manualshive.com logo in svg

3Com OfficeConnect 3C100XF, Cli User'S Manual

The 3Com OfficeConnect 3C100XF is a high-performance networking device designed for small businesses. Enhance your network with this versatile product featuring advanced features and secure connectivity. Find the comprehensive Cli User's Manual for this product, available for free download at manualshive.com. Elevate your network knowledge with this detailed manual.

Share
Download
background image

27-8

C

HAPTER

 27: P

ACKET

 F

ILTERS

or rejects the packet. Interface filters can be applied dynamically without having to 
disable and re-enable each network on that interface.

Input Filter

If an input filter is configured on an interface, all received packets are checked 
against the filtering rules before being forwarded to another interface.

Output Filters

If an output filter is configured on an interface, all outbound packets are checked 
against the filtering rules before exiting the interface.

Input Filters vs. Output Filters

When possible, use the 

input

 filter to filter an 

incoming packet 

rather than waiting 

to catch a packet as it attempts to exit. This is recommended because:

A packet is prevented from entering, keeping potential intruders from 
attacking the OfficeConnect Gateway.

The routing engine does not waste time processing a packet that is going to be 
discarded anyway.

Most importantly, the OfficeConnect Gateway does not know which interface 
an outgoing packet came in through. If a potential intruder forges a packet 
with a false source address (in order to appear as a trusted host or network) 
there is no way for an output filter to tell if that packet came in through the 
wrong interface. An input filter, on the other hand, can filter out packets 
purporting to be from networks that are actually connected to a different 
interface.

User Filters

You can configure user filters for a specific user that control access to the network 
for that user. This filter is only applied for the duration of the user’s network 
connection. As with interface filters, a user filter can be configured as an input or 
output.

Assigning Filters

You can assign filters to interfaces and / or users using CLI commands. The 
following section describes:

Assigning a filter to an interface

Assigning a filter to a user profile

Setting filter access

Assigning a Filter on an Interface

set interface

<interface_name>input_

filter <filter_name>

output_filter

<filter_name>

Filter_access on

Use this command string to configure an input or output filter on an interface.

For example:

set interface slot:4/port:8 input_filter filter.flt filter_access on

Filter files take effect on an interface immediately on enabled networks when you 
issue the 

set interface

 command.

Summary of Contents for OfficeConnect 3C100XF

Page 1: ...http www 3com com OfficeConnect Gateway CLI User s Guide Release 1 0 Part No 10042302 Rev AA ...

Page 2: ...tation and the software described herein are provided to you subject to the following United States Government Legend All technical data and computer software is commercial in nature and developed solely at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as a commercial item as defined in FAR 2 101 a and as such is provided with o...

Page 3: ...mands 1 4 History Commands 1 5 Save All Command 1 5 Save Configuration Command 1 5 Page Break Commands 1 6 Command Line Commands 1 6 Show Command 1 7 Kill Command 1 7 Command Language Structure 1 8 Command Features 1 8 Command Line Edit 1 8 Command Retrieval 1 9 Positional Help 1 9 Command Completion 1 9 Output Pause 1 9 Reboot Command 1 9 Command Line Interface Conventions 1 9 Chapter 2 LIST OF O...

Page 4: ...ds 2 3 LOGOUT Command 2 4 PING Command 2 4 QUIT Command 2 4 REBOOT Command 2 4 RECONFIGURE Command 2 4 RENAME Command 2 4 RESET Commands 2 4 RESOLVE Command 2 4 RLOGIN Command 2 4 SAVE Command 2 4 SET Commands 2 4 SHOW Commands 2 5 TELNET Command 2 5 TFTP Command 2 5 TRACEROUTE Command 2 5 VERIFY Command 2 6 Chapter 3 ADMINISTRATIVE CLI COMMANDS Overview 3 1 Date and Time 3 1 Set Commands 3 2 Show...

Page 5: ...11 Restore Factory Default Settings 3 11 Reset Command 3 12 reset 3 12 Set Command 3 12 Show Command 3 13 Reboot Command 3 13 Chapter 4 CONFIGURING AND MANAGING USERS Overview 4 1 Add Commands 4 1 Delete Commands 4 2 Enable Command 4 2 Disable Command 4 2 Disconnect Command 4 3 Set Commands 4 3 List Command 4 4 Show Commands 4 5 Chapter 5 TELNET COMMANDS Overview 5 1 Command Descriptions 5 2 Other...

Page 6: ...ocols 6 5 Forward Unicast Packets Only 6 5 Forward Broadcast Unicast Packets 6 5 Chapter 7 VOICE AND VODSL COMMANDS Overview 7 1 Voice Interface Commands 7 1 Set Command 7 1 Voice over DSL VoDSL 7 3 Set Commands 7 3 Chapter 8 INTERFACE COMMANDS Overview 8 1 CLI Commands 8 1 Enable Command 8 1 Disable Command 8 1 List Commands 8 2 Show Commands 8 2 Set Command 8 3 Chapter 9 ARP COMMANDS Overview 9 ...

Page 7: ...ommands 12 3 Delete Commands 12 7 Enable Commands 12 8 Disable Commands 12 9 List Commands 12 10 Set Commands 12 17 Show Command 12 22 show configuration show configuration settings 12 30 show packet_logging 12 33 Reconfigure Commands 12 34 Chapter 13 DNS COMMANDS Overview 13 1 Add Commands 13 2 Delete Commands 13 3 Disable Commands 13 3 Enable Commands 13 3 Host Command 13 4 List Commands 13 4 Se...

Page 8: ...OL SETTINGS Overview 16 1 PPP Configurations 16 1 Configuring PPPoE 16 1 Configuring PPPoA 16 2 RFC 1483 16 3 RFC 1483 MER 16 4 Address Translation 16 4 Configuring Port Address Translation 16 4 Deleting a PAT Policy 16 6 Modifying the Interface Option 16 6 Enabling Disabling Intelligent PAT 16 6 Setting the Default Workstation for Intelligent PAT 16 6 Configuring Network Address Translation 16 6 ...

Page 9: ...d a User 18 1 Set the Remote IP address 18 1 Add the Datalink 18 1 PPPoE Commands 18 2 Add Command 18 2 Delete Command 18 2 Enable Command 18 2 Disable Command 18 2 Set Command 18 3 List Commands 18 3 Show Command 18 4 Chapter 19 TUNNELING COMMANDS Overview 19 1 CLI Commands 19 2 Add Command 19 2 Delete Command 19 2 Enable Command 19 2 Disable Command 19 2 Disconnect Commands 19 3 List Commands 19...

Page 10: ...mands 21 2 Setting the Default Workstation for Intelligent PAT 21 2 Network Address Translation NAT 21 2 Using NetMeeting 21 2 Configuring Network Address Translation NAT 21 3 NAT CLI Commands 21 4 Intelligent NAT 21 4 Super NAT 21 5 NAT Default Workstation 21 5 Monitoring NAT 21 5 Chapter 22 IPSEC COMMANDS Overview 22 1 CLI Commands 22 2 Enable Command 22 2 Disable Command 22 3 Show Commands 22 3...

Page 11: ...ands 25 6 Set Commands 25 8 Show Commands 25 10 Chapter 26 IP FILTERS COMMANDS Overview 26 1 IP Filter Components 26 1 CLI Commands 26 1 Add Commands 26 2 Delete Commands 26 3 List Command 26 3 Set Command 26 3 Show Command 26 4 Chapter 27 PACKET FILTERS Introduction 27 1 Filtering Overview 27 1 Filtering Capabilities 27 1 Filter Types 27 1 Data Filters 27 2 Advertisement Filters 27 2 Generic Filt...

