Westermo DR-200, MR-200 Reference Manual

©

Westermo Teleindustri AB • 2006

DR-200

MR-200

ADSL Router
GPRS Router

www.westermo.com

Web Interface and

Command Line

Reference Guide

6622-3201

2

6620-3201

Legal information

The contents of this document are provided “as is”. Except as required by applicable law, no
warranties of any kind, either express or implied, including, but not limited to, the implied
warranties of merchantability and fi tness for a particular purpose, are made in relation to the
accuracy and reliability or contents of this document. Westermo reserves the right to revise this
document or withdraw it at any time without prior notice.
Under no circumstances shall Westermo be responsible for any loss of data or income or any
special, incidental, and consequential or indirect damages howsoever caused.
More information about Westermo can be found at the following Internet address:

http://www.westermo.com

3

6620-3201

1 Introduction

Thank you for choosing a data communications product from Westermo. Westermo products are
extremely versatile and may be used in a wide variety of applications. It would not be possible to
describe in detail all such applications in a single guide. Consequently, this guide has been written
for use by technically competent personnel with a good understanding of the communications
technologies used in the product, and of the requirements for their specifi c application.

Westermo design and manufacture a wide range of both wireline and wireless network routing
products. For a complete, up-to-date list of current products, please visit the Westermo web site at

www.Westermo.com.

Whilst each of these models provide a different combination of hardware and software features, the
basic method of confi guration using the web interface or command line is the same in each case.
This guide describes the operation of standard features available across the whole product range.
Consequently, some of the features described in this guide may only be available on certain models
or must be purchased as optional “feature packs”. You should refer to the specifi cation of the
particular model you have purchased to ascertain which features are supported as standard.

In addition to a comprehensive range of communications capabilities, our products provide a
combination of powerful, yet easy to use, confi guration, management and diagnostic tools. These
include a protocol analyser, a time-stamped event log and remote management via the web interface
or via a Telnet session.

In many applications, the serial ports will be confi gured to appear as if they were standard “AT”
modems and behave accordingly. However, many other standard protocols are supported (e.g. B- and
D-channel X.25, PPP, TPAD, V.120, etc.). This makes it simple and cost-effective to migrate existing
terminal equipment, which uses the analogue telephone network, to faster, more reliable and cost­effective “wireline” or wireless digital services.

All major features of the unit can be confi gured using a standard Web browser. This can be done
locally (via a serial or LAN port), or remotely via a WAN connection. A built-in Web-server and fl exible
FLASH-memory based fi ling system mean that the unit can also be customised to provide application
specifi c functions, statistics and diagnostic information

1.1 Typographical Conventions

Throughout this manual certain typographical conventions are used as follows:

Text Type Meaning

Text like this ... is standard text.

Note: Text like
this ...

indicates points that are of particular
importance.

Text like this ...

indicates commands entered by the user at the
command line.

Text like this ...

indicates responses from the unit to commands
you enter at the command line.

Confi gure > Save refers to the unit’s web-based menu system.

4

6620-3201

2 Using the Web interface

To access the built-in web pages using a web browser (e.g. Internet Explorer), there are two
options.

2.1 Access Via a LAN Port

To access the unit through a LAN port you should assign your PC an IP address on the 192.168.0.0/
24 network (for example use an IP address of 192.168.0.1 and a mask of 255.255.255.0).

Next, either connect an Ethernet crossover cable between the LAN ports on your router and PC, or
ensure that both devices are connected to an Ethernet hub/switch on the same network. You should
then be able to access the unit’s web, Telnet and FTP services on the IP address 192.168.0.99.

Note:

All models are auto-sensing for 10/100 operation. However, only the more recent models are
also
auto MDI/MDI-X, i.e. will automatically work with either a straight-through or cross-over cable.

2.2 Access Via a Serial Port

To access the web interface through one of the unit’s serial ports (using Windows dial-up networking)
follow the steps below.

Note:

To use Dial-up Networking you must have the TCP/IP > Dial-up adapter installed in the
Network Confi guration for Windows. Check this by selecting Settings > Control Panel >

Network > Confi guration.

2.2.1 Installing the Driver File

You will need to install the “SARIAN_MULTI_PORT.INF” driver fi le and create a Windows PPP Dial up
Networking connection (DUN) for the unit as described below. It is assumed that you already have a
basic knowledge of Windows networking concepts and terminology.

The precise procedure for installing the .inf driver fi le for the unit will vary slightly between different
versions of Windows. The following description applies to Windows XP.

Start by selecting

Start > Control Panel > Phone and Modem Options. You must be in Classic View.

Select the Modems tab.
Click on Add… to install a new modem driver.
Check the Don’t detect my modem, I will select it from a list option before clicking Next >

You will see a list of the manufacturers and models of modem currently available on your system.
Insert the CD supplied into the CD drive and click on Have Disk….
Use the Browse button to locate the SARIAN_MULTI_PORT.INF fi le on the drive CD supplied with

your unit. This will be in the appropriate Windows version sub-directory of the drives folder, e.g.

5

6620-3201

win95-98. A list of routers will appear in the Models list.

Each entry in the list is the same driver, set up for a different COM port.
Choose the entry corresponding to the COM port your router is connected to, and click Next >. The

wizard will ask you which COM port you wish to install the modem on.

Select the appropriate port and click Next >, and Windows will install the driver. Once installation is
complete click Finish to return to the Phone and Modem Options dialog, where your unit will be listed.

Click on the OK button if you are satisfi ed with the installation.

Note:

During the installation you may receive a warning that the driver is not digitally signed. Click on

Continue Installation to install the driver.

2.2.2 Creating A New Dial-Up Network Connection

You now need to create a new DUN connection through which you can access your unit.

If you are planning to connect the unit directly to your PC for confi guration purposes, connect it to the
appropriate COM port now using a suitable serial cable.

If you wish to confi gure a remote unit, make sure it is connected to a suitable ISDN line and make a
note of the ISDN number.

From the Windows Start menu, select

All Programs > Accessories > Communications > New

Connection Wizard

. You will be presented with the New Connection Wizard introduction screen. Click

on Next > to proceed to the Network Connection Type dialog.
Select the Connect to the network at my workplace radio-button then click on Next >.
Select the Dial-up connection radio-button then click on Next >.
From the Select a Device dialog, select the unit you have just installed and make sure that any other

devices in the list are unchecked. Click Next >.
You must now enter a name for the connection. It is helpful to choose a name that you will easily
remember such as “My Local Westermo” or “DR-200 - Bristol Offi ce”. Click Next >. The following
dialog allows you to fi ll in the phone number for the connection.

