Westermo DR-200, MR-200 Reference Manual

Download

Page 1

Westermo Teleindustri AB • 2006

DR-200

MR-200

ADSL Router GPRS Router

www.westermo.com

Web Interface and

Command Line

Reference Guide

6622-3201

Page 2

6620-3201

Legal information

The contents of this document are provided “as is”. Except as required by applicable law, no warranties of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability and ﬁ tness for a particular purpose, are made in relation to the accuracy and reliability or contents of this document. Westermo reserves the right to revise this document or withdraw it at any time without prior notice. Under no circumstances shall Westermo be responsible for any loss of data or income or any special, incidental, and consequential or indirect damages howsoever caused. More information about Westermo can be found at the following Internet address:

http://www.westermo.com

Page 3

6620-3201

1 Introduction

Thank you for choosing a data communications product from Westermo. Westermo products are extremely versatile and may be used in a wide variety of applications. It would not be possible to describe in detail all such applications in a single guide. Consequently, this guide has been written for use by technically competent personnel with a good understanding of the communications technologies used in the product, and of the requirements for their speciﬁ c application.

Westermo design and manufacture a wide range of both wireline and wireless network routing products. For a complete, up-to-date list of current products, please visit the Westermo web site at

www.Westermo.com.

Whilst each of these models provide a different combination of hardware and software features, the basic method of conﬁ guration using the web interface or command line is the same in each case. This guide describes the operation of standard features available across the whole product range. Consequently, some of the features described in this guide may only be available on certain models or must be purchased as optional “feature packs”. You should refer to the speciﬁ cation of the particular model you have purchased to ascertain which features are supported as standard.

In addition to a comprehensive range of communications capabilities, our products provide a combination of powerful, yet easy to use, conﬁ guration, management and diagnostic tools. These include a protocol analyser, a time-stamped event log and remote management via the web interface or via a Telnet session.

In many applications, the serial ports will be conﬁ gured to appear as if they were standard “AT” modems and behave accordingly. However, many other standard protocols are supported (e.g. B- and D-channel X.25, PPP, TPAD, V.120, etc.). This makes it simple and cost-effective to migrate existing terminal equipment, which uses the analogue telephone network, to faster, more reliable and costeffective “wireline” or wireless digital services.

All major features of the unit can be conﬁ gured using a standard Web browser. This can be done locally (via a serial or LAN port), or remotely via a WAN connection. A built-in Web-server and ﬂ exible FLASH-memory based ﬁ ling system mean that the unit can also be customised to provide application speciﬁ c functions, statistics and diagnostic information

1.1 Typographical Conventions

Throughout this manual certain typographical conventions are used as follows:

Text Type Meaning

Text like this ... is standard text.

Note: Text like this ...

indicates points that are of particular importance.

Text like this ...

indicates commands entered by the user at the command line.

Text like this ...

indicates responses from the unit to commands you enter at the command line.

Conﬁ gure > Save refers to the unit’s web-based menu system.

Page 4

6620-3201

2 Using the Web interface

To access the built-in web pages using a web browser (e.g. Internet Explorer), there are two options.

2.1 Access Via a LAN Port

To access the unit through a LAN port you should assign your PC an IP address on the 192.168.0.0/ 24 network (for example use an IP address of 192.168.0.1 and a mask of 255.255.255.0).

Next, either connect an Ethernet crossover cable between the LAN ports on your router and PC, or ensure that both devices are connected to an Ethernet hub/switch on the same network. You should then be able to access the unit’s web, Telnet and FTP services on the IP address 192.168.0.99.

Note:

All models are auto-sensing for 10/100 operation. However, only the more recent models are also auto MDI/MDI-X, i.e. will automatically work with either a straight-through or cross-over cable.

2.2 Access Via a Serial Port

To access the web interface through one of the unit’s serial ports (using Windows dial-up networking) follow the steps below.

Note:

To use Dial-up Networking you must have the TCP/IP > Dial-up adapter installed in the Network Conﬁ guration for Windows. Check this by selecting Settings > Control Panel >

Network > Conﬁ guration.

2.2.1 Installing the Driver File

You will need to install the “SARIAN_MULTI_PORT.INF” driver ﬁ le and create a Windows PPP Dial up Networking connection (DUN) for the unit as described below. It is assumed that you already have a basic knowledge of Windows networking concepts and terminology.

The precise procedure for installing the .inf driver ﬁ le for the unit will vary slightly between different versions of Windows. The following description applies to Windows XP.

Start by selecting

Start > Control Panel > Phone and Modem Options. You must be in Classic View.

Select the Modems tab. Click on Add… to install a new modem driver. Check the Don’t detect my modem, I will select it from a list option before clicking Next >

You will see a list of the manufacturers and models of modem currently available on your system. Insert the CD supplied into the CD drive and click on Have Disk…. Use the Browse button to locate the SARIAN_MULTI_PORT.INF ﬁ le on the drive CD supplied with

your unit. This will be in the appropriate Windows version sub-directory of the drives folder, e.g.

Page 5

6620-3201

win95-98. A list of routers will appear in the Models list.

Each entry in the list is the same driver, set up for a different COM port. Choose the entry corresponding to the COM port your router is connected to, and click Next >. The

wizard will ask you which COM port you wish to install the modem on.

Select the appropriate port and click Next >, and Windows will install the driver. Once installation is complete click Finish to return to the Phone and Modem Options dialog, where your unit will be listed.

Click on the OK button if you are satisﬁ ed with the installation.

Note:

During the installation you may receive a warning that the driver is not digitally signed. Click on

Continue Installation to install the driver.

2.2.2 Creating A New Dial-Up Network Connection

You now need to create a new DUN connection through which you can access your unit.

If you are planning to connect the unit directly to your PC for conﬁ guration purposes, connect it to the appropriate COM port now using a suitable serial cable.

If you wish to conﬁ gure a remote unit, make sure it is connected to a suitable ISDN line and make a note of the ISDN number.

From the Windows Start menu, select

All Programs > Accessories > Communications > New

Connection Wizard

. You will be presented with the New Connection Wizard introduction screen. Click

on Next > to proceed to the Network Connection Type dialog. Select the Connect to the network at my workplace radio-button then click on Next >. Select the Dial-up connection radio-button then click on Next >. From the Select a Device dialog, select the unit you have just installed and make sure that any other

devices in the list are unchecked. Click Next >. You must now enter a name for the connection. It is helpful to choose a name that you will easily remember such as “My Local Westermo” or “DR-200 - Bristol Ofﬁ ce”. Click Next >. The following dialog allows you to ﬁ ll in the phone number for the connection.

If the connection is being created for direct local access using a COM port, you should set the phone number to 123. This number will be intercepted by the unit and recognised as an attempt to connect locally.

If the connection is being created for remote access, enter the correct ISDN telephone number (including the area code) for the remote unit.

When you have done this click Next >. The ﬁ nal dialog screen will conﬁ rm that the connection has been created and includes a check box to allow you to create a shortcut on your desktop if necessary. Click on Finish to complete the task.

Page 6

6620-3201

2.2.3 Conﬁ guring the New DUN Connection

The new DUN connection that you have just created may now be used to connect to the unit but before you do this, you will need to check some of the conﬁ guration properties.

Click on the Start button and select

Connect To > My Westermo Router (substituting the connection

name you chose).

Click on the Properties button to display the properties dialog for the connection.

On the General tab, click the Conﬁ gure… button to display the Modem Conﬁ guration dialog.

Make sure that the Maximum speed (bps): value is set to 115200 and that the Enable hardware ﬂ ow control box is checked.

Click OK when you have ﬁ nished to return to the main properties dialog. Now select the Networking tab.

Make sure that the Type of dial-up server I am calling is set to PPP: Windows 95/98/NT/ 2000, Internet and click on Settings:

Make sure that all three options are unchecked before clicking OK to return to the Networking tab. In the This connection uses the following items list, Internet Protocol (TCP/IP) should be the only item that is checked. Make sure that this is the case and then click OK to return to the main dialog. You are now ready to initiate a connection.

2.2.4 Initiating a DUN Connection

In the main dialog, you are asked to enter a username and password. The default settings for your unit are “username” and “password” respectively but you should change as soon as possible in order to prevent unauthorised access to your unit (refer to the section entitled

Conﬁ gure > Users for

instructions on how to do this). The username is not case sensitive, but the password is.

Note:

When you type the password it will appear as a series of dots to ensure privacy. Once you have entered these, initiate a connection to your unit by clicking the Dial button. During the

dialling and connection process, you may see a series of status dialog boxes and, if the connection is successful, the ﬁ nal dialog box will indicate that the PPP login has been authenticated.

After a short delay, this dialog will minimise to a “linked computers” icon in the Windows taskbar.

You should now be ready to access the built-in web pages using your Web browser. The default “web address” for the unit is 1.2.3.4. By default, this is also mapped to the system IP hostname ss.2000r.

You will need a valid username and password to access the web interface. Once again, the default settings are username and password respectively. If these values do not allow access, you should contact your system administrator.

Page 7

6620-3201

3 Using the command line interface

Using a Web browser to modify text box or table values in the conﬁ guration pages is the simplest way to conﬁ gure the unit and this process is described in the next chapter. However, if you do not have access to a Web browser, the unit can be conﬁ gured using text commands. These commands may be entered directly at one of the serial ports or via a Telnet session. Remote conﬁ guration is also possible using Telnet or X.25.

To use the serial ports you will need a PC and some communications software such as HyperTerminal™ (supplied with Windows) or TeraTerm™. The same commands may also be used to conﬁ gure the unit remotely via Telnet, X.25 or V.120.

There are several types of text command:

AT Commands & S Registers

AT commands (pronounced “ay tee”) and Special registers (S registers) are supported in order to maintain compatibility with modems when the unit is used as a modem replacement.

Application Commands

Application commands are speciﬁ c to Westermo products and are used to control most features of the unit when not using the Web interface.

X.3 Commands

These are standard X.3 commands which are used only in X.25 PAD mode

TPAD Commands

These are used only in TPAD mode.

3.1 The “AT” Command Interface

3.1.1 Command Preﬁ x

The “AT” command preﬁ x is used for those commands that are common to modems. To conﬁ gure the unit using AT commands you must ﬁ rst connect it to a suitable asynchronous terminal.

You will ﬁ rst need to set the interface speed/data format for your terminal to 115,200bps, 8 data bits, no parity and 1 stop bit (these settings can be changed later if necessary).

When your terminal is correctly conﬁ gured, apply power and wait for the B2 indicator to stop ﬂ ashing. Unless you have previously conﬁ gured the unit to automatically connect to a remote system on power-up, it will now be ready to respond to commands from an attached terminal and is in “command mode”.

Now type “AT” (in upper or lower case), and press [Enter]. The unit should respond with the message “OK”. This message is issued after successful completion of each command. If an invalid command is entered, the unit will respond with the message “ERROR”.

Note:

For consistency AT commands are shown in upper case throughout this guide.

If there is no response, check that the serial cable is properly connected and that your terminal or PC communications software is correctly conﬁ gured before trying again. If you have local command echo enabled on your terminal, you may see the AT command displayed as “AATT”. If this happens you may use the “ATE0” command (which will appear as “AATTEE00”), to prevent the unit from providing command echo. After this command has been entered, further commands will be displayed without the echo. The “AT” command preﬁ x and the commands that follow it can be entered in upper or lower case. After the preﬁ x, you may enter one or more commands on the same line of up to 40 characters. When the line is entered, the unit will execute each command in turn.

Page 8

6620-3201

3.1.2 The Escape Sequence

If you enter a command such as “ATD”, which results in the unit successfully establishing a connection to a remote system, it will issue a “CONNECT” result code and switch from command mode to on-line mode. This means that it will no longer accept commands from the terminal. Instead, data will be passed transparently through the unit to the remote system. In the same way, data from the remote system will pass straight through to your terminal.

The unit will automatically return to command mode if the connection to the remote system is terminated. To return to command mode manually, you must enter a special sequence of characters called the “escape sequence”. This consists of three occurrences of the “escape character”, a pause (user conﬁ gurable) and then “AT”. The default escape character is “+” so the default escape sequence is:

+++ {pause} AT

Entering this sequence when the unit is on-line will cause it to return to command mode but it will NOT disconnect from the remote system unless you speciﬁ cally instruct it to do so (using “ATH” or another method of disconnecting). If you have not disconnected the call, the “ATO” command may be used to go back on-line.

3.1.3 Result Codes

Each time an AT command line is executed, the unit responds with a result code to indicate whether the command was successful. If all commands entered on the line are valid, the “OK” result code will be issued. If any command on the line is invalid, the “ERROR” result code will be issued.

Result codes may take the form of an English word or phrase (verbose code) or an equivalent number (numeric code), depending on the setting of the “ATV” command. Verbose codes are used by default. The “ATV0” command can be used to select numeric codes if required. A full list of the Result codes is provided in the following table:

The “AT” command preﬁ x and the commands that follow it can be entered in upper or lower case. After the preﬁ x, you may enter one or more commands on the same line of up to 40 characters. When the line is entered, the unit will execute each command in turn.

Numeric Code Verbose Code Meaning

0 OK Command line executed correctly 1 CONNECT ISDN connection established 2 RING Incoming ring signal detected 3 NO CARRIER X.25 service not available 4 ERROR Error in command line 6 NO DIALTONE ISDN service not available 7 BUSY B-channel(s) in use 8 NO ANSWER No response from remote

“S” Registers

“S” (Special) registers are registers in the unit that are used to store certain types of conﬁ guration information. They are essentially a “legacy” feature included to provide compatibility with software that was originally designed to interact with modems. A full list of the registers is provided under the section heading “S registers”.

Page 9

6620-3201

3.2 Westermo Application Commands

The unit also supports numerous text-based “application” commands that are speciﬁ c to Westermo products and do not require the “AT” preﬁ x. Some of these are generic i.e. they are related to the general operation of the unit; others are application or protocol speciﬁ c.

Application commands may be entered via any of the serial ports but if you are using ASY 0 or ASY 1 with auto-speed detection enabled (which is not possible on ports 2, 3, etc.), you must ﬁ rst lock the interface speed to the same as that of your terminal. To do this ﬁ rst ensure that the unit is responding to AT commands correctly and then enter the command:

AT\LS

The speed will remain locked until the unit goes on-line and then off-line again, the power is removed or the unit is reset. Once the port speed has been locked, “AT” commands will still work but you may also use the application commands.

Remember that if you subsequently re-enable auto-speed detection on the port it will disable the use of application commands until the “AT\LS” command has been re-entered or the port speed has been set to a speciﬁ c speed using “S31”. For example, to set the port speed at 19,200bps enter the command:

ATS31=6

then change your terminal settings to match.

Note:

Speed locking is not necessary when you use the text commands via a Telnet session.

Westermo application commands (referred to just as text commands throughout the remainder of this guide), can be entered in upper or lower case but unlike “AT” commands, only one command may be entered on a line. After each successful command, the “OK” result code will be issued. An invalid command will cause the “ERROR” result code to be issued.

The general syntax for an application commands is:

<cmd_name> <instance> <param_name> <value>

where:

<cmd_name> is the name of the command <instance> is the instance number for the entity that you are conﬁ guring. <param_name> is the name of the parameter that you wish to conﬁ gure. <value> is the new value for the speciﬁ ed parameter.

For example, to set the window size to 5 for X.25 PAD instance 1 you would enter:

pad 1 window 5

Even if there is only once instance of particular entity, you should only enter 0 for the instance number.

3.2.1 The Active Port

When entering “AT” or text commands it is important to understand that in most cases, the command only affects the settings for the “active” port. This is usually the port to which you are physically connected but you may, if necessary, set the active port to another port of your choice using the “AT\ PORT=N” command where “N” is 0-3.

3.3 Establishing a Remote Connection

Once you have ﬁ nished conﬁ guring the unit, there are several ways of establishing a link to a remote system:

Page 10

6620-3201

♦ An outgoing V.120 call may be made using the “ATD” command ♦ You can initiate a DUN session to establish a dial-up PPP connection. ♦ An outgoing X.25 call may be made using the “ATD” command followed by the X.28 CALL command. ♦ An outgoing TPAD (Transaction PAD) call may be made by using the TPAD “a” (address) command followed by the appropriate NUA (this is normally only carried out under software control).

Similarly, incoming calls will be handled according to which protocols have been bound to the ASY ports and whether or not answering is enabled for each protocol.

Page 11

6620-3201

4 Conﬁ guring your unit

This section describes the various conﬁ guration parameters for the unit and how to set or change them using the built-in web pages or the text commands. Conﬁ guration using the Web pages is achieved by entering the required values into text boxes or tables on the page, or by turning features on or off using checkboxes. The same results can be achieved entering the appropriate text commands via one of the serial ports.

4.1 Logging In

To conﬁ gure the unit via the Web interface, either establish a DUN connection to it and then open your web browser and enter 1.2.3.4 for the web address, or enter the unit’s Ethernet IP address (192.168.0.99) into your web browser after conﬁ guring your PC to have an address on the same subnet. You will be presented with a login page.

The default Username and Password are “username” and “password” respectively. Enter these and click the Login button to access the conﬁ guration pages. The password will be displayed as a series of dots for security purposes. Correct entry of the username and password will display the main operations page.

Clicking on the Click to load Applet graphics! button will display a representation of the front panel of your unit that will be updated every few seconds to show the actual status of the LED indicators. The model number of your unit will be shown at the top of the screen. The unit’s serial number and ID are shown below the front panel representation.

Down the left side of the page you will see a directory tree listing the various folders and pages that are available.

Each folder may be preceded by a small “+” symbol and a closed folder icon indicating that it can be expanded to reveal sub-pages or folders. To do this, click anywhere on the appropriate line. The closed folder icon will change to an open folder icon and the “+” symbol will change to “-”. Clicking on the line again will hide the sub-options. Where there are no sub-pages, a web-page icon is shown next to the page title. Clicking on this will display the associated web page. The following sections describe how to use these pages to conﬁ gure and monitor the operation of your unit.

Page 12

6620-3201

4.2 Conﬁ guring and Testing GPRS Models

Refer to the Conﬁ gure > GPRS Module section of this guide to conﬁ gure your router for the correct APN and PIN code (if any).

You can now power up your unit and test connection to the GPRS network. If you have correctly conﬁ gured everything, the GPRS SIM indicator on the front panel should illuminate green to show that a GPRS enabled SIM card is present. The unit will now attempt to log on to the speciﬁ ed GPRS network and if it is able to do so, the GPRS NET indicator will illuminate steady. Data passing to and from the network will be reﬂ ected by the status of the DAT indicator, which will ﬂ ash alternatively red and green. If you are unable to connect to the network, go to the Status > GPRS Module web page and press the Refresh button.

Note:

The signal strength is shown in “negative dB”, which means that the stronger the signal, the lower the number. As a guide -51dB would be a very strong signal, only normally obtained very close to a cell site. -115dB represents no signal. If your unit reports -115dB try reorienting the antenna or consider adding an external antenna.

4.2.1 Signal Strength Indicators

On units equipped with GPRS modules, there are three LED’s on the front panel that will indicate the strength of the signal, as shown in the table below.

LED’s Lit Signal Strength

None Under -113 dBm (effectively no signal) 1 -111 dBm to -87 dBm (weak signal) 2 -85 dBm to -71 dBm (medium strength signal) 3 -69 dBm to -51 dBm (strong signal)

The minimum recommended strength indication is 2 LED’s. If you have no or 1 LED’s lit, it is recommended that you ﬁ t an external antenna to the unit.

4.3 The Conﬁ guration Pages

Click on the Conﬁ gure closed folder icon. The folder will open to show its contents.

You will see a list of web pages and sub-folders containing further web pages. Each page allows you to conﬁ gure parameters that are related to a particular function or protocol. For example, the Ethernet page allows you to set up the unit’s IP address, DNS server address etc.

A page will contain a mixture of text-boxes, check boxes and/or list-boxes. To conﬁ gure a particular item simply select the appropriate value from a list, type in into a text-box the appropriate value from a series of checkboxes.

When you have ﬁ nished making changes on a particular page, click on the OK button to accept the changes or CANCEL to revert to the existing values.

Note:

Pressing OK will save the changes you have made for the current session only i.e. they will be lost if the unit when the power is removed. If you wish to save the changes more permanent, make sure that you save them to non-volatile memory as described in Saving Conﬁ guration Changes.

The following sections describe each of the conﬁ guration pages in detail. They ﬁ rst explain each of the parameters or options shown on the web page. This is followed by a description of the equivalent text commands.

Page 13

6620-3201

4.4 Conﬁ gure > ADAPT

The unit incorporates two “Adapt” (rate adaptation protocol) instances. Each instance allows you to select and conﬁ gure the protocol to be used for providing rate adaptation over an ISDN B channel. The supported protocols are V.110, V.120 and X.75. Depending on which protocol is selected, there may be an associated LAPB instance (distinct from the two general purpose LAPB instances), as for example, when V.120 is used in error corrected (Multi-frame) mode.

Using the Web Page(s)

V120 mode:

When the V mode parameter (see below), has been set to “V120”, the V120 mode parameter allows you to select “Unacknowledged”, “Multi-frame” or “Multi-frame/Fallback” mode for V.120 operation.

“Unacknowledged” mode is the simplest mode and does not provide error control. “Multi-frame” mode provides error control but may only be used if the remote system also supports this mode. In “Multi-frame/Fallback” mode, the unit will attempt to establish a multi-frame error controlled link

but will allow a connection in Unacknowledged mode if the remote unit does not support error control.

