virtual access GW3330, GW3346, GW3340, GW3360, GW3343 User Manual

...

Download

Page 1

GW3300 User Manual

Issue:

1.4

Date:

18 April 2016

Page 2

Table of Contents

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 2 of 324

1 Introduction ................................................................................................. 8

1.1 Document scope ....................................................................................... 8

1.2 Using this documentation ........................................................................... 8

2 GW3300 Series hardware ........................................................................... 11

2.1 Hardware specification ............................................................................. 11

2.2 GW3300 Series router model variants ....................................................... 11

2.3 Hardware features .................................................................................. 11

2.4 RS232 mode pin-out on the GW3300......................................................... 12

2.5 RS485 mode pin-out on the GW3300......................................................... 12

2.6 Mobile technology ................................................................................... 12

2.7 WiFi te chnology ...................................................................................... 12

2.8 Power supply .......................................................................................... 13

2.9 Dimensions ............................................................................................ 13

2.10 Operating temperature range ................................................................... 13

2.11 Antenna ................................................................................................. 13

2.12 Getting started ....................................................................................... 14

2.13 Inserting the SIM cards ........................................................................... 14

2.14 Connecting cables ................................................................................... 14

2.15 Connecting the antenna ........................................................................... 14

2.16 Powering up ........................................................................................... 14

2.17 Reset button .......................................................................................... 15

3 GW3300 Se r ies LED beha viour .................................................................... 16

3.1 Configuration LED ................................................................................... 16

3.2 SIM LED ................................................................................................ 16

3.3 Signal strength LEDs ............................................................................... 16

3.4 Ethernet port LED behaviour .................................................................... 16

4 Factory configuration extraction from SIM card ......................................... 18

5 Accessing the router ................................................................................... 19

5.1 Configuration packages used .................................................................... 19

5.2 Accessing the router over Ethernet using the web interface .......................... 19

5.3 Accessing the router over Ethernet using an SSH client ............................... 20

5.4 Accessing the router over Ethernet using a Telnet client .............................. 20

5.5 Configuring the password ......................................................................... 21

5.6 Configuring the password using the web interface ....................................... 21

5.7 Configuring the password using UCI .......................................................... 22

5.8 Configuring the password using package options......................................... 22

5.9 Configuring the local access with Radius authentication ............................... 23

5.10 SSH ...................................................................................................... 24

5.11 Package dropbear using UCI ..................................................................... 26

5.12 Certs and private keys ............................................................................. 26

Page 3

Table of Contents

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 3 of 324

5.13 Configuring a router’s web server ............................................................. 27

5.14 Basic authentication (httpd conf) .............................................................. 32

5.15 Securing uhttpd ...................................................................................... 33

6 System settings .......................................................................................... 34

6.1 Configuration package used ..................................................................... 34

6.2 Configuring system properties .................................................................. 34

6.3 System settings using UCI ....................................................................... 38

6.4 System diagnostics ................................................................................. 39

7 Upgrading router fi rmware ......................................................................... 41

7.1 Upgrading firmware using the web interface ............................................... 41

7.2 Upgrading firmware using CLI .................................................................. 42

8 Router file structure ................................................................................... 44

8.1 System information ................................................................................. 44

8.2 Image files ............................................................................................. 45

8.3 Directory lo cations for UCI configuration files ............................................. 45

8.4 Viewing and changing current configuration ............................................... 45

8.5 Configuration file syntax .......................................................................... 46

8.6 Managing configurations .......................................................................... 46

8.7 Exporting a configuration file .................................................................... 47

8.8 Importing a configuration file ................................................................... 48

9 Using the Command Line Interface ............................................................. 50

9.1 Overview of some common commands ...................................................... 50

9.2 Using Unified Configuration Interface (UCI) ................................................ 53

9.3 Configuration files ................................................................................... 58

9.4 Configuration file syntax .......................................................................... 58

10 Management configuration settings ........................................................... 60

10.1 Activator ................................................................................................ 60

10.2 Monitor .................................................................................................. 60

10.3 Configuration packages used .................................................................... 60

10.4 Autoload: boot up activation ..................................................................... 60

10.5 Autoload packages .................................................................................. 61

10.6 Autoload using UCI ................................................................................. 63

10.7 HTTP Client: configuring activation using the web interface .......................... 64

10.8 Httpclient: Activator configuration using UCI .............................................. 66

10.9 User management using UCI .................................................................... 67

10.10 Configuring the management user password using UCI ............................. 68

10.11 Configuring management user password using package options ................. 69

10.12 User management using UCI ................................................................. 69

10.13 Configuring user access to specific web pages ......................................... 70

11 Configuring an Ethernet interface ............................................................... 71

Page 4

Table of Contents

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 4 of 324

11.1 Configuration packages used .................................................................... 71

11.2 Configuring an Ethernet interface using the web interface ............................ 71

11.3 Interface configuration using UCI .............................................................. 80

11.4 Configuring port maps ............................................................................. 83

11.5 Port map packages .................................................................................. 83

11.6 Interface diagnostics ............................................................................... 84

12 Configuring SAToP and CESoPSN ................................................................ 87

12.1 What are SAToP and CESoPSN? ................................................................ 87

12.2 Clocking ................................................................................................. 87

12.3 Virtual Access proprietary SAToP/CESoPSN protocol extension ...................... 88

12.4 Configuration package used ..................................................................... 88

12.5 Configuring SAToP/CESoPSN .................................................................... 89

12.6 Configuring main settings using UCI .......................................................... 90

12.7 Configuring port settings using the web interface ........................................ 91

12.8 Configuring port settings using UCI ........................................................... 97

12.9 CESoPSN diagnostics ............................................................................... 99

13 DHCP server and DNS configuration (Dnsmasq) ....................................... 110

13.1 Configuration package used ................................................................... 110

13.2 Configuring DHCP and DNS using the web interface .................................. 110

13.3 Configuring DHCP and DNS using UCI ...................................................... 117

13.4 Configuring DHCP pools using UCI ........................................................... 119

13.5 Configuring static leases using UCI .......................................................... 120

14 Configuring static routes .......................................................................... 122

14.1 Configuration package used ................................................................... 122

14.2 Configuring static routes using the web interface ...................................... 122

14.3 Configuring IPv6 routes using the web interface ....................................... 123

14.4 Configuring routes using command line ................................................... 124

14.5 IPv4 routes using UCI ............................................................................ 124

14.6 IPv4 routes using package options .......................................................... 125

14.7 IPv6 routes using UCI ............................................................................ 125

14.8 IPv6 routes using packages options ......................................................... 125

14.9 Static routes diagnostics ........................................................................ 126

15 Configuring BGP (Border Gateway Protocol) ............................................ 127

15.1 Configuration package used ................................................................... 127

15.2 Configuring BGP using the web interface .................................................. 127

15.3 Configuring BGP using UCI ..................................................................... 130

15.4 Configuring BGP using packages options .................................................. 131

15.5 View routes statistics ............................................................................. 132

16 Configuring a WiFi connection .................................................................. 133

16.1 Configuration packages used .................................................................. 133

Page 5

Table of Contents

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 5 of 324

16.2 Configuring a WiFi interface using the web interface .................................. 133

16.3 Config uring W iFi in AP mode ................................................................... 139

16.4 Config uring W iFi using UCI ..................................................................... 140

16.5 Creating a WiFi in Client mode using the web interface .............................. 143

16.6 Config uring W iFi in Client mode using command line ................................. 145

17 Configuring a mobile connection .............................................................. 147

17.1 Configuration package used ................................................................... 147

17.2 Configuring a mobile c onnection using the web inte rface ............................ 147

17.3 Configuring a mobile c onnection using UCI ............................................... 152

17.4 Mobile status using UCI ......................................................................... 152

18 Configuring mobile manager..................................................................... 154

18.1 Configuration package used ................................................................... 154

18.2 Configuring mobile manager using the web interface ................................. 154

18.3 Configuring mobile manager using UCI .................................................... 155

18.4 Configuring a roaming interface template via the web interface .................. 157

18.5 Monitoring SMS .................................................................................... 157

18.6 Sending SMS from the router ................................................................. 157

18.7 Sending SMS to the router ..................................................................... 157

19 Configuring Multi-WAN ............................................................................. 158

19.1 Configuration package used ................................................................... 158

19.2 Configuring Multi-WAN using the web interface ......................................... 158

19.3 Multi-WAN traffic rules ........................................................................... 163

19.4 Configuring Multi-WAN using UCI ............................................................ 163

19.5 Multi-WAN diagnostics ........................................................................... 164

20 Automatic operator selection .................................................................... 167

20.1 Configuration package used ................................................................... 167

20.2 Configuring automatic operator selection via the web interface ................... 167

20.3 Config uring v ia UCI ............................................................................... 186

20.4 Configuring No PMP + roam ing using UCI ................................................. 190

20.5 Automatic operator selection diagnostics via the web interface ................... 193

20.6 Automatic operator selection diagnostics via UCI ...................................... 193

21 Configuring IPSec ..................................................................................... 196

21.1 Configuration package used ................................................................... 196

21.2 Configuring IPSec using the web interface ................................................ 196

21.3 Config uring IPSec using UCI ................................................................... 203

21.4 Configuring an IPSec template for DMVPN via the web interface ................. 207

21.5 Configuring an IPSec template to use with DMVPN .................................... 214

21.6 IPSec diagnostics using the web interface ................................................ 216

21.7 IPSec diagnostics using UCI ................................................................... 216

22 Configuring firewall .................................................................................. 217

Page 6

Table of Contents

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 6 of 324

22.1 Configuration package used ................................................................... 217

22.2 Configuring firewall using the web interface ............................................. 217

22.3 Config uring firewall using UCI ................................................................. 229

22.4 IPv6 notes ........................................................................................... 231

22.5 Implications of DROP vs. REJECT ............................................................ 231

22.6 Connection tracking .............................................................................. 232

22.7 Firewall examples ................................................................................. 233

23 Configuring SNMP ..................................................................................... 239

23.1 Configuration package used ................................................................... 239

23.2 Configuring SMNP using the web interface................................................ 239

23.3 Configuring SNMP using command line .................................................... 244

24 Configuring Dynamic DNS ......................................................................... 251

24.1 Overview ............................................................................................. 251

24.2 Configuration packages used .................................................................. 251

24.3 Configuring Dynamic DNS using the web interface .................................... 251

24.4 Dynamic DNS using UCI......................................................................... 253

25 Configuring VRRP ..................................................................................... 255

25.1 Overview ............................................................................................. 255

25.2 Configuration package used ................................................................... 255

25.3 Configuring VRRP using the web interface ................................................ 255

25.4 Configuring VRRP using UCI ................................................................... 257

26 Dynamic Multipoint Virtual Private Network (DMVPN) ............................. 259

26.1 Prerequisites for configuring DMVPN ........................................................ 259

26.2 Advantages of using DMVPN ................................................................... 259

26.3 DMVPN scenari os .................................................................................. 260

26.4 Configuration packages used .................................................................. 262

26.5 Configuring DMVPN using the web interface ............................................. 262

26.6 DMVPN diagnostics ................................................................................ 264

27 Configuring Termina l Server ..................................................................... 267

27.1 Overview ............................................................................................. 267

27.2 Configuration packages used .................................................................. 267

27.3 Configuring Terminal Server using the web interface ................................. 267

27.4 Terminal Server using UCI ..................................................................... 278

27.5 Terminal Server using package options .................................................... 278

27.6 Terminal Server diagnostics ................................................................... 278

28 Configuring a GRE interface ...................................................................... 281

28.1 Configuration packages used .................................................................. 281

28.2 Creating a GRE connection using the web interface ................................... 281

28.3 GRE configuration using command line .................................................... 285

28.4 GRE configuration using UCI ................................................................... 285

Page 7

Table of Contents

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 7 of 324

28.5 GRE configuration using p ackage options ................................................. 285

28.6 GRE diagnostics .................................................................................... 286

29 Configuring Multicasting using PIM and IGMP interfaces.......................... 288

29.1 Overview ............................................................................................. 288

29.2 Configuration package used ................................................................... 288

29.3 Configuring PIM and IGMP using the web interface .................................... 288

29.4 Configuring PIM and IGMP using UCI ....................................................... 290

30 Event system ............................................................................................ 292

30.1 Configuration package used ................................................................... 292

30.2 Implementation of the event system ....................................................... 292

30.3 Supported events .................................................................................. 292

30.4 Supported targets ................................................................................. 293

30.5 Supported connection testers ................................................................. 293

30.6 Configuring the event system using the web interface ............................... 293

30.7 Configuring the event system using UCI .................................................. 293

30.8 Event system diagnostics ....................................................................... 303

31 Configuring SLA reporting on Monitor ....................................................... 310

31.1 Introduction ......................................................................................... 310

31.2 Configuring SLA reporting ...................................................................... 310

31.3 Configuring router upload protocol .......................................................... 311

31.4 Viewing graphs ..................................................................................... 311

31.5 Generating a report ............................................................................... 314

31.6 Reporting device status to Monitor using UCI ............................................ 318

32 Configuring SLA for a router ..................................................................... 320

32.1 Configuration package used ................................................................... 320

32.2 Configuring SLA for a router using the web interface ................................. 320

32.3 Configuring SLA for a router using the UCI interface .................................. 322

Page 8

1: Introduction

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 8 of 324

1 Introduction

This user manual describes the features and how to configure Virtual Access GW3300 Series routers .

Designed for managed network providers, GW3300 Series routers provide secure WAN connectivity for internet and private networking environments over 3G or 4G broadband paths and incorporate optional 802.11n WiFi connectiv ity.

1.1 Document scope

This document covers the following models in the GW3300 Series.

GW3330 Four Ethernet, 3G, Dual SIM, WiFi, Serial GW3340 Four Ethernet, 4G, Dual SIM, WiFi, Serial

GW3360

Four Ethernet, LTE450, Dual SIM, WiFi, Serial

GW3343

Four Ethernet, 4G, 3G, Dual SIM, WiFi, Serial

GW3344

Four Ethernet, 4G, 4G, Dual SIM, WiFi, Serial

GW3346 Four Ethernet, 4G, LTE450, Dual SIM, WiFi, Serial

1.2 Using this documentation

You can configure your router using either the router’s web interface or via the command line using UCI commands. Each chapter explains first the web interface settings, followed by how to configure the router using UCI. The web interface screens are shown along with a path to the screen for example, ‘In the top menu, select Service -> SNMP.’ followed by a screen grab.

After the screen grab there is an information table that describes each of the screen’s fields.

1.2.1 Information tables

We use information tables to show the different ways to configure the router using the router’s web and command line. The left-hand column shows three options:

• Web: refers the command on the router’s web page,

• UCI: shows the specific UCI command, and

• Opt: shows the package option.

The right-hand column shows a description field that describes the feature’s field or command and shows any options for that feature.

Some features have a drop-down menu and the options are described in a table within the description column. The default value is shown in a grey cell.

Values for enabling and disabling a feature are varied throughout the web interface, for example, 1/0; Yes/No; True/False; check/uncheck a radio butto n. In the table descriptions, we use 0 to denote Disable and 1 to denote Enable.

Page 9

1: Introduction

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 9 of 324

Some configuration sections can be defined more t han once. An example of this is the routing table where multiple routes can exist and all are named ‘route’. For these sections, the UCI command will have a code value [0] or [x] (where x is the section number) to identify the section.

Web Field/UCI/Package Optio n

Description

Web: Metric UCI: network.@route[0].metr ic

Opt: metric

Specifies the route metric to use.

Note: these sections can be given a label for identification when using UCI or package options.

network.@route[0]=route network.@route[0].metric=0

can be witten as:

network.routename=route network.routename.metric=0

However the documentatio n usually assumes that a section label is not configured. The table below shows fields from a variety of chapters to illustrate the explanations

above.

Web Field/UCI/Package Optio n

Description

Web: Enable UCI: cesop.main.enable Opt: enable

Enables CESoPSN services.

Disabled.

Enabled.

Web: Syslog Severity UCI: cesop.main.severity Opt: log_severity

Selects the severity used for logging events CESoPSN in syslog . The following levels are available.