If the connection is being created for direct local access using a COM port, you should set the phone
number to 123. This number will be intercepted by the unit and recognised as an attempt to connect
locally.

If the connection is being created for remote access, enter the correct ISDN telephone number
(including the area code) for the remote unit.

When you have done this click Next >. The fi nal dialog screen will confi rm that the connection has
been created and includes a check box to allow you to create a shortcut on your desktop if necessary.
Click on Finish to complete the task.

6

6620-3201

2.2.3 Confi guring the New DUN Connection

The new DUN connection that you have just created may now be used to connect to the unit but
before you do this, you will need to check some of the confi guration properties.

Click on the Start button and select

Connect To > My Westermo Router (substituting the connection

name you chose).

Click on the Properties button to display the properties dialog for the connection.

On the General tab, click the Confi gure… button to display the Modem Confi guration dialog.

Make sure that the Maximum speed (bps): value is set to 115200 and that the Enable hardware
fl ow control box is checked.

Click OK when you have fi nished to return to the main properties dialog.
Now select the Networking tab.

Make sure that the Type of dial-up server I am calling is set to PPP: Windows 95/98/NT/ 2000,
Internet and click on Settings:

Make sure that all three options are unchecked before clicking OK to return to the Networking tab.
In the This connection uses the following items list, Internet Protocol (TCP/IP) should be the only
item that is checked. Make sure that this is the case and then click OK to return to the main dialog.
You are now ready to initiate a connection.

2.2.4 Initiating a DUN Connection

In the main dialog, you are asked to enter a username and password. The default settings for your
unit are “username” and “password” respectively but you should change as soon as possible in
order to prevent unauthorised access to your unit (refer to the section entitled

Confi gure > Users for

instructions on how to do this). The username is not case sensitive, but the password is.

Note:

When you type the password it will appear as a series of dots to ensure privacy.
Once you have entered these, initiate a connection to your unit by clicking the Dial button. During the

dialling and connection process, you may see a series of status dialog boxes and, if the connection is
successful, the fi nal dialog box will indicate that the PPP login has been authenticated.

After a short delay, this dialog will minimise to a “linked computers” icon in the Windows taskbar.

You should now be ready to access the built-in web pages using your Web browser. The default “web
address” for the unit is 1.2.3.4. By default, this is also mapped to the system IP hostname ss.2000r.

You will need a valid username and password to access the web interface. Once again, the default
settings are username and password respectively. If these values do not allow access, you should
contact your system administrator.

7

6620-3201

3 Using the command line interface

Using a Web browser to modify text box or table values in the confi guration pages is the simplest way
to confi gure the unit and this process is described in the next chapter. However, if you do not have
access to a Web browser, the unit can be confi gured using text commands. These commands may be
entered directly at one of the serial ports or via a Telnet session. Remote confi guration is also possible
using Telnet or X.25.

To use the serial ports you will need a PC and some communications software such as
HyperTerminal™ (supplied with Windows) or TeraTerm™. The same commands may also be used to
confi gure the unit remotely via Telnet, X.25 or V.120.

There are several types of text command:

AT Commands & S Registers

AT commands (pronounced “ay tee”) and Special registers (S registers) are supported in order to
maintain compatibility with modems when the unit is used as a modem replacement.

Application Commands

Application commands are specifi c to Westermo products and are used to control most features of the
unit when not using the Web interface.

X.3 Commands

These are standard X.3 commands which are used only in X.25 PAD mode

TPAD Commands

These are used only in TPAD mode.

3.1 The “AT” Command Interface

3.1.1 Command Prefi x

The “AT” command prefi x is used for those commands that are common to modems. To confi gure the
unit using AT commands you must fi rst connect it to a suitable asynchronous terminal.

You will fi rst need to set the interface speed/data format for your terminal to 115,200bps, 8 data bits,
no parity and 1 stop bit (these settings can be changed later if necessary).

When your terminal is correctly confi gured, apply power and wait for the B2 indicator to stop fl ashing.
Unless you have previously confi gured the unit to automatically connect to a remote system on
power-up, it will now be ready to respond to commands from an attached terminal and is in “command
mode”.

Now type “AT” (in upper or lower case), and press [Enter]. The unit should respond with the message
“OK”. This message is issued after successful completion of each command. If an invalid command is
entered, the unit will respond with the message “ERROR”.

Note:

For consistency AT commands are shown in upper case throughout this guide.

If there is no response, check that the serial cable is properly connected and that your terminal or PC
communications software is correctly confi gured before trying again.
If you have local command echo enabled on your terminal, you may see the AT command displayed
as “AATT”. If this happens you may use the “ATE0” command (which will appear as “AATTEE00”),
to prevent the unit from providing command echo. After this command has been entered, further
commands will be displayed without the echo.
The “AT” command prefi x and the commands that follow it can be entered in upper or lower case.
After the prefi x, you may enter one or more commands on the same line of up to 40 characters. When
the line is entered, the unit will execute each command in turn.

8

6620-3201

3.1.2 The Escape Sequence

If you enter a command such as “ATD”, which results in the unit successfully establishing a
connection to a remote system, it will issue a “CONNECT” result code and switch from command
mode to on-line mode. This means that it will no longer accept commands from the terminal. Instead,
data will be passed transparently through the unit to the remote system. In the same way, data from
the remote system will pass straight through to your terminal.

The unit will automatically return to command mode if the connection to the remote system is
terminated. To return to command mode manually, you must enter a special sequence of characters
called the “escape sequence”. This consists of three occurrences of the “escape character”, a pause
(user confi gurable) and then “AT”. The default escape character is “+” so the default escape sequence
is:

+++ {pause} AT

Entering this sequence when the unit is on-line will cause it to return to command mode but it will NOT
disconnect from the remote system unless you specifi cally instruct it to do so (using “ATH” or another
method of disconnecting). If you have not disconnected the call, the “ATO” command may be used to
go back on-line.

3.1.3 Result Codes

Each time an AT command line is executed, the unit responds with a result code to indicate whether
the command was successful. If all commands entered on the line are valid, the “OK” result code will
be issued. If any command on the line is invalid, the “ERROR” result code will be issued.