MSN:

This parameter provides the ﬁ lter for the ISDN Multiple Subscriber Numbering facility. It is blank by default but when set to an appropriate value it will cause the unit to answer only incoming calls to telephone numbers where the trailing digits match that value (if answering is enabled). For example setting MSN to 123 will prevent the unit from answering any calls to numbers that do not end in 123.

Sub-address:

This parameter provides the ﬁ lter for the ISDN sub-address facility. It is blank by default but when set to an appropriate value with answering enabled, it will cause the unit to answer incoming calls only to ISDN numbers where the trailing digits of the sub address called match that value. For example, setting the Sub-address parameter to 123 will prevent the unit from answering any calls to numbers where the sub address does not end in 123.

CLI:

Calling Line Identiﬁ cation. The unit will only answer calls from numbers whose trailing digits match what is entered in this ﬁ eld. The line the unit is connected to must have CLI enabled by the telecoms provider, and the calling number cannot be withheld.

V mode:

This parameter allows you to specify which rate adaptation protocol to use and can be set to one of the following:

Option Description

V.120 Mode

This allows one B-channel to carry multiple sub-rate channels in a succession of statistically multiplexed (variable-length) frames. These frames support error detection and correction procedures if selected under V120 mode (above).

V.110 Mode

V.110 is a ﬁ xed-frame based rate adaptation standard that subdivides the ISDN B-channel capacity so that it can carry one lower speed (sub-rate) data channel.

V110/V120 Detect This mode detects which protocol (V.110 or V.120) the remote host is using. X75 Transparent This selects bit transparent X.75 mode of operation.

X75 T.70 NL

This option generates T.70 NL telematic preﬁ xes that are required by some ISDN terminal adapters.

Page 14

6620-3201

V110 user rate:

This parameter allows you to specify the data rate to be used on ISDN when operating in V.110 mode.

V110 ﬁ xed rate:

This parameter can be set to Yes to prevent the V.110 protocol from changing the data rate.

Direct sync mode:

This parameter allows you to replace the standard V120 frame header with the 0xff character. The data received on the ASY port can then be considered to be written directly onto the sync ISDN line (apart from the 0xff header in each frame).

Socket mode:

This parameter allows you to connect using a TCP socket rather than an ISDN line.

IP address:

The IP address of the TCP socket the router is connecting to in Socket mode.

IP port:

The port number of the TCP socket the router is connecting to in Socket mode.

Listening IP port:

The port number the router is listening on in Socket mode.

LAPB Conﬁ guration:

The following parameters are only used if a V.120 connection is established in Multi-frame mode:

N400 counter:

This is the standard LAPB/LAPD retry counter. The default value is 3 and it should not normally be necessary to change this.

RR timer (ms):

This is a standard LAPB/LAPD Receiver Ready timer. The default value is 10,000ms (10 seconds) and it should not normally be necessary to change this.

T1 timer (ms):

This is a standard LAPB/LAPD timer. The default value is 1000 milliseconds and under normal circumstances, it should not be necessary to change it.

T200 timer (ms):

This is a standard LAPB/LAPD re-transmit timer. The default value is 1000 milliseconds and under normal circumstances, it should not be necessary to change it.

Using Text Commands

To conﬁ gure rate adaptation parameters via the command line use the adaptcommand. To display current settings for “adapt 0” enter the command:

adapt 0 ?

To change the value of a parameter use the command in the format:

adapt <instance> <parameter> <value> where <instance> is 0 or 1.

Page 15

6620-3201

The parameters and values are:

Parameter Values Equivalent Web Parameter

cli number CLI dial_retries number

dsync off, on Direct sync mode ﬁ xed_rate off, on V110 ﬁ xed rate ip_addr number IP address ip_port number IP port leased_line off, on

lip_port number Listening IP port

msn

number MSN

msnv110 number MSN for V.110

multi 0,1,2

Mode: 0=unacknowledged, 1=multi-frame, 2=multi-frame/ fallback

sockmode 0, 1

Socket mode: 0=Off 1=TCP

sub number Sub-address

user_rate 5,6,7,8,9,10,11

V110 User Rate: 5=38400, 6=19200, 7=9600, 8=4800, 9=2400, 10=1200, 11=600

vmode 0,1,2,3,4

V Mode: 0=V120 mode, 1=V110 mode, 2=V110/V120 detect, 3=X75 Transparent, 4=X75 T.70 NL

Dial Retries

If an ISDN connection is established, but rate adaption is not negotiated, this parameter will allow the unit to drop the connection and redial it.

Leased Line

This parameter will allow the unit to automatically attempt to maintain the connection once it has been established. A connection can be disconnected by the unit if it is instructed to do so, but if the connection is lost due to an error, it will continually redial. In other words, if the unit is not responsible for a disconnection, redialling will take place.

To change the values of the LAPB parameters for rate adaptation, use the

lapb command. Note that

LAPB 2 is used for “adapt 0” and LAPB 3 is used for “adapt 1”.

Page 16

6620-3201

4.5 Conﬁ gure > Analyser

Your unit can be conﬁ gured to maintain a trace of activity taking place at the various ports and of the layer 2 and 3 protocols. Trace information is stored in a circular buffer in memory. When the buffer is full, the storage of new trace data starts at the beginning of the buffer again (overwriting the oldest data). This buffer appears in the ﬁ le directory as a pseudo-ﬁ le called “ANA.TXT”.

The following is a typical trace showing activity on the D-channel:

----- 4-5-2002 13:11:50.260 ------ L2 DCHAN SABME from NT to TE: COMMAND POLL SAPI=10, TEI=01, 42,03,7F,

---------

----- 4-5-2002 13:11:50.260 -----L2 DCHAN UA from TE to NT: RESPONSE FINAL SAPI=10, TEI=01, 42,03,73,

----- 4-5-2002 13:11:50.330 ------ L2 DCHAN I FRAME from NT to TE: COMMAND SAPI=10, TEI=01, NS=00, NR=00, 42,03,00,00,

X25 RESTART from DCE to DTE: LCG=0 LCN=0 PTI 10, 00, FB, 07 00 ..

---------

----- 4-5-2002 13:11:50.330 -----L2 DCHAN I FRAME from TE to NT: COMMAND SAPI=10, TEI=01, NS=00, NR=01, 40,03,00,02,

X25 RESTART CONFIRMATION from DTE to DCE: LCG=0 LCN=0 PTI 10, 00, FF,

---------

Both B and D-channel analysis can be enabled simultaneously if necessary and you can select which LAPB and LAPD sources you wish to include in the trace by checking the appropriate boxes.

Using the Web Page(s)

The Conﬁ gure > Analyser web page allows you to turn the analyser “On” or “Off” and to determine what information is included in the trace using the following parameters:

Analyser:

This parameter is used to turn the protocol analyser “On” or “Off”.

Protocol layers:

The check boxes shown under this heading are used to specify which protocol layers are included in the protocol analyser trace. You can choose to generate a trace of the physical layer (Layer 1), the Link Layer (Layer 2) protocol, the Network Layer (Layer 3) protocol or any combination, by checking or clearing the appropriate check-boxes. In addition, you may select XOT (X.25 over TCP/IP) tracing if this feature is included in your product.

IKE:

This checkbox is used to enable or disable the inclusion of IKE packets in the analyser trace when using IPSec.

Page 17

6620-3201

SNAIP:

This checkbox is used to enable or disable the inclusion of SNAIP packets in the analyser trace.

ISDN sources:

The group of check boxes shown under this heading are used to select the ISDN channels (D, B1 and B2) that will be included in the trace. To include or exclude a speciﬁ c LAPB or LAPD instance from the trace ensure that the appropriate checkbox is checked or cleared respectively.

ASY sources:

The group of checkboxes shown under this heading is used to select the ASY ports that will be included in the trace. To include a trace of commands issued to and responses from a particular port, ensure that the appropriate box is checked. The list of available ports will include the physical ASY ports, internal “virtual ASY ports” (if present) and ports used by built-in GPRS/PSTN modems.

Raw sync sources:

The group of checkboxes shown under this heading are is to select the synchronous sources to be included in the trace. These include the ISDN channels D, B1 and B2 and any other synchronous ports/protocols that your unit may include (e.g. physical port 1, 2, etc.). This feature is especially useful for monitoring data transferred over ISDN when the higher layer protocol does not record data in the trace (e.g.V.120).

Max I-PAK size:

The text-box labelled Max I-PAK Size allows you to specify the maximum number of bytes from each X.25 Information Frame that will be included in the trace. Frames that are larger than this value are truncated. Bear in mind that the larger this value, the quicker the “ANA.TXT” pseudo-ﬁ le (in which the trace output is stored), will become full so that the effective length of the trace is reduced. The default value of 128 should be suitable in most cases.

PPP sources:

The group of checkboxes shown under this heading may be used to select the PPP sources to be included in the trace.

IP sources:

The group of checkboxes shown under this heading may be used to select the IP sources to be included in the trace. These sources include IP packets transmitted over PPP and ETH instances.

Ethernet sources:

The group of checkboxes shown under this heading may be used to select the Ethernet port sources to be included in the trace.

ATM PVC sources:

The group of checkboxes shown under this heading may be used to select the ADSL ATM PVCs to include in the analyser trace.

IP ﬁ lters:

This text box is used to prevent the tracing of packets to or from speciﬁ c TCP or UDP ports. The format of this text box is a comma-separated list of port numbers. For example, you may wish to exclude tracing of HTTP trafﬁ c that would otherwise swamp the data of interest. This can be done by entering “80” in the IP Filters box.

At the bottom of the page, the

OK and Cancel buttons may be used to save or cancel any changes

respectively.

Page 18

6620-3201

Using Text Commands

From the command line, the ana command can be used to conﬁ gure the protocol analyser. To display the current settings for the analyser enter the command: ana <instance> ? where <instance> is 0 (there is only one instance of the Analyser). To change the value of a parameter use the same command in the format:

ana 0 <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

anon

off, on Analyser

asyon

1-15 ASY source ikeon off, on IKE ipﬁ lt number list IP ﬁ lters l1on off, on Protocol layers - layer 1 l2on off, on Protocol layers - layer 2 l3on off, on Protocol layers - layer 3 lapbon 1-3 ISDN sources - LAPB lapdon 1-7 ISDN sources - LAPD maxdata number Max I-PAK size

syon

1-15 Raw sync sources xoton off, Protocol layers - XOT

For example, to turn the analyser on, enter:

ana 0 anon on

To clear the existing contents of the analyser trace prior to starting a new trace session, use the following command:

ana 0 anaclr

Page 19

6620-3201

To include or exclude trace information from the various possible sources, use the appropriate command from the above table in conjunction with the required value from the following tables:

ASY sources:

Value ASY 3 ASY 2 ASY 1 ASY 0

0 OFF OFF OFF OFF 1 OFF OFF OFF ON 2 OFF OFF ON OFF 3 OFF OFF ON ON 4 OFF ON OFF OFF 5 OFF ON OFF ON 6 OFF ON ON OFF 7 OFF ON ON ON 8 ON OFF OFF OFF 9 ON OFF OFF ON 10 ON OFF ON OFF 11 ON OFF ON ON 12 ON ON OFF OFF 13 ON ON OFF ON 14 ON ON ON OFF 15 ON ON ON ON

Ethernet, IP or PPP sources:

These are a special case and cannot be conﬁ gured from the command line using the ana command. Instead, these sources must be turned on or off from the command line by using the appropriate ppp or eth commands. For example to turn IP tracing on for PPP instance 1 enter the following command:

ppp 1 ipanon on

For example to turn PPP tracing on for PPP instance 1 enter the following command:

ppp 1 pppanon on

To turn IP tracing on for Ethernet instance 0 enter the following command:

eth 0 ipanon on

This tracing can also be turned on or off in the web page entries for the Ethernet and PPP instances.

LAPB sources:

Value LAPB 1 LAPB 0

0 OFF OFF 1 OFF ON 2 ON OFF 3 ON ON

Page 20

6620-3201

LAPD sources:

Value LAPB 2 LAPB 1 LAPB 0

0 OFF OFF OFF 1 OFF OFF ON 2 OFF ON OFF 3 OFF ON ON 4 ON OFF OFF 5 ON OFF ON 6 ON ON OFF 7 ON ON ON

Raw Sync sources:

Value

Physical Port 1

Physical Port 0

ISDN B2 ISDN B1 ISDN D

0 OFF OFF OFF OFF OFF 1 OFF OFF OFF OFF ON 2 OFF OFF OFF ON OFF 3 OFF OFF OFF ON ON 4 OFF OFF ON OFF OFF 5 OFF OFF ON OFF ON 6 OFF OFF ON ON OFF 7 OFF OFF ON ON ON 8 OFF ON OFF OFF OFF 9 OFF ON OFF OFF ON 10 OFF ON OFF ON OFF 11 OFF ON OFF ON ON 12 OFF ON ON OFF OFF 13 OFF ON ON OFF ON 14 OFF ON ON ON OFF 15 OFF ON ON ON ON 16 ON OFF OFF OFF OFF 17 ON OFF OFF OFF ON 18 ON OFF OFF ON OFF 19 ON OFF OFF ON ON 20 ON OFF ON OFF OFF 21 ON OFF ON OFF ON 22 ON OFF ON ON OFF 23 ON OFF ON ON ON 24 ON ON OFF OFF OFF 25 ON ON OFF OFF ON 26 ON ON OFF ON OFF 27 ON ON OFF ON ON 28 ON ON ON OFF OFF 29 ON ON ON OFF ON 30 ON ON ON ON OFF 31 ON ON ON ON ON

Page 21

6620-3201

4.6 Conﬁ gure > ASY Ports

Each ASY (serial) port can be independently conﬁ gured for interface speed, parity, command echo, etc. These parameters can be set via the appropriate

Conﬁ gure > ASY Port web page or from the

command line using AT commands and S registers.

Using the Web Page(s)

The Conﬁ gure > ASY Ports folder icon opens to list a page for each of the asynchronous serial ports (usually ASY 0, 1, 2 & 3).

Note:

On models ﬁ tted with GPRS one of the pages will be entitled GPRS port. Similarly, on models ﬁ tted with an analog modem, one of the pages will be entitled PSTN port.

Each page allows you to conﬁ gure the following port parameters:

Answer ring count (S0):

This parameter controls the answering of incoming V.120 calls. When set to zero, V.120 answering is disabled, otherwise V.120 answering is enabled on this port. The actual value used for this parameter sets the number of rings the unit will wait before answering. This is equivalent to setting the value of the “S0” register for the relevant ASY port.

DCD:

The DCD parameter is used to conﬁ gure the way in which the unit controls the DCD signal to the

terminal.

Setting this parameter to “Auto” conﬁ gures the unit so that it will only turn the DCD signal on when an ISDN connection has been established (this is equivalent to “AT&C1”). Selecting “On” conﬁ gures the unit so that the DCD signal is always on when the unit is powered-up (this is equivalent to “AT&C0”). Selecting “Off” conﬁ gures the unit so that the DCD signal is normally on but goes off for the length of time speciﬁ ed by S10 after a call is disconnected (this is equivalent to “AT&C2”).

DTR control:

The DTR control parameter is used to conﬁ gure the way in which the unit responds to the DTR signal from the terminal. Setting this parameter to “None” conﬁ gures the unit so that the DTR signal from the attached terminal is ignored (this is equivalent to AT&D0).

Selecting to “Drop Call” conﬁ gures the unit so that it will disconnect the current call and return to AT command mode when the DTR signal from the terminal goes from on to off (this is equivalent to “AT&D1”). Selecting to “Drop Line & Call” conﬁ gures the unit so that it will disconnect the current call, drop the line and return to AT command mode when the DTR signal from the terminal goes from On to Off (this is equivalent to “AT&D2”).

DTR de-bounce time (x20ms):

The value of this parameter determines the length of time (in multiples of 20ms), for which the DTR signal from the terminal must go off before the unit acts upon any options that are set to trigger on loss of DTR. Increasing or decreasing this value makes the unit less or more sensitive to “bouncing” of the DTR signal respectively.

Echo:

This parameter can be used to turn command echo “On” or “Off” when using the text command interface. Turn command echo off if your terminal provides local command echo itself.

Escape character:

This parameter determines which character is used in the escape sequence. The value of this

Page 22

6620-3201

parameter is the decimal ASCII code for the character, normally 43 (“+” symbol). Changing this parameter has the same effect as changing the “S2” register.

Escape delay (x20 ms):

This parameter deﬁ nes the required minimum length of the pause (in multiples of 20ms), in the escape sequence between entering three escape characters and then entering “AT”.

Flow control:

The unit supports software ﬂ ow control using XON/XOFF characters and hardware ﬂ ow control using the RS232 RTS and CTS signals. Use this drop-down list to select “Software”, “Hardware” or a combination of “Both”. To disable ﬂ ow control select the “None” option.

Interface speed:

This parameter allows you to select the interface speed from a drop down list. Select the required speed (from 300bps to 115,200bps), or for ASY 0 or ASY 1 only you may select the “Auto” option to allow automatic speed detection from the AT commands entered at the port.

Result codes:

This parameter is used to select “Numeric”, “Verbose” or no result codes (“None”) when using the text command interface.

Parity:

This parameter is used to set the ASY port parity to “Even”, “Odd” or “None” as required.

Disable Port:

This parameter will disable the ASY port from the software stack. The ASY port will not be able to send data and any data received will be discarded.

Forwarding Timeout(x10ms)

This parameter is the length of time the unit will wait for more data after receiving at least one byte of data through the serial port and before transmitting it onwards. This timer is reset each time more data is received. The unit will forward the data onwards when either the forwarding timer expires or the input buffer is full. This parameter applies to ADAPT, TCPDIAL, TCPPERM and PANS.

Power-up proﬁ le:

This parameter can be set to 0 or 1 to determine which of the two stored proﬁ les is loaded when the unit is ﬁ rst powered up.

The two buttons at the bottom of the page are used to save/load the above settings to/from the “SREGS.DAT” ﬁ le. You may create two stored proﬁ les for each available ASY port containing the settings detailed on this page, all of which are contained in “SREGS.DAT”.

Load Proﬁ le

Clicking this button loads the proﬁ le speciﬁ ed in the list box to the right.

Save Proﬁ le

Clicking this button will store the current settings to the proﬁ le speciﬁ ed in the list box to the right.

Page 23

6620-3201

Using Text Commands

ASY ports are conﬁ gured from the command line using “AT” commands and “S” registers:

Cmd/S-reg Description

E Echo V Verbose mode Z Load proﬁ le &C DCD control &D DTR response &K Flow control &W Store proﬁ le &Y Power-up proﬁ le S0 Answer Ring count S1 Ring count S2 Escape character S12 Escape delay S15 Forwarding register S23 Parity S31 ASY port speed S45 DTR de-bounce time (x10ms) S99 Disable Port

To save any changes you have made to the proﬁ les in command mode, use the “AT&W” command.

Page 24

6620-3201

4.7 Conﬁ gure > TRANSIP ASY Ports

TransIP is a method of using virtual ASY ports for serial connections, in effect multiplying the number of concurrent serial connections to a unit.

Using the Web Page(s)

TransIP #:

The TransIP port number. Each TransIP is assigned a separate virtual ASY port.

ASY port:

The virtual ASY port number assigned to the TransIP instance.

TCP port:

The TCP port number to listen on.

TCP remote port:

TransIP can be conﬁ gured to actively connect on a TCP socket (i.e. make outgoing socket connections). If this parameter is set it deﬁ nes the TCP port number to use when TransIP is making TCP socket connections. When this parameter is set to zero, TransIP is listening only on the port deﬁ ned in the

TCP Port parameter.

Host:

The Hostname or IP address to which TransIP will make outward TCP connections.

Keep Alive(s):

This parameter deﬁ nes the amount of time (in seconds) a connection will stay open without any trafﬁ c being passed.

Stay connected mode:

When this parameter is set to “On” the socket will not be cleared by the unit) at the end of a transaction, data call or data session (depending on what the TransIP ASY port was bound to and protocol it was implementing). For example, if the TransIP port is bound to TPAD and this parameter is “Off”, then the TransIP TCP socket will be cleared at the end of the TPAD transaction.

Command echo off:

Setting this parameter to “On” disables the command echo for the TransIP port. When set to “On”, all commands issued will be echoed back in the TransIP TCP socket.

Using Text Commands

To conﬁ gure TransIP parameters via the command line use the transipcommand. To display current settings for a TransIP instance enter the command: transip <instance> ? where <instance> is 0 to 3. To change the value of a parameter use the command in the format:

trnasip <instance> <parameter> <value>

The parameters and values are:

Parameter Values Equivalent web parameter

port

number TCP port remport number TCP remote port

host

IP address/

hostname

Host

staycon off, on Stay connected mode keepact number Keep Alive(s) cmd_echo_off off, on Command echo off

For example, to set TransIP instance 1 to use TCP port 7000 you would enter:

transip 1 port 7000

Page 25

6620-3201

4.8 Conﬁ gure > Backup IP Addresses

This page contains a table that is used to specify alternative addresses to use when the unit fails in an attempt to open a socket. These addresses are used only for socket connections that originate from the unit and are typically used to provide back-up for XOT connections, TANS (TPAD answering) connections or any application in which the unit is making outgoing socket connections.

When a back-up address is in use, the original IP address that failed to open is tested at intervals to check if it has become available again. Additionally, at the end of a session, the unit will remember when an IP address has failed and use the back-up IP address immediately for future connections. When the original IP address eventually becomes available again, the unit will automatically detect this and revert to using it.