Page 12: ...or Filtered Packets 27 11 Filter Examples 27 11 Source and Destination Address Filtering 27 11 Masks 27 12 TCP and UDP Parameter Filtering 27 12 Standard Port Numbers 27 13 IP RIP Packet Filtering 27 14 ICMP Packet Filtering 27 14 Keywords 27 16 IP and IP CALL Sections 27 16 IP RIP Section 27 16 LOGIN ACCESS Section 27 16 Chapter 28 TFTP COMMANDS Overview 28 1 TFTP Command 28 1 List Commands 28 2 ...

Page 13: ...xiii List Commands 29 3 Show Commands 29 4 Set Command 29 5 Chapter 30 PING COMMANDS Overview 30 1 Ping Command 30 1 ...

Page 14: ...xiv ...

Page 15: ...by experienced users In some situations Service Providers may allow advanced users with Administrator privilege access to the CLI But for most situations end users can administer manage and configure the OfficeConnect Gateway directly from their web browser For more information on how to use the OfficeConnect Gateway from a web browser refer to the OfficeConnect Gateway User s Guide Conventions Th...

Page 16: ...her exactly as shown or with associated parameters and then press Return or Enter Commands appear in bold Examples To edit a user enter the following command set user user_name password password To display all IP addresses enter the following command list ip addresses The words ENTER and type When you see the uppercase word ENTER in this guide press the Return or Enter key Do not press Return or E...

Page 17: ...e the OfficeConnect Gateway the functional operation of the OfficeConnect Gateway and how to administer and manage the unit from your web browser OfficeConnect Gateway Release Notes Contains information about the OfficeConnect Gateway software release including new features and any known issues that you need to be aware of OfficeConnect Gateway Quick Start Guide This guide describes the installati...

Page 18: ...iv ABOUT THIS GUIDE ...

Page 19: ...ection with the unit via the LAN or WAN interface port of the OfficeConnect Gateway Two methods can be used to initiate a Console Telnet session Use your web browser to initiate a Console Telnet session from the OfficeConnect Gateway web page Use your Telnet client software of choice to initiate a Console Telnet session The default IP address of the OfficeConnect is 192 168 1 1 In some situations ...

Page 20: ...the following illustration 3 Click Connect to access the Telnet window 4 Login to the Telnet Session by entering your User Name and Password When you have entered this information you can access the OfficeConnect Gateway Command Line prompt OCG Adsl Using your Telnet Client Software Using your Telnet client software of choice establish a Console Telnet session with the OfficeConnect Gateway using ...

Page 21: ...le to enter CLI commands Exiting a CLI Session To exit a CLI Console session use one of following commands Bye Exit Leave Quit Logout bye exit leave quit These commands leave the CLI but keep the connection open These commands return you to the Telnet commands logout This command leaves the CLI and closes this connection It ends the Telnet session Example OCG Adsl logout ...

Page 22: ...d History Command Save All Command Save Configuration Command Page Break Terminal Settings Commands Command Line Configuration Commands Show Command Settings KILL Command Help Commands The help command provides information about possible commands and their formats Typing help alone lists the possible commands Typing help command name lists the possible parameters for that command help command Typi...

Page 23: ...ortant to remember that most commands may be accepted when entered but not necessarily saved across reboots until you use the Save All command save all When a Save All is in progress the following message is displayed When the save is finished the following message is displayed Save Configuration Command The save configuration command saves individual configuration files CFG to a bulk configuratio...

Page 24: ...ould otherwise overflow the boundaries of the display screen To set the number of rows displayed globally and locally see the set command Command Line Commands The set command lets you configure the following command line parameters set command The set command has the following parameters global_terminal_settings_rows number history number idle_timeout interval local_prompt string local_terminal_s...

Page 25: ...ly active KILL process name You can only kill a process that you started An example would be a ping that you started that you now wish to kill You must type upper case letters and type the full process name when issuing the kill command Parameters Description local_prompt Sets a separate temporary prompt for a command file session The limit is 64 ASCII characters local_ terminal_ settings_rows Con...

Page 26: ... of scalars non table items For example show ip settings displays system wide IP information SHOW ALL commands display information The show all commands display all parameters for all entries in tables associated with particular commands The order of items in a table is usually not relevant nor is it inherent in the type of entity Sometimes the order is relevant though and you must specify a prefe...

Page 27: ...played completed and you can continue entering the command For example if you type add ip n and press TAB command completion spells out the keyword network without losing your place in the command syntax If the keyword is not unique you will get an error message Output Pause When output to your screen pauses because more than 24 lines are waiting for display you can press ENTER to display one more...

Page 28: ...or special characters to a string by wrapping it in double quotes Command syntax and CLI rules This following CLI command syntax conventions are used in this document Keywords are in bold text For example ping Values following keywords are in brackets For example interval Inside the brackets if you see a vertical bar you may select only one from the key list first second third comma you can select...

Page 29: ...Command Line Interface Conventions 1 11 yes no A series of commas between a set of choices indicates multiple options e g vpi vci dlci ...

Page 30: ...1 12 CHAPTER 1 USING THE COMMAND LINE INTERFACE CLI ...

Page 31: ...nd to create table entries for the following parameters ARP Command Use the ARP Address Resolution Protocol command enter the Host Name or an IP station address after the command BYE Command Use the BYE command to leave the CLI ADD ARP BYE CLEAR COPY DELETE DISABLE DISCONNECT DO EDIT ENABLE EXIT HELP HIDE HISTORY HOST INVARP JOIN KILL LEAVE LIST LOGOUT PING QUIT REBOOT RECONFIGURE RENAME RESET RES...

Page 32: ...contains a series of CLI commands EDIT Command Use the EDIT command to access the CLI editor to edit FLASH files ENABLE Commands Use the ENABLE command to enable the following parameters ADDRESS_POOL ATMAAL5 BOARD BRIDGE CONFIGURATION DATALINK DNS FILE FILTER FRAMED_ROUTE FTP IP L2TP NAT NETWROK PING POLICY PPPOE PPTP PROFILE REG_DUMP SA SNMP SYSLOG TELNET TFTP TRACEROUTE TUNNEL USER ADSL ATMAAL5 ...

Page 33: ...mmand to add a member to a group KILL Command Use the KILL command to quit an active process You can only kill a process that you started For example a ping that you started LEAVE Command Use the EXIT command to quit the Console Telnet CLI session LIST Commands Use the LIST commands to display a list of table entries The LIST command can be used to display the table entries for the following param...

Page 34: ...es within the FLASH file system RESET Commands Use the RESET command to reset the following parameters RESOLVE Command Use the RESOLVE NAME command to return an IP address for a specified host name to DNS for resolution RLOGIN Command Use the RLOGIN command to establish a remote login Console Telnet CLI session SAVE Command Use the SAVE ALL and SAVE CONFIGURATION commands to save your CLI changes ...

Page 35: ... path a packet takes to a destination NTP PACKET_LOGGING PING POLICY PPP PPPOE PPTP PROFILE RESET_ACTION SECURITY_SERVICE SNMP SYSLOG SYS_LOG FORMAT SYSTEM TCP TELNET TELNET_LISTEN_P ORT TFTP TFTP_LISTEN_PORT TIME TIMEZONE TRACEROUTE TUNNEL USER VODSL VOICE ADSL ALL ATM ATMAAL5 AUTO_DOWNLO AD BOARD BOOTA_MGR BOOTB_MGR BRIDGE BULK_FILE CLEARTCP COMMAND CONFIGURATION CONNECTION CRITCICAL_EVENT DATE ...

Page 36: ...2 6 CHAPTER 2 LIST OF OFFICECONNECT GATEWAY CLI COMMANDS VERIFY Command Use the Verify filter command to check the filter file syntax ...