Result codes may take the form of an English word or phrase (verbose code) or an equivalent number
(numeric code), depending on the setting of the “ATV” command. Verbose codes are used by default.
The “ATV0” command can be used to select numeric codes if required. A full list of the Result codes is
provided in the following table:

The “AT” command prefi x and the commands that follow it can be entered in upper or lower case.
After the prefi x, you may enter one or more commands on the same line of up to 40 characters. When
the line is entered, the unit will execute each command in turn.

Numeric Code Verbose Code Meaning

0 OK Command line executed correctly
1 CONNECT ISDN connection established
2 RING Incoming ring signal detected
3 NO CARRIER X.25 service not available
4 ERROR Error in command line
6 NO DIALTONE ISDN service not available
7 BUSY B-channel(s) in use
8 NO ANSWER No response from remote

“S” Registers

“S” (Special) registers are registers in the unit that are used to store certain types of confi guration
information. They are essentially a “legacy” feature included to provide compatibility with software
that was originally designed to interact with modems. A full list of the registers is provided under the
section heading “S registers”.

9

6620-3201

3.2 Westermo Application Commands

The unit also supports numerous text-based “application” commands that are specifi c to Westermo
products and do not require the “AT” prefi x. Some of these are generic i.e. they are related to the
general operation of the unit; others are application or protocol specifi c.

Application commands may be entered via any of the serial ports but if you are using ASY 0 or ASY
1 with auto-speed detection enabled (which is not possible on ports 2, 3, etc.), you must fi rst lock the
interface speed to the same as that of your terminal. To do this fi rst ensure that the unit is responding
to AT commands correctly and then enter the command:

AT\LS

The speed will remain locked until the unit goes on-line and then off-line again, the power is removed
or the unit is reset. Once the port speed has been locked, “AT” commands will still work but you may
also use the application commands.

Remember that if you subsequently re-enable auto-speed detection on the port it will disable the
use of application commands until the “AT\LS” command has been re-entered or the port speed has
been set to a specifi c speed using “S31”. For example, to set the port speed at 19,200bps enter the
command:

ATS31=6

then change your terminal settings to match.

Note:

Speed locking is not necessary when you use the text commands via a Telnet session.

Westermo application commands (referred to just as text commands throughout the remainder of this
guide), can be entered in upper or lower case but unlike “AT” commands, only one command may
be entered on a line. After each successful command, the “OK” result code will be issued. An invalid
command will cause the “ERROR” result code to be issued.

The general syntax for an application commands is:

<cmd_name> <instance> <param_name> <value>

where:

<cmd_name> is the name of the command
<instance> is the instance number for the entity that you are confi guring.
<param_name> is the name of the parameter that you wish to confi gure.
<value> is the new value for the specifi ed parameter.

For example, to set the window size to 5 for X.25 PAD instance 1 you would enter:

pad 1 window 5

Even if there is only once instance of particular entity, you should only enter 0 for the instance
number.

3.2.1 The Active Port

When entering “AT” or text commands it is important to understand that in most cases, the command
only affects the settings for the “active” port. This is usually the port to which you are physically
connected but you may, if necessary, set the active port to another port of your choice using the “AT\
PORT=N” command where “N” is 0-3.

3.3 Establishing a Remote Connection

Once you have fi nished confi guring the unit, there are several ways of establishing a link to a remote
system:

10

6620-3201

♦ An outgoing V.120 call may be made using the “ATD” command ♦ You can initiate a DUN session to
establish a dial-up PPP connection. ♦ An outgoing X.25 call may be made using the “ATD” command
followed by the X.28 CALL
command.
♦ An outgoing TPAD (Transaction PAD) call may be made by using the TPAD “a” (address) command
followed by the appropriate NUA (this is normally only carried out under software control).

Similarly, incoming calls will be handled according to which protocols have been bound to the ASY
ports and whether or not answering is enabled for each protocol.

11

6620-3201

4 Confi guring your unit

This section describes the various confi guration parameters for the unit and how to set or change
them using the built-in web pages or the text commands. Confi guration using the Web pages
is achieved by entering the required values into text boxes or tables on the page, or by turning
features on or off using checkboxes. The same results can be achieved entering the appropriate text
commands via one of the serial ports.

4.1 Logging In

To confi gure the unit via the Web interface, either establish a DUN connection to it and then open your
web browser and enter 1.2.3.4 for the web address, or enter the unit’s Ethernet IP address
(192.168.0.99) into your web browser after confi guring your PC to have an address on the same
subnet. You will be presented with a login page.

The default Username and Password are “username” and “password” respectively. Enter these and
click the Login button to access the confi guration pages. The password will be displayed as a series
of dots for security purposes. Correct entry of the username and password will display the main
operations page.

Clicking on the Click to load Applet graphics! button will display a representation of the front panel
of your unit that will be updated every few seconds to show the actual status of the LED indicators.
The model number of your unit will be shown at the top of the screen. The unit’s serial number and ID
are shown below the front panel representation.

Down the left side of the page you will see a directory tree listing the various folders and pages that
are available.

Each folder may be preceded by a small “+” symbol and a closed folder icon indicating that it can
be expanded to reveal sub-pages or folders. To do this, click anywhere on the appropriate line. The
closed folder icon will change to an open folder icon and the “+” symbol will change to “-”. Clicking
on the line again will hide the sub-options. Where there are no sub-pages, a web-page icon is shown
next to the page title. Clicking on this will display the associated web page. The following sections
describe how to use these pages to confi gure and monitor the operation of your unit.

12

6620-3201

4.2 Confi guring and Testing GPRS Models

Refer to the Confi gure > GPRS Module section of this guide to confi gure your router for the correct
APN and PIN code (if any).

You can now power up your unit and test connection to the GPRS network. If you have correctly
confi gured everything, the GPRS SIM indicator on the front panel should illuminate green to show
that a GPRS enabled SIM card is present. The unit will now attempt to log on to the specifi ed GPRS
network and if it is able to do so, the GPRS NET indicator will illuminate steady. Data passing to and
from the network will be refl ected by the status of the DAT indicator, which will fl ash alternatively red
and green. If you are unable to connect to the network, go to the Status > GPRS Module web page
and press the Refresh button.

Note:

The signal strength is shown in “negative dB”, which means that the stronger the signal, the lower the
number. As a guide -51dB would be a very strong signal, only normally obtained very close to a cell
site. -115dB represents no signal. If your unit reports -115dB try reorienting the antenna or consider
adding an external antenna.