Using the Web Page(s)

The web page contains a table with four columns headed:

IP Address:

In this column you should enter the original IP address to which the backup address relates.

Backup IP Address: This is the backup address to try when the unit fails to open a connection to IP Address

Retry Time (s):

The is the length of time seconds that the unit will wait between checks to see if a connection can yet be made to

IP Address.

Try Next:

In the case that a connection to the primary IP address has just failed, this parameter determines whether a connection to the backup IP address should be attempted immediately or when the application next attempts to open a connection.

When set to “Yes” the socket will attempt to connect to the backup IP address immediately after the connection to the primary IP address failed and BEFORE reporting this failure to the calling application, e.g. TPAD. If the backup is successful this means the application will not experience any kind of failure even though the unit has connected to the backup IP address.

When set to “No” the socket will report the failure to connect back to the calling application immediately after the connection to the primary IP address has failed. The unit will not try to connect to the backup IP address at this stage. The next time the application attempts to connect to the same IP address, the unit will instead automatically connect to the backup IP address.

Chaining IP Addresses

It is possible to chain backup IP addresses by making multiple entries in the table. For example the following table with 3 rows populated will cause the router to back-up from

192.168.0.1 to 192.168.0.2 and then to 192.168.0.3 and then to 192.168.0.4 (if necessary).

Note:

The length of time that it takes for a connection to an IP address to fail is determined by the TCP

socket connect timeout

parameter on the Conﬁ gure > General web page.

Page 26

6620-3201

4.9 Conﬁ gure > Certiﬁ cates > Certiﬁ cate request

The unit can establish an IPSec tunnel to another unit using certiﬁ cates. For more information on using certiﬁ cates with your unit, please refer to the Application Note “How to conﬁ gure an IPSEC VPN tunnel between two Westermo Routers using Certiﬁ cates and SCEP”, which is available from the Westermo web site.

This page contains ﬁ elds that required when sending a certiﬁ cate request to a Certiﬁ cate Authority (CA). This information forms part of the certiﬁ cate request, and thus part of the signed public key certiﬁ cate.

Using the Web Page(s)

Challenge password:

Before you can create a certiﬁ cate request you must ﬁ rst obtain a challenge password from the Certiﬁ cate Authority Server. This password is generally obtained from the SCEP CA server by way of a WEB server, or a phone call to the CA Server Administrator. For the Microsoft® SCEP server, you browse to a web interface. If the server requires a challenge password, it will be displayed on the page along with the CA certiﬁ cate ﬁ ngerprint.

This challenge password is usually only valid once and for a short period of time, in this case 60 minutes, meaning that a certiﬁ cate request must be created after retrieving the challenge password.

Country:

A two-character representation of the country the unit is in (e.g. UK for the United Kingdom).

Common name:

Enter a name for your unit. This ﬁ eld is important, as the common name will be used as the unit’s ID in IKE negotiations.

Locality:

The location of the unit (e.g. London).

Organisation:

An appropriate company name.

Organisational unit:

An appropriate organisational unit within the company (e.g. Development).

State:

State, County of Province the unit is located in.

Email address:

An appropriate email address.

Unstructured name:

This parameter is optional. You can enter some descriptive text if you wish.

Digest algorithm:

Choose either MD5 or SHA1. This is used when signing (encrypting) the certiﬁ cate request.

Page 27

6620-3201

Using Text Commands

From the command line, the creq command can be used to enter the certiﬁ cate request information. To display the current settings for certiﬁ cate request enter the command: creq <instance> ? where <instance> is 0. To change the value of a parameter use the same command in the format: creq <instance> <parameter> <value> where <instance> is 0. The parameters and values are:

Parameter Values Equivalent Web Parameter

challenge_pwd text Challenge password

commonname

text Common name country text Country digest text Digest algorithm email text Email locality text Locality

orgname

text Organisation org_unit text Organisational unit state text State unstructname text Unstructured name

For example, to set the country as UK, enter:

creq 0 country UK

To set the email address, enter:

creq 0 email someone@hotmail.com

Page 28

6620-3201

4.10 Conﬁ gure > Certiﬁ cates > SCEP

This page contains information needed to both request CA certiﬁ cates from the CA server, and to enrol the certiﬁ cate requests using Simple Certiﬁ cate Enrolment Protocol (SCEP).

Using the Web Page(s)

Host:

The IP address of the CA server.

Remote port:

The destination port. If this parameter is non-zero, the unit will use this value as the destination port rather than the default of 80 (HTTP).

Path:

The path on the server to the SCEP application. The path will be entered automatically if you choose either cgi-bin or Microsoft SCEP from the drop-down list.

Application:

This represents the SCEP application on the server.

CA Identiﬁ er:

CA identiﬁ er.

Private Key ﬁ lename:

The ﬁ lename of the private key.

Certiﬁ cate request ﬁ lename:

The ﬁ lename of the certiﬁ cate request.

Certiﬁ cate ﬁ lename:

The ﬁ lename for the public key certiﬁ cate (must be preﬁ xed with ‘cert’)

CA certiﬁ cate ﬁ lename:

The ﬁ lename of the CA certiﬁ cate.

CA encryption certiﬁ cate ﬁ lename:

The ﬁ lename of the CA encryption certiﬁ cate.

CA signature certiﬁ cate ﬁ lename:

The ﬁ lename of the CA signature certiﬁ cate.

CA certiﬁ cate ﬁ lename preﬁ x:

Preﬁ x used for all CA certiﬁ cates. There are also two buttons at the bottom of the page:

Enrol Certiﬁ cate Request

Clicking this button will send the certiﬁ cate request to the CA for signing.

Get CA certiﬁ cate/s

Clicking this button will retrieve the CA certiﬁ cates from the CA server.

Page 29

6620-3201

Using Text Commands

From the command line, the scep command can be used to retrieve CA certiﬁ cates and enrol certiﬁ cate requests.

To display the current settings for SCEP enter the command: scep <instance> ? where <instance> is 0. To change the value of a parameter use the same command in the format: scep <instance> <parameter> <value> where <instance> is 0. The parameters and values are:

Parameter Values Equivalent Web Parameter

app

text Application caencﬁ le

text

CA encryption certiﬁ cate ﬁ lename

caﬁ le

text

CA certiﬁ cate ﬁ lename

caident

text

CA Identiﬁ er

casigﬁ le

text

CA signature certiﬁ cate ﬁ lename

certﬁ le

text

Certiﬁ cate ﬁ lename

host

text

Host

keyﬁ le

text

Private Key ﬁ lename

path

text

Path

port

number Remote port reqﬁ le

text

Certiﬁ cate request ﬁ lename

For example, to enter the path for Microsoft SCEP, enter:

scep 0 path certsrv/mscep/mscep.dll

To set the port to port 20, enter:

scep 0 port 20

Page 30

6620-3201

4.11 Conﬁ gure > Certiﬁ cates > Utilities

This page contains information used to generate the private key needed before a certiﬁ cate can be requested from the CA.

Using the Web Page(s)

New Key Size:

The size of the private key in bits. If this parameter is set to Off, the private key will not be generated. The key size can be anything between 384 bits and 2048 bits. The larger the key, the more secure the connection, but also the larger the key, the slower the connection.

Private key ﬁ lename:

Enter a name for the private key (the ﬁ lename must be preﬁ xed with “priv” and have a .pem extension).

Certiﬁ cate request ﬁ lename:

Enter a name for the certiﬁ cate request (the ﬁ lename must have a .pem extension)

The two buttons at the bottom of the page are used to generate the private key and the certiﬁ cate request.

Generate Private Key

Clicking this button will generate the private key.

Generate Certiﬁ cate Request

Clicking this button will generate the certiﬁ cate request. If the private key does not already exist, and the appropriate ﬁ elds are completed, the key will be generated at the same time.

Using Text Commands

From the command line the genkey command can be used to generate a private key. To generate a private key, enter the command

genkey <instance> <keysize> <ﬁ lename>

where:

<instance> is 0 <keysize> is the size of the key in bits <ﬁ lename> is the name of the private key ﬁ le

For example, to generate a 1024 bit key called privkey.pem, enter:

genkey 1024 privkey.pem

You will see the following output:

Starting 1024 bit key generation. Please wait. This may take some time...

\Key generated, saving to FLASH ﬁ le privkey.pem Closing ﬁ le Private key ﬁ le created All tasks completed

Page 31

6620-3201

From the command line, the creqnew command can be used to generate a certiﬁ cate request. If the private key does not already exist, and the appropriate parameters are entered, the key will be generated at the same time.

To generate a certiﬁ cate request, enter the command:

creq new <parameter> <value> <parameter> <value>

To generate a private key and a certiﬁ cate request, enter the command:

creq new <parameter> <value> <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

-b number New Key Size

-k

text

Private key ﬁ lename

-o

text Certiﬁ cate request ﬁ lename

For example, to generate a certiﬁ cate request ﬁ le called request.pem from a private key called priv001.pem, enter:

creq new -k priv001.pem -o request.pem

To generate a 512 bit private key called private.pem, and generate a certiﬁ cate request called certreq. pem using that ﬁ le, enter:

creq new -b 512 -k private.pem -o certreq.pem

Page 32

6620-3201

4.12 Conﬁ gure > Calling Numbers

Note:

This feature is for use by experienced personnel for network testing and fault diagnosis. It should not be required in normal use. To use this feature, your ISDN circuit must support Calling Line Identiﬁ cation (CLI) facility. If CLI is available, incoming calls from speciﬁ ed numbers may be answered normally or alternatively, rejected with an optional reject code.

Using the Web Page(s)

The Conﬁ gure > Calling Numbers page contains a table that allows you to enter a series of telephone numbers each of which has an associated Answer or Reject parameter, and in the case of numbers from which calls are to be rejected, a user deﬁ ned reason code. For each number that you enter and set to “Reject”, the unit will reject incoming calls from that number using the reject reason code speciﬁ ed. The reason code is simply a numeric value that may be selected to suit your particular application. If any one of the entries is set to “Answer” the unit will only answer incoming calls from that number and will reject calls from other numbers using a standard ISDN reject code.

Using Text Commands

To conﬁ gure calling numbers from the command line use the rejlst command. To display an entry in the calling numbers list enter the command:

rejlst <entry> ?

where <entry> is 0-9.

For example, to display entry number 5 enter the command:

rejlst 5 ?

Up to three separate commands are needed to set up an entry. These take the form:

rejlst <entry> NUM <number> rejlst <entry> ANS <mode> rejlst <entry> CODE <code>

where: <entry> is the required entry number in the calling numbers table in each case. <number> is the telephone number. <mode> is either Off to reject calls from the corresponding number (the default), or On to accept

calls. <code> is the reject reason code.

For example:

rejlst 0 NUM 1234567 rejlst 0 ANS OFF rejlst 0 CODE 42

Page 33

6620-3201

4.13 Conﬁ gure > Command Filters

When this feature is enabled, commands will not reach the unit’s command interpreter unless they are deﬁ ned in the Command Filters table. Terminal devices may send commands that the unit will not necessarily understand but that require a basic “OK” response.

With Command Filtering turned on any command entered will be responded to with a modem like “OK” response unless the command is found in the Command Filters table. The command ﬁ lter table uses wildcharacter matching so that command ﬁ lters such as “cmd*” are permitted which would allow

all “cmd 0 ....” commands to be executed. Note that the command mapping table is checked ﬁ rst and

the command ﬁ lter table is only checked if there was not a match in the command mapping table.

For more information on Command Filtering, please refer to the Application Note “Command Line Response Manipulation”, which is available on the Westermo web site.

Using the Web Page(s)

The Conﬁ gure > Command Filters page contains a table that allows you to enter a series of command ﬁ lters.

Using Text Commands

To enable or disable command ﬁ ltering, use the cmd command in the format:

cmd <port> cﬁ lton <value>

where: <port> is the port number <value> is 1 to enable command ﬁ ltering, or 0 to disable command ﬁ ltering To conﬁ gure command ﬁ lters from the command line use the

cﬁ lter command. To

display an entry in the command ﬁ lter list enter the command:

cﬁ lter <entry> ?

where <entry> is 0-9. For example, to display entry number 5 enter the command:

cﬁ lter 5 ?

To change the value of a parameter use the same command in the format:

cﬁ lter <entry> cmd <value>

where:

<entry> is the required entry number in the command ﬁ lters table <value> is the command.

Note:

If the command string contains blank characters you must enclose it with double quotes. When substituting a command, upper case characters are considered the same as the corresponding lower case characters.

Page 34

6620-3201

4.14 Conﬁ gure > Command Mappings

It is possible to specify a small number of command “aliases” on your unit. This allows you to specify substitute strings for text commands entered at the command line.

Using the Web Page(s)

The Conﬁ gure > Command Mappings page contains a table that allows you to specify up to four aliases for commands entered at the command prompt. Each table entry has the following ﬁ elds:

Command to Map:

This column speciﬁ es the command that you want substituted.

Command Mapping:

This column speciﬁ es the corresponding replacement command.

Using Text Commands

From the command line, use the cmd command to conﬁ gure or display the command mappings. To display the current command mappings enter the following commands:

cmd <n> cmdmapo ? cmd <n> cmdmapi ?

where <n> is the table entry number, i.e. 0 to 3. The

cmdmapi parameter shows the command to be

substituted, and the

cmdmapo parameter shows the replacement command.

To change a command mapping use the following commands:

cmd <n> cmdmapo <string> cmd <n> cmdmapi <string>

Note:

If either string contains blank characters you must enclose it with double quotes. When substituting a command, upper case characters are considered the same as the corresponding lower case characters.

For example, to substitute the command “type ana.text” with “tana”, use the commands:

cmd 0 cmdmapo “type ana.txt” cmd 0 cmdmapi tana

After you have done this, typing “tana” at the command line will have the same effect as typing “type ana.txt”.

Page 35

6620-3201

4.15 Conﬁ gure > DHCP Servers > Ethernet Port n

Westermo routers incorporate one or more Dynamic Host Conﬁ guration Protocol (DHCP) servers, one for each Ethernet port. DHCP is a standard Internet protocol that allows a DHCP server to dynamically distribute IP addressing and conﬁ guration information to network clients.

The

Conﬁ gure > DHCP Servers folder contains one page for each for the DHCP Server instances. In

addition, there is a separate page for mapping MAC addresses to ﬁ xed IP addresses.

Using the Web Page(s)

The Conﬁ gure > DHCP Servers pages allow you to set up the parameters for the DHCP servers. The parameters are as follows.

Minimum assigned IP address:

This parameter speciﬁ es the lowest IP address that the DHCP server will assign to a client. Clearing this parameter will disable the DHCP server. This may be necessary if another device on the LAN provides a DHCP server.

IP address range:

This parameter is used to specify the number of different IP addresses that the DHCP server will assign. A value of 10 would assign 10 addresses starting with the address set for the Minimum assigned IP address parameter.

DNS server address:

This parameter speciﬁ es the IP address of a DNS server to be used by clients on the LAN. This will usually be the IP address of the unit itself (as conﬁ gured by the

Conﬁ gure > Ethernet > IP address

parameter). Alternatively, you may set this to the address of an alternative DNS server.

Gateway address:

A “gateway” is required in order to route data to IP addresses that are not on the local subnet. This parameter speciﬁ es the IP address of the gateway (which is usually the IP address of the router itself as conﬁ gured by the IP Address parameter on the

Conﬁ gure > Ethernet page). Alternatively, you

may set this to the address of another router on the LAN.

Mask:

This parameter speciﬁ es the subnet mask used on the network to which the unit is connected. For example, for a Class A network this would be 255.255.255.0.

Next server address:

This parameter speciﬁ es the IP address of a secondary conﬁ guration server. This server does not have to be on the same logical subnet as the client.

Lease time (mins):

This parameter speciﬁ es how long (in minutes), a DHCP client can use an assigned IP address before it must renew its conﬁ guration with the DHCP server.

Page 36

6620-3201

Using Text Commands

From the command line, use the dhcp command to conﬁ gure or display the DHCP server settings. To display current settings for the DHCP server enter the following command:

dhcp <instance> ?

When conﬁ gured for Port Isolate operation, models with a built-in hub support multiple DHCP instances. DHCP instance 0 will run on Ethernet port 0, DHCP instance 1 will run on Ethernet port 1, etc. On models with a single Ethernet port only one DHCP instance is available.

To change the value of a parameter use the following command:

dhcp 0 <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

dns IP address DNS server address

gateway

IP address Gateway address ipmin IP address Minimum assigned IP address iprange number IP address range lease number Lease time (mins) mask IP address Mask

nxtsvr

IP address Next server address

For example, to set the IP Address range to 30, enter:

dhcp 0 iprange 30

Page 37

6620-3201

4.16 Conﬁ gure > DHCP Server > MAC –>IP Addresses

This page allows you to conﬁ gure a number of MAC to IP address mappings and should be used when it is necessary to supply a speciﬁ c IP address to a particular Ethernet MAC address. This is particularly useful for mobile applications, e.g. GPRS, where a particular piece of mobile equipment is issued the same IP address no matter how long it has been since it was last connected to the network.

Using the Web Page(s)

To conﬁ gure an entry in the table simply enter the MAC addresses of the devices that you want to allocate a ﬁ xed IP addresses to in the left hand column and the required IP addresses in the right hand column. It is important to ensure that the IP addresses used DO NOT fall within the IP address ranges speciﬁ ed in the DHCP server page(s).

Using Text Commands

To conﬁ gure NUI mappings from the command line use the mac2ip command. To display a current mapping enter the command:

mac2ip <entry> ?

where <entry> is 0-9.

Two separate commands are needed to set up a mapping. These take the form:

mac2ip <entry> mac <MAC> mac2ip <entry> ip <IP address>

where:

<entry> is the required entry number in the mapping table in each case <MAC> is the MAC <IP Address> is the IP address

Page 38

6620-3201

4.17 Conﬁ gure > DNS Server Update

“Dynamic DNS” is supported in accordance with RFC2136 and RFC2485. This allows units to update speciﬁ ed DNS servers with their IP addresses when they ﬁ rst connect to the Internet and at regular intervals thereafter. The

Conﬁ gure > DNS Update page allows you to conﬁ gure the dynamic DNS

Update feature to operate as required.

Using the Web Page(s)

The web page includes the following parameters:

DNS server IP address:

This parameter is used to specify the IP address of the DNS Server that you wish to use. This server must support “DNS Update messages”. Dynamic DNS is generally offered as a subscription based service by ISP’s but it may be appropriate for you to establish your own DNS Server if you have a large number of deployed units.

Zone to update:

When using Dynamic DNS it will be necessary for you to select or “purchase” a domain name, e.g. “mycompany.co.uk”. This parameter should be set match this domain name.

Name to update: This parameter speciﬁ es an identiﬁ er that is used in conjunction with the Zone to update

parameter to uniquely identify the unit e.g. “epos33”. The Name to update and the Zone to

update

together specify the full address of the unit e.g. “epos33.mycompany.co.uk”.

Update interval (s):

This parameter speciﬁ es the interval (in seconds), at which the unit will issue update messages to the DNS server.

Username:

This parameter is used to store the username that has been allocated to you by the Dynamic DNS service Provider.

Password:

This parameter is used to store the password that has been allocated to you by the Dynamic DNS service Provider.

Conﬁ rm password:

Enter the password again in this ﬁ eld to conﬁ rm it.

Password is Base64 encoded:

Some Dynamic DNS servers issue passwords that are Base64 encoded, e.g. Linux base servers. If this is the case turn this option on so that the unit correctly decodes the password before transmission. Note that the password is not actually transmitted as part of the message but is used to create a “signature” that is appended to the message. If the password is issued to you as a hexadecimal string instead of text, you must preﬁ x the parameter with 0x.

Interface:

This parameter deﬁ nes which type of interface is conﬁ gured for Internet connections (usually PPP).

Interface #:

This parameter deﬁ nes which Interface instance is conﬁ gured for Internet connections.

Local time offset from GMT (hrs):

As part of the authentication process the DNS update message must include a time-stamp that is referenced to GMT. If you live in a non-GMT time zone ensure that you select the correct time offset.

Auto-detect time offset:

If no time offset is speciﬁ ed the unit can be conﬁ gured automatically correct for time zone differences by setting this parameter to “Yes”.

Page 39

6620-3201

Required time accuracy (s)

This parameter speciﬁ es the permitted variance between the unit’s time and that of the DNS server. If the variance exceeds this time then the DNS update will fail.

Time to live (s):

This parameter speciﬁ es how long a unit that resolved the address is allowed to cache that address for.

Always delete previous records:

When set to “Yes”, this parameter causes the DNS server to delete all records of previous addresses served to the unit.

Using Text Commands

From the command line, use the dnsupd command to conﬁ gure or display DNS Update settings. To display current settings enter the command:

dnsupd <instance> ?

where <instance> is 0. To change the value of a parameter use the command in the format:

dnsupd <instance> <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

autotzone off, on Auto-detect time offset b64pw off, on Password is Base64 encoded delprevrr off, on Always delete previous records

epassword text

None - this is the password in encrypted format. This parameter

is not conﬁ gurable. fudge number Required time accuracy (s) ifadd 0,1,2 Interface # ifent none, ppp, eth Interface

name

text Name to update

password text Password

server

IP address DNS server IP address ttl number Time to live (s) tzone 0-24 Local time offset from GMT (hrs) upd_int number Update interval (s)

username

text Username

zone

text Zone to update

For example, to set the username to “david24” you would enter the command:

dnsupd 0 username david24

Page 40

6620-3201

4.18 Conﬁ gure > DSL > ADSL

Products incorporating a DSL broadband interface will include a conﬁ guration page entitled

Conﬁ gure > DSL > ADSL. No conﬁ guration of the DSL is required in order to use the unit as the

default values should sufﬁ ce (for use in the UK). However, advanced users may wish to adjust some of the parameters.