Page 37: ...mand Reboot Command Date and Time The OfficeConnect Gateway uses the Network Time Protocol NTP to accurately establish date and time for the unit You can use the show time command to confirm that date and time have been established Date and time values are automatically set when the OfficeConnect Gateway is powered up Optionally the following CLI commands can be used to manually set these values T...

Page 38: ...the pre defined time zone names To see a list of the pre defined time zones use the list time zones command All of the standard BSD Unix time zones are supported in the OfficeConnect Gateway The local clock will adjust its time offset depending on the timezone settings The show ntp settings command displays the current active time zone along with other information Show Command show time The show t...

Page 39: ...ng Unicast mode only The set ntp command has the following parameters polling_interval 64 1024 primary_server IP_name or address retransmissions 0 200 secondary_server IP_name or address timeout 1 60 These parameters are described in the following table See the show ntp settings command to display the ntp configuration Command Type Command Name Enable enable ntp Disable disable ntp Set set ntp Sho...

Page 40: ...e displayed using the show system command The system information parameters are described in the following table Parameters Description timeout Number of seconds since a request has been sent to a server after which period the request is considered timed out The range is 1 second 1 minute The default is 10 seconds Primary Server is titanic Secondary Server is queenmary Status ENABLED Polling Inter...

Page 41: ... variety of system information including system network protocol interface forwarding routing DNS host and datalink parameters Parameters Description transmit_authentication_name Remote account name Note In LAN to LAN and PPTP connections this name must match the user name at the far end of the connection Product Code GQ Card Type ADSL Data Only LAN Port MAC 00209c1f25fa Expansion Port Number ffff...

Page 42: ...ations System Transmit Authentication Name system wide keyword for PPP on the WAN modified using set system command System Version loaded release version of the system software ipnet ETHERNET_II eth 1 166 165 166 14 5 1 IP loopback LOOPBACK loopback 127 0 0 1 A Networks PPP Receive Authentication ANY Datalinks 8 Opened DNS Domain hiyall usr com 1 154 222 145 234 camus 157 123 122 177 scylla 157 12...

Page 43: ...y 1 Hour Before amount of memory not in use one hour ago Free Memory 12 Hour Before amount of memory not in use 12 hours ago Free Memory 24 Hour Before amount of memory not in use 24 hours ago Total Buffer Cache The total number of cache buffer entries reserved in the system The unit is number of entries Each entry in the buffer cache contains a buffer header that contains a pointer to the actual ...

Page 44: ...ommand to see which files are currently stored Edit Command edit input_file_name The OfficeConnect Gateway s text editor edit is similar to UNIX Version 7 s edit facility with some subtle differences Its purpose is similar to perform simple line editing of files including filter files The edit command Edit is available via Console Telnet It works best when displayed on an ANSI terminal since it em...

Page 45: ...FILE_READ_WRITE EventHandler cfg 0 FILE_READ_WRITE FilterMgr cfg 24 FILE_READ_WRITE IPForwarder cfg 340 FILE_READ_WRITE IpRterProcess cfg 24 FILE_READ_WRITE IpxProcess cfg 547 FILE_READ_WRITE MPIPProcess cfg 35 FILE_READ_WRITE Ntp cfg 49 FILE_READ_WRITE OCGStrings ind 165396 FILE_READ_ONLY OCGStrings str 204007 FILE_READ_ONLY PingProcess cfg19 19 FILE_READ_WRITE PppProcess cfg 6 FILE_READ_WRITE Pp...

Page 46: ...d sectors Deleted Sectors Free Sectors MinimumFree Sectors 7168 1649 128 5391 1075 Atmarp cfg 0 FILE_READ_WRITE CLI cfg 41 FILE_READ_WRITE Parameters Description input_file Name of the original file output_file New name for the file OCG show file easyfilter fil filter IP 10 reject src address 220 159 132 13 20 accept src address 220 159 132 13 30 reject udp src port 69 40 reject tcp src port 23 50...

Page 47: ...e OfficeConnect Gateway You can name one of two bulk configuration files with the set bulk_file file_name command and break out individual configuration files from the bulk configuration file with the reset command show bulk_file The show bulk_file command displays the name of the OfficeConnect Gateway bulk configuration file and any error associated with the file This binary file is a concatenati...

Page 48: ...ling the manual restore will result in an unusable OfficeConnect Gateway unit Reset reset configuration reset DHCP_client_network reset DHCP_server_settings reset DHCP_server_counters reset DHCP_proxy_counters reset pppoe counters Set Set reset_action Show Show reset_action Parameters Description configuration Restores individual OfficeConnect Gateway configuration files CFG from a bulk configurat...

Page 49: ... displays the reset action The reset action setting should be default_configuration Reboot Command The reboot command reboots the system If you have made any configuration changes be sure to use the save all command before rebooting reboot Also see the delete configuration command ...

Page 50: ...3 14 CHAPTER 3 ADMINISTRATIVE CLI COMMANDS ...

Page 51: ... of the OfficeConnect Gateway Add Commands add user name The add user name command adds a user to the Local User Table You may specify a type for the user as well as the login protocol or use the defaults The following parameters are associated with this command enabled yes no login_service rlogin telnet password password type login network manage manage_readonly Command Type Command Name Add add ...

Page 52: ...establish a session with the OfficeConnect Gateway Use the add user command to add a user Use the list users command to see the current state of all users Disable Command disable user user_name The disable user name command disables the specified user from being used This affects LAN and WAN connections that depend on that user for parameters It Parameters Description name Name of user to be added...

Page 53: ...P Ping Rlogin Telnet password string telnet_options binary escape type login network manage manage_readonly The Set user command allows you to change the configuration of user profile settings some of which may have already been configured with the add user command Parameters Description user_name Name of user previously defined using add user The limit is 64 ASCII characters expiration Date after...

Page 54: ...use INACTIVE not in use or DISABLED inactivated telnet_options binary Enables binary transfers during telnet sessions escape Enables escape sequences during telnet sessions Entering this parameter with a no value disables that function For example the command set user username telnet_option binary escape enables both the binary and escape telnet options The command set user username telnet_option ...

Page 55: ...s user each is An example of the information displayed for a user is shown in the following table Note that this user may not be typical Defaults are indicated by D set maximum_local_users number USERS Login Network User Name Service Service Status Type curly TELNET D PPP D ACTIVE LOGIN DIALOUT MANAGE default TELNET PPP INACTIVE NETWORK administrator TELNET D PPP D ACTIVE LOGIN MANAGE INFORMATION ...

Page 56: ...xt Hop Gateway IP Address 0 0 0 0 D IP Routing NONE D IP Routing Protocols RIPV1 D IP RIP Routing Policies SPLIT_HORIZON POISON_REVERSAL FLASH_UPDATE SEND_COMPAT RIPV1_RECEIVE RIPV2_RECEIVE IP RIP Authentication Key Mananagement IP Address 0 0 0 0 Default Route Option DISABLED D IGMP Query Interval 125 seconds IGMP Max Response 10 seconds IGMP Version 2 IGMP Robustness 2 IGMP Routing DISABLED D Mu...

Page 57: ...Show Commands 4 7 Encryption Algorithm NONE D Primary DNS Server 0 0 0 0 Secondary DNS Server 0 0 0 0 Periodic CHAP Timeout 0 D Source Ip Address Filter DISABLED D ...

Page 58: ...4 8 CHAPTER 4 CONFIGURING AND MANAGING USERS ...

Page 59: ...mmands Users must have valid Telnet login accounts These accounts are created by the Service Provider or Administrator See Chapter 3 Configuring and Managing Users for more information Command Type Command Name Telnet telnet ip_name or address telnet ip_name or address TCP_port number Remote Login rlogin ip_name or address rlogin ip_name or address TCP_port number Add add telnet client ip address ...

