This publication is protected by federal copyright law. No part of this publication may be copied or distributed,
transmitted, transcribed, stored in a retrieval system, or translated into any human or computer language in any form or
by any means, electronic, mechanical, magnetic, manual or otherwise, or disclosed to third parties without the express
written permission of Paradyne Corporation, 8545 126th Ave. N., Largo, FL 33773.
Paradyne Corporation makes no representation or warranties with respect to the contents hereof and specifically
disclaims any implied warranties of merchantability or fitness for a particular purpose. Further, Paradyne Corporation
reserves the right to revise this publication and to make changes from time to time in the contents hereof without
obligation of Paradyne Corporation to notify any person of such revision or changes.
Changes and enhancements to the product and to the information herein will be documented and issued as a new
release to this manual.
Warranty, Sales, Service, and Training Information
Contact your local sales representative, service representative, or distributor directly for any help needed. For additional
information concerning warranty, sales, service, repair, installation, documentation, training, distributor locations, or
Paradyne worldwide office locations, use one of the following methods:
Internet: Visit the Paradyne World Wide Web site at www.paradyne.com. (Be sure to register your warranty at
www.paradyne.com/warranty.)
Telephone: Call our automated system to receive current information by fax or to speak with a company
representative.
— Within the U.S.A., call 1-800-870-2221
— Outside the U.S.A., call 1-727-530-2340
Document Feedback
We welcome your comments and suggestions about this document. Please mail them to Technical Publications,
Paradyne Corporation, 8545 126th Ave. N., Largo, FL 33773, or send e-mail to userdoc@paradyne.com. Include the
number and title of this document in your correspondence. Please include your name and phone number if you are
willing to provide additional clarification.
Tradem ark s
ACCULINK, COMSPHERE, ETC, EtherLoop, FrameSaver, GranDSLAM, Hotwire, the Hotwire logo, Jetstream, MVL,
NextEDGE, OpenLane, Paradyne, the Paradyne logo, Paradyne Credit Corp., the Paradyne Credit Corp. logo,
Performance Wizard, StormPort, and TruePut are all registered trademarks of Paradyne Corporation. ADSL/R,
BitStorm, Connect to Success, GrandVIEW, Hotwire Connected, iMarc, JetFusion, JetVision, MicroBurst, PacketSurfer,
ReachDSL, Spectrum Manager, StormTracker, and TriplePlay are trademarks of Paradyne Corporation. All other
products and services mentioned herein are the trademarks, service marks, registered trademarks, or registered
service marks of their respective owners.
This guide describes how to configure and operate Hotwire DSL routers. It
addresses the following models:
Hotwire 6301/6302 IDSL Router
Hotwire 6341/6342 Symmetric DSL Router
Hotwire 6351 ReachDSL Router
Hotwire 6371 RADSL Router
This document is intended for administrators and operators who maintain the
endpoints at customer premises. A basic understanding of internetworking
protocols and their features is assumed. Specifically, you should have familiarity
with the following internetworking concepts:
TCP/IP applications
IP and subnet addressing
IP routing
Bridging
It is also assumed that you have already installed a Hotwire DSL Router. If not,
refer to Product-Related Documents for installation documents.
6300-A2-GB20-10November 2003vii
Page 10
About This Guide
New Features for this Release
This version of the Hotwire DSL Routers User’s Guide documents firmware
release 4.4, which adds the following new features for the Hotwire 6351
ReachDSL Router:
IP passthrough. This feature allows the router to pass through or share its
public IP address with a single LAN device. The DSL router establishes a
PPPoE and PPP session with the Network Access Server (NAS). The public
IP address is negotiated via IPCP, installed on the router’s DSL interface, and
served to the passthrough device via DHCP.
Automatic configuration of options provided by the DHCP server to its clients.
This feature is available when PPPoE is enabled and is the default unless
explicitly refused by the user. This allows the DHCP Server option
configuration items to be set automatically with values negotiated during the
network layer protocol phase of PPP (IPCP).
Secondary DNS server. The DHCP server can specify a secondary DNS
server in its offer to a client.
No router option required. Configuration of the DHCP Server feature no longer
requires that a value for the Router option be specified.
viii November 20036300-A2-GB20-10
Page 11
Document Summary
SectionDescription
About This Guide
Chapter 1, Introduction to Hotwire
DSL Routers
Chapter 2, Accessing the DSL
Router
Chapter 3, Configuring the DSL
Router
Chapter 4, DSL Router
Configuration Examples
Chapter 5, Monitoring the DSL
Router
Chapter 6, Diagnostics and
Troubleshooting
Appendix A, Command Line
Interface
Appendix B, Configuration Defaults
and Command Line Shortcuts
Appendix C, Traps and MIBsSummarizes the MIBs and SNMP traps supported
Appendix D, DSL Router Terminal
Emulation
Provides an overview of the Hotwire DSL Routers.
Describes the Hotwire DSL Routers access control
and provides instructions on how to log in and log
out of the system.
Describes the DSL router interfaces, Domain Types,
IP Routing, and network considerations.
Presents several common DSL router configuration
examples.
Describes operator programs that monitor the
Hotwire system.
Describes common Hotwire operational problems
and solutions. Contains SysLog information.
Provides explanation of the DSL router’s Command
Line Interface and command syntax with examples.
Provides a list of all configuration options with
factory default settings and a list of all command line
shortcuts with the abbreviated command line input.
by the DSL routers.
Provides configuration setup procedures for two
common text file programs.
Appendix E, Firmware UpgradeProvides commands and procedures for performing
a firmware upgrade for the Hotwire 6351 ReachDSL
Router from the service domain.
IndexLists key terms, acronyms, concepts, and sections
in alphabetical order.
A master glossary of terms and acronyms used in Paradyne documents is
available on the Web at www.paradyne.com. Select Library → Te ch n ica l
The following conventions are used throughout this document.
ConventionTranslation
About This Guide
[ ]
{ }
|
Italics
Bold
x.x.x.x32-bit IP address and mask information where x is an
xx:xx:xx:xx:xx:xxMAC address information where x is a hexadecimal
Square brackets represent an optional element.
Braces represent a required entry.
Vertical bar separates mutually exclusive elements.
Entry is a variable to be supplied by the operator.
Enter (type) as shown.
8-bit weighted decimal notation.
notation.
6300-A2-GB20-10November 2003
xi
Page 14
About This Guide
xii November 20036300-A2-GB20-10
Page 15
Introduction to Hotwire
DSL Routers
What is a Hotwire DSL Router?
The Hotwire® DSL (Digital Subscriber Line) Router operates as a bridge and IP
router connecting a DSL link to an Ethernet network. This system provides
high-speed access to the Internet or a corporate network over a traditional
twisted-pair copper telephone line to the end user.
DSL Technologies Supported
Paradyne’s Hotwire DSL network supports the following types of technologies:
1
Hotwire IDSL (ISDN DSL) products provide IDSL multirate symmetric packet
transport and can operate over a connection with an ISDN repeater or digital
facilities. Data rates of 64 Kbps, 128 Kbps, or 144 Kbps can be configured.
Hotwire SDSL (Symmetric DSL) packet-based products provide high-speed
symmetric DSL services with bandwidth for business applications. These
products are configurable from 144 Kbps up to 2.3 Mbps. This gives service
providers the opportunity to sell multiple services with a single product.
Hotwire ReachDSL™ packet-based products provide high-speed Internet or
corporate LAN access over traditional twisted-pair copper telephone wiring,
regardless of line conditions (poor quality loops, long loops, or bad wiring at
customer premises), for guaranteed service delivery up to 18,000 feet. These
products are configurable from 128 Kbps up to 960 Kbps and give service
providers the opportunity to sell multiple services using a single product.
Hotwire RADSL (Rate Adaptive DSL) products are applicable for both
asymmetric and symmetric applications. The 1 Mbps symmetric operation is
ideal for traditional business applications while the 7 Mbps downstream with
1.1 Mbps upstream asymmetric operation provides added bandwidth for
corporate Internet access. RADSL products can also save line costs by
optionally supporting simultaneous data and voice over the same line.
6300-A2-GB20-10November 20031-1
Page 16
1. Introduction to Hotwire DSL Routers
Typical DSL Router System
DSL is a local loop technology that uses standard twisted-pair copper wire to
support high-speed access over a single pair of twisted copper wires. DSL
applications are point-to-point, requiring DSL devices at central and end-user
sites.
Hotwire DSL routers interoperate with the following types of Hotwire DSL line
cards, at the DSLAM (Digital Subscriber Line Access Multiplexer) or GranDSLAM
chassis, to deliver applications at high speeds, supporting packet services over a
DSL link:
Hotwire 8303 or 8304 IDSL Cards interoperate with two Hotwire IDSL Routers:
— Hotwire 6301 IDSL Router with one Ethernet port
— Hotwire 6302 IDSL Router with a 4-port Ethernet hub
Hotwire 8343 or 8344 SDSL Cards interoperate with two Hotwire Symmetric
DSL Routers:
— Hotwire 6341 SDSL Router with one Ethernet port
— Hotwire 6342 SDSL Router with a 4-port Ethernet hub
Hotwire 8312 or 8314 ReachDSL Cards interoperate with the Hotwire 6351
ReachDSL Router with one Ethernet port
Hotwire 8510, 8373, and 8374 RADSL Cards interoperate with the Hotwire
6371 RADSL Router with one Ethernet port
The following illustration shows a typical Hotwire system with a Hotwire DSL
Router. All Hotwire DSL routers transport data. The Hotwire 6371 RADSL Router
can transport data and POTS simultaneously.
Customer Premises (CP)
Data
Interface
SN
POTS
Voice
Interface
CP
POTS
Splitter
Optional
Network
Service
Provider
Central Office (CO)
Hotwire
IPC
AT M
SCM
DSL
CARD
GranDSLAM
CO
POTS
Splitter
Switched
Network
Optional
MDF
POTS/DSL
Legend: DSL – Digital Subscriber LineIPC– Interworking Packet Concentrator
MDF – Main Distribution FramePOTS – Plain Old Telephone Service
SN – Service Node
01-16968
1-2 November 20036300-A2-GB20-10
Page 17
Hotwire DSL Router Features
Hotwire DSL routers contain the following features.
IP routing with:
— NAT (Network Address Translation)
— NAPT (Network Address Port Translation), also called PAT (Port Address
Translation)
— Simultaneous Basic NAT (for several fixed servers) and NAPT (on the rest
of the PCs on the LAN)
— DHCP Server (Dynamic Host Configuration Protocol) and DHCP Relay
Agent
— A full set of IP filters, two per DSL card (one for upstream and one for
downstream traffic), with up to 33 rules per filter
— SNMP Set/Get capability
Three Configurable Modes of Operation. Supports the following modes of
operation:
1. Introduction to Hotwire DSL Routers
— IP routing only
— IP routing, and bridging of all other protocols (using VNET mode)
— Bridging all protocols (using VNET mode)
Protocol Filters. Provides the ability to:
— Filter MAC frames when bridging
— Configure two Ethertype filters via the Hotwire DSL card, one for upstream
and one for downstream traffic, with up to 16 filter rules per filter
— Compare the Ethertype in frames to a particular value, or configured set of
values, to perform filtering
— Support ICMP (Internet Control Management Protocol) filters for firewalls
via the Hotwire DSL card, based on the ICMP message type, to selectively
discard some ICMP message types while forwarding others
High-speed Internet or intranet access.
Diagnostics. Provides the capability to diagnose device and network
problems and perform tests.
Device and Test Monitoring. Provides the capability of tracking and
evaluating the unit’s operation.
Remote Firmware Download. Provides easy setup and activation of
firmware upgrades from a remote location.
Security. Provides multiple levels of security, which prevents unauthorized
access to the DSL router.
6300-A2-GB20-10November 2003
1-3
Page 18
1. Introduction to Hotwire DSL Routers
Console Terminal Interface. Provides an interface for:
— Configuring and managing the DSL router
— Local console access
Management from an NMS using SNMP.
In addition, the following features are provided for the Hotwire 6351 ReachDSL
Router:
Telnet access to the Command Line Interface (CLI) in the service domain for
Network Service Provider (NSP) use.
TFTP client support for NSP service domain software downloads.
SYSLOG availability in the service domain.
Point-to-Point Protocol over Ethernet (PPPoE) client provided as defined in
RFC 2516.
Asymmetric maximum upstream/downstream setting.
Service Subscriber
The Service Subscriber is the user (or set of users) that has contracted to receive
networking services (e.g., Internet access, remote LAN access) for the end-user
system from an NSP (Network Service Provider). Service subscribers may be:
Residential users connected to public network services (e.g., the Internet)
Work-at-home users connected to their corporate intranet LAN
Commercial users at corporate locations (e.g., branch offices) connected to
A Hotwire DSL Router must be installed at the customer premises to provide the
end user with access to any of the above services.
other corporate locations or connected to public network services
NOTE:
If you would like more information on DSL-based services, applications, and
network deployment, refer to Paradyne’s The DSL Sourcebook. The book
may be downloaded or ordered through Paradyne’s World Wide Web site at
www.paradyne.com/library.
1-4 November 20036300-A2-GB20-10
Page 19
Accessing the DSL Router
Access Control to the DSL Router
The Hotwire DSL Router can be managed from an NMS using SNMP or from the
Command Line Interface (CLI). There are several methods available for accessing
the command line interface:
Local access at the DSL router through the Console port.
Access by a Telnet session (controlled through the management interface at
the Hotwire chassis).
For the Hotwire 6351 ReachDSL Router, access by a Telnet session from the
service domain.
2
Levels of Access
The Hotwire DSL Router accepts only one login session at a time.
There are two levels of privileges on the Hotwire DSL system:
Administrator. The Administrator has two levels of access to the DSL router.
— Administrator, configuration mode: Provides complete write access to the
DSL router.
Operator. The Operator has read-only access to display device information
with no modification permission and no access to management functions.
Refer to Appendix A, Command Line Interface, for access level details for each
command line entry.
For local console access, the Operator and Administrator have the same Login ID,
but with different passwords for their access level. For Telnet access through the
service domain for the ReachDSL Router, up to four login/password/access level
combinations can be configured.
6300-A2-GB20-10November 20032-1
Page 20
2. Accessing the DSL Router
Local Console Access
Your user account can be configured with one user login name and different
passwords for accessing a CLI session. The DSL router ships with the local
console enabled. After login, the local console can be disabled.
To disable with the local console, type:
Press Enter after each command that you type.
Entering console disable results in NO local access to the DSL router. If
you attempt to log in, you will receive an error message.
After saving this change and ending the session, there is no local access
through the console port. Any access must be through a Telnet session or
the NMS.
To determine via a Telnet session whether a console is enabled, enter:
console disable
save
exit
show console
One of the following messages is returned:
— console enabled – Command line management is available at the
console.
— console disabled – No command line management is available at the
console.
Changing Access Session Levels
To change the Administrator access level, enter:
admin enable
This command provides Administrator access privileges. The router responds
with a prompt to enter the password for Administrator access.
To end the Administrator access level, enter:
admin disable
This command ends the Administrator session. No password is needed.
Entering exit has the same result. Refer to Exiting from the System on
page 2-7 for further details on ending a session.
To determine the access level for a session, refer to Determining the Current
Access Level on page 2-5.
2-2 November 20036300-A2-GB20-10
Page 21
Setting Up the New User’s Login
A login prompt appears when the local console connection is first established.
When the login prompt appears, a locally connected console defaults to Console
Enabled, with Operator access.
Procedure
To access the router’s CLI for the first-time:
1. At the initial Login> prompt, type the default login ID paradyne and press
Enter.
2. At the Password> prompt (for Operator), type the default password abc123
and press Enter. The login ID and password are validated together when a
login is entered.
3. At the system identity of CUSTOMER> prompt, type admin enable and press
Enter.
4. At the Password> prompt (for Administrator), type the default password
abc123 and press Enter.
2. Accessing the DSL Router
System identity changes to the Administrator display mode of CUSTOMER#>.
5. Type configure terminal and press Enter.
System identity changes to the Administrator configuration mode of
CUSTOMER - CONFIG#>.
6. To change or add a new login ID, enter text to replace the default of
paradyne:
name your new login ID
NOTE:
Login ID and password are NOT case-sensitive.
7. Enter a new password and specify the level:
password level password
Example: Type password operator 238clrd3 and press Enter.
Both the login ID and password are 1– 31 printable alphanumeric ASCII
characters, in the ASCII hex range of 0x21– 0x7E. No spaces are allowed.
The following table lists invalid characters.
Invalid CharactersValueASCII Hex Translation
#Number sign0x23
$Dollar sign0x24
%Percentage 0x25
&Ampersand0x26
6300-A2-GB20-10November 2003
2-3
Page 22
2. Accessing the DSL Router
Telnet Access
8. At the prompt, enter the new Administrator-level password to replace abc123:
password admin new password
save
NOTE:
Any input during an Administrator configuration session must be saved
while still in configuration mode.
If denied access during a Telnet session, the session stops and an error is logged.
If accessing the router locally and a Telnet session is active, you receive a
Local console disabled by conflict message.
Telnet access through the management interface in the DSLAM is always enabled
and defaults to Administrator level. For information on accessing the router
through the MCC card in the DSLAM, see the Hotwire Management Communications Controller (MCC) Card, IP Conservative, User’s Guide.
For the Hotwire 6351 ReachDSL Router, Telnet access from the service domain is
allowed. Telnet Login and a user name and password should be configured if
Telnet access is enabled on the router (the factory default is disable). Up to four
access level/login/password combinations can be configured for the service
domain from which the ReachDSL Router will accept Telnet connections when the
Telnet login feature is enabled.
NOTE:
For network security, Telnet access in the service domain should be disabled
after the the initial remote configuration unless a firewall or some other
security mechanism is used at the subscriber management system. This
ensures that Telnet access to the endpoint is limited to the service provider.
Procedure
To set up Telnet access from the service domain:
1. Type configure terminal and press Enter.
System identity changes to the Administrator configuration mode of
CUSTOMER - CONFIG#>.
2. Enable Telnet access form the service domain. Enter:
telnet enable
save
2-4 November 20036300-A2-GB20-10
Page 23
2. Accessing the DSL Router
3. To create a login ID and password for a specified access level, enter:
telnet name create level login ID password
Example: Type telnet name create operator 238clrd3 1234
and press Enter.
NOTE:
Login ID and password are NOT case-sensitive. See Step 7 on page 2-3
for list of invalid characters.
4. Enable Telnet login so that the ReachDSL Router will perform login and
password validation for the Telnet session connection. Enter:
telnet login enable
save
NOTE:
Any input during an Administrator configuration session must be saved
while still in configuration mode.
Determining the Current Access Level
The command line prompt displays the access level. The factory default for
System identity is CUSTOMER>. You can set your own system identity name to
replace CUSTOMER. See the examples below.
Or, if a System identity of
If the prompt format
appears as . . .
To determine the commands available at the current login access level, enter any
of the following:
help
PARADYNE is entered, the
prompt displays . . .
Then the DSL router
access level is . . .
mode
configuration mode
? (question mark)
the command, without any parameters
6300-A2-GB20-10November 2003
2-5
Page 24
2. Accessing the DSL Router
Using the List Command
The list command displays a sequence of commands in the form of ASCII strings
that would have the effect of setting all configuration settings to the current values.
Secure information such as passwords and login IDs are not displayed.
To determine the commands available, enter Administrator configuration mode
and type either:
list
Displays the output in on-screen page mode. In on-screen page mode, the
user interface displays 23 lines of information. When the 24th line is reached,
More... appears. Pressing any key displays the next page.
list config
Displays the output in scroll mode as a text file. Scroll mode captures and
displays all command strings in a text file for use with a terminal emulation
program. Refer to Appendix D, DSL Router Terminal Emulation.
Changing the System Identity
The System identity is the same as the MIB entry of sysName. The sysContact
and sysLocation MIB entries are not displayed.
Procedure
To change System identity from the factory default of CUSTOMER>:
1. Log in and enter ADMIN-configuration mode.
2. At the CUSTOMER-CONFIG#> prompt, type the new System identity
(no spaces allowed) and press Enter. Then type save and press Enter.
system identity new system identity
For example:
system identity PARADYNE
save
In this example, after saving the entry and ending configuration mode, the
System identity will display:
PARADYNE#>
Refer to Exiting from the System on page 2-7 to end configuration mode.
2-6 November 20036300-A2-GB20-10
Page 25
Exiting from the System
You can manually log out of the system, or let the system automatically log you
out. The DSL router will log you out immediately if you disconnect the Console
cable. Any unsaved configuration input will be lost.
Manually Logging Out
To log out, there are two commands: logout and exit.
Procedure
To log out of a CLI session:
1. At the > prompt, type logout and press Enter.
2. The system ends the session immediately. Any configuration updates must
be saved before exiting or the updates will be lost.
Procedure
2. Accessing the DSL Router
To exit the DSL router’s current access level:
1. At the > prompt, type exit and press Enter. If there are any unsaved
configuration changes, you will be prompted to save changes before exiting.
2. The exit command has the following effect:
If accessing the DSL router . . . Then . . .
At the Local console and logged in at
the Administrator level, configuration
mode
At the Local console and logged in at
the Administrator level,
non-configuration mode
At the Local console and logged in at
the Operator level
Via a Telnet session and logged in at
any access level
You are placed at the Operator level. Any
configuration updates must be saved or
they will be lost.
You are placed at the Operator level.
The exit command responds exactly like
the Logout command.
Entering either of the following immediately
ends the Telnet session:
exit
Ctrl + ] (Control and right bracket keys)
6300-A2-GB20-10November 2003
2-7
Page 26
2. Accessing the DSL Router
Automatically Logging Out
The DSL router has an automatic timeout feature that logs you out of the system
after five minutes of inactivity. Unsaved configuration input is lost. The default for
the autologout command is enable.
When autologout is:
Enabled, the system inactivity timer is enabled.
Disabled, the system inactivity timer is disabled.
To log back in, press Enter at the console to display the Login> prompt.
For Telnet access through the service domain for the ReachDSL Router, the Telnet
session is automatically closed after a user-configurable number of minutes. The
default for the telnet timeout command is 5 (minutes). The telnet timeout command overrides the 5-minute limit enabled by the autologout
command. Also, the telnet keep-alive command can be enabled which
allows the ReachDSL Router to close the Telnet session if it detects that the
service domain Telnet client has crashed and is down or has rebooted.
2-8 November 20036300-A2-GB20-10
Page 27
Configuring the DSL Router
DSL Router Configuration Overview
Hotwire DSL Routers support various customer premises distribution networks
that contain IP forwarding devices or routers, as well as locally attached hosts
or subnets. The Hotwire DSL Router’s IP Routing Table contains IP address and
subnet mask information.
The DSL router supports Internet Protocol, as specified in RFC 791, and Internet
Control Message Protocol (ICMP), as specified in RFCs 792 and 950. It acts as a
router (or gateway), as defined in RFC 791. It also acts as a bridge, bridging all
traffic in the service domain, or routing IP traffic and bridging all other traffic in the
service domain, without affecting traffic in the management domain.
3
For more information on supported RFCs, refer to Appendix C, Traps and MIBs.
The DSL Router’s Interfaces
Hotwire DSL Routers have two interfaces: the DSL interface and the Ethernet
interface.
DSL Interface
The router’s interface type is determined by its model number:
— Models 6301 and 6302 are Hotwire IDSL Routers.
— Models 6341 and 6342 are Hotwire SDSL Routers.
— Model 6351 is the Hotwire ReachDSL Router.
— Model 6371 is the Hotwire RADSL Router.
The DSL interface has a unique MAC address, assigned before the router is
shipped.
6300-A2-GB20-10November 20033-1
Page 28
3. Configuring the DSL Router
Ethernet Interface
— The Ethernet interface is a 10/100BaseT interface that automatically
negotiates the rate to be used, 10 Mb or 100 Mb. If all Ethernet-attached
devices are capable of operating at 100 Mb, the router defaults to 100 Mb.
Otherwise, it operates at 10 Mb.
— The interface can be configured for either DIX or IEEE 802.3 frame format.
When configured to use IEEE 802.3 format, SNAP encapsulation is used,
as specified in RFC 1042.
— The interface has a unique MAC address, assigned before the router is
shipped.
— Hotwire 6302 IDSL and 6342 SDSL Routers have a hub configuration
(separate pins for input and output) with four Ethernet connectors. The
hub acts as a bit-level repeater, with the four Ethernet interfaces logically
appearing as one Ethernet communications interface with a single
collision domain.
— In router mode, the router only accepts transmissions on the Ethernet
interface with the interface’s MAC address, or a broadcast or multicast
MAC address.
— In bridge mode, the router accepts all transmissions. This is the default
setting.
Interface Identifiers
The following conventions are used for naming router interfaces:
dsl1 (or d0) – Identifier for the DSL interface.
eth1 (or e0) – Identifier for the Ethernet interface.
With exception to primary status, an interface cannot be deleted or changed as
long as there is a declared route that uses the interface.
Service Domain IP Address Assignments
Hotwire DSL Routers support multiple service domains.
Service domains are defined by the configured network addresses and subnet
masks using the CLI.
Up to four service domain IP addresses and subnet masks can be assigned to
each DSL (dsl1) or Ethernet (eth1) interface.
When a numbered interface is designated as the primary interface, that interface’s
IP address is used as the Router ID. If no interface is designated as the primary
interface, the last numbered interface that was created becomes the Router ID.
3-2 November 20036300-A2-GB20-10
Page 29
Numbered DSL or Ethernet Interface
In this scenario, the hosts attached to the DSL router’s Ethernet interface are on a
different logical network than the core router. The DSL router is the next hop router
for the hosts. The DSL router’s upstream next hop router is the core router.
Simplified Network Topology
3. Configuring the DSL Router
Core
Router
Hosts can be assigned IP addresses on the network attached to the DSL router’s
Ethernet interface either statically or dynamically using DHCP. The upstream next
hop router is assigned an address on a different logical network than the hosts.
To configure the router’s interfaces using this scenario, you must:
Enable routing on the DSL router.
Assign an IP address to the Ethernet interface, eth1.
Assign an IP address to the DSL interface, dsl1.
Assign an upstream next hop router (not necessary necessary when using
FUNI/MPOA DSL link encapsulation or when the PPPoE client is enabled).
Unnumbered DSL Interface
In this LAN extension application scenario, hosts connected to a corporate
network for virtual office connections or telecommuters want to look like they are
on the same network as the core router. The core router is the next hop router
for the hosts and is on the same logical network as the hosts. This is not the
same as enabling Bridging mode.
WAN
DSL
Router
Host
(End Users)
99-16609
To configure the router’s interfaces for this scenario, you must:
Enable routing on the DSL router.
Assign an IP address to Ethernet interface (eth1).
Specify the DSL interface (dsl1) as unnumbered.
Assign an upstream next hop router (not necessary necessary when using
FUNI/MPOA DSL link encapsulation or when the PPPoE client is enabled).
Enable Proxy ARP for both the eth1 and dsl1 interfaces (not necessary to
enable Proxy ARP on the dsl1 interface when using FUNI/MPOA DSL link
encapsulation or when the PPPoE client is enabled).
6300-A2-GB20-10November 2003
3-3
Page 30
3. Configuring the DSL Router
IP Routing
Hotwire DSL Routers use destination-based routing for downstream traffic. An IP
Routing Table is maintained to specify how IP datagrams are forwarded
downstream. The DSL Router is capable of supporting static routes configured by
the user. This table can be viewed by both Operator and Administrator access
levels.
The DSL router uses source-based forwarding for upstream traffic to ensure that
packets are forwarded to the upstream router specified for the configured service
domain.
Refer to Chapter 4, DSL Router Configuration Examples, for further details.
IP Options Processing
The DSL router handles and processes IP datagrams with options set as
described below. No command is available to set IP options.
The router does not process (and drops) any IP datagrams with the following IP
options:
Loose source and record route (type 131)
Strict source and record route (type 133)
Security (type 130)
Stream ID (type 136)
The router does process IP datagrams with the following IP options, but does not
provide its IP address or timestamp information in the response message:
Record route (type 7)
Timestamp (type 68)
3-4 November 20036300-A2-GB20-10
Page 31
Network Considerations
The routers can be configured to function in a variety of network environments.
The following sections provide descriptions of some of the router’s features:
Address Resolution Protocol (ARP) on page 3-5
Proxy ARP on page 3-6
Network Address Translation (NAT) on page 3-7
— Basic NAT
— Network Address Port Translation (NAPT/PAT)
— Simultaneous Basic NAT and NAPT
Dynamic Host Configuration Protocol (DHCP) Server on page 3-9
DHCP Relay Agent on page 3-10
Security on page 3-11
— IP Protocol Type Filtering
3. Configuring the DSL Router
— Ethernet Type Filtering
— Land Bug/Smurf Attack Prevention
Routed vs. Bridged PDUs on page 3-13
PPPoE Client Support on page 3-14
Address Resolution Protocol (ARP)
Address Resolution Protocol, as specified in RFC 826, is supported in the router.
Up to 265 ARP Table entries are supported, and a timeout period for complete and
incomplete ARP Table entries can be configured.
NOTE:
ARP is not available on the DSL interface when PPPoE is enabled for the
ReachDSL Router.
ARP requests and responses are not processed on the DSL interface when the
interface is configured to support RFC 1483 PDU routing (Standard mode). Refer
to Routed vs. Bridged PDUs on page 3-13 for more information.
6300-A2-GB20-10November 2003
3-5
Page 32
3. Configuring the DSL Router
Operating mode (Standard or VNET) can be changed without reconfiguration of
the router. Static ARP entries can be configured, regardless of the current
operating mode. If static ARP entries are configured, they remain in the database
and can be displayed using the show arp CLI command.
Using CLI commands, you can:
Create up to 64 static ARP Table entries.
Display the ARP Table.
Delete ARP Table entries.
Display and delete automatically added ARP Table entries made by the DHCP
Proxy ARP
The DSL router supports Proxy ARP. Proxy ARP responses are based on the
contents of the IP Routing Table for service domain traffic. The table must have
entry information that indicates what hosts can be reached on the Ethernet
interface, including hosts for which the router will not forward packets because of
IP filters. For additional information on filtering, see IP Protocol Type Filtering on
page 3-11.
server and relay functions. Refer to Dynamic Host Configuration Protocol
(DHCP) Server on page 3-9.
Proxy ARP is not available on the DSL interface when the router is configured to
support RFC 1483 PDU routing. See Routed vs. Bridged PDUs on page 3-13 for
more information.
If an ARP request is received on one interface, and the requested IP address can
be reached on the other interface, the router responds with its own MAC address.
Using CLI commands, you can enable and disable Proxy ARP for each interface.
NOTES:
— When Basic NAT is enabled, the DSL interface (dsl1) must have Proxy
ARP enabled when the dsl1 interface address is part of the Basic NAT
global IP network address.
— Proxy ARP is not available on the DSL interface when PPPoE is enabled
for the ReachDSL Router.
— When IP Passthrough is enabled, the Ethernet interface (eth1) must have
Proxy ARP enabled.
3-6 November 20036300-A2-GB20-10
Page 33
Network Address Translation (NAT)
The DSL router provides NAT, as described in RFC 1631, IP Network Address
Translator (NAT). NAT allows hosts in a private (local) network to transparently
access the external (public or global) network using either a block of public IP
addresses (Basic NAT) or a single IP address (NAPT). Static mapping enables
access to selected local hosts from outside using these external IP addresses.
NAT is used when a private network’s internal IP addresses cannot be used
outside the private network. IP addresses may be restricted for privacy reasons, or
they may not be valid public IP addresses.
Simultaneous Basic NAT and Network Address Port Translation (NAPT) is
supported. Refer to Simultaneous Basic NAT and NAPT on page 3-8 for additional
information.
Basic NAT
Basic NAT allows hosts in a private network to transparently access the external
network by using a block of public addresses. Static mapping enables access to
selected local hosts from the outside. Basic NAT is often used in a large
organization with a large network that is set up for internal use, with the need for
occasional external access.
3. Configuring the DSL Router
Basic NAT provides a one-to-one mapping by translating a range of assigned
public IP addresses to a similar-sized pool of private addresses (typically from the
10.x.x.x address space). Each local host currently communicating with a external
host appears to have an unique IP address.
IP addresses
A total of 256 IP addresses can be allocated for use with Basic NAT. Two IP
addresses are reserved, and 254 IP addresses are available for use. Up to
64 static mappings can be configured.
Network Address Port Translation (NAPT/PAT)
NAPT allows multiple clients in a local network to simultaneously access remote
networks using a single IP address. This benefits telecommuters and SOHO
(Small Office/Home Office) users that have multiple clients in an office running
TCP/UDP applications. NAPT is sometimes referred to as PAT (Port Address
Translation).
NAPT provides a many-to-one mapping and uses one public address to interface
numerous private users to an external network. All hosts on the global side view
all hosts on the local side as one Internet host. The local hosts continue to use
their corporate or private addresses. When the hosts are communicating with
each other, the translation is based on the IP address and the protocol port
numbers used by TCP/IP applications.
6300-A2-GB20-10November 2003
3-7
Page 34
3. Configuring the DSL Router
Simultaneous Basic NAT and NAPT
Simultaneous Basic NAT and NAPT (or PAT) is supported. In this mode, the
servers (private IP addresses) using Basic NAT are configured and the devices
(private IP addresses) using NAPT are optionally configured (static mappings). If
not configured, the remaining private IP addresses default to NAPT.
Enabling Basic NAT does not disable NAPT. When both Basic NAT and NAPT are
enabled, Proxy ARP can also be enabled, although it is only used for Basic NAT.
Applications Supported by NAT
The DSL routers support the following applications and protocols:
FTP
HTTP
Ping
RealPlayer
Te ln et
TFTP
3-8 November 20036300-A2-GB20-10
Page 35
3. Configuring the DSL Router
Dynamic Host Configuration Protocol (DHCP) Server
The router provides a DHCP Server feature, as specified in RFC 2131, Dynamic
Host Configuration Protocol, and RFC 2132, DHCP Option and BOOTP Vendor
Extensions. DHCP is the protocol used for automatic IP address assignment.
DHCP setup considerations:
The range of IP addresses to be used by the DHCP server must be
configured. The maximum number of clients is 256.
The DHCP server is not activated until one IP address and subnet mask are
assigned to the Ethernet interface and routing is enabled.
The DHCP server must be enabled, and the DHCP server and DHCP relay
functions cannot be enabled at the same time.
When the DHCP IP address range is changed, all binding entries,
automatically added routes, and ARP Table entries for the clients configured
with the old address range are removed.
When the DHCP Server is enabled, there can be only one IP address
configured for the service domain (Ethernet interface).
The IP address for the next hop router provided to the hosts in the DHCP reply
must be configured.
The subnet mask can be configured along with the IP address range
(optional).
The DHCP server domain name can be configured (optional).
The Domain Name Server (DNS) IP address can be configured (optional).
A minimum and maximum lease time setting can be configured.
For additional information, refer to Chapter 4, DSL Router Configuration
Examples.
6300-A2-GB20-10November 2003
3-9
Page 36
3. Configuring the DSL Router
DHCP Relay Agent
The router provides the capability of serving as a DHCP Relay Agent, as specified
in RFC 2131, Dynamic Host Configuration Protocol. The router provides the
capability to enable and disable the DHCP Relay Agent and to configure the IP
address of the DHCP server to which the DHCP requests are to be forwarded.
The DHCP server assigns an IP address to the end-user system. When DHCP
Relay is enabled, it is possible to limit the number of DHCP clients. The IP Routing
Table and ARP Table are automatically updated. The DHCP relay agent in the
router should be used when there is a DHCP server upstream in the service
domain.
DHCP relay agent setup considerations include the following:
DHCP server IP address must be configured.
DHCP relay and routing must be enabled; that is, both the server address and
The number of DHCP clients can be limited to 1–256.
DHCP server and DHCP relay functions cannot be enabled at the same time.
the interface closest to the server are configured.
NAT and DHCP relay cannot be enabled at the same time.
3-10 November 20036300-A2-GB20-10
Page 37
Security
3. Configuring the DSL Router
The router offers security via the following:
Filtering. A filter consists of a set of rules applied to a specific interface to
indicate whether a packet received or sent on that interface is forwarded or
discarded. Filters are applied to traffic in either the inbound (from the Ethernet
port) or outbound (from the DSL port) direction on that interface:
— IP Protocol Type: TCP, UDP, or ICMP
— ICMP Message Type, Code
— TCP/UDP Ports
— Source/Destination IP Address
— Ethernet Type
Always enabled:
— Land Bug Prevention
IP Protocol Type Filtering
By default, IP Protocol Type (IP) filtering is disabled on the Hotwire DSL card for
the DSL router. If enabled, filtering provides security advantages on LANs by
restricting traffic on the network and hosts based on the source and/or destination
IP addresses.
There is one filter per direction, with a maximum of 33 rules per filter. For IP filters,
all filter access rules with a source host IP address are applied first, with all rules
with a destination host IP address applied next. The remaining filters are applied in
the order in which they were configured.
For additional information about IP filtering, refer to the Hotwire MVL, ReachDSL,
RADSL, IDSL, and SDSL Cards, Models 8310, 8312/8314, 8510/8373/8374,
8303/8304, and 8343/8344, User’s Guide.
— Smurf Attack Prevention
NOTE:
All Hotwire DSL Router filters are configured on the Hotwire DSL card. Some
routing parameters that affect filtering, such as enabling bridging or routing,
can only be configured on the DSL router.
6300-A2-GB20-10November 2003
3-11
Page 38
3. Configuring the DSL Router
Ethernet Type Filtering
Ethernet Type filtering (Ethertype) does not apply when the DSL router is in
router-only mode. By default, Ethertype filtering is disabled on the Hotwire DSL
card for the DSL router. If enabled, separate Ethertype filters are applied to the
Ethernet and/or DSL interface with one filter per interface direction. There is a
maximum of 16 rules per list. Each rule access list allows filtering of a single
Ethertype or a range of Ethertypes.
MAC frames can be filtered based on the:
SNAP Ethernet field in the 802.3 header.
Protocol type field in the DIX Ethernet header.
For Ethertype filters, the rules are applied in the order in which they were
configured. For additional information about Ethertype filters, refer to the Hotwire
MVL, ReachDSL, RADSL, IDSL, and SDSL Cards, Models 8310, 8312/8314,
8510/8373/8374, 8303/8304, and 8343/8344, User’s Guide.
Land Bug/Smurf Attack Prevention
Land Bug and Smurf Attack prevention are enhanced firewall features provided
by the router.
Land Bug – The router drops all packets received on its DSL or Ethernet
interface when the source IP address is the same as the destination IP
address. This prevents the device from being kept busy by constantly
responding to itself.
Smurf Attack – The router does not forward directed broadcasts on its DSL
and Ethernet interfaces, or send an ICMP echo reply to the broadcast
address. This ensures that a legitimate user will be able to use the network
connection even if ICMP echo/reply (smurf) packets are sent to the broadcast
address.
3-12 November 20036300-A2-GB20-10
Page 39
Routed vs. Bridged PDUs
The router supports both the VNET model and 1483 Routed model (derived from
RFC 1483) for the transportation of PDUs (Protocol Data Units) from the DSL
router to the router in the core network. When operating in Standard mode, the
DSL router in conjunction with the DSL line card with an ATM uplink (for example,
Model 8304, 8344, etc.) supports routed PDUs. When operating in VNET mode,
the DSL router in conjunction with the DSL line card with an ATM uplink supports
bridged PDUs only.
NOTE:
Standard mode vs. VNET mode is configured on the DSL card at the
DSLAM/GranDSLAM chassis by changing the link encapsulation on the DSL
port.
Both ends of the network (e.g., the DSL router and the DSL line card and the core
router) must be configured to operate the same way (i.e., routed or bridged).
If Using This Network Model . . . Then These DSL Cards Can Be Used . . .
3. Configuring the DSL Router
1483 Routed or Bridged
(Standard Mode)
1483 Bridged (VNET Mode)
Model 8304 24-port IDSL
Model 8314 12-port ReachDSL
Model 8344 24-port SDSL
Model 8374 12-port RADSL
Models 8303/8304 24-port IDSL
Models 8312/8314 12-port ReachDSL
Models 8343/8344 24-port SDSL
Models 8373/8374 12-port RADSL
Model 8510 12-port RADSL
6300-A2-GB20-10November 2003
3-13
Page 40
3. Configuring the DSL Router
Figure 3-1, 1483 Routed Network Model (Standard mode), illustrates the
1483 Routed model (Standard mode) in the network.
FUNI = Frame-based User-to-Network Interface
NSP's
Access
Device
NAP's
Core
Router
NSP's
Access
Device
NAP's ATM
Network
P
O
W
E
R
A
B
O
I
IPCHotwire
GranDSLAM
A
L
A
R
M
S
Fan
Maj
or
Mi
nor
Client
DSL
Router
Client
IP/MACIP/1483/FUNIIP/1483/ATM
00-16802
Figure 3-1.1483 Routed Network Model (Standard mode)
PPPoE Client Support
The Hotwire 6351 ReachDSL Router supports a PPPoE client as defined in
RFC 2516, allowing PPPoE functionality to be moved from the PC clients to the
ReachDSL Router. See PPPoE Client Commands in Appendix A, Command Line Interface, for information on configuring PPPoE client support.
PPPoE client support can only be enabled on the Hotwire 6351 ReachDSL Router
when:
The router is configured for IP Routing (bridging must be disabled),
The router must be in VNET mode,
Proxy ARP for the DSL interface must be disabled, and
No upstream next-hop route should be defined for the DSL interface.
In addition to using the CLI to enable PPPoE support, the CLI can be used to
specify the interface to assign the IP address negotiated during the network-layer
protocol phase of PPP (the default is the DSL interface).
3-14 November 20036300-A2-GB20-10
Page 41
When the negotiated IP
address is assigned to the . . . Then . . .
3. Configuring the DSL Router
Ethernet interface of the
ReachDSL Router
DSL interface of the
ReachDSL Router
DSL interface of the
ReachDSL Router using the
IP Passthrough feature
The DSL interface will automatically be configured as
unnumbered, and any IP address(es) previously
assigned to the Ethernet and DSL interfaces are
removed. A route for the subnet defined by the
negotiated IP address assigned to the Ethernet interface
will automatically be added to the IP routing table.
Any IP address(es) previously assigned to the DSL
interface are removed. The IP address(es) assigned to
the Ethernet interface are left intact unless they conflict
with the negotiated IP address. The IP address used by
the Ethernet interface must be assigned by the user.
The negotiated IP address is assigned to the DSL
interface of the DSL Router and served to a passthrough
device on the LAN interface via DHCP. Any IP address
previously assigned to the DSL interface is removed. Any
IP address assigned to the Ethernet interface is left intact
(unless it conflicts with the negotiated IP address). The IP
address used by the Ethernet interface must be assigned
by the user.
Once the PPP-negotiated IP address is assigned, the ReachDSL Router’s
configuration database will automatically be converted to a new configuration
determined by this IP address and the interface to which it is assigned. However,
any changes made to the interface assignment for the PPP-negotiated IP address
do not take effect until the next time the PPP link is established. This new
configuration will result in the following:
The DSL and/or Ethernet interface(s) are reconfigured.
Routes associated with any interfaces that have been removed are deleted.
An exception to this is when the negotiated IP address is assigned to the
Ethernet interface and the subnet defined by the interface’s IP address is the
same as the one defined by the negotiated IP address.
All dynamic ARP entries are removed. All static ARP entries associated with
the DSL interface and any removed interfaces are deleted. Static ARP entries
for the Ethernet interface are retained if the negotiated IP address is assigned
to the Ethernet interface and the subnet defined by the interface’s IP address
is the same as the one defined by the negotiated IP address.
The negotiated IP address automatically becomes the primary IP address and
the NAPT public IP address.
An active service domain Telnet session is terminated if the interface
associated with the session is removed or the IP address of the interface is
changing.
All DHCP bindings and BOOTP Relay Agent snoop information are removed if
the subnet defined by the Ethernet IP address changes. If the new Ethernet IP
address is still in the same subnet, then only the binding and snoop
information that conflicts with this IP address is removed.
6300-A2-GB20-10November 2003
3-15
Page 42
3. Configuring the DSL Router
If the DSL interface IP address changes, the Basic NAT static mapping that
If the IP Passthrough feature is used, the DHCP Server feature is
conflicts with the new DSL IP interface address and all Basic NAT dynamic
mappings are removed.
automatically enabled and the negotiated IP address is the only IP address
served. In addition, the derived subnet mask, discovered peer IP address, and
negotiated DNS server addresses (unless explicitly directed not to use the
DNS addresses) are configured as the DHCP options provided to the client.
3-16 November 20036300-A2-GB20-10
Page 43
DSL Router Configuration
Examples
Configuration Examples
The Hotwire DSL Router configuration examples in this chapter include only a
few of the possible scenarios. This chapter covers some of the common
configurations. The command syntax will vary based on your network setup.
Configuration commands require the access level of Administrator-Config and
changes need to be saved while in configuration mode to take effect. Refer to
Chapter 2, Accessing the DSL Router.
The Hotwire DSL Router configuration examples include:
4
Basic Bridging Configuration Example
Basic Routing Configuration Example
Basic NAT Configuration Example
NAPT Configuration Example
Simultaneous Basic NAT and NAPT Configuration Example
Unnumbered DSL Interface with Proxy ARP Configuration Example
DHCP Relay with Proxy ARP Configuration Example
DHCP Server with Basic NAT Configuration Example
PPPoE Client with NAPT and DHCP Server Configuration Example
Downstream Router Configuration Example
IP Passthrough Configuration Example
Refer to Appendix A, Command Line Interface, for specific commands and their
syntax. Refer to Appendix B, Configuration Defaults and Command Line
Shortcuts, for specific command default settings and abbreviated command line
syntax.
6300-A2-GB20-10November 20034-1
Page 44
4. DSL Router Configuration Examples
NOTES:
— Configuration examples included in this chapter cover some common
configurations, providing only a few of the possible scenarios.
— IP addresses used in the examples are for illustrative purposes only; they
are not intended to be used when configuring your local network.
— Adding static routes to the core router is typically necessary when routing
is enabled.
— Bridging-only mode is the default configuration.
Basic Bridging Configuration Example
This is the factory default configuration. To return the DSL router to the factory
default configuration, use the following command: configure factory.
Core
Router
155.1.3.1
WAN
DSL
DSL
Router
Customer Premises (CP)
Console
Por t
Connection
Ethernet
Hub
155.1.3.2
155.1.3.3
155.1.3.4
155.1.3.5
IP, IPX,
Apple Talk, etc.,
End-user
Systems
01-16966
NOTES:
— When the DSL router is configured for bridging, DSL link encapsulation for
the DSL port must be configured for EtherHDLC at the line card.
— This configuration is only supported with firmware version 4.2.5 or higher.
4-2 November 20036300-A2-GB20-10
Page 45
Basic Routing Configuration Example
Core
Router
155.1.4.1
WAN
In this basic routing example:
There are multiple clients with statically assigned public IP addresses
configured on the Ethernet side of the DSL router.
DSL
dsl1
155.1.4.254
DSL
Router
Customer Premises (CP)
Console
Por t
Connection
Ethernet
eth1
155.1.3.254
Hub
4. DSL Router Configuration Examples
End-user
Systems
155.1.3.2
155.1.3.3
155.1.3.8
01-16613-02
The IP addresses of the clients are contained within the subnet specified by
the configured Ethernet IP address and subnet mask.
The next hop router (default gateway) of the clients is the Ethernet interface
(eth1) of the DSL router.
The next hop router for downstream forwarding from the core router is the DSL
interface (dsl1) of the DSL router.
The commands and syntax for this example are:
ip routing enable
ifn address eth1 155.1.3.254 255.255.255.0
ifn address dsl1 155.1.4.254 255.255.255.0
ip route create upstream eth1 155.1.4.1
NOTES:
— The ip routing enable command is only required when using
firmware version 4.2.5 or higher.
— FUNI/MPOA (1483 routed) link encapsulation can be used with this
configuration and the DSL card Models 8304, 8314, 8344, and 8374. Link
encapsulation is configured on the DSL port. This link encapsulation must
match the core network encapsulation type. The ip route create upstream command is not necessary when using FUNI/MPOA link
encapsulation.
— If IP Scoping is enabled, the clients’ IP addresses must be entered into the
client VNID table.
6300-A2-GB20-10November 2003
4-3
Page 46
4. DSL Router Configuration Examples
To enable Telnet through the service domain via the DSL router Ethernet (eth1)
port, use the following commands:
NAT Mapping Public IP AddressesPrivate IP Addresses
155.1.3.310.1.3.2
155.1.3.410.1.3.3
155.1.3.510.1.3.4
155.1.3.610.1.3.5
In this Basic NAT example:
NAT is used for one-to-one mapping of addresses.
There are four private IP addresses configured on the Ethernet side of the
DSL router, with NAT static mappings to four public IP addresses.
The Ethernet interface (eth1) is in the private address space and the DSL
interface is in public address space.
The next hop router (default gateway) of the clients is the Ethernet IP address
of the DSL router, 10.1.3.1.
Since Basic NAT is enabled and the dsl1 interface address is on the same
subnet as the Basic NAT global IP network address, Proxy ARP must be
enabled on the DSL interface (dsl1). Proxy ARP is not necessary when using
FUNI/MPOA link encapsulation.
If IP Scoping is enabled, the client’s NAT mapping public IP addresses and the
dsl1 interface IP address must be entered into the client VNID table.
— The IP address assigned for the DSL interface and the IP address in NAT
static mappings can be in the same subnet, but cannot be the same IP
address.
— When IP Scoping is enabled, Basic NAT is enabled and the dsl1 interface
is NOT part of the Basic NAT global IP network, only the dsl1 interface’s IP
address must be entered into the client VNID table.
— The ip routing enable command is only required when using
firmware version 4.2.5 or higher.
— FUNI/MPOA (1483 routed) link encapsulation can be used with this
configuration and the DSL card Models 8304, 8314, 8344, and 8374. Link
encapsulation is configured on the DSL port. This link encapsulation must
match the core network encapsulation type. The ip route create upstream and proxy arp dsl1 enable commands are not
necessary when using FUNI/MPOA link encapsulation.
6300-A2-GB20-10November 2003
4-5
Page 48
4. DSL Router Configuration Examples
NAPT Configuration Example
Core
Router
155.1.3.1
WAN
DSL
dsl1
155.1.3.2
DSL
Router
Customer Premises (CP)
Console
Por t
Connection
Ethernet
eth1
10.1.3.1
Hub
10.1.3.2
Web Server
10.1.3.3
10.1.3.4
10.1.3.8
End-user
Systems
Telnet
Server
01-16611-03
NAPT Mapping Public IP AddressesPrivate IP Addresses
inbound 155.1.3.2, destination Port 2310.1.3.4 (Telnet server)
inbound 155.1.3.2, destination Port 8010.1.3.2 (Web server)
In this NAPT example:
The DSL router is configured for NAPT using a single public IP address.
When using NAPT, the DSL interface (dsl1) must be numbered because the
Ethernet interface will be configured within the private address space.
NAPT static mapping is configured for a server (Telnet port 23) on the
Ethernet interface, but the address is publicly available.
— The ip routing enable command is only required when using
firmware version 4.2.5 or higher.
— FUNI/MPOA (1483 routed) link encapsulation can be used with this
configuration and the DSL card Models 8304, 8314, 8344, and 8374. Link
encapsulation is configured on the DSL port. This link encapsulation must
match the core network encapsulation type. The ip route create upstream command is not necessary when using FUNI/MPOA link
encapsulation.
— NAPT is limited to one subnet.
6300-A2-GB20-10November 2003
4-7
Page 50
4. DSL Router Configuration Examples
Simultaneous Basic NAT and NAPT Configuration Example
The DSL router can be configured for Basic NAT and NAPT simultaneously. In the
private address space, multiple work stations can use NAPT and the servers can
use Basic NAT. This allows a server to support traffic other than TCP/UDP traffic
and accommodate multiple inbound traffic types. Using Basic NAT also allows you
to have multiple servers of the same type (Web, FTP, Telnet) on the private
network. All private addresses not specified in a Basic NAT map command will be
translated via NAPT.
Customer Premises (CP)
Web Server/
FTP/Telnet
10.1.3.2
Core
Router
155.1.3.1
WAN
DSL
dsl1
155.1.3.2
DSL
Router
Console
Por t
Connection
Ethernet
eth1
10.1.3.1
Hub
10.1.3.3
Web
Server
10.1.3.6
10.1.3.7
10.1.3.8
01-16967
In this Simultaneous Basic NAT and NAPT example:
Since Basic NAT is enabled and the dsl1 interface address is on the same
subnet as the Basic NAT global IP network address, Proxy ARP must be
enabled on the DSL interface (dsl1).
If IP Scoping is enabled, the client’s NAT mapping public IP addresses and the
dsl1 interface IP address must be entered into the client VNID table.
— When IP Scoping is enabled, Basic NAT is enabled and the dsl1 interface
is NOT part of the Basic NAT global IP network, only the dsl1 interface’s IP
address must be entered into the client VNID table.
— This configuration is only supported with firmware version 4.2.5 or higher.
— FUNI/MPOA (1483 routed) link encapsulation can be used with this
configuration and the DSL card Models 8304, 8314, 8344, and 8374. Link
encapsulation is configured on the DSL port. This link encapsulation must
match the core network encapsulation type. The ip route create upstream and proxy arp dsl1 enable commands are not
necessary when using FUNI/MPOA link encapsulation.
6300-A2-GB20-10November 2003
4-9
Page 52
4. DSL Router Configuration Examples
Unnumbered DSL Interface with Proxy ARP Configuration Example
Customer Premises (CP)
Core
Router
155.1.3.1
WAN
DSL
dsl1
Unnumbered
DSL
Router
Console
Por t
Connection
Ethernet
eth1
155.1.3.254
Hub
155.1.3.2
155.1.3.3
155.1.3.4
End-user
Systems
01-16768-01
In this unnumbered DSL Interface with Proxy ARP example:
The clients are statically configured and use the core router as the next hop
router (default gateway) in order to create the LAN extension configuration.
The DSL interface is unnumbered.
The clients, the DSL router’s Ethernet interface, and the core router’s interface
are all on the same logical network.
If IP Scoping is enabled at the DSL card, the eth1 and the client’s IP
addresses must be placed in the client VNID table (VNID mode must be
selected on the DSL cards with an ATM uplink, such as Model 8304, 8344,
etc.).
— The ip routing enable command is only required when using
firmware version 4.2.5 or higher.
— FUNI/MPOA (1483 routed) link encapsulation can be used with this
configuration and the DSL card Models 8304, 8314, 8344, and 8374. Link
encapsulation is configured on the DSL port. This link encapsulation must
match the core network encapsulation type. The ip route create upstream and proxy arp dsl1 enable commands are not
necessary when using FUNI/MPOA link encapsulation.
4-10 November 20036300-A2-GB20-10
Page 53
DHCP Relay with Proxy ARP Configuration Example
4. DSL Router Configuration Examples
DHCP
Server
Core
Router
155.1.3.253
WAN
155.1.3.1
Unnumbered
DSL
dsl1
DSL
Router
Customer Premises (CP)
Console
Por t
Connection
Ethernet
eth1
155.1.3.254
Hub
End-user
Systems
155.1.3.2
155.1.3.3
155.1.3.4
01-16612-02
In this DHCP Relay with Proxy ARP example:
The clients are using dynamic IP address assignment and use the core router
as the next hop router (default gateway) in order to create the LAN extension
configuration.
The DSL interface (dsl1) is unnumbered.
The clients, the Ethernet interface (eth1), and the core router interface are all
— The ip routing enable command is only required when using
firmware version 4.2.5 or higher.
— FUNI/MPOA (1483 routed) link encapsulation can be used with this
configuration and the DSL card Models 8304, 8314, 8344, and 8374. Link
encapsulation is configured on the DSL port. This link encapsulation must
match the core network encapsulation type. The ip route create upstream and proxy arp dsl1 enable commands are not
necessary when using FUNI/MPOA link encapsulation.
6300-A2-GB20-10November 2003
4-11
Page 54
4. DSL Router Configuration Examples
DHCP Server with Basic NAT Configuration Example
DNS
Name
Server
132.53.4.2
In this DHCP Server with Basic NAT example:
The clients are using dynamic IP address assignment and use the Ethernet
interface (eth1) of the DSL router as the next hop router (default gateway).
Core
Router
155.1.3.1
WAN
DSL
dsl1
155.1.3.2
DSL
Router
Customer Premises (CP)
Console
Por t
Connection
Ethernet
eth1
10.1.3.10
Hub
End-user
Systems
10.1.3.2
10.1.3.3
10.1.3.9
01-16952
The DSL interface (dsl1) must be numbered.
The DSL router is configured as the DHCP server providing the private IP
addresses to the clients.
The Ethernet interface is in private address space. NAT is used for
one-to-one mapping of addresses.
The commands and syntax for this example are:
ip routing enable
ifn address eth1 10.1.3.10 255.255.255.240
ifn address dsl1 155.1.3.2 255.255.255.0
ip route create upstream eth1 155.1.3.1
nat basic address 155.1.3.0
nat basic enable
dhcp server addresses 10.1.3.2 10.1.3.9
dhcp server router 10.1.3.10
dhcp server nameserver 132.53.4.2
dhcp server enable
NOTES:
— The ip routing enable command is only required when using
firmware version 4.2.5 or higher.
— FUNI/MPOA (1483 routed) link encapsulation can be used with this
configuration and the DSL card Models 8304, 8314, 8344, and 8374. Link
encapsulation is configured on the DSL port. This link encapsulation must
match the core network encapsulation type. The ip route create upstream command is not necessary when using FUNI/MPOA link
encapsulation.
4-12 November 20036300-A2-GB20-10
Page 55
4. DSL Router Configuration Examples
PPPoE Client with NAPT and DHCP Server Configuration Example
Customer Premises (CP)
DNS
Name
Server
132.53.4.2
In this PPPoE client with NAPT and DHCP server example:
The clients are using dynamic IP address assignment and use the Ethernet
interface (eth1) of the DSL router as the next hop router (default gateway).
SMS
WAN
PPPoE
DSL
dsl1
DSL
Router
Console
Por t
Connection
Ethernet
eth1
10.1.3.10
Hub
End-user
Systems
10.1.3.2
10.1.3.3
10.1.3.9
02-17133
The DSL router is configured as the DHCP server providing the private IP
addresses to the clients.
The Ethernet interface is in private address space.
The DSL interface and the NAPT public IP address will be assigned the IP
address negotiated during the network layer protocol phase of PPP.
The commands and syntax for this example are:
ip routing enable
bridging disable
ifn address eth1 10.1.3.10 255.255.255.0
pppoe enable
ppp authentication chap
ppp username paradyne@network
ppp password abc123
ppp ip dsl1 255.255.255.0
nat napt enable
dhcp server addresses 10.1.3.2 10.1.3.9
dhcp server router 10.1.3.10
dhcp server nameserver 132.53.4.2
dhcp server enable
NOTE:
This configuration is only valid for firmware release 4.3.x or higher.
6300-A2-GB20-10November 2003
4-13
Page 56
4. DSL Router Configuration Examples
Downstream Router Configuration Example
Customer Premises (CP)
End-user
Systems
120.26.7.1
Core
Router
155.1.3.1
WAN
DSL
dsl1
155.1.3.2
End-user
Systems
00-16591-01
DSL
Router
Console
Por t
Connection
Ethernet
eth1
120.26.7.5
Hub
120.26.7.2
120.26.7.3
120.26.7.100
Router
Hub
130.26.7.1
130.26.7.2
130.26.7.3
In this downstream router example:
There are clients statically configured and connected to the DSL router.
There are also clients connected behind a downstream router.
The DSL interface (dsl1) is numbered.
The next hop router for downstream forwarding from the core router to
networks 120.26.7.0 and 130.26.7.0 is the DSL router’s DSL interface (dsl1).
The commands and syntax for this example are:
ip routing enable
ifn address eth1 120.26.7.5 255.255.255.0
ifn address dsl1 155.1.3.2 255.255.255.0
ip route create upstream eth1 155.1.3.1
ip route create 130.26.7.0 255.255.255.0 120.26.7.100
NOTES:
— The ip routing enable command is only required when using
firmware version 4.2.5 or higher.
— FUNI/MPOA (1483 routed) link encapsulation can be used with this
configuration and the DSL card Models 8304, 8314, 8344, and 8374. Link
encapsulation is configured on the DSL port. This link encapsulation must
match the core network encapsulation type. The ip route create upstream command is not necessary when using FUNI/MPOA link
encapsulation.
4-14 November 20036300-A2-GB20-10
Page 57
IP Passthrough Configuration Example
NAS
WAN
197.23.26.51
DSL
dsl1
4. DSL Router Configuration Examples
Customer Premises (CP)
Console
Por t
Connection
Ethernet
eth1
192.168.158.1
197.23.26.51
Public
FTP
Server
192.168.158.10 192.168.158.11
Public
Web
Server
03-17489
In this example, the 6351 router shares its public IP address with another device.
NAPT is configured to support public FTP and web servers connected directly to
the router’s LAN interface. These servers share the same public IP address as the
passthrough device and are accessible to remote users via the configured static
NAPT mappings.
The DSL router detects and reports problem conditions that you can monitor. The
following indicators can alert you to possible problems:
LEDs
On the DSL router’s front panel. Refer to LED Status on page 5-2.
Status Messages
For the Ethernet and DSL interface links. Refer to Interface Status on
page 5-3.
5
Performance Statistics
For service and management domains, Ethernet and DSL interface and links,
IP processing, and bridge operation. Refer to Performance Statistics on
page 5-3.
SNMP Traps
For the current status of the router’s SNMP traps, if enabled. Refer to
Appendix C, Traps and MIBs.
When a problem is detected, refer to Chapter 6, Diagnostics and Troubleshooting,
for information regarding diagnostic tests, System Log messages, and
troubleshooting.
6300-A2-GB20-10November 20035-1
Page 60
5. Monitoring the DSL Router
LED Status
The Hotwire DSL Router’s front panel includes LEDs (light-emitting diodes) that
provide status on the router and its interfaces. In Table 5-1, Front Panel LEDs, the
Condition in BOLD shows what the LED should display after a successful
power-on self-test.
For the Hotwire 6351 ReachDSL Router, the DSL LED is replaced by the LINE and
TX/RX LEDs. Check the LINE LED to determine status of the connection to the
central office; check the TX/RX LED to determine status of data transfer on the
DSL Link.
Table 5-1.Front Panel LEDs
LEDCondition Status
PWRONThe router has power.
ALMBlinking
ON
OFF
TSTBlinking
ON
OFF
DSL
(all but the
Hotwire 6351
ReachDSL
Router)
LINE
(Hotwire 6351
ReachDSL
Router only)
TX/RX
(Hotwire 6351
ReachDSL
Router only)
Blinking
ON
OFF
Blinking
ON
OFF
ON
OFF
A firmware download is in progress. The TST LED is also
blinking alternately during a download.
An alarm condition exists.
No alarms have been detected by the router.
A firmware download is in progress. The ALM LED is also
blinking alternately during a download.
A power-on self-test or service provider-initiated test is in
progress.
No tests are active.
The router is establishing the active DSL link. The LED
blinks on and off about five times per second.
The DSL link is ready to transmit and receive data.
No DSL link has been established.
The router is establishing the active DSL link. The LED
blinks on and off about five times per second.
The DSL link is established.
No DSL link has been established.
Data transmission is in progress on the DSL line.
No data is being transmitted or received by the router.
ETHERNET
(The router may
have 1 or 4
Ethernet ports)
ON
OFF
The Ethernet connection is active.
No Ethernet device is detected.
5-2 November 20036300-A2-GB20-10
Page 61
Interface Status
5. Monitoring the DSL Router
Current status of the Ethernet (eth1) or DSL (dsl1) interface can be accessed
using the show interface CLI command.
Information provided about each interface includes the direction of the link, the
MAC address, Proxy ARP setting, the numbered interfaces, their IP addresses and
subnet masks.
See show interface {eth1 | dsl1} on page A-27 in Appendix A,
Command Line Interface, for information about the command and what is
displayed when the command is entered.
NOTE:
The Primary designation of a numbered interface (e.g., eth1:1) marks that
interface as the one that uses its IP address as a Router ID. If no interface is
defined as Primary, the last numbered interface that was created becomes the
Primary IP Address.
Performance Statistics
Performance statistics are available for the DSL and Ethernet interfaces, for IP
processing, and for the bridge using the show statistics CLI command.
These statistics are above and beyond what is collected and reported at the
DSLAM.
See show statistics [ eth1 | dsl1 | ip | bridge | pppoe | tftp]
on page A-30 in Appendix A, Command Line Interface, for information about the
command and what is displayed when the command is entered.
Clearing Statistics
The CLI allows you to clear a set of statistics, resetting the counts to zero. Refer to
Clearing Statistics Command in Appendix A, Command Line Interface, for
additional information.
6300-A2-GB20-10November 2003
5-3
Page 62
5. Monitoring the DSL Router
Reasons for Discarded Data
The router may discard frames or packets, shown when the show statistics
CLI command is entered. The following tables list the reasons why those frames
and packets were discarded:
Ethernet Interface (Ta b l e 5 -2 )
DSL Interface (Table 5-3)
IP Processing (Ta b le 5 - 4 )
Bridge (Ta ble 5 -5 )
See show statistics eth1 on page A-30 in Appendix A, Command Line
Interface, for additional information.
Table 5-2.Reasons for Ethernet Interface (eth1) Discarded Frames
Reason
Frame Length Greater than Max (exceeds maximum length allowed)
See show statistics pppoe on page A-32 in Appendix A, Command Line Interface, for additional information.
Table 5-6.Reasons for PPPoE Discarded Frames
Reason
Rx Session Packets Ignored
No Session for Tx Session Pkts
PAD Packets Ignored
Invalid Tags Received
Invalid Version/Type Received
Invalid Ethernet Type Received
Invalid Code Received
Invalid Length Received
6300-A2-GB20-10November 2003
5-7
Page 66
5. Monitoring the DSL Router
See show statistics pppoe on page A-32 in Appendix A, Command Line Interface, for additional information.
Table 5-7.Reasons for PPP Discarded Frames
Reason
Down Port Discards
LCP Bad Addresses Received
LCP Bad Control Received
LCP Packet Too Long Received
LCP Bad FCS Received
Link Quality − In Errors
Link Quality − In Discards
5-8 November 20036300-A2-GB20-10
Page 67
Diagnostics and Troubleshooting
Diagnostics and Troubleshooting Overview
Several features are available to assist you in evaluating the Hotwire DSL Router.
The following sections are covered in this chapter:
Device Restart
Alarms Inquiry
System Log on page 6-2
Ping on page 6-5
6
Device Restart
Alarms Inquiry
TraceRoute on page 6-7
The DSL router can be restarted locally or remotely. From the CLI, type Restart
and press Enter.
The router reinitializes itself, performing a power-on self-test and resetting the
local System Log (SYSLOG).
The DSL router’s front panel includes an Alarm (ALM) LED to alert you to alarm
conditions. The alarm(s) detected can be viewed using the show alarms CLI
command.
See show alarms on page A-24 in Appendix A, Command Line Interface, for
information about the command and what is displayed when the command is
entered.
6300-A2-GB20-10November 20036-1
Page 68
6. Diagnostics and Troubleshooting
System Log
The router can log significant system events (SYSLOG). The SYSLOG can be
maintained locally on the router and can also be sent to a remote SYSLOG server.
To activate:
The router must be configured to enable the output of SYSLOG messages via
the syslog enable command.
The Management Controller Card (MCC) always has SYSLOG enabled.
An IP address (loopback or remote) must be supplied.
The SYSLOG can also be captured by a remote SYSLOG server running the
UNIX daemon syslogd or an equivalent program. It is necessary to know the
IP address where the syslogd resides and the UDP port number the syslogd is
using.
The advantage of using a remote SYSLOG server is that ALL events will be
maintained upon restart of the router. The local SYSLOG is cleared upon
restart.
Events are classified by severity level and the system administrator can specify the
minimum severity to be logged.
Table 6-1.SYSLOG Commands (1 of 2)
show syslog
Minimum Access Level: Operator
Command Mode: Standard
Shows whether the current status of system as enabled or disabled. The severity level, IP
address, domain, and User Datagram Protocol (UDP) port are displayed.
Displays the contents of the local system error log. (The 100 most recent SYSLOG entries
are kept locally.) The user specifies how many entries they wish to view. Entries are
displayed in reverse order from most recent to oldest.
number – The number of local entries to be seen. The default is 10; the range is 1–100.
NOTE: The locally retained SYSLOG will be reset at the router if the restart
command is issued. External logs are retained after a router restart.
6300-A2-GB20-10November 2003
6-3
Page 70
6. Diagnostics and Troubleshooting
SYSLOG Events
The following are some SYSLOG events that are reported for defined severity
levels.
Table 6-2.SYSLOG Messages
LevelDescriptionEvent
EMEREmergency and
the unusable
system reporting
ERRError condition
reporting
NORMNormal or
administrative
reporting
Alarm Cleared
Alarm Set
System Abort
ARP Table size exceeded
Executable image in flash invalid
Frame received in error
Admin enable
Admin enable failure
Any configuration change command
Configuration changes saved
Download completed
Download failure
Login
Login failure
Logout
Statistics cleared
Switch program LMC message received
System started
INFOInformational
reporting
ARP table entry created due to packet arrival
ARP table entry created for DHCP address assignment
ARP table entry deleted due to time out
Device information LMC message received
Packet filter action
Routing table entry created for DHCP address assignment
The Ping program is an IP-based application used to test reachability to a specific
IP address by sending an ICMP echo request and waiting for a reply. A Ping can
test upstream or downstream connectivity.
Minimum Access Level: Operator
Command Mode: Standard
Pings the specified destination IP address. Once Ping starts, the input prompt does not
redisplay until the Ping is finished or aborted with Ctrl-c.
Example: ping 135.300.41.8 –l 144 –w 30 -i eth1
dest-ip– The destination IP address of the device to ping.
mgt – Specifies that the IP address is in the management domain (through the MCC). The
mgt designation cannot be entered unless you have Administrator access level. Do not
use this designation with the –x source-ip selection.
source-ip – The source IP address to be used. The default source IP address is from the
service domain in which the test is being done. The IP address is validated to verify that it
is an interface IP address.
bytes – Bytes of data sent. The default is 64 bytes; the range is 0–15,000.
time – Number of seconds to wait before ending ping attempt. The default is 10 seconds;
the range is 0–60.
interface – Specifies the target interface for the command. Do not use with –x source-ip
selection.
eth1 – Ethernet interface
dsl1 – DSL interface
6300-A2-GB20-10November 2003
6-5
Page 72
6. Diagnostics and Troubleshooting
Ping Test Results
Ping test results display in the following formats.
For a successful Ping:
For a timeout:
For an ICMP echo response of an unreachable destination:
Ping reply from [x.x.x.x]: bytes of data= nn
Where nn is the number of bytes of data.
Ping reply from [x.x.x.x]: REQUEST TIMED OUT
Ping reply from [x.x.x.x]: DESTINATION UNREACHABLE
6-6 November 20036300-A2-GB20-10
Page 73
TraceRoute
6. Diagnostics and Troubleshooting
The TraceRoute program is an IP diagnostic tool that allows you to learn the path
a packet takes from the service domain local host to its remote host.
If you are unable to ping a device in a Hotwire network configuration, you may
want to run a TraceRoute to identify the link (destinations up to 64 hops) between
the router and the device that is not forwarding the Ping message.
Minimum Access Level: Operator
Command Mode: Standard
Performs TraceRoute to the specified destination IP address. Once TraceRoute starts, the
input prompt will not redisplay until TraceRoute finishes or is aborted with Ctrl-c.
Example: traceroute 135.300.41.8 –w 60 -i eth1
dest-ip – The destination IP address for TraceRoute.
source-ip – The source IP address used. The default source address is from the service
domain in which the test is being done. The IP address is validated to verify that it is an
interface IP address.
bytes – Bytes of data (l = length). The default is 64 bytes; the range is 0–15,000.
time – Time (in seconds) before the TraceRoute is abandoned. The default is 10 seconds;
the range is 0–60.
hops – Decimal number that specifies the maximum number of hops to be tested. The
default is 8; the range is 0–128.
interface – Specifies the target interface for the command. Do not use with the
–x source-ip selection.
eth1 – Ethernet interface
dsl1 – DSL interface
_dsl1 }]
6300-A2-GB20-10November 2003
6-7
Page 74
6. Diagnostics and Troubleshooting
TraceRoute Test Results
TraceRoute results display in the following format:
Tracing route to x.x.x.x over a max. of nn hops, with nnn
byte packet
Round Trip Time
IP Address of
Hop #
1<100 ms<100 ms<100 msx.x.x.x
2<100 ms<100 ms<100 msx.x.x.x
3<200 ms<200 ms<200 msx.x.x.x
4<200 ms<200 ms<200 msx.x.x.x
Responding SystemTry # 1Try # 2Try # 3
The Hop # is the Time to Live (TTL) value set in the IP packet header. The Round
Trip Time contains the time in 100 ms intervals for each attempt to reach the
destination with the TTL value.
6-8 November 20036300-A2-GB20-10
Page 75
Command Line Interface
Command Line Interface Capability
The Hotwire DSL router is managed with text commands from the Command Line
Interface (CLI). The CLI can be accessed:
Locally with an ASCII terminal connected to the Console port, or
Remotely via a Telnet session (through the management interface or from the
service domain).
The CLI is ASCII character-based and provides the capability to:
A
Display the syntax of commands.
Change the operational characteristics of the router by setting configuration
values.
Restore all configuration values to the initial factory default settings.
Display the router’s hardware and identification information.
Display system status, including DSL link and Ethernet status.
Display a sequence of commands that will set all configurable parameters to
their current value.
Refer to Appendix B, Configuration Defaults and Command Line Shortcuts.
6300-A2-GB20-10November 2003A-1
Page 76
A. Command Line Interface
Navigating the Router’s CLI
The Hotwire DSL router’s CLI uses the following keys (as do most terminal
emulation programs):
Enter or Return – Accepts the input.
Ctrl-c – Aborts the entry or clears the input line.
Down Arrow – Repeats an entry within the last five entries made.
Up Arrow – Displays the last entry.
Left Arrow – Moves the insertion point one space to the left.
Right Arrow – Moves the insertion point one space to the right.
Command Recall
The router keeps a history of the last several commands entered on the CLI. For
example, if you press the Up Arrow key, the most recently entered command
appears on the command line, where it can be edited and reentered by pressing
Enter. If you press the Up Arrow key again, the next most recent command
appears, etc.
Syntax Conventions
After pressing the Up Arrow key one or more times, pressing the Down Arrow key
moves down the list of recent commands, wrapping past the end of the list in either
direction.
Commands appearing in the command line can be edited. Use the Left and Right
Arrow keys to move the insertion point, enter the new characters or use the Delete
key to delete the character just to the left of the insertion point.
The following conventions are used in command line syntax throughout this
manual. With the exception to the Login ID and Password, the CLI is not
case-sensitive.
ConventionTranslation
[ ]
{ }
|
Italics
Bold
Square brackets represent an optional element.
Braces represent a required entry.
Vertical bar separates mutually exclusive elements.
Entry is a variable to be supplied by the operator.
Enter (type) as shown.
x.x.x.x32-bit IP address and mask information where x is an
8-bit weighted decimal notation.
xx:xx:xx:xx:xx:xxMAC address information where x is a hexadecimal
notation.
A-2 November 20036300-A2-GB20-10
Page 77
CLI Commands
A. Command Line Interface
The following types of commands are included in this section:
Configuration Commands on page A-4
RFC 1483 Encapsulation Command on page A-5
Ethernet Frame Format Command on page A-5
Interface and Service Domain IP Address Commands on page A-6
IP Routing Commands on page A-7
Bridge Commands on page A-8
ARP Commands on page A-9
Proxy ARP Command on page A-10
NAT Commands on page A-11
DHCP Server Commands on page A-14
DHCP Relay Agent Commands on page A-16
IP Packet Processing Commands on page A-17
PPPoE Client Commands on page A-18
Telnet Commands on page A-21
Tra ps C o m m a n d on page A-23
Clearing Statistics Command on page A-23
Show Commands on page A-24
6300-A2-GB20-10November 2003
A-3
Page 78
A. Command Line Interface
Configuration Commands
To show a configuration, refer to show config on page A-25.
Causes the router to enter configuration mode. Configuration mode remains in effect until
the exit or logout command is entered. While in configuration mode, show commands
are unavailable.
terminal – Configuration mode is in effect and all changes made are made on top of the
current running configuration. When you are finished entering the commands needed to
configure the router, the save command must be entered for the configuration to take
effect, or the exit command can be entered to discard the configuration changes and
leave configuration mode.
factory – Causes configuration mode to be entered and the factory default settings are
loaded. The save command must be entered to save the configuration factory defaults
to the active configuration.
CAUTION: All previously set interface IP address assignments, IP route table entries,
ARP cache entries, NAT static entries, and DHCP server entries will be purged when
the save command is executed.
Saves configuration changes to the active configuration in NVRAM. No configuration
changes are in effect until the save command is issued.
If the save command is entered and there are changes that require a reboot of the router,
a prompt states that a reset is necessary for changes to take effect, and you are prompted
for verification.
– If yes is entered, the changes are stored, and the router resets automatically if
interface addresses have been changed.
– If no is entered, the router remains in configuration mode.
Up to four (4) IP addresses can be assigned on each interface. An interface address and
mask cannot be changed while there is a static route (upstream or downstream) that uses
it. Interface IP address ranges must not overlap.
eth1, eth1:1, eth1:2, eth1:3, eth1:4 – Ethernet interface (eth1 is the same as eth1:1).
dsl1, dsl1:1, dsl1:2, dsl1:3, dsl1:4 – DSL interface (dsl1 is the same as dsl1:1).
ip-address – The IP address associated with the specified interface.
mask – The subnet mask associated with the specified IP address.
primary – The Primary designation of a numbered interface marks that interface as the
one whose IP address will be used as the Router ID. (The Router ID is important when the
DSL interface is unnumbered.) If no interface is defined as Primary, the last numbered
interface created will become the Primary IP Address.
unnumbered – Specifies that the DSL interface is to be unnumbered.
NOTES:
– For each defined Ethernet interface, a corresponding upstream next hop router IP
address must be configured for routing of packets received on that interface, unless
FUNI/MPOA link encapsulation is being used or PPPoE is enabled. See ip route
create upstream eth1[:ifn] next-hop-ip on page A-8 for more details.
– When the eth1 is assigned an IP address, this section also defines the logical
network (subnet) containing the locally attached hosts. An IP route table entry will
automatically be created to correspond to the subnet defined by the mask.
– When the DSL interface is numbered, multiple logical Ethernet interfaces can be
assigned to the same DSL logical interface by configuring the same upstream next
hop router. This is not necessary if FUNI/MPOA link encapsulation is being used or
PPPoE is enabled.
– The configured DSL logical interfaces must be either all numbered or a single
unnumbered interface.
– When NAT is being used, the DSL interface must be numbered.
– When NAT, DHCP Server, or DHCP Relay is enabled, there can be only one service
domain configured. Only one logical interface must be defined for each physical
interface, i.e., one IP address to each interface.
A-6 November 20036300-A2-GB20-10
Page 81
IP Routing Commands
Table A-5. IP Routing Commands (1 of 2)
A. Command Line Interface
ip route create dest-ip dest-mask {next-hop-ip |remote}
ip route delete dest-ipdest-mask
Configures the downstream static routes. Downstream routes cannot be created unless at
least one Ethernet interface has been configured. To configure upstream routers, refer to
the next set of entries.
Example: Refer to Chapter 4, DSL Router Configuration Examples.
create – Create a downstream IP route table entry. To configure a downstream default
gateway, enter a destination IP address and a subnet mask of 0.0.0.0. A maximum of
32 static routes can be created.
delete – Delete a downstream IP route table entry. This will delete an IP route placed in
the table by the DHCP server, the DHCP relay, or manually entered static entries.
NOTE: An interface route is created automatically when an IP address and subnet
mask are assigned to an Ethernet interface with the ifn address command. The
Ethernet interface route can be deleted with the ip route purge or the ip route
delete command. Once deleted, the interface route can be entered manually using
ip route create or a new ifn address command.
dest-ip – IP address of the destination. The destination IP address must be within the
address range of a configured Ethernet interface or the next-hop-ip address must be
provided.
dest-mask – Subnet mask for the destination IP address.
next-hop-ip – IP address of the next hop downstream router used to reach the
destination. A next hop with an IP address of 0.0.0.0 specifies a directly reachable client.
A non-zero next-hop-ip address must be within the address range of an Ethernet
interface.
remote – Indicates that the device specified by the destination IP address and subnet
mask is logically within a local subnet route but is not on the physical Ethernet and resides
upstream from the DSL router. A remote route cannot be created unless at least one DSL
interface has previously been configured.
6300-A2-GB20-10November 2003
A-7
Page 82
A. Command Line Interface
Table A-5. IP Routing Commands (2 of 2)
ip route create upstream eth1[:ifn] next-hop-ip
ip route delete upstream eth1[:ifn]
Enters or deletes upstream IP routing table entries. When the DSL interface is
unnumbered, an IP routing table entry is automatically created, with the next hop router as
remote. To configure downstream routers, refer to the previous set of entries.
Example: Refer to Chapter 4, DSL Router Configuration Examples.
create – Creates an upstream IP route table entry.
delete – Deletes an upstream IP route table entry.
eth1, eth1:1, eth1:2, eth1:3, eth1:4 – Specifies the logical Ethernet interface (eth1 is the
same as eth1:1).
next-hop-ip – IP address of the next hop upstream router used to reach the remote
destination.
NOTE: When the DSL interface is numbered, the next hop router IP address must fall
into one of the service domain IP subnets configured for the DSL interface.
Deletes all IP route table entries, including interface routes and those automatically added
by DHCP Server and DHCP Relay agent.
NOTE: An interface route is created automatically when an IP address and subnet
mask are assigned to an Ethernet interface with the ifn address command. The
Ethernet interface route can be deleted with the ip route purge or the ip route
delete command. Once deleted, the interface route can be entered manually using
ip route create or a new ifn address command.
Enables or disables transparent bridging of traffic in the service domain. Bridging is only
supported when both the router and network are in VNET mode. Traffic in the
management domain is unaffected by this command; IP traffic is always enabled for
management traffic. Refer to the Show Commands on page A-24 to see the router’s
bridge configuration and filtering database.
enable – Bridging is activated in the service domain. All protocols, including IP, are
bridged unless IP routing is enabled. This is the default setting.
Specifies the amount of time that an unused dynamic entry to the bridge’s filtering
database will be maintained before it is automatically deleted. If no time is specified, the
timeout value is reset to the default setting.
time – Valid range for aging timeout is 10–1000000. The default is 300 seconds.
Specifies the spanning-tree ranking for the bridge. The higher the priority, the less likely
this bridge will be selected as the spanning-tree root. If no priority is specified, the bridge
priority is reset to the default setting.
priority – Valid range for the priority is 0– 65535. The default is 32768.
Enables or disables the spanning-tree protocol, version IEEE 802.1D, when bridging is
enabled. Spanning-tree protocol is used to prevent loops when bridging is enabled. Refer
to the Show Commands on page A-24 to see the spanning-tree topology for the router.
enable – Spanning tree protocol is used.
disable – Spanning tree protocol is not used. This is the default setting.
Specifies the Address Resolution Protocol (ARP) Table timeout value, in seconds, for
incomplete ARP table entries. The default is 5 seconds. If no time is specified, the timeout
value is reset to the default setting.
Specifies the ARP table timeout value in minutes for complete ARP Table entries.
The default is 20 minutes. If no time is specified, the timeout value is reset to the default
setting.
Creates or deletes a single, static Address Resolution Protocol (ARP) Table entry. Static
ARP entries created with this command are retained across resets/power cycles.
Examples: arp create 132.53.4.2 00:10:4b:97:6c:44
arp delete 132.53.4.2
create – Create an ARP table entry. A maximum of 64 entries can be created.
delete – Delete an ARP table entry.
ip-address – The IP address of the ARP entry to be created or deleted.
Enables or disables the one-to-one mapping function of Basic Network Address
Translation (NAT). For Basic NAT, Proxy ARP on the dsl1 interface must be enabled when
the dsl1 interface address is part of the Basic NAT global IP network address.
enable – The one-to-one mapping function of Basic NAT is active.
disable – One-to-one mapping cannot take place. This is the default setting.
Defines the public IP host address to use in the many to one mapping function of NAPT.
NAPT cannot accept incoming requests, unless a static NAT entry has been configured.
Permits global access to a local server, such as a Web server. Port-based static entries
can be configured for NAPT. This allows a global host to access a server behind the DSL
router without exposing the local server’s IP address.
A maximum of 64 static mappings can be created.
Example: nat napt map tcp 192.128.1.1 102
udp, tcp – Specify the protocol used, User Datagram Protocol or Transmission Control
Protocol.
server-ip – Enter the IP address of a local server. Only one server of a particular type
(FTP, Telnet, SMPT, TFTP, gopher, finger, http, etc.) can be supported at one time.
port – The destination port number for the specified server.
Statically maps public to private IP addresses for the one-to-one mapping function of
Basic NAT. In the first command, a single address pair is mapped. In the second
command, a range of IP addresses will be contiguously mapped starting at the pair
defined by the lower-public-ip and lower-private-ip argument. A maximum of 64 static
mappings can be created.
Example: nat basic map 192.128.1.1 10.1.3.2
public-ip – IP address of the public address space which is to be mapped to the IP
address of a local host.
private-ip – IP address of a local host which is to be mapped to an IP address in the
public IP address space.
lower-public-ip – Lowermost IP address of a range of public addresses which are to be
mapped to a range of IP addresses of local hosts.
lower-private-ip – Lowermost IP address of a range of local host IP addresses which are
to be mapped to a range of IP addresses in the public IP address space.
upper-private-ip – Uppermost IP address of a range of local host IP addresses which are
to be mapped to a range of IP addresses in the public IP address space.
In the first command, the command deletes static mapping entry associated with the
specified one-to-one mapping of Basic NAT. In the second command, a range of
mappings will be contiguously deleted starting at the pair defined by the lower-private-ip
and ending with the upper-private-ip argument.
Example: nat basic delete 192.128.1.1
private-ip – Statically mapped IP address of the local host.
lower-private-ip – Lowermost IP address of a range of local host IP addresses which are
to be deleted.
upper-private-ip – Uppermost IP address of a range of local IP addresses which are to
be deleted.
Enables or disables the DHCP server. For the DHCP Server to be enabled, one (and
only one) address must be assigned to the Ethernet interface. The DHCP Server and
the DHCP Relay Agent cannot be enabled at the same time.
Example: dhcp server enable
enable – Enable the DHCP Server.
disable – Disable the DHCP Server. This is the default setting.
dhcp server addresses lower-ip-address upper-ip-address [mask]
Specifies the range of IP addresses to be used by the DHCP server. When the DHCP
address range is changed, all binding entries, automatically added routes, and ARP
entries are removed.
Example: dhcp server address 132.53.4.2 132.53.4.250
mask – Specifies the subnet mask used by the DHCP server. If the mask is not specified,
then the subnet mask assigned to the DSL router’s Ethernet interface is used.
A-14 November 20036300-A2-GB20-10
Page 89
A. Command Line Interface
Table A-10. DHCP Server Commands (2 of 2)
dhcp server leasetime min-lease-time max-lease-time
Enables or disables routing capability for traffic in the service domain so the device
operates as a router (gateway) or a bridge.
NOTE: IP routing of traffic in the management domain is unaffected by this command;
IP routing is always enabled for management domain traffic.
enable – Enable IP routing for traffic in the service domain; the router operates as a
gateway. If upgrading software to R3, the default is enable so the router’s current
functionality is retained.
disable – Disable IP routing for traffic in the service domain. This is the default setting.
Enables or disables the processing of all service domain packets, including IP packets.
This setting is retained across power cycles.
enable – Enable processing of packets. This is the default setting.
disable – Disable processing of packets.
6300-A2-GB20-10November 2003
A-17
Page 92
A. Command Line Interface
PPPoE Client Commands
PPPoE Client commands are supported only for the Hotwire 6351 ReachDSL
Router, and only when the router is configured for IP routing (bridging must be
disabled) and is operating in VNET mode.
Chapter 3, Configuring the DSL Router for more information.
Enables or disables PPPoE client support in the service domain.
enable – Enable PPPoE client support in the service domain. When the PPPoE client is
enabled, Proxy ARP for the DSL interface must be disabled and no upstream next hop
routers should be defined for the DSL interface.
disable – PPPoE client support is not available. This is the default setting.
ppp ip {eth1 | dsl1 | passthrough} [mask] [no-dns]
Specifies the interface to assign the PPP negotiated IP address for the ReachDSL Router.
The IP address is negotiated during the network-layer protocol phase of PPP.
NOTE: This IP address is retained through a power reset and does not cause the
ReachDSL Router to reset. However, a change to this option does not take effect until
the next PPP link establishment. At that time, the new configuration determined by this
IP address and its assigned interface will overwrite the current configuration.
eth1 – The negotiated IP address will be assigned to the Ethernet interface of the
ReachDSL Router. The DSL interface will then be automatically configured as
unnumbered, and any IP address previously assigned to the Ethernet and DSL interfaces
is removed. A route for the subnet defined by the negotiated IP address assigned to the
Ethernet interface will automatically be added to the IP routing table.
NOTE: An attempt to assign the negotiated IP address to the Ethernet interface when
NAT is enabled will be rejected since the DSL interface must be numbered when NAT
is enabled.
dsl1 – The negotiated IP address will be assigned to the DSL interface of the ReachDSL
Router. Any IP address previously assigned to the DSL interface is removed. Any IP
address assigned to the Ethernet interface remains intact unless there is a conflict with
the negotiated IP address. IP address assignment to the Ethernet interface is the
responsibility of the user when dsl1 is selected. This is the default setting.
passthrough – The negotiated IP address will be assigned to the DSL interface of the
ReachDSL Router and served to a passthrough device on the LAN interface via DHCP.
When the address is assigned to the DSL Router, any IP address previously assigned to
the DSL interface is removed. Any IP address assigned to the Ethernet interface is left
intact (unless it conflicts with the negotiated IP address). IP address assignment to the
Ethernet interface is the responsibility of the user when passthrough is selected.
(Continued on next page)
A-18 November 20036300-A2-GB20-10
Page 93
A. Command Line Interface
Table A-13. PPPoE Client Commands (2 of 3)
ppp ip {eth1 | dsl1 | passthrough} [mask] [no-dns]
(Continued from previous page)
The passthrough device is selected as the first to broadcast a DHCP DISCOVER. The
DHCP Server feature of the DSL Router will be automatically enabled and the negotiated
IP address will be configured as the range of IP addresses to be served. In addition, the
derived subnet mask (see the description for mask below) and discovered peer IP
address will be configured as the Subnet and Router option values, respectively, provided
by the DHCP server to its clients. Because the DHCP Server is required for passthrough,
selecting this option is restricted by the same mutual exclusion rules that apply to the
DHCP Server feature. For example, since the DHCP Server and the DHCP Relay Agent
features cannot be enabled simultaneously, attempting to select the passthrough option of
this command when the DHCP Relay Agent is enabled will result in rejection of the save
command.
NOTE: Proxy ARP must be enabled on the Ethernet interface for traffic to be properly
forwarded from the passthrough device.
mask – The subnet mask associated with the PPP negotiated IP address. If the mask is
not specified, a mask is calculated that is the longest mask that allows the negotiated IP
address and the IP address of the PPP link peer to reside in the same subnet.
no-dns – The negotiated DNS server address values are not passed to the client when
the DHCP Server feature is enabled. See DHCP Server Commands on page A-14.
Specifies the authentication protocol to be negotiated and used in the PPP session. The
ReachDSL Router will always be the authenticated party of this protocol.
NOTES:
– A change to this option does not take effect until the next PPP link establishment.
– To negotiate an authentication protocol, the CHAP host name and secret or PAP
peer ID and password must have already been configured (using the ppp
username and ppp password commands), or the negotiation will operate as
though the default setting (none) has been configured.
chap – During the link establishment phase, the ReachDSL Router will accept the
proposed use of the Challenge Handshake Authentication Protocol (CHAP) only.
pap – During the link establishment phase, the ReachDSL Router will accept the
proposed use of the Password Authentication Protocol (PAP) only.
both – During the link establishment phase, the ReachDSL Router will accept the
proposed use of either CHAP or PAP.
none – During the link establishment phase, the ReachDSL Router will not negotiate to
use any authentication protocol nor will it accept the proposed use of one. This is the
default setting.
Specifies the CHAP host name or PAP peer ID to use for authentication in the PPP
session when PPP authentication is enabled and successfully negotiated. To delete the
user name, enter this command without specifying a user name on the command line.
NOTE: A change to this option does not take effect until the next PPP link
establishment.
username – The PPP user name in the format user@context. The maximum length is
127 characters (case-sensitive).
Specifies the CHAP secret or PAP password to use for authentication in the PPP session
when PPP authentication is enabled and successfully negotiated. To delete the password,
enter this command without specifying a password on the command line. This command
is not included in the output of the List command.
NOTE: A change to this option does not take effect until the next PPP link
establishment.
password – The PPP password. The maximum length is 31 characters (case-sensitive).
A-20 November 20036300-A2-GB20-10
Page 95
Telnet Commands
A. Command Line Interface
The Telnet commands are only available for the Hotwire 6351 ReachDSL Router.
Provides the capability of configuring up to four login/password/access level combinations
in the service domain from which the ReachDSL Router will accept Telnet connections
when Telnet Login is enabled. To change an access level or login ID, you must first delete
it, then recreate it. To change a password, reenter the create command line with the new
password.
admin – The maximum access level for the log-in/password combination is Administrator.
operator – The maximum access level for the log-in/password combination is Operator.
login-id – An ID of 1–31 alphanumeric characters in the ASCII hex range of 0x21–0x7E.
Invalid characters are #, $, %, and &.
password – A password of 1–31 alphanumeric characters in the ASCII hex range of
0x21–0x7E. Invalid characters are #, $, %, and &.
Enables or disables the Telnet keep-alive timer used by the ReachDSL Router to detect
when a service domain Telnet client has crashed and is down or has rebooted. This
allows the ReachDSL Router to terminate the Telnet connection and allow Telnet access
for another user.
CAUTION: Enabling this option can cause an otherwise good connection to be
terminated due to a temporary loss of connectivity in the network between the Telnet
client and the ReachDSL Router.
enable – Enables the Telnet keep-alive timer.
disable – Disables the Telnet keep-alive timer. This is the default setting.
Determines the duration that the ReachDSL Router will wait to receive traffic from a
service domain Telnet client before terminating the connection. The timer is reset
whenever a the ReachDSL Router receives any Telnet packet from the client.
time – The timeout value in minutes (1–600). The default is 30. If no time is specified, the
timeout value is reset to the default setting.
Determines the duration that the ReachDSL Router will wait when there is no activity on
the connection before probing the Telnet client. The start of the interval is reset whenever
a the ReachDSL Router receives any Telnet packet from the client.
time – The interval value in seconds (1–10000). The default is 900. If no time is specified,
the interval value is reset to the default setting.
Minimum Access Level: Administrator
Command Mode: Standard
Clears the specified set of statistics. If no set of statistics is entered, ALL statistics for the
router are cleared.
Example: clear statistics eth1
– Ethernet interface statistics.
eth1
dsl1 – DSL interface statistics.
– IP processing statistics.
ip
bridge – Bridge statistics.
pppoe – PPPoE statistics.
tftp – TFTP statistics.
6300-A2-GB20-10November 2003
A-23
Page 98
A. Command Line Interface
Show Commands
Table A-17. Show Commands (1 of 10)
show alarms
Minimum Access Level: Operator
Command Mode: Standard
Displays a list of the current alarm conditions, if any.
Possible alarm conditions include:
Alarm: Management Address Conflict
Alarm: Failed Selftest
Alarm: System Error
Alarm: DSL Handshake Failure
No alarm condition is set
Alarm condition reverts to Normal when the problem has been corrected.
show arp
Minimum Access Level: Operator
Command Mode: Standard
Sample show arp display:
ip-addr
x.x.x.xxx:xx:xx:xx:xx:xxxxxx xxxx
NOTES:
– Timeout value shown is the actual time left for the specific entry.
– For configured static entries, the timeout value shown is Static.
– Status is Complete or Incomplete.
MAC addr timeout (min) status
show arp timeout
Minimum Access Level: Operator
Command Mode: Standard
Sample show arp timeout display:
ARP – timeout for complete=xx min. timeout for incomplete=xx sec.
A-24 November 20036300-A2-GB20-10
Page 99
A. Command Line Interface
Table A-17. Show Commands (2 of 10)
show bridge
Minimum Access Level: Operator
Command Mode: Standard
Displays the bridge configuration and forwarding database.
* NAT disabled only appears when both forms of NAT are disabled.
show console
Minimum Access Level: Operator
Command Mode: Standard
Displays either console enabled orconsole disabled.
6300-A2-GB20-10November 2003
A-25
Page 100
A. Command Line Interface
Table A-17. Show Commands (3 of 10)
show dhcp relay
Minimum Access Level: Operator
Command Mode: Standard
Displays the DHCP relay agent’s current status and configuration.
Sample show dhcp relay display:
DHCP relay – {enabled | disabled }
DHCP relay – server ip-addr: x.x.x.x
Maximum number of DHCP relay clients: xxx
show dhcp server
Minimum Access Level: Operator
Command Mode: Standard
Displays the DHCP relay’s current status and configuration.
Sample show dhcp server display:
DHCP server {enabled | disabled }
DHCP server host name: name
DHCP server address range: lower ip-addr x.x.x.x
upper ip-addr x.x.x.x
DHCP server - subnet mask option: x.x.x.x
DHCP server - router option: x.x.x.x
DHCP server - DNS name server option: x.x.x.x[, x.x.x.x]
DHCP server - lease time: minimum xxxx minutes
maximum xxxx minutes
DHCP server bindings:
ip-addr MAC addr Lease time(min)