Using the Web Page(s)

Operational mode:

This parameter is used to specify the connection mode for the DSL link. The following options are available:

Option Description

Multi-mode

For Annex A models (i.e. PSTN / POTS) this option provides automatic selection between G.dmt, G.lite and ANSI (in the order listed). For Annex B models (i.e. ISDN) this option provides automatic selection

between G.dmt and ETSI (in the order listed) ANSI Annex A only - attempt to connect in ANSI T1.413 mode ETSI Annex B only - attempt to connect in ETSI DTS/TM-06006 mode G.dmt Attempt to connect in ITU G.992.1 G.dmt mode G.lite Annex A only - attempt to connect in ITU G.992.2 G.lite mode

AFE:

For units ﬁ tted with an Annex B (ISDN) interface, this parameter is used to select the type of ADSL Analogue Front End (AFE) that is in use and can be set to “ISDN” or “ISDN U-R2” (to comply with Deutsche Telekom’s U-R2 V5.1 speciﬁ cation).

Using Text Commands

To conﬁ gure ADSL parameters via the command line use the adsl command. To display current settings for ADSL 0 enter the command:

adsl <instance> ?

where <instance> is 0. To change the value of a parameter use the command in the format:

adsl <instance> <parameter> <value>

The parameters and values are:

Parameter Values Equipment Web Parameter

afe isdn, isdn_ur2 AFE

debug off, on

None - Sends debugging information to the command line console

max_bpt number None - Maximum Bits/Tone Limit

oper_mode

multi, ansi, etsi, g.dmt, g.lite

Operational mode

rxg_oset

number None - Receive Gain Offset

tnm_oset

number None - Target Noise Margin Offset

txg_oset

number None - Transmission Gain Offset

Note:

txg_oset, rxg_oset, tnm_oset and max_bpt should not be changed without explicit instructions from Westermo Technical Support.

Page 41

6620-3201

4.19 Conﬁ gure > DSL > A TM PVCs > PVC n

Products incorporating a DSL broadband interface will include a conﬁ guration page entitled

Conﬁ gure > DSL > ATM PVCs. This is turn will contain one ATM PVC sub-page for each ATM PVC

supported. These pages are used to conﬁ gure Asynchronous Transfer Mode PVC’s which are used to carry AAL5 (ATM Adaption Layer 5) packet data and OAM cells over the ADSL interface. ATM trafﬁ c is transported using the UBR (Unspeciﬁ ed Bit Rate) service.

Using the Web Page(s)

Enabled:

This parameter determines whether this APVC is enabled (“Yes”) or disabled (“No”).

Encapsulation:

This parameter is used to select the method of encapsulation to be used when transporting data over this APVC. The appropriate value can be selected from a drop list which includes the following options:

Option Description

PPPoA VC-Mux RFC 2364 VC-multiplexed PPP over AAL5 PPPoA LLC RFC 2364 LLC encapsulated PPP over AAL5 PPPoE VC-Mux RFC 2516 VC-multiplexed PPP over Ethernet PPPoE LLC RFC 2516 LLC encapsulated PPP over Ethernet Bridged Ethernet VC-Mux RFC 2684 VC-multiplexed bridged Ethernet Bridged Ethernet LLC RFC 2684 LLC encapsulated bridged Ethernet

To use PPPoA or PPPoE encapsulation, one of the available PPP instances must ﬁ rst be conﬁ gured to use this APVC instance as it’s Layer 1 interface on the associated

Conﬁ gure > PPP > Advanced

page.

Bridged Ports:

These checkboxes are used to specify which, if any, of the Ethernet ports are to be attached to the Ethernet/ADSL bridge. To use the bridge, an ATM PVC must be conﬁ gured with bridged Ethernet encapsulation (so the checkboxes will be greyed out if a non-bridge encapsulation is selected).

VPI:

This parameter is used to set the Virtual Path Identiﬁ er for this APVC in the range 0 - 255.

VCI:

This parameter is used to set the Virtual Channel Identiﬁ er for this APVC in the range 0 - 65535.

ATM PVC analysis:

This parameter is used to include or exclude data from this APVC in the analyser trace and setting it to On is equivalent to checking the corresponding ATM PVC sources checkbox on the

Conﬁ gure >

Analyser page.

Page 42

6620-3201

Using Text Commands

To conﬁ gure ATM PVC parameters via the command line use the apvc command. To display the current settings for an APVC instance enter the command: apvc <instance> ? where <instance> is 0 to 3. To change the value of a parameter, use the command in the format:

apvc <instance> <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

atmanon

off, on ATM PVC analysis

debug off, on

None - Sends debugging information to the command line console.

enabled off, on Enabled

encap

pppoa_vcmux, pppoa_llc, pppoe_vcmux, pppoe_llc, bridged_vcmux, bridged_llc

Encapsulation

vci 0-65536 VCI vpi 0-255 VPI

Another text command, pingatmmay be used to transmit an OAM F5 loop-back requests over the speciﬁ ed APVC. The format of the command is:

pingatm <instance> <type> [<count>]

where: <instance> is 0-3 <type> is “end” or “seg” <count> is an optional numeric parameter specifying the number of loop-back requests

transmitted. Specify

endfor end-to-end F5 ﬂ ow or segfor segment F5 ﬂ ow. If the count parameter

is included loop-back requests will be sent

count times at 1 second intervals, otherwise a single loop-back

request is transmitted immediately. A typical response to a loop-back request might be:

Sending OAM loopback request on ATM PVC 0ATM PVC 0: Sent OAM loopback request # 1ATM PVC 0: OAM loopback response # 1OAM loopback statistics for ATM PVC 0

Cells sent : 1

Cells received : 1

Success : 100%

Loop-back tests cannot be initiated via the web interface.

Page 43

6620-3201

4.20 Conﬁ gure > Dynamic DNS

The Dynamic DNS client (DYNDNS), is used to update DNS hostnames with the current IP address of a particular interface. It operates in accordance with the speciﬁ cation supplied by dyndns.org (go to

http://www.dyndns.org/developers/specs/). When the interface speciﬁ ed by the Interface and Interface

# parameters connects, the client checks the current IP address of that interface and if it differs from that obtained by the previous connection,

www.dyndns.org is contacted and the hostnames speciﬁ ed

in the Hostname parameters are updated with the new address.

Using the Web Page(s)

The web page includes the following parameters:

System:

This parameter is used to identify the Dynamic DNS system containing the hostnames to be updated and may be set to “Dynamic DNS”, “Static DNS” or “Custom DNS”.

Hostname n:

These are the hostnames to be updated.

Username:

Speciﬁ es the username to use when updating hostnames.

Password:

Speciﬁ es the password to use when updating hostnames.

Conﬁ rm password:

Enter the password again in this ﬁ eld to conﬁ rm it.

Interface:

Deﬁ nes which interface, PPP or Ethernet, this DYNDNS instance is associated with (usually PPP).

Interface #:

Deﬁ nes which Interface # this DYNDNS instance is associated with.

Wildcards:

When this parameter is “On”, it indicates that Dynamic DNS will match DNS requests of the form “*.hostname” where the “*” matches any text. For example if Hostname 1 was set to “usersite.dyndns. org” and the Wildcard parameter was On, then “www.usersite.dyndns.org” would resolve to the interface address.

Supply IP address in update:

This parameter is set to “Yes” by default. When set to “No”, the interface address is not supplied as part of the Dynamic DNS update. In this case, DYNDNS attempts to determine the correct IP address by other means (e.g. IP source address). This mode would normally only be used if the router is “behind” a NAT box.

Note:

Users should visit the www.dyndns.org web site for further information before attempting to conﬁ gure Dynamic DNS.

Update interval (days):

Speciﬁ es the number of days between Dynamic DNS updates.

Page 44

6620-3201

Using Text Commands

From the command line, use the dyndns command to conﬁ gure or display DNS Update settings. To display current settings enter the command: dyndns <instance> ? where <instance> is 0. To change the value of a parameter use the command in the format: dyndns <instance> <parameter> <value> where <instance> is 0. The parameters and values are:

Parameter Values Equivalent Web Parameter

epassword text

None - this is the password in encrypted format. This parameter

is not conﬁ gurable. hostname1 text Hostname 1 hostname2 text Hostname 2 hostname3

text

Hostname 3 hostname4

text

Hostname 4 hostname5

text

Hostname 5 ifadd number Interface # ifent none, ppp, eth Interface noip off, on Supply address in update password

text

Password

system

0,1,2 System

username text

Username

wildcard 0,1 2

Wildcards: 0=Off 1=On 2=No

Change

For example, to set the username to “david24” you would enter the command:

dyndns 0 username david24

Page 45

6620-3201

4.21 Conﬁ gure > Ethernet > ETH n

The Conﬁ gure > Ethernet folder opens to list conﬁ guration pages for each of the available Ethernet instances on the unit. Each page allows you to conﬁ gure parameters such as the IP address, mask, gateway, etc.

On units with only one Ethernet port, if more than one Ethernet instance exists these are treated as logical Ethernet ports. These instances can be used to assign more than one Ethernet IP address to a router.

On units with more than one physical Ethernet port, the Ethernet instances refer to the different physical Ethernet ports. These units can be conﬁ gured for either “HUB” mode or “Port Isolate” mode.

In HUB mode all the Ethernet ports are linked together and behave like an Ethernet hub or switch. This means that the router will respond to all of its Ethernet IP addresses on all of its ports (as the hub/ switch behaviour links the ports together).

In Port Isolate mode the router will only respond to its Ethernet 0 IP address on physical port “LAN 0”, its Ethernet 1 IP address on physical port “LAN 1”, etc. The router will not respond to its Ethernet 1 address on port “LAN 0” unless routing has been conﬁ gured appropriately.

When conﬁ gured for HUB mode it is important that no more than one of the router’s ports is connected to another hub or switch on the same physical network otherwise an Ethernet loop can occur. The default behaviour is “HUB” rather than “Port Isolate”.

Note:

VLAN tagging is not available when the router is conﬁ gured for Port Isolate mode.

Using the Web Page(s)

IP analysis:

This parameter is used to include or exclude IP data from this Ethernet port from the analyser trace and is equivalent to checking or un-checking the equivalent IP sources checkbox on the

Conﬁ gure >

Analyser page.

Ethernet analysis:

This parameter is used to include or exclude IP data from this Ethernet port from the analyser trace and is equivalent to checking or un-checking the equivalent ETH boxes on the IP sources section of the

Conﬁ gure > Analyser page.

DHCP client:

This parameter is used to enable or disable the DHCP client for this Ethernet port.

IP address:

This parameter speciﬁ es the IP address of this Ethernet port on your LAN.

Multihome additional consecutive addresses:

This parameter deﬁ nes how many additional (consecutive) addresses the ethernet driver will “own”. For example, if the IP address of the port was 10.3.20.40, and Multihome additional consecutive addresses was set to 3, the IP addresses 10.3.20.41, 10.3.20.42 and 10.3.20.43 would also belong to the ethernet port.

Mask:

This parameter speciﬁ es the subnet mask of the IP subnet to which the unit is attached via this Ethernet port. Typically, this would be 255.255.255.0 for a Class A network.

Page 46

6620-3201

Max Rx rate (kbps):

On models with multiple LAN ports, this parameter may be used to specify a maximum data rate in kbps that the unit will receive on this port. This may be useful in applications where separate LAN ports are allocated to separate LAN’s and it is necessary to prioritise trafﬁ c from one LAN over another.

Max Tx rate (kbps):

On models with multiple LAN ports, this parameter may be used to specify a maximum data rate in kbps that the unit will transmit on this port. This may be useful in applications where separate LAN ports are allocated to separate LAN’s and it is necessary to prioritise trafﬁ c from one LAN over another.

Group:

On units with a built-in hub/switch, the Group parameter for each port is normally set to 0. This means that all ports “belong” to the same hub. If required however, the Group parameter may be used to isolate speciﬁ c ports to create separate hubs. For example, if Ethernet 0 and Ethernet1 have their Group parameter set to 0 whilst Ethernet 2 and Ethernet 3 have their Group parameter set to 1, the unit will in effect be conﬁ gured as two 2-port hubs instead of one 4-port hub. This means that trafﬁ c on physical ports “LAN 0” and “LAN 1” will not be visible to trafﬁ c on physical ports “LAN 2” and “LAN 3” (and vice versa).

This parameter is not available on the web page when the unit is conﬁ gured for VLAN operation. (Changing it at the command line will have no effect when the unit is conﬁ gured for VLAN operation.)

DNS server:

This parameter speciﬁ es the IP address of a DNS server to be used by the unit for resolving IP hostnames.

Gateway:

This parameter speciﬁ es the IP address of a gateway to be used by the unit. IP packets whose destination IP addresses are not on the LAN to which the unit is connected will be forwarded to this gateway.

NAT mode:

This parameter is used to select whether IP Network Address Translation (NAT) or Network Address and Port Translation (NAPT) are used at the Ethernet interface. When the parameter is set to Off, no address or port translation takes place.

NAT and NAPT can have many uses but they are generally used to allow a number of private IP hosts (PC’s for example) to connect to the Internet through a single shared public IP address. This has two main advantages, it saves on IP address space (the ISP only need assign you one IP address), and it isolates the private IP hosts from the Internet (effectively providing a simple ﬁ rewall because unsolicited trafﬁ c from the Internet cannot be routed directly to the private IP hosts.

To use NAT or NAPT correctly in the example of connecting private hosts to the Internet, NAT or NAPT should be enabled on the router’s interface with the public Internet IP address and should be disabled on the router’s interface with the private IP address.

NAT and NAPT Explanation

In order to explain the difference between NAT and NAPT the behaviour of these features in the above example is covered below:

NAT

When a private IP host sends a UDP or TCP packet to an Internet IP address, the router will change the source address of the packet from the private host IP to the router’s public IP address before forwarding the packet onto the Internet host. Additionally it will create an entry in a “NAT table” containing the private IP source address, the private IP port number, the public IP destination address and the destination port number. Conversely, when the router receives a reply packet back from the public host, it checks the source IP, source port number and destination port number in the NAT table to determine which private host to forward the packet to. Before it forwards the packet back to the

Page 47

6620-3201

private host, it changes the destination IP address of the packet from it’s public IP address to the IP address of the private host.

NAPT

NAPT behaves like NAT but in addition to changing the source IP of the packet from the private host it can also change the source port number. This is required if more than one private host attempts to connect using the same local port number to the same Internet host on the same remote port number. If such a scenario were to occur with NAT the router would be unable to determine which private host to route the returning packets to and the connection would fail.

Note:

NAT or NAPT should be used with great care as in most private IP routing scenarios it is not required and to enable it incorrectly WILL cause problems.

NAT also uses another technique not detailed here to work with ICMP packets such as pings and other packet types.

Speed:

This parameter is used to select “10Base-T”, “100Base-T” or “Auto” mode. The currently selected mode will be shown in brackets after the parameter name.

Full duplex:

This parameter is used to turn on Full duplex mode so that data can be transmitted in both directions at the same time for this Ethernet instance. When set to “Off” the Ethernet instance will operate in half-duplex mode.

Firewall:

This parameter is used to enable or disable ﬁ rewall operation for this Ethernet instance.

IGMP:

This parameter is used to enable or disable the Internet Group Management Protocol for this Ethernet instance.

IPSec:

This parameter is used to enable or disable IPSec security features for this Ethernet instance.

IPSec source IP from interface:

By default, the source IP address for an IPSec Eroute will be the IP address of the interface on which IPSec was enabled. By setting this parameter to either PPP or Ethernet, the source address used by IPSec will match that of the Ethernet or PPP interface speciﬁ ed by the

IPSec source IP from

interface #

parameter below.

IPSec source IP from interface #:

See above.

GRE:

This parameter enables Generic Routing Encapsulation (GRE) for this Ethernet instance. GRE is a simple tunnelling protocol. For further details refer to

Conﬁ gure > IPSec > Eroutes > GRE and also

RFC2784.

MAC address ﬁ ltering:

When this parameter is enabled, a received frame will only be sent up the stack if the source MAC address or matching part thereof exists in the MAC ﬁ lter table. It is possible to allow a range of addresses by specifying only the signiﬁ cant portion of the MAC address in the ﬁ lter table to allow packets from other units.

Page 48

6620-3201

MTU

This parameter is used to set the Maximum Transmit Unit for the speciﬁ ed interface. The default value is 0 meaning that the MTU will either be 1504 (for units using a Kendin Ethernet device) or 1500 (for non-Kendin devices). The non-zero, values must be greater than 128 and not more than the default value. Values must also be multiples of 4 and the unit will automatically adjust invalid values entered by the user. So, if the MTU is set to 1000, the largest IP packet that the unit will send is 1000 bytes.

QOS:

This parameter is used to turn QOS “On” or “Off” for this Ethernet port.

Remote access options:

The Remote access options parameter can be set to “No restrictions”, “Disable management”, “Disable return RST”, “Disable management & return RST”. When set to “No restrictions”, users on this interface can access the unit’s Telnet, FTP and web services for the purpose of managing the unit.

When set to “Disable management”, users on this interface are prevented from managing the unit via Telnet, FTP or the web interface. Disable return RST - whenever a unit receives a TCP SYN packet for one of it’s own IP addresses with the destination port set to an unexpected value, i.e. a port that the unit would normally expect to receive TCP trafﬁ c on, it will reply with a TCP RST packet. This is normal behaviour.

However, the nature of internet trafﬁ c is such that whenever an internet connection is established, TCYP SYN packets are to be expected. As the router’s PPP inactivity timer is restarted each time the unit transmits data (but not when it receives data), the standard response of the unit to SYN packets i.e. transmitting an RST packet, will restart the inactivity timer and prevent the unit from disconnecting the link even when there is no “genuine” trafﬁ c. This effect can be prevented by using the appropriate commands and options within the ﬁ rewall script. However, on Westermo 1000 series units, or where you are not using a ﬁ rewall, the same result can be achieved by selecting this option, i.e. when this option is selected the normal behaviour of the unit in responding to SYN packets with RST packets is disabled. The option will also prevent the unit from responding to unsolicited UDP packets with the normal ICMP destination unreachable responses.

The “Disable management & return RST” option prevents users from managing the unit via the Telnet, FTP and web interfaces and also disables the transmission of TCP RST packets as above.

RIP version:

RIP (Routing Information Protocol), is used by routers to determine the best route to any destination. There are several different versions that can be enabled or disabled using this parameter. When RIP version is set to Off, RIP is disabled and no RIP packets transmitted out this interface. When RIP version is set to “V1” or “V2”, the unit will transmit RIP version 1 or 2 packets respectively (version 2 packets are sent to the “all routers” multicast address 224.0.0.9). When RIP Version is set to “V1 Compat”, the unit will transmit RIP version 2 packets to the subnet broadcast address. This allows “V1” capable routers to act upon these packets.

When RIP is enabled, RIP packets are transmitted when the Ethernet instance ﬁ rst becomes active, and at intervals speciﬁ ed by the RIP interval parameter on the

Conﬁ gure > General page.

RIP destination IP address list:

RIP packets are normally sent out on a broadcast basis or to a multi-cast address. This parameter may be used to force RIP packets to be sent to a speciﬁ ed IP address. It is particularly useful if you need to route the packets via a VPN tunnel.

Page 49

6620-3201

RIP authentication method:

This parameter selects the authentication method for RIP packets. When set to “Off”, the interface will send and receive packets without any authentication. When set to “Access List”, the interface will send RIP packets without any authentication. When receiving packets, the interface will check the sender’s IP address against the list entered on the

Conﬁ gure > IP Routes > RIP > RIP access list,

and if the IP address is present in the list, the packet will be allowed through. When set to “Plain password (V1+V2)”, the interface will use the ﬁ rst valid key it ﬁ nds (set on

the

Conﬁ gure > IP Routes > RIP > Authentication Keys pages), and use the plaintext RIP

authentication method before sending the packet out. If no valid key can be found, the interface will not send any RIP packets. When receiving a RIP packet, a valid plaintext key must be present in the packet before it will be accepted. This method can be used with both RIP v1 and RIP v2.

When set to “MD5 (V2 only)”, the interface will use the ﬁ rst valid key it ﬁ nds (set on the

Conﬁ gure >

IP Routes > RIP > Authentication Keys pages), and use the MD5 authentication algorithm before

sending the packet out. If no valid key can be found, the interface will not send any RIP packets. Received RIP packets must be authenticated using the MD5 authentication algorithm before they will be accepted. This method can be used with RIP v2.

PING request interval (s):

If this parameter is set to a non-zero value the unit will generate a “ping” (ICMP echo request) to the address speciﬁ ed by the PING IP address parameter. Setting the value to 0 disables the ping facility. When used in conjunction with PING IP address and No PING response out of service delay, this parameter can be used to conﬁ gure the router to use a back-up interface automatically should there be a problem with this interface.

PING IP address:

This parameter speciﬁ es the address to which ICMP echo requests will be sent if the PING request interval is greater than 0.

No PING response out of service delay (s):

This parameter is used to specify the length of time (in seconds), before a route will be designated as being out of service if no response has been received after three PING attempts.

Out of service time (s):

This parameter is used to specify the length of time (in seconds) for which any routes using this Ethernet interface will be designated as being out of service after the above parameter has been effected.