Page 60: ...e system to recognize an IP host name You should run RIP when setting up a global IP network if you intend to support TCP services such as Telnet or rlogin Without RIP on the internal network you won t learn of remote networks should the Ethernet interface be disabled Other Telnet Related Commands This section describes other Telnet related commands add telnet client IP address mask Adds a Telnet ...

Page 61: ...255 255 255 2 55 Parameter Description client_access Allows users to Telnet into OfficeConnect Gateway based on the Telnet client access list This command is used in conjunction with the add telnet client command See the list telnet client command for settings The default is Disabled disconnect_message When enabled it sends connection closed by foreign host and similar messages when the connection...

Page 62: ...onnect_message When disabled the OfficeConnect Gateway will not send connection closed by foreign host and similar messages when the connection is closed The default is enabled escape All Telnet clients are prevented from using the escape character during a session terminal_download_ mode Disables feature which turns off local and remote echo for Telnet on a TCP port other than 23 for an OfficeCon...

Page 63: ...affic the bridge maintains a Bridge Forwarding Table This table contains a list of MAC addresses and their associated network segments The table is built dynamically from the source MAC addresses of data packets passing through the bridge The OfficeConnect Gateway bridge function supports the Spanning Tree Protocol STP This feature is used when two networks are joined by two bridges to form a loop...

Page 64: ...add bridge network network name command to add a bridge network over the Ethernet interface list networks Use the list networks command to obtain a list of all configured networks list bridge networks Use the list bridge networks command to only list bridge networks Command Type Command Name Add add bridge network network name Delete delete bridge network network name Enable enable bridge spanning...

Page 65: ...ding Advanced Bridging Options The advanced bridging configuration options include Aging Time Forward Delay Spanning Tree and Spanning Tree Priority show bridge The show bridge command displays the settings for all bridge networks Use the set bridge command to modify these values Base Aging Time Time to age out a known MAC address default 300 Spanning Tree Forward Delay Delay after coming up befor...

Page 66: ...ng_tree_priority priority value command to change the Spanning Tree Priority MAC Encapsulated Routing Because routers base their forwarding decision on network level addresses packets that are routed over a WAN are transmitted without Media Access Control MAC layer addresses Additionally address resolution procedures ARP that can be used to determine the destination MAC address for a packet are no...

Page 67: ... MAC address of the OfficeConnect Gateway it is discarded Additionally broadcasts for the protocol are not passed to the bridge set bridge firewall discard_routed_protocols Use the set bridge firewall discard_routed_protocols command to configure the Bridge Firewall to discard routed protocols Forward Unicast Packets Only If a protocol is configured for routing and a packet for that protocol type ...

Page 68: ...and in use mgmt unknown but filtering information exists RxPkt Number of packets received from this MAC station RxOctets No of bytes octets received from this MAC station Fltr Number of packets received from this MAC station that were filtered out discarded Fwd Number of packets received from this MAC station that were forwarded TxPkt Number of packets forwarded to this MAC station TxOctets Number...

Page 69: ...add bridge network command to define bridge networks Interface the interface this bridge is using Network Address index number for this bridge network Frame Type BRIDGE is the default Status ENABLED or DISABLED are options User Name user to supply parameters for this bridge Spanning Tree Enabled ENABLED or DISABLED ...

Page 70: ...6 8 CHAPTER 6 BRIDGING COMMANDS ...

Page 71: ...way CLI The following table identifies these commands Set Command set voice interface name Use this command to set the following parameters for a voice interface txgain number rxgain number state closed idle voice fax dtmf modem ring_frequency alert_tone 1 alert_tone 2 alert_tone 3 alert_tone 4 alert_tone 5 alert_tone 6 alert_tone 7 alert_tone 8 alert_tone 9 alert_tone 10 alert_tone_silent ring_ca...

Page 72: ... Cadence Invalid Echo Canceller Enabled Companding Type Mu Law Rx Packet Count 0 Tx Packet Count 0 Interface Name port 1 State Idle Tx Gain 2048 Rx Gain 3254 Ring Frequency Ring Frequency Tone Ring Cadence Invalid Echo Canceller Enabled Companding Type Mu Law Rx Packet Count 0 Tx Packet Count 0 Interface Name port 2 State Idle Tx Gain 2048 Rx Gain 3254 Ring Frequency Ring Frequency Tone Ring Caden...

Page 73: ...e the following VoDSL parameters interface name companding_type A Law Mu Law codec_type ADPCM32 PCM64 pvc VPI number VCI number Interface Name port 4 State Idle Tx Gain 2048 Rx Gain 3254 Ring Frequency Ring Frequency Tone Ring Cadence Invalid Echo Canceller Enabled Companding Type Mu Law Rx Packet Count 0 Tx Packet Count 0 Interface Name port 1 Interface Name State Port 1 Idle Port 2 Idle Port 3 I...

Page 74: ...2 13 set vodsl gateway_vendor Use this command to specify voice gateway type You can set the voice gateway vendor to Coppercom Jetstream LES 1 0 Profile 9 None show vodsl settings Use this command to display the following VoDSL settings Parameters Description interface Name of the interface up to 32 characters companding_type Algorithm type A Law or Mu Law codec_type Codec type supported by Voice ...

Page 75: ...the list interfaces command to see the currently defined interfaces and their status Enable Command enable interface interface_name Enables the specified interface Enabling an interface enables it to transmit and receive data You can enter multiple interfaces ssss ssss ssss or a range slot 3 port 1 9 You can use list interfaces to see which interfaces are defined and whether they are currently dis...

Page 76: ... driver Ethernet or ATM drivers Type Kind of physical serial interface For example Ethernet CSMACD Speed Estimate of the interface s current bandwidth in bits per second High Speed Estimate of the interface s current bandwidth in units of 1 000 000 bits per second exceeding 20 million bits second Administrative Status Permanently configured state of the interface Choices Up or Down Operational Sta...

Page 77: ...ame of the input IP filter enabled for the specified interface Driver Type Physical address MAC address of the specified Ethernet interface Set Command set interface interface 1 interface 2 Use this command to configure and set up an interface To set the interface the interface must exist in the Interface Table Interface names can be individual names or ranges If a range is used it must be entered...

Page 78: ...8 4 CHAPTER 8 INTERFACE COMMANDS ...

Page 79: ...ress Ethernet address of a network node via the Address Resolution Protocol ARP If the node is not in the ARP cache an ARP request is sent out For example at the prompt type OCG Adsl arp houston The OfficeConnect Gateway will generate the following output OCG Adsl ARP 156 155 132 145 08 00 20 80 43 85 Command Type Command Name Arp arp ip_host_name_or_address Add add ip arp address ip_address acces...

Page 80: ...Delete Command delete ip arp address ip_addr interface interface_name Deletes the indicated IP address from the ARP table of the specified interface Parameter Description ip_addr The IP address of the client that you are adding to the static ARP table mac_addr The MAC address of the client that you are adding to the static ARP table interface_name The interface that this client will be associated ...

Page 81: ...ry Phys address MAC address the IP address maps to Type Ethernet interface type Dynamic IfName LAN interface name eth 1 or eth 2 IP address Phys address Type IfName 134 134 155 156 02 e0 48 00 e3 eb Dynamic eth 1 134 134 155 254 00 c0 13 45 ac e7 Dynamic eth 1 134 122 135 119 08 00 20 77 8b e4 Dynamic eth 1 134 122 145 143 00 21 ae f5 05 10 Dynamic eth 1 ...

Page 82: ...9 4 CHAPTER 9 ARP COMMANDS ...

