SpeedTouch™620
Wireless Business DSL Routers
Operator’s Guide
Power
Ethernet
N
LA
N
W
Plug-in
ISD
DSL
Internet
SpeedTouch™
620
Operator’s Guide
Copyright
Copyright ©1999-2006 THOMSON. All rights reserved.
Distribution and copying of this document, use and communication of its contents is not permitted without written authorization
from THOMSON. The content of this document is furnished for informational use only, may be subject to change without notice,
and should not be construed as a commitment by THOMSON. THOMSON assumes no responsibility or liability for any errors or
inaccuracies that may appear in this document.
Thomson Telecom Belgium
Prins Boudewijnlaan, 47
B-2650 Edegem
Belgium
www.speedtouch.com
Trademarks
The following trademarks are used in this document:
SpeedTouch™ is a trademark of THOMSON.
Bluetooth® word mark and logos are owned by the Bluetooth SIG, Inc.
Ethernet™ is a trademark of Xerox Corporation.
Wi-Fi® and the Wi-Fi logo are registered trademarks of the Wi-Fi Alliance. "Wi-Fi CERTIFIED", "Wi-Fi ZONE", "Wi-Fi Alli-
ance", their respective logos and "Wi-Fi Protected Access" are trademarks of the Wi-Fi Alliance.
UPnP™ is a certification mark of the UPnP™ Implementers Corporation.
Microsoft®, MS-DOS®, Windows® and Windows NT® are either registered trademarks or trademarks of Microsoft Corpo-
ration in the United States and/or other countries.
Apple® and Mac OS® are registered trademarks of Apple Computer, Incorporated, registered in the United States and
other countries.
UNIX® is a registered trademark of UNIX System Laboratories, Incorporated.
Adobe®, the Adobe logo, Acrobat and Acrobat Reader are trademarks or registered trademarks of Adobe Systems, Incor-
porated, registered in the United States and/or other countries.
Netscape® and Netscape Navigator® are registered trademarks of Netscape Communications Corporation.
Other brands and product names may be trademarks or registered trademarks of their respective holders.
Document Information
Status: v1.0 (January 2006)
Reference: E-DOC-CTC-20051017-0155
Short Title: Operator’s Guide ST620 R5.4
Contents
Contents
1 Introduction ................................................................... 3
2 SpeedTouch™ Command Line Interface .................... 5
2.1 About the CLI Interface.................................................................. 5
2.2 CLI Access via Telnet or Serial Console......................................... 6
2.3 Basic Navigation ............................................................................ 7
2.4 Command Line Interface Commands ........................................... 10
2.5 Menu-driven CLI Navigation......................................................... 13
3 SpeedTouch™ System Software ..............................15
3.1 About the System Software......................................................... 15
3.2 System Software Management via FTP ....................................... 16
3.2.1 Backup System Software via FTP................................................................................. 17
3.2.2 Upgrade or Restore System Software via FTP............................................................ 19
3.2.3 Manual System Software Management via BOOTP/TFTP server.............................. 23
4 SpeedTouch™ Configuration Management............. 25
4.1 Configuration Management via the SpeedTouch™ Web Interface26
E-DOC-CTC-20051017-0155 v1.0
4.2 Configuration Management via Telnet......................................... 30
4.3 The :Config CLI Command Group ................................................ 31
4.3.1 Back up Configurations via FTP.................................................................................... 33
4.3.2 Store Configurations via FTP........................................................................................35
i
Contents
4.4 SpeedTouch™ Service Templates ................................................ 40
4.5 SpeedTouch™ System Languages Management .......................... 41
5 SpeedTouch™ Software Modules............................. 45
5.1 Software Activation Key Management ........................................ 46
6 SpeedTouch™ System Services................................ 49
6.1 SpeedTouch™ Dynamic DNS ....................................................... 50
6.2 The SpeedTouch™ SNTP Client ................................................... 56
6.3 Website Filtering .......................................................................... 60
6.3.1 The Website Filtering Configuration Pages.................................................................62
6.3.2 How to Verify the Filtering Configuration....................................................................63
6.3.3 How to Activate a Web Filtering License ..................................................................... 65
6.3.4 Configuring the Actions for Uncategorised Sites ....................................................... 66
6.3.5 How to Create an Address Based Filter .......................................................................67
6.3.6 How to Create a Content Based Filter .......................................................................... 68
6.3.7 How to Create a Content Level .....................................................................................69
6.4 Intrusion Detection and Protection ............................................. 71
6.5 Remote Assistance....................................................................... 72
7 The SpeedTouch™ File System................................. 75
ii
E-DOC-CTC-20051017-0155 v1.0
Contents
8 SpeedTouch™ Remote Access .................................. 79
8.1 Remote Web Interface Access ..................................................... 81
8.2 Secure Remote Web Interface Access ......................................... 84
8.3 Remote Telnet Access.................................................................. 88
8.4 Remote SSH Access ..................................................................... 91
8.5 Remote FTP Access...................................................................... 97
8.6 Remote SFTP Access ................................................................. 100
8.7 LAN Based Auto-Configuration (LAC) Support (TR-064) ............ 106
8.8 CPE WAN Management Protocol (CWMP) Support (TR-069)...... 108
9 The Integrated SpeedTouch™ ISDN Modem ......... 113
9.1 About the ISDN Modem ............................................................. 114
9.2 How to Configure the ISDN Modem........................................... 116
9.3 ISDN Backup .............................................................................. 117
9.3.1 How to Configure the ISDN Dial-In Connection ........................................................ 118
9.3.2 How to Configure the PPP Connection ......................................................................121
9.4 ISDN Callback ............................................................................ 124
9.4.1 How to Configure the ISDN Dial-In Connection ........................................................ 125
9.4.2 How to Configure the PPP Connection ......................................................................128
9.5 ISDN Remote CAPI ..................................................................... 131
E-DOC-CTC-20051017-0155 v1.0
iii
Contents
10 SpeedTouch™ Monitoring ...................................... 133
10.1 An Introduction to SNMP........................................................... 134
10.1.1 Basic Concepts.............................................................................................................135
10.1.2 MIBs Explained. ...........................................................................................................136
10.2 SNMP configuration................................................................... 139
10.2.1 How to Allow Access to the SNMP Agent .................................................................140
10.2.2 How to View the SNMP Configuration....................................................................... 141
10.2.3 How to View the System Contact, Name and Location............................................142
10.2.4 How to Configure SNMPv1......................................................................................... 143
10.2.5 How to Configure the System contact, Name and Location.................................... 145
10.2.6 How to Force the Source IP Address.......................................................................... 146
10.2.7 How to Configure the SNMP Target........................................................................... 147
10.2.8 How to Read SNMP Parameters via the CLI..............................................................149
10.2.9 How to Allow Remote SNMP......................................................................................151
10.2.10 How to Add an SNMP User......................................................................................... 152
10.2.11 How to Restrict SNMP Access .................................................................................... 157
10.2.12 How to Configure the Traps........................................................................................158
10.3 The SpeedTouch™ Syslog .......................................................... 160
10.3.1 The SpeedTouch™ Syslog Daemon ..........................................................................161
10.3.2 Syslog via the Web Interface ...................................................................................... 164
10.3.3 Syslog via the CLI ........................................................................................................166
10.3.4 Remote Syslog Notification ........................................................................................167
10.4 SpeedTouch™ Identification on AWS ........................................ 169
11 SpeedTouch™ Advanced Diagnostics .................... 171
11.1 The Office Network Web Page ................................................... 172
11.2 The Diagnostic Web Page .......................................................... 175
iv
E-DOC-CTC-20051017-0155 v1.0
Contents
11.3 Command Line Interface Diagnostics ........................................ 179
11.3.1 About CLI Diagnostics ................................................................................................. 180
11.3.2 Lower Layer Diagnostics .............................................................................................181
11.3.3 Router Services Diagnostics ....................................................................................... 184
11.3.4 Routing Diagnostics..................................................................................................... 186
11.3.5 Ethernet Diagnostics.................................................................................................... 189
11.3.6 Management Diagnostics ........................................................................................... 191
12 SLA Monitoring. ........................................................ 193
13 Resetting the SpeedTouch™ ...................................203
E-DOC-CTC-20051017-0155 v1.0
v
Contents
vi
E-DOC-CTC-20051017-0155 v1.0
Used Symbols
About this Operator’s Guide
A note provides additional information about a topic.
A tip provides an alternative method or shortcut to perform an action.
A caution warns you about potential problems or specific precautions that
!
need to be taken.
About this Operator’s Guide
Terminology
Typographical
Conventions
Documentation and
software updates
Generally, the SpeedTouch™620 will be referred to as SpeedTouch™ in this
Operator’s Guide.
When we display interactive input and output we’ll show our typed input in a
bold font and the computer output
Comments are added in italics.
Example:
=>language list
CODE LANGUAGE VERSION FILENAME
en* english 4.2.0.1 <system>
THOMSON continuously develops new solutions, but is also committed to improve
its existing products.
For more information on THOMSON's latest technological innovations, documents
and software releases, visit us at:
like this.
Only one language is available
www.speedtouch.com
E-DOC-CTC-20051017-0155 v1.0
1
About this Operator’s Guide
2
E-DOC-CTC-20051017-0155 v1.0
1Introduction
Overview Being a key component of your business network, a good operation of the
SpeedTouch™ is essential to gain maximum performance of your DSL connectivity.
Continuous management and diagnosis of the SpeedTouch™ should be performed
to ensure a faultless operation of the SpeedTouch™, 24hours a day, 7 days a week.
As such the SpeedTouch™ can be perfectly embedded in high quality networks.
Applicability This Operator’s Guide applies to the SpeedTouch™620 Wireless Business DSL
Router.
Contents This Operator’s guide consists of 2 major parts:
Configuration:
How to manage the SpeedTouch™ system configuration.
The SpeedTouch™ Command Line Interface.
How to manage the SpeedTouch™ system software.
How to activate software modules with activation keys.
How to configure the SpeedTouch™ system services.
The SpeedTouch™ file system.
How to access the SpeedTouch™ remotely.
How to use the integrated ISDN Modem of SpeedTouch™.
Monitoring and debugging:
How to monitor the SpeedTouch™.
How to identify the SpeedTouch™ with AWS.
The SpeedTouch™ Advanced Diagnostics.
SLA Monitoring.
How to reset the SpeedTouch™ to defaults.
Chapter 1
Introduction
E-DOC-CTC-20051017-0155 v1.0
3
Chapter 1
Introduction
4
E-DOC-CTC-20051017-0155 v1.0
2 SpeedTouch™ Command Line Interface
2.1 About the CLI Interface
CLI access You can access the Command Line Interface via:
The SpeedTouch™ CLI Web Interface
A Telnet session
The serial Console interface.
Chapter 2
SpeedTouch™ Command Line Interface
CLI web page access
requirements
CLI Telnet access
requirements
CLI serial access
requirements
To access the CLI via the SpeedTouch™ Web Interface, you need:
A TCP/IP connection between the computer and the SpeedTouch™.
A web browser on your computer. The web browser should be at least
Microsoft's Internet Explorer 4.0, Netscape's Communicator 4.06, or
equivalent. The web browser must support Java Script.
To access the CLI via an IP Telnet session, you need:
A TCP/IP connection between the computer and the SpeedTouch™.
A Telnet application on the computer.
All popular, recent Operating Systems feature a built-in telnet application.
To access the CLI via the serial Console port, you need:
A cable.
A terminal application that you can use to connect to other devices.
Example: Hilgraeve’s Hyperterminal application delivered with MS Windows
OSs.
The following application’s Port settings:
9600 bits per second
8 data bits
No parity
One stop bit
No Flow control
ANSI terminal emulation
E-DOC-CTC-20051017-0155 v1.0
5
Chapter 2
SpeedTouch™ Command Line Interface
2.2 CLI Access via Telnet or Serial Console
Access via a Telnet
session or serial
console
As soon a session to the CLI is opened, a banner pops up, followed by the CLI
prompt:
-----------------------------------------------------------------------
______ SpeedTouch 620
___/_____/\
/ /\ 5.4.0.10
_____/__ / \
_/ /\_____/___ \ Copyright (c) 1999-2005, THOMSON
// / \ /\ \
_______//_______/ \ / _\/______
/ / \ \ / / / /\
__/ / \ \ / / / / _\__
/ / / \_______\/ / / / / /\
/_/______/___________________/ /________/ /___/ \
\ \ \ ___________ \ \ \ \ \ /
\_\ \ / /\ \ \ \ \___\/
\ \/ / \ \ \ \ /
\_____/ / \ \ \________\/
/__________/ \ \ /
\ _____ \ /_____\/
\ / /\ \ /___\/
/____/ \ \ /
\ \ /___\/
\____\/
-----------------------------------------------------------------------
If the SpeedTouch™ is protected by a system password, authentication will be
required before access is granted to the CLI.
6
E-DOC-CTC-20051017-0155 v1.0
2.3 Basic Navigation
Chapter 2
SpeedTouch™ Command Line Interface
Command group
navigation
From the top level, you can change to a command group by executing the name of
the desired command group (for example type the name of the command group
and press ENTER).