Heartbeat request interval (s):

If this parameter is set to a non-zero value, the unit will transmit “heartbeat” packets at the interval speciﬁ ed. Heartbeat packets are UDP packets that contain status information about the unit that may be used to locate a remote unit’s current dynamic IP address.

Heartbeat IP address:

This parameter speciﬁ es the destination IP address for heartbeat packets.

Physical link down deact delay (s):

This parameter is used to specify the length of time (in seconds) that the router will wait after detecting that an Ethernet cable has been removed before routes that were using that interface are marked as out of service. If the parameter is set to 0, the feature is disabled i.e. routes using the port will not be marked as out of service if the cable is removed.

Enable Top Talker Monitoring:

If this parameter is set to “Yes”, Top Talker information is logged and displayed on the Statistics >

Top Talkers page. Top Talkers displays average bandwidth usage for the interface over three time

frames: current, previous minute, and previous 30 minutes.

Page 50

6620-3201

VRRP group ID:

The VRRP parameters are used to conﬁ gure the router to participate in a VRRP group. VRRP (Virtual Router Redundancy Protocol), allows multiple physical routers to appear as a single gateway for IP communications in order to provide back-up WAN communications in the event that the primary router in the group fails in some way. It works by allowing multiple routers to monitor data on the same IP address. One router is designated as the “owner” of the address and under normal circumstances it will route data as usual. However, the VRRP protocol allows the other routers in the VRRP group to monitor the “owner” and if, they detect that it is no longer operating, negotiate with each other to take over the role as owner. The protocol also facilitates the automatic re-prioritisation of the original owner when it returns to operation.

The VRRP group ID parameter is used to identify routers that are conﬁ gured to operate within the same VRRP group. The default value is 0 which means that VRRP is disabled on this Ethernet port. The value may be set to a number from 1 to 255 to enable VRRP and include this Ethernet port in the speciﬁ ed VRRP group.

VRRP priority:

This parameter is used to set the priority level of this Ethernet interface within the VRRP group from 0 to 255. 255 is the highest priority and setting the priority to this value would designate this Ethernet port as the initial “owner” within the group. The value selected for the VRRP priority should reﬂ ect the values selected for other routers within the VRRP group, i.e. no two routers in the group should be initialised with the same value.

VLAN:

If this parameter is set to “On”, VLAN tagging is enabled on this interface according to the parameters set on the

Conﬁ gure > Ethernet > VLANs page. VLAN tagging will only apply if there is an entry

for this interface on the

Conﬁ gure > Ethernet > VLANs page. The VLAN feature is currently a

chargeable extra.

Using Text Commands

From the command line, use the eth command to conﬁ gure or display the Ethernet interface settings. To display the current settings for the Ethernet interface enter the following command:

eth <instance> ?

where <instance> is the number of the Ethernet interface. To change the value of a parameter use the following command:

eth <instance> <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

dhcpcli off, on DHCP client dnsserver IP address DNS server

do_nat 0,1,2

NAT mode: 0=Off 1=NAT 2=NAPT

ethanon 0-3 Analyser: Ethernet sources ﬁ rewall off, on Firewall fulldup off, on Full duplex gateway IP address Gateway

gre

off, on GRE

group

0-3, 255 Group heartbeatint number Heartbeat request interval (s) heartbeatip IP address Heartbeat IP address

Page 51

6620-3201

Parameter Values Equivalent Web Parameter

igmp off, on IGMP ipaddr IP address IP address ipanon off, on Analyser: IP sources

ipsec 0,1

IPSec: 0=Off 1=On

ipsecadd number IPSec source IP from interface # ipsecent blank, PPP, ETH IPSec source IP from interface linkdeact number Physical link down deact delay macﬁ lt off, on MAC address ﬁ ltering mask IP netmask Mask maxkbps number Max Rx rate (kbps) maxtkbps number Max Tx rate (kbps)

mtu

number MTU

nocfg 0,1,2,3

Remote management: 0=No restrictions 1=Disable management 2=Disable return RST 3=Disable management and return RST

oossecs

number Out of service time (s) pingint number PING request interval (s) pingip IP address PING IP address

pingoos number

No PING response out of service delay (s)

qos

off, on QOS rip 0-3 RIP version

ripauth 0,1,2,3

RIP authentication method: 0=Off 1=Access list 2=Plain password 3=MD5

ripip IP address RIP destination IP address list

speed 0, 10, 100

Speed: 0=Auto 10=10Base-T 100=100Base-T

ttalker off, on Enable Top Talker Monitoring vlan off, on VLAN vrrpid 0-255 VRRP group ID vrrpprio 0-255 VRRP priority

For example, to set the unit’s IP Address to 1.2.3.4, enter:

eth 0 ipaddr 1.2.3.4

Page 52

6620-3201

4.22 Conﬁ gure > Ethernet > ETH n > QOS

In addition to the QOS parameter on the ETH N standard parameters pages (which are used to enable quality of service management for that ETH instance), each ETH instance has an associated QOS instance (ETH 0 maps to QOS 5, ETH 1 maps to QOS 6, etc.). These QOS instances include 10 QOS queues into which packets may be placed when using QOS. Each of these queues must be assigned a queue proﬁ le (from the twelve available proﬁ les deﬁ ned in the

Conﬁ gure > Quality of

Service

> Q Proﬁ le pages), and a priority value.

Using the Web Page(s)

Each ETH n > QOS page includes the Link speed parameter at the top followed by a list of queues with drop-down selection boxes that are used to assign a proﬁ le and a priority to each queue.

Link speed (Kbps):

This parameter should be set to the maximum data rate that this PPP link is capable of sustaining. It is used when calculating whether or not the data rate from a queue may exceed its Minimum Kbps setting (as determined by the proﬁ le assigned to it) and send at a higher rate (up to the Maximum Kbps setting).

Queue priorities:

Below this heading is a list of the queues from 0 to 9 alongside each of which are drop down selection lists for assigning proﬁ le numbers (from 0 to 11) and queue priorities. The priority may be set to “Very High”, “High”, “Medium”, “Low” or “Very Low”.

Using Text Commands

From the command line, use the qos command to assign proﬁ les and priorities to each of the queues relating to a PPP instance. To display a list of the proﬁ les assigned to the queues belonging to a QOS instance, enter the following command:

qos <instance> ?

where <instance> is the QOS instance number.

To assign a proﬁ le to a queue for a QOS instance, use the command in the format:

qos <instance> parameter <value>

Page 53

6620-3201

The parameters and values are:

Parameter Values Equivalent Web Parameter

linkkbps number Link speed (Kbps) q0prof 0-11 Queue 0 Proﬁ le q0prio 0-4 Queue 0 Priority q1prof 0-11 Queue 1 Proﬁ le q1prio 0-4 Queue 1 Priority q2prof 0-11 Queue 2 Proﬁ le q2prio 0-4 Queue 2 Priority q3prof 0-11 Queue 3 Proﬁ le q3prio 0-4 Queue 3 Priority q4prof 0-11 Queue 4 Proﬁ le q4prio 0-4 Queue 4 Priority q5prof 0-11 Queue 5 Proﬁ le q5prio 0-4 Queue 5 Priority q6prof 0-11 Queue 6 Proﬁ le q6prio 0-4 Queue 6 Priority q7prof 0-11 Queue 7 Proﬁ le

Parameter Values Equivalent Web Parameter

q7prio 0-4 Queue 7 Priority q8prof 0-11 Queue 8 Proﬁ le q8prio 0-4 Queue 8 Priority q9prof 0-11 Queue 9 Proﬁ le q9prio 0-4 Queue 9 Priority

The queue priority values are mapped as follows:

Value Priority

0 Very High 1 High 2 Medium 3 Low 4 Very low

Page 54

6620-3201

4.23 Conﬁ gure > Ethernet > ETH n > VRRP Probing

The VRRP parameters at the bottom of the Conﬁ gure > Ethernet pages are used to conﬁ gure the router to participate in a standard VRRP group. The parameters on the VRRP Probing pages are used to enable and conﬁ gure an enhanced version of VRRP.

VRRP with probing differs from standard VRRP in that it dynamically adjusts the VRRP priority of an interface and if necessary, changes the status of that interface from “master” to “backup” or viceversa. It does this by “probing” an interface, either by sending an ICMP echo request (PING) or by attempting to open a TCP socket to the speciﬁ ed Probe IP address. Hence VRRP operation is enhanced to ensure that a secondary router can take over under a wider range of circumstances.

Before conﬁ guring the unit to use VRRP Probing, ﬁ rst conﬁ gure the

Group ID and Group priority

parameters on the Conﬁ gure > Ethernet page as appropriate. Then use the following parameters to set up probing.

Using the Web Page(s)

Probe mode:

This parameter is used to enable or disable Westermo VRRP probe mode. When set to Off, VRRP probing is disabled. When set to TCP, the unit will “probe” the speciﬁ ed interface by attempting to open a TCP socket. When set to ICMP it will probe by sending ICMP echo requests (PINGs).

Backup state probe interval (s):

When probing is enabled, this parameter speciﬁ es the interval in seconds between successive probe attempts when the interface is in VRRP backup mode.

Master state probe interval (s):

When probing is enabled, this parameter speciﬁ es the interval in seconds between successive probe attempts when the interface is in VRRP master mode.

Probe failure limit:

This parameter speciﬁ es the number of probe failures that must occur before the Probe failure priority adjustment is applied to the Group priority value. If this happens the Probe failure limit is only reset to 0 after the value speciﬁ ed by Consecutive probe successes required is reached.

Consecutive probe successes required:

This many consecutive successful probes are required before the current failure count is reset to 0.

Probe IP address:

This is the IP address to which probes are issued. Note that the normal routing code is used to determine which interface should be used. This allows the unit to test other interfaces and adjust the VRRP priority according to the status of that interface. For example, the user may wish to conﬁ gure probing in such a way that the Westermo router WAN interface is tested, and adjust the VRRP priority down if the WAN is not operational. Another example would be to probe the WAN interface of another VRRP router, and adjust the local VRRP priority up if that WAN interface isn’t operational. When conﬁ gured to probe in this manner, it is necessary to conﬁ gure a second Ethernet interface to be on the same subnet as the VRRP interface. This is because the VRRP interface cannot be used when it is in backup mode. The probes should be sent on this second interface. The second interface will have the other VRRP router as its gateway. The routing table should be conﬁ gured to direct packets for the probe address to the desired interface.

Probe port:

This parameter speciﬁ es the TCP port number to use when Probe mode is set to TCP.

Page 55

6620-3201

Probe priority adjustment direction:

This parameter speciﬁ es the direction in which the Group priority will be adjusted in the event that the Probe failure limit is reached.

Probe failure priority adjustment:

This parameter is used to set the amount of priority adjustment applied to the Group priority in the event that the Probe failure limit is reached.

Using Text Commands

From the command line, use the eth command to conﬁ gure or display the Ethernet interface VRRP settings.

To display current settings enter the following command:

eth <instance> ?

where <instance> is the number of the Ethernet interface. To change the value of a parameter use the following command:

eth <instance> <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

vprobeadj 0-255 Probe failure priority adjustment

vprobeadjup 0,1

Probe priority adjustment direction: 0=Down 1=Up

vprobebackint 0-32767 Backup state probe interval (s) vprobefailcnt 0-255 Probe failure limit vprobeip IP address Probe IP address vprobemastint 0-32767 Master state probe interval (s) vprobemode Off, ICMP, TCP Probe mode vprobeport Port number Probe port vprobesuccesscnt 0-255 Consecutive probe successes required

For example, to turn VRRP probing on in TCP mode for Ethernet port 0 enter:

eth 0 vprobemode tcp

Page 56

6620-3201

4.24 Conﬁ gure > Ethernet > MAC Filters

These pages contain the MAC addresses used for MAC address ﬁ ltering on the Conﬁ gure >

Ethernet > n pages. When enabled either on the web page or using the eth <n> macﬁ lt

ON command from the command line, a received frame will only be sent up the stack if the source

MAC address or matching part thereof exists in the MAC ﬁ lter table. It is possible to allow a range of addresses by specifying only the signiﬁ cant portion of the MAC address in the table, e.g. macﬁ lt 0 mac “00042d” to allow packets from Westermo units.

Using the Web Page(s)

The MAC ﬁ lter number.

MAC:

The MAC address.

Using Text Commands

From the command line, use the macﬁ lt command to conﬁ gure or display the MAC ﬁ lters. To display current settings enter the following command:

macﬁ lt <instance> ?

where <instance> is the number of the MAC ﬁ lter.

To change the value of a parameter use the following command:

macﬁ lt <instance> <parameter> <value>

There is only one parameter:

Page 57

6620-3201

4.25 Conﬁ gure > Ethernet > VLANs

VLANs (Virtual LAN’s) enable you to split a single physical LAN into separate Virtual LAN’s. This is useful for security reasons, and will also help cut down on broadcast trafﬁ c on your LAN. The VLAN feature is currently a chargeable extra.

Using the Web Page(s)

The Conﬁ gure > Ethernet > VLANs page contains a table that allows you to enter a series of VLAN Id’s, Ethernet Instances, IP Addresses and Subnet Masks to base VLAN tagging on.

VLAN Id

The ID of the Virtual LAN. This parameter is used in the TCP header to identify the destination VLAN for the packet.

ETH Instance

The Ethernet port that will tag the outgoing packets. Only packets sent from this interface will have VLAN tagging applied.

IP Address

The destination IP address. If this ﬁ eld is ﬁ lled in, only packets destined for this IP address will have VLAN tagging applied.

Mask

The destination IP subnet mask. If this ﬁ eld is ﬁ lled in, only packets destined for this IP subnet mask will have VLAN tagging applied.

Src IP Address

The source IP address. If this ﬁ eld is ﬁ lled in, only packets from this IP address will have VLAN tagging applied.

Src Mask

The source IP subnet mask. If this ﬁ eld is ﬁ lled in, only packets from this IP subnet mask will have VLAN tagging applied.

Page 58

6620-3201

Using Text Commands

From the command line, use the vlan command to conﬁ gure or display the VLAN instance. To display the current settings for the VLAN instance enter the following command:

vlan <instance> ?

where <instance> is the VLAN instance (0 - 9).

To change the value of a parameter use the following command:

vlan <instance> <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

ethctx number ETH Instance ipaddr IP address IP Address mask IP netmask Mask srcipaddr IP address Src IP Address srcmask IP netmask Src Mask vlanid number VLAN Id

Page 59

6620-3201

4.26 Conﬁ gure > Event Handler

The unit maintains a log of certain types of event in the “EVENTLOG.TXT” pseudo ﬁ le. When an event of a speciﬁ ed level (or higher) occurs, it can be conﬁ gured to automatically generate and send an email alert message, or on GPRS models an SMS alert message, to a pre-deﬁ ned address. The

Conﬁ gure > Event Handler page is used to set-up the email or SMS related options for this feature.

Using the Web Page(s)

To use the email alert facility, you must ﬁ rst ensure that a valid Dial-out number, Username and Password have been speciﬁ ed on the

Conﬁ gure > PPP (standard parameters) page, and that the

SMTP parameters have been set correctly on the

Conﬁ gure > SMTP page.

To use the automatic SMS alert message facility you must ﬁ rst ensure that a valid SMS Message Centre number has been speciﬁ ed on the

Conﬁ gure > GPRS page.

Then set the following parameters as required:

Event Filter Codes:

Enter the event codes you do not wish to be logged, separated by commas. For example, if you entered “30,68” then event codes 30 and 68 would never get logged.

Maximum event priority to log:

This is the lowest priority event code that will be logged in the “EVENTLOG.TXT” pseudo ﬁ le. For example, if this value is set to 6, only events with a priority of 6 or higher will be logged.

Delay after powerup before sending traps/emails/sms (s):

This parameter will delay the sending of SNMP traps, email requests and SMS messages for a period of time after the unit powers up. This is useful in circumstances where the sending of those items would fail if sent too soon after the unit powers up because the underlying interface that would be used has not completed initialisation.

Emails today:

This read-only value maintains a count of how many email alert messages have been sent during the last 24-hour period.

Max emails/day:

The value in this ﬁ eld is the maximum number of email alert messages that the unit will generate per day. This is intended to prevent messages being repeated frequently when you have set the event trigger level to a low value, i.e. a value that results in many events generating automated email alert messages.

Email template:

This ﬁ eld contains the name of the template ﬁ le that will be used to form the basis of any email alert messages generated by the event logger. The default template is a text ﬁ le called “EVENT.EML” that is stored within the compressed .web ﬁ le.

You may create alternative templates but you must use the “.EML” ﬁ le extension and store the ﬁ les in the normal ﬁ le directory. If you create a new template with the name “EVENT.EML”, this will take precedence over the pre-deﬁ ned “EVENT.EML” template.

Email trigger priority:

This is the lowest priority event code that will generate an email alert message. For example, if this value is set to 6, only events with a priority of 6 or higher will trigger an automated email alert message. To disable email alarms set this value to 0.

Page 60

6620-3201

Email To:

This parameter is used to specify the email address for the recipient of email alert messages generated by the event logger.

Email From:

This parameter is used to specify the email address for the unit. You will need to set up an email account with your Internet Service Provider.

Email Subject:

This ﬁ eld should contain a brief description of the email content.

SNMP traps today:

This read-only value maintains a count of how many SNMP trap messages have been sent during the current day.

Max SNMP traps/day:

The value in this ﬁ eld is the maximum number of SNMP trap messages that the unit can generate per day. This is intended to prevent messages being repeated frequently when you have set

SNMP trap

trigger priority

to a low value, i.e. a value that results in many traps occurring in one day.

SNMP trap trigger priority:

This is the lowest event priority code that will generate an SNMP trap message. For example, if this value is set to 6, only events with a priority of 6 or higher will trigger an automated SNMP trap message.

SYSLOG messages today:

This read-only value maintains a count of how many SYSLOG messages have been sent during the last 24-hour period.

Max SYSLOG messages/day:

The value in this ﬁ eld is the maximum number of SYSLOG (user informational) messages that the unit can generate per day. This is intended to prevent messages being repeated frequently when you have set

SYSLOG trigger priority to a low value, i.e. a value that results in many SYSLOG events

occurring in one day.

SYSLOG trigger priority:

This is the lowest event priority code that will generate SYSLOG message. For example, if this value is set to 6, only events with a priority of 6 or higher will trigger an automated SYSLOG message.

SMS Parameters:

Note:

The following parameters apply only to models with GPRS capability.

SMS messages today:

This read-only value maintains a count of how many SMS messages have been sent during the last 24-hour period.

Max SMS/day:

The value in this ﬁ eld is the maximum number of SMS messages that the unit will generate per day. This is intended to prevent messages being repeated frequently when you have set the event trigger level to a low value, i.e. a value that results in many events generating an automated SMS alarm.

SMS trigger priority:

This is the lowest priority event code that will generate an SMS alert message. For example, if this value is set to 6, only events with a priority of 6 or higher will trigger an automated SMS alert. To disable SMS alerts set this value to 0.

Page 61

6620-3201

SMS template:

This ﬁ eld contains the name of the template ﬁ le that will be used to form the basis of any SMS alarm messages generated by the event logger. The default template is a text ﬁ le called “EVENT.SMS” that is stored within the compressed .web ﬁ le.

You may create alternative templates but you must use the “.SMS” ﬁ le extension and store the ﬁ les in the normal ﬁ le directory. If you create a new template with the name “EVENT.SMS”, this will take precedence over the pre-deﬁ ned “EVENT.SMS” template.

SMS destination:

This is the destination phone number for SMS alert messages including the international dialling code but no “+” preﬁ x or leading 0’s.

Using Text Commands

From the command line, the event command may be used to conﬁ gure the email alert options for the event logger.

To display the current email settings for the event logger enter the command:

event <instance> ?

where <instance> is 0. At present there is only one event log, i.e. 0, but the instance parameter has been included to allow for future expansion. To change the value of a parameter use the command in the format:

event 0 <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

action_dly number

Delay after powerup before sending traps/emails/sms (s)

emax

number Max emails/day etemp ﬁ lename Email template etrig 0-9 Email trigger priority ev_ﬁ lter numbers Event Filter Codes from email address Email From loglevel number Maximum event priority to log

sms_max

number Max SMS/day

sms_to

phone number SMS destination number sms_trig 0-9 SMS trigger priority

smstemp

ﬁ lename SMS Email template subject

text

Email Subject syslog_max number Max SYSLOG messages/day syslog_trig 0-9 SYSLOG trigger priority

email address Email To

trap_max

number Max traps/day

trap_trig 0-9 Trap trigger priority

For example, to set the maximum number of emails that may be sent in one day to 3, enter:

event 0 emax 3

Page 62

6620-3201

4.27 Conﬁ gure > Event Logcodes

This page allows you to edit the logcodes used to describe events entered in the “EVENTLOG.TXT” pseudo ﬁ le.

Using the Web Page(s)

The web page shows the following information:

Event Code

The code used to describe the event in the “EVENTLOG.TXT” pseudo ﬁ le.

Filter Priority

The priority of the event, used to determine whether the event will trigger emails, SMS messages or SNMP traps.

Description

A description of the event.

Reasons

A list of reasons as to why the event occurred. Not every event has a list of reasons.

4.27.1 Conﬁ guring Events

By clicking on an event, a new page is displayed showing the following parameters:

Priority:

The priority of the event, used to determine whether the event will trigger emails, SMS messages or SNMP traps.

Attach Analyser:

Selecting “On” will attach a snapshot of the current Analyser trace to an email triggered by this event, no matter what reason triggered the event.

Analyser Action:

Choose from “Off”: the Analyser trace will continue as normal, “Freeze”: No more logging is performed until the email is sent, or “Delete”: The trace is deleted once the email is sent.

Attach Eventlog:

Selecting “On” will attach a snapshot of the current Eventlog to an email triggered by this event, no matter what reason triggered the event.

Eventlog Action:

Choose from “Off”: the Eventlog will continue to be written as normal, or “Delete”: The Eventlog is deleted once the email is sent.

Filter Event:

Selecting “On” will prevent this event from being written to the Event Log. This means the event will not trigger any automatic emails, SMS messages or SNMP traps.

Note:

This parameter is NOT saved in the logcodes.txt ﬁ le but in the conﬁ g.dax ﬁ le. This means that after changing this parameter, the change must be saved by clicking the Save link near the bottom of the web menu, NOT the

Save All Event Code Changes button on the Conﬁ gure > Event Logcodes

page.

On the command line the event number of ﬁ ltered events is stored in comma separated list in the “event 0 ev_ﬁ lter” parameter. This is edited on the web in the

Event Filter Codes parameter on the

Conﬁ gure > Event Handler page.

Page 63

6620-3201

PPP Mask:

A bitmask (entered in decimal format) that determines which PPP instances the priority for the event will apply. For example, if you wish that only events on PPP0 and PPP3 have the priority set in the

Priority parameter, enter 5 (1010 in decimal). Log Level:

The priority of the event, used to determine whether the event will be logged. This is determined by the value of the

Maximum event priority to log parameter set in the Conﬁ gure > Event Handler

page.

Priority is Conditional on Entity#:

If this parameter is “On”, the event is conditional on which entity triggered the event (e.g. eth, ppp, etc.). Choose the entity from the

Entity drop-down list.

Entity:

See above.

Priority is Conditional on instance#: Used in conjunction with Priority is Conditional on Entity#.

If this parameter is “On”, then the event is conditional not only upon which entity triggered the event, but on which instance of the entity, entered in the

Instance # parameter. For example, if Priority is

Conditional on Entity#

is set to “eth”, this parameter is “On”, and Instance # is 1, only events of this

type triggered by eth 1 will be triggered.

Instance #:

See above.

Page 64

6620-3201

4.27.2 Conﬁ guring Reasons

By clicking on a reason, a new page is displayed showing the following parameters:

Inherit priority from Event:

By selecting “On”, the priority of the reason will be the same as the Event that was triggered. If “Off” is selected, the reason takes the priority entered in the Priority parameter.

Priority:

The priority of the reason, if

Inherit priority from Event is “Off”.

Attach Analyser:

Selecting “On” will attach a snapshot of the current Analyser trace to an email triggered by this event with this reason.

Analyser Action:

Choose from “Off”: the Analyser trace will continue as normal, “Freeze”: No more logging is performed until the email is sent, or “Delete”: The trace is deleted once the email is sent.

Attach Eventlog:

Selecting “On” will attach a snapshot of the current Eventlog to an email triggered by this event with this reason.

Eventlog Action:

Choose from “Off”: the Eventlog will continue to be written as normal, or “Delete”: The Eventlog is deleted once the email is sent.

PPP Mask:

A bitmask (entered in decimal format) that determines which PPP instances the priority for the reason will apply. For example, if you wish that only events on PPP0 and PPP3 have the priority set in the

Priority parameter, enter 5 (1010 in decimal). Log Level:

The priority of the reason, used to determine whether the event will be logged. This is determined by the value of the Maximum event priority to log parameter set in the Conﬁ gure > Event Handler page.

Priority is Conditional on Entity#:

If this parameter is “On”, the event is conditional on which entity triggered the event (e.g. eth, ppp, etc.). Choose the entity from the

Entity drop-down list.

Entity:

See above.

Priority is Conditional on instance#: Used in conjunction with Priority is Conditional on Entity#.

If this parameter is “On”, then the event is conditional not only upon which entity triggered the event, but on which instance of the entity, entered in the

Instance # parameter. For example, if Priority is

Conditional on Entity#

is set to eth, this parameter is “On”, and Instance # is 1, only reasons of this

type triggered by eth 1 will be triggered.

Instance #:

See above.

Using Text Commands

There is no text command for editing Eventcodes. However, it is possible to edit the “LOGCODES. TXT” ﬁ le, which holds all the logcode information. For details on this, refer to the section “The Event Log”.

Page 65

6620-3201

4.28 Conﬁ gure > Firewall

All models in the Westermo range incorporate a comprehensive “ﬁ rewall” facility. A ﬁ rewall is a security system that is used to restrict the type of trafﬁ c that the router will transmit or receive, based on a combination of IP address, service type, protocol type, IP ﬂ ags, etc. Firewalls are used to minimise the risk of unauthorised access to your local network resources by external users or to restrict the range of external resources to which local users have access. A more detailed description of how ﬁ rewalls operate on Westermo routers is given in the “Firewall Scripts” section. If you intend to implement a ﬁ rewall you should refer to that section ﬁ rst.

The rules governing the operation of the ﬁ rewall are contained in a pseudo-ﬁ le called “FW.TXT”. This ﬁ le can be created either by using the controls on the

Conﬁ gure > Firewall web page, or by using a

text editor on your PC and then loading the resulting ﬁ le into the unit (using FTP or XMODEM).

Using the Web Page(s)

If you have not yet created a ﬁ le called “FW.TXT” on the unit, the Conﬁ gure > Firewall page will initially contain a blank script with a button labelled

Insert to the right. If you have created the ﬁ le it will

be displayed in the top section of the screen with line numbers at the left and a series of buttons at the right that allow you to delete, edit or insert lines.

At the bottom of the screen are three more buttons labelled

Reset, Save and Restore.

To create a new rule directly on the web page click on the

Insert button at the right of the screen. If

there are already one or more lines in the ﬁ le, there will be two

Insert buttons, one next to the line

(which inserts a new line above the current line) and one on the line below (which inserts a new line below the current line).

In either case a new text box will be created into which you can type the new rule. When you have ﬁ nished typing the rule press the

OK button to add it to the ﬁ le or Cancel to abandon the changes.

The unit will validate the rule and if it is valid it will add it to the ﬁ le. If errors are detected it will display a warning message with an indication of the error and you may then choose to edit the line or delete it.

To edit an existing rule click on the

Edit button to the right of the rule and then on OK or Cancel when

you have completed the changes.

To delete an existing line press the delete button to the right of it.

When you have completed your editing session, click on the

Save button at the bottom of the screen

to copy it back to the “FW.TXT” pseudo-ﬁ le. If you do not save the ﬁ le any changes you have made will be lost when the power is removed or the unit is rebooted.

If you wish to cancel all changes you have made during an editing session and you have not yet saved them, you may click on the

Restore button. This will copy the “FW.TXT” ﬁ le to the screen.

The third button at the bottom of the screen labelled

Reset Hit Counters allows you to zero the rule

hit counters shown at the left of each rule.

Current Interface Firewall Status:

This section of the page provides a list of interfaces on which the ﬁ rewall may be enabled and an indication of whether the ﬁ rewall is currently “On” or “Off” for each interface. By clicking on the name of the interface you can jump to the appropriate conﬁ guration page to change the setting if necessary.

Page 66

6620-3201

Using Text Commands

If your ﬁ rewall script is particularly complex, you may wish to create it on your PC using the text editor of your choice and then load it onto the unit when it is complete. To do this simply create the ﬁ le and save it as “FW.TXT”. You may then load the ﬁ le onto the unit using XMODEM as follows:

1 Connect the router to your PC using ASY0 and apply power. 2 Load your terminal program, select the correct COM port. 3 Type “AT” and press Enter -the unit should respond with “OK”. If the command is not echoed turn echo on by entering “ATE1”. 4 Type “AT\LS” - the unit should respond with “OK”. 5 Type “XMODEM FW.TXT” and press Enter and the unit will wait for the ﬁ le transfer to start. 6 Select the

File transfer > XMODEM > Send option in your terminal software and when

prompted for a ﬁ lename select the “FW.TXT” ﬁ le you created. 7 When the ﬁ le transfer is complete the unit will display the “OK” message.

Refer to the section “FTP under Windows” for instructions on how to access the unit for the purpose of carrying out FTP ﬁ le transfers.

Once the ﬁ le “FW.TXT” has been successfully loaded onto the unit the router will automatically “compile” it and generate a ﬁ le called “FWSTAT.TXT”. If there are any errors in the “FW.TXT” ﬁ le these will be identiﬁ ed in “FWSTAT.TXT”.

Page 67

6620-3201

4.29 Conﬁ gure > Firewall Options

This page contains the timer parameters and other options that are used by the Firewall stateful inspection module. This module establishes temporary ﬁ rewall rules that last for the duration of a single connection only. Typically, the ﬁ rst packet of a TCP connection (a SYN packet), is used to create a stateful inspection rule that only allows subsequent packets for that TCP connection through the ﬁ rewall. The timers described below are used to set limits on how long such rules may persist.

Using the Web Page(s)

The web page includes the following parameters:

Timers

TCP opening (s):

This speciﬁ es the length of time following receipt of a TCP packet that causes a stateful inspection rule to be created before a TCP connection must be established. If a TCP connection is not established within this period, the associated stateful inspection rule will be removed.

TCP open (s):

This parameter speciﬁ es the length of time that an established TCP connection may remain idle before the stateful inspection rule created for it is removed. The timer is restarted each time a packet is processed by the associated stateful inspection rule.

TCP closing (s):

This parameter speciﬁ es the length of time that is allowed for a TCP socket to close once the ﬁ rst FIN packet has been received. If the timer elapses before the socket has completed closing the associated stateful inspection rule is removed.

TCP closed (s):

This parameter speciﬁ es the length of time that a stateful inspection rule will remain in place after a TCP connection has closed.

UDP (s):

This parameter speciﬁ es the length of time that a stateful inspection rule will remain in place following the receipt of a UDP packet. The timer is restarted each time packets matching the rule pass in each direction. As a consequence, rules based on UDP should only be used if it is anticipated that packets will travel in both directions.

ICMP (s):

Some ICPM packets, such as “ECHO” requests, will generate responses. This parameter speciﬁ es the length of time that a stateful inspection rule created in respect of an ICMP packet will remain in place before being removed if a response packet has not been received. Such a rule will also be removed immediately following the receipt of a response.

Other protocol (s):

If a stateful inspection rule is created from a packet type other that TCP, UDP or ICMP, this parameter speciﬁ es the length of time for which the rule will persist. The timer is restarted each time a packet is processed by the rule.

Other Options

Maximum consecutive packets in one direction before expiring entry:

The maximum number of consecutive packets sent in one direction before the entry is expired.

Page 68

6620-3201

Using Text Commands

From the command line, use the fwall command to conﬁ gure or display ﬁ rewall options. To display current settings enter the command:

fwall <instance> ?

where <instance> is 0. At present there is only one ﬁ rewall instance, i.e. 0, but the instance parameter has been included to allow for future expansion. To change the value of a parameter use the command in the format:

fwall 0 <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

closed number TCP closed (s) closing number TCP closing (s) icmp number ICMP (s)

maxuni number

Maximum consecutive packets in one direction before expiring entry

open

number TCP open (s) opening number TCP opening (s) other number Other protocol (s) udp number UDP (s)

For example, to set the ﬁ rewall TCP closing timer to 15 seconds you would enter the command:

fwall 0 closing 15

Page 69

6620-3201

4.30 Conﬁ gure > FTP Client

This page contains only one parameter.

Using the Web Page(s)

TX buffer size:

The size of the TX buffer in bytes.

Using Text Commands

From the command line, use the ftpcli command to conﬁ gure FTP client options. To display current settings enter the command:

ftpcli <instance> ?

where <instance> is 0. At present there is only one FTP client instance, i.e. 0, but the instance parameter has been included to allow for future expansion. To change the value of a parameter use the command in the format:

ftpcli 0 <parameter> <value>

The parameters and values are:

For example, to set the TX buffer to 8096 bytes you would enter the command:

ftpcli 0 txbuf 8096

Page 70

6620-3201

4.31 Conﬁ gure > FTP Relay Agents > RELAY n

The FTP Relay agents allow any ﬁ les transferred onto the unit by a speciﬁ ed user (using File Transfer Protocol), to be temporarily stored in memory and then relayed to a speciﬁ ed FTP host. This is useful when the unit is being used to collect data ﬁ les from a locally attached device such as a webcam, which must then be relayed to a host system over a slower data connection such as GPRS. In effect, the router acts as a temporary data buffer for the ﬁ les.

The FTP Relay Agent can also be conﬁ gured to email (as an attachment) any ﬁ les that it was unable to transfer to the FTP Server. To facilitate this you should set the Email Template, To, From and Subject parameters as appropriate and also conﬁ gure the SMTP Client (see

Conﬁ gure > SMTP).

Using the Web Page(s)

The web page includes the following parameters:

Local username:

This parameter should be set to match one of the usernames programmed in the Conﬁ gure > Users page. This name is then used as the FTP login “username” when the local device needs to relay a ﬁ le.

Server hostname:

This is the name of the FTP host to which ﬁ les from the locally attached device are to be relayed.

Server username:

This is the username required for login to the speciﬁ ed FTP host.

Server password:

This is the password to be used for logging into the FTP host.

Server conﬁ rm password:

Enter the password again in this ﬁ eld to conﬁ rm it.

Remote directory:

This is the full name of the directory on the FTP host to which the ﬁ le is to be saved.

Client timeout (s):

This parameter is speciﬁ es the length of time in seconds that the unit will maintain a connection to an FTP host after transferring a ﬁ le.

Client retry count:

This parameter speciﬁ es the number of times the unit will try to connect to the speciﬁ ed FTP host.

Client retry interval (s):

This parameter speciﬁ es the interval in seconds between successive retries.

Transfer failure mode:

If the unit cannot establish a connection to the speciﬁ ed FTP host after the number of retries speciﬁ ed above, it will either retain the ﬁ le in memory or delete it depending upon the setting of this parameter. If the ﬁ le is retained, manual intervention will be required to recover it at a later stage.

Note:

The ﬁ le will be lost if the power is removed from the unit.

Page 71

6620-3201

Rename local ﬁ le:

When this parameter is set to “Yes”, the unit will store uploaded ﬁ les internally with a ﬁ lename in the form “relnnnn” where nnnn is a sequential number. For each new ﬁ le received the number is incremented. When the ﬁ le is relayed to the FTP host the original ﬁ lename is used.

When the parameter is set to “No”, the ﬁ le is stored internally under its original ﬁ lename. This parameter should be used if you wish to upload a ﬁ le with a ﬁ le name longer than 12 characters including the extension and period (e.g. longer than an 8.3 style ﬁ le name such as autoexec.bat).

Email template:

This ﬁ eld contains the name of the template ﬁ le that will be used to form the basis of any email messages generated by the FTP Relay Agent. This would normally be the standard “EVENT.EML” template provided with the unit but you may create alternative templates if necessary (see Email templates).

Email To:

This parameter is used to specify the email address for the recipient of email messages generated by the FTP Relay Agent.

Email From:

This parameter is used to specify the email address for the unit. You will need to set up an email account with your Internet Service Provider.

Email Subject:

This ﬁ eld should contain a brief description of the email content.

Page 72

6620-3201

Using Text Commands

From the command line, use the frelay command to conﬁ gure or display FTP Relay Agent settings. To display current settings enter the command:

frelay <instance> ?

where <instance> is the instance number of the agent. To change the value of a parameter use the command in the format:

frelay 0 <parameter> <value>

The parameters and values are:

Parameter Values equivalent Web Parameter

ftpdir text Remote directory

ftpepwd text

None - this is the password in encrypted format. This parameter

is not conﬁ gurable. ftphost IP address Server hostname ftppwd text Server password ftpuser

text

Server username locuser

text

Local username

norename

off, on Rename local ﬁ le retries number Client retry count retryint number Client retry interval (s) savemode off, on Transfer failure mode smtp_from email address Email From smtp_subject

text

Email Subject

smtp_temp

ﬁ lename Email template

smtp_to

email address Email To timeout number Client timeout (s)

For example, to set the FTP directory for FTP Relay Agent 1 to “images” you would enter the command:

frelay 1 ftpdir images

Page 73

6620-3201

4.32 Conﬁ gure > General

This is used to set up a variety of features that relate to the basic operation of the unit.

Using the Web Page(s)

Power-up conﬁ g:

This speciﬁ es which of the two conﬁ g ﬁ les “CONFIG.DA0” or “CONFIG.DA1”, is loaded when the unit is powered up or rebooted. This is equivalent to the conﬁ g n powerup text command.

Serial number:

This read-only ﬁ eld displays the unit’s serial number.

Unit identity:

This is a string of up to 20 characters that can be used to identify the unit in email alert messages generated by the event logger. It is also displayed as a prompt when logging on remotely. The character sequence “%s” may be used as part of the string. This is substituted by the unit’s serial number when the unit identity is displayed. For example, if the unit serial number is 005555, entering the string “MyRouter_%s>” would show the prompt “MyRouter_005555>” during a remote login.

Auto start macro:

This is a command that will be executed automatically when the unit is ﬁ rst powered up. This command will be issued to ASY 0. If it is necessary to issue a command to another ASY port then the command line interface must be used. For example, to issue a command to ASY port 3 you would use:

cmd 3 autocmd <command> where <command> is the command to be issued to ASY 3 on powerup.

System hostname:

This parameter can be used to allocate a synonym for the local IP address of the unit. For example, the default local IP address is 1.2.3.4. The unit will respond to this address when you enter it into your Web browser. The default

System hostname that maps to this address is “ss.2000r”.

Note:

To work correctly with Windows 98 the System Hostname must include at least one full stop. To work correctly with Windows XP or 2000 the System Hostname must end in a letter (rather than a number).

Secondary hostname: This allows a second hostname to be assigned to a unit. This is associated

with the

Secondary IP address.

Secondary IP address:

This can be used to assign an additional IP address to the router without assigning it to any particular interface. The router will respond directly to incoming trafﬁ c on this address, i.e. it will not attempt to onward router any IP packets for this address.

Remote command echo:

This parameter may be used to enable or disable command echo for remote access.

Remote command timeout (s):

This speciﬁ es the maximum period of inactivity (in seconds), that may occur before a remote command session is terminated. The default value is 90 seconds.

Page 74

6620-3201

X25 remote command address:

This parameter is used to allow remote access to the unit via an X.25 channel. If the address speciﬁ ed, (up to 15 digits), matches the trailing digits of an incoming X.25 call, the calling user will be prompted to enter their username and password. Correct entry of these will allow the calling user to control the unit remotely. The range of functions they will be able to access will depend upon their user access level.

X25 call timeout (s):

This parameter is the time the unit will wait for an X.25 call to connect. This timer starts when the X.25 call request is sent.

X25 switch call timeout (s):

This parameter is the time the unit, operating as an X.25 switch, will wait for a switched X.25 call to connect. If the timer expires before a switched call has connected, then a CLR will be returned to the calling party.

GPRS LED mode:

On models ﬁ tted with GPRS, this parameter is used to select whether the dual-function status indicators on the front panel reﬂ ect the status of the GPRS module or the ISDN connection and may be set to “GPRS” or “ISDN” respectively.

ASY LED mode:

This parameter determines what causes the ASY port LED’s to illuminate. When set to “Connection”, the LED for an ASY port illuminates when the protocol bound to that port is connected. When set to “DTR status”, the LED for an ASY port illuminates when the terminal connected to that

port raises the DTR signal. When set to “GPRS Signal Strength” the four LED’s that normally indicate activity on the ASY ports (GR2130 and GR2410 only), function instead as a signal strength indicator. If only one LED is illuminated the signal is weak, if all four are illuminated the signal is at full strength.

ASY <port> name:

These parameters allow a name to be associated with each of the physical and logical ASY ports. Once you have allocated a name it will appear in the heading of the

Conﬁ g > ASY port page for that

port. It will also be displayed when using the “AT\PORT” command.

GPRS port name:

On models ﬁ tted with GPRS this parameter allows you assign a name to the port occupied by the GPRS module. Once you have allocated a name it will appear in the heading of the

Conﬁ g > ASY

Ports

> GPRS Port page. It will also be displayed when using the “AT\PORT” command.

PSTN port name:

On models ﬁ tted with an analog modem this parameter allows you assign a name to the port occupied by the modem. Once you have allocated a name it will appear in the heading of the

Conﬁ g > ASY

Ports

> PSTN Port page. It will also be displayed when using the “AT\PORT” command.

ASY <port> Telnet mode:

This parameter is used to select the Telnet mode when a remote entity is connected to an ASY port via TCP/IP (i.e. connected to TCP port 4000 to 4003 for ASY ports 0 - 3 respectively). When set to “Raw Mode” no byte stufﬁ ng is used. When set to “Telnet Mode” standard Telnet byte stufﬁ ng is used. When set to “Telnet No Null Stufﬁ ng Mode”, Telnet byte stufﬁ ng without null stufﬁ ng is used.

Page 75

6620-3201

GPRS port Telnet mode:

On models ﬁ tted with GPRS, this parameter is used to select the Telnet mode when a remote entity is connected to the GPRS port via TCP/IP. The three available options are the same as those for

ASY

<port> Telnet mode

described above.

PSTN port Telnet mode:

On models ﬁ tted with an analog modem, this parameter is used to select the Telnet mode when a remote entity is connected to the PSTN port via TCP/IP. The three available options are the same as those for

ASY <port> Telnet mode described above.

Allow anonymous FTP login:

This parameter is used to allow or disallow anonymous FTP logins to the unit. Default is “Off” (disallow anonymous logins).

TCP socket inactivity timer (s):

This speciﬁ es the maximum period of inactivity (in seconds) that may occur before an open TCP/ IP socket is closed. The default value is 300 seconds (5 minutes) and should not normally require altering.

TCP socket keep-alive (s):

This speciﬁ es the amount of time (in seconds) between sending “keep-alive” messages over open TCP connections. The purpose of these messages is to prevent a connection from closing even when no data is being transmitted or received. The default value of this parameter is zero, which disables keep-alive messages.

TCP socket connect timeout (s):

This parameter is used to specify the amount of time after which a TCP socket may remain idle before being closed. If the value is set to 0 the socket may remain open indeﬁ nitely.

SNMP enterprise number:

This parameter speciﬁ es the value of the Object Identiﬁ er component following “enterprises” to be used by SNMP managers when accessing the MIB on the unit. Object Identiﬁ ers of objects in the unit’s SNMP MIB have the preﬁ x “{ enterprises n ir2140 }” where “n” is the SNMP enterprise number.

SNMP enterprise name:

This speciﬁ es the name corresponding to the SNMP enterprise number above.

SNMP community string:

This speciﬁ es the required SNMP Community String to be used by SNMP managers in order to access the unit’s MIB.

SNMP trap destination address:

This is the IP address (or host name) of the destination for SNMP trap messages.

GP sockets use IP from interface:

This parameter allows general-purpose TCP sockets to use a source IP address other than that of the interface on which the socket connection is created. The unit creates general-purpose sockets automatically when your application requires them, e.g. when TPAD calls are made over IP or XOT. Normally, the source address used by the socket will be that of the outgoing interface (usually PPP). However, for some applications such as when setting up a VPN, it may be necessary to specify that the socket use a different source address such as that of the local Ethernet port. This parameter is used to specify from which interface the source address should be derived and may be set to “None” (default), “ETH” or “PPP”.

Note:

Even when this parameter is not set to “None”, normally the IP address from the interface on which the socket is created will be used. The source address speciﬁ ed in this parameter will only be used if it will cause the trafﬁ c to match an Eroute and therefore be sent over IPSec or GRE.

Page 76

6620-3201

GP sockets use IP from interface #:

This parameter is used in conjunction with the GP sockets use IP from interface parameter above to select which interface instance is used to derive a source address.

GRE checksums:

This parameter selects whether to add GRE checksums to GRE packets when the unit is terminating a GRE tunnel. “Off” disables checksums, “On” enables checksums.

Additional FTP NAT port:

FTP control channels normally use TCP port 21 to carry the FTP commands. Consequently, when NAT is enabled the unit monitors the FTP commands on this port number and checks for the two FTP commands “PORT” and “PASV”. These commands contain information relating to IP addresses which may need modifying during the NAT process. Such modiﬁ cations may result in different sized packets being generated that then require that the TCP sequence numbers be modiﬁ ed to allow for the changes.

This parameter may be used to specify an additional port number (other than 21), which the unit should monitor and is useful where FTP servers are known to be listening on non-standard control channels.

RIP interval (s):

If this parameter is set to a non-zero value then RIP (Routing Information Protocol) packets will be transmitted at the speciﬁ ed interval (in seconds). These packets contain the unit’s current routes (e.g. any active PPP instance routes), static routes and the default route.

IP route out of service time (s):

This speciﬁ es the time in (seconds), for which an IP route is ﬂ agged as “out of service” when the route cannot be activated (i.e. the metric for the route is set to 16). This means the unit will subsequently attempt to route packets through other routes with matching net masks that are not out of service.

Alternative route delay (s):

This parameter is normally set to 0 and should not be changed without reference to Westermo Technical Support.

Always-on route return-to-service delay (s):

An “always-on” route is either a route with the interface set to Ethernet or a route with the interface set to a PPP instance that has the AODI mode parameter set to On. If such a route goes out of service for some reason and then becomes available again some time later the unit will automatically bring the route back up. This parameter is used to set the delay in seconds between the service becoming available again and the unit starting to use it.

Route directed broadcasts:

When this parameter is “ON”, the unit will route private subnet broadcasts (e.g. 192.168.31.255) using the normal routing logic. When “OFF”, the unit will not route broadcasts.

Local port access level:

This parameter may be used to set the authority level for users entering commands via one of the ASY ports. This means that if you are intending to manage units remotely, you can restrict the access that local users have for reconﬁ guring them.

User task ﬁ lename:

This speciﬁ es the name of a ﬁ le containing a “user task” ﬁ le. A user task is a software module that may be loaded into the unit to provide support for a new protocol or application.

PPP detect:

When this parameter is “On”, all ISDN answering protocols (V110,V120,X75,LAPB,etc) can detect the presence of an inbound PPP connection and trigger a conﬁ gured answering PPP to take over the ISDN call.

Page 77

6620-3201

Pre login banner:

This parameter speciﬁ es a ﬁ le that will be used as a banner placed before login information is requested when connecting to a command line session.

Post login banner:

This parameter speciﬁ es a ﬁ le that will be used as a banner placed after login information is entered when connecting to a command line session. In addition, if a ﬁ le is speciﬁ ed, “CONTINUE [Y/N]?” will be displayed after the login information is entered, and a response is required before access is granted to the unit.

Include CLI when dialling:

When this parameter is set to “On”, the CLI is included with the Calling Party element when the unit makes a call.

Auto-Conﬁ gure Email Fields

This section is used to set up parameters for use in communicating with a conﬁ guration server via email. The following parameters may be set:

Template:

This is a read-only ﬁ eld showing the template to be used for auto-conﬁ guration request emails.

To:

This parameter is used to specify the email address ﬁ eld for auto-conﬁ guration request emails. This should be set to the email address of the auto-conﬁ guration server.

From:

This parameter is used to specify email address of the unit for the auto-conﬁ guration request emails.

Subject:

This ﬁ eld should contain a brief description of the email content for auto-conﬁ guration emails.

Page 78

6620-3201

Using Text Commands

From the command line, the general settings are conﬁ gured using the cmdcommand. To display current general settings enter the command:

cmd <instance> ? where <instance> is 0, 1, 2 or 3.

Note:

The instance number should be 0 in all cases EXCEPT when using the ASY name or Telnet mode parameters, in which cases the instance number should match the required port number.

To change the value of a parameter use the command in the format:

cmd <instance> <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

anonftp off, on Allow anonymous FTP login

asyled_mode 0,1

ASY LED mode: 0=Connection 1=DTR status

asyname

text ASY <port> name autocmd text Auto start macro

bufsafe_cnt number

None - the level of available buffers read at least once during the period set in bufsafe_secs. If this level is not reached once then the “Low System Buffers” event is logged along with a new reason of “Healthy threshold period” and the unit is rebooted.

Page 79

6620-3201

Parameter Values Equivalent Web Parameter

bufsafe_secs number None - The time period for buffer level checking. cmdnua number X.25 remote command address

comm_str text

SNMP community string

ent_name text

SNMP enterprise name ent_nb number SNMP enterprise number from

text

Auto-conﬁ gure Email: From ftpnatport number Additional FTP NAT port

gprsled_mode 0,1

GPRS LED mode: 0=GPRS 1=ISDN/PSTN

gpson 0,1

None - Deﬁ nes ASY <port> as GPS port. The

command interpreter will ignore everything on

that port: 0=Not deﬁ ned as GPS port 1=Deﬁ ned

as GPS port

grecs

off, on GRE checksums hostname text System hostname inc_cli off, on Include CLI when dialling ipadd 0,1,2 GP Sockets use IP from interface # ipent “”, ETH, PPP GP Sockets use IP from interface noreboot_zero number None noremecho off, on remote command echo

oosretrig off, on

None - enables layer 2 and layer 3 re-triggering when all routes are out of service and a packet

comes in. postbanner ﬁ lename Post login banner ppp_detect off, on PPP detect prebanner ﬁ lename Pre login banner rip number RIP interval (s) route_dbcast off, on Route directed broadcasts route_dly number Alternative route delay (s) route_dwn number IP Route out of service time (s) routeup_dly number ’Always-on’ route return-to-service delay (s) sec_hostname text Secondary hostname sec_ip text Secondary IP address sock_connto number TCP socket connect timeout (s) sock_inact number TCP socket inactivity timer (s) sock_keepact number TCP socket keep-alive interval (s)

sreglok 0,2

None - Locks changes to the ASY <port>:0=Port

unlocked 2=Port locked

subject

text

Auto conﬁ gure Email: Subject telnet_mode number ASY <port> Telnet mode

to text

Auto conﬁ gure Email: To trap_ip

text

SNMP trap destination address

tremto

number Remote command timeout (s)

unitid

text

Unit identity usertask ﬁ lename User task ﬁ lename x25_callto number X25 call timeout (s) x25sw_callto number X25 switch call timeout (s)

Page 80

6620-3201

Local Port Access Levels

It is possible to set the access level for all ASY ports to a certain level using the local command. Any user connecting to the local port will be assigned this access level. To override this, the

logincommand can be used to log in with a username and password, and the port will then

be assigned the access level for that user. To return the access level to the conﬁ gured value, the

logout command is used.

To display current local port access level settings enter the command: local <instance> ? where <instance> is 0. To change the value of a parameter use the command in the format:

local <instance> <parameter> <value>

The parameter setting will be applied to all ASY ports. The parameters and values are:

Parameter Values Equivalent Web Parameter

access 0-5

Local port access level: 0=Super 1=High 2=Medium 3=Low 4=None

tlocto number

None - the timeout to automatically logout a user if no command entered for this time. A value of zero means the user will never be logged out.

For example, to set the access level of ASY port 0 to 3 (Low), enter:

local 0 access 3

Page 81

6620-3201

4.33 Conﬁ gure > GP TCP Sockets

This page is used to set parameters relating to general purpose TCP sockets.

Using the Web Page(s)

ASY port sockets MSS to advertise:

This parameter sets the maximum segment size used/advertised by an ASY port connected to TCP sockets.

ASY port sockets RX window to advertise:

This parameter sets the RX window size used/advertised by an ASY port connected to TCP sockets.

NB XOT listening sockets:

This parameter sets the maximum number of XOT sockets available. This enables you to reduce the number of XOT sockets in order to free up more general purpose sockets for other purposes. The default value of 0 enables the maximum number of XOT sockets available.

XOT socket maximum ACK time for TX data (s):

This parameter sets the maximum time allowance for a remote unit to acknowledge TCP data transmitted by a unit’s socket. If this timer elapses, the socket is aborted. The default value of 0 disables the timer.

Note:

There is no requirement for the remote unit to acknowledge received data immediately, therefore setting this parameter to too small a value is not recommended. Some stacks delay sending TCP ACKs in order that they can be incorporated with data sent by the application.

Do not deactivate outgoing XOT sockets when interface disconnects:

This parameter sets outgoing XOT sockets not to close when the interface they are using disconnects.

Default XOT source IP address interface:

This parameter allows XOT sockets to use a source IP address other than that of the interface on which the socket connection is created. This parameter speciﬁ es from which interface the source address should be derived and may be set to “Auto” (default), “ETH” or “PPP”.

Note:

Even when this parameter is not set to “Auto”, normally the IP address from the interface on which the socket is created will be used. The source address speciﬁ ed in this parameter will only be used if it will cause the trafﬁ c to match an Eroute and therefore be sent over IPSec or GRE.

Default XOT source IP address interface #: This parameter is used in conjunction with the Default XOT source IP address interface

parameter above to select which interface instance is used to

derive a source address.

Page 82

6620-3201

Using Text Commands

From the command line, the sockopt command can be used to conﬁ gure the TCP Sockets. To display the current settings for the TCP sockets enter the command: sockopt <instance> ? where <instance> is 0. To change the value of a parameter use the same command in the format:

sockopt 0 <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

asymss

number Asy port sockets MSS to advertise asyrxwin number ASY port sockets RX window to advertise xot_ipadd number Default XOT source IP address interface # xot_ipent “”,ETH,PPP Default XOT source IP address interface xot_listens number NB XOT listening sockets xot_maxack number XOT socket maximum ACK time for TX data (s)

xot_nodeact off, on

Do not deactivate outgoing XOT sockets when interface disconnects: Off=No On=Yes

For example, to set the XOT source IP address interface to ethernet, enter:

sockopt 0 xot_ipent eth

Page 83

6620-3201

4.34 Conﬁ gure > GPRS Module

GPRS functionality is only available on models that are ﬁ tted with a GPRS module. This module replaces one of the ASY ports (normally ASY1) and is controlled by the router using “AT” commands (in the same way as a modem).

GPRS modules provide always-on wireless data connectively over the GSM network at speeds of up to 82Kbps. This means that the unit can be used in situations where no ISDN service connection is available. In addition, GPRS can be used to send or receive SMS alert messages (as an alternative to emails for issuing remote alert messages or for automating remote conﬁ guration of deployed units).

Before attempting to connect to a GPRS service, you need to set a few parameters speciﬁ c to your GSM operator. It will be useful to have the following information to hand:

♦ Your assigned APN (Access Point Name) ♦ PIN Number for your SIM card (if any) ♦ Username and password

Note:

Some SIMs require that a username and password are used in addition to the APN. These are not always pre-deﬁ ned i.e. any “made-up” username or password will sufﬁ ce. If you suspect that this is the case for your SIM then please enter a username and password into the username and password parameters for PPP instance 1 (PPP 1 is the PPP instance that is conﬁ gured by default conﬁ gured to connect to the GPRS network).

Once your GPRS unit is correctly conﬁ gured you can check to see if it has obtained an IP address from the network by navigating to the

Status > PPP > PPP 1 page and checking the IP address

parameter. (It should contain an IP address other than 0.0.0.0 or 1.2.3.4).

Additionally you can check that the SIM is working correctly and also check the signal strength by navigating to the

Status > GPRS Module page.

Using the Web Page(s)

APN:

When using a GPRS router, you must inform the GPRS network which remote host you wish to connect to. You do this by specifying an Access Point Name (APN). Your network provider or your system administrator will provide this information if you have a private APN.

Often this will look like an Internet address such as “isp.vodafone.ie”, but can also be a simple text string such as “orangeinternet” or “internet”. Be sure to enter this correctly otherwise you will be unable to make a connection to the network.

Static IP address:

You can specify an IP address associated with the APN.

Use backup APN:

This parameter is used to turn the

Backup APN facility “On” or “Off”.

Backup APN:

This parameter may be used to specify an alternative service APN for use in the event that the unit cannot connect using the primary APN speciﬁ ed by the

APN parameter. The unit will only use this

APN if the primary APN fails and the

Use backup APN parameter is enabled.

Page 84

6620-3201

Backup IP address:

This parameter may be used to specify an IP address associated with the Backup APN for use when the unit cannot connect using the primary

Static IP address.

Retry APN time (mins): If the Use backup APN parameter is enabled, this parameter is used to

deﬁ ne how long the unit will use the backup APN before attempting to revert to the primary APN.

PIN:

Some SIM cards are locked with a Personal Identiﬁ cation Number (PIN) code to prevent misuse if they are lost or stolen. Your GSM operator should be able to tell you if your SIM has a PIN code as supplied.

If you enter a PIN code in this ﬁ eld, the unit will try to unlock the SIM before attempting to connect to the network.

Note:

The PIN code is not shown for security reasons and it is essential that you enter this correctly as three incorrect attempts will usually block the SIM card from use. In this event, you will need to remove the SIM card from the unit and insert it into a mobile phone then enter the Personal Unblocking Key (PUK), which can be obtained from the network operator.

Conﬁ rm PIN:

Enter the PIN again in this ﬁ eld to conﬁ rm it.

Initialisation string <n>: These parameters (Initialisation string 1, Initialisation string 2, etc.)

allow you to specify a number of command strings that are sent to the GPRS module each time a GPRS connection is attempted. These can be used to set non-standard GPRS operating modes. Each string is preﬁ xed with the characters “AT” before being sent to the GPRS module and they

are sent to the GPRS module in the order speciﬁ ed until an empty string is encountered. For example,

Initialisation string 3 will not be sent unless Initialisation string 1 and Initialisation string 2 are

both speciﬁ ed. Initialisation strings are not normally required for most applications as the unit will normally be pre-conﬁ gured for correct operation with most networks.

Hang-up string:

In a typical GPRS application the connection to the network is “always on” and under normal circumstances it is not necessary to hang-up the GPRS module. Under certain circumstances however, the router may use the “ATH” command to try and disconnect the GPRS module from the network, e.g. if an incorrect APN has been speciﬁ ed and the module is unable to attach to the network correctly.

This parameter allows you to specify an alternative hang-up string that is sent to the GPRS module when disconnecting a call. As with the Initialisation strings, it is not necessary to include the “AT” as this is inserted automatically by the router.

Post Hang-up string:

This parameter allows you to specify additional “AT” commands that is sent to the GPRS module after it has been disconnected. As with the Initialisation strings, it is not necessary to include the “AT” as this is inserted automatically by the router.

Intercall idle time (s):

This parameter allows is used to specify the length of time (in seconds) that the router will wait after hanging-up the GPRS module before initiating another call attempt.

Page 85

6620-3201

Link retries:

The router will normally make multiple attempts to connect to the GPRS network in the event that the signal is lost. In some cases, this can result in a “lock-up” situation where the GSM network is unable to attach the GPRS device due to the multiple attempts. The

Link retries parameter speciﬁ es the

number of attempts at connection that the unit should make before power cycling the internal GPRS module. Power cycling the GPRS module forces it to re-register and reattach to the network. The default setting of 10 is the recommended value. Setting this parameter to 0 will prevent the router from power cycling the GPRS module if it cannot obtain an IP address.

Status retries:

The router will periodically collect status information from the internal GPRS module. This information, which may be viewed on the

Status > GPRS module web page, includes details of the signal

strength and network attachment status. As a safeguard against problems communicating with the GPRS module, the

Status retries parameter may be used to specify the number of unsuccessful

attempts to retrieve status information from the GPRS module before power cycling it. The default setting of 30 is the recommended value. Setting this parameter to 0 will prevent the router from power cycling the GPRS module if it cannot read the GPRS status information.SMS message centre:

This is the number of the SMS message centre (sometimes referred to as the Service Centre Address), to be used to relay SMS messages or alarms. This number must include the international dialling code, e.g. 44 for the UK, but not the “+” preﬁ x or leading 0’s, e.g. 44802000332. SMS alarms are generated when the

SMS trigger priority is greater than 0 and an event of this priority or higher

occurs. SMS messages may be edited and sent using the

Conﬁ gure > SMS Edit page.

If no number is speciﬁ ed it is possible that the unit will operate using the default message centre for the GSM service to which you have subscribed.

SMS polling interval (mins):

This speciﬁ es the interval in minutes that the unit will wait in between checks for incoming SMS messages. Setting this interval to 0 turns off checking.

SMS command caller ID:

This parameter speciﬁ es a number that is compared with the trailing digits of the SMS sender’s phone number. If the numbers match, then the SMS text is treated as if it were a text command being entered via one of the serial ports. If the parameter is left blank, SMS messages are logged in the event log but are not treated as commands.

SMS command separator:

This parameter speciﬁ es the character to be used to separate multiple command lines when a remote SMS sender is controlling the unit. The default separator is <CR><LF> but some SMS capable devices are not equipped with <CR> and <LF> keys so an additional means of separating multiple lines is required.

SMS access level:

The access level for SMS commands. The access level set here will need to match the level required by the command sent by SMS for the command to be accepted.

SMS replies:

This parameter enables or disables replies to SMS commands.

SMS concatenation limit:

This parameter concatenates replies to SMS commands, thereby limiting the number of messages sent. A value of 1 (default) means no concatenation. Zero means no limit, which at present means the ﬁ rst 1500 bytes of a command response (i.e. 10 messages).

Enable Mux / Disable Mux: The two buttons at the bottom of the page labelled Enable Mux and Disable Mux are used to enable or disable 0710 multiplex mode for the GPRS module. When this

mode is enabled (which it is by default), several additional parameters become effective on the

Conﬁ gure > ISDN LAPB page under the heading “Async Mux 0710 Parameters”. Refer to the

description of this page for further information.

Page 86

6620-3201

Using Text Commands

From the command line, the modemcc command can be used to conﬁ gure the GPRS module. To display the current settings for the GPRS module enter the command: modemcc <instance> ? where <instance> is 0. To change the value of a parameter use the same command in the format:

modemcc 0 <parameter> <value>

The parameters and values are: For example, to set the ﬁ rst initialisation string, enter:

Parameter Values Equivalent Web Parameter

apn text

APN buapn text Backup APN buipaddr IP address Backup IP address

epin text

None - This is the PIN in encrypted

format. This parameter is not

conﬁ gurable. hang_str text Hang-up string init_str text Initialisation string 1 init_str1 text Initialisation string 2 init_str2 text Initialisation string 3 ipaddr IP address Static IP address link_retries number Link retries pin number PIN posthang_str text Post hang-up string retry_apntim number Retry APN time (mins)

sca phone number

SMS message centre (Service

Centre Address)

sms_access 0,1,2,3,4,5,6,7

SMS access level: 0=Super

1=High 2=Medium 3=Low 4=None

5=HighLow 6=HighMedium

7=CheckPar

sms_callerid <n> number SMS command caller ID sms_cmd_sep character SMS command separator

sms_concat 0,1,number

SMS concatenation limit:

0=No limit 1=No concatenation

number=limit

sms_interval number SMS polling interval (s) stat_retries number Status retries usebuapn off, on Use backup APN

modemcc 0 init_str +cgdcont=1,“ip”,“isp.vodafone.ie”,,0,0

Note:

If your initialisation strings contains spaces, then you must enclose the entire string with double quotation marks.

Page 87

6620-3201

4.34.1 Additional Conﬁ guration for GPRS

If you are intending to use your GPRS router to connect a local PC or laptop to remote services via GPRS, you will need to ensure that both the PC and the router share a common TCP/IP subnet.

To ensure that this is the case, use the unit’s DHCP server to give your PC an IP address in the correct range. To do this, navigate to

Conﬁ gure > DHCP Server > Ethernet Port n.

Fill in the six sections appropriately (

Next server address is optional), then click OK, not forgetting

to save the conﬁ guration later. In the above example, the unit has an IP address (set in

Conﬁ gure >

Ethernet > ETH0) of 192.168.0.99 and the ﬁ rst PC to connect to it will be given an address of

192.168.0.1 enabling communication on the same subnet.

If you have correctly conﬁ gured the unit, you should now be able to connect the LAN port to a PC or Laptop (using an Ethernet hub or a crossover cable), for the purpose of accessing host services such as Internet pages or email.

Page 88

6620-3201

4.35 Conﬁ gure > GPRS Module > Cell Monitor

The Cell Monitor retrieves information about the GSM network and displays the following:

♦ The parameters of the GSM cell currently being used to provide the communications link (typically GPRS), known as the serving cell

♦ The parameters of neighbouring GSM cells ♦ GPRS speciﬁ c parameters

Using the Web Page(s)

Monitor settings

This section contains parameters that determine what information is collected by the Cell Monitor, and how often.

Neighbour cells

If this parameter is selected, the Cell Monitor will retrieve information about the neighbouring cells.

Serving cell

If this parameter is selected, the Cell Monitor will retrieve information about the GSM cell currently being used to provide the communications link.

GPRS information

If this parameter is selected, the Cell Monitor will retrieve GPRS speciﬁ c cell information.

Monitoring interval (s):

When this parameter is set to a non zero value, this speciﬁ es the interval (in seconds) between information retrieval. A value of zero disables monitoring.

Email settings

The Cell Monitor may be conﬁ gured to send an email at speciﬁ ed intervals. The parameters are as follows:

Email interval (mins):

This parameter speciﬁ es the interval (in minutes) between email transmissions.

Attach Event Log

If this parameter is selected, the unit’s event log will be sent with the email as an attachment.

Email To:

This parameter speciﬁ es a destination email address. Multiple email addresses may be speciﬁ ed by separating each address with a comma.

Email From:

This parameter speciﬁ es the identify of the sender of the email.

Email Subject:

This parameter speciﬁ es a subject to describe the contents of the email.

Email Template:

This parameter speciﬁ es the name of a ﬁ le on the unit to be used as a template for the email.

Page 89

6620-3201

IP connection settings

The Cell Monitor may be conﬁ gured to transmit the data it retrieves to a speciﬁ ed TCP/IP address/ port. The parameters are as follows:

IP address:

This parameter speciﬁ es an IP address to which the unit will attempt to establish a TCP/IP connection. The

TCP/IP port must be speciﬁ ed. Any retrieved data is then transmitted over this connection.

TCP/IP port:

This parameter speciﬁ es the destination TCP/IP port number to be used for the connection. The recently retrieved Cell Monitor information may be viewed on the following web pages:

Status > GPRS Module > Neighbour Cells Status

> GPRS Module > Serving Cell

Status

> GPRS Module > GPRS Cell Info

Using Text Commands

From the command line, the cellmon command can be used to conﬁ gure the Cell Monitor. To display the current settings for the Cell Monitor enter the command:

cellmon 0 ?

To change the value of a parameter use the same command in the format:

cellmon 0 <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

att_elog off, on Attach event log emailfrom text Email From emailint number Email interval (mins) emailto text Email To etemplate ﬁ lename Email Template ipaddr IP address IP address ipport number TCP/IP port mon_int number Monitoring interval (s)

mong_on

off, on GPRS information

moni_on off, on Serving cells

monp_on

off, on Neighbour cells

subject text Email subject

For example, to disable monitoring of neighbour cells, enter:

cellmon 0 monp_on off

Page 90

6620-3201

4.36 Conﬁ gure > GPS Receiver

The unit can contain an optional internal GPS receiver, or can be connected to an external GPS receiver. Both will be connected to an internal ASY port.

Using the Web Page(s)

The web page is split into several sections.

Local Monitoring If Local Monitoring is “On”, messages from the GPS receiver may be viewed

on the

Status > GPS Receiver web page. The frequency and type of messages sent by the GPS

receiver may be altered according to the settings under

GPS receiver messages.

GPS receiver messages

Each parameter in this section has two components, an Enabled check box, and an interval (s).

Fix data (GGA):

When this parameter is enabled, data describing the type of ﬁ x (2D, 3D or no ﬁ x) will be sent at the speciﬁ ed interval.

Position (GLL):

When this parameter is enabled, current position data will be sent at the speciﬁ ed interval.

Active satellites (GSA):

When this parameter is enabled, the current number of satellites being used to generate position data will be sent at the speciﬁ ed interval.

Satellites in view (GSV):

When this parameter is enabled, the current number of satellites the unit can see will be sent at the speciﬁ ed interval.

Position and time (RMC):

When this parameter is enabled, current position and time data will be sent at the speciﬁ ed interval.

Course over ground (VTG):

When this parameter is enabled, current course data will be sent at the speciﬁ ed interval. Course data is generated by using the current and previous

Position and time (RMC) data.

UTC and local date/time data (ZDA):

When this parameter is enabled, the current local time and date will be sent at the speciﬁ ed interval.

Page 91

6620-3201

IP Connections

The IP connections section contains the parameters for setting the destination for the GPS data. Up to two destinations can be conﬁ gured.

IP address 1:

The IP address the GPS data is sent to.

IP port 1:

The TCP or UDP port number the GPS data is sent to.

Interval Count 1:

The interval at which the GPS data is transmitted. controls the frequency at which the GPS data is transmitted. A value of 1 will cause collected GPS data to be transmitted each time a

UTC and local

date/time data (ZDA)

message is received from the GPS receiver. A value of 2 will cause data to be

sent every 2nd message, etc. For this feature to work over TCP/IP,

UTC and local date/ time data

(ZDA)

message must be enabled on the receiver.

TCP/UDP mode 1:

This parameter speciﬁ es whether GPS data is sent over a TCP/IP connection, or as UDP packets.

IP address 2:

The IP address the GPS data is sent to.

IP port 2:

The TCP or UDP port number the GPS data is sent to.

Interval Count 2:

The interval at which the GPS data is transmitted. controls the frequency at which the GPS data is transmitted. A value of 1 will cause collected GPS data to be transmitted each time a

UTC and local

date/time data (ZDA)

message is received from the GPS receiver. A value of 2 will cause data to be

sent every 2nd message, etc. For this feature to work over TCP/IP,

UTC and local date/ time data

(ZDA)

message must be enabled on the receiver.

TCP/UDP mode 2:

This parameter speciﬁ es whether GPS data is sent over a TCP/IP connection, or as UDP packets.

Page 92

6620-3201

Using Text Commands

From the command line, use the gps command to conﬁ gure or display GPS receiver parameters. To display the current parameters and their values, enter:

gps <instance> ?

where <instance> is 0. To change the value of a parameter enter:

gps 0 <parameter> <value>

The parameters and values are: For example, to enable GPS monitoring you would enter:

Parameter Values Equivalent Web Parameter

asy_add number

None - the current ASY port the

GPS receiver is connected to. This

parameter is not conﬁ gurable.

gpson

off, on Local monitoring enabled

gga_on

off, on Fix data (GGA) enabled

gll_on off, on Position (GLL) enabled

gsa_on

off, on Active satellites (GSA) enabled

gsv_on

off, on Satellites in view (GSV) enabled

rmc_on

off, on Position and time (RMC) enabled

vtg_on

off, on Course over ground (VTG) enabled

zda_on off, on

UTC and local date/time data (ZDA)

enabled gga_int number Fix data (GGA) interval (s) gll_int number Position (GLL) interval (s) gsa_int number Active satellites (GSA) interval (s) gsv_int number Satellites in view (GSV) interval (s) rmc_int number Position and time (RMC) interval (s)

vtg_int number

Course over ground (VTG) interval

(s)

zda_int number

UTC and local date/time data (ZDA)

interval (s)

Parameter Values Equivalent Web Parameter

ipaddr1 IP address IP address 1 ipport1 number IP port 1 nsecs1 number Interval Count 1

udpmode1 0,1

TCP/UDP mode: 0=TCP 1=UDP

ipaddr2 IP address IP address 2 ipport2 number IP port 2 nsecs2 number Interval Count 2

udpmode 0,1

TCP/UDP mode: 0=TCP 1=UDP

gps 0 gpson on

Page 93

6620-3201

Additional GPS Text Commands

Two additional text commands are available for controlling the way in which messages from the GPS receiver are treated. These are as follows:

cmd <instance> gpson {on|off}

When set to on, this indicates that an instance of the command line interpreter is connected to the GPS receiver. The instance number should be the ASY port number to which the GPS receiver is connected. This parameter has two purposes. Firstly, it tells a particular command interpreter instance that it is connected to a GPS receiver, so that commands received by this instance are ignored rather that treated as invalid commands. Secondly, it is used by the

at\gps command (see below) to

determine where the GPS messages originate.

at\gps

This causes messages from the GPS receiver to be sent directly to the ASY port from which the command is entered. This requires that the

gpson parameter (described above) has been set to on

for one of the

cmd instances. As soon as the at\gps command has been issued, data from the

GPS receiver will be sent to the ASY port. In order to stop the GPS data, the +++ escape sequence must be entered, followed by a pause, followed by “at”.

Page 94

6620-3201

4.37 Conﬁ gure > IP Routes > RIP > RIP update options

Using the Web Page(s)

RIP update timeout:

This is the length of time in seconds an updated metric will apply for when a RIP update is received. If no updates are received within this time the usual metric will take over.

RIP update linger timeout:

When a RIP update timeout occurs and the route metric is 16, the unit will continue to advertise this route in RIP updates for this period of time (in seconds). This is in order to help propagate the dead route to other routers. The unit will no longer use a metric advertised by a RIP update if the route has been set out of service locally.

Using Text Commands

From the command line, the rip command can be used to conﬁ gure the RIP update options. To display the current settings for the RIP update options enter the command: rip <instance> ? where <instance> is 0. To change the value of a parameter use the same command in the format:

rip 0 <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

riplingerto number RIP update linger timeout ripto number RIP update timeout

For example, to conﬁ gure the linger timeout as 120 seconds, enter:

rip 0 riplingerto 120

Page 95

6620-3201

4.38 Conﬁ gure > IP Routes > RIP > RIP access list

The unit has the ability to modify route metrics based upon received RIP responses. Static routes and default routes will have their metric modiﬁ ed if the route ﬁ ts within one of the routes found within the RIP packet. For ethernet routes, the gateway for the route will be set to the source address of the RIP packet. The route modiﬁ cations will be enforced for 180 seconds unless another RIP response is received within that time.

RIP packets must have a source address that is included in the RIP access list.

Using the Web Page(s)

IP address

This is a list of IP addresses that RIP packets must come from if they are to modify route metrics.

Using Text Commands

From the command line, the riprx command can be used to conﬁ gure the RIP access list. To display the current settings for the RIP access list enter the command: riprx <instance> ? where <instance> is 0. To change the value of a parameter use the same command in the format:

riprx 0 <parameter> <value>

The parameters and values are:

For example, to add IP address 192.56.27.45 to the RIP access list, enter:

riprx 0 ipaddr 192.56.27.45

Page 96

6620-3201

4.39 Conﬁ gure > IP Routes > RIP > Authentication keys > Key n

The RIP authentication keys are used with the “Plain password” and “MD5” RIP authentication methods used by the

RIP authentication method parameter on the Conﬁ gure > Ethernet > ETH n

and Conﬁ gure > PPP > PPP n > Standard pages.

Using the Web Page(s)

Key (Empty):

This is the RIP authentication key. Enter a string value up to 16 characters long. A current key will not be shown.

Conﬁ rm key:

Re-enter the RIP authentication key here that you entered above, in order to conﬁ rm the key is correct.

Key ID (0-255):

This is the ID for the key. The ID is inserted into the RIP packet when using RIP v2 MD5 authentication, and is used to look up the correct key for received packets. Valid range is 0 - 255.

Key start day:

This parameter deﬁ nes the day of the month the key is valid from. “Disable” means that this key should not be used. “Now” indicates that the key will be valid up to the end date (deﬁ ned by the

Key end day, Key end

month and Key end year parameters). A value of 1 - 31 is the day of the month the key is valid from,

but this value must not exceed the number of days in the

Key start month. Key start month:

This parameter deﬁ nes the month of the year the key is valid from. “None” means that this key should not be used. Otherwise, select the month of the year from the drop-down list.

Key start year:

This parameter deﬁ nes the year the key is valid from. A year can be entered as either 2 (e.g. 06) or 4 (e.g. 2006) digits.

Key end day:

This parameter deﬁ nes the day of the month the key expires. “Disable” means that this key should not be used. “Never” indicates that the key never expires (a valid start date deﬁ ned by the

Key start day, Key

start month and Key start year parameters must be entered). A value of 1 - 31 is the day of the

month the key expires, but this value must not exceed the number of days in the

Key end month.

Key end month:

This parameter deﬁ nes the month of the year the key expires. “None” means that this key should not be used. Otherwise, select the month of the year from the drop-down list.

Key end year:

This parameter deﬁ nes the year the key expires. A year can be entered as either 2 (e.g. 06) or 4 (e.g. 2006) digits.

Page 97

6620-3201

Link with interface:

This parameter, in conjunction with the Link with interface # parameter, deﬁ nes which interface or interfaces this key is associated with. “Any” means this key can be used by any interface, “PPP” means the key can only be used by the PPP interface instance number deﬁ ned in Link with

interface #

, and “Ethernet” means the key can only be used by the Ethernet interface instance

number deﬁ ned in Link with interface #.

Link with interface #:

See above.

Using Text Commands

From the command line, use the ripauth command to conﬁ gure or display the RIP authentication key settings.

To display the current settings for a RIP authentication key enter the following command: ripauth <instance> ? where <instance> is the instance of the RIP authentication key. To change the value of a parameter use the following command:

ripauth <instance> <parameter> <value>

The parameters and values are:

Parameter Values Equivalent Web Parameter

eday never, 0-31

Key end day: 0=Disable 1-31=day of month

ekey Alphanumeric

None - this is the current key in encrypted format. This parameter is not conﬁ gurable.

emon 0-12

Key end month: 0=None 112=month

eyear

Number Key end year key Alphanumeric Key (empty) keyid 0-255 Key ID (0-255) ll_add Number Link with interface # ll_ent ““, PPP, ETH Link with interface

sday now,0-31

Key start day: 0=Disable 1-31=day of month

smon 0-12

Key start month: 0=None 112=month

syear

Number Key start year

Page 98

6620-3201

4.40 Conﬁ gure > IP Routes > Route n

The Conﬁ gure > IP Routes > Route n pages allow you to set up static IP routes for particular IP subnets, networks or addresses. There is a separate page for each available static route which, when populated with the appropriate information, deﬁ nes the static routing table used by the unit.

Using the Web Page(s)

IP address / Mask:

These parameters are used in conjunction with each other to specify the destination subnet, network or IP address for packets that will match this route, i.e. if the unit receives a packet with a destination IP address that matches the speciﬁ ed

IP address / Mask combination, it will route that packet through

the interface speciﬁ ed by the

Interface and Interface # parameters.

Gateway: This parameter may be used to override the default Gateway IP address conﬁ gured for

the Ethernet interfaces. Packets matching the route will use the gateway address value conﬁ gured in the route rather than the address conﬁ gured on the Ethernet page. Note that this parameter does NOT apply to routes using PPP interfaces.

Source address / Source mask: If necessary you may use the Source address and Source mask

parameters to further qualify the way in which the unit will route packets. If these parameters are speciﬁ ed, the source address of the packet being routed must match these parameters before the packet will be routed through the speciﬁ ed interface.

Interface / Interface #: Are used to specify the interface and number through which to route packets

which match the

IP address / Mask or IP address / Mask plus Source address / Source Mask

combination. Either “None”, “PPP” or “Ethernet” may be selected.

Interface sub-conﬁ g:

This parameter determines which PPP Sub-Conﬁ g to use with the PPP instance selected. Sub- Conﬁ gs are deﬁ ned in the

PPP > Sub-Conﬁ gs > Sub-Conﬁ g n web pages. This allows you to

override the credentials deﬁ ned for that PPP instance with ones set in the sub-conﬁ g page. The default setting of “0” disables Sub-Conﬁ g.

Connected metric / Disconnected metric

A “metric” is a value between 1 and 16 that is used to select which route will be used when the subnet for a packet matches more than one of the IP route entries. Each route can be assigned a “connected metric” and a “disconnected metric”. The

Connected metric parameter is used to specify the metric for a route whose interface is up.

The

Disconnected metric

parameter is used to specify the metric for a route whose interface is down. Normally both values should be the same but in some advanced routing scenarios it may be necessary to use different values.

If a particular route fails it will automatically have its metric set to 16, which means that it is temporarily deemed as being “out of service”. The default out of service period is set by the IP route out of service time parameter on the

Conﬁ gure > General web page. Note however, that

this default period may be overridden in certain situations such as when a ﬁ rewall stateful inspection rule speciﬁ es a different period. When a route is out of service, any alternative routes (with matching subnets), will be used ﬁ rst.

Redial delay (s):

The delay in seconds to wait before re-initiating a connection after it has been dropped whilst still required.

Page 99

6620-3201

Enqueue only one packet during interface connection period:

This parameter deﬁ nes how many packets will be enqueued by the route during the time when waiting for an interface to connect. When turned “ON”, only one packet will be enqueued, when “Off”, two packets will be enqueued.

Initial Power-up delay (s):

This is the delay in seconds after the unit is powered up before packets matching this route will initiate a connection of the interface conﬁ gured in the route. It is typically used on GPRS units that have ISDN backup to prevent unnecessary ISDN connections from being made whilst a GPRS connection is ﬁ rst being established.

Deactivate interface / Deactivate interface #:

The interface speciﬁ ed by these two parameters will be deactivated when this route become available again after being out of service. This is typically used to deactivate backup interfaces when a primary interface becomes available again after being out of service.

Remove OOS on this interface when route deactivates / Remove OOS on this interface #

When the interface that this route is conﬁ gured to use is deactivated, the unit will clear the out of service status of any other routes using the interface speciﬁ ed by these parameters.

Interface activation failure retry interval (s):

If an interface is requested to connect by this route (due to IP trafﬁ c being present), and it fails to connect, the route will be marked as out of service but the unit will continue to attempt to connect to the interface at the speciﬁ ed interval. If the interface does connect the unit will clear the out of service status for the route.

Deactivate interface after successful activation retry:

When set to “On”, this parameter is used (in conjunction with the above parameter), to deactivate an interface when once a successful activation attempt has been made.

Recovery group #:

This parameter may be used to assign the route to a “recovery group”. This means that if all of the routes in a particular recovery group go out of service, the out of service status is cleared for all routes in that group. If one route in a group comes back into service, all routes with a lower priority (metric) also have their out of service status cleared.

Consecutive activation failures before applying route down time:

Normally, if an interface is requested to connect by a route and fails to connect, the route metric is set to 16 for the period of time speciﬁ ed by the

IP route out of service time parameter on the Conﬁ gure

> General page. Setting this parameter to a non-zero value prevents the route metric being set to 16

until the speciﬁ ed number of connection failures has been reached.

Use 2nd inactivity timeout when this route becomes available / Change the inactivity timeout for this PPP #:

These parameters are used to select Inactivity

timeout #2

on the speciﬁ ed PPP interface when this route comes back into service. This is useful when it is preferable to close down a backup route quickly when a primary route comes back into service.

Current Routing Table

At the bottom of the page is a table showing the current dynamic and default IP routes. For each route it’s IP address, Mask, route Metric, Interface and Gateway are shown.

Page 100

100

6620-3201

Using Text Commands

From the command line, use the route command to conﬁ gure a static IP route. To display the current settings for a particular IP route, enter the following command:

route <instance> ?

where <instance> is the number of the IP route. To set up parameters for a static IP route, enter the command in the format: route

The parameter options and values are:

Parameter Values Equivalent Web Parameter

actooslim number

Consecutive activation failures before applying route down time

chkoos_deact on, off

Deactivate interface after successful activation retry

chkoos_int number

Interface activation failure retry interval (s)

deact_add number Deactivate interface #

deact_ent 0,1

Deactivate interface: 0=None 1=PPP

dial_int 0-255 Redial delay (s)

doinact2 off, on

Use 2nd inactivity timeout when this route becomes available

gateway IP address Gateway

inact2add number

Change the inactivity timeout for

this PPP # IPaddr IP address IP address ll_add number Interface # ll_cfg number Interface sub-conﬁ g ll_ent “”, PPP, or ETH Interface mask IP netmask Mask metric 1-16 Disconnected metric pwr_dly number Initial powerup delay

q1 off, on

Enqueue only one packet during

interface connection period

rgroup

number Recovery group # srcip IP address Source address srcmask IP netmask Source mask unoos_add number Remove OOS on this interface #

unoos_ent PPP, ETH

Remove OOS on this interface when route deactivates

upmetric 1-16 Connected metric

Westermo DR-200, MR-200 Reference Manual

Specifications and Main Features

Frequently Asked Questions

User Manual