Page 83: ...d addresses This command has the following parameters interface atmaal 1 vice number vpi number These parameters are described in the following table Command Type Command Name Add add atmaal5 pvc name Delete delete atmaal5 pvc name Disable disable atmaal5 pvc name Show show atmaal5 pvc Parameters Description name Designation of the PVC to allow easy recognition and configuration on the OfficeConne...

Page 84: ...s a PVC created with the add atmaal5 pvc name command Disable Command disable atmaal5 pvc name Disables a PVC you created with the add atmaal5 pvc name command Show Command show atmaal5 pvc name Displays a specified PVC that was created using the add atmaal5 pvc name command ...

Page 85: ...equest to the server to extend the lease period The server maintains a list of assigned IP addresses and the duration period of the leases When a lease expires the IP address can be reassigned to another workstation The OfficeConnect Gateway can support up to 253 users on the local LAN This chapter identifies and describes the DHCP commands accessible from the OfficeConnect Gateway CLI The followi...

Page 86: ...DHCP CLIENT NETWORK alaska OPTIONS IP Address 151 104 120 56 C Default Router Id 151 104 120 57 Configuration File Name OCG_Config DNS Server 1 IP Address 151 104 116 81 DNS Server 2 IP Address 151 104 116 82 Domain Name ne 3com com WINS Server 1 IP Address 151 104 120 22 WINS Server 2 IP Address 151 104 120 30 TFTP Server Name Winston show DHCP_client network net_name counters Use this command to...

Page 87: ...networks DHCP CLIENT NETWORK alaska SETTINGS Status ENABLED DHCP CLIENT NETWORK california SETTINGS Status DISABLED enable DHCP_client network net_name Use this command to enable DHCP Client on the specified network disable DHCP_client network net_name Use this command to disable DHCP Client on the specified network list DHCP_client networks Use this command to list all networks on which DHCP Clie...

Page 88: ...11 4 CHAPTER 11 DHCP COMMANDS ...

Page 89: ...u specify the number of bits to be set to 1 the acceptable range is 8 30 The network address is invalid if the portion of the station address not covered by the mask is 0 Defining a numerical subnet is useful when your value falls between classes You can also omit the mask altogether it will automatically be calculated from the address The following table identifies the IP commands described in th...

Page 90: ...name disable ip rip disable ip source_address_filter disable ip static_remote_routes List list ip list ip defaultroute list ip networks list ip pools list ip routes list ip source routes list interfaces list ppp list networks list policy list facilities list processes list rtab preferred Set set ip application_source_address syslog igmp ping pptp_pac traceroute vtp set ip defaultroute gateway IP_a...

Page 91: ... interface is disabled If a second default route gateway associated with a still alive Show show all ip networks show ip counters show ip rip counters show ip show ip settings show ip network network_name show ip network network_name settings show ip routing show ip routing settings show all active interfaces show all connections show all filters show all interfaces show all ip networks show all l...

Page 92: ...ault is 1 Parameters Description network_name Name of IP network consisting of up to 64 unique ASCII characters white space must be surrounded by double quotes interface Name of the interface which this IP network will communicate over Eth 1 is the LAN port available while internal is a setting to define a global or interfaceless IP address for the OfficeConnect Gateway when supporting an on deman...

Page 93: ...ion In this mode you must configure an IP address for the remote site only You do not need to configure separate IP networks for the Frame Relay connection The optional remote IP address should match the address defined in the remote router NPTP Numbered Point to Point type of IP WAN connection In this mode you must configure an IP address for both the local and remote sites Network Network type o...

Page 94: ...a user dials in and receives an address from the IP address pool If the IP pool is specified as mulitple_aggregate the pool is divided into n routes depending on the value entered for max_unused_addrs The OfficeConnect Gateway automatically derives subnet masks for aggregate users but a mask can be configured for no_aggregate users The add ip pool command has the following parameters initial_pool_...

Page 95: ...eletes an IP pool created with the add ip pool command Use the list ip pools command to verify edit initial_pool_address su bnet_mask First IP network address to be assigned from the specified pool in the format nnn nnn nnn nnn with or without a mask specifier The Mask Specifier can be A B C H or a numeric value from 8 to 30 32 for host that describes the number of one bits in the mask If you do n...

Page 96: ... or IP address Enable Commands enable ip Enables the following IP parameters address_pool_filtering network send_host_unreach_for_pool address_pool_round_robin proxy_arp_all_dialin send_unsolicited_arp directed_bcast_forwarding respond_to_directed_bcast source_address_filter forwarding rip static_remote_routes multicast_heartbeat security_option Parameter Description directed_bcast_forwarding If t...

Page 97: ... command to see the currently defined IP networks as well as their current status enable ip rip Enables the RIP protocol for all IP networks RIP protocol is set to NONE by default enable ip source_address_filter Enables filtering of packets that bear a source IP address other than that assigned by the OfficeConnect Gateway during negotiations This should not be enabled for LAN to LAN routing This ...

Page 98: ...hich is useful for networks connecting over the WAN interface disable ip source_address_filter Disables filtering of packets that bear a source IP address other than that assigned by the OfficeConnect Gateway during negotiations This should not be enabled for LAN to LAN routing This feature is disabled by default disable ip static_remote_routes Disables all statically defined remote routes on all ...

Page 99: ...ric acts as the primary default route gateway and a second default route gateway with a lower metric acts as the secondary default route gateway It lists the following information address IP address of the default route Mask subnet mask of the default route Gateway IP address of the gateway router Metric hop count to the gateway State status of the default route list ip networks Displays all the I...

Page 100: ...he pool until operation is completed Remove_pending pool size is being modified and an active user is currently using a pool entry that needs to be removed Users can be assigned from the pool in this state Delete_pending pool is being deleted but an active user has been assigned out of this pool and must wait until user disconnects to delete the pool Users are not assigned from the pool in this st...

Page 101: ...e LAN interface name eth 1 Oper Status current operating status of the interface Up or Down Admin Status permanently configured status of the interface Up or Down list ppp Displays PPP bundles and links When multiple physical links are combined to run multilink PPP RFC1717 the group of physical links is called a bundle The second link channel will become active when the channel_expansion percentag...

Page 102: ...tus Interface Name 4 Opened 5 Opened slot 3 port 1 Facilities Event Facility Log Level ATM Network Driver Critical Attach Process Critical Auth Facility Critical Board Support Management Process Critical Call Initiation Process Critical Command Line Interpreter Critical Configuration File Manager Critical Configurator Critical Console Driver Critical DNS Critical Discovery Critical Driver Critical...

Page 103: ...32001 Configurator Application Inactive 42001 Main Application Active 52001 MIB Registrar Application Inactive 62001 Config File Manager Application Inactive 72001 RoboExec NetManagement Application Active 82001 Event Handler Application Inactive 92001 System Bus Driver Inactive a2001 NMB Driver Driver Inactive b2001 Device Discovery Application Inactive c2001 Console Driver Inactive d2001 Loopbac...

Page 104: ...active 1d2001 NMB Agent Application Inactive 1e2001 BSP Management Process Application Inactive 1f2001 Remote Ping Process Application Inactive 202001 File System Compaction Process Application Inactive 21200 IP Dial out Process Application Inactive 22200 Traceroute Process Application Inactive 232001 Tunnel Dispatcher Application Inactive 242001 NPPTP Application Inactive 262001 VTP Process Appli...

Page 105: ...ge the address or metric of a primary default route with a gateway on the IP network configured on the first OfficeConnect Gateway LAN interface eth 1 and values for a backup default route with a gateway on the IP network configured on the second OfficeConnect Gateway LAN interface eth 1 A default route gateway specified with a higher metric acts as the primary default route gateway and a second d...