To obtain a list of all available command groups, use the
help command from the
top level:
=>:help
Following commands are available :
help : Displays this help information
menu : Displays menu
? : Displays this help information
exit : Exits this shell.
.. : Exits group selection.
saveall : Saves current configuration.
ping : Send ICMP ECHO_REQUEST packets.
traceroute : Send ICMP/UDP packets to trace the ip path.
telnet : Open a telnet connection to a server.
Following command groups are available :
firewall service autopvc connection cwmp
dhcp dns dsd dyndns eth
expr ids igmp ip isdn
adsl atm capi config debug
env hostmgr interface ipqos label
language mbus memm mlp nat
ppp pptp rcapi router script
sla snmp sntp software ssh
syslog system tunnel upnp user
wireless
The exact list of available command groups depends on the type of
SpeedTouch™, the number and kind of activated software modules and on
the current version of the SpeedTouch™ System software.
To return to top level, or to go up one level (in case of nested command groups),
type two dots and press ENTER.
E-DOC-CTC-20051017-0155 v1.0
7
Chapter 2
SpeedTouch™ Command Line Interface
Help You can use help or ? from any level to list all available commands and command
groups for that level. Below an example is provided of executing help from the
firewall command group selection:
=>:firewall help
Following commands are available :
config : Display/Modify firewall configuration.
list : Display firewall configuration.
flush : Flush firewall configuration.
Following command groups are available :
chain debug level rule
Executing :help firewall from top level gives the same result.
Entering
list
command group selection) results in a description of the syntax for the command:
=>:help firewall list
Display firewall configuration.
Syntax : list [format = <{pretty|cli}>]
Parameters :
Executing
available CLI commands (including syntax description). If entered from within a CLI
command group, the listing of all available CLI commands from that CLI command
group (including syntax description) are shown.
help followed by a specific command, for example :help firewall
(starting from top level) or help list (entered from within the firewall
[format = <{pretty|cli}>]
The format of the firewall list.
:help all from top level will generate the complete listing of all
Command completion The CLI features command completion, which means that when starting to type a
command it can be completed by pressing TAB.
For the completion to be successful, the part already typed has to be unique.
Completion works for the command groups, for the commands and the options, but
not for values.
For example, typing the letter l at the firewall command group selection, followed
by pressing TAB results in the full command being completed. Entering
l
from top level and pressing TAB gives the same result: the command is
completed to
firewall list.
firewall
Going to the beginning
or end of a line
You can move the cursor to the beginning of the command line by pressing
"CTRL+A"; to move the cursor to the end of the Command Line press "CTRL+E".
Breaking off commands You can break off a command by pressing "CTRL+G". This can be useful in a
situation where a user wants to abort the command. This can be useful to break off
commands for which the user does not know the value of a required command
parameter.
8
E-DOC-CTC-20051017-0155 v1.0
Chapter 2
SpeedTouch™ Command Line Interface
History of Commands The CLI allows you to re-use commands you have used before during a CLI session.
To scroll through the previously used CLI commands use UP ARROW and DOWN
ARROW.
To execute a re-used command, press ENTER.
E-DOC-CTC-20051017-0155 v1.0
9
Chapter 2
SpeedTouch™ Command Line Interface
2.4 Command Line Interface Commands
Executing Commands
from the Top Level
All CLI commands are commands that operate on, or configure, the SpeedTouch™
settings.
You can use these commands from top level, preceded by the name of the
command group from which the command should be executed (for example
firewall list).
=>:firewall list
Config
======
State : disabled
Keep : disabled
TcpChecks : none
TcpWindow : 65536
UdpChecks : disabled
IcmpChecks : disabled
LogDefault : disabled
LogThreshold : enabled
Modules
=======
Module State Text Hooks
----------------------------------------------------------------------fire enabled Firewall Administration Module sink, forward,
source
host_service enabled Firewall Host Service Module forward
level enabled Firewall Level Module forward
system_service enabled Firewall System Service Module sink
=>
10
E-DOC-CTC-20051017-0155 v1.0
Chapter 2
SpeedTouch™ Command Line Interface
Executing Commands
from the Command
Group
You can also enter the commands from the command group itself, using the
reduced form of the command (for example
list at the firewall command group
selection):
=>firewall
[firewall]=>list
Config
======
State : disabled
Keep : disabled
TcpChecks : none
TcpWindow : 65536
UdpChecks : disabled
IcmpChecks : disabled
LogDefault : disabled
LogThreshold : enabled
Modules
=======
Module State Text Hooks
----------------------------------------------------------------------fire enabled Firewall Administration Module sink, for
ward, source
host_service enabled Firewall Host Service Module forward
level enabled Firewall Level Module forward
system_service enabled Firewall System Service Module sink
Executing Commands
from Anywhere
Using Partial Command
Statements
“!” in a command means NOT, for example the [!] parameter in the firewall rule
create command [
It is possible to enter a command from anywhere within the CLI, provided the
command is preceded by a colon (:) and the full command path, e.g.:
[firewall]=>:ip rtlist
Instead of typing a complete command with all of its required and optional
parameters and pressing ENTER, you can also enter the command itself, without
specifying any parameter. If all parameters are optional, the command is executed
immediately, assuming default values for all parameters. In case the CLI command
features required parameters, you are prompted to complete the command with the
required (and the optional, if present) parameters. For optional parameters you can
simply press ENTER without giving a value (to assume default value). In case the
parameter provides preset values, you can scroll through these via the UP and
DOWN arrow keys. For example, the
values enabled and disabled:
=>:ip ipadd
intf = lan1
addr = 10.1.5.31
[netmask] = 8
[pointopoint] =
[addroute] = enabled
:ip ipadd intf=lan1 addr=10.1.5.31/8 addroute=enabled
srcintf [!]= <string>] parameter.
addroute parameter below has two preset
E-DOC-CTC-20051017-0155 v1.0
11
Chapter 2
SpeedTouch™ Command Line Interface
Saving the configuration After configuring the SpeedTouch™ via the CLI, it is advised to save your
configuration.
You can save the complete SpeedTouch™ configuration to persistent memory by
executing the
saveall command can be entered from any CLI prompt.
The
saveall command.
12
E-DOC-CTC-20051017-0155 v1.0
Chapter 2
SpeedTouch™ Command Line Interface
2.5 Menu-driven CLI Navigation
Introduction To improve the user-friendliness of the SpeedTouch™ CLI, the CLI features a menu-
driven interface.
Entering the CLI menu To enter the menu-driven interface, simply enter the command menu from the CLI
prompt:
The semi-graphical CLI offers you an attractive and easy-to-use configuration
environment for the CLI.
You can browse through the CLI command groups via the arrow keys. Pressing
ENTER executes your selection, i.e. for entering a CLI command group. From each
level you can select .. and press ENTER to go up one level.
Use TAB to change from the command menu to the control menu (the lower bar of
the menu) and vice versa.
Executing commands To setup a CLI command, simply press ENTER on its name. You can configure and
overview its various parameters at once. In case the parameter provides preset
values, scroll through the available values via the UP and DOWN arrow keys. If you
are satisfied with all parameter values, use TAB to select
execute the command:
Saving the configuration after configuring the SpeedTouch™ via the CLI, it is
advised to save your configuration.
Save the complete SpeedTouch™ configuration to persistent memory by executing
<OK> and press ENTER to
saveall after exiting the menu-driven CLI via <Cancel> from root menu.
E-DOC-CTC-20051017-0155 v1.0
13
Chapter 2
SpeedTouch™ Command Line Interface
14
E-DOC-CTC-20051017-0155 v1.0
3 SpeedTouch™ System Software
3.1 About the System Software
Chapter 3
SpeedTouch™ System Software
Upgrade system
software
System software
packages and security
For new system software packages, you can visit the SpeedTouch™ support pages
at: http://www.speedtouch.com
All SpeedTouch™ system software packages are:
Digitally signed and encrypted:
Packages that may have become corrupted, or have been altered in any way,
will not be accepted by the SpeedTouch™.
Specific per product.
This way, the SpeedTouch™, or its service can never be corrupted or lost.
E-DOC-CTC-20051017-0155 v1.0
15
Chapter 3
SpeedTouch™ System Software
3.2 System Software Management via FTP
FTP access For more information on the SpeedTouch™ file system and how to access
it via FTP, see “7 The SpeedTouch™ File System” on page 75.
SpeedTouch™ system
software locations
Overview This section covers the following topics:
The SpeedTouch™ file system consists of two subdirectories: ‘/active’ and ‘/ dl’.
In the ‘/active’ subdirectory the currently running system software (the active
software version) is stored. The ‘/dl’ subdirectory stores the dormant system
software (the passive software version).
There are SpeedTouch™ devices where only the ‘/dl’ directory exist (single
directory file system).
In case no SpeedTouch™ system software upgrade was performed before, both
active and passive software will be the same.
Full read/write access is only granted in the ‘/dl’ subdirectory.
Topic See Page
“3.2.1 Backup System Software via FTP” 17
“3.2.2 Upgrade or Restore System Software via FTP” 19
“3.2.3 Manual System Software Management via BOOTP/
TFTP server”
23
16
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ System Software
3.2.1 Backup System Software via FTP
Introduction For backup reasons, you can transfer system software files from both
SpeedTouch™’s ‘/active’ and ‘/dl’ subdirectories to your local disk.
Backup procedure To transfer system software files from the SpeedTouch™ to your local disk as
backup, proceed as follows:
Step Action
Chapter 3
1
Open an FTP session to the SpeedTouch™. At the user name prompt,
enter a user name and at the password prompt, if applicable, the
Password (see “The Multi Level Access Policy Configuration Guide” for
more information):
C:\>ftp <SpeedTouch™ IP address>
Connected to <SpeedTouch™ IP address>.
220 Inactivity timer = 120 seconds. Use 'site idle <secs>' to
change.
User (<SpeedTouch™ IP address>:(none)): JohnDoe
331 SpeedTouch (00-90-D0-01-02-03) User 'JohnDoe' OK. Password
required.
Password:#####
230 OK
ftp>
2 Enter binary file transfer mode. Optionally you can enable hashing:
ftp> bin
200 TYPE is now 8-bit binary
ftp> hash
Hash mark printing On ftp: (2048 bytes/hash mark).
ftp>
3 Change to the SpeedTouch™ subdirectory from which you want to get
the system software file from. In the example below the ‘/dl’
subdirectory is chosen where the currently running - and usually most
recent - system software file is stored:
E-DOC-CTC-20051017-0155 v1.0
ftp>cd dl
250 Changed to /dl
ftp>
17
Chapter 3
SpeedTouch™ System Software
Step Action
4 To identify the system software file name, use the quote site
software version
ftp> quote site software version
200- Flash image : 5.4.0.10.0
200- Active SW : ZZUIAA5.40A (5.4.0.a.0)
200- Passive SW : ZZUIAA5.40A (5.4.0.a.0)
200200 CLI command "software version" executed
You can also check for the system software file by making a listing of the
subdirectory’s contents:
ftp> dir
200 Connected to 192.168.1.60 port 1312
150 Opening data connection for /bin/ls
-rwxrwxrwx 1 0 0 3601488 Jun 29 1971 ZZUIAA5.40A
-rwxrwxrwx 1 0 0 20 Jun 29 1971 start.cmd
-r--r--r-- 1 0 0 9 Jun 29 1971 seed.dat
-r--r--r-- 1 0 0 790 Jun 29 1971 sslcert.pem
-r--r--r-- 1 0 0 963 Jun 29 1971 sslkey.pem
-r--r--r-- 1 0 0 692 Jun 29 1971 sshdsa.pem
-rwxrwxrwx 1 0 0 93013 Jun 29 1971 user.ini
226 Options: -l : 7 matches total
ftp: 466 bytes received in 0,00Seconds 466000,00Kbytes/sec.
command:
5 Get the system software file:
ftp> get ZZUIAA5.40A
200 Connected to 192.168.1.60 port 1315
150 Opening data connection for ZZUIAA5.40A (3601488)
226 File transfer complete
ftp: 3601488 bytes received in 5,92Seconds 608,46Kbytes/sec.
ftp>
As a result the system software file will be stored on the location from where you
started the FTP session.
18
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ System Software
3.2.2 Upgrade or Restore System Software via FTP
Chapter 3
Upgrade/Restore
procedure
The procedure to upgrade or restore the SpeedTouch™ system software consists of
three main steps:
Step Action
1
2 Mark system software file as Passive Software Version
3 Activate the upgrade/ restored system software
Transfer system software to the SpeedTouch™
E-DOC-CTC-20051017-0155 v1.0
19
Chapter 3
SpeedTouch™ System Software
Transfer system
software to the
SpeedTouch™
To transfer a system software file stored on your local disk to the SpeedTouch™,
proceed as follows:
Step Action
1
Open an FTP session to the SpeedTouch™. At the user name prompt,
enter a user name. At the password prompt, if applicable, enter the
SpeedTouch™ system password (see “The SpeedTouch™ Multi Level
Password Configuration Guide”):
C:\>ftp <SpeedTouch™ IP address>
Connected to <SpeedTouch™ IP address>.
220 Inactivity timer = 120 seconds. Use 'site idle <secs>' to
change.
User (<SpeedTouch™ IP address>:(none)): JohnDoe
331 SpeedTouch (00-90-D0-01-02-03) User 'JohnDoe' OK. Password
required.
Password:#####
230 OK
2 Enter binary file transfer mode. Optionally you can enable hashing:
ftp> bin
200 TYPE is now 8-bit binary
ftp> hash
Hash mark printing On ftp: (2048 bytes/hash mark).
3 Change to the SpeedTouch™ ‘/dl’ subdirectory:
ftp>cd dl
250 Changed to /dl
4 Use the quote site software version command to check
whether a passive system software version is stored in the ‘/dl’
subdirectory :
ftp> quote site software version
200- Flash image : 5.4.0.10.0
200- Active SW : ZZUIAA5.40A (5.4.0.a.0)
200- Passive SW : ZZUIAA5.40A (5.4.0.a.0)
200200 CLI command "software version" executed
5 In case a passive software version is found, use the quote site
software deletepassive
ftp> quote site software deletepassive
200- Flash image : 5.4.0.10.0
200- Active SW : ZZUIAA5.40A (5.4.0.a.0)
200- Passive SW : --200200 CLI command "software deletepassive" executed
command to delete it:
20
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ System Software
Step Action
6 Put the upgrade system software to the SpeedTouch™ ‘/dl’ subdirectory:
ftp> put ZZUIAA5.411
200 Connected to 192.168.1.254 port 3638
150 Opening data connection for ZZUIAA5.411
226-Filesystem data garbage collection in progress. This may
take
a while ...
226 File written successfully
ftp: 2314257 bytes sent in 5.05Seconds 464.90Kbytes/sec.
As a result the system software file is stored on the ‘/dl’ subdirectory of the
SpeedTouch™. In addition, the SpeedTouch™ will automatically clean its file
system.
Chapter 3
E-DOC-CTC-20051017-0155 v1.0
21
Chapter 3
SpeedTouch™ System Software
Mark system software
file as Passive Software
Version
Activate the upgrade/
restored system
software
You must identify the system software you transferred to the SpeedTouch™ ‘/dl’
subdirectory as passive software version to allow the SpeedTouch™ to mark the file
as system software.
Proceeding from the same FTP session you opened to transfer the file, use the
quote site software setpassive file=<file name> command, where
<file name> represents the name of the system software file you transferred via the
previous procedure:
ftp> quote site software setpassive file=ZZUIAA5.411
200- Flash image : 5.4.0.10.0
200- Active SW : ZZUIAA5.40A (5.4.0.a.0)
200- Passive SW : ZZUIAA5.411 (5.4.0.a.0)
200200 CLI command "software version" executed
ftp>
To activate the upgrade or restored system software, the same mechanism as used
via the Web Interface is valid: the system software files are switched.
Proceeding from the same FTP session you opened in the previous procedures, use
quote site software switch command to restart the SpeedTouch™ and
the
activate the newly uploaded upgrade system software:
ftp> quote site software switch
200Connection closed by remote host.
ftp>
During restart, the SpeedTouch™ will switch the passive and active system
software files and mark the newly uploaded system software as active software
version.
Due to the restart of the SpeedTouch™ any open FTP or Telnet session will be
closed.
22
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ System Software
3.2.3 Manual System Software Management via BOOTP/TFTP server
Chapter 3
System software
management
The SpeedTouch™ system software can also be updated based on BOOTP, a
standard mechanism used for booting diskless stations.
The SpeedTouch™ Upgrade Wizard is based on a BOOTP/TFTP server. For
more information on how to upgrade the SpeedTouch™ using its Upgrade
wizard, please see the User’s Guide.
The SpeedTouch™ is able to be placed in BOOTP mode, allowing a BOOTP/TFTP
server to manage the SpeedTouch™ file system, allowing the SpeedTouch™ to
fetch the upgrade files from the BOOTP/TFTP server.
Important note It is recommended only to use the procedure described below in case you are
familiar with the use of a BOOTP/TFTP server, and the mechanisms on which
BOOTP is based.
Upgrading the system software via the procedure described below will reset the
SpeedTouch™ to its factory default settings. Therefore, prior to performing an
upgrade of the system software it is recommended to back up the SpeedTouch™
configuration.
Before you start You need a third party BOOTP/TFTP server installed on the computer from which
you want to perform the SpeedTouch™ system software upgrade.
Make sure that your computer is connected to the SpeedTouch™ via Ethernet. In
case of a SpeedTouch™ with USB connectivity, please disconnect the USB
interface, if used, to avoid communication errors during the system software
upgrade.
It is not possible to upgrade your SpeedTouch™ via a wireless connection!
!
You will need the SpeedTouch™ Medium Access Control (MAC) address of your
SpeedTouch™ device.
Make sure a valid SpeedTouch™ system software image file is available on your
local disk.
E-DOC-CTC-20051017-0155 v1.0
23
Chapter 3
SpeedTouch™ System Software
Procedure To upgrade/restore the SpeedTouch™ system software:
Step Action
1
Make sure that your SpeedTouch™ is powered off and that a BOOTP/
TFTP server is readily installed on the computer from which you intend
to perform the system software upgrade
2 Configure the BOOTP/TFTP server to use the SpeedTouch™ system
software image file in its reply to BOOTP requests from the
SpeedTouch™ you want to upgrade.
3 To identify the BOOTP requests from the SpeedTouch™, you will need to
specify its MAC address and define an IP range for basic communication
between the BOOTP/TFTP server and the SpeedTouch™.
4 Set the SpeedTouch™ in BOOTP by executing the :software upgrade CLI
command:
=>:software upgrade
The SpeedTouch™ is in BOOTP mode when the power LED is solid
orange.
5 The BOOTP/TFTP server will reply to the BOOTP requests and will
perform the required operations to allow the system software to be
fetched by the SpeedTouch™ via TFTP.
6 After checking whether the received system software is valid for the
device, the SpeedTouch™ will start in normal operational mode to
complete the upgrade.
This step can take some time to complete.
The upgrade process can be followed via a serial console!
24
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ Configuration Management
4 SpeedTouch™ Configuration Management
Chapter 4
Saving the
configuration
Backing up
configurations
Storing and restoring
multiple configurations
Whenever the configuration of the SpeedTouch™ has been altered in any way, with
the intention to keep this configuration, you should save it.
Whenever you alter the configuration of the SpeedTouch™ via the basic
Web Interface, all changes are saved automatically.
You can save the configuration manually in two ways:
Click Save All in the Topics menu of the SpeedTouch™ Expert Mode Web
Interface
Enter saveall from the CLI prompt.
Result:
The system creates a user.ini text file on the SpeedTouch™ ‘/dl’ subdirectory. This
file contains all CLI commands needed to reproduce the configuration present at the
moment it was saved.
You can make backup files of the SpeedTouch™ configuration for later use.
Backing up saved SpeedTouch™ configurations can be done via the SpeedTouch™
Web Interface or via FTP.
The SpeedTouch™ file system allows you to store multiple configuration files. Via
the CLI you are able to apply one of these whenever needed, without the need of
uploading a configuration file each time you want to switch to a new configuration.
E-DOC-CTC-20051017-0155 v1.0
25
Chapter 4
SpeedTouch™ Configuration Management
4.1 Configuration Management via the SpeedTouch™ Web Interface
Basic and expert mode The SpeedTouch™ features two ways of managing its configuration via the Web
Interface:
Via the basic Web Interface
Via the expert Web Interface
Backing up
configurations via the
basic Web Interface
Proceed as follows:
Step Action
1
2 Go to Home > SpeedTouch > Configuration.
3 Click Save or Restore Configuration:
Open a web browser and go to the SpeedTouch™ Web Interface.
26
4 To back up the SpeedTouch™ configuration, click Backup
Configuration Now.
5 Click Save and select a location on your local disk to store the user.ini
file.
E-DOC-CTC-20051017-0155 v1.0
Chapter 4
SpeedTouch™ Configuration Management
Restoring
configurations via the
basic Web Interface
Proceed as follows:
Step Action
1
Open a web browser and go to the SpeedTouch™ Web Interface.
2 Go to Home > SpeedTouch > Configuration.
3 Click Save or Restore Configuration:
4 Click on Browse and choose the configuration file, residing on your
local disk, you want to restore on your SpeedTouch™.
5 To restore the selected SpeedTouch™ configuration, click Restore
Configuration Now.
E-DOC-CTC-20051017-0155 v1.0
27
Chapter 4
SpeedTouch™ Configuration Management
Backing up saved configurations via the expert Web Interface
Proceed as follows:
Step Action
1
Open a web browser and go to the SpeedTouch™ Web Interface.
2 Go to expert mode.
3 Click Save All to save the current configuration.
4 Open the Update page via Home > SpeedTouch > System Update:
5 Click the Configuration Files tab and select the file you want to back
up:
28
6 Click Backup.
7 Select a location on your local disk to store the user.ini file and click
OK.
Don’t click Delete, or the SpeedTouch™ will reset to defaults and your
!
configuration will be gone.
E-DOC-CTC-20051017-0155 v1.0
Chapter 4
SpeedTouch™ Configuration Management
Restoring a
configuration via the
expert pages
Proceed as follows:
Step Action
1
Open a web browser and go to the SpeedTouch™ Web Interface.
2 Go to expert mode.
3 Open the Upgrade page via Home > SpeedTouch > System Update:
4 Click Browse to locate the configuration file on your local disk you
intend to restore. Select the file and click OK.
5 Click Upload to transfer the configuration file to the SpeedTouch™.
Be aware that by uploading a new configuration also the IP configuration of
the SpeedTouch™ may have been changed. In that case the information
logging as described above procedure will not be shown. To save the new
configuration, you must browse to the SpeedTouch™ Web Interface using
its new IP address, and click Save All.
E-DOC-CTC-20051017-0155 v1.0
29
Chapter 4
SpeedTouch™ Configuration Management
4.2 Configuration Management via Telnet
FTP access For more information on the file system of the SpeedTouch™ and how to access it
via FTP, see “7 The SpeedTouch™ File System” on page 75.
SpeedTouch™
configuration files
The SpeedTouch™’s last saved configuration is stored in the SpeedTouch™ ‘/dl’
subdirectory of the SpeedTouch™ file system.
There may be a user.ini file present in the system’s ‘/active’ subdirectory.
However, this user.ini only contains the saved configuration created before
your latest software switch-over, and hence may be not up-to-date.
Therefore never use this user.ini file for backup reasons.
Full read/write access is only granted in the ‘/dl’ subdirectory.
30
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ Configuration Management
4.3 The :Config CLI Command Group
Introduction The config CLI command group allows the management of SpeedTouch™
configurations.
Following CLI commands are available in the config CLI command group:
=>:help config
Following commands are available :
save : Store current configuration to backup file
load : Load saved or default configuration.
delete : Delete a user configuration file.
flush : Flush the loaded configuration.
list : Show the current configuration set
dump : Show the saved configuration file
=>
Chapter 4
:config CLI commands Below the CLI commands available for SpeedTouch™ configurations are shortly
described. For more information, see the “SpeedTouch™ CLI Reference Guide”.
:config save
Allows to save the current configuration of the SpeedTouch™ to a user.ini file
in the ‘/dl’ subdirectory
:config backup filename = <user configuration filename>
Allows to save the current configuration of the SpeedTouch™ to a
configuration file in the ‘/dl’ subdirectory. You are able to choose a filename of
your own choice for the backup file.
:config dump
Allows to view a dump of the stored user.ini file.
E-DOC-CTC-20051017-0155 v1.0
31
Chapter 4
SpeedTouch™ Configuration Management
Applying a configuration
stored on the
SpeedTouch™
To activate a configuration file, stored on the SpeedTouch™ ‘/dl’ subdirectory, the
CLI command
:config load is used.
Following CLI commands are available in the config load CLI command group:
=>:help config load
Load saved or default configuration.
Syntax : load [load_ip = <{disabled|enabled}>]
ed}>]
Parameters :
[load_ip = <{disabled|enabled}>]
Load IP settings or not.
[defaults <{disabled|enabled}>]
Load default instead of saved configuration.
[flush = <{enabled|disabled}>]
Flush current configuration before loading new one.
[echo = <{disabled|enabled}>]
Echo each command string when loaded.
[filename = <string>]
Configuration filename.
[defaults <{disabled|enabled}>] [flush = <{enabled|disabl
[echo = <{disabled|enabled}>] [filename = <string>]
Following parameters are available:
load_ip = <{no|yes}>
Allows you to define whether the current IP configuration should be preserved
(no), or the IP configuration as defined in the loaded configuration file should
be applied (yes). If not specified, load_ip=no.
defaults = <{no|yes}>
Allows you to reset the SpeedTouch™ to its default configuration (yes). If not
specified, defaults=no. To restore a configuration file, do not use this
parameter.
flush = <{yes|no}>
Allows you to define whether the SpeedTouch™ should flush its current
configuration before loading the new one (yes). By default, and if not specified
flush = yes, the new loaded configuration is exclusively applied to the
SpeedTouch™. If you specify flush = no, the new loaded configuration is
appended to the existing current configuration. The latter may result in an
unexpected behaviour of the SpeedTouch™.
echo = <{no|yes}>
Allows you to specify whether to echo each command string loaded from the
new configuration file (yes) or not (no). If not specified, echo=no.
filename = <string>
Allows you to specify the name of the configuration file to load, in case it is
different from user.ini. If not specified, the SpeedTouch™ will assume the file
name to be user.ini. It is also possible to load a script file (.sts) with the config
load command.
When loading a config file, the file is loaded to memory. However, to
make the configuration persistent you need to click saveall to save the
configuration.
32
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ Configuration Management
4.3.1 Back up Configurations via FTP
Introduction For backup reasons, you can transfer configuration files from both the
SpeedTouch™ ‘/active’ and ‘/dl’ subdirectories to your local disk.
Remind that a user.ini file in the system’s ‘/active’ subdirectory may contain
an old saved configuration created before your latest software switch over.
Backup procedure To backup the current SpeedTouch™ configuration to your local disk as backup
user.ini file, proceed as follows:
Step Action
Chapter 4
1
Open an FTP session to the SpeedTouch™. At the user name prompt,
enter a user name and at the password prompt, the password (see
“The SpeedTouch™ Multi Level Access Policy Configuration Guide”
for more information):
C:\>ftp <SpeedTouch™ IP address>
Connected to <SpeedTouch™ IP address>.
220 Inactivity timer = 120 seconds. Use 'site idle <secs>' to
change.
User (192.168.1.254:(none)): root
331 SpeedTouch Password required.
Password:
230 OK
ftp>
2 If required, save the current SpeedTouch™ configuration via the quote
site saveall command:
3
ftp> quote site saveall
200200 CLI command "saveall" executed
4 Enter binary file transfer mode. Optionally you can enable hashing:
ftp> bin
200 TYPE is now 8-bit binary
ftp> hash
Hash mark printing On ftp: (2048 bytes/hash mark).
E-DOC-CTC-20051017-0155 v1.0
5 Change to the SpeedTouch™ ‘/dl’ subdirectory from which you want to
get the latest configuration file from:
ftp>cd dl
250 Changed to /dl
33
Chapter 4
SpeedTouch™ Configuration Management
Step Action
6 Optionally, you can make a listing of the subdirectory’s contents:
ftp> dir
200 Connected to 192.168.1.254
150 Opening data connection for /bin/ls
-rwxrwxrwx 1 0 0 20 Jun 29 1971 start.cmd
-rwxrwxrwx 1 0 0 2952448 Jun 29 1971 ZZUIAA5.314
-r--r--r-- 1 0 0 9 Jun 29 1971 seed.dat
-r--r--r-- 1 0 0 729 Jun 29 1971 sslcert.pem
-r--r--r-- 1 0 0 908 Jun 29 1971 sslkey.pem
-r--r--r-- 1 0 0 692 Jun 29 1971 sshdsa.pem
-rwxrwxrwx 1 0 0 66920 Jun 29 1971 user.ini
-rw-rw-rw- 1 0 0 4056 Jun 29 1971 user.tpl
-rw-rw-r-- 1 0 0 34633 Jun 29 1971 security.cfg
226 Options: -l : 9 matches total
ftp: 600 bytes received in 0,00Seconds 600000,00Kbytes/
sec.ftp: 400 bytes received in 0.01Seconds 40.00Kbytes/sec.
The configuration you saved in step 2 is stored in the user.ini file.
Other configuration files (stored via the
:config save and
:config backup CLI commands) may be found.
7 Get the configuration file (in the example the saved configuration file
user.ini is backed up):
ftp> get user.ini
200 Connected to 192.168.1.254 port 1693
150 Opening data connection for user.ini (12016)
#####
226 File transfer complete
ftp: 12016 bytes received in 0.02Seconds 600.80Kbytes/sec.
As a result the configuration file, containing a saved SpeedTouch™ configuration
will be stored on the location from where you started the FTP session.
34
E-DOC-CTC-20051017-0155 v1.0
4.3.2 Store Configurations via FTP
Introduction Via the procedure described below you can:
Restore a configuration file you previously backed up via the procedure
described in “4.3.1 Back up Configurations via FTP” on page 33.
Apply a new configuration to the SpeedTouch™ by storing a new or changed
configuration file.
Store multiple SpeedTouch™ configuration and template files on the file
system for immediate use.
A configuration file has no limitations regarding the file name to be valid. However,
the SpeedTouch™ file system will truncate the full name (including the extension)
to maximum 13 characters. For example, when transferring a file
“abcdefghijklmnopqrstuvwxyz.ini” to the SpeedTouch™ file system it will be stored
as “abcdefghijklm”.
For your convenience, it is advised always to use the extension .ini for configuration
files.
Each file present in the ‘/dl’ subdirectory of the SpeedTouch™ file system must have
a unique file name.
Chapter 4
SpeedTouch™ Configuration Management
Restore/change
procedure
You can use a similar procedure as the one described here to upload and
execute script files (.sts)
The procedure to restore or load a new SpeedTouch™ configuration consists of two
main steps:
Step Action
1
Transfer the configuration file to the SpeedTouch™
2 Applying a configuration stored on the SpeedTouch™
E-DOC-CTC-20051017-0155 v1.0
35
Chapter 4
SpeedTouch™ Configuration Management
Transfer the
configuration file to the
SpeedTouch™
To transfer a SpeedTouch™ configuration file stored on your local disk to the
SpeedTouch™, proceed as follows:
Step Action
1
Open an FTP session to the SpeedTouch™. At the user name prompt,
enter a user name and at the password prompt, the password (refer
to “The SpeedTouch™ Multi Level Access Policy Configuration
Guide” for more information).
2 If required, save the current SpeedTouch™ configuration via the
quote site saveall command:
ftp> quote site saveall
200200 CLI command "saveall" executed
3 Enter binary file transfer mode. Optionally you can enable hashing:
ftp> bin
200 TYPE is now 8-bit binary
ftp> hash
Hash mark printing On ftp: (2048 bytes/hash mark).
4 Go to the SpeedTouch™ ‘/dl’ subdirectory:
ftp> cd dl
5 You can check whether a user.ini configuration file, or other
configuration files are stored in the ‘/dl’ subdirectory by making a
listing of the subdirectory’s contents:
ftp> dir
200 Connected to 192.168.1.254
150 Opening data connection for /bin/ls
-rwxrwxrwx 1 0 0 20 Jun 29 1971 start.cmd
-rwxrwxrwx 1 0 0 2952448 Jun 29 1971 ZZUIAA5.314
-r--r--r-- 1 0 0 9 Jun 29 1971 seed.dat
-r--r--r-- 1 0 0 729 Jun 29 1971 sslcert.pem
-r--r--r-- 1 0 0 908 Jun 29 1971 sslkey.pem
-r--r--r-- 1 0 0 692 Jun 29 1971 sshdsa.pem
-rwxrwxrwx 1 0 0 66920 Jun 29 1971 user.ini
-rw-rw-rw- 1 0 0 4056 Jun 29 1971 user.tpl
-rw-rw-r-- 1 0 0 34633 Jun 29 1971 security.cfg
226 Options: -l : 9 matches total
ftp: 600 bytes received in 0,00Seconds 600000,00Kbytes/
sec.ftp: 400 bytes received in 0.01Seconds 40.00Kbytes/sec.
6 In case the configuration file you intend to upload has the same
name as (one of) the configuration file(s) on the SpeedTouch™ file
system (for example user.ini), you must either:
Rename the file name, of the configuration file stored on your
local disk
Delete the file from the SpeedTouch™ file system.
7 Optionally you can clean up the SpeedTouch™’s file system via the
:software cleanup CLI command:
36
ftp> quote site software cleanup
200200 CLI command "software cleanup" executed
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ Configuration Management
Step Action
8 Put the configuration file to the SpeedTouch™ ‘/dl’ subdirectory:
ftp> put config.ini
200 Connected to 192.168.1.254 port 1657
150 Opening data connection for config.ini
##
226 File written successfully
ftp: 4472 bytes sent in 0.02Seconds 223.60Kbytes/sec.
ftp>
9 You can check whether the configuration file was stored successfully
by making a listing of the subdirectory’s contents:
ftp> dir
200 Connected to 192.168.1.254
150 Opening data connection for /bin/ls
-rwxrwxrwx 1 0 0 20 Jun 29 1971 start.cmd
-rwxrwxrwx 1 0 0 2952448 Jun 29 1971 ZZUIAA5.314
-r--r--r-- 1 0 0 9 Jun 29 1971 seed.dat
-r--r--r-- 1 0 0 729 Jun 29 1971 sslcert.pem
-r--r--r-- 1 0 0 908 Jun 29 1971 sslkey.pem
-r--r--r-- 1 0 0 692 Jun 29 1971 sshdsa.pem
-rwxrwxrwx 1 0 0 66920 Jun 29 1971 user.ini
-rw-rw-rw- 1 0 0 4056 Jun 29 1971 user.tpl
-rw-rw-r-- 1 0 0 34633 Jun 29 1971 security.cfg
-rw-rw-r-- 1 0 0 44721 Jun 29 1971 config.ini
226 Options: -l : 9 matches total
ftp: 600 bytes received in 0,00Seconds 600000,00Kbytes/
sec.ftp: 400 bytes received in 0.01Seconds 40.00Kbytes/sec.
Chapter 4
E-DOC-CTC-20051017-0155 v1.0
37
Chapter 4
SpeedTouch™ Configuration Management
Applying a configuration
stored on the
SpeedTouch™
To activate a configuration file, stored on the SpeedTouch™ ‘/dl’ subdirectory, the
CLI command
:config load is used.
Below the syntax of the config load CLI command is provided:
=>help config load
Load saved or default configuration.
Syntax : load [load_ip = <{disabled|enabled}>]
ed}>]
Parameters :
[load_ip = <{disabled|enabled}>]
Load IP settings or not.
[defaults <{disabled|enabled}>]
Load default instead of saved configuration.
[flush = <{enabled|disabled}>]
Flush current configuration before loading new one.
[echo = <{disabled|enabled}>]
Echo each command string when loaded.
[filename = <string>]
Configuration filename.
[defaults <{disabled|enabled}>] [flush = <{enabled|disabl
[echo = <{disabled|enabled}>] [filename = <string>]
Proceeding from the same FTP session you opened in the previous procedure, enter
quote site config load command to load the configuration you
the
previously put on the SpeedTouch™ file system:
ftp> quote site config load
200200 CLI command "config load" executed
For more information on the config load options, see“ Applying a
configuration stored on the SpeedTouch™” on page 32
38
E-DOC-CTC-20051017-0155 v1.0
Chapter 4
SpeedTouch™ Configuration Management
In case the file name of the configuration file is different from user.ini, you should
specify the file name. This allows you to store multiple configuration files on the
SpeedTouch™ file system, and load them when needed:
ftp> dir
200 Connected to 192.168.1.254 port 2187
150 Opening data connection for /bin/ls
-rwxrwxrwx 1 0 0 20 Jun 29 1971 start.cmd
-rwxrwxrwx 1 0 0 2952448 Jun 29 1971 ZZUIAA5.314
-r--r--r-- 1 0 0 9 Jun 29 1971 seed.dat
-r--r--r-- 1 0 0 729 Jun 29 1971 sslcert.pem
-r--r--r-- 1 0 0 908 Jun 29 1971 sslkey.pem
-r--r--r-- 1 0 0 692 Jun 29 1971 sshdsa.pem
-rwxrwxrwx 1 0 0 66920 Jun 29 1971 user.ini
-rw-rw-rw- 1 0 0 4056 Jun 29 1971 user.tpl
-rw-rw-r-- 1 0 0 34633 Jun 29 1971 security.cfg
-rw-rw-r-- 1 0 0 44721 Jun 29 1971 config.ini
-rwxrwxrwx 1 0 0 66920 Jun 29 1971 config1.ini
-rw-rw-rw- 1 0 0 4056 Jun 29 1971 config2.tpl
-rw-rw-r-- 1 0 0 34633 Jun 29 1971 config3.cfg
-rw-rw-r-- 1 0 0 44721 Jun 29 1971 test.ini
226 Options: -l : 11 matches total
ftp: 803 bytes received in 0.10Seconds 8.03Kbytes/sec.
ftp> quote site config load filename=config3.ini
200200 CLI command "config load filename=config3.ini" executed
ftp>
E-DOC-CTC-20051017-0155 v1.0
39
Chapter 4
SpeedTouch™ Configuration Management
4.4 SpeedTouch™ Service Templates
Introduction Template files are ASCII text files consisting of a set of SpeedTouch™ (embedded)
Easy Setup wizard specific commands and CLI commands.
Used by the SpeedTouch™ (embedded) Easy Setup wizard, template files allow
users to complete the configuration of the device in a convenient and
comprehensive way, without the need of manual configuration via CLI or the Web
Interface.
Delivered template files Three template files are by default delivered within the SpeedTouch™ System
software for use by means of the embedded Easy Setup wizard:
Template Description
Bridge A template to configure the SpeedTouch™ for Bridged Ethernet
WAN access (actually as an IEEE802.1D Transparent Bridge). In
this template, the DHCP Server has been disabled.
Template files on the
SpeedTouch™ file
system
Router A template to configure the SpeedTouch™ for Routed PPPoE or
PPPoA. For the local network the SpeedTouch™ acts as DHCP
server.
Routed IPoA A template to configure the SpeedTouch™ for Routed IP over
ATM. For the local network the SpeedTouch™ acts as DHCP
server.
As the default templates, are embedded in the system software, these template files
will not be present in the ‘/dl’, (or ‘/active’) subdirectories by default.
However, via FTP access you are able to upload additional template files from the
SpeedTouch™ Setup CD, or custom template files to the SpeedTouch™ ‘/dl’
subdirectory, to extend the diversity of embedded configuration possibilities and/or
to avoid the need of using the SpeedTouch™ Home Install Wizard from the CD.
Each time the SpeedTouch™ Home Install Wizard is used to configure the
device a ‘backup’ user.tpl file is created/overwritten in the ‘/dl’ subdirectory,
for future use by the embedded Easy Setup wizard.
40
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ Configuration Management
4.5 SpeedTouch™ System Languages Management
Introduction The following three actions are possible regarding the system languages.
Upload a new system language file, which can be found on the
SpeedTouch™ Setup CD, to the SpeedTouch™.
Switch between system languages via the system language bar.
Delete a system language via the SpeedTouch™ Web Interface .
Chapter 4
Uploading a new
system language
To upload a new system language, proceed as follows:
Step Action
1
2 Go to Expert Mode.
3 Open the Upload File page via Home > SpeedTouch > System Update.
4 Click Browse and select the desired system language from the
5 Click Upload to start uploading the system language on to the
Open a web browser and go to the SpeedTouch™ Web Interface.
SpeedTouch™ Setup CD.
SpeedTouch™
E-DOC-CTC-20051017-0155 v1.0
41
Chapter 4
SpeedTouch™ Configuration Management
Switch between system
languages
To switch between system languages, select the desired system language in the
system language bar.
The system language bar can be found on the top right side of the SpeedTouch™
Web Interface:
By default, the SpeedTouch™ is shipped with only one language. The
system language bar will only be shown in case more than one valid system
language is stored on the SpeedTouch™.
The system language packs are related to the system software versions!
42
E-DOC-CTC-20051017-0155 v1.0
Chapter 4
SpeedTouch™ Configuration Management
Delete a system
language
Proceed as follows:
Step Action
1
Open a web browser and go to the SpeedTouch™ Web Interface.
2 Go to the Expert Mode.
3 Open the language page via Home > SpeedTouch > System Update.
4 Click on the Language Packs tab:
5 Select the entry at the desired system language and click Delete.
6 Select Saveall to save your changes.
E-DOC-CTC-20051017-0155 v1.0
43
Chapter 4
SpeedTouch™ Configuration Management
44
E-DOC-CTC-20051017-0155 v1.0
5 SpeedTouch™ Software Modules
Chapter 5
SpeedTouch™ Software Modules
SpeedTouch™ software
module functionality
Overview Software
modules
The SpeedTouch™ comes by default with an extended set of features to provide
end-to-end connectivity over the DSL line, IP Routing, RIP, Hyper-NAT, SNMP,
Syslog, DHCP, DNS, Remote Assistance, Game & Application Sharing, UPnP, Web
Site Filtering, IDS, DSD to name just a few.
The SpeedTouch™ is able to support additional functionality on top of its basic
feature set. These additional software modules however, are not enabled by default
and must be activated by means of a software activation key.
The table below describes the possible Software Modules:
Software Modules ST620 ST608(WL) ST605
IPSec (VPN256-32)
IPSec (VPN16-4)
IPSec (VPN16-1)
ISDN
SIP PBX (SIP256)
By activating the ISDN Software Module, full throughput capability on the
ISDN interface will be enabled.
Software key - -
Software key Software key -
Software key Available -
Software key Software key -
Software key - -
E-DOC-CTC-20051017-0155 v1.0
45
Chapter 5
SpeedTouch™ Software Modules
5.1 Software Activation Key Management
The SpeedTouch™
Software Modules web
page
Via the SpeedTouch™ web interface you can easily overview the SpeedTouch™
available software activation keys and their current status:
The Software Module Status Display shows the available software modules that
can be activated via a software activation key.
For each software module, following information is provided:
Table Item Description
How to Access the
Software Modules Page
Name The name of the software module.
The name also serves as an Internet link to the SpeedTouch™
software module server from which you can acquire a software
activation key for the particular software module.
Description Describes the software module.
File In case the software module is enabled, the software key’s file
name is displayed.
Status Indicates the status of the module:
No key
Meaning that the software module is not enabled.
Key enabled
Meaning that the software module is enabled.
In expert mode, go to SpeedTouch™ > Addon.
46
E-DOC-CTC-20051017-0155 v1.0
Chapter 5
SpeedTouch™ Software Modules
Software activation key
management via the CLI
You can overview the software modules and their status and link information via
the SpeedTouch™ Command Line Interface (CLI).
See “2 SpeedTouch™ Command Line Interface” on page 5 for more information on
how to access the Command Line Interface.
:software addon list CLI command group allows you to overview the
The
current software modules, their status, and some additional information:
=>:software addon list
VPN256-32 module info :
Software key status : No Key
Filename :
Link : http://www.speedtouch.com/homeprod/addon.htm
Teaser : IPSec based VPN (256 Sessions, 32 Profiles)
VPN16-4 module info :
Software key status : No Key
Filename :
Link : http://www.speedtouch.com/homeprod/addon.htm
Teaser : IPSec based VPN (16 Sessions, 4 Profiles)
VPN16-1 module info :
Software key status : No Key
Filename :
Link : http://www.speedtouch.com/homeprod/addon.htm
Teaser : IPSec based VPN (16 Sessions, 1 Profile)
ISDN module info :
Software key status : No Key
Filename :
Link : http://www.speedtouch.com/homeprod/addon.htm
Teaser : ISDN Backup
Applying for a
software key
SIP256 module info :
To allow for a successful activation of software modules no parts of the :
addon
Software key status : No Key
Filename :
Link : http://www.speedtouch.com/homeprod/addon.htm
Teaser : SIP PBX (256 User Agents)
software
CLI command group should be changed, unless specifically instructed by
your Service Provider.
Contact your local product dealer for available software module activation
possibilities.
E-DOC-CTC-20051017-0155 v1.0
47
Chapter 5
SpeedTouch™ Software Modules
How to Install a
Software Key
How to Back Up the
Software Keys
After applying for a software key, your ISP should provide you with a software key
user name and password. Proceed as follows to install and activate the software key
via the GUI:
Step Action
1
Go to the software modules page. Refer to How to Access the
Software Modules Page.
2 Click on the software module you want to activate. You are taken to
the software key request page.
3 Enter the user name and password you received and click Request
Software Key. You will receive the software key.
4 Copy the text of the software key, and paste it into the provided
window on the Software modules page.
5 Click Add.
The user name and password remain active. If for some reason, your software keys
are lost, proceed as described above to reactivate them.
Normally, you do not need to backup the software keys; However, should you want
to do so, use ftp to transfer the software key files (.swk) to a backup location.
Disabling software
modules on the
SpeedTouch™
Under normal conditions, once a software module has been activated, there is no
reason to disable this software module again.
However, via an FTP session to the SpeedTouch™ file system you are able to create
a backup of software activation keys (files with an extension .swk, stored on the
SpeedTouch™ ‘/dl’ subdirectory), delete keys and/or restore them.
Be aware that due to a previous system software update software keys may be
residing in the SpeedTouch™ ‘/active’ directory. If so, and you want to remove these
software keys in order to prevent them to re-activate a software module in a future
system software upgrade, follow the instructions below:
1 Make sure to save your current SpeedTouch™ configuration via the
:saveall CLI command.
2 Make sure that both the active and passive system software are the same. This
can be done via the
:software duplicate CLI command.
3 Switch active and passive system software versions via the :software
switch CLI command.
4 After restart, remove the software keys (now residing in the ‘dl’ directory) via
an FTP session.
For more information on System software upgrades and management, see
“3 SpeedTouch™ System Software” on page 15. For information on SpeedTouch™
FTP access see “7 The SpeedTouch™ File System” on page 75.
48
E-DOC-CTC-20051017-0155 v1.0
6 SpeedTouch™ System Services
Overview This chapter covers the following services:
Service See
Dynamic DNS 6.1
Simple Network Time Protocol (SNTP) 6.2
Website Filtering 6.3
Intrusion Detection 6.4
Remote Assistance 6.5
Chapter 6
SpeedTouch™ System Services
E-DOC-CTC-20051017-0155 v1.0
49
Chapter 6
SpeedTouch™ System Services
6.1 SpeedTouch™ Dynamic DNS
Introduction Dynamic DNS is a mechanism, offered by several dynamic DNS service providers
(available through the Internet) that allows the mapping of a worldwide resolvable
static DNS host name to a dynamically (and temporarily) assigned public IP address
used for Internet connectivity.
This allows you to offer basic Internet services to the world wide web, through a
DNS host name, without the need for obtaining a static and worldwide unique
public IP address.
In most cases dynamic DNS service providers offer various host applications, which
run in background on a local computer and send IP address updates to a dynamic
DNS service server whenever the dynamically assigned public IP address has been
changed.
The SpeedTouch™ offers you an embedded dynamic DNS client, making the use of
third party host applications running on a local computer superfluous.
Applying for the
dynamic DNS service
Dynamic DNS client
configuration
Preparing the
SpeedTouch™ dynamic
DNS client
Before you are able to use the SpeedTouch™ dynamic DNS client functionality, you
must first apply for a dynamic DNS account (and DNS host name) at one of the
available dynamic DNS service providers available on the Internet.
The SpeedTouch™ supports by default the following dynamic DNS service
providers:
DynDNS (www.dyndns.org/services/dyndns/)
StatDNS (www.dyndns.org/services/statdns/)
No-IP (www.no-ip.com)
DtDNS (www.dtdns.com)
GnuDIP
The SpeedTouch™ dynamic DNS client service can be configured via the CLI or the
SpeedTouch™ Web Interface.
Below a short description on how to prepare your SpeedTouch™ for dynamic DNS,
using an imaginary account at the DynDNS dynamic DNS service provider using the
CLI interface.
For more in-depth information on the CLI, see “2 SpeedTouch™ Command
Line Interface” on page 5 and the “SpeedTouch™ CLI Reference Guide”.
The procedure for enabling a dynamic DNS client consists of five steps:
1 Adding a dynamic DNS host name
2 Adding a dynamic DNS client
3 Modifying the dynamic DNS client
4 Refining the dynamic DNS service settings (optional)
5 Enabling the Dynamic DNS Service.
In a preliminary step, it is assumed that the SpeedTouch™ is already
correctly configured for your Internet subscription and connected to the
Internet, and that you have obtained a valid dynamic DNS account (and
DNS host name) at a dynamic DNS service provider (in this example
DynDNS).
50
E-DOC-CTC-20051017-0155 v1.0
Chapter 6
SpeedTouch™ System Services
The SpeedTouch™ CLI
dyndns commands
The SpeedTouch™ allows configuration of its dynamic DNS client functionality via
the :dyndns CLI command group:
=>:dyndns help
Following commands are available :
add : Add a Dynamic DNS client.
modify : Modify a Dynamic DNS client.
delete : Delete a Dynamic DNS client.
flush : Delete all Dynamic DNS clients.
list : List all Dynamic DNS clients.
Following command groups are available :
host service
=>
In this command group all commands are available for adding/deleting and
configuring a dynamic DNS client.
It contains also two sub command groups:
:dyndns host
=>:dyndns host help
Following commands are available :
add : Add a fully qualified host name
delete : Delete a host name
flush : Delete all host names
list : List all host names
=>
This allows to specify one or more host name(s) corresponding to a dynamic
DNS client.
:dyndns service
[dyndns]=>:dyndns service help
Following commands are available :
modify : Modify specific DynDNS service settings
list : List all DynDNS services
=>
This allows you to view/configure the pre-configured dynamic DNS service
providers, or to create custom dynamic DNS service providers.
For a full description of the syntax of these commands, see the
“SpeedTouch™ CLI Reference Guide”.
E-DOC-CTC-20051017-0155 v1.0
51
Chapter 6
SpeedTouch™ System Services
Example dynamic DNS
subscription
Adding a dynamic DNS
host name
For this example, following dynamic DNS subscription is assumed at DynDNS
(www.dyndns.org
user name
password
Dynamic DNS host
Allow wildcards
Depending on your dynamic DNS subscription some other, more advanced
options may be required or available, e.g. multiple host names, the Mail
Exchanger (MX) host name, update interval, etc.
In a first step you must specify for which hostname(s) you want to enable the dynamic DNS service for. According to the Example dynamic DNS subscription information, following configuration must be done:
=>:dyndns host add group=MyDynDNSHost name=johndoe.dyndns.org
To allow multiple host names to be assigned to the same dynamic DNS service,
host names always reside in a group. You are free to choose a group name, it is
only used for referring to the group during CLI configuration.
):
value
JohnDoe@MyISP.com
john
johndoe.dyndns.org
yes
Adding a dynamic DNS
client
Add a dynamic DNS client entry:
=>:dyndns add name=MyDynDNS
52
E-DOC-CTC-20051017-0155 v1.0
Chapter 6
SpeedTouch™ System Services
Modifying the dynamic
DNS client
Now the dynamic DNS client must be configured according your dynamic DNS
subscription. According the Example dynamic DNS subscription information,
following configuration must be done:
=>:dyndns modify
name = MyDynDNS
[intf] = PPPoE_1
[user] = JohnDoe@MyISP.com
[password] = **** First time typing the password
Please retype password for verification.
[password] = **** Second time typing the password for
verification
[group] = MyDynDNSHost
[mx] = Left empty
[backmx] = disabled
[wildcard] = enabled
[offline] = disabled
[service] =dyndns
[status] = disabled
:dyndns modify name=MyDynDNS intf=DIALUP_PPPOE user=JohnDoe@MyISP.com
password=_DEV_2AF11E9E944667D4 group=MyDynDNSHost
The [intf] parameter requires you to select the SpeedTouch™ interface used
for your Internet connectivity.
E-DOC-CTC-20051017-0155 v1.0
53
Chapter 6
SpeedTouch™ System Services
Refining the dynamic
DNS service settings
If needed or required by the dynamic DNS service provider, you can change some
details of the dynamic DNS service.
The Example dynamic DNS subscription at DynDNS requires no changes in the
service settings, as the pre-configured settings should be adequate.
Below an overview of the default service settings per pre-configured dynamic DNS
service provider (and the custom dynamic DNS service):
=>:dyndns service list
dyndns :
server = members.dyndns.org
port = 80
request = /nic/update
update interval = 2097120s
retry interval = 30s
max retry = 3
statdns :
server = members.dyndns.org
port = 80
request = /nic/update
update interval = 0s
retry interval = 30s
max retry = 3
custom :
server = members.dyndns.org
port = 80
request = /nic/update
update interval = 0s
retry interval = 30s
max retry = 3
No-IP :
server = dynupdate.no-ip.com
port = 80
request = /ducupdate.php
update interval = 86400s
retry interval = 30s
max retry = 3
DtDNS :
server = dtdns.com
port = 80
request = /api/autodns.cfm
update interval = 86400s
retry interval = 30s
max retry = 3
gnudip :
server =
port = 80
request =
update interval = 0s
retry interval = 0s
max retry = 0
54
E-DOC-CTC-20051017-0155 v1.0
Chapter 6
SpeedTouch™ System Services
Enabling the Dynamic
DNS Service
Checking dynamic DNS
client Resolving
The Dynamic DNS Web
Page
In a final step you must enable the dynamic DNS client:
=>:dyndns modify name=MyDynDNS status=enabled
You can easily check whether the dynamic DNS client is successfully updating the
SpeedTouch™ public IP address towards the dynamic DNS service provider’s
hostserver:
=>:dyndns list
MyDynDNS : PPPoE_1 [CONNECTED]
options = dyndns wildcard
user = JohnDoe@MyISP.com password = ********
addr = 141.11.1.1
group = MyDynDNSHost
The Basic Web interface has a page on Dynamic DNS. To access this page, go to:
Basic mode > Toolbox >Dynamic DNS
This page shows the Dynamic DNS settings:
E-DOC-CTC-20051017-0155 v1.0
To change the settings and enable/disable Dynamic dns, click configure.
This page allows you to perform the following tasks:
Use dynamic DNS on multiple interfaces: configure an additional interface.
Use multiple hosts: configure an additional host.
55
Chapter 6
SpeedTouch™ System Services
6.2 The SpeedTouch™ SNTP Client
Introduction The SpeedTouch™ Simple Network Time Protocol (SNTP) client allows you to
Daylight Saving Time Because the RTC does not have an automatic daylight saving switch, you should
The RTC The SpeedTouch™ contains a battery to allow the RTC to maintain the time even
configure the SpeedTouch™ internal real-time clock (RTC), used for time-critical
operations, for example for online certificates enrolment (IPSec VPN client).
This section shortly describes the configuration and use of the SpeedTouch™ SNTP
client.
update it manually at the correct moments (twice a year).
when the device is powered off and restarts. This helps security because even when
the NTP servers are temporarily inaccessible because of a power outage or network
traffic overflow, the SpeedTouch™ has the correct time allowing to correctly
correlate syslog events from various devices and perform correct diagnosis.
The SNTP web page You can access the SpeedTouch™ SNTP page via Home > SpeedTouch > SNTP:
By default SNTP is disabled; internal clocking refers to the SpeedTouch™ up time
(i.e. the time passed since last reboot).
56
E-DOC-CTC-20051017-0155 v1.0
The Manual tab Select Manual to:
Set a date manually. (format dd/mm/yyyy)
Set a time manually. (format HH:mm:ss)
Select a geographical timezone. (from GMT-12:00 to GMT+12:00)
Enable or disable summertime.
Chapter 6
SpeedTouch™ System Services
The Manual TAB, if selected, disables the SpeedTouch™ SNTP client
!
E-DOC-CTC-20051017-0155 v1.0
57
Chapter 6
SpeedTouch™ System Services
The SNTP tab To enable the SpeedTouch™ SNTP client, select the SNTP TAB :
As long no NTP servers are configured, time will not be controlled by SNTP.
Proceed as follows to add an NTP server:
Step Action
1
Click New.
2 Enter the IP address or DNS hostname of an NTP server.
3 Specify the NTP version of the server.
4 Click Apply. This enables the SNTP client, which contacts the NTP server,
in order to synchronize the SpeedTouch™ internal clock with the NTP
server. If needed, you can correct the synchronized time by selecting
your geographical timezone, optionally by enabling or disabling
summertime
From now on, your SpeedTouch™’s internal clock will be synchronized every 5
minutes (default setting) with the NTP server.
If needed you can enter additional redundant NTP servers to ensure that the
clock always is synchronized with at least one of the provided NTP servers.
58
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ System Services
Setting the time via CLI The :system rtc settime CLI command allows you to overview the current
real-time clock settings and to configure them:
=>:system rtc settime
date = 04/07/2003
time = 10:34:55
timezone = +01:00
daylightsaving = off
=>
You can also use this CLI command to manually set the SpeedTouch™ internal realtime clock:
=>:help system rtc settime
Set/Get date, time, timezone, daylight savings time
Syntax : settime [date = <dd/mm/yyyy>] [time = <hh:mm:ss>]
[timezone = <(+ or -)hh:mm>]
[daylightsaving = <{disabled|enabled}>]
Parameters :
[date = <dd/mm/yyyy>]
Set the system date
[time = <hh:mm:ss>]
Set the system time
[timezone = <(+ or -)hh:mm>]
Set the system timezone(-12:00...+14:00 / 15 minute resolution)
[daylightsaving = <{disabled|enabled}>]
Enable/Disable daylight saving
Chapter 6
SNTP via the CLI The SpeedTouch™ SNTP client is configured via the :sntp CLI command group:
=>:sntp help
Following commands are available :
add : Add NTP server
list : List the NTP servers
delete : Delete NTP server from list
flush : Flush NTP server list and SNTP client configuration
config : Modify/Display configuration
You can use the following commands:
:sntp list
List the configured NTP servers.
:sntp add and :sntp delete
Add or delete NTP servers.
:sntp config
Enable/disable the SpeedTouch™ SNTP client and set the polling interval.
E-DOC-CTC-20051017-0155 v1.0
59
Chapter 6
SpeedTouch™ System Services
6.3 Website Filtering
About Website Filtering The website filtering feature offers you the possibility to control Internet Access by
Address Based Filtering With address based filtering, you can allow or block access to specific web sites
filtering blocking access to certain websites. The SpeedTouch™ has two methods of
controlling access to the Internet:
Method Description
Address Based Filtering Allow or block access to specific sites
based on their address.
Content Based Filtering Allow or block access to websites based on
their content.
based on their address. You can also block access to a specific site and redirect the
browser to another site.
You can do this by configuring an address filter similar to this example:
If you create a rule for a specific URL, that rule also applies to child URLs,
unless otherwise specified in the filter.
Example:
Any rule created for www.Speedtouch.com also applies to
<anything>.speedtouch.com.
60
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ System Services
Content Based Filtering With content based filtering, you can block or allow access to web sites based on
their content. To do this, you can apply a content level as filter. You can use (an, if
necessary, customize) one of the predefined content levels or create your own. The
following is an example of (part of) a content level:
Chapter 6
Note that “x” marks forbidden content while “v” marks allowed content.
Overview This section covers the following topics:
Section See Page
“6.3.1 The Website Filtering Configuration Pages” 62
“6.3.2 How to Verify the Filtering Configuration” 63
“6.3.4 Configuring the Actions for Uncategorised Sites” 66
“6.3.5 How to Create an Address Based Filter” 67
“6.3.6 How to Create a Content Based Filter” 68
“6.3.7 How to Create a Content Level” 69
E-DOC-CTC-20051017-0155 v1.0
61
Chapter 6
SpeedTouch™ System Services
6.3.1 The Website Filtering Configuration Pages
Page Overview The website filtering section of the SpeedTouch™ web interface offers three pages:
Page Description
Overview Allows you to view the filtering
configuration
Configure Allows you to configure website
filtering
Help Provides online help on Website
filtering
62
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ System Services
6.3.2 How to Verify the Filtering Configuration
Procedure Proceed as follows to verify the website filtering configuration:
Step Action
Chapter 6
1
2 In the Toolbox section, click Web Site filtering.
Result: you are taken to the website filtering overview page:
Go to the SpeedTouch™ configuration home page
E-DOC-CTC-20051017-0155 v1.0
63
Chapter 6
SpeedTouch™ System Services
The Website Filtering
Web page
This page has two sections:
Section Description
Filtering Information This section provides information on the active filtering
configuration:
Address based filtering information: a list of all
specified websites and the actions to be taken.
Content based filtering information: license
information and information about the active
content level.
Note: to view more detailed information on the
content level, click Details...
Pick a task List of possible tasks. In this case, any Activate Web
filtering license is available.
Note: after activating the license, a new task Create a new
content level becomes available. Refer to “6.3.3 How to
Activate a Web Filtering License” on page 65 for more
information.
64
E-DOC-CTC-20051017-0155 v1.0
Chapter 6
SpeedTouch™ System Services
6.3.3 How to Activate a Web Filtering License
Prerequisite Before you can activate the web site filtering license, you need a valid license key.
Procedure Proceed as follows to activate a web filtering license:
Step Action
1
Go to the SpeedTouch™ configuration home page
2 In the Toolbox section, click Web Site filtering.
Result: you are taken to the website filtering overview page
3 In the Pick a task... section, click Activate Web filtering license.
Result: the Web filtering activation page appears:
4 Fill in a valid license key and click Apply.
Once you have activated the license, the Create New Content Level task
becomes available in the Pick a Task section of the filtering configuration
pages.
E-DOC-CTC-20051017-0155 v1.0
65
Chapter 6
SpeedTouch™ System Services
6.3.4 Configuring the Actions for Uncategorised
Filter Priority The address based filter, if activated, has the highest priority. For web sites that are
Sites
not specified in the address based filter, the system uses the Content based filter (if
activated). If neither filter is activated, no filtering is applied.
Actions for
Uncategorised Sites
Procedure Proceed as follows to set the actions for uncategorised sites:
Uncategorised sites are sites that are not targeted by any of the active filters. For
these sites, you can:
allow access
block access
Step Action
1
2 In the Toolbox section, click Web Site filtering.
3 In the top right corner, click Configure.
4 Go to the second bullet in the list (Content Based Filtering).
5 In the drop down list next to the option Action for uncategorised sites,
6 Click Apply.
Go to the SpeedTouch™ configuration home page
select the desired action (Block or Allow).
66
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ System Services
6.3.5 How to Create an Address Based Filter
Chapter 6
How to Create a New
Proceed as follows:
Entry
Step Action
1
Go to the SpeedTouch™ configuration home page
2 In the Toolbox section, click Web Site filtering.
3 In the top right corner, click Configure.
4 Go to the first bullet in the list (Address Based Filtering).
5 In the last row of the table, enter the URL of the web site for which you
want to create an entry in the filter
6 Select the action to be taken (Block, Allow or Redirect)
In case of Redirect, enter the address to which you want to redirect.
7 Click Add
8 Repeat steps 5 to 7 for each entry you want to create in the filtering
table.
9 If necessary, select Use Address Based Filter and click Apply.
How to Modify an Entry Proceed as follows to modify an entry in the filter table:
Step Action
1
Go to the row you wish to change and click the corresponding Edit.
2 Modify the entry and click Apply.
To undo the changes, click Cancel.
How to Delete an Entry Proceed as follows to delete an entry in the filter table:
Step Action
1
Go to the row you wish to delete
2 Click the corresponding Delete.
E-DOC-CTC-20051017-0155 v1.0
67
Chapter 6
SpeedTouch™ System Services
6.3.6 How to Create a Content Based Filter
About Content Levels Content levels determine which web sites will be targeted by the filter, based on
their content.
There are 5 pre-defined content levels:
Level Description
All Allow all categorized web sites.
Legal Allow all except illegal, extreme, spam
and spyware websites.
Teenagers Block illegal, adult, extreme, online
ordering & gambling and spyware
websites.
Children Allow only children-safe websites.
BlockAll Block all categorized web sites.
Procedure Proceed as follows to create a content based filter:
Step
1
Action
Go to the SpeedTouch™ configuration home page
2 In the Toolbox section, click Web Site filtering.
3 In the top right corner, click Configure.
4 Go to the second bullet in the list (Content Based Filtering)
5 If not already set, select the desired action for uncategorised sites.
6 If necessary, create a new content level, or modify an existing one.
7 Select the content level of your choice.
8 Repeat steps 5 to 7 for each entry you want to create in the filtering
table.
9 Click Apply.
68
E-DOC-CTC-20051017-0155 v1.0
6.3.7 How to Create a Content Level
Chapter 6
SpeedTouch™ System Services
How to get a Detailed
View
How to Edit a Content
Level
Proceeds as follows to get a detailed view of an content level:
Step Action
1
Go to the Web site filtering Overview page.
Result:
The Web interface shows a description of the content level as well as
full details on which type of content is allowed and which is not.
2 Click on Details...
Proceed as follows to edit an existing Content Level:
Step Action
1
Go to the Web site filtering Overview page.
2 Select the content level you wish to edit and click the corresponding
Edit.
3 Modify the name, description and/or the content classes or subclasses
targeted by the filter. To select or de-select a content class or subclass,
click its checkbox.
4 Click Apply.
E-DOC-CTC-20051017-0155 v1.0
69
Chapter 6
SpeedTouch™ System Services
How to Create a New
Content Level
Proceed as follows to create a new content level:
Step Action
1
Go to the Web site filtering Configure page
2 In the Pick a Task... list, select Create a new content level.
3 Fill in a name and a description and click Next
4 If you want to:
Start from a copy of an existing level, select Clone an Existing Level.
Start from a white list (everything blocked, leaving you to determine
which categories are to be allowed), select White List.
Start from a black list (everything allowed, leaving you to determine
which categories are to be blocked), select Black List.
5 Click Next.
6 Select or de-select the content classes and subclasses you want to
include or exclude.
Note that if you select a class, all subclasses in that class are
automatically included, unless you select at least one subclass. In that
case, only the selected subclasses are included.
Example:
70
If the filter is set to allow the sites targeted by the filter, the above
example will allow the following sites:
Sites related to swimwear or lingerie, but no other nudity related
sites
No sites in the Ordering class
In the Society/Education/Religion class, only sites related to Non-
governmental organizations, Cities/Regions and Countries and
political parties.
78Click Apply.
E-DOC-CTC-20051017-0155 v1.0
6.4 Intrusion Detection and Protection
Chapter 6
SpeedTouch™ System Services
About Intrusion
Detection
How to View the
The SpeedTouch™ actively protects your system against malicious intrusion. You
can view statistics on the intrusion attempts the SpeedTouch™ has detected.
Proceed as follows to see the intrusion statistics:
Intrusion Detection
statistics
Step Action
1
Go to the Basic configuration home page of the web interface
2 In the To ol bo x section, click Intrusion Detection
Result: the Web Interface shows you a list of all possible intrusions and
the number of times each intrusion actually occurred.
Possible Tasks The Intrusion Detection page also shows a Pick Task... section which has two
possible tasks:
Task Description
View the security logs View the security logs for more
information about the intrusion.
Clear intrusion detection statistics Clears the intrusion detection statistics
and resets all counters to zero.
To execute a task, simply click it in the Pick a Task... section.
E-DOC-CTC-20051017-0155 v1.0
71
Chapter 6
SpeedTouch™ System Services
6.5 Remote Assistance
About Remote
Assistance
How to Set Up Remote
Assistance
Remote Assistance allows you to log on to the SpeedTouch™ from a remote
location and perform tasks.
Proceed as follows to set up Remote Assistance:
Step Action
1
Go to the Basic configuration home page of the web interface
2 In the To ol bo x section, click Remote Assistance
Result: the Web Interface shows the following page:
The system selects the user with the defremadmin property set to
enabled.
The SpeedTouch™has a pre-configured user called TechSupport
already configured for this purpose. Normally, the page should show
this user (see example above).
The system also generates a random password, which you can alter
manually.
How to Log On To The
SpeedTouch™
Remotely
72
3 Click Enable Remote Assistance.
Note that the system generates a new password every time you click
the enable button.
Proceed as follows to log on to the SpeedTouch™ remotely:
Step Action
1
Open a browser window
2 Enter the URL of the SpeedTouch™ (public IP address of the
SpeedTouch™ with port number 51003, as shown on the Remote
Assistance page).
3 Log on using the user and the password on the Remote Assistance
page.
You are now remotely connected to the SpeedTouch™ and have access to all of its
functions, as if the connection were a local connection.
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ System Services
Connection Type On most variants, the connection will be HTTPS (secure HTTP). However, some
variants do not support SSH and will therefore use an HTTP connection;
Chapter 6
E-DOC-CTC-20051017-0155 v1.0
73
Chapter 6
SpeedTouch™ System Services
74
E-DOC-CTC-20051017-0155 v1.0
Chapter 7
The SpeedTouch™ File System
7 The SpeedTouch™ File System
Introduction The SpeedTouch™ file system exists of nonvolatile memory responsible for storing,
retrieving and maintaining the system software files, configuration profile files,
language-pack files, software activation keys, secure storage files, etc.
The file system of the SpeedTouch™ is accessible via the well known File Transfer
Protocol (FTP). This allows to backup and restore files present on the SpeedTouch™
file system. Moreover, via FTP's
limited set of CLI commands from the FTP prompt.
quote site command you are able to use a
Opening an FTP session
to the SpeedTouch™
Proceed as follows to open an FTP session to the SpeedTouch™ file system (the
example shows an ftp session opened from an MS Windows Command Prompt):
In the example above the default SpeedTouch™ IP address 192.168.1.254 is
assumed, however another IP address may be assigned to your
SpeedTouch™ device.
In its default firewall configuration, FTP access to the SpeedTouch™ file system is
restricted to access from the local network only.
File system structure The file system features a tiny multilevel directory structure with two nodes '/active'
and '/dl'.
The root directory is secured and contains two subdirectories ‘/active’ and ‘/dl’.
The ‘/active’ subdirectory contains the system software in execution. Other files
may be present to ensure the good operation of the device, or due to previous
system software upgrades.
The ‘/dl’ subdirectory is the directory where you can find a user.ini file, holding the
most recently saved SpeedTouch™ configuration. The ‘/dl’ subdirectory also
contains the passive (dormant) system software (in most cases the passive system
software will be the same as the active system software present the ‘/active’
subdirectory. Optionally, the ‘/dl’ subdirectory may contain software activation keys
for enabling SpeedTouch™ software modules, language pack files and template
files. Other files may be present as well to ensure the good operation of the device.
There may be a user.ini file present in the ‘/active’ subdirectory. However,
this user.ini only contains the saved configuration since the last software
switchover, and hence may be not up-to-date.
E-DOC-CTC-20051017-0155 v1.0
75
Chapter 7
The SpeedTouch™ File System
Access rights to the file
system
Preparing for FTP file
transfers
Following access/action rights apply to the directories and its contents:
'root' Directory
Access is allowed
No Read access
No Write access
'/active' Subdirectory
Access is allowed
Listing of files (dir)
FTP (m)get of (multiple) files
'/dl' Subdirectory
Access is allowed
Listing of files (dir)
FTP (m)get of (multiple) files
FTP (m)put of (multiple) files
FTP (m)delete of (multiple) files
To allow correct file transfers the transfer mode must be set to "binary".
You can turn on the hashing option. This allows you to see the file transfer in
progress, by printing a mark for each 2048 bytes that have been transferred:
ftp> bin
200 TYPE is now 8-bit binary
ftp> hash
Hash mark printing On ftp: (2048 bytes/hash mark) .
ftp>
76
E-DOC-CTC-20051017-0155 v1.0
Chapter 7
The SpeedTouch™ File System
Files stored on the file
system
The following is an example output of the SpeedTouch™ ‘/dl’ and ‘/active’
subdirectory content:
C:\Documents and Settings\john_doe>ftp 192.168.1.254
Connected to 192.168.1.254.
220 Inactivity timer = 120 seconds. Use 'site idle <secs>' to change.
User (192.168.1.254:(none)):Administrator
331 SpeedTouch (00-0E-50-0F-FE-2A) Password required.
Password:
230 OK
ftp>cd dl
250 Changed to /dl
ftp>dir
200 Connected to 192.168.1.1 port 2055
150 Opening data connection for /bin/ls
-rwxrwxrwx 1 0 0 20 Jun 29 1971 start.cmd
-rwxrwxrwx 1 0 0 2889484 Jun 29 1971 ZZUIAA5.321
-r--r--r-- 1 0 0 9 Jun 29 1971 seed.dat
-r--r--r-- 1 0 0 729 Jun 29 1971 sslcert.pem
-r--r--r-- 1 0 0 908 Jun 29 1971 sslkey.pem
-rwxrwxrwx 1 0 0 54952 Jun 29 1971 user.ini
-r--r--r-- 1 0 0 692 Jun 29 1971 sshdsa.pem
226 Options: -l : 7 matches total
ftp: 466 bytes received in 0,02Seconds 29,13Kbytes/sec.
ftp>cd ..
250 Changed to /
ftp>cd active
250 Changed to /active
ftp>dir
200 Connected to 192.168.1.1 port 2056
150 Opening data connection for /bin/ls
-rwxrwxrwx 1 0 0 20 Jun 29 1971 start.cmd
-rwxrwxrwx 1 0 0 2889484 Jun 29 1971 ZZUIAA5.321
226 Options: -l : 2 matches total
ftp: 134 bytes received in 0,00Seconds 134000,00Kbytes/sec.
ftp>
E-DOC-CTC-20051017-0155 v1.0
77
Chapter 7
The SpeedTouch™ File System
File types Following file types can be found:
System software files (e.g. ZZUIAA5.321)
The SpeedTouch™ system software file. The one in the ‘/active’ directory is
currently used by the SpeedTouch™; the one in the ‘/dl’ directory is dormant.
Software activation keys(e.g. VPN256-32.swk)
Software key files allowing the SpeedTouch™ to enable the corresponding
software module at startup. Per enabled software module, a software key
must be present in the ‘/dl’ directory.
Configuration files (e.g. user.ini)
The most recent saved configuration of the SpeedTouch™, or alternative
dormant configuration files, manually stored on the SpeedTouch™. At start-up
the SpeedTouch™ will load the user.ini configuration file residing in the ‘/dl’
directory.
Default configuration files (e.g. isp.def)
Depending on your ISP’s or network administrator’s preferences, your
SpeedTouch™ may have a deviant default configuration after a reset. The
isp.def file, if present, reflects this deviant default configuration.
Template files (e.g. custom.tpl)
Service template file, used by the embedded Easy Setup wizard.
Language-pack files (e.g. German.lng)
Files, allowing to view the SpeedTouch™ Web Interface in a local language.
Per
selectable language a language pack file should be available.
Secure storage files (e.g. ss_p12.dat)
Secure storage data files, containing certificate information for the
SpeedTouch™ IP Security VPN module (if enabled).
Flag and system files (e.g. build.flg, config.inf, start.cmd)
Protected files, created by the SpeedTouch™ for file system and startup
management. For proper operation, do not change or delete these files in any
way.
Script files (.sts)
78
E-DOC-CTC-20051017-0155 v1.0
8SpeedTouch™ Remote Access
Chapter 8
SpeedTouch™ Remote Access
The SpeedTouch™
access methods
Restrictions Two important factors determine if you are allowed access via a specific method.
The SpeedTouch™ offers various access methods to allow configuration and
monitoring of the device.
SpeedTouch™ HTTP
SpeedTouch™ HTTPs access
SpeedTouch™ Telnet access
SpeedTouch™ FTP access
SpeedTouch™ SSH access
However, for obvious security reasons, in the default configuration all these
methods are denied from the WAN side. Explicit configuration is required in order
to allow remote management from the WAN.
The SpeedTouch™ multi-level access policy:
It determines access rights for users.
For more information on the multi-level SpeedTouch™ access policy,
please refer to the SpeedTouch™ Multi-Level Access Policy
Configuration Guide.
The SpeedTouch™ system services:
The SpeedTouch™ access methods are linked to different SpeedTouch™
Services.
A Service is an application running on the SpeedTouch™. By activating a
service, the SpeedTouch™ adds the appropriate NAT entries and firewall rules,
for example to disable access to the SpeedTouch™ web host.
Access methods vs
In the table below the access methods and their services are listed:
system services
Access method System service name
HTTP access HTTP
HTTPs access HTTPs
Telnet access TELNET
SSH access SSH
FTP access FTP
Configuration via CLI To allow remote access (from the WAN side) for a certain service, add the WAN
interface group to the interface access list of the service. See“ Configuration via CLI
commands” on page 81
Remote Assistance It is possible to remotely access the SpeedTouch™ Web Interface for remote
assistance purposes. For more information, refer to Chapter 6, section “6.5 Remote
Assistance” on page 72.
E-DOC-CTC-20051017-0155 v1.0
79
Chapter 8
SpeedTouch™ Remote Access
Interface access list The interface access list of a service contains the interface groups from where a
IPSec Protection It is possible to use IPSec to protect remote management. You can either use IPSec
user is allowed access to that specific service.
The interface access list can contain 1 or more of the following groups:
lan:
the local or corporate network
local:
the serial console cable
wan:
the Internet
tunnel mode or IPSec transport mode. For more details, refer to the IPSec
configuration guide.
80
E-DOC-CTC-20051017-0155 v1.0
SpeedTouch™ Remote Access
8.1 Remote Web Interface Access
Introduction The SpeedTouch™ web interface is provided by the SpeedTouch™ HTTP web
server. Access to this server and hence the web interface is controlled by the HTTP
service. By default, the HTTP service is configured to let the web server accept http
requests from LAN side only. In addition the SpeedTouch™ provides HTTPs access.
This provides a more secure way (HTTP over ssl) of accessing the SpeedTouch™
HTTP web server.
Chapter 8
Default HTTP
service configuration
Configuration via
CLI commands
Use the following CLI command to see the default HTTP service configuration.
=>:service system list name=HTTP expand=enabled
Idx Name Protocol SrcPort DstPort Group State
----------------------------------------------------------------------1 HTTP tcp 80 enabled
Description................ HTTP web server
Properties................. server
Managed parameters......... state port acl map log
Interface Access List...... lan local
Ip Access List............. any
NAT Port List.............. 80
=>
For WAN access, you should use HTTP. For this, additional configuration of the
HTTP service is needed.
Use the following CLI command to allow HTTP access from the WAN to the
SpeedTouch™:
=>:service system ifadd name=HTTP group=wan
=>
If you take a look at the HTTP service configuration, you will see that the wan group
is added to the Interface Access List:
E-DOC-CTC-20051017-0155 v1.0
=>:service system list name=HTTP expand=enabled
Idx Name Protocol SrcPort DstPort Group State
----------------------------------------------------------------------1 HTTP tcp 80 enabled
Description................ HTTP web server
Properties................. server
Managed parameters......... state port acl map log
Interface Access List...... lan local wan
Ip Access List............. any
NAT Port List.............. 80
=>
81
Chapter 8
SpeedTouch™ Remote Access
Refinement of the
Service
If needed, the service can be fine-tuned to restrict the allowed traffic to:
A single IP address
A subnet
A range of IP addresses
Use the following CLI command to restrict the allowed traffic to 1 IP address.
=>:service system ipadd name=HTTP ip=192.6.11.5
=>
Use the following CLI command to restrict the allowed traffic to a subnet.
=>:service system ipadd name=HTTP ip=192.6.11.0/24
=>
Use the following CLI command to restrict the allowed traffic to a range of IP
addresses.
=>:service system ipadd name=HTTP ip=192.6.[2-55].[2-55]
=>
82
E-DOC-CTC-20051017-0155 v1.0
Chapter 8
SpeedTouch™ Remote Access
Hyper-NAT Refinements The SpeedTouch™ features a powerful Hyper-NAT engine allowing the local hosts
to share a single (remotely negotiated) public IP address.
In case Hyper-NAT is enabled on the WAN interface that will be used for remote
management, and a static mapping has been made to allow remote hosts to
address regular HTTP services on a host residing on your local network, you must
make sure that accessing the SpeedTouch™ Web Interface is still possible.
For more information on Hyper-NAT, see the SpeedTouch™ Hyper-NAT
Configuration Guide.
The default port for the HTTP server is set to 80. This can be changed by executing
the following command:
=>:service system modify name=HTTP state=enabled port=82
=>
The command above will change the HTTP server port of the SpeedTouch™ from
port 80 (default) to port 82.
=>:service system list name=HTTP expand=enabled
Idx Name Protocol SrcPort DstPort Group
----------------------------------------------------------------------1 HTTP tcp 82
Description................ HTTP web server
Properties................. server
Attributes................. state port aclip aclif aclifgroup map log
User Managed Attributes.... state port aclip aclif aclifgroup map log
=>
Attribute Values :
State...................... enabled
Port....................... 82
Ip Access List............. any
Interface Access List...... any
Interface Group Access List lan
Map List................... 82
Logging.................... disabled
E-DOC-CTC-20051017-0155 v1.0
NAT-refinements for SpeedTouch™ services should never be made in the
!
NAT configuration menu, but always in System Services.
83
Chapter 8
SpeedTouch™ Remote Access
8.2 Secure Remote Web Interface Access
HTTPs service
Introduction
The remote
management certificate
Default HTTPs
service configuration
The SpeedTouch™ supports secure HTTP or HTTPS. The Transport Layer Security
(prior SSL implemented by Netscape) provides communications privacy over the
Internet. The protocol allows client/server applications to communicate in a way
that is designed to prevent eavesdropping, tampering, or message forgery.
The primary goal of the TLS Protocol is to provide privacy and data integrity
between two communicating applications.
When booting, the SpeedTouch™ verifies if a certificate exists for remote
management. If no certificate is found, the SpeedTouch™ generates its own
certificate. When the SpeedTouch™ receives an HTTPs request on port 443, it
transmits this certificate to the client. The client can either accept of refuse the
server identity. Depending on client implementation, the end-user is prompted
whether or not to trust the server.
When a web user logs in or tries to log in the SpeedTouch™, a syslog message is
generated. This message indicates the user name and the underlying protocol
(HTTP or HTTPS)
After negotiating the cipher between the two peers involved in the TLS protocol,
data is encrypted for further communications. The minimum level of security
required for the connection is indicated by each peer. If the minimum requirement
of each peer cannot be achieved, the connection is closed.
Use the following CLI command to see the default HTTPs service configuration.
=>:service system list name=HTTPs expand=enabled
Idx Name Protocol SrcPort DstPort Group
----------------------------------------------------------------------1 HTTPs tcp 443
Description............... HTTP web server over ssl
Properties................ server
Attributes................ state port aclip aclif aclifgroup map log
User Managed Attributes... state port aclip aclif aclifgroup map log
Attribute Values :
State...................... enabled
Port....................... 443
Ip Access List............. any
Interface Access List...... any
Interface Group Access List lan
Map List................... 443
Logging.................... disabled
=>
84
E-DOC-CTC-20051017-0155 v1.0
Chapter 8
SpeedTouch™ Remote Access
Configuration via
CLI commands
To have HTTPs access via WAN, additional configuration of the HTTPs service is
needed.
Use the following CLI command to allow HTTPs access from the WAN to the
SpeedTouch™:
=>:service system ifadd name=HTTPs group=wan
=>
If you take a look at the HTTPs service configuration, you will see that the wan
group is added to the Interface Access List:
=>:service system list name=HTTPs expand=enabled
Idx Name Protocol SrcPort DstPort Group
----------------------------------------------------------------------1 HTTPs tcp 443
Description............... HTTP web server over ssl
Properties................ server
Attributes................ state port aclip aclif aclifgroup map log
User Managed Attributes... state port aclip aclif aclifgroup map log
Attribute Values :
State...................... enabled
Port....................... 443
Ip Access List............. any
Interface Access List...... any
Interface Group Access List lan wan
Map List................... 443
Logging.................... disabled
=>
E-DOC-CTC-20051017-0155 v1.0
85
Chapter 8
SpeedTouch™ Remote Access
Refinement of the
Service
If needed, the service can be fine-tuned to restrict the allowed traffic to:
A single IP address
A subnet
A range of IP addresses
Use the following CLI command to restrict the allowed traffic to 1 IP address.
=>:service system ipadd name=HTTPs ip=192.6.11.5
=>
Use the following CLI command to restrict the allowed traffic to a subnet.
=>:service system ipadd name=HTTPs ip=192.6.11.0/24
=>
Use the following CLI command to restrict the allowed traffic to a range of IP
addresses.
=>:service system ipadd name=HTTPs ip=192.6.[2-55].[2-55]
=>
86
E-DOC-CTC-20051017-0155 v1.0
Chapter 8
SpeedTouch™ Remote Access
Hyper-NAT Refinements The SpeedTouch™ features a powerful Hyper-NAT engine allowing the local hosts
to share a single (remotely negotiated) public IP address.
In case Hyper-NAT is enabled on the WAN interface that will be used for remote
management, and a static mapping has been made to allow remote hosts to
address regular HTTPs services on a host residing on your local network, you must
make sure that accessing the SpeedTouch™ Web Interface is still possible.
For more information on Hyper-NAT, see the SpeedTouch™ Hyper-NAT
Configuration Guide.
The default port for the HTTPs server is set to 443. This can be changed by
executing the following command:
=>:service system modify name=HTTPs state=enabled port=448
=>
The command above will change the HTTPs server port of the SpeedTouch™ from
port 443 (default) to port 448.
=>:service system list name=HTTPs expand=enabled
Idx Name Protocol SrcPort DstPort Group
----------------------------------------------------------------------1 HTTPs tcp 448
Description............... HTTP web server over ssl
Properties................ server
Attributes................ state port aclip aclif aclifgroup map log
User Managed Attributes... state port aclip aclif aclifgroup map log
Attribute Values :
State...................... enabled
Port....................... 448
Ip Access List............. any
Interface Access List...... any
Interface Group Access List lan wan
Map List................... 448
Logging.................... disabled
=>
E-DOC-CTC-20051017-0155 v1.0
NAT-refinements for SpeedTouch™ services should never be made in the
!
NAT configuration menu, but always in System Services.
87
Chapter 8
SpeedTouch™ Remote Access
8.3 Remote Telnet Access
About Secure Remote
Telnet Access and SSH
Default Telnet
service configuration
Configuration via
CLI commands
The SpeedTouch™ Telnet host is provided by the SpeedTouch™ Telnet server.
Access to this server and hence the Telnet interface is controlled by the Telnet
service. By default, the Telnet service is configured to let the Telnet server accept
telnet sessions from LAN side only. In addition the SpeedTouch™ provides SSH
remote access.
SSH provides a more secure way of accessing the SpeedTouch™ CLI interface and
should therefore be used.
Use the following CLI command to see the default Telnet service configuration.
=>:service system list name=TELNET expand=enabled
Idx Name Protocol SrcPort DstPort Group State
--------------------------------------------------------------------
1 TELNET tcp 23 enabled
Description................ Virtual Terminal
Properties................. server
Managed parameters......... state port acl map log
Interface Access List...... lan
Ip Access List............. any
NAT Port List.............. 23
=>
To have Telnet access via WAN, additional configuration of the SpeedTouch™ Telnet
service is needed.
Use the following CLI command to allow WAN Telnet access to the SpeedTouch™.
=>:service system ifadd name=TELNET group=wan
=>
Use the following CLI command to take a look at the Telnet service configuration,
you will see that the wan group is added to the Interface Access List:
=>:service system list name=TELNET expand=enabled
Idx Name Protocol SrcPort DstPort Group
----------------------------------------------------------------------1 TELNET tcp 23
Description................ Virtual Terminal
Properties................. server
Attributes................. state port aclip aclif aclifgroup map log
User Managed Attributes.... state port aclip aclif aclifgroup map log
Attribute Values :
State...................... enabled
Port....................... 23
Ip Access List............. any
Interface Access List...... any
Interface Group Access List lan wan
Map List................... 23
Logging.................... disabled
=>
88
E-DOC-CTC-20051017-0155 v1.0
Chapter 8
SpeedTouch™ Remote Access
Refinement of the
Service
If needed, the service can be fine-tuned to restrict the allowed traffic to:
A single IP address
A subnet
A range of IP addresses
Use the following CLI command to restrict the allowed traffic to 1 IP address.
=>:service system ipadd name=TELNET ip=192.6.11.5
=>
Use the following CLI command to restrict the allowed traffic to a subnet.
=>:service system ipadd name=
=>
Use the following CLI command to restrict the allowed traffic to a range of IP
addresses.
=>:service system ipadd name=
=>
TELNET ip=192.6.11.0/24
TELNET ip=192.6.[2-55].[2-55]
E-DOC-CTC-20051017-0155 v1.0
89
Chapter 8
SpeedTouch™ Remote Access
Hyper-NAT Refinements The SpeedTouch™ features a powerful Hyper-NAT engine allowing the local hosts
to share a single (remotely negotiated) public IP address.
In case Hyper-NAT is enabled on the WAN interface that will be used for remote
management, and a static mapping has been made to allow remote hosts to open a
Telnet session to a host residing on your local network, you must make sure that
Telnet access to the SpeedTouch™ CLI is still possible.
For more information on Hyper-NAT, see the SpeedTouch™ Hyper-NAT
Configuration Guide.
The default port for the Telnet server is set to 23. This can be changed by executing
the following command:
=>:service system modify name=TELNET state=enabled port=50
=>
The command above will change the Telnet server port of the SpeedTouch™ from
port 23 (default) to port 50.
=>:service system list name=TELNET expand=enabled
Idx Name Protocol SrcPort DstPort Group
----------------------------------------------------------------------1 TELNET tcp 50
Description................ Virtual Terminal
Properties................. server
Attributes................. state port aclip aclif aclifgroup map log
User Managed Attributes.... state port aclip aclif aclifgroup map log
Attribute Values :
State...................... enabled
Port....................... 50
Ip Access List............. any
Interface Access List...... any
Interface Group Access List lan wan
Map List................... 50
Logging.................... disabled
=>
90
NAT-refinements for SpeedTouch™ services should never be made in the
!
NAT configuration menu, but always in System Services.
E-DOC-CTC-20051017-0155 v1.0
Loading...