4.2.1 Signal Strength Indicators

On units equipped with GPRS modules, there are three LED’s on the front panel that will indicate the
strength of the signal, as shown in the table below.

LED’s Lit Signal Strength

None Under -113 dBm (effectively no signal)
1 -111 dBm to -87 dBm (weak signal)
2 -85 dBm to -71 dBm (medium strength signal)
3 -69 dBm to -51 dBm (strong signal)

The minimum recommended strength indication is 2 LED’s. If you have no or 1 LED’s lit, it is
recommended that you fi t an external antenna to the unit.

4.3 The Confi guration Pages

Click on the Confi gure closed folder icon. The folder will open to show its contents.

You will see a list of web pages and sub-folders containing further web pages. Each page allows you
to confi gure parameters that are related to a particular function or protocol. For example, the Ethernet
page allows you to set up the unit’s IP address, DNS server address etc.

A page will contain a mixture of text-boxes, check boxes and/or list-boxes. To confi gure a particular
item simply select the appropriate value from a list, type in into a text-box the appropriate value from a
series of checkboxes.

When you have fi nished making changes on a particular page, click on the OK button to accept the
changes or CANCEL to revert to the existing values.

Note:

Pressing OK will save the changes you have made for the current session only i.e. they will be lost if
the unit when the power is removed. If you wish to save the changes more permanent, make sure that
you save them to non-volatile memory as described in Saving Confi guration Changes.

The following sections describe each of the confi guration pages in detail. They fi rst explain each of
the parameters or options shown on the web page. This is followed by a description of the equivalent
text commands.

13

6620-3201

4.4 Confi gure > ADAPT

The unit incorporates two “Adapt” (rate adaptation protocol) instances. Each instance allows you to
select and confi gure the protocol to be used for providing rate adaptation over an ISDN B channel.
The supported protocols are V.110, V.120 and X.75. Depending on which protocol is selected, there
may be an associated LAPB instance (distinct from the two general purpose LAPB instances), as for
example, when V.120 is used in error corrected (Multi-frame) mode.

Using the Web Page(s)

V120 mode:

When the V mode parameter (see below), has been set to “V120”, the V120 mode parameter allows
you to select “Unacknowledged”, “Multi-frame” or “Multi-frame/Fallback” mode for V.120 operation.

“Unacknowledged” mode is the simplest mode and does not provide error control.
“Multi-frame” mode provides error control but may only be used if the remote system also supports
this mode. In “Multi-frame/Fallback” mode, the unit will attempt to establish a multi-frame error
controlled link

but will allow a connection in Unacknowledged mode if the remote unit does not support error control.

MSN:

This parameter provides the fi lter for the ISDN Multiple Subscriber Numbering facility. It is blank by
default but when set to an appropriate value it will cause the unit to answer only incoming calls to
telephone numbers where the trailing digits match that value (if answering is enabled). For example
setting MSN to 123 will prevent the unit from answering any calls to numbers that do not end in 123.

Sub-address:

This parameter provides the fi lter for the ISDN sub-address facility. It is blank by default but when set
to an appropriate value with answering enabled, it will cause the unit to answer incoming calls only
to ISDN numbers where the trailing digits of the sub address called match that value. For example,
setting the Sub-address parameter to 123 will prevent the unit from answering any calls to numbers
where the sub address does not end in 123.

CLI:

Calling Line Identifi cation. The unit will only answer calls from numbers whose trailing digits match
what is entered in this fi eld. The line the unit is connected to must have CLI enabled by the telecoms
provider, and the calling number cannot be withheld.

V mode:

This parameter allows you to specify which rate adaptation protocol to use and can be set to one of
the following:

Option Description

V.120 Mode

This allows one B-channel to carry multiple sub-rate channels in a succession
of statistically multiplexed (variable-length) frames. These frames support error
detection and correction procedures if selected under V120 mode (above).

V.110 Mode

V.110 is a fi xed-frame based rate adaptation standard that subdivides the
ISDN B-channel capacity so that it can carry one lower speed (sub-rate) data
channel.

V110/V120 Detect This mode detects which protocol (V.110 or V.120) the remote host is using.
X75 Transparent This selects bit transparent X.75 mode of operation.

X75 T.70 NL

This option generates T.70 NL telematic prefi xes that are required by some
ISDN terminal adapters.

14

6620-3201

V110 user rate:

This parameter allows you to specify the data rate to be used on ISDN when operating in V.110 mode.

V110 fi xed rate:

This parameter can be set to Yes to prevent the V.110 protocol from changing the data rate.

Direct sync mode:

This parameter allows you to replace the standard V120 frame header with the 0xff character. The
data received on the ASY port can then be considered to be written directly onto the sync ISDN line
(apart from the 0xff header in each frame).

Socket mode:

This parameter allows you to connect using a TCP socket rather than an ISDN line.

IP address:

The IP address of the TCP socket the router is connecting to in Socket mode.

IP port:

The port number of the TCP socket the router is connecting to in Socket mode.

Listening IP port:

The port number the router is listening on in Socket mode.

LAPB Confi guration:

The following parameters are only used if a V.120 connection is established in Multi-frame mode:

N400 counter:

This is the standard LAPB/LAPD retry counter. The default value is 3 and it should not normally be
necessary to change this.

RR timer (ms):

This is a standard LAPB/LAPD Receiver Ready timer. The default value is 10,000ms (10 seconds)
and it should not normally be necessary to change this.

T1 timer (ms):

This is a standard LAPB/LAPD timer. The default value is 1000 milliseconds and under normal
circumstances, it should not be necessary to change it.

T200 timer (ms):

This is a standard LAPB/LAPD re-transmit timer. The default value is 1000 milliseconds and under
normal circumstances, it should not be necessary to change it.

Using Text Commands

To confi gure rate adaptation parameters via the command line use the adaptcommand.
To display current settings for “adapt 0” enter the command:

adapt 0 ?

To change the value of a parameter use the command in the format:

adapt <instance> <parameter> <value>
where <instance> is 0 or 1.