Page 106: ...ts to represent the entire network Choices are IETF the IETF standard nnn nnn nnn 255 default BSD the BSD standard nnn nnn nnn 000 reassembly_maximum _size Maximum size IP datagram that the system will try to reassemble when the datagram has been fragmented to fit in the network packet size The default is 3464 rip_authentication_key ASCII string used for RIPv2 authentication rip_export_metric Numb...

Page 107: ...ce This prevents network loops Poison Reverse disabled by default Routes that were excluded due to the use of split horizon are instead included with infinite cost 16 The system continues to broadcast the route but with an infinite cost In order to perform poison reverse you must also enable split horizon Flash Update enabled by default It is also known as triggered update meaning routes that have...

Page 108: ...et ip route IP_hostname or network address Modifies the IP route created using the add ip route command This command has the following parameters gateway host name or IP station address metric 1 15 Parameters Description pool name Designation of the IP pool The limit is 16 ASCII characters initial_pool_address s ubnet_mask First IP address to be assigned from the specified pool in the format nnn n...

Page 109: ...r of one bits in the mask You can also specify the netmask in the xxx xxx xxx xxx format If you do not specify a mask the system will self generate it based on the network address for all routes except host routes for which you must specify a mask gateway Host name or IP address of the next hop to the specified IP network address metric Number of hops the destination is removed from the specified ...

Page 110: ...mand enabled no Do not allow source based routing on this interface yes Allow source based routing on this interface Parameter Description ip_name_or_net_addr The network name or IP address of the source route to be changed gateway The network name or IP address of the gateway to which IP datagrams with the specified source address should be routed metric This specifies how many hops it is to the ...

Page 111: ...ly fragmented before transmission Fragmentation Failures failed datagram fragmentations before transmission Total Fragments sum of fragments transmitted show ip rip counters Displays the following statistics Received RIP Packets Transmitted RIP Packets Received incorrect RIP Packets show ip show ip settings Displays system wide IP information IP System Host address IP address of the OfficeConnect ...

Page 112: ...cal address for Unnumbered Links Ethernet IP address supplied to remote PPP users when they dialup the OfficeConnect Gateway IP source address for IGMP If configured all IGMP packets sent from any of the OfficeConnect Gateway s interfaces will use this address as its source address The default is 0 0 0 0 IP source address for PPTP PAC OfficeConnect Gateway s source IP address where packets exit as...

Page 113: ...used for RIPv2 authentication IP System Host address 134 225 22 1760 IP Forwarding ENABLED IP Address Pool Filtering ENABLED IP Address Pool Round Robin ENABLED Source IP Address Filter IP Multicast Proxy Interface Eth 1 IP Multicast Heartbeat Status DISABLED IP Multicast Heartbeat Interface NONE IP Multicast Heartbeat Group 0 0 0 0 IP Multicast Heartbeat Time 60 seconds IP Multicast Heartbeat Win...

Page 114: ...ther status is enabled or not The default is enabled IP Static Remote Routes whether static routes are enabled or not The default is enabled LAN Host address IP address of the OfficeConnect Gateway IP Autonomous System Number system number assigned The default is 1 IP Max Table Size maximum number of IP Routing Table entries allowed The default is 1 024 IP Max Metric Entries maximum metric entries...

Page 115: ... IP Max Table Size 1450 IP Max Metric Entries 512 IP RIP Enabled IP Number RIP Interfaces 0 IP Number RIP Neighbors 0 IP RIP Flags METRICS SEND_REQUEST INTERFACE wan 2 SETTINGS Description WAN Driver V35 V11 Type V35 Speed 2048000 High Speed 0 Administrative Status Up Operational Status Down Link Up Down Traps ENABLED Promiscuous Mode FALSE Connector Present TRUE Filter Access OFF Last Change 0d 0...

Page 116: ...e Status Up Operational Status Up Link Up Down Traps ENABLED Promiscuous Mode FALSE Connector Present TRUE Filter Access OFF Last Change 0d 00 00 34 Policy Access Private Policy File Input Filter Output Filter Physical Address 00 c0 49 12 a2 d9 SHOW IP NETWORK ip SETTINGS Interface eth 1 Network Address 151 104 196 166 C Frame Type ETHERNET_II Status ENABLED Reconfigure Needed FALSE Mask 255 255 2...

Page 117: ...ED Promiscuous Mode FALSE Connector Present TRUE Filter Access OFF Last Change 0d 00 00 34 Policy Access Private Policy File Input Filter Output Filter Physical Address 00 c0 49 12 a2 d9 Interface eth 1 Network Address 151 104 196 166 C Frame Type ETHERNET_II Status ENABLED Reconfigure Needed FALSE Mask 255 255 255 0 Station 151 104 196 166 Broadcast Algorithm IETF Max Reassembly Size 8192 WAN Typ...

Page 118: ...r of rows displayed to all OfficeConnect Gateway connected systems Local terminal page break Whether local terminal page breaks are enabled or disabled Local terminal settings rows Number of rows displayed to locally connected systems show configuration show configuration settings Displays a variety of system information including system network protocol interface forwarding routing DNS host and d...

Page 119: ...ode Size amount of memory used by code Primary Server 166 165 166 139 Secondary Server 0 0 0 0 Remote Accounting ENABLED Primary Server 166 165 166 139 Secondary Server 0 0 0 0 Interfaces eth eth slot 3 port 1 slot 3 port 1 slot 3 port 1 slot 3 port 1 internal loopback IP Forwarding ENABLED Routing Enabled RIP ENABLED ipnet ETHERNET_II eth 1 166 165 166 14 5 1 IP loopback LOOPBACK loopback 127 0 0...

Page 120: ...e total number of cache buffer entries reserved in the system The unit is number of entries Each entry in the buffer cache contains a buffer header that contains a pointer to the actual data and has a data structure of 40 bytes Free Buffer Cache The number of buffer cache entries available The unit is number of entries Each entry in the buffer cache contains a buffer header that contains a pointer...

Page 121: ... bandwidth in bits per second NAS IP Address IP address of the OfficeConnect Gateway NAS Port Port attribute of the OfficeConnect Gateway Login Ip Host IP address of the host this user is currently logged into Login Service Type of login service employed by this user Telnet RLogin TCP Ping Login Port Port number on the OfficeConnect Gateway where this user is connected show system show system sett...

Page 122: ...ace and frame values for an internal address Network and interface names are limited to 64 ASCII characters This command has the following parameters address IP_address interface eth 1 pvc frame ethernet_ii snap atm1483 wan_type unptp nptp network auto remote_address remote_ip_address_and_mask Automatically reconfigures IP network parameters of an established static IP LAN or PVC network This comm...

Page 123: ...Reconfigure Commands 12 35 internal address Network and interface names are limited to 64 ASCII characters See add ip network network_name for more information ...

Page 124: ...12 36 CHAPTER 12 IP ROUTING COMMANDS ...

Page 125: ...one which uses the corporate site for 3com com and the other to use the Internet as the default The DNS Proxy feature of the OfficeConnect Gateway also enables you to configure Static Host entries The static table is checked first before the DNS request is forwarded on to the remote server This chapter identifies and describes the DNS commands accessible from the OfficeConnect Gateway CLI The foll...

Page 126: ...omain_name for more information about the default domain name If that server cannot resolve the name it is sent to the next specified server The OfficeConnect Gateway will try to reach each configured host three times in round robin fashion before issuing an error message For instance in the case of three off line servers A B and C the OfficeConnect Gateway will admit failure only after trying to ...

Page 127: ...ce_number Removes the name server associated with that preference number preferred rank 1 first 10 least from the table of accessible DNS servers Disable Commands This section describes the following DNS Disable commands disable dns host_rotation disable dns round_robin disable dns host_rotation Disables the OfficeConnect Gateway process of randomly choosing a primary IP address and up to eight al...