Emergency

Alert

Critical

Error

Warning

Notice

Informational

Debug

Web: Agent Address UCI: snmpd.agent[0].agentadd r ess

Opt: agentaddress

Specifies the address(es) and port(s) o n which the agent s hould listen.

[(udp|tcp):]port[@address][,…]

Table 1: Example of an information table

1.2.2 Definitions

Throughout the document, we use the host name ‘VA_router’ to cover all router models. UCI commands and package option examples are shown in the following format:

root@VA_router:~# vacmd show current config

Page 10

1: Introduction

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 10 of 324

1.2.3 Diagnostics

Diagnostics are explained at the end of each feature’s chapter. Further general diagnostics are explained in a separate chapter.

1.2.4 UCI commands

For detailed information on using UCI commands, rea d chapters ‘Router File Structure’ and ‘Using Command Line In t erface’.

Page 11

2: GW3300 Series hardware

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 11 of 324

2 GW3300 Series hardware

2.1 Hardware specification

Figure 1: GW3300 router front interface

2.2 GW3300 Series router model variants

GW3330 Four Ethernet, 3G, Dual SIM, WiFi, Serial GW3340 Four Ethernet, 4G, Dual SIM, WiFi, Serial

GW3360

Four Ethernet, LTE450, Dual SIM, WiFi, Serial

GW3343

Four Ethernet, 4G, 3G, Dual SIM, WiFi, Serial

GW3344 Four Ethernet, 4G, 4G, Dual SIM, WiFi, Serial GW3346 Four Ethernet, 4G, LTE450, Dual SIM, WiFi, Serial

2.3 Hardware features

• Dual SIM sockets

• Seven SMA connectors: 2 for WiFi, 2 for each radio module, and 1 for GPS

• Four 1Gbps Ethernet ports

• Two serial ports

• WiFi

• USB

• Power ignition sense

• Last GASP

• Optional SIM protection cover

The asynchronous serial ports are named ‘/dev/ttyUSB0’ a nd ‘/dev/ttyUSB1’ Each serial port has a number of configurable settings, such as baud rate, word size,

parity, flow control mode, and so on. Each serial port is configurable to operate in either RS232 or RS485 mode. The default

mode is RS232 for the first port and RS485 for the second port. For more information on using the port in RS485 mode, read the Terminal Server section

of this manual.

Page 12

2: GW3300 Series hardware

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 12 of 324

2.4 RS232 mode pin-out on the GW3300

RJ45

Name Direction

1 RTS Out 2 DTR Out

TX Data

Out 4 GND

5 GND -

RX Data

In 7 DSR

8 CTS In

Table 2: RS232 mode pin-out on the GW3300

2.5 RS485 mode pin-out on the GW3300

RJ45

4-wire mode 2-wire mode

Signal

Direction

Signal

Direction

1 2 RXD+ Input to the GW1000

RXD-

Input to the GW1000

4 5

TXD-

Output from GW1000

D-

In/Out

TXD+

Output from GW1000

D+

In/Out

Table 3: RS485 mode pin-out on the GW3300

2.6 Mobile technology

• LTE (FDD) B1/B2/B3/B5/B7/B8/B20

• 450LTE/LTE/FDD on 450 band 31

• Quad-band DC-HSPA+/HSPA+/HSPA/UMTS

850/900/1900/2100 MHz

• Quad-band EDGE/ GPRS/GSM 850/900/1800/1900 MHz

2.7 WiFi technology

• 802.11 a/b/g/n

• Dual band 2.4GHz and 5GHz

• 802.11ndata rate to 300Mbps

• At least 20dBm output power

Page 13

2: GW3300 Series hardware

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 13 of 324

2.8 Power supply

• DC input 9-36V

• Active power conditioning accommodating voltag e dips

• Ignition sense

2.9 Dimensions

Unit size:

H45 x W180 x D153 (mm)

Unit weight: 940g Vehicle mount kit



DIN rail option



2.10 O per a ting te m per atu re range

The operating temperature range depends on the router’s type of module.

Band

2G Bands 3G Bands 4G LTE Bands GPS Operating

Temp

850/900/1800/1900

900/2100

- - -40oC to 70oC

850/900/1800/1900

850/900/1900/2100



-40oC to 70oC

C 850/900/1800/1900 850/900/1900/2100 B1/B2/B3/B5/B7

B8/B20



-30

C to 70oC

D - -

B3/B7/B20/B31



-20oC to 60oC

E 900/1800 900/2100 B1/B3/B7/B8/B20

B38/B40



-30

C to 70oC

F - CDMA

TX 452.500 ~ 457.475

RX 462.000 ~ 467.475

- - -20oC to 60oC

850/900/1800/1900

850/900/2100

B1/B3/B5/B7/B20



-40oC to 70oC

Table 4: RF bands with operating temperatures

2.11 Antenna

Up to 7 SMA female connectors:

• 2 x WiFi

• 2 x WAN-1

• 2 x WAN-2

• 1 xGPS, 5V power

Page 14

2: GW3300 Series hardware

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 14 of 324

2.12 Getting started

To enable and configure connections on your router, it must be correctly instal le d . The GW3300 Series router contains an internal web server that you use for

configurations. Before you can access the internal web server and start the configuration, ens ure the components are correc tly connected and that your P C has the correct networking setup.

2.13 Inserting the SIM cards

1. Ensure the unit is powered off.

2. Hold the SIM 1 card with the chip side facing down and the cut corner front left.

3. Gently push the SIM card into SIM slot 1 until it clicks in.

4. If using SIM 2 then hold the SIM with the cut corner front right

5. Gently push the SIM card into SIM slot 2 until it clicks in.

2.14 C o nnecting cables

Connect one end of the Ethernet cable into port A and the other end to your PC or switch.

2.15 C o nnecting the antenna

If only connecting one antenna, screw the antenna into th e MAIN SMA connector. If using multiple antennas, screw the antennas into t he relevant SMA connectors.

Virtual Access supplies a wide range of antennas. Please visit our website:

www.virtualaccess.com

or contact Virtual Access for more information.

2.16 Po w ering up

During boot time, the power LED flashes. Other LEDs display different diagnostic patterns during boot up. Booting is complete when the power LED stops flashing and stays on steady.

Page 15

2: GW3300 Series hardware

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 15 of 324

2.17 Reset button

The reset button is used to request a system res et. When you press the reset b u t t on all LEDs turn on simultaneously. The length of time you

hold the reset button will determine its behaviour.

Press Duration Behaviour Less than 3 seconds Normal reset.

Between 3 and 5 seconds

The router resets to factory configur a tio n.

Between 20 seconds and 25 seconds Recovery mode. Over 25 seconds Normal reset

Table 5: GW3300 Series router reset behaviour

2.17.1 Recovery mode

Recovery mode is a fail-safe mode where the router can load a default configuration from the routers firmware. If your router goes into recovery mode, all config files are kept intact. After the next reboot, the router will revert to the previous config file.

You can use recovery mode to manipulate the config files, but should only be used if al l other configs files are corrupt. If your router has entered recovery mode, contact your local reseller for access information.

Page 16

3: GW3300 Series LED behaviour

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 16 of 324

3 GW3300 Series LED behaviour

3.1 Configuration LED

The configuration LED is either flashing or solid depending on the router’s status. The GW3300 Series takes approximately 1 minute to boot up. During this time, the

configuration LED flashes. Other LEDs display different diagnostic patterns during boot up. Booting is complete when the configuration LED stops flashing and stay s on steady.

LED

Colour

Status

Green flashing quickly Unit is booting from power on.

Green flashing slowly

Unit is in recovery mod e .

Green flashing quickly Unit is in factory config. Green on Unit has completed booting up process and is in either

config 1 or config2

Table 6: Config LED colours and status descriptions

3.2 SIM LED

The SIM LED is either flashing or solid depending on which SIM is in use and its status.

LED

Colour

Status

Green on Using SIM connected to network. Green flashing Using SIM attempting to connect to network.

Table 7: SIM LED colours and status descriptions

3.3 Signal strength LEDs

There are three signal strength LEDs. They are all green.

LEDs

Colour

Status

Green Off/off No signal detected.

Green flashing Off/on

Low signal strength.

Green flashing On/off Medium signal strength. Green On/on Good signal strength.

Table 8: Signal strength LED status descriptions

3.4 Ethernet port LED behaviour

The Ethernet ports hav e t wo LEDs: a LINK LED (green) and a n ACT LED (amber). When looking at the ports, the LED on the left hand side is the LINK LED, and the ACT LED is on the right hand side.

Page 17

3: GW3300 Series LED behaviour

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 17 of 324

Figure 2: Ethernet LEDs on the GW3300 router

Link LED (green)

Off

No physical Ethernet link detected.

On Physical Ethernet link detected.

ACT LED (amber)

Off No data is being transmitted/received over the link.

Flashing

Data is being transmitted/ received over the link .

Page 18

4: Factory configuration extraction from SIM card

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 18 of 324

4 Factory configuration extract ion from SIM c ar d

Virtual Access routers have a feature to update the factory configuration from a SIM card. This allows you to change the factory configuration of a router when installing the SIM.

1. Make sure the SIM card you are inserting has the required configuration written on it.

2. Ensure the router is powered off.

3. Hold the SIM 1 card with the chip side facing down and the cut corner front left.

4. Gently push the SIM card into SIM slot 1 until it clicks in.

5. Power up the router. Depending on the model, the p ower LED and/or the configuration LED flash as usual.

The SIM LED sta rts flashing. This indicates the application res ponsible for 3G and configuration extraction manageme nt is running. It also means the update of the configuration is happening.

When the update is finished, depending on the model, the power LED and/or the configuration LED b link alternatively and very fast for 20 seconds.

Page 19

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 19 of 324

5 Accessing the router

Access the router through the web interface or by using SSH. By default, Telnet is disabled.

5.1 Configuration packages used

Package

Sections

dropbear dropbear

system

main

uhttpd main

cert

5.2 Accessing the router over Ethe rnet using the web interface

DHCP is disabled by default, so if you do not receive an IP address via DHCP, assign a static IP to the PC that will be connected to the router.

PC IP address

192.168.100.100

Network mask 255.255.255.0 Default gateway 192.168.100.1

Assuming that the PC is connected to Port A on the router, in your internet browser, type in the default local IP address 192.168.100.1, and press Enter. The Authorization page appears.

Figure 3: The login page

The password may vary depending on the factory configuration the router has been shipped with. The default settings are shown below. The userna me and password are case sensitive.

In the username field, type root. In the Password field, type admin. Click Login. The Status page appears.

Page 20

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 20 of 324

5.3 Accessing the router over Ethe rnet using an SSH client

You can also access the router over Ethernet, using Secure Shell (SSH) and optionally over Telnet.

To access CLI over Ethernet start an SSH client and connect to the router’s management IP address, on port 22: 192.168.100.1/24.

On the first connection, you may be asked to confirm that you trust the host.

Figure 4: Confirming trust of the routers p ub lic key over SSH

Figure 5: SSH CLI logon screen

In the SSH CLI logon screen, enter the default username and password. Username: root Password: admin

5.4 Accessing the router over Ethe rnet using a Telnet client

Telnet is disabled by default, when you enable Telnet, SS H is disabled. To enable Telnet , en t e r:

root@VA_router: ~# /etc/init.d/dropbear disable root@VA_router: ~# reboot -f

Page 21

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 21 of 324

To re-enable SSH, enter:

root@VA_router: ~# /etc/init.d/dropbear enable root@VA_router: ~# reboot -f

Note: As SSH is enabled by default, initial connection to the router to enable Telnet must be established over SSH.

5.5 Configuring the password

5.5.1 Configuration packages used

Package

Sections

system main

5.6 Configuring the password using the web interface

To change your password, in the top menu click System -> Administration. The Administration page appears.

Figure 6: The router password section

In the Router Password section, type your new password in the password field and then retype the password in the confirmation field.

Scroll down the page and click Save & Apply.

Note: the username ‘root’ cannot be changed.

Web Field/UCI/Package Optio n

Description

Web: Password UCI: system.main.password Opt: password

Defines the root password. The password is displayed encrypted via the CLI using the ‘hashpassword’ option.

UCI: system.main.hashpassword Opt: hashpassword

Page 22

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 22 of 324

5.7 Configuring the password using UCI

The root password is displayed encrypted via the CLI using the hashpassword option.

root@VA_router:~# uci show system system.main=system system.main.hostname=VA_router system.main.hashpassword=$1$jRX/x8A/$U5kLCMpi9dcahRhOl7eZV1

If changing the password via the UCI, ent er the new password in plain text using the password option.

root@VA_router:~# uci system.main.password=newpassword root@VA_router:~# uci commit

The new password will take effect after reboot and will now be displaye d in enc rypted format via the hashpassword option.

5.8 Configuring the password using package op tions

The root password is displayed encrypted via the CLI using the hashpassword option.

root@VA_router:~# uci export system package system

config system 'main' option hostname 'VA_router' option hashpassword '$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw

If changing the password via the UCI, enter the new p assword in plain text using the password option.

package system

config system 'main' option hostname 'VA_router' option hashpassword '$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw option password ‘newpassword’

The new password will take effect after reboot and will now be displaye d in enc rypted format via the hashpassword option.

Page 23

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 23 of 324

5.9 Configuring the local access w ith Radius authentication

You can configure the local access to a router’s web and SSH interface via UCI.

package system

config system 'main' option hostname 'VirtualAccess' option timezone 'UTC'

config pam_auth option enabled 'yes' option pamservice 'login' option pammodule 'auth' option pamcontrol 'sufficient' option type 'radius' option servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10'

config pam_auth option enabled 'yes' option pamservice 'sshd' option pammodule 'auth' option pamcontrol 'sufficient' option type 'radius' option servers '192.168.0.1:3333|test|20 192.168.2.5|secret|10'

Page 24

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 24 of 324

UCI/Package Option

Description

UCI: system.@pam_auth[0].pamserv ic e Opt: pamservice

Selects the method which users should be authenticate d by:

User connecting over console cable.

sshd User connecting over SSH.

UCI: system.@pam_auth[0].pamcontrol Opt: pamcontrol

Specifies authentication behav io ur after authentication fails or connection to radius server is broken.

Sufficient First authenticates against remote

radius if password authentication fails then it tries local database (user defined in package management_users)

Required If either authentication fails or

radius server is not reachable then user is not allowed to access the router.

[success=done new_authtok_reqd=done authinfo_unavail=ignore

default=die]

Local database is only checked if Radius server is not reachable.

UCI: system.@pam_auth[0].pammodule.auth

Opt: pammodule

Enables user authentication.

UCI: system.@pam_auth[0].typ e .rad ius

Opt: type

Specifies the authentication method.

UCI: system.@pam_auth[0].servers Opt: servers

Specifies the radius server or multiple servers a long with port number and password. The example below explains the syntax.

192.168.0.1:3333|test|20 192.168.2.5|secret|10

Table 9: Information table for radius authentication

5.10 SSH

SSH allows you to access remote machines over text based shell sessions. SSH uses public key cryptography to create a secure connection. These connections allow you to issue commands remotely via a command line.

The router uses a package called "Dropbear" to configure the SSH server on the box. You can configure Dropbear via the web interface or through an SSH connection by editing the file stored in: /etc/config_name/dropbear.

5.10.1 Configuration packages used

Package

Sections

dropbear

5.10.2 SSH access using the web interface

In the top menu, click System -> Administration. The Administration page appears. Scroll down to the SSH Access section.

Page 25

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 25 of 324

Figure 7: The SSH access section

Web Field/UCI/Package Optio n

Description

Basic settings

Web: Interface UCI: dropbear.@dropbear[0].I nte rface Opt: interface

Listens only on the selected interface. If unspecified is checked, listens on all interfaces. All configur ed inte rfaces will be displayed via the web GUI.

(unspecified) listens on all interfaces.

Range Configured interface names. Web: Port UCI: dropbear.@dropbear[0].Port Opt: port

Specifies the listening port of the Dropbe ar ins tanc e .

22 Range

0-65535

Web: Password authentication UCI:

dropbear.@dropbear[0].PasswordAuth Opt: PasswordAuth

If enabled, allows SSH password authenticatio n.

0 Disabled.

1 Enabled.

Web: Allow root logins with password UCI:

dropbear.@dropbear[0].RootPasswordAuth

Opt: RootPasswordAuth

Allows the root user to login with password.

Disabled.

1 Enabled.

Web: Gateway ports UCI:

dropbear.@dropbear[0].GatewayPorts

Opt: GatewayPorts

Allows remote hosts to connect to local SSH forwarded ports.

Disabled.

Enabled.

Web: Idle Session Timeout UCI: dropbear.@dropbear[0].I dleTimeout Opt: IdleTimeout

Defines the idle period where remote session will be closed after the allocated number of seconds of inactivity.

30 30 seconds.

Range Web: n/a

UCI: dropbear.@dropbear[0]. BannerFile Opt: BannerFile

Defines a banner file to be displayed during login.

/etc/banner

Range

Table 10: Information table for SSH access settings

Page 26

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 26 of 324

5.11 Package dropbear using UCI

root@VA_router:~# uci show dropbear dropbear.@dropbear[0]=dropbear dropbear.@dropbear[0].PasswordAuth=on dropbear.@dropbear[0].RootPasswordAuth=on dropbear.@dropbear[0].GatewayPorts=0 dropbear.@dropbear[0].IdleTimeout=30 dropbear.@dropbear[0].Port=22 Package dropbear using package options root@VA_router:~# uci export dropbear package dropbear config dropbear' option PasswordAuth 'on' option RootPasswordAuth 'on' option Port '22' option GatewayPorts ‘0’ option IdleTimeout ‘30’

5.12 Certs and private keys

Certificates are used to prove ownership of a public key. They contain information about the key, its owner’s ID, and the digital signature of an individual that has verified the content of the certificate.

In asymmetric cryptography, public keys are announced to the public, and a different private key is kept by the receiver. The public key is used to encrypt the message, and the private key is used to decrypt it.

To access certs and private keys, in the top menu, click System -> Administration. The Administration page appears. Scroll down to the Certs & Private Keys section.

Page 27

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 27 of 324

Figure 8: The certificates & private keys section

This section allows you to upload any certificates and key s that you may have stored. There is support for IPSec, OpenVPN and VA certificates and keys.

If you have generated your own SSH public keys, you can input them in the SSH Keys section, for SSH public key authentication.

Figure 9: The SSH-Keys box

5.13 Configuring a router’s web server

The router’s web server is configured in package uhttpd. This file defines the behaviour of the server and default values for certificates generated for SSL operation. uhttpd supports multiple instances, that is, multiple listen ports, each with its own document root and other features, as well as cgi and lua. There are two sections defined:

Main: this uHTTPd section contains general server settings. Cert: this section defines the default values for SSL certificates.

5.13.1 Configuration packages used

Package Sections

uhttpd

main

cert

To configure the router’s HTTP server parameters, in the top menu, select Services -> HTTP Server. The HTTP Server page has two sections.

Main Settings

Server configurations

Certificate Settings SSL certificates.

Page 28

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 28 of 324

5.13.2 Main settings

Figure 10: HTTP server settings

Web Field/UCI/Package Optio n

Description

Web: Listen Address and Port UCI: uhttpd.main.listen_http Opt: list listen_http

Specifies the ports and addresses to listen on for plain HTTP access. If only a port number is given, the server will attempt to serve both IPv4 and IPv6 requests.

0.0.0.0:80 Bind at port 80 only on IPv4 interfaces.

[::]:80 Bind at port 80 only on IPv6

interfaces

Range

IP address and/or port

Web: Secure Listen Address and Port UCI: uhttpd.main.listen_https Opt: list listen_https

Specifies the ports and address to listen on for encrypted HTTPS access. The format is the same as listen_http.

0.0.0.0:443

Bind at port 443 only

[::]:443 Range I P address and/or port

Web: Home path UCI: uhttpd.main.home Opt: home

Defines the server document root.

/www

Range

Web: Cert file UCI: uhttpd.main.cert Opt: cert

ASN.1/DER certificate used to serve HTTPS connections. If no listen_https options are given the key optio ns are ig nored.

/etc/uhttpd.crt

Range

Web: Key file UCI: uhttpd.main.key Opt: key

ASN.1/DER private key used to serve HTTPS connections . If no listen_https options are given the key optio ns are ig nored.

/etc/uhttpd.key

Range

Web: CGI profile UCI: uhttpd.main.cgi_prefix Opt: cgi_prefix

Defines the prefix for CGI scripts, relative to the document root. CGI support is disabled if this option is missing .

/cgi-bin

Range

Page 29

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 29 of 324

Web: N/A UCI: uhttpd.main.lua_prefix Opt: lua_prefix

Defines the prefix for dispatching reques ts to the embedded lua interpreter, relative to the document roo t. Lua s upport is disabled if this option is missing.

/luci

Range

Web: N/A UCI: uhttpd.main.lua_handler Opt: lua_handler

Specifies the lua handler script used to initialis e the lua runtime on server start.

/usr/lib/lua/luci/sgi/uhttpd.lua Range

Web: Script timeout UCI: uhttpd.main.script_timeout Opt: script_timeout

Sets the maximum wait time for CGI or lua requests in seconds. Requested executables are terminated if no output was generated.

60 Range

Web: Network timeout UCI: uhttpd.main.network_timeout Opt: network_timeout

Maximum wait time for network activity. Requested exe c utables are terminated and connection is shut down if no network activity occured for the specified number of seconds.

Range

Web: N/A UCI: uhttpd.main.realm Opt: realm

Defines basic authentication realm w he n prompting the client for credentials (HTTP 400).

OpenWrt Range

Web: N/A UCI: uhttpd.main.config Opt: config

Config file in Busybox httpd format for additional s e tting s . Currently only used to specify basic auth ar e as.

/etc/http.conf

Range

Web: N/A UCI: uhttpd.main.index_page Opt: index_page

Index file to use for directories, for example , add index .p hp whe n using php.

Range

Web: N/A UCI: httpd.main.error_page Opt: error_page

Virtual URL of file of CGI script to handle 404 requests. Must begin with ‘/’ (forward slash).

Range

Web: N/A UCI: uhttpd.main.no_symlinks Opt: no_symlinks

Does not follow symbolic links if enabled.

0 Disabled.

Enabled.

Web: N/A UCI: uhttpd.main.no_dirlists Opt: no_symlinks

Does not generate directory listings if enabled.

0 Disabled.

1 Enabled. Web: rfc 1918 filter UCI: uhttpd.main.rfc1918_filte r=1 Opt: rfc1918_filter

Enables option to reject requests from RFC1918 IPs to public server IPs (DNS rebinding counter measure ).

0 Disabled.

Enabled.

Table 11: Information table for http server basic settings

Page 30

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 30 of 324

5.13.3 HTTP server using UCI

Multiple sections of the type uhttpd may exist. The init script will launch one webserver instance per section.

A standard uhttpd configuration is shown below.

root@VA_router:~# uci show uhttpd uhttpd.main=uhttpd uhttpd.main.listen_http=0.0.0.0:80 uhttpd.main.listen_https=0.0.0.0:443 uhttpd.main.home=/www uhttpd.main.rfc1918_filter=1 uhttpd.main.cert=/etc/uhttpd.crt uhttpd.main.key=/etc/uhttpd.key uhttpd.main.cgi_prefix=/cgi-bin uhttpd.main.script_timeout=60 uhttpd.main.network_timeout=30 uhttpd.main.config=/etc/http.conf HTTP server using package options root@VA_router:~# uci export dropbear config uhttpd 'main' list listen_http '0.0.0.0:80' list listen_https '0.0.0.0:443' option home '/www' option rfc1918_filter '1' option cert '/etc/uhttpd.crt' option key '/etc/uhttpd.key' option cgi_prefix '/cgi-bin' option script_timeout '60' option network_timeout '30' option config '/etc/http.conf'

Page 31

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 31 of 324

5.13.4 HTTPs server certificate settings

To configure HTTPs server certificate settings, in the top menu, select Services -> HTTP Server. Scroll down to the Certificate Settings s ection.

Figure 11: HTTP server certificate settings

Web Field/UCI/Package Optio n

Description

Web: Days UCI: uhttpd.px5g.days Opt: days

Validity time of the generated certificates in days.

730

Range Web: Bits UCI: uhttpd.px5g.bits Opt: bits

Size of the generated RSA key in bits.

1024

Range

Web: Country UCI: uhttpd.px5g.country Opt: country

ISO code of the certificate issuer.

Range Web: State UCI: uhttpd.px5g.state Opt: state

State of the certificate issuer.

Range

Web: Location UCI: uhttpd.px5g.location Opt: location

Location or city of the certificate user.

Range Web: Commonname

UCI: uhttpd.commonname

Opt: commonname

Common name covered by the certificate. For the purposes of secure Activation, this must be set to the serial number (Eth0 MAC address) of the device.

Table 12: Information table for HTTP server certificate settings

Page 32

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 32 of 324

5.13.5 HTTPs serv er using UCI

root@VA_router:~# uci show uhttpd.px5g uhttpd.px5g=cert uhttpd.px5g.days=3650 uhttpd.px5g.bits=1024 uhttpd.px5g.country=IE uhttpd.px5g.state=Dublin uhttpd.px5g.location=Dublin uhttpd.px5g.commonname=00E0C8000000 HTTPs server using package options root@VA_router:~# uci export uhttpd package uhttpdconfig 'cert' 'px5g' option 'days' '3650' option 'bits' '1024' option 'state' 'Dublin'

option 'location' 'Dublin' option 'commonname' '00E0C8000000'

5.14 Basic authentication (httpd conf)

For backward compatibility reasons, uhttpd uses the file /etc/httpd.conf to define authentication areas and the associated usernames and passwords. This configuration file is not in UCI format.

Authentication realms are defined in the format prefix:username:password with one entry and a line break.

Prefix is the URL part covered by the realm, for example, cgi-bin to request basic auth for any CGI program.

Username specifies the username a client has to login with. Password defines the secret password required to authenticate.

The password can be either in plain text format, MD5 encoded or in the form $p$user where the user refers to an account in /etc/shadow or /etc/passwd.

If you use $p$… format, uhttpd will compare the client provided pass word against the one stored in the shadow or passwd database.

Page 33

5: Accessing the router

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 33 of 324

5.15 Securing uhttpd

By default, uhttpd binds to 0.0.0.0 which also includes the WAN port of your router. To bind uhttpd to the LAN port only you have to change the listen_http and liste n_https options to your LAN IP address.

To get your current LAN IP address, enter:

uci get network.lan.ipaddr

Then modify the configuration appropriately:

uci set uhttpd.main.listen_http='192.168.1.1:80' uci set uhttpd.main.listen_https='192.168.1.1:443'

config 'uhttpd' 'main' list listen_http 192.168.1.1:80 list listen_https 192.168.1.1:443

Page 34

6: System settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 34 of 324

6 System settings

The system section contains settings that apply to the most basic operation of the system, such as the host name, time zone, logging details, NTP server, language and style.

The host name appears in the top left hand corner of the interface menu. It also appears when you open a Telnet or SSH session.

Note: this document shows no host name in screen grabs. Throughout the d ocument we use the host name ‘VA_ro u t er’.

The system configuration contains a logging section for the configuration of a Syslog client.

6.1 Configuration package used

Package

Sections

system

main

timeserver

6.2 Configuring system properties

To set your system properties, in the top menu, click System. There are four sections in the System page.

Section

Description

General settings

Configure host name, local time and time zone.

Logging Configure a router to log to a server. You can configure a Syslog client in this

section.

Language and Style

Configure the router’s web language and style.

Time synchronization

Configure the NTP server in this section.

6.2.1 General settings

Figure 12: General settings in sys tem properties

Page 35

6: System settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 35 of 324

Web Field/UCI/Package Optio n

Description

Web: Local Time

Sets the local time and syncs with browser. You can manually configure on CLI, using:

date –s YYYY.MM.DD-hh:mm:ss

Web: hostname UCI: system.main.hostname

Opt: hostname

Specifies the hostname for this system.

Web: Timezone UCI: system.main.timezone

Opt: timezone

Specifies the time zone that the date and time should be rendered in by default.

Web: n/a UCI: system.main.timezone Opt: time_save_interval_min

Defines the interval in minutes to store the local time for use o n next reboot.

Range

10m

Table 13: Information table for general settings section

6.2.2 Logging

Figure 13: The logging section in system properties

Web Field/UCI/Package Optio n

Description

Web: System log buffer size UCI: system.main.log_size Opt: log_size

Log buffer size in KB.

Range

16 KB

Web: External system log server UCI: system.main.log_ip Opt: log_ip

External syslog server IP address.

Range

0.0.0.0

Web: External system log server port UCI: system.main.log_port Opt: log_port

External syslog server port number.

Range

514

Page 36

6: System settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 36 of 324

Web: Log output level UCI: system.main.conlogleve l Opt: conloglevel

Sets the maximum log output level severity for system events. System events are written to the system log. Messages with a lower level or level equal to the configured level are disp l ayed in the console using the logread command, or alternative ly wr itten to flash, if configured to do so.

Web value

Description

UCI

Debug Information useful to developers for

debugging the application.

Info Normal operational messages that

require no action.

Notice Events that are unusual, but not

error conditions.

Warning May indicate that an error will occur

if action is not taken.

Error

Error conditions

Critical

Critical conditions

Alert

Should be addressed immediately

Emergency

System is unusable

Web: Cron Log Level UCI: system.main.cronloglevel Opt: cronloglevel

Sets the maximum log level for kernel messages to be logged to the console. Only messages with a level lower, or level equal to the configured level will be printed to the conso le .

Web value

Description

UCI

Normal

Normal operation messages

Warning

Error messages

Debug

Debug messages

Web: n/a UCI: system.main.log_file

Opt: log_file

Since logread is only small in size it can be beneficial to write system events to flash. This option defines the file p ath to write the events. Set to ‘root/syslog.messages’

Web: n/a UCI: system.main.log_type Opt: log_type

Defines whether to write the system events to a file rather than logread. Set to ‘file’ to write to the file configured under log_file option.

Table 14: Information table for the logging section

6.2.3 Language and style

Figure 14: The language and style section in system properties

Page 37

6: System settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 37 of 324

Web Field/UCI/Package Optio n

Description

Language Sets the language to ‘auto’ or ‘English’.

Auto

English

Design Sets the router’s style.

Table 15: Information table for the language and style page

6.2.4 Time synchroniz a t ion

Figure 15: The time synchronization section in system properties

Web Field/UCI/Package Optio n

Description

Web: Enable built-in NTP Server UCI: system.ntp

Opt: config timeserver

Enables NTP server.

Web: NTP update interval UCI: system.ntp.interval_hours Opt: interval_hours

Specifies interval of NTP requests in hours. Default v alue set to auto.

auto Range

auto; 1-23

Web: NTP server candidates UCI: system.ntp.server Opt: list server

Defines the list of NTP servers to poll the time from. If the list is empty, the built in NTP daemon is not started. Multiple serv e rs can be configured and are separated by a space if using UCI.

By default all fields are set to 0.0.0.0.

Table 16: Information table for time synchronization section

6.2.5 System reboot

The router can be configured to reboot immediately, or scheduled to reboot a configured time in the future.

In the top menu, select System -> Reboot. The System page appears. Ensure you have saved all your configuration changes before you reboot.

Page 38

6: System settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 38 of 324

Figure 16: The reboot page

Check the Reboot now check box and then click Reboot.

6.3 System settin gs using UCI

root@VA_router:~# uci show system system.main=system system.main.hostname=VA_router system.main.timezone=UTC system.main.log_ip=1.1.1.1 system.main.log_port=514 system.main.conloglevel=8 system.main.cronloglevel=8 system.ntp.interval_hours=auto system.ntp.server=0.VA_router.pool.ntp.org 10.10.10.10 System settings using package options root@VA_router:~# uci export system package 'system'

config 'system' 'main' option 'hostname' "VA_router" option 'timezone' "UTC" option 'log_ip' "1.1.1.1" option 'log_port' "514" option time_save_interval_min "10" option conloglevel '8'

Page 39

6: System settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 39 of 324

option cronloglevel '8'

config 'timeserver' 'ntp' option interval_hours 'auto' list server "0.VA_router.pool.ntp.org" list server ’10.10.10.10’

6.4 System diagnostics

6.4.1 System events

Events in the system have a class, sub class and severity. All events are written to the system log.