15

6620-3201

The parameters and values are:

Parameter Values Equivalent Web Parameter

cli number CLI
dial_retries number

-

dsync off, on Direct sync mode
fi xed_rate off, on V110 fi xed rate
ip_addr number IP address
ip_port number IP port
leased_line off, on

-

lip_port number Listening IP port

msn

number MSN

msnv110 number MSN for V.110

multi 0,1,2

Mode: 0=unacknowledged,
1=multi-frame, 2=multi-frame/
fallback

sockmode 0, 1

Socket mode: 0=Off 1=TCP

sub number Sub-address

user_rate 5,6,7,8,9,10,11

V110 User Rate: 5=38400,
6=19200, 7=9600, 8=4800,
9=2400, 10=1200, 11=600

vmode 0,1,2,3,4

V Mode: 0=V120 mode, 1=V110
mode, 2=V110/V120 detect,
3=X75 Transparent, 4=X75 T.70
NL

Dial Retries

If an ISDN connection is established, but rate adaption is not negotiated, this parameter will allow the
unit to drop the connection and redial it.

Leased Line

This parameter will allow the unit to automatically attempt to maintain the connection once it has
been established. A connection can be disconnected by the unit if it is instructed to do so, but if the
connection is lost due to an error, it will continually redial. In other words, if the unit is not responsible
for a disconnection, redialling will take place.

To change the values of the LAPB parameters for rate adaptation, use the

lapb command. Note that

LAPB 2 is used for “adapt 0” and LAPB 3 is used for “adapt 1”.

16

6620-3201

4.5 Confi gure > Analyser

Your unit can be confi gured to maintain a trace of activity taking place at the various ports and of the
layer 2 and 3 protocols. Trace information is stored in a circular buffer in memory. When the buffer is
full, the storage of new trace data starts at the beginning of the buffer again (overwriting the oldest
data). This buffer appears in the fi le directory as a pseudo-fi le called “ANA.TXT”.

The following is a typical trace showing activity on the D-channel:

----- 4-5-2002 13:11:50.260 ------ L2 DCHAN
SABME from NT to TE: COMMAND POLL SAPI=10, TEI=01,
42,03,7F,

---------

----- 4-5-2002 13:11:50.260 -----­L2 DCHAN UA from TE to NT: RESPONSE FINAL SAPI=10, TEI=01,
42,03,73,

----- 4-5-2002 13:11:50.330 ------ L2 DCHAN I
FRAME from NT to TE: COMMAND SAPI=10, TEI=01, NS=00,
NR=00, 42,03,00,00,

X25 RESTART from DCE to DTE:
LCG=0 LCN=0 PTI
10, 00, FB,
07 00 ..

---------

----- 4-5-2002 13:11:50.330 -----­L2 DCHAN I FRAME from TE to NT: COMMAND SAPI=10, TEI=01, NS=00, NR=01,
40,03,00,02,

X25 RESTART CONFIRMATION from DTE to DCE:
LCG=0 LCN=0 PTI
10, 00, FF,

---------

Both B and D-channel analysis can be enabled simultaneously if necessary and you can
select which LAPB and LAPD sources you wish to include in the trace by checking the
appropriate boxes.

Using the Web Page(s)

The Confi gure > Analyser web page allows you to turn the analyser “On” or “Off” and to determine
what information is included in the trace using the following parameters:

Analyser:

This parameter is used to turn the protocol analyser “On” or “Off”.

Protocol layers:

The check boxes shown under this heading are used to specify which protocol layers are included in
the protocol analyser trace. You can choose to generate a trace of the physical layer (Layer 1), the
Link Layer (Layer 2) protocol, the Network Layer (Layer 3) protocol or any combination, by checking
or clearing the appropriate check-boxes. In addition, you may select XOT (X.25 over TCP/IP) tracing if
this feature is included in your product.

IKE:

This checkbox is used to enable or disable the inclusion of IKE packets in the analyser trace when
using IPSec.

17

6620-3201

SNAIP:

This checkbox is used to enable or disable the inclusion of SNAIP packets in the analyser trace.

ISDN sources:

The group of check boxes shown under this heading are used to select the ISDN channels (D, B1 and
B2) that will be included in the trace. To include or exclude a specifi c LAPB or LAPD instance from the
trace ensure that the appropriate checkbox is checked or cleared respectively.

ASY sources:

The group of checkboxes shown under this heading is used to select the ASY ports that will be
included in the trace. To include a trace of commands issued to and responses from a particular port,
ensure that the appropriate box is checked. The list of available ports will include the physical ASY
ports, internal “virtual ASY ports” (if present) and ports used by built-in GPRS/PSTN modems.

Raw sync sources:

The group of checkboxes shown under this heading are is to select the synchronous sources to be
included in the trace. These include the ISDN channels D, B1 and B2 and any other synchronous
ports/protocols that your unit may include (e.g. physical port 1, 2, etc.). This feature is especially
useful for monitoring data transferred over ISDN when the higher layer protocol does not record data
in the trace (e.g.V.120).

Max I-PAK size:

The text-box labelled Max I-PAK Size allows you to specify the maximum number of bytes from each
X.25 Information Frame that will be included in the trace. Frames that are larger than this value are
truncated. Bear in mind that the larger this value, the quicker the “ANA.TXT” pseudo-fi le (in which the
trace output is stored), will become full so that the effective length of the trace is reduced. The default
value of 128 should be suitable in most cases.

PPP sources:

The group of checkboxes shown under this heading may be used to select the PPP sources to be
included in the trace.

IP sources:

The group of checkboxes shown under this heading may be used to select the IP sources to be
included in the trace. These sources include IP packets transmitted over PPP and ETH instances.

Ethernet sources:

The group of checkboxes shown under this heading may be used to select the Ethernet port sources
to be included in the trace.

ATM PVC sources:

The group of checkboxes shown under this heading may be used to select the ADSL ATM PVCs to
include in the analyser trace.

IP fi lters:

This text box is used to prevent the tracing of packets to or from specifi c TCP or UDP ports. The
format of this text box is a comma-separated list of port numbers. For example, you may wish to
exclude tracing of HTTP traffi c that would otherwise swamp the data of interest. This can be done by
entering “80” in the IP Filters box.

At the bottom of the page, the

OK and Cancel buttons may be used to save or cancel any changes

respectively.

18

6620-3201

Using Text Commands

From the command line, the ana command can be used to confi gure the protocol analyser.
To display the current settings for the analyser enter the command:
ana <instance> ? where <instance> is 0 (there is only one instance of the
Analyser). To change the value of a parameter use the same command in the
format:

ana 0 <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

anon

off, on Analyser

asyon

1-15 ASY source
ikeon off, on IKE
ipfi lt number list IP fi lters
l1on off, on Protocol layers - layer 1
l2on off, on Protocol layers - layer 2
l3on off, on Protocol layers - layer 3
lapbon 1-3 ISDN sources - LAPB
lapdon 1-7 ISDN sources - LAPD
maxdata number Max I-PAK size

syon

1-15 Raw sync sources
xoton off, Protocol layers - XOT

For example, to turn the analyser on, enter:

ana 0 anon on

To clear the existing contents of the analyser trace prior to starting a new trace session, use the
following command:

ana 0 anaclr

19

6620-3201

To include or exclude trace information from the various possible sources, use the appropriate
command from the above table in conjunction with the required value from the following tables:

ASY sources:

Value ASY 3 ASY 2 ASY 1 ASY 0

0 OFF OFF OFF OFF
1 OFF OFF OFF ON
2 OFF OFF ON OFF
3 OFF OFF ON ON
4 OFF ON OFF OFF
5 OFF ON OFF ON
6 OFF ON ON OFF
7 OFF ON ON ON
8 ON OFF OFF OFF
9 ON OFF OFF ON
10 ON OFF ON OFF
11 ON OFF ON ON
12 ON ON OFF OFF
13 ON ON OFF ON
14 ON ON ON OFF
15 ON ON ON ON

Ethernet, IP or PPP sources:

These are a special case and cannot be confi gured from the command line using the ana command.
Instead, these sources must be turned on or off from the command line by using the appropriate ppp
or eth commands. For example to turn IP tracing on for PPP instance 1 enter the following command:

ppp 1 ipanon on

For example to turn PPP tracing on for PPP instance 1 enter the following command:

ppp 1 pppanon on

To turn IP tracing on for Ethernet instance 0 enter the following command:

eth 0 ipanon on

This tracing can also be turned on or off in the web page entries for the Ethernet and PPP instances.

LAPB sources:

Value LAPB 1 LAPB 0

0 OFF OFF
1 OFF ON
2 ON OFF
3 ON ON

20

6620-3201

LAPD sources:

Value LAPB 2 LAPB 1 LAPB 0

0 OFF OFF OFF
1 OFF OFF ON
2 OFF ON OFF
3 OFF ON ON
4 ON OFF OFF
5 ON OFF ON
6 ON ON OFF
7 ON ON ON

Raw Sync sources:

Value

Physical
Port 1

Physical
Port 0

ISDN B2 ISDN B1 ISDN D

0 OFF OFF OFF OFF OFF
1 OFF OFF OFF OFF ON
2 OFF OFF OFF ON OFF
3 OFF OFF OFF ON ON
4 OFF OFF ON OFF OFF
5 OFF OFF ON OFF ON
6 OFF OFF ON ON OFF
7 OFF OFF ON ON ON
8 OFF ON OFF OFF OFF
9 OFF ON OFF OFF ON
10 OFF ON OFF ON OFF
11 OFF ON OFF ON ON
12 OFF ON ON OFF OFF
13 OFF ON ON OFF ON
14 OFF ON ON ON OFF
15 OFF ON ON ON ON
16 ON OFF OFF OFF OFF
17 ON OFF OFF OFF ON
18 ON OFF OFF ON OFF
19 ON OFF OFF ON ON
20 ON OFF ON OFF OFF
21 ON OFF ON OFF ON
22 ON OFF ON ON OFF
23 ON OFF ON ON ON
24 ON ON OFF OFF OFF
25 ON ON OFF OFF ON
26 ON ON OFF ON OFF
27 ON ON OFF ON ON
28 ON ON ON OFF OFF
29 ON ON ON OFF ON
30 ON ON ON ON OFF
31 ON ON ON ON ON

21

6620-3201

4.6 Confi gure > ASY Ports

Each ASY (serial) port can be independently confi gured for interface speed, parity, command echo,
etc. These parameters can be set via the appropriate

Confi gure > ASY Port web page or from the

command line using AT commands and S registers.

Using the Web Page(s)

The Confi gure > ASY Ports folder icon opens to list a page for each of the asynchronous serial ports
(usually ASY 0, 1, 2 & 3).

Note:

On models fi tted with GPRS one of the pages will be entitled GPRS port. Similarly, on models fi tted
with an analog modem, one of the pages will be entitled PSTN port.

Each page allows you to confi gure the following port parameters:

Answer ring count (S0):

This parameter controls the answering of incoming V.120 calls. When set to zero, V.120 answering is
disabled, otherwise V.120 answering is enabled on this port. The actual value used for this parameter
sets the number of rings the unit will wait before answering. This is equivalent to setting the value of
the “S0” register for the relevant ASY port.

DCD:

The DCD parameter is used to confi gure the way in which the unit controls the DCD signal to
the

terminal.

Setting this parameter to “Auto” confi gures the unit so that it will only turn the DCD signal on
when an ISDN connection has been established (this is equivalent to “AT&C1”).
Selecting “On” confi gures the unit so that the DCD signal is always on when the unit is
powered-up (this is equivalent to “AT&C0”).
Selecting “Off” confi gures the unit so that the DCD signal is normally on but goes off for the
length of time specifi ed by S10 after a call is disconnected (this is equivalent to “AT&C2”).

DTR control:

The DTR control parameter is used to confi gure the way in which the unit responds to the
DTR
signal from the terminal.
Setting this parameter to “None” confi gures the unit so that the DTR signal from the attached
terminal is ignored (this is equivalent to AT&D0).

Selecting to “Drop Call” confi gures the unit so that it will disconnect the current call and return to
AT command mode when the DTR signal from the terminal goes from on to off (this is equivalent to
“AT&D1”).
Selecting to “Drop Line & Call” confi gures the unit so that it will disconnect the current call, drop
the line and return to AT command mode when the DTR signal from the terminal goes from On to
Off (this is equivalent to “AT&D2”).

DTR de-bounce time (x20ms):

The value of this parameter determines the length of time (in multiples of 20ms), for which the DTR
signal from the terminal must go off before the unit acts upon any options that are set to trigger on
loss of DTR. Increasing or decreasing this value makes the unit less or more sensitive to “bouncing”
of the DTR signal respectively.

Echo:

This parameter can be used to turn command echo “On” or “Off” when using the text command
interface. Turn command echo off if your terminal provides local command echo itself.

Escape character:

This parameter determines which character is used in the escape sequence. The value of this

22

6620-3201

parameter is the decimal ASCII code for the character, normally 43 (“+” symbol). Changing this
parameter has the same effect as changing the “S2” register.

Escape delay (x20 ms):

This parameter defi nes the required minimum length of the pause (in multiples of 20ms), in the
escape sequence between entering three escape characters and then entering “AT”.

Flow control:

The unit supports software fl ow control using XON/XOFF characters and hardware fl ow control
using the RS232 RTS and CTS signals. Use this drop-down list to select “Software”, “Hardware” or a
combination of “Both”. To disable fl ow control select the “None” option.

Interface speed:

This parameter allows you to select the interface speed from a drop down list. Select the required
speed (from 300bps to 115,200bps), or for ASY 0 or ASY 1 only you may select the “Auto” option to
allow automatic speed detection from the AT commands entered at the port.

Result codes:

This parameter is used to select “Numeric”, “Verbose” or no result codes (“None”) when using the text
command interface.

Parity:

This parameter is used to set the ASY port parity to “Even”, “Odd” or “None” as required.

Disable Port:

This parameter will disable the ASY port from the software stack. The ASY port will not be able to
send data and any data received will be discarded.

Forwarding Timeout(x10ms)

This parameter is the length of time the unit will wait for more data after receiving at least one byte
of data through the serial port and before transmitting it onwards. This timer is reset each time more
data is received. The unit will forward the data onwards when either the forwarding timer expires or
the input buffer is full. This parameter applies to ADAPT, TCPDIAL, TCPPERM and PANS.

Power-up profi le:

This parameter can be set to 0 or 1 to determine which of the two stored profi les is loaded when the
unit is fi rst powered up.

The two buttons at the bottom of the page are used to save/load the above settings to/from the
“SREGS.DAT” fi le. You may create two stored profi les for each available ASY port containing the
settings detailed on this page, all of which are contained in “SREGS.DAT”.

Load Profi le

Clicking this button loads the profi le specifi ed in the list box to the right.

Save Profi le

Clicking this button will store the current settings to the profi le specifi ed in the list box to the right.

23

6620-3201

Using Text Commands

ASY ports are confi gured from the command line using “AT” commands and “S” registers:

Cmd/S-reg Description

E Echo
V Verbose mode
Z Load profi le
&C DCD control
&D DTR response
&K Flow control
&W Store profi le
&Y Power-up profi le
S0 Answer Ring count
S1 Ring count
S2 Escape character
S12 Escape delay
S15 Forwarding register
S23 Parity
S31 ASY port speed
S45 DTR de-bounce time (x10ms)
S99 Disable Port

To save any changes you have made to the profi les in command mode, use the “AT&W” command.

24

6620-3201

4.7 Confi gure > TRANSIP ASY Ports

TransIP is a method of using virtual ASY ports for serial connections, in effect multiplying the number
of concurrent serial connections to a unit.

Using the Web Page(s)

TransIP #:

The TransIP port number. Each TransIP is assigned a separate virtual ASY port.

ASY port:

The virtual ASY port number assigned to the TransIP instance.

TCP port:

The TCP port number to listen on.

TCP remote port:

TransIP can be confi gured to actively connect on a TCP socket (i.e. make outgoing socket
connections). If this parameter is set it defi nes the TCP port number to use when TransIP is making
TCP socket connections. When this parameter is set to zero, TransIP is listening only on the port
defi ned in the

TCP Port parameter.

Host:

The Hostname or IP address to which TransIP will make outward TCP connections.

Keep Alive(s):

This parameter defi nes the amount of time (in seconds) a connection will stay open without any traffi c
being passed.

Stay connected mode:

When this parameter is set to “On” the socket will not be cleared by the unit) at the end of a
transaction, data call or data session (depending on what the TransIP ASY port was bound to and
protocol it was implementing). For example, if the TransIP port is bound to TPAD and this parameter
is “Off”, then the TransIP TCP socket will be cleared at the end of the TPAD transaction.

Command echo off:

Setting this parameter to “On” disables the command echo for the TransIP port. When set to “On”, all
commands issued will be echoed back in the TransIP TCP socket.

Using Text Commands

To confi gure TransIP parameters via the command line use the transipcommand. To display
current settings for a TransIP instance enter the command:
transip <instance> ? where <instance> is 0 to 3. To change the value of a parameter use
the command in the format:

trnasip <instance> <parameter> <value>

The parameters and values are:

Parameter Values Equivalent web parameter

port

number TCP port
remport number TCP remote port

host

IP address/

hostname

Host

staycon off, on Stay connected mode
keepact number Keep Alive(s)
cmd_echo_off off, on Command echo off

For example, to set TransIP instance 1 to use TCP port 7000 you would enter:

transip 1 port 7000

25

6620-3201

4.8 Confi gure > Backup IP Addresses

This page contains a table that is used to specify alternative addresses to use when the unit fails in
an attempt to open a socket. These addresses are used only for socket connections that originate
from the unit and are typically used to provide back-up for XOT connections, TANS (TPAD answering)
connections or any application in which the unit is making outgoing socket connections.

When a back-up address is in use, the original IP address that failed to open is tested at intervals to
check if it has become available again. Additionally, at the end of a session, the unit will remember
when an IP address has failed and use the back-up IP address immediately for future connections.
When the original IP address eventually becomes available again, the unit will automatically detect
this and revert to using it.

Using the Web Page(s)

The web page contains a table with four columns headed:

IP Address:

In this column you should enter the original IP address to which the backup address relates.

Backup IP Address: This is the backup address to try when the unit fails to open a connection to IP
Address

.

Retry Time (s):

The is the length of time seconds that the unit will wait between checks to see if a connection can yet
be made to

IP Address.

Try Next:

In the case that a connection to the primary IP address has just failed, this parameter determines
whether a connection to the backup IP address should be attempted immediately or when the
application next attempts to open a connection.

When set to “Yes” the socket will attempt to connect to the backup IP address immediately after
the connection to the primary IP address failed and BEFORE reporting this failure to the calling
application, e.g. TPAD. If the backup is successful this means the application will not experience any
kind of failure even though the unit has connected to the backup IP address.

When set to “No” the socket will report the failure to connect back to the calling application
immediately after the connection to the primary IP address has failed. The unit will not try to connect
to the backup IP address at this stage. The next time the application attempts to connect to the same
IP address, the unit will instead automatically connect to the backup IP address.

Chaining IP Addresses

It is possible to chain backup IP addresses by making multiple entries in the table.
For example the following table with 3 rows populated will cause the router to back-up from

192.168.0.1 to 192.168.0.2 and then to 192.168.0.3 and then to 192.168.0.4 (if necessary).