Page 128: ... section describes the following DNS List commands list dns cache list dns hosts list dns ncache list dns servers list dns cache Displays entries in the DNS Cache table Number Row number in DNS Cache Table Pretty Name Name of the Resource Record in the cache which is identified in this row of the table As described in RFC 1034 the owner of the record is the domain name where the resource record is...

Page 129: ...from which Resource Record was received 0 0 0 0 if unknown list dns servers Displays DNS Name Servers which you configured using the add dns server command It lists the following information Preference server priority for DNS service Name your name for the server Address IP address of server Status current status ACTIVE INACTIVE 4 uswb1rd1 mass usr com 1 1 221 123 157 123 153 234 24 145 5 ns1 ma u...

Page 130: ...tries remain in the DNS cache before they re flushed The range is 0 2147483 domain_name Default domain designation to be used if no domain is specified by add dns server command in the name to be resolved For example usr com The limit is 64 ASCII characters intercept_request ncache Enables or disables negative DNS caching Setting to CLEAR flushes the DNS negative cache The negative DNS cache conta...

Page 131: ...he timeout period Timeout Period in Seconds number of seconds to wait before deciding a request to a Name Server has timed out Cache Max TTL Maximum Time To Live period in seconds for resource records in this cache Negative Cache Max TTL Maximum Time To Live period in seconds for negative cached authoritative errors Caching Indicates whether function is enabled or disabled Negative Caching Indicat...

Page 132: ...he table Only the agent DNS resolver creates rows in this table Types include Active and Destroy show dns ncache 1 65535 Displays an entry row in the DNS Negative Cache Table It lists the following information Pretty Name Fully qualified name resource record the host connects to at this row in the table Class DNS class of the resource record at this row in the table Type DNS type of the resource r...

Page 133: ...ve response cache table Since only the agent DNS resolver creates rows in this table Types include Active and Destroy DNS NEGATIVE CACHE ENTR Pretty Name foo mass usr com Class 1 Type 1 TTL 43200 Elapsed TTL 207 DNS Server 153 234 24 145 Error Code NONEXIST Status Active ...

Page 134: ...13 10 CHAPTER 13 DNS COMMANDS ...

Page 135: ...ollowing table identifies the ICMP commands described in this chapter Enable Commands enable icmp router_advertise Enables OfficeConnect Gateway generated router advertisements multicast on the same LAN segment as the OfficeConnect Gateway enable icmp logging Enables display of the Internet Control Message Protocol ICMP to the SYSLOG server Use the show icmp command to view edits ICMP is disabled ...

Page 136: ...ncoming login access information including whether ICMP logged and ICMP Router Advertise are enabled You can turn multicasting of ICMP router advertisements on or off with the enable or disable icmp_router_advertise commands ICMP SETTINGS ICMP Logging ENABLED ICMP Router Advertise Enabled ENABLED ...

Page 137: ...or more multicast groups and receive the multicast packets sent to those groups The IGMP is also used by the routers to periodically check whether the known group members are still active The following table identifies the Multicast and IGMP commands described in this chapter Multicast Commands Set Commands set ip multicast heartbeat The set ip multicast heartbeat command configures multicast moni...

Page 138: ...ed version 1 2 These parameters are described in the following table Parameters Description interface_name The interface on which to monitor multicast traffic for the specified group eth 1 slot x port y or username group The IP address of the multicast group to monitor time The interval in seconds to monitor multicast traffic The range is 0 65535 The default is 60 threshold The interval during whi...

Page 139: ...ined The types are Self Multicast address group joined by the OfficeConnect Gateway Learned Multicast address group discovered by OfficeConnect Gateway non OfficeConnect Gateway join Proxy Multicast address group connected to another interface on OfficeConnect Gateway Parameters Description query_interval The frequency at which IGMP Host Query messages are sent on the specified interface The defau...

Page 140: ...ng If enabled indicates that OfficeConnect Gateway will try to become a querier on this interface If disabled indicates OfficeConnect Gateway will act as an IGMP host and only report multicast groups it joins The default is Disabled Multicast Forwarding Indicates if multicast packets will be received and transmitted on this interface The default is Disabled Multicast Proxy If enabled indicates any...

Page 141: ...econds Max Response 10 seconds Version 2 Querier 135 122 143 143 Joins 1 Groups 1 Robustness 2 Routing ENABLED Multicast Forwarding DISABLED Multicast Proxy ENABLED IGMP Short Packets 0 IGMP Bad Checksum 0 Queries Received 1 Reports Received 2 Reports For Known Groups Received 0 Wrong Version Reports Received 0 Reports Sent 3 ...

Page 142: ...15 6 CHAPTER 15 MULTICASTING AND IGMP COMMANDS ...

Page 143: ...dures Configuring PPPoE To configure PPPoE from the CLI perform the following steps 1 To configure PPPoE you must enter a series of CLI commands The following example shows the CLI commands that are used to configure PPPoE OCG Adsl add profile pppoe network_service pppoec_atm_rfc1483 OCG Adsl set profile pppoe send_password root OCG Adsl set profile pppoe bridging disable 2 Enter one of the follow...

Page 144: ...address is associated with your interface name An example of a WAN interface name is atmaal1 pvc34 5 Enter the following CLI commands OCG Adsl add pat tcp interface interface name private_address ip address range public_address ip address range public_port port range OCG Adsl add pat udp interface interface name private_address ip address range public_address ip address range public_port port rang...

Page 145: ...I OCG Adsl set nat interface interface name option SUPERNAT 4 Determine your public IP addresses for your LAN and WAN by entering the following CLI commands OCG Adsl list ip networks Your WAN IP address is associated with your interface name An example of a WAN interface name is atmaal1 pvc34 5 Enter the following CLI commands OCG Adsl add pat tcp interface interface name private_address ip addres...

Page 146: ...MER interface atmaal 1 atmpvc frame atm1483MER wan_type auto enabled yes 3 Enter the following command if you know the Local and Public Wan IP Address and are not using DHCP OCG Adsl add ip network 1483MER interface atmaal 1 atmpvc frame atm1483MER address 1 1 1 1 c remote_address 1 1 1 3 c wan_type nptp routing_protocols ripv2 enabled yes Note the address ranges of both Public and Private IP addr...

Page 147: ...t profile pppoe bridging_disable 2 Enter one of the following CLI commands next Enter the following CLI command to make the OfficeConnect Gateway automatically negotiate dynamic addressing with the Service Provider for an IP address OCG Adsl set profile pppoe protocol ip address_selection negotiate If you know the specific local and remote IP addresses enter the following CLI command where x x x x...

Page 148: ...ble disable Intelligent PAT perform the following step from the CLI OCG Adsl set nat interface interface name intelligent_pat enable disable Setting the Default Workstation for Intelligent PAT To set the default workstation for Intelligent PAT perform the following step from the CLI OCG Adsl set nat interface interface name workstation default workstation ip address Configuring Network Address Tra...

Page 149: ...esses enter the following CLI command where x x x x is the local IP address and y y y y is the remote IP address OCG Adsl set profile pppoe protocol ip local_ip_address x x x x remote_ip_address y y y y OCG Adsl set profile pppoe protocol ip default_route_option enable routing both routing_protocols ripv2 OCG Adsl add atmaal5 pvc pvc34 vpi 0 vci 34 OCG Adsl add datalink ppp interface atmaal 1 pvc3...

Page 150: ...following key in the registry HKEY_LOCAL_MACHINES System CurrentControlSet Services Rasman Parame ters 3 On the Edit menu click Add Value and then add the following registry value Value Name ProhibitIpSec Data Type REG_DWORD Value 1 4 Quit the Registry Editor 5 Reboot your PC for the changes you made to the Registry Settings to take effect Configuring a PPTP Tunnel A Point to Point Tunneling Proto...

Page 151: ...TP VPN tunnel from the CLI perform the following steps L2TP Initiation To initiate an L2TP tunnel you must enter a series of L2TP Initiation commands The following example shows the CLI commands that are used to perform L2TP Initiation OCG Adsl set system transmit_authentication_name OCG OCG Adsl add tunnel OCG type l2tp server_endpoint 210 3 3 107 secret OCG OCG Adsl disable tunnel OCG OCG Adsl s...

Page 152: ...Information Refer to the following chapters in this CLI User s Guide for additional information related to the WAN protocol settings Chapter 17 PPP Commands Chapter 18 PPPoE Commands Chapter 19 Tunneling Commands Chapter 21 Address Translation Commands Chapter 22 IPSec Commands ...

Page 153: ...le identifies the PPP commands described in this chapter Command Type Command Name Add add datalink ppp username Delete delete datalink ppp interface interface_name Enable enable pppoe on interface interface_name enable datalink ppp interface interface_name enable ppp acct_for_abnormal_disc enable ppp address_field_compression enable ppp receive_accm enable ppp protocol_field_compression Disable d...

Page 154: ...ist currently defined PPP datalink enabled interfaces using the list ppp command enable ppp acct_for_abnormal_disc Enables the sending of an Accounting Stop record when a call is abnormally disconnected before a Start Record is sent enable ppp address_field_ compression Enables PPP address field compression The default is enabled enable ppp receive_accm Enable strict checking of receive side ACCM ...

Page 155: ...ommand Set Command set ppp Sets global parameters for PPP which applies to all calls including the call type for which PPP compression will be attempted accepted Issuing this command overrides the compression algorithm parameter set by the set network user user name ppp command Users who dial in and receive a compressed_analog connection MNP5 or V 42bis won t receive PPP compression Payload compre...

Page 156: ... attempted Digital PPP data compression only for digital calls Default Compressed_analog PPP data compression only for compressed modem compression analog calls Uncompressed_analog PPP data compression only for uncompressed modem compression analog calls Default PPPoE If the interface is PPPoE then compression is negotiated depending on the value of a private ppp variable dns_usage Enables disable...

Page 157: ...ion_preference can be set to CHAP MS_chap EAP proxy_eap or default CHAP If receive_authentication is set to any other value then the authentication_preference setting is ignored Protocols are negotiated in this order of preference CHAP EAP MS_chap and PAP See The Total Control Routing Features Guide p n 10030832 for details about CHAP and PAP Options are None no user authentication requested PAP o...

Page 158: ...eConnect Gateway You can add additional values as follows server_ip identification of OfficeConnect Gateway s local server s IP address client_ip identification of remote client s IP address For example set ppp session PPP session beginning now from server_ip to client_ip If the string is surrounded by double quotes you can insert an escape character inside the quoted string If the string is follo...

Page 159: ...normally disconnected before a Start Record is sent PPP Address Field Compression Displays the state of PPP address field compression enabled or disabled PPP Protocol Field Compression Displays the state of PPP protocol field compression enabled or disabled PPP Bap Hunt Group Phone Number The phone number set for the Band Allocation Protocol BAP hunt group PPP Receive ACCM Checks whether all the c...

Page 160: ...17 8 CHAPTER 17 PPP COMMANDS ...

Page 161: ...user_name To add a user use the add user user_name command This command has the following parameters password user_password max_sessions_per_host number local_ip_address ip_address send_password user_password network_service pppoec_fr_rfc1490 pppoec_fr_rfc1483 pppoec_atm_rfc1483 type network Set the Remote IP address set network user user_name ip remote_ip_address ip_address Use the set network us...

Page 162: ...case no service names need to be configured in the OfficeConnect Gateway If the client request contains a non null service name in the request then the same name has to be configured in the OfficeConnect Gateway Delete Command delete pppoe service_name name Removes the designated PPPoE service name Enable Command enable pppoe on interface interface_name This command enables the specified interface...

Page 163: ...eter Description max_sessions The maximum number of PPPoE connections that may be initiated concurrently to the OfficeConnect Gateway by all hosts combined max_sessions_per_host The maximum number of PPPoE connections that may be initiated concurrently by a single host to the OfficeConnect Gateway This helps to limit the Denial of Service attacks on the OfficeConnect Gateway Parameter Description ...

Page 164: ...PPPoE COUNTERS Counter Reset Time 04 JAN 2000 14 04 36 Number of Active Sessions 0 Number of Initiates Received 0 Number of Initiates Rejected 0 Number of Offers Transmitted 0 Number of Requests Received 0 Number of Requests Rejected 0 Number of Session Confirms Transmitted 0 Number of Terminates Exchanged 0 Number of Malformed packets 0 Total Number of Sessions since reboot 0 PPPoE SETTINGS Maxim...

Page 165: ...roduct to product but most security experts agree that VPNs include encryption strong authentication of remote users or hosts and mechanisms for hiding or masking information about the private network topology from potential attackers on the public network A VPN tunnel functions as a virtual leased line between two VPN devices through a public network such as the Internet These tunnels are protect...

Page 166: ... the client PAC side of the PPTP tunnel created with the add pptp pns command Enable Command enable pptp pns Enables PPTP network server support See disable pptp pns command The default is enabled Disable Command disable pptp pns Disables the specified PPTP network server Command Type Command Name Disconnect disconnect pptp tunnel number disconnect pptp number session number List list all sessions...

Page 167: ... and LNS devices is displayed This command is useful for Internet Service Providers offering domain based tunnel services list tunnel connections Displays tunnel information for all tunnels configured with the set tunnel user user_name command list pptp pnss Displays settings of all PPTP network servers configured with the add pptp pns command It lists the following information Index Number corres...

Page 168: ... TIMEOUT IP address IP address of the remote tunnel endpoint to which it is connected Depending on the RAS executing the command if looking at the PNS this value is the LAC address Show Commands show pptp show pptp settings Displays settings for configured PPTP tunnels Maximum Number of Sessions Maximum number of simultaneous active sessions PPTP supports Maximum Number of Tunnels Maximum number o...

Page 169: ...e logging level PPTP is set to Choices Disabled Control Packets Control and Data Packet Headers and Control and Data Packets Pptp Pns Displays the state of PPTP network server support show pptp tunnel number Displays statistics of the specified PPTP tunnel It lists the following information Local control tunnel ID identifier of the specified local control tunnel Peer control tunnel ID identifier o...

Page 170: ...ed with data Control tunnel send packets without data sum of zero length packets transmitted Control tunnel flow control timeouts sum of timeouts caused by flow control Control tunnel flow control on status of local flow control enabled or disabled Local control tunnel flow control enables sum of local flow control enables for the control session Remote control tunnel flow control on status of rem...

Page 171: ...nel receive packets sum of packets received out of order on the data tunnel for this session Flow discarded data tunnel receive packets sum of packets received on the data tunnel for this session which were discarded due to flow control Out of order discarded data tunnel receive packets sum of packets received on the data tunnel for this session which were discarded due to ordering Data tunnel sen...

Page 172: ...equence packets will be lost which MAY cause the PPP decompression engine to reset a high value increases the time period where the pptp stack processes packets which were received out of order especially in the case of a packet which was lost within the network The default may cause all out of sequence packets to be lost The default is 0 data_channel_receive_packet_ window Size in number of packe...

Page 173: ...including TFTP file access and SNMP and TELNET support To view the available server types use the list available servers command add network service service_name The following parameters are assaulted with the add network service command close_active_connections true false data ancillary data options enabled yes no server_type snmpd tftpd telnetd socