appl.tar.gz: OK

==vmlinux.UBoot: OK

SW version was verified successfully

vmlinux.tar

=vmlinux.UBoot: OK

Updating bank1 with vmlinux.UBoot file, please wait ...===OK

Version was installed and activated successfully

Reboot in 0=

Ethernet Port Interfaces

The iSG4F hardware includes the following Ethernet interfaces:

Gigabit Ethernet, copper RJ45.

Copper 10/100/1000 Base T(X) supported.

Referred to in CLI as eth1.

Gigabit Ethernet, SFP SGMII.

Copper and fiber SFP of 100/1000 Base X are supported.

Referred to in CLI as eth2.

SFP modules are not included.

iS5 Communications Inc.

7.1 Commands Hierarchy

+ root

+ port

- set port { eth1| eth2} [admin-status {disabled |enabled}]

[autoneg {on| off}] [duplex {half| full} [speed {10| 100|

1000}]

+ show

- interface-table port-type port {eth1| eth2}

- rmon-etherstat-table port {eth1| eth2}

- status

+ sf-port

- ddm

- detailed

- extended

iSG4F User’s Manual

7.2 Port Commands Example

iSG4F# port show interface-table port eth1

Interface ETH1

+------------------------+--------+-------------------------+-------+

+========================+========+=========================+=======+

| In non-unicast packets | 2670 | Out non-unicast packets | 5 |

+------------------------+--------+-------------------------+-------+

| In unicast packets | 233 | Out unicast packets | 4 |

+------------------------+--------+-------------------------+-------+

| In errors packets | 0 | Out errors packets | 0 |

+------------------------+--------+-------------------------+-------+

| In octets | 311651 | Out octets | 690 |

+------------------------+--------+-------------------------+-------+

| Unknown packets | 0 | | |

+------------------------+--------+-------------------------+-------+

iS5 Communications Inc.

iSG4F User’s Manual

iSG4F# port show status

+-----+------+------+--------------+------------------+-------+-------

+=====+======+======+==============+==================+=======+=======

| 1 | 1 | eth1 | enabled | on | 100M | full |

+-----+------+------+--------------+------------------+-------+-------

| 2 | 1 | eth2 | enabled | on | 100M | full |

+-----+------+------+--------------+------------------+-------+-------

iSG4F# port show rmon-etherstat-table port eth1

Interface ETH1

+---------------+--------+----------------+-------+

+===============+========+================+=======+

| total packets | 2789 | undersize | 0 |

+---------------+--------+----------------+-------+

| total octets | 300591 | oversize | 0 |

+---------------+--------+----------------+-------+

| broadcast | 1832 | Size 64 | 1055 |

+---------------+--------+----------------+-------+

| multicast | 725 | Size 65-127 | 1239 |

+---------------+--------+----------------+-------+

| align error | 0 | Size 128-255 | 435 |

+---------------+--------+----------------+-------+

| dropped event | 0 | Size 256-511 | 35 |

+---------------+--------+----------------+-------+

| fragmented | 0 | Size 512-1023 | 4 |

+---------------+--------+----------------+-------+

iS5 Communications Inc.

| jabbers | 0 | Size 1024-1518 | 21 |

NOTE

A console cable is supplied in the box.

RJ45 Male

DB9 Female

1 - 2

+---------------+--------+----------------+-------+

Configuring the Login Authentication Method sets the authentication method for user logins.

Default user of the system:

Name : su Password : 1234 Privileges : all Available by: Console and Telnet.

iSG4F User’s Manual

8.1 Serial Console Port

Management over the serial console port is enabled by default.

8.1.1 Connecting to the Console Port

The console port is an EIA232 VT-100 compatible port to enable the definition of the device's

basic operational parameters.

Connecting the device to a PC using the Console Port:

Connect the RJ-45 connector of the console cable to the device's Console Port (CON).

Connect the other side of the cable to the PC.

Configure the PC port to 9600-N-8-1 (9600 bps, no parity, 8 data bits, 1 stop bit, no flow

control).

Below table details the console cable pinout.

iS5 Communications Inc.

3 2 4 5 5 5 6 - 7 - 8

Feature

Default state

Layer 3 interface

No default IP

SSH

No available

Telnet

Enabled

Console

Enabled

User

User name : su

Password : 1234

Privilege : all

DHCP Client

disabled

8.1.2 CLI Terminal Commands

Following are commands related to the CLI terminal.

+ root

- idle-timeout

iSG4F User’s Manual

8.2 Management

The router can be managed via following methods:

IP based Serial console port

8.2.1 Default state

8.2.2 Commands Hierarchy

+ root

+ reload

- schedule date-and-time YYYY-MM-DD,HH:MM:SS

- schedule every <180 – 604800 seconds >

- schedule time HH:MM:SS

- schedule in <0 – 604800 seconds >

iS5 Communications Inc.

iSG4F User’s Manual

Command

Description

Application Connect

reload schedule

date-and-time

Set specific date and time for router reload.

Time format: YYYY-MM-DD,HH:MM:SS

Note: configuration which was not committed will

not be available after reload!

reload schedule every

Set time interval for cyclic automatic system

reload.

Permissible range in seconds is 180 – 604800.

Note: Configuration which was not committed will

not be available after reload!

reload schedule time

Set specific time for router reload.

Time format: HH:MM:SS

Note: configuration which was not committed will

not be available after reload!

- cancel

- show

- commit

- delete diagnostics

- delete logs

- delete startup-cfg

- show disk info

- router interface show

- ping <destination>

- ssh {<user>@<remote IP>}

- telnet [user]@{remote IP}

8.2.3 Commands Description

iS5 Communications Inc.

iSG4F User’s Manual

Command

Description

reload schedule in

Set specific timer for next router reload.

Permissible range in seconds is 180 – 604800.

Note: Configuration which was not committed will

not be available after reload!

reload cancel Cancels all scheduled automatic reloads.

reload show Shows user scheduled reloads.

IP Interfaces

The iSG4F supports multiple layer 3 interfaces to be set for the purposes of:

Routing Management Serial services

9.1 IP Interfaces

The following services require assignment of an IP interface:

DHCP client

Management

Ping

Trace route

OSPF

RIPv2

Tftp client

iS5 Communications Inc.

Serial tunneling

Terminal server

Protocol gateway

L2-VPN

L3-DMVPN

IPSec

9.1.1 Interface Assignment Rules

- An IP interface may optionally be set with a VLAN tag to result in VLAN tagging at the interface

egress.

- The VLAN tag set to an interface must be unique.

- If a VLAN tag is not set, packets will carry no VLAN tag when they egress the interface.

- An interface id is automatically assigned to each IP interface.

- Each interface must be associated with a “purpose”.

iSG4F User’s Manual

 One (and only one) of the interfaces must be set to purpose ‘application-host’

 All other interfaces must be set to purpose ‘general’

 If a “purpose” is not configured by the user, the interface will receive the ‘general’ status.

- Each interface must be in a unique subnet.

- Each interface must be associated to a physical interface. Either eth1 or eth2.

An interface cannot be associated with both.

- Physical interfaces (eth1, eth2) may be associated with more than one IP interface. Tagged

packets accessing the port will be routable to a relevant VLAN IP interface. Untagged packets

accessing the port will be routable with an IP interface set to be in the same subnet as the

packets origin (if such is available on the iSG4F).

- IP interfaces associated to VLANs are given an automatic name indicating the VLAN tag they

are created with. The name format is:

eth<1|2>.<vlan id>

- IP interfaces not associated to a VLAN, are given an automatic name indicating the id they are

created with. The name format is:

eth<1|2>:<id>

- Below is an example of interfaces configured with either VLAN tag or id tag.

- [/]router interface show

- +----+------+---------+-------------------+------+------------------+--------------+-------------+

iS5 Communications Inc.

iSG4F User’s Manual

NOTE

Use id assignment to an IP interface when the network does not support vlan

tagging and ingress packets to the physical interface are untagged.

NOTE

Use VLAN assignment to an IP interface when the network supports vlan

tagging and a service segregation is required.

- +====+======+=========+===================+======+==================+==============+=============+

- | 1 | N/A | eth1:1 | 172.17.203.100/24 | 1500 | application host | enable | |

- +----+------+---------+-------------------+------+------------------+--------------+-------------+

- | 2 | 20 | eth2.20 | 172.18.212.200/24 | 1500 | general | enable | |

- +----+------+---------+-------------------+------+------------------+--------------+-------------+

- [/]

9.1.2 IP interface id

When an IP interface is created without explicitly an assigned VLAN tag, it will not support

VLAN tagging. A Packet coming inward to the physical interface (eth1 or eth2 as assigned)

which are holding a VLAN tag will not be received by the IP interface.

Packets originated from the IP interface (egress) will be without a VLAN tag.

9.1.3 IP interface VLAN id

When an IP interface is assigned with a VLAN id it supports VLAN tagging. A Packet coming

inward to the physical interface (eth1 or eth2 as assigned) will be received by the IP interface

only if holding the required VLAN tag.

Packets originated from the IP interface will be without a VLAN tag.

9.1.4 IP Interface Commands Hierarchy

+ root

+ router

- interface {create | remove} address-prefix <IP

address>/<netmask> [vlan <vlan id>] purpose {application-host

|general} physical-interface [eth1 |eth2] [description <>]

iS5 Communications Inc.

+ static {enable | dissable}

Command

Description

Router

Enter the application router configuration mode

interface

create | remove

Add or Remove an IP interface for the application

engine. The configuration should include:

Address-prefix : IP address in the format

aa.bb.cc.dd/xx

VLAN : vlan ID that the application engine will use

for this IP interface

Static-route

create | remove

Define or remove the default gateway for an

application IP network

network-prefix : target network address in the

format aa.bb.cc.dd/xx

Gateway : IP address in the format aa.bb.cc.dd

Show

Show application engine IP interfaces

+ configure terminal

- ip route static <dest network> /<subnet> <Gateway>

+ dhcp {enable | dissable |show}

- enable physical-interface {eth1| eth2}

- disable physical-interface {eth1| eth2}

- show physical-interface {eth1| eth2}

- interface show

- route show

9.1.5 IP Interface Commands Description

iSG4F User’s Manual

9.1.6 IP Interface Example

1. Create an IP interface with VLAN 1 and static route (default gateway).

iSG4F#

iS5 Communications Inc.

iSG4F User’s Manual

router interface create address-prefix 10.10.10.100/24 vlan 5 purpose

application-host physical-interface eth1

commit

commit ok

router interface show

+----+------+--------+-------------------+------+------------------+--------------+--------

-----+

+====+======+========+===================+======+==================+==============+========

=====+

| 1 | 5 | eth1.5 | 10.10.10.100/24 | 1500 | application host | enable | |

+----+------+--------+-------------------+------+------------------+--------------+--------

-----+

[router/] static

router/static> enable

router/static# configure terminal

router/static(config)# ip route 0.0.0.0/0 172.17.212.100

router/static(config)# write

router/static(config)# exit

router/static# exit

commit

router route show

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

172.17.212.0 0.0.0.0 255.255.255.0 U 0 0 0

eth1.100

0.0.0.0 172.17.212.100 0.0.0.0 UG 0 0 0

eth1.100

Completed OK

2. Create an IP interface without VLAN id.

iS5 Communications Inc.

iSG4F User’s Manual

iSG4F#

iSG4F#router interface create address-prefix 172.17.203.100/24

physical-interface eth2 purpose application-host

commit

commit ok

iSG4F#router interface show

+----+------+--------+-------------------+------+------------------+--------------+--------

-----+

+====+======+========+===================+======+==================+==============+========

=====+

| 1 | N/A | eth2:1 | 172.17.203.100/24 | 1500 | application host | enable | |

+----+------+--------+-------------------+------+------------------+--------------+--------

-----+

iS5 Communications Inc.

9.1.7 DHCP Example

1. Enable DHCP on interface eth1 to retrieve an IP from a DHCP server.

iSG4F#

[/]router dhcp enable physical-interface eth1

[/]router interface show

+------+------+-----+-----------+---------+-------------+

+======+======+=====+===========+=========+=============+

| N/A | eth1 | N/A | N/A | N/A | DHCP |

+------+------+-----+-----------+---------+-------------+

[/]

iSG4F User’s Manual

[/]router interface show

+------+------+-----+-------------------+---------+-------------+

+======+======+=====+===================+=========+=============+

| N/A | eth1 | N/A | 172.18.212.242/28 | N/A | DHCP |

+------+------+-----+-------------------+---------+-------------+

iS5 Communications Inc.

Command

Description

Schedule

Manage scheduled task to copy system logs to

the usb drive. To mound a usb drive insert it

to the router usb port and reboot the router.

add task-name copy-logs

Add a scheduled task to copy system logs to

the usb drive.

Day : <1-31>

Month : <1-12>

year : <2013 -3000>

hour : <1-24>

minute : <1-60>

remove task-name

copy-logs

Remove a scheduled task to copy system logs

to the usb drive.

Show

Display tasks

Diagnostic

10.1 System logs export

The system logs can be exported to the flash drive as a time conditioned task.

10.1.1 Commands Hierarchy

+ Root

+ schedule

- add task-name copy-logs [day |hour |minute |month |year]

- remove task-name copy-logs

- show

iSG4F User’s Manual

10.1.2 Commands Description

10.2 Capture Ethernet service traffic

The system supports sniffing and capturing of Ethernet traffic for selected service IP interfaces.

This capability is important in order to diagnose network traffic of a service for debugging.

The capturing is available for IP interfaces set at the ACE.

iS5 Communications Inc.

Captures can be displayed at the terminal or exported to a user TFTP server.

Command

Description

Application

connect

Entering the Application Configuration Environment

Capture

Start: initiate Ethernet traffic capture on a

selected ACE IP interface.

-i: mandatory prefix to be followed with the IP

interface name eth1.<vlan id> where “vlan id” is the

VLAN of the IP interface.

Stop : stop Ethernet traffic capture

Delete : delete capture files

Export remote-address: export file to a tftp server.

Show captured-packets –C<1-200>: display the

captured content up to a chosen length (1-200) lines.

Show status : display capture configuration

Help: display help on settings options.

10.2.1 Commands Hierarchy

+ root

+ capture

- start –i {eth1.<vlan id> | eth1:<id>} [-C] [-s] [-y]

[expression <>]

- stop

- delete

- export remote-address <destination address,A.B.C.D>

- show {captured-packets –c <number>| status}

- help

iSG4F User’s Manual

10.2.2 Commands Description

iS5 Communications Inc.

10.2.3 Example

1. Set an IP interface in the ACE for the VLAN.

router interface create address-prefix 172.18.212.232/24 vlan 1 purpose

application-host physical-interface eth2

commit

commit ok

router interface show

+------+--------+-----+-----------------+------------------+----------

---+

+======+========+=====+=================+==================+==========

===+

iSG4F User’s Manual

| 1 | eth2.1 | N/A | 172.18.212.232/24 | application host | |

+------+--------+-----+-----------------+------------------+----------

---+

2. Start capture.

Capture start –i eth2.1

Capture show

[capture/] show status

capture is running

3. Stop the capture and display the output.

Capture stop

capture show captured-packets -c 10

16:55:07.370814 IP 172.18.212.240.netbios-ns > 172.18.212.232.netbios-ns:

NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST

16:55:07.616319 IP 172.18.212.240.17500 > 255.255.255.255.17500: UDP,

length 112

16:55:07.616628 IP 172.18.212.240.17500 > 172.18.212.255.17500: UDP,

length 112

16:55:07.926503 arp who-has 172.18.212.232 tell 172.18.212.64

16:55:08.122046 IP 172.18.212.240.netbios-ns > 172.18.212.232.netbios-ns:

NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST

16:55:08.258801 arp who-has 172.18.212.232 tell 172.18.212.40

iS5 Communications Inc.

16:55:08.602306 IP 172.18.212.40.17500 > 255.255.255.255.17500: UDP,

Facility coefficient

Facility

Priority

Local0

16x8 + level

Local1

17x8 + level

Local2

18x8 + level

Local3

19x8 + level

Local4

20x8 + level

length 112

16:55:08.604927 IP 172.18.212.40.17500 > 255.255.255.255.17500: UDP,

length 112

16:55:08.605016 IP 172.18.212.40.17500 > 172.18.212.255.17500: UDP, length

112

16:55:08.680664 CDPv2, ttl: 180s, Device-ID 'Router'[|cdp]

10.3 Syslog

Configuring Debug Logging determines where the debug logs are to be displayed, that is,

either on the console or on a file.

Syslog is a protocol used for capturing log information for devices on a network. The syslog

protocol provides a transport to allow a machine to send event notification messages across IP

iSG4F User’s Manual

networks to event message collectors, also known as syslog servers. The protocol is simply

designed to transport the event messages.

One of the fundamental tenets of the syslog protocol and process is its simplicity. The

transmission of syslog messages may be started on a device without a receiver being

configured, or even actually physically present.

This simplicity has greatly aided the acceptance and deployment of syslog.

User enables syslog server and configures the syslog related parameters. The logging process

controls the distribution of logging messages to the various destinations, such as the logging

buffer, logging file, or syslog server.

The existing syslog buffers will not be cleared and none of the configured options will be

changed, when the syslog feature is disabled.

Severity of logging can be set with its numeric value <0-7> or its name tag.

When configuring a server, it should be set with priority tag, reflecting the level of the

message and the facility.

10.3.1 Syslog Priority indicator

The Priority indicator is calculated as:

Priority = 8x facility_coefficient + severity_level.

iS5 Communications Inc.

Local5

21x8 + level

Local6

22x8 + level

Local7

23x8 + level

Level purpose

Numeric level

Priority (w. local0)

emergencies

16x8+0=128

alerts

129

critical

130

errors

131

warnings

132

notification

133

informational

134

debugging

135

Syslog message priority tag with facility local0:

iSG4F User’s Manual

10.3.2 Syslog Commands Hierarchy

+ root

- syslog show

10.3.3 Syslog Output example

A typical output of syslog at the console interface.

May 18 19:27:48 SmartSwitch user.warn kernel: Speed 100 Duplex 1 pause 0

May 18 19:27:48 SmartSwitch user.warn kernel: adjust_link Addr 1 link 0

speed 100 o 100 dup 1 o 1

May 18 19:27:48 SmartSwitch user.info kernel: PHY: mdio@ff724000:01 - Link

is Down

May 18 19:27:50 SmartSwitch user.warn kernel: adjust_link Addr 1 link 1

speed 100 o 0 dup 1 o -1

May 18 19:27:50 SmartSwitch user.info kernel: PHY: mdio@ff724000:01 - Link

is Up - 100/Full

iS5 Communications Inc.

Alarm Relay

The router has a capability to manifest system and features alarms as a relay output.

11.1 Alarm Relay Wiring example

Below is a connection diagram illustrating the wiring of the alarm relay to warning devices.

iSG4F User’s Manual

iS5 Communications Inc.

11.2 Alarm Relay Contact Capabilities

Digital outputs are dry mechanical N/O relay contacts. Maximum power to be implemented at

the contacts:

AC: Max 250v, 37.5vA.

DC: Max 220v, 30 watt.

The Above mentioned power limitations should not be exceeded.

Maximum current allowed at the contacts is 1A.

11.3 Supported Alarms

11.3.1 SFP port state

One Gigabit SFP based port is avaiable on the unit named ETH2.

A state of port down for this interface is supported as alarm trigger (relay state change) at the

a chosen relay interface.

iSG4F User’s Manual

11.3.2 L2 VPN state

The state of a layer 2 VPN is monitored by the IPSec SA.

A VPN failure is supported as alarm trigger (relay state change) at the a chosen relay interface.

11.3.3 System up/down

Alarm set while system is in BOOT phase.

This specific alarm type can be associated only to the physical interface “alarm” and not to

d-out1 or d-out2.

Once this alarm is activated, no other alram types can be assigned to the intefcae.

11.4 Default state

No alarms are associated to the relay interfaces at default machine state.

The relay contacts are at their default mechanical state and are not triggered.

11.5 Commands Hierarchy

+ root

+ Alarm-relay

- Add condition { sfp_eth9| sfp_eth10| temperature| cpu-usage| l2vpn|

system-power }

interface { alarm| d-out1| d-out2}

- admin-status {enable| disable}

iS5 Communications Inc.

- remove condition { sfp_eth9| sfp_eth10| temperature| cpu-usage| l2vpn|

Command

Description

config

application

connect

Entering the ACE mode

alarm-relay

Entering the alarm relay mode

add | update

condition : set the trigger condition for the alarm.

l2vpn – failure at the l2 VPN will trigger a relay

change.

ETH2 – status down for this port will trigger a relay

change.

system-power - Alarm set while in BOOT, and when the

S/W performs reset.

interface : set the target relay interface for the

condition

Alarm – the “ALARM” relay interface.

admin-status

Enable | disable of all relay interfaces condition

to alarms

Default : disabled

remove condition

Remove the assignment of trigger conditions

l2vp

system-power }

- read interface { alarm| d-out1| d-out2}

- set interface { alarm| d-out1| d-out2} state { set| clear}

+ update condition { sfp_eth9| sfp_eth10| temperature| cpu-usage| l2vpn|

system-power }

- interface { alarm| d-out1| d-out2}

- show { admin-status| alarming_conditions| conditions| settings}

11.6 Commands Description

iSG4F User’s Manual

iS5 Communications Inc.

iSG4F User’s Manual

Command

Description

read interface

Read the current relay state at the interface

Alarm – the “ALARM” relay interface.

set

interface : choose a target relay interface to set

a static state to (not dependent on a trigger

condition)

Alarm – the “ALARM” relay interface.

State: the static state to set the relay interface

state to.

Set – force to change the relay contacts from its

default mechanical state.

Clear - force the relay contacts to its default

mechanical state.

show

Show the current state

admin-status

alarming_conditions

conditions

settings

Clock and Time

Local time set and update is available.

12.1 Local Clock Commands Hierarchy

+ config terminal

+ date {[YYYY.]MM.DD-hh:mm[:ss] | hh:mm[:ss]}

- date

iS5 Communications Inc.

12.2 Local Clock Commands Description

Command

Description

Config terminal

date

{[YYYY.]MM.DD-hh:mm[:ss] |

hh:mm[:ss]}

Sets the current time and date.

date

Show the system time

12.3 Set Local Clock Example

1. Example for time configuration

iSG4F#date 2014.02.02-10:01:30

Sun Feb 2 10:01:30 UTC 2014

iSG4F User’s Manual

Current RTC date/time is 2-2-2014, 10:01:30.

iSG4F# date

Sun Feb 2 10:01:34 UTC 2014

ACLs

ACLs (Access Control Lists) filter network traffic by controlling whether routed packets are

forwarded or blocked at the router's interfaces. ACLs are used to block IP packets from being

forwarded by a router. The router examines each packet to determine whether to forward or

drop the packet, based on the criteria specified within the access lists. Access list criteria can

be the source address of the traffic, the destination address of the traffic, the upper-layer

protocol or other information.

There are many reasons to configure access lists - access lists can be used to restrict contents

of routing updates or to provide traffic flow control. But one of the most important reasons to

configure access lists is to provide security for the network. Access lists must be used to

provide a basic level of security for accessing the network. If access lists has not been

configured on the router, all packets passing through the router can be allowed onto all parts

of the network. For example, access lists can allow one host to access a part of the network

and prevent another host from accessing the same area.

iS5 Communications Inc.

13.1 ACL Commands Hierarchy

Command

Description

ip access-list extended

This command enters the IP Access-list

+ root

+ ip access-list extended

- create {acl-num <1001-65535>} [acl-name <>] [redirect <off| on>]

- delete {acl-num <1001-65535>}

- permit tcp {acl-num <1001-65535>} [rule-name <>] [priority <1-256>] {src-ip