6.4.1.1 Logread

To view the system log, use:

root@VA_router:~# logread

Shows the log.

root@VA_router:~# logread |tail

Shows end of the log.

root@VA_router:~# logread | more

Shows the log page by page.

root@VA_router:~# logread –f

Shows the log on an ongoing basis. To stop this option, press ctrl-c.

root@VA_router:~# logread –f &

Shows the log on an ongoing basis while in the background. This allows you to run o ther commands while still tracing the event logs. To stop this option, type fg to view the current jobs, then press ctrl-c to kill those jobs.

Page 40

6: System settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 40 of 324

6.4.2 System events in flash

Since logread is only small in size it c an be beneficial to write system events to flash. To do this you need to modify the system config under the system pack a ge. Set the options ‘log_file’, ‘log_size’ and ‘log_type’ as below:

root@VA_router:~# uci export system package system config system 'main' option hostname 'VA_router' option zonename 'UTC' option timezone 'GMT0' option conloglevel '8' option cronloglevel '8' option time_save_interval_hour '10' option log_hostname '%serial' option log_ip '1.1.1.1' option log_port '514' option log_file '/root/syslog.messages' option log_size '400' option log_type 'file'

The above commands will take effect after a reboot.

root@VA_router:~# cat /root/syslog.messages

Shows all the system events stored in flash.

root@VA_router:~# tail /root/syslog.messages

Shows end of the events stored flash.

root@VA_router:~# tail –f /root/syslog.messages &

Shows the log on an ongoing basis. To stop this option, press ctrl-c.

Page 41

7: Upgrading router firmware

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 41 of 324

7 Upgrading router firmware

7.1 Upgrading fir mware using the web interface

Copy the new firmware issued by Virtual Access to a PC connected to the router. In the top menu, select System tab > Backup/Flash Firmware. The Flash operations

page appears.

Figure 17: The flash operations pag e

Under Flash new firmware image, click Choose File or Browse. Note: the button will vary depending on the browser you are using.

Select the appropriate image and then click Flash Image. The Flash Firmware – Verify page appears.

Figure 18: The flash firmware - verify page

Click Proceed. The System – Flashing… page appears.

Page 42

7: Upgrading router firmware

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 42 of 324

Figure 19: The system – flashing…page

When the ‘waiting for router’ icon disappears, the upgrade is complete, and the login homepage appears.

To verify that the router has been upgraded successfully, click Status in the top menu. The Firmware Version shows in the system list.

Figure 20: The status page

7.2 Upgrading fir mware using CLI

To upgrade firmware using CLI, you will need a TFTP server on a connected PC. Open up an SSH or Telnet session to the router. Enter in the relevant username and password. To change into the temp folder, enter cd /tmp To connect to your TFTP server, enter

atftp x.x.x.x

(where x.x.x.x is the IP of your PC). Press Enter. While in the TFTP application to get the image, enter:

get GIG-15.00.38.image

Page 43

7: Upgrading router firmware

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 43 of 324

Note: this is an example, substitute the correct file name. When the image has downloaded, to lea ve TFPT and get back into the command line,

enter:

quit

To write the image into the alternative image, enter:

mtd write GIG-15.00.38.image altimage

Note: this is an example, substitute the correct file name.

To set the next image to boot to the alternative image, e nter:

vacmd set next image altimage

For your configuration changes to apply, you must reboot your router. Enter:

reboot

Page 44

8: Router file structure

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 44 of 324

8 Router file structure

This section describes the file structure and location of essential directories and files on Virtual Access routers.

Throughout this document, we use information tables to show the different ways to configure the router u sing the router’s web and command line (CLI).

When showing examples of the command line interface we use the host name ‘VA_router’ to indicate the system prompt. For example, the table below displays what the user should see when entering the command to show t h e current configuration in use on the router:

root@VA_router:~# va_config.sh

8.1 System information

General information about software and configuration used by the router is displayed on the Status page. To view the running configuration file status on the web interface, in the top menu, select Status -> Overview. This page also appears immediately after you have logged in.

Figure 21: The status page

System information is also available from the CLI if you enter the following command:

root@VA_router:~# va_vars.sh

The example below shows the output from the above command.

VA_SERIAL: 00E0C8121215 VA_MODEL: GW0000 VA_ACTIVEIMAGE: image2 VA_ACTIVECONFIG: config1 VA_IMAGE1VER: VIE-16.00.44 VA_IMAGE2VER: VIE-16.00.44

Page 45

8: Router file structure

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 45 of 324

8.2 Image files

The system allows for two firmware image files:

• image1, and

• image2

Two firmware images are supported to enable the system to rollback to a previous firmware version if the upgrade of one image fails.

The image names (image1, image2) themselves are symbols that point to different partitions in the overall file system. A special image name “altimage” exists which always points to the image that is not running.

The firmware upgrade system always downloads firmware to “altimage”.

8.3 Directory locations for UCI configuration files

Router configurations files are stored in folders on:

• /etc/factconf,

• /etc/config1, and

• /etc/config2

Multiple configurat io n files exist in each folder. Each configuration file contains configuration parameters for different areas of functionality in the system.

A symbolic link exists at /etc/config, which always points to one of factconf, config1 or config2 is the active configuration file.

Files that appear to be in /etc/config are actually in /etc/factconf|config1|config2 depending on which configuration is active.

If /etc/config is missing on start-up, for exampl e on fi rs t boot, the links and directories are created with configuration files copied from /rom/etc/config/.

At any given time, only one of the configurations is the active configuration. The UCI system tool (Unified Configuration Interf ace) only acts upon the currently active configuration.

8.4 Viewing and changing curren t configuration

To show the configuration currently running, enter:

root@VA_router:~# va_config.sh

To show the configuration to run after the next reboot, enter:

root@VA_router:~# va_config.sh next

Page 46

8: Router file structure

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 46 of 324

To set the configuration to run after the next reboot, enter:

root@VA_router:~# va_config.sh -s [factconf|config1|config2|altconfig]

8.5 Configuration file syntax

The configuration files consist of sections – or packages - that contain one or more config statements. These optional statements define actual values.

Below is an example of a simple configuration file.

package 'example' config 'example' 'test' option 'string' 'some value' option 'boolean' '1' list 'collection' 'first item' list 'collection' 'second item'

The config 'example' 'test' statement defines the start of a section with the type example and the name test.

Command

Target

Description

export [<config>] Exports the configuration in a machine

readable format. It is used internally to

evaluate configuration files as shell s cr ip ts . import [<config>] Imports configuration files in UCI sy ntax. add <config> <section-type> Adds an anonymous section of type-section

type to the given configuration.

add_list <config>.<section>.<option>=<string> Adds the given string to an existing list

option.

show [<config>[.<section>[.<option>]]] Shows the given option, section or

configuration in compressed notation. get <config>.<section>[.<option>] Gets the value of the given option or the type

of the given section. Set <config>.<section>[.<option>]=<value> Sets the value of the given option, or adds a

new section with the type set to the given

value. delete <config>[.<section[.<option>]] D eletes the given section or option.

Table 1: Common commands, target and their descriptions

8.6 Managing configurations

8.6.1 Managing sets of configuration files using directory manipulation

Configurations can also be managed using directory manipulation.

Page 47

8: Router file structure

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 47 of 324

To remove the contents of the current folder, enter:

root@VA_router:/etc/config1# rm –f *

Warning: the above command makes irreversible changes.

To remove the contents of a specific folder regardless of the current folder (config2), enter:

root@VA_router:/ # rm –f /etc/config1/*

Warning: the above command makes irreversible changes.

To copy the contents of one folder into another (config2 into config1), enter:

root@VA_router:/etc/config1# cp /etc/config2/* /etc/config1

8.7 Exporting a con figuration file

8.7.1 Exporting a configuration file using the web interface

The current running configuration file may be exported using the web interface. In the top menu, select System tab > Backup/Flash Firmware. The Flash operations

page appears.

Figure 22: The flash operations pag e

Under Backup/Restore select Generate Archive.

Page 48

8: Router file structure

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 48 of 324

8.7.2 Exporting a configuration file using uci

Any configuration file segment can be viewed using UCI To export the running configuration file, enter:

root@VA_router:~# uci export

To export the factory configuration file, enter:

root@VA_router:~# uci –c /etc/factconf/ export

To export config1 or config2 configuration file, enter:

root@VA_router:~# uci –c /etc/config1/ export root@VA_router:~# uci –c /etc/config2/ export

8.8 Importing a configuration file

8.8.1 Importing a configuration file using the web interface

You can import a configuration file to the alternate configuration s egment using the web interface. This will automatically reboot the router into this configuration file.

In the top menu, select System tab > Backup/Flash Firmware. The Flash operations page appears.

Figure 23: The flash operations pag e

Under Backup/Restore, choose Restore Backup: Choose file. Select the appropriate file and then click Upload ar c hive.

Page 49

8: Router file structure

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 49 of 324

Figure 24: The system – restoring…page

When the ‘waiting for router’ icon disappears, the upgrade is complete, and the login homepage appears.

8.8.2 Importing a configuration file using uci

You can import a configuration file to any file segment using UCI. To import to config1, enter:

root@VA_router:~# uci –c /etc/config1/ import <paste in config file> <CTRL-D>

Note: it is very important that the config file is in the correct format otherwise it will not import correctly.

Page 50

9: Using the Command Line Interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 50 of 324

9 Using the Command Line Interface

This ch apter explains how to v iew Virt ual Access ro uters' log files and edit configuration files using a Command Line Interface (CLI) and the Unified Configuration Interface (UCI) system.

9.1 Overview of some common commands

Virtual Access routers’ system has an SSH server typically running on port 22. The factconf default password for the root user is admin. To change the factconf default password, enter:

root@VA_router:/# uci set system.main.password=”******” root@VA_router:/# uci commit system

To reboot the system, enter:

root@VA_router:/# reboot

The system provides a Unix-like command line. Common Unix commands are available such as ls, cd, cat, top, grep, tail, head, more and less.

Typical pipe and redirect operators are also available, such as: >, >>, <, | The system log can be viewed using any of the following commands:

root@VA_router:/# logread

root@VA_router:/# logread | tail

root@VA_router:/# logread –f

These commands will show the full log, end of the log (tail) and continuously (-f). Enter Ctrl-C to stop the continuous output from logread -f.

To view and edit configuration files, the system uses the Unified Configuration Interface (UCI) which is described further on in this chapter. This is the preferred method of editing configuration files. However, you can also view and edit these files using some of the standard Unix tools.

For example, to view a text or configuration file in the system, enter:

root@VA_router:/# cat /etc/passwd

Page 51

9: Using the Command Line Interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 51 of 324

The command output information shows the following, or similar output.

root:x:0:0:root:/root:/bin/ash daemon:*:1:1:daemon:/var:/bin/false ftp:*:55:55:ftp:/home/ftp:/bin/false sftp:*:56:56:sftp:/var:/usr/lib/sftp-server network:*:101:101:network:/var:/bin/false nobody:*:65534:65534:nobody:/var:/bin/false

To view files in the current folder, enter:

root@VA_router:/# ls

bin etc lib opt sbin usr bkrepos home linuxrc proc sys var dev init mnt root tmp www

For more details add the -l argument:

root@VA_router:/# ls -l

drwxrwxr-x 2 root root 642 Jul 16 2012 bin drwxr-xr-x 5 root root 1020 Jul 4 01:27 dev drwxrwxr-x 1 root root 0 Jul 3 18:41 etc drwxr-xr-x 1 root root 0 Jul 9 2012 lib drwxr-xr-x 2 root root 3 Jul 16 2012 mnt drwxr-xr-x 7 root root 0 Jan 1 1970 overlay dr-xr-xr-x 58 root root 0 Jan 1 1970 proc drwxr-xr-x 16 root root 223 Jul 16 2012 rom drwxr-xr-x 1 root root 0 Jul 3 22:53 root drwxrwxr-x 2 root root 612 Jul 16 2012 sbin drwxr-xr-x 11 root root 0 Jan 1 1970 sys drwxrwxrwt 10 root root 300 Jul 4 01:27 tmp drwxr-xr-x 1 root root 0 Jul 3 11:37 usr lrwxrwxrwx 1 root root 4 Jul 16 2012 var -> /tmp drwxr-xr-x 4 root root 67 Jul 16 2012 www

Page 52

9: Using the Command Line Interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 52 of 324

To change the current folder, enter cd followed by the desired path:

root@VA_router:/# cd /etc/config1 root@VA_router:/etc/config1#

Note: if the specified directory is actually a link to a directory, the real directory will be shown in the prompt.

To view scheduled jobs, enter:

root@VA_router:/# crontab –l

0 * * * * slaupload 00FF5FF92752 TFTP 1 172.16.250.100 69

To view currently running processes, enter:

root@VA_router:/# ps

PID Uid VmSize Stat Command 1 root 356 S init 2 root DW [keventd] 3 root RWN [ksoftirqd_CPU0] 4 root SW [kswapd] 5 root SW [bdflush] 6 root SW [kupdated] 8 root SW [mtdblockd] 89 root 344 S logger -s -p 6 -t 92 root 356 S init 93 root 348 S syslogd -C 16 94 root 300 S klogd 424 root 320 S wifi up

549 root 364 S httpd -p 80 -h /www -r VA_router 563 root 336 S crond -c /etc/crontabs

6712 root 392 S /usr/sbin/dropbear 6824 root 588 S /usr/sbin/dropbear 7296 root 444 S -ash 374 root 344 R ps ax 375 root 400 S /bin/sh /sbin/hotplug button 384 root 396 R /bin/sh /sbin/hotplug button 385 root RW [keventd]

Page 53

9: Using the Command Line Interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 53 of 324

To search for a process, enter: pgrep -fl '<process name or pa rt of name>':

root@VA_router:/# pgrep -fl ‘wifi’

424 root 320 S wifi up

To kill a process, enter the PID:

root@VA_router:~# kill 424

9.2 Using Unified Configuration Interface (UCI)

The system uses Unified C onfiguration Interface (U CI) for central configurat io n management. Most common and useful configuration settings can be accessed and configured using the UCI system.

UCI consists of a Command Line Utility (CLI), the files containing the actual configuration data, and scripts that take the configuration data and apply it to the proper parts of the system, such as the networking interfaces. E nter ing the command 'uci' on its own will display the list of valid arguments for the command and their fo rmat.

root@VA_router:/lib/config# uci

Usage: uci [<options>] <command> [<arguments>]

Commands: export [<config>] import [<config>] changes [<config>] commit [<config>] add <config> <section-type> add_list <config>.<section>.<option>=<string> show [<config>[.<section>[.<option>]]] get <config>.<section>[.<option>] set <config>.<section>[.<option>]=<value> delete <config>[.<section[.<option>]] rename <config>.<section>[.<option>]=<name> revert <config>[.<section>[.<option>]] Options:

-c <path> set the search path for config files (default: /etc/config)

-d <str> set the delimiter for list values in uci show

Page 54

9: Using the Command Line Interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 54 of 324

-f <file> use <file> as input instead of stdin

-m when importing, merge data into an existing package

-n name unnamed sections on export (default)

-N don't name unnamed sections

-p <path> add a search path for config change files

-P <path> add a search path for config change files and use as default

-q quiet mode (don't print error messages)

-s force strict mode (stop on parser errors, default)

-S disable strict mode

-X do not use extended syntax on 'show'

The table below describes commands for the UCI command line and some further examples of how to use this utility.

Command

Target

Description

commit [<config>]

Writes changes of the given configuratio n file , or if none is given, all configuration files, to the filesystem. All "uci set", "uci add", "uci rename" and "uci delete" commands are staged into a temporary location and written to flash at once with "uci commit". This is not needed after editing configuration files with a text editor, but for scripts, GUIs and other programs working directly with UCI files.

export [<config>]

Exports the configuration in a UCI syntax and

does validation.

import

[<config>]

Imports configuration files in UCI syntax.

changes [<config>]

Lists staged changes to the given configuratio n file or if none given, all configuration files .

add <config> <section-type>

Adds an anonymous section of type sectiontype to the given configuration.

add_list <config>.<section>.<option>=<string> Adds the given string to an existing list o ption.

show [<config>[.<section>[.<option>]]]

Shows the given option, section or

configuration in compressed notation.

get <config>.<section>[.<option>]

Gets the value of the given option or the type

of the given section.

set <config>.<section>[.<option>]=<value>

Sets the value of the given option, or add a new section with the type set to the given

value.

delete <config>[.<section[.<option>]] Deletes the given section or option.

rename <config>.<section>[.<option>]=<name>

Renames the given option or section to the given name.

revert <config>[.<section>[.<option>]]

Deletes staged changes to the given option, section or configuration file.

Table 17: Common commands, target and their descriptions

Page 55

9: Using the Command Line Interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 55 of 324

Note: all operations do not act directly on the configuration files. A commit command is required after you have finished your configuration.

root@VA_router:~# uci commit

9.2.1 Using uci commit to avoid router reboot

After changing the port, uhttpd listens on from 80 to 8080 in the file /etc/co nfig/uhttpd; save it, then enter:

root@VA_router:~# uci commit uhttpd

Then enter:

root@VA_router:~# /etc/init.d/uhttpd restart

For this example, the router does not need to reboot as the changes take effect when the specified process is restarted.

9.2.2 Export a configuration

Using the uci export command it is possible to view the entire configuration of the router or a specific package. Using this method to view configurat ions does not show comments that are present in the configuration file:

root@VA_router:~# uci export httpd

package 'httpd' config 'httpd' option 'port' '80' option 'home' '/www'

9.2.3 Show a configuration tree

The configuration tree format displays the full path to each option. This path can then be used to edit a specific option using the uci set command.

To show the configuration ‘tree’ for a given config, enter:

root@VA_router:/# uci show network

network.loopback=interface network.loopback.ifname=lo network.loopback.proto=static network.loopback.ipaddr=127.0.0.1 network.loopback.netmask=255.0.0.0

Page 56

9: Using the Command Line Interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 56 of 324

network.lan=interface network.lan.ifname=eth0 network.lan.proto=dhcp network.wan=interface network.wan.username=foo network.wan.password=bar network.wan.proto=3g network.wan.device=/dev/ttyACM0 network.wan.service=umts network.wan.auto=0 network.wan.apn=arkessa.com network.@va_switch[0]=va_switch network.@va_switch[0].eth0=A B C network.@va_switch[0].eth1=D

It is also possible to display a limited subset of a configuration:

root@VA_router:/# uci show network.wan network.wan=interface network.wan.username=foo network.wan.password=bar network.wan.proto=3g network.wan.device=/dev/ttyACM0 network.wan.service=umts network.wan.auto=0 network.wan.apn=hs.vodafone.ie

9.2.4 Display just the value of an option

To display a specific value of an individual option within a package, enter:

root@VA_router:~# uci get httpd.@httpd[0].port 80 root@VA_router:~#

Page 57

9: Using the Command Line Interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 57 of 324

9.2.5 High level image commands

To show the image running currently, enter:

root@VA_router:~# vacmd show current image

To set the image to run on next reboot, enter:

root@VA_router:~# vacmd set next image [image1|image2|altimage] root@VA_router:~# reboot

9.2.6 Format of multiple rules

When there are multiple rules next to each other, UCI uses array-like references for them. For example, if there are 8 NTP servers, UCI will let you reference their sections as timeserver.@timeserver[0] for the first section; or timeserver.@timeserver[7] for the last section.

You can also use negative indexes, such as timeserver.@timeserver[-1] ‘-1’ means the last one, and ‘-2’ means the second-to-last one. This is useful when ap p ending new rules to the end of a list.

root@VA_router:/# uci show va_eventd va_eventd.main=va_eventd va_eventd.main.enabled=yes va_eventd.main.event_queue_file=/tmp/event_buffer va_eventd.main.event_queue_size=128K va_eventd.@conn_tester[0]=conn_tester va_eventd.@conn_tester[0].name=Pinger va_eventd.@conn_tester[0].enabled=yes va_eventd.@conn_tester[0].type=ping va_eventd.@conn_tester[0].ping_dest_addr=192.168.250.100 va_eventd.@conn_tester[0].ping_success_duration_sec=5 va_eventd.@target[0]=target va_eventd.@target[0].name=MonitorSyslog va_eventd.@target[0].enabled=yes va_eventd.@target[0].type=syslog va_eventd.@target[0].target_addr=192.168.250.100 va_eventd.@target[0].conn_tester=Pinger va_eventd.@target[0].suppress_duplicate_forwardings=no va_eventd.@forwarding[0]=forwarding va_eventd.@forwarding[0].enabled=yes va_eventd.@forwarding[0].className=ethernet

Page 58

9: Using the Command Line Interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 58 of 324

va_eventd.@forwarding[0].target=MonitorSyslog va_eventd.@forwarding[1]=forwarding va_eventd.@forwarding[1].enabled=yes va_eventd.@forwarding[1].className=auth va_eventd.@forwarding[1].target=MonitorSyslog va_eventd.@forwarding[2]=forwarding va_eventd.@forwarding[2].enabled=yes va_eventd.@forwarding[2].className=adsl va_eventd.@forwarding[2].target=MonitorSyslog va_eventd.@forwarding[3]=forwarding va_eventd.@forwarding[3].enabled=yes va_eventd.@forwarding[3].className=ppp va_eventd.@forwarding[3].target=MonitorSyslog

9.3 Configuration files

The table below lists common package configuration files that can be edited using uci commands. Other configuration files may also be present depending on the specific options available on the Virtual Access router.

File

Description

Management

/etc/config/autoload

Boot up Activation behaviour (typically used in factconf)

/etc/config/httpclient Activato r addre s ses and ur ls /etc/config/monitor Monitor details

Basic

/etc/config/dropbear SSH server options /etc/config/dhcp Dnsmasq configuration and DHCP settings

/etc/config/firewall

NAT, packet filter, port forwarding, etc.

/etc/config/network Switch, interface, L2TP and route configur ation /etc/config/system Misc. s y s tem setting s inc luding syslog

Other

/etc/config/snmpd SNMPd settings /etc/config/uhttpd Web server options (uHTTPd)

/etc/config/strongswan

IPSec settings

9.4 Configuration file syntax

The configuration files usually consist of one or more config statements, so-called sections with one or more option statements defining the actual values.

Below is an example of a simple configuration file.

package 'example'

Page 59

9: Using the Command Line Interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 59 of 324

config 'example' 'test' option 'string' 'some value' option 'boolean' '1' list 'collection' 'first item' list 'collection' 'second item'

The config 'example' 'test' statement defines the start of a section with the type example and the name test. There can also be so-called anonymous sections with only a type, but no name identifier. The type is important for the proc essing programs to decide how to treat the enclosed options.

The option 'string' 'some value' and option 'boolean' '1' lines define simple values within the section.

Note: there are no syntactical differences between text and boolean options. Per convention, boolean options may have one of the values '0', 'no', 'off' or 'false' to specify a false value or '1' , 'yes', 'on' or 'true' to specify a true value.

In the lines starting with a list key w ord, an option with multiple values is define d. All list statements that share the same name collection in our example will be combined into a single list of values with the same order as in the configuration file.

The indentation of the option and list statements is a convention to improve the readability of the configuration file but it is not syntac tically r equired.

Usually you do not need to enclose identifiers or values in quotes. Quotes are only required if the enclosed value contains spaces or tabs. Also it is legal to use doublequotes instead of single-quotes when typing configuration options.

All of the examples below are valid syntax.

option example value option 'example' value option example "value" option "example" 'value' option 'example' "value"

In contrast, the following examples are not valid syntax.

option 'example" "value'

Quotes are unbalanced.

option example some value with space

Missing quotes aro und the value. It is important to note that identifiers and config file names may only contain the

characters a-z, A-Z, 0-9 and _. However, option values may contain any character, as long they are properly quoted.

Page 60

10: Management configuration settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 60 of 324

10 Management configur ati on se tting s

This chapter contains the configuration sections and pa rameters required to manage and monitor your device using Activator and Monitor.

10.1 Activator

Activator is a Virtual Access proprietary provisioning system, where specific router configurations and firmware can be stored to allow central management and provisioning. Activator has two distinct roles in provisioning firmware and configuration files to a router.

• Zero touch activation of firmware and configuration files on router boot up o In this scenario the router will initiate the requesting of firmware and

configuration files on boot and is generally used for router installation. T he router will be installed with a factory config that will allow it to contact Activator. The autoload feature controls the behaviour of the router in requesting firmware and configuration files; this includes when to start the Activation process and the specific files requested. The HTTP Client (uhttpd) contains information about the Activator server and the protocol used for activation.

• Deployment of firmware to routers after installation o In this scenario, Activator will initiate the process. This process, known as

Active Update, allows for central automatic deployment of firmware and configuration files. It is used when configuration or firmware changes need to be pushed to live routers.

10.2 Monitor

Monitor is a Virtual Access proprietary tool, based on SNMP protocol, to monitor wide networks of deployed routers. The router will be configured to send information to Monitor, which is then stored and viewed centrally via the Mo nitor application. This includes features such as traffic light availability status, syslog and SLA monitoring.

10.3 Configuration packages used

Package

Sections

autoload

main

httpclient

default

management_users

user

10.4 Autoload: boot up activation

Autoload configurations specify how the device should behave with respect to activation when it boots up. Autoload entries contain information about the specific files to be

Page 61

10: Management configuration settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 61 of 324

downloaded and the destination for the downloaded file. Standard autoload entry configurations to download are:

• A firmware file ($$.img)

• A configuration file ($$.ini)

• A .vas file ($$.vas). This file signals the end of the auto laod sequence to Activator

Activator identifies the device using the serial number of the router. $$ syntax is used to denote the serial number of the router when requesting a file. The requested files are written to the alternate image or config segment.

You can change the settings either directly in the configuration file or via appropriate UCI set commands. It is normal procedure for autoload to be enabled in the router’s factory settings and disabled in running configurations (c onfig 1 and 2).

Autoload may already have been set at factory config level. If you wish to enable autoload services, proceed through the following steps.

10.5 A utol oa d pack a g es

Package

Sections

autoload

main

10.5.1 Create a configuration file

In the top menu, select Services ->Autoload. The Autoload page has two sections: Basic Settings and Entries. Click Add to access configuration settings for each section.

Figure 25: The autoload settings page

Page 62

10: Management configuration settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 62 of 324

Web Field/UCI/Package Optio n

Description

Basic settings

Web: Enabled UCI: autoload.main.enabled

Opt: Enabled

Enables activation at system boot.

Enabled.

Disabled.

Web: Start Timer UCI: autoload.main.StartTimer Opt: StartTimer

Defines how long to wait after the boot up completes before starting activation.

Range

0-300 secs

Web: Retry Timer UCI: autoload.main.RetryT imer Opt: RetryTimer

Defines how many seconds to wait between retries if a download of a particular autoload entry fails.

30 Range

0-300 secs

Web: N/A UCI: autoload.main.NumberOfRetries Opt: Numberofretries

Defines how many retries to attempt before failing the overall activation sequence, backing off and trying the whole ac tivatio n sequence again.

5 Range

Web: N/A UCI: autoload.main.Backoff Timer Opt: Backofftimer

Defines how many minutes to back off for if a download and all retires fail. After the backoff period, the entire a uto load sequence will start again.

15 Range

Web: Boot Using Config UCI: autoload.main.BootUsingC o nfig Opt: BootUsingConfig

Specifies which configuration to boot up with after the ac tivation sequence.

Altconfig

Alternative configuration

Config1

Configuration 1

Config2

Configuration 2

Factconf

Factory configuration

Web: Boot Using Image UCI: autoload.main.BootUsingImage Opt: BootUsingImage

Specifies which image to boot up with after the activation sequence completes successfu l ly.

Altimage

Alternative image

Image 1

image 1

Image 2

image 2

Entries

Web: Configured UCI: autoload.@entry[x].Configured Opt: Configured

Enables the autoload sequence to process this entry.

Enabled.

Disabled.

Web: Segment Name UCI: autoload.@entry[x].Segme ntN ame Opt: SegmentName

Typically only altconfig and altimage are used .

Web: RemoteFilename UCI: autoload.@entry[x].Re mote F i le name Opt: RemoteFilename

Defines the name of the file to be downloaded from Activator.

$$.vas

Notifies activator sequence is comple te .

$$ ini

Request configuration

$$ img

Request firmware

Note: $$.vas should always be requested last.

Table 18: Information table for autoload

Page 63

10: Management configuration settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 63 of 324

10.6 Autoload using UCI

root@VA_router:/# uci show autoload autoload.main=core autoload.main.Enabled=yes autoload.main.StartTimer=10 autoload.main.RetryTimer=30 autoload.main.NumberOfRetries=5 autoload.main.BackoffTimer=15 autoload.main.BootUsingConfig=altconfig autoload.main.BootUsingImage=altimage autoload.@entry[0]=entry autoload.@entry[0].Configured=yes autoload.@entry[0].SegmentName=altconfig autoload.@entry[0].RemoteFilename=$$.ini autoload.@entry[1]=entry autoload.@entry[1].Configured=yes autoload.@entry[1].SegmentName=altimage autoload.@entry[1].RemoteFilename=$$.img autoload.@entry[2]=entry autoload.@entry[2].Configured=yes autoload.@entry[2].SegmentName=config1 autoload.@entry[2].RemoteFilename=$$.vas Autoload using package options root@VA_router:/# uci export autoload package 'autoload'

config 'core' 'main' option 'Enabled' "yes" option 'StartTimer' "10" option 'RetryTimer' "30" option 'NumberOfRetries' "5" option 'BackoffTimer' "15" option 'BootUsingConfig' "altconfig" option 'BootUsingImage' "altimage"

config 'entry'

Page 64

10: Management configuration settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 64 of 324

option 'Configured' "yes" option 'SegmentName' "altconfig" option 'RemoteFilename' "\$\$.ini"

config 'entry' option 'Configured' "yes" option 'SegmentName' "altimage" option 'RemoteFilename' "\$\$.img"

config 'entry' option 'Configured' "yes" option 'SegmentName' "config1" option 'RemoteFilename' "\$\$.vas"

10.7 HTTP Client: configuring activation using the web interface

This section contains the settings for the HTTP Client used during activation and active updates of the device.

The httpclient core section configures the bas ic functionality of the module used for retrieving files from Activator during the activation process.

10.7.1 HTTP Client configuraton packages

Package

Sections

Httpclient

default

10.7.2 Web configuration

To configure HTTP Client for Activator, in the top menu, click Services -> HTTP Client. The HTTP Client page has two sections: Basic Settings and Advance d Settings.

Page 65

10: Management configuration settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 65 of 324

Figure 26: The HTTP client page

Web Field/UCI/Package Optio n

Description

Basic settings

Web: Enabled UCI: httpclient.default.enab led Opt: Enabled

Enables the HTTP client.

Enabled.

Disabled.

Web: Server IP Address UCI: httpclient.default.Fil e s erve r Opt: list Fileserver

Specifies the address of Activator that uses http por t 80. This can be an IP address or FQDN. The syntax should be x.x.x.x:80 or FQDN:80. Multiple servers should be sep arate d by a space using

UCI.

Web: Secure Server IP Address UCI: httpclient.default.Se c ureFile S er ver Opt: ListSecureFileServer

Specifies the address of Secure Activator that uses por t 443. This can be an IP address or FQDN. The syntax should be x.x.x.x:443 or FQDN:443. Multiple servers should be separated by a sp ace

using UCI.

Web: Secure Download UCI: httpclient.default.Se c ureDownload Opt: SecureDownload

Enables Secure Download (port 443).

Enabled.

Disabled.

Advanced settings

Web: ActivatorDownloadPath UCI:

httpclient.default.ActivatorDownloadPath Opt: ActivatorDownloadPath

Specifies the URL on Activator to which the client should send requests.

/Activator/Sessionle

ss/Httpserver.asp

Range

Page 66

10: Management configuration settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 66 of 324

Web: Check Server Certificate UCI:

httpclient.default.ValidateServerCertificate Enabled

Opt: ValidateServerCertif ic ateEnab le d

Checks for the certificates presence and validity.

Enabled.

Disabled.

Web: Present Client Certificate to Server UCI: httpclient.default.

PresentCertificateEnabled Opt: PresentCertificateEnab led

Specifies if the client presents its certificate to the server to identify itself.

Enabled.

Disabled.

Web: CertificateFile Format UCI: httpclient.default.Ce rtificateFormat Opt: CertificateFormat

Specifies the value the client expects to see in the spec ifie d fi e ld in the server certificate.

PEM DER

Web: Certificate File Path UCI: httpclient.default.CertificateFile Opt: CertificateFile

Defines the directory/locatio n of the certif icate.

/etc/httpclient.crt

Range

Web: Certificate Key File Path UCI: httpclient.default.Ce rtificateKey Opt: CertificateKey

Specifies the directory/location of the certificate key.

/etc/httpclient.key

Range

Web: N/A UCI: ValidateServerCertific a teFi e ld Enabled Opt: ValidateServerCertif ic ate

Defines the field in the server certificate that the c lie nt s hould check.

Enabled.

Disabled.

Table 19: Information table for HTTP client

10.8 Httpclient: Activator configu ration using U C I

root@VA_router:~# uci show httpclient httpclient.default=core httpclient.default.Enabled=yes httpclient.default.FileServer=10.1.83.36:80 10.1.83.37:80 httpclient.default.SecureFileServer=10.1.83.36:443 10.1.83.37:443 httpclient.default.ActivatorDownloadPath=/Activator/Sessionless/Httpserver.

asp httpclient.default.SecureDownload=no httpclient.default.PresentCertificateEnabled=no httpclient.default.ValidateServerCertificateEnabled=no httpclient.default.CertificateFile=/etc/httpclient.crt httpclient.default.CertificateFormat=PEM httpclient.default.CertificateKey=/etc/httpclient.key Httpclient: Activator configuration package options example root@VA_router:~# uci export httpclient package httpclient

config core 'default'

Page 67

10: Management configuration settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 67 of 324

option Enabled 'yes' listFileServer '1.1.1.1:80' listFileServer '1.1.1.2:80' listSecureFileServer '1.1.1.1:443' listSecureFileServer '1.1.1.2:443' optionActivatorDownloadPath '/Activator/Sessionless/Httpserver.asp' optionSecureDownload 'no' optionPresentCertificateEnabled 'no' optionValidateServerCertificateEnabled 'no' optionCertificateFile '/etc/httpclient.crt' optionCertificateFormat 'PEM' optionCertificateKey '/etc/httpclient.key'

10.9 User management using UCI

User management is not currently available using the web interface. You can configure the feature using UCI or Activator.

10.9.1 User management packages

Package

Sections

management_users

users

10.9.2 Configuring user management

You can create different users on the system by defining them in the user management configuration file. This gives users access to different services.

Web Field/UCI/Package Optio n

Description

General settings

Web: n/a UCI: management_users.@user[x].enabled

Opt: enable

Enables/creates the user.

Disabled.

Enabled.

Web: n/a UCI: management_users.@user[x ].username

Opt: username

Specifies the user’s username.

Web: n/a UCI: management_users.@user[x ].password Opt: password

Specifies the user’s password. When entering the user password enter in plain text using the password option. After reboot the password is displayed encrypted v ia the CLI using the hashpassword option.

UCI: management_users.@user[x ].ha s hp a s swor d Opt: hashpassword. Note: a SRP user password will be

displayed using the srphash option

Web: n/a UCI: management_users.@user[x ].webuser Opt: webuser

Specifies web access permissions for the user. Note: webuser will only work if linuxuser is set to Enabled.

Disabled.

Enabled.

Page 68

10: Management configuration settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 68 of 324

Web: n/a UCI: management_users.@user[x ].chapuser Opt: chapuser

Specifies CHAP access permissions for the PPP co nnectio n. Note: chapuser will only work if linux user is set to Enabled.

Disabled.

Enabled.

Web: n/a UCI: management_users.@user[x].papuser Opt: papuser

Specifies PAP access permissions for the PPP co nnection.

Disabled.

Enabled.

Web: n/a UCI: management_users.@user[x ].srpuser Opt: srpuser

Specifies SRP access permissions for the PPP co nnection.

Disabled.

Enabled.

Web: n/a UCI: management_users.@user[x ].smsuser Opt: smsuser

Specifies SMS access permissions for the user.

Disabled.

Enabled.

Web: n/a UCI: linuxuser Opt: linuxuser

Specifies linuxuser access permissions for the user.

Disabled.

Enabled.

Web: n/a UCI: List allowed_pages

Opt: list allowed_pages

Specifies which pages the user can view. Multiple page s should be entered using a space to separate if using UCI.

Table 20: Information table for config user commands

Note:

• webuser will only work if linuxuser is set to 'yes'

• chapuser will only work if linuxuser is set to 'no'

When a new user is created on the system and given web access, you will no longer be able to login to the router web interface with the default root user details. The user must use their new user login details.

10.10 Configuring the management user password using U C I

The user password is displayed encrypted via the CLI using the hashpassword option.

root@VA_router:~# uci show management_users management_users.@user[0].username=test management_users.@user[0].hashpassword=$1$XVzDHHPQ$SKK4geFonctihuffMjS4U0

If you are changing the password via the UCI, enter the new password in plain te xt using the password option.

root@VA_router:~# uci set management_users.@user[0].username=newpassword root@VA_router:~# uci commit

The new password will take effect after reboot and will now be displaye d in enc rypted format through the hashpassword option.

Page 69

10: Management configuration settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 69 of 324

10.11 Configuring management user password u sing package options

The root password is displayed encrypted via CLI using the hashpassword option.

root@VA_router:~# uci export management_users package management_users

config user option hashpassword '$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw

If you are changing the password using UCI, enter the new password in plain text using the password option.

package management_users

config user option hashpassword '$1$wRYYiJOz$EeHN.GQcxXhRgNPVbqxVw option password ‘newpassword’

The new password will take effect after reboot and will now be displayed in encrypted format via the hashpassword option.

10.12 User management using UCI

root@VA_router:~# uci show management_users management_users.@user[0]=user management_users.@user[0].enabled=1 management_users.@user[0].username=test management_users.@user[0].hashpassword=$1$XVzDHHPQ$SKK4geFonctihuffMjS4U0 management_users.@user[0].webuser=1 management_users.@user[0].linuxuser=1 management_users.@user[0].papuser=0 management_users.@user[0].chapuser=0 management_users.@user[0].srpuser=0 management_users.@user[0].smsuser=0 User management using package options root@VA_router:~# uci export management_users

package management_users config user option enabled ‘1’

Page 70

10: Management configuration settings

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 70 of 324

option username ‘test’ option hashpassword ‘$1$XVzDHHPQ$SKK4geFonctihuffMjS4U0’ option webuser ‘1’ option linuxuser ‘1’ option papuser ‘0’ option chapuser ‘0’ option srpuser ‘0’ options smsuser ‘0’

10.13 Configuring user access to specific we b pages

To specify particular pages a user can view, add the list allowed_pages. Examples are:

listallowed_pages '/admin/status'

The user can view admin st atus page only.

listallowed_pages 'admin/system/flashops'

The user can view flash o p eration page only.

To specify monitor widgets only, enter:

listallowed_pages 'monitor/<widgetname>'

Example widget names are: dhcp, arp, 3gstats, interfac es, memory, multiwan, network, openvpn, routes, system, ipsec, dmvpn, tservd.

Page 71

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 71 of 324

11 Configuring an Ethernet interface

This section describes how to configure an Ethernet interface including configuring the interface as a DHCP server, adding the interface to a firewall zone and mapping the physical switch ports.

11.1 Configuration packages used

Package

Sections

network

interface

route

va_switch

alias

firewall

zone

dhcp

11.2 C o nfi guring an Ethernet interfa ce using the web interface

To create and edit interfaces via the web interface, in the top menu, click Network -> Interfaces. The Interfaces overview page appears.

Figure 27: The interfaces overview page

Page 72

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 72 of 324

There are three sections in the Interfaces page.

Section

Description

Interfa ce Overview Shows existing interfaces and their status. You can create new, and edit existing

interfaces here.

Port Map In this section you can map device ports to Ethernet interfaces . Por ts ar e mark ed

with capital letters starting with 'A'. Type in spac e -separated port character in the

port map fields.

ATM Bridges ATM bridges expose encapsulated Ethernet in AAL5 connectio ns a s virtual Linux

network interfaces, which can be used in conjunctio n with DHCP or PPP to dial

into the provider network.

11.2.1 Interface overview: editing an existing interface

To edit an existing interface, from the interface tabs at the top of the page, select the interface you wish to configure. Alternatively, click Edit in the interface’s row.

11.2.2 Interface overview: creating a new interface

To create a new interface, in the Interface Overview section, click Add new interface. The Create Interface page appears.

Figure 28: The create interface page

Page 73

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 73 of 324

Web Field/UCI/Package Optio n

Description

Web: Name of the new interface UCI: network.<if name> Opt: config interface

Assigns a logical name to the interface. The network inter f ace section will assign this name (<if name>).

Type the name of the new interface.

Allowed characters are A-Z, a-z, 0-9 and _

Web: Protocol of the new interface UCI: network.<if name>.proto Opt: proto

Specifies what protocol the interf ace will ope r a te on. Select

Static.

Option

Description

Static Static co nfig uration with fixed address and

netmask.

DHCP Client

Address and netmask are assigned by DHCP.

Unmanaged

Unspecified

IPv6-in-IPv4

(RFC4213)

Used with tunnel brokers.

IPv6-over-

IPv4

Stateless IPv6 over IPv4 transport.

GRE

Generic Routing Encapsulation protoc o l

IOT L2TP

Layer 2 Tunnelling Protocol

PPP

Point to Point Protocol

PPPoE

PPP over Ethernet

PPPoATM

PPP over ATM

LTE/UMTS/

GPRS/EV-DO

CDMA, UMTS or GPRS connection using an

AT-style 3G modem.

Web: Create a bridge over multiple interfaces

UCI: network.<if name>.type Opt: type

If you select this option, then the new logical interf ace cre a ted will act as a bridging interface between the chosen existing physical interfaces.

Empty

Bridge Configures a bridge over multiple

interfaces.

Web: Cover the following interface UCI: network.<if name>.ifname Opt: ifname

Physical interface name to assign to this logi c al inte rf a c e . If creating a bridge over multiple interf aces se lect two inte rf aces to bridge. When using uci the interface names should be sepa rate d

by a space e.g. option ifname ‘eth2 eth3’

Table 21: Information table for the create new interface page

Click Submit. The Interface configuration page appears. There are three sections:

Section

Description

Common Configuration Configure the interface settings s uc h as protoco l, IP addr e s s, gate way, netmask,

custom DNS servers, MTU and firewall configuratio n.

IP-Aliases

Assigning multiple IP addresses to the interf a c e

DHCP Server

Configuring DHCP server settings for this inte rf ace

11.2.3 Interface overview: common configuration

The common configuration section has four sub sec t ion s:

Section

Description

General Setup Configure the basic interface settings such as protocol, IP address, gatew ay,

netmask, custom DNS servers.

Advanced Settings 'Bring up on boot', 'Monitor interfa ce s tate ' , Overr id e MAC addre s s , Overr id e MTU

and 'Use gateway metric'

Physical Settings

Bridge interfaces, VLAN PCP to SKB priority mapping,

Firewall settings

Assign a firewall zone to the interface

Page 74

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 74 of 324

11.2.3.1 Common configuration – general setup

Web Field/UCI/Package Optio n

Description

General Setup

Web: Status

Shows the current status of the interface.

Web: Protocol UCI: network.<if name>.proto Opt: proto

Protocol type. The interface protocol may be one of the options s hown below. The protocol selected in the previous step will be displayed as default but can be changed if required.

Option

Description

Static Static co nfig uration with fixed address and

netmask.

DHCP Client Address and netmask are assigned by

DHCP.

Unmanaged

Unspecified

IPv6-in-IPv4

(RFC4213)

Used with tunnel brokers.

IPv6-over-

IPv4

Stateless IPv6 over IPv4 transport.

GRE

Generic Routing Encapsulation protoc o l

IOT L2TP

Layer 2 Tunnelling Protocol.

PPP

Point-to-Point protocol

PPPoE

PPP over Ethernet

PPPoATM

PPP over ATM

LTE/UMTS/

GPRS/EV-DO

CDMA, UMTS or GPRS connection using an

AT-style 3G modem.

Web: IPv4 address UCI: network.<if name>.ipaddr

Opt: ipaddr

The IPv4 address of the interface. This is optional if an IPv6 address is provided.

Web: IPv4 netmask UCI: network.<if name>.netmask

Opt: netmask

Subnet mask to be applied to the IP address of this interface.

Web: IPv4 gateway UCI: network.<if name>.gateway

Opt: gateway

IPv4 default gateway to assign to this interface (optional).

Web: IPv4 broadcast UCI: network.<if name>.broadcast

Opt: broadcast

Broadcast address. This is automatically ge ne r ated if no broad c as t address is specified.

Web: Use custom DNS servers UCI: network.<if name>.dns

Opt: list dns

List of DNS server IP addresses (optional). Multiple D N S Server s are separated by a space if using UCI.

Web: Accept router advertisements UCI: network.<if name>.accept_ra

Opt: accept_ra

Specifies whether to accept IPv6 Router Advertisements on this interface (optional).

Note: default is 1 if protocol is set to DHCP, otherwise defaults to 0.

Web: Send router solicitations UCI: network.<if name>.send_rs

Opt: send_rs

Specifies whether to send Router Solicitatio ns on this interface (optional).

Note: defaults to 1 for Static protocol, otherwise defaults to 0.

Web: IPv6 address UCI: network.<if name>.ip6addr

Opt: ip6addr

The IPv6 IP address of the interface. Optional if an IPv4 address is provided.

CIDR notation for the IPv6 address is required.

Web: IPv6 gateway UCI: network.<if name>.ip6gw

Opt: ip6gw

Assign given IPv6 default gateway to this interfa ce (optional).

Table 22: Information table for LAN interface common configuration settings

Page 75

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 75 of 324

11.2.3.2 Common configuration: advanced settings

Figure 29: The Ethernet connection advanced settings page

Web Field/UCI/Package Optio n

Description

Web: Bring up on boot UCI: network.<if name>.auto Opt: auto

Enables the interface to connect automatic ally on boot up.

Disabled.

Enabled.

Web: Monitor interface state UCI: network.<if name>.monitored Opt: monitored

Enabled if status of interface is presented on Monito ring platform.

Disabled.

Enabled.

Web: Override MAC address UCI: network.<if name>.macaddr

Opt: macaddr

Override the MAC address assigned to this interf ac e . Must be in

the form: hh:hh:hh:hh:hh:hh, where h is a hexadecima l number.

Web: Override MTU UCI: network.<if name>.mtu Opt: mtu

Defines the value to override the default MTU on this interface.

1500

1500 bytes

Range

Web: Use gateway metric UCI: network.<if name>.metric Opt: metric

Specifies the default route metric to use for this inter face (optional).

0 Range

Table 23: Information table for common configuration advanced settings

11.2.3.3 Common configuration: physical settings

Figure 30: The Common configuration physical settings page

Page 76

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 76 of 324

Web Field/UCI/Package Optio n

Description

Web: Bridge interfaces UCI: network.<if name>.type Opt: type

Sets the interface to bridge over a specified interf ace(s ). The physical interfaces can be selected from the list and are defined in network.<if name>.ifname.

Empty

Bridge

Configures a bridge over multiple interfaces.

Web: Enable STP UCI: network.<if name>.stp Opt: stp

Enable Spanning Tree Protocol. This option is only available when the Bridge Interfaces option is selected .

Disabled.

Enabled.

Web: VLAN PCP to skb>priority mapping UCI: network.<if

name>.vlan_qos_map_ingress

Opt: list vlan_qos_map_ingress

VLAN priority code point to socket buffer mapping . Multiple priority mappings are entered with a space between them when using UCI.

Example: network.<if name>. vlan_qos_m ap_ ingr e ss =1 :2 2:1

Web: skb priority to >VLAN PCP mapping UCI: network.<if

name>.vlan_qos_map_egress

Opt: list vlan_qos_map_egress

Socket buffer to VLAN priority code point mapping. Multiple priority mappings are entered with a space between them when using UCI.

Example: network.<if name>. vlan_qos_m ap_egr e s s =1:2 2:1

Web: Interface UCI: network.<if name>.ifname Opt: ifname

Physical interface to assign the logical inter face to. If mapping multiple interfaces for bridging the inte rface names are separated by a space when using UCI and package options.

Example: option ifname ‘eth2 eth3’ or network .< if

name>.ifname=eth2 eth 3

Table 24: Information table for physical settings page

11.2.3.4 Common configuration: firewall settings

Use this section to select the firewall zone you want to ass ign to this interface. Select unspecified to remove the interface from the associated zone or fill out the

create field to define a new zone and attach the interface to it.

Figure 31: GRE firewall settings

11.2.4 Interface overview: IP-aliases

IP aliasing is associating more than one IP address to a network interface. You can assign multiple aliases.

11.2.4.1 IP-alias packages

Package

Sections

Network

alias

Page 77

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 77 of 324

11.2.4.2 IP-alias using the web

To use IP-Aliases, enter a name for the alias and click Add. This name will be assigned to the alias section for this IP-alias. In this example the name ethalias1 is used.

Figure 32: The IP-Aliases section

Web Field/UCI/Package Option

Description

IP-Aliases – Naming

UCI: network.<alias name>=ifname

Opt: config interface ‘aliasname’

Assigns the alias name.

UCI: network.<alias name>.interface

Opt: interface

This maps the IP-Alias to the interface.

UCI: network.<alias name>.proto

Opt: proto

This maps the interface protocol to the alias.

Table 25: Information table for IP-Aliases name assignment

The IP Aliases configuration options page appe ars. The IP-Alias is divided into two sub sections – general setup and advanced.

11.2.4.3 IP-aliases: general setup

Figure 33: The IP-aliases general setup section

Web Field/UCI/Package Optio n

Description

IP-Aliases – General Setup

Web: IPv4-Address UCI: network.<alias name>.ipaddr

Opt: ipaddr

Defines the IP address for the IP alias.

Web: IPv4-Netmask UCI: network.<alias name>.netmask

Opt: netmask

Defines the netmask for the IP alias.

Web: IPv4-Gateway UCI: network.<alias name>.gateway

Opt: gateway

Defines the gateway for the IP alias.

Table 26: Information table for IP-Alias general setup page

Page 78

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 78 of 324

11.2.4.4 IP-aliases: advanced settings

Figure 34: The IP-Aliases advanced settings section

Web Field/UCI/Package Optio n

Description

IP-Aliases – Advanced Settings

Web: IPv4-Broadcast UCI: network.<alias name>.bcast

Opt: bcast

Defines the IP broadcast address for the IP alias.

Web: DNS-Server UCI: network.<alias name>.dns

Opt: dns

Defines the DNS server for the IP alias.

Table 27: Information table for IP-Alias advanced settings page

11.2.5 Interface overview: DHCP server

11.2.5.1 DHCP server: packages

Package

Sections

dhcp

To assign a DHCP Server to the interface, click Setup DHCP Server.

Figure 35: The DHCP Server settings section

The DHCP Server configuration options will appear. The DHCP Server is divided into two sub sections – general setup and advanced.

Page 79

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 79 of 324

11.2.5.2 DHCP server: general setup

Figure 36: The DHCP server general setup section

Web Field/UCI/Package Optio n

Description

Web: Ignore interface UCI: dhcp.@dhcp[x].ignore Opt: ignore

Defines whether the DHCP pool should be enabled for this interface. If not specified for the DHCP pool then default is disabled i.e. dhcp pool enabled.

Disabled.

Enabled.

Web: n/a UCI: dhcp.@dhcp[x].start Opt: start

Defines the offset from the network address for the start of the DHCP pool. It may be greater than 255 to span subnets.

100 Range

Web: n/a UCI: dhcp.@dhcp[x].limit Opt: limit

Defines the offset from the network address for the end of the DHCP pool.

150 Range

0 – 255

Web: n/a UCI: dhcp.@dhcp[x].leasetime Opt: leasetime

Defines the lease time of addresses handed out to clients, fo r example 12h or 30 m.

12h

12 hours

Range

Table 28: Information table for DHCP server general setup page

11.2.5.3 DHCP Server: advanced settings

Figure 37: The DHCP server advanced settings section

Page 80

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 80 of 324

Web Field/UCI/Package Optio n

Description

DHCP Server: advanced settings

Web: Dynamic DHCP UCI: dhcp.@dhcp[x].dynamicdhcp Opt: dynamicdhcp

Defines whether to allocate DHCP leases.

Dynamically allocate leases.

0 Use /etc/ethers file for serving DHCP

leases.

Web: Force UCI: dhcp.@dhcp[x].force Opt: force

Forces DHCP serving on the specified interfac e eve n if another DHCP server is detected on the same network segment.

Disabled.

Enabled.

Web: DHCP-Options UCI: dhcp.@dhcp[x].dhcp_op tion Opt: list dhcp_option

Defines additional options to be added for this dhcp pool. For example with 'list dhcp_option 26,1470' or 'lis t dhc p_ op tio n mtu, 1470' you can assign a specific MTU per DHCP pool. Your client must accept the MTU option for this to work. Options that contain multiple vales should be separated by a space.

Example: list dhcp_option 6,192.168.2.1 192.168.2.2

No options defined.

Syntax

Option_number, option_value

Web: n/a UCI: dhcp.@dhcp[x].networkid

Opt: networked

Assigns a network-id to all clients that obtain an IP address from this pool.

Table 29: Information table for DHCP advanced settings page

For more advanced configuration on the DHCP server, read ‘DHCP server and DNS configuration sec t io n.

11.3 Interface configuration using UCI

The configuration files are stored on /etc/config/network, /etc/config/firewall and /etc/config/dhcp

root@VA_router:~# uci show network ….. network.newinterface=interface network.newinterface.proto=static network.newinterface.ifname=eth0 network.newinterface.monitored=0 network.newinterface.ipaddr=2.2.2.2 network.newinterface.netmask=255.255.255.0 network.newinterface.gateway=2.2.2.10 network.newinterface.broadcast=2.2.2.255 network.newinterface.vlan_qos_map_ingress=1:2 2:1 network.ethalias1=alias network.ethalias1.proto=static network.ethalias1.interface=newinterface network.ethalias1.ipaddr=10.10.10.1

Page 81

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 81 of 324

network.ethalias1.netmask=255.255.255.0 network.ethalias1.gateway=10.10.10.10 network.ethalias1.bcast=10.10.10.255 network.ethalias1.dns=8.8.8.8 ….. firewall.@zone[0]=zone firewall.@zone[0].name=lan firewall.@zone[0].input=ACCEPT firewall.@zone[0].output=ACCEPT firewall.@zone[0].forward=ACCEPT firewall.@zone[0].network=lan newinterface root@VA_router:~# uci show dhcp … dhcp.@dhcp[0]=dhcp dhcp.@dhcp[0].start=100 root@VA_router:~# uci show firewall dhcp.@dhcp[0].leasetime=12h dhcp.@dhcp[0].limit=150 dhcp.@dhcp[0].interface=newinterface

To change any of the above values use uci set command.

11.3.1 Interface common configuration us i n g packa ge options

The configuration files are stored on /etc/config/network, /etc/config/firewall and /etc/config/dhcp

root@VA_router:~# uci export network package network …… config interface 'newinterface' option proto 'static' option ifname 'eth0' option monitored '0' option ipaddr '2.2.2.2' option netmask '255.255.255.0' option gateway '2.2.2.10' option broadcast '2.2.2.255' list vlan_qos_map_ingress '1:2'

Page 82

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 82 of 324

list vlan_qos_map_ingress '2:1'

config alias 'ethalias1' option proto 'static' option interface 'newinterface' option ipaddr '10.10.10.1' option netmask '255.255.255.0' option gateway '10.10.10.10' option bcast '10.10.10.255' option dns '8.8.8.8' root@VA_router:~# uci export firewall package firewall …… config zone option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' option network 'lan newinterface'

root@VA_router:~# uci export dhcp package dhcp …… config dhcp option start '100' option leasetime '12h' option limit '150' option interface 'newinterface'

To change any of the above values use uci set command.

Page 83

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 83 of 324

11.4 Configuring port maps

11.5 Port map packages

Package

Sections

Network

va_switch

11.5.1 Configuring port map using the web interface

The new logical Ethernet interface needs to be mapped to a physical switch port. To configure the Ethernet switch physical port to logical inter face mappings, go to the Port Map section at Network->Interfaces.

Figure 38: The Interface port map section

Web Field/UCI/Package Optio n

Description

Web: eth0 UCI: network.@va_switch[0].eth0 Opt: eth0

Defines eth0 physical switch port mapping. Must be enter ed in upper case.

Eth0 assigned to switch port A

Eth0 assigned to switch port B

Eth0 assigned to switch port C

Web: eth1 UCI: network.@va_switch[0].eth1 Opt: eth1

Defines eth1 physical switch port mapping. Must be enter ed in upper case.

Eth1 assigned to switch port A

Eth1 assigned to switch port B

Eth1 assigned to switch port C

Web: eth2 UCI: network.@va_switch[0].eth2 Opt: eth2

Defines eth0 physical switch port mapping. Must be enter ed in upper case.

Eth2 assigned to switch port A

Eth2 assigned to switch port B

Eth2 assigned to switch port C

Web: eth3 UCI: network.@va_switch[0].eth3 Opt: eth3

Defines eth0 physical switch port mapping. Must be enter ed in upper case.

Eth3 assigned to switch port A

Eth3 assigned to switch port B

Eth3 assigned to switch port C

Table 30: Information table for Interface Port Map page

Page 84

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 84 of 324

11.5.2 Configuring port maps using UCI

The configuration files are stored on /etc/config/network

root@VA_router:~# uci show network …… network.@va_switch[0]=va_switch network.@va_switch[0].eth0=A network.@va_switch[0].eth1=B network.@va_switch[0].eth2=C network.@va_switch[0].eth3=D

To change any of the above values use uci set command.

11.5.3 Configuring port map using package options

The configuration files are stored on /etc/config/network

root@VA_router:~# uci export network ….. config va_switch option eth0 'A' option eth1 'B' option eth2 'C' option eth3 'D'

To change any of the above values use uci set command.

11.5.4 ATM bridges

The ATM bridges section is not used when configuring an Ethernet interface.

11.6 Interface diagnostics

11.6.1 Interfaces status

To show the current running interfaces, enter:

root@VA_router:~# ifconfig 3g-CDMA Link encap:Point-to-Point Protocol

inet addr:10.33.152.100 P-t-P:178.72.0.237 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:23 errors:0 dropped:0 overruns:0 carrier:0

Page 85

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 85 of 324

collisions:0 txqueuelen:3 RX bytes:428 (428.0 B) TX bytes:2986 (2.9 KiB)

eth0 Link encap:Ethernet HWaddr 00:E0:C8:12:12:15 inet addr:192.168.100.1 Bcast:192.168.100.255

Mask:255.255.255.0 inet6 addr: fe80::2e0:c8ff:fe12:1215/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:6645 errors:0 dropped:0 overruns:0 frame:0 TX packets:523 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:569453 (556.1 KiB) TX bytes:77306 (75.4 KiB)

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:385585 errors:0 dropped:0 overruns:0 frame:0 TX packets:385585 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:43205140 (41.2 MiB) TX bytes:43205140 (41.2 MiB)

To display a specific interf ace, enter:

root@VA_router:~# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:E0:C8:12:12:15 inet addr:192.168.100.1 Bcast:192.168.100.255

Mask:255.255.255.0 inet6 addr: fe80::2e0:c8ff:fe12:1215/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7710 errors:0 dropped:0 overruns:0 frame:0 TX packets:535 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:647933 (632.7 KiB) TX bytes:80978 (79.0 KiB)

Page 86

11: Configuring an Ethernet interface

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 86 of 324

11.6.2 ARP table status

To show the current ARP table of the router, enter:

root@GW7314:~# arp ? (10.67.253.141) at 30:30:41:30:43:36 [ether] on eth8 ? (10.47.48.1) at 0a:44:b2:06 [ether] on gre-gre1

11.6.3 Route status

To show the current routing status, enter:

root@VA_router:~# route -n Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.100.0 * 255.255.255.0 U 0 0 0 eth0

Note: a route will only be displayed in the routing table when the interface is up.

Page 87

12: Configuring SAToP and CESoPSN

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 87 of 324

12 Configuring SAToP and CESoPSN

SAToP and CESoPSN are supported on all hardware mode ls t hat have synchronous serial cards such as X.21, E1 and Analogue Leased Line (ALL).

12.1 What are SAToP and CESoPSN?

SAToP is an abbreviation for “Structure-Agnostic Time Division Multiplexing (TDM) over Packet (SAToP)”. It is defined in IETF RFC4553 and is currently supported on Virtual Access router models fitted with an E1 interface. It is used to carry an entire E1 signal over a packet switched network.

CESoPSN is an abbreviation for “Circuit Emulation Services over Packet Switched Network”. It is defined in IETF RFC5086 and is currently s upported on Virtual Access router models fitted with ALL, X.21 or E1/T1 interfaces. It is used to carry an analogue leased line, an X.21 interface, an E1 timeslot or a group of E1 timeslots over a packet switched network.

Both SAToP and CESoPSN are pseudowire protocols.

12.2 Clocking

For the SAToP/CESoPSN function to work satisfacto ry it is es sential that you synchronize the clocks used for the TDM signals of the routers. That is, run at exactly the same frequency, otherwise over-runs and under-runs in the packet buffers will occur.

Router models supporting SAToP/CESoPSN can use the following clock sources:

• Internal clock

• Clock recovered from E1 interface in TE mode

• Clock input on X.21 interface in DTE mode

• Clock recovered from pseudo-wire

When there is a SAToP or CESoPSN connection between two routers then one of them should use clock recovered from pseudo-wire.

It is also necessary to configure the customer equipment correctly so that the same clock is used by the two routers and two customer equipments.

Note:

• E1 interfaces in TE mode are clock slaves

• E1 interfaces in NT mode are clock masters

• X.21 interfaces in DTE mode are clock slaves

• X.21 interfaces in DCE mode are clock masters

• ALL interfaces do not carry a clock

• Ensure you enable clock recovery on the clock slave only

Page 88

12: Configuring SAToP and CESoPSN

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 88 of 324

Figure 39: SAToP/CESoPSN P2P architecture

Figure 40: SAToP/CESoPSN P2MP architecture

12.3 Virtual Access proprietary SAToP/CESoPSN protocol extension

To compensate for packet loss in the network, Virtual Access implemented a proprietary extension to SAToP/CESoPSN. When enabled, a copy of the previous p ack et payload is added to the end of the packet. With the help of this mechanism it is poss ible to overcome the loss of single packets. However, the loss of consecutive packets cannot be compensated by this mechanism.

Note: enabling this redundancy mechanism nearly doubles the required bandwidth fo r the CESoPSN service.

12.4 Configuration package used

Package

Sections

Cesopd Main

Port

Page 89

12: Configuring SAToP and CESoPSN

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 89 of 324

12.5 Configuring SAToP/CESoPSN

To configure SAToP/ CESoPSN using the web interface, in the top menu, select Services

-> CESoPSN. The SAToP/CESoPSN page appears.

12.5.1 Configuring main se ttings using the web interface

The web interface is divided into 3 sections: Basic, Blackbo x and Advanced. Note: the Blackbox tab only appears if Blackbox is configured on your router.

Figure 41: SAToP/CESoPSN basic settings

Figure 42: SAToP/CESoPSN blackbox settings

Figure 43: SAToP/CESoPSN advanced settings

Page 90

12: Configuring SAToP and CESoPSN

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 90 of 324

Use the information table below to configure your main settings.

Web Field/UCI/Package Optio n

Description

Basic settings

Web: Enable UCI: cesopd.main.enable

Opt: enable

Enables SAToP/CESoPSN services.

Disabled.

Enabled.

Advanced settings

Web: Syslog Severity UCI: cesopd.main.severity Opt: log_severity

Selects the severity used for logging events for SAToP/C ESo PS N in syslog. The following levels are available :

Emergency

Alert

Critical

Error

Warning

Notice

Informational

Debug

Web: TOS Enable UCI: cesopd.main.tos_enabled Opt: tos_enabled

Enables the use of the TOS field in the IP header.

Disabled.

Enabled.

Web: TOS Value UCI: cesopd.main.tos_enabled Opt: tos_value

Note: before changing this value, consult with V ir tua l A cce ss support.

16 Decimal value of the TOS field in the IP

header.

Range

0-255

Blackbox settings

Web: Blackbox Enable UCI: cesopd.main.blackbox_enabled Opt: blackbox_enabled

Enables blackbox recordings. See section ‘cesop blackbox show’ for more information.

Disabled.

Enabled.

Web: Blackbox Hours UCI: cesopd.main.blackbox_ hour s Opt: blackbox_hours

10 Defines the time period containe d in the

blackbox. Entries older than the specif ied

period will be overwritten.

Range

1-24

Web: Blackbox Samples UCI: cesopd.main.blackbox_sample s Opt: blackbox_samples

20 Maximum number of instances recorde d in

the blackbox. When the capacity is full the

oldest entry will be overwritten.

Range

1-24

Table 31: Information table for CESoP main settings

12.6 Configuring main settings using UCI

The CESoPSN configuration file is stored on /etc/config/cesopd The main settings are stored in the cesopd section of /etc/config/cesopd. There is only

one cesopd secti on .

config cesopd 'main' option log_severity '5' option enable '1'

Page 91

12: Configuring SAToP and CESoPSN

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 91 of 324

option tos_enabled ‘1’ option tos_value ‘1’ option blackbox_enabled ‘0’ option blackbox_hours ‘10’ option blackbox_samples ‘20’

12.7 Configuring port settings using th e web interface

The web interface for port settings is divided into 5 sections: Basic, Advanced, E1, Dual X.21 and ALL.

Note: for E1 CESoPSN, a port represents a timeslot or group of timeslots.

Figure 44: CESoPSN basic port settings

Page 92

12: Configuring SAToP and CESoPSN

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 92 of 324

Figure 45: CESoPSN advanced port settings

Figure 46: CESoPSN E1 port settings

Page 93

12: Configuring SAToP and CESoPSN

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 93 of 324

Figure 47: CESoPSN dual X.21 port settings

Figure 48: CESoPSN ALL port settings

Page 94

12: Configuring SAToP and CESoPSN

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 94 of 324

Web Field/UCI/Package Optio n

Description

Web: Enable UCI: cesopd.[port].enable Opt: enable

Enables the port.

Disabled.

Enabled.

Web: Local IP UCI: cesopd.[port].udp_loc al _ip ad dr Opt: udp_local_ipaddr

Specifies the interface IP address to liste n on for incom ing packets.

127.0.0.1

Specific interface IP address.

0.0.0.0

Listens on all available interfaces.

Web: Local Port UCI: cesopd.[port].udp_loc al _p or t Opt: udp_local_port

UDP port to listen for incoming packets on.

5566

49152-65535 recommended.

Range

0-65535

Web: Remote IP UCI: cesopd.[port].udp_remo te_ ip add r Opt: udp_remote_ipaddr

Specifies the remote IP address to send packets to.

127.0.0.1

Specific remote interface IP address.

Range Packets are accepted from all sources and

received source IP address will be used as

the destination.

Web: Remote Port UCI: cesopd.[port].udp_remo te_ port Opt: udp_remote_port

UDP port to send packets to. The port can be 0; in which case the source port of the incoming packets will be used as the destination.

6655

49152-65535 recommended.

Range

0-65535

Web: Packetization Latency UCI: cesopd.[port].packetization_latency Opt: packetization_latency

Specifies the packetization latenc y.

Range

5-20 milliseconds.

Web: Clock Recovery UCI:

cesopd.[port].clock_recovery_enabled Opt: clock_recovery_enabled

Enables the port to use the received packet data to adjust the TDM data clock of the router.

Note: enable clock recovery on one port only.

Disabled.

Enabled.

Web: Enable RTP Header UCI: cesopd.[port].rtp_head er _enabled Opt: rtp_header_enabled

Enables the use of RTP header as specified in RFC5086. Note: before disabling the use of RTP header, ensure that the

peer supports this.

Disabled.

Enabled.

Web: Enable Packet Redundancy UCI:

cesopd.[port].va_prop_payload_redundan cy_enabled

Opt: va_prop_payload_redundancy_enabled

Enables a Virtual Access proprietary CESoPSN protocol extension, which can help to overcome packet loss. See the section ‘Virtual Access proprietary CESoPSN proto col extension’ for more information.

Note: this mechanism can only overcome single, but not consecutive, packet losses.

Note: only enable when this mechanism is supported by the peer. This might require a software upgrade on the peer.

Disabled.

Enabled.

Web: Device UCI: cesopd.[port]. devname Opt: devname

Selects the linux device associated with the TD M interface to be used with this port.

Note: for E1 CESoPSN, set all ports to ttyU0

‘ttyLC0’:

ALL interface

‘ttyXHFC0’

First dual X.21 port

‘ttyXHFC1’

Second dual X.21 port

‘ttyU0’

E1 interface.

Page 95

12: Configuring SAToP and CESoPSN

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 95 of 324

Web: Rate UCI: cesopd.[port].rate Opt: rate

Selects the interface rate. N/A for E1.

64000 The rate has to be a multiple of 64000.

For the ALL interface only 64000 is

supported.

Range

64000-2048000

Web: External clock mode UCI: cesopd.[port].ext_clo ck Opt: ext_clock

Enables the use of an external clock. N/A for E1 and ALL.

Disabled.

Enabled.

Table 32: Information table for basic port settings

Web Field/UCI/Package Optio n

Description

Web: RTP Payload Type UCI:

cesopd.[port].rtp._payload_type Opt: rtp_payload_type

RTP payload types are specified by IANA (Internet Ass igned Numbe rs Authority); see

http://www.lana.org/assignments/rtp-parameters/rtp-

parameters.txt for the complete ra nge of av ailable types.

Note: this setting only applies if the use of the RTP header is enabled.

(Dynamic)

Specifies the RTP payload header type.

Range

0-127

Web: Enable Jitter Buffer UCI:

cesopd.[port].rx_jitter_buffer_enabl ed

Opt: rx_jitter_buffer_enabled

Enables the network jitter buffer.

Disabled.

Enabled.

Web: Jitter Buffer Size UCI:

cesop[port].rx_jitter_buffer_size_ms Opt: rx_jitter_butter_size_ms

Specifies the size of the network jitter buffer .

16 Defines the size of the network jitter

buffer in bytes.

Range

0-160

Web:Remote Loopback UCI: cesopd.[port].local_ loo pb ac k Opt: remote_loopback

Enables remote loopback (loops back received pseudo-wire payload data).

Disabled.

Enabled.

Web:Local Loopback UCI: cesopd.[port].local_ loo pb ac k

Opt: remote_loopback

Enables local loopback (loops back received TDM data).

Disabled.

Enabled.

Web: N/A UCI: cesopd.[port].app_bit_r ev e rs e Opt:app_bit_reverse

Enables reverse bit order of TDM data. N/A for E1 and ALL. For X.21 it is more efficient to use the bit_reverse option.

Disabled.

Enabled.

Web: N/A UCI: cesopd.[port].app_rx_shift Opt:app_rx_shift

Specified shifts of TDM data. N/A for E1.

Specifies the shift.

Range

-7 to 7.

E1 port settings Note: for CESoPSN an E1 port is a timeslot or group of timeslo ts o n the E1.

Web: End UCI: cesopd.[port].e1t1_end Opt: e1t1_end

Specifies the TE/NT mode of the local end of the E1 interface. For CESoPSN this should be defined for first port only.

TE. 1 NT.

Page 96

12: Configuring SAToP and CESoPSN

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 96 of 324

Web: Line Code UCI: cesopd.[port].e1t1_line _c o de Opt: e1t1_line_code

Specifies the line code. For CESoPSN this should be defined for first port only.

AMI.

HDB3.

Web: Framing UCI: cesopd.[port].e1t1_fr a ming Opt: e1t1_framing

Specifies the framing. For SATOP this should be set for E1 unfra med. For CESoPSN this should be set for E1 double frame or E1 CRC-4

multiframe. For CESoPSN this should be defined for first port only.

E1 unframed.

E1 double frame (basic frame).

E1 CRC-4 multi-frame

Web: Impedance UCI: cesopd.[port].e1t1_line _c o de Opt: e1t1_line_code

Specifies the impedance. For CESoPSN this should be defined for first port only.

75 ohm.

120 ohm.

Web: Timeslot UCI: cesopd.[port].e1t1_line _c o de Opt: e1t1_line_code

Specifies the timeslot(s). For multiple timeslots use a colon separated list of time s lots and /or

timeslot ranges e.g. 1:5:15-20:30-31

Specifies the timeslot

Range SAToP : 0

CESoPSN : 1-31

Web: Protocol UCI: cesopd.[port].e1t1_protocol Opt: e1t1_protocol

Specifies the protocol. If set for HDLC the timeslot or timeslot group is configured for HDLC

and the pseudo-wire is an HDLC pseudo-wire.

Transparent (for SAToP/CESoPSN).

HDLC.

Table 33: Information table for advanced port settings

Web Field/UCI/Package Optio n

Description

Web:DCE UCI: cesopd.[port].dce Opt: dce

Enables DCE mode. N/A for E1 and ALL.

Disabled.

Enabled.

Web:FIFO IRQ Level UCI: cesopd.[port].fifo_ irq_lev e l Opt: fifo_irq_level

Specifies the FIFO IRQ Level. Note: before changing this value, consult with Virtual Access

support.

Specifies the IRQ level.

Range

1-5.

Web:Bit reverse UCI: cesopd.[port].bit_reverse Opt: bit_reverse

Enables reverse bit order of TDM data.

Disabled.

Enabled.

Web:X.21 Clock Invert UCI: cesopd.[port].x21_clk_ inv e rt Opt: x21_clock_invert

Enables inversion of X.21 clock.

Disabled.

Enabled.

Web:X.21 Use VCO UCI: cesopd.[port].x21_use_vc o Opt: x21_use_vco

Enables inversion of Voltage control le d oscil ato r. Enable this when using clock recovery.

Disabled.

Enabled.

Web:X.21 data delay UCI: cesopd.[port].x21_data_delay Opt: x21_data_delay

Specifies the X.21 data delay in clock cycles.

Specifies the data delay.

Range

0-7.

Page 97

12: Configuring SAToP and CESoPSN

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 97 of 324

Web:Driver Poll Interval UCI: cesopd.[port].tdm_intv l_ms Opt: tdm_intvl_ms

Specifies the driver poll interval in milliseconds. Note: before changing this value, consult with Virtual Access

support.

Specifies the poll interval.

Range

1-10.

Table 34: Dual X.21 port settings

Web Field/UCI/Package Optio n

Description

Web:4-Wire Mod e UCI:

cesop.[port].all_four_wire_mode

Opt: all_four_wire_mode

Specifies the ALL interface mode.

ALL interface operates in 2-wire mode.

ALL interface operates in 4-wire mode.

Web: PCM Encoding UCI: cesop.[port].all_pcm_enc oding Opt: all_pcm_encoding

Selects the PCM companding algorithm. For more information, see ITU-T G.711

alaw

Selects the A-law algorithm.

ulaw

Selects the µ-law algorithm.

Web: Receive Attenuator Enabled UCI:

cesop.[port].all_rx_attenuator_enabl ed

Opt: all_rx_attenuator_enab led

Enables the analogue input attenuator (3 .8d B )

Disabled.

Enabled.

Web: Receive Analogue Gain UCI:

cesop.[port].all_rx_analogue_gain_ enabled

Opt: all_rx_analogue_gain_enabled

Enables an analogue 6.02dB input gain.

Disabled.

Enabled.

Web:Transmit Analogue Loss Enabled

UCI: cesop.[port].tx_analogue_loss_enabl ed

Opt: all_tx_analogue_loss_ena b le d

Enables an analogue 6.02dB output loss (attenuatio n)

Disabled.

Enabled.

Web: Receive Digital Gain UCI: cesop.[port].all_rx_d igital_gain Opt: all_rx_digital_gain

Specifies the input digital gain in dB.

Disabled.

Range

0-12dB

Web: Transmit Digital Loss UCI: cesop.[port].all_tx_d i g ital_loss Opt: all_tx_digital_loss

Specifies the output digital loss in dB.

Disabled.

Range

0-12dB

Table 35: Information table for ALL port settings

12.8 Configuring port settings using UCI

Settings for the individual ports are store d in the port sections of /etc/config/cesopd Each port has its own section. For ALL and X.21 and an unframed E1, the port configura t io n is t he configuration for that

interface. For a framed E1, the first port configuration is the configuration for the inter face. The

first timeslot or group of timeslots, and subsequent ports configurations are the configuration for further timeslots or groups of timeslots. All the ports have the same devname in this case.

The examples below show a port section labelled ‘Port 1’.

Page 98

12: Configuring SAToP and CESoPSN

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 98 of 324

config port 'Port1' option enable '1' option devname 'ttyLC0' option udp_local_ipaddr '0.0.0.0' option udp_remote_ipaddr '10.1.42.63' option udp_local_port '5152' option udp_remote_port '5152' option rtp_payload_type '96' option rx_jitter_buffer_size_ms '24' option rate '64000' option clock_recovery_enabled '1' option packetization_latency '5' ……. <port config also contains port specific options>

12.8.1 E1 interface settings

config port 'Port1' option enable '1' option devname 'ttyU0' ……. <generic port options> ……. option e1t1_end '1' option e1t1_line_code '1' option e1t1_framing '2' option e1t1_impedance '1' option e1t1_timeslot '1' option e1t1_protocol '0'

Page 99

12: Configuring SAToP and CESoPSN

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 99 of 324

12.8.2 ALL interface settings

config port 'Port1' option enable '1' option devname 'ttyLC0' ……. <generic port options> ……. option all_four_wire_mode '0' option all_pcm_encoding 'alaw' option all_tx_analogue_loss_enabled '1' option all_tx_digital_loss '6' option all_rx_analogue_gain_enabled '1' option all_rx_digital_gain '2' option all_rx_attenuator_enabled '1'

12.8.3 Dual X.21 interface settings

config port 'Port1' option fifo_irq_level '1' option bit_reverse '0' option x21_clk_invert '0' option x21_data_delay '0' option x21_use_vco '0'

12.9 CESoPSN diagnostics

SAToP/CESoPSN uses one package: cesopd. To view the SAToP/CESoPSN configuration, enter:

root@VA_router:~# # uci export cesopd package cesopd

config cesopd 'main' option log_severity '5' option enable '1' config port 'Port1' option enable '1' option devname 'ttyLC0'

Page 100

12: Configuring SAToP and CESoPSN

_______________________________________________________________________________________________________

_______________________________________________________________________________________________________ © Virtual Access 2016 GW3300 User Manual Issue: 1.4 Page 100 of 324

The cesop command provides several options to investigate the operation of the SAToP/CESoPSN service. The output provided by these com m a nds will allow the Virtual Access support team to assist you.

root@VA_router:~# cesop === CESOPD disgnostics. Command syntax: ===

cesop show all - show all cesop show config - show configuration cesop show status - show status cesop show stats - show statistics cesop clear stats - clear statistics cesop quit - terminate cesopd process cesop show debug - show diagnostical information cesop blackbox - show blackbox information cesop upgrade usbcard - upgrade usb card cesop show usbcard status - show USB serial card status cesop show usbcard stats - show USB serial card statistics cesop clear usbcard stats - clear USB serial card statistics cesop show usbcard version - show USB serial card firmware version cesop show usbcard cpld status - show USB serial card CPLD programming

status cesop bert – configure bit error rate test cesop show bert stats – show bit error rate test statistics cesop clear bert stats – clear bit error rate test statistics

12.9.1 cesop show config

To show the currently running c onfiguration, enter :

root@VA_router:~# cesop show config Main Config

----------enable : 1 nodaemon : 0 log_severity : 5 tos_enabled : 1 tos_value : 16 blackbox_enabled : 0