Note:

The length of time that it takes for a connection to an IP address to fail is determined by the TCP

socket connect timeout

parameter on the Confi gure > General web page.

26

6620-3201

4.9 Confi gure > Certifi cates > Certifi cate request

The unit can establish an IPSec tunnel to another unit using certifi cates. For more information on
using certifi cates with your unit, please refer to the Application Note “How to confi gure an IPSEC VPN
tunnel between two Westermo Routers using Certifi cates and SCEP”, which is available from the
Westermo web site.

This page contains fi elds that required when sending a certifi cate request to a Certifi cate Authority
(CA). This information forms part of the certifi cate request, and thus part of the signed public key
certifi cate.

Using the Web Page(s)

Challenge password:

Before you can create a certifi cate request you must fi rst obtain a challenge password from the
Certifi cate Authority Server. This password is generally obtained from the SCEP CA server by way of
a WEB server, or a phone call to the CA Server Administrator. For the Microsoft® SCEP server, you
browse to a web interface. If the server requires a challenge password, it will be displayed on the
page along with the CA certifi cate fi ngerprint.

This challenge password is usually only valid once and for a short period of time, in this case 60
minutes, meaning that a certifi cate request must be created after retrieving the challenge password.

Country:

A two-character representation of the country the unit is in (e.g. UK for the United Kingdom).

Common name:

Enter a name for your unit. This fi eld is important, as the common name will be used as the unit’s ID
in IKE negotiations.

Locality:

The location of the unit (e.g. London).

Organisation:

An appropriate company name.

Organisational unit:

An appropriate organisational unit within the company (e.g. Development).

State:

State, County of Province the unit is located in.

Email address:

An appropriate email address.

Unstructured name:

This parameter is optional. You can enter some descriptive text if you wish.

Digest algorithm:

Choose either MD5 or SHA1. This is used when signing (encrypting) the certifi cate request.

27

6620-3201

Using Text Commands

From the command line, the creq command can be used to enter the certifi cate request information.
To display the current settings for certifi cate request enter the command:
creq <instance> ? where <instance> is 0. To change the value of a parameter use the same
command in the format:
creq <instance> <parameter> <value> where <instance> is 0. The parameters and
values are:

Parameter Values Equivalent Web Parameter

challenge_pwd text Challenge password

commonname

text Common name
country text Country
digest text Digest algorithm
email text Email
locality text Locality

orgname

text Organisation
org_unit text Organisational unit
state text State
unstructname text Unstructured name

For example, to set the country as UK, enter:

creq 0 country UK

To set the email address, enter:

creq 0 email someone@hotmail.com

28

6620-3201

4.10 Confi gure > Certifi cates > SCEP

This page contains information needed to both request CA certifi cates from the CA server, and to
enrol the certifi cate requests using Simple Certifi cate Enrolment Protocol (SCEP).

Using the Web Page(s)

Host:

The IP address of the CA server.

Remote port:

The destination port. If this parameter is non-zero, the unit will use this value as the destination port
rather than the default of 80 (HTTP).

Path:

The path on the server to the SCEP application. The path will be entered automatically if you choose
either cgi-bin or Microsoft SCEP from the drop-down list.

Application:

This represents the SCEP application on the server.

CA Identifi er:

CA identifi er.

Private Key fi lename:

The fi lename of the private key.

Certifi cate request fi lename:

The fi lename of the certifi cate request.

Certifi cate fi lename:

The fi lename for the public key certifi cate (must be prefi xed with ‘cert’)

CA certifi cate fi lename:

The fi lename of the CA certifi cate.

CA encryption certifi cate fi lename:

The fi lename of the CA encryption certifi cate.

CA signature certifi cate fi lename:

The fi lename of the CA signature certifi cate.

CA certifi cate fi lename prefi x:

Prefi x used for all CA certifi cates.
There are also two buttons at the bottom of the page:

Enrol Certifi cate Request

Clicking this button will send the certifi cate request to the CA for signing.

Get CA certifi cate/s

Clicking this button will retrieve the CA certifi cates from the CA server.

29

6620-3201

Using Text Commands

From the command line, the scep command can be used to retrieve CA certifi cates and enrol
certifi cate requests.

To display the current settings for SCEP enter the command:
scep <instance> ? where <instance> is 0. To change the value of a parameter use the same
command in the format:
scep <instance> <parameter> <value> where <instance> is 0. The parameters and
values are:

Parameter Values Equivalent Web Parameter

app

text Application
caencfi le

text

CA encryption certifi cate fi lename

cafi le

text

CA certifi cate fi lename

caident

text

CA Identifi er

casigfi le

text

CA signature certifi cate fi lename

certfi le

text

Certifi cate fi lename

host

text

Host

keyfi le

text

Private Key fi lename

path

text

Path

port

number Remote port
reqfi le

text

Certifi cate request fi lename

For example, to enter the path for Microsoft SCEP, enter:

scep 0 path certsrv/mscep/mscep.dll

To set the port to port 20, enter:

scep 0 port 20

30

6620-3201

4.11 Confi gure > Certifi cates > Utilities

This page contains information used to generate the private key needed before a certifi cate can be
requested from the CA.

Using the Web Page(s)

New Key Size:

The size of the private key in bits. If this parameter is set to Off, the private key will not be generated.
The key size can be anything between 384 bits and 2048 bits. The larger the key, the more secure the
connection, but also the larger the key, the slower the connection.

Private key fi lename:

Enter a name for the private key (the fi lename must be prefi xed with “priv” and have a .pem
extension).

Certifi cate request fi lename:

Enter a name for the certifi cate request (the fi lename must have a .pem extension)

The two buttons at the bottom of the page are used to generate the private key and the certifi cate
request.

Generate Private Key

Clicking this button will generate the private key.

Generate Certifi cate Request

Clicking this button will generate the certifi cate request. If the private key does not already exist, and
the appropriate fi elds are completed, the key will be generated at the same time.

Using Text Commands

From the command line the genkey command can be used to generate a private key.
To generate a private key, enter the command

genkey <instance> <keysize> <fi lename>

where:

<instance> is 0
<keysize> is the size of the key in bits
<fi lename> is the name of the private key fi le

For example, to generate a 1024 bit key called privkey.pem, enter:

genkey 1024 privkey.pem

You will see the following output:

OK

Starting 1024 bit key generation. Please wait. This may take some time...

\Key generated, saving to FLASH fi le privkey.pem
Closing fi le
Private key fi le created
All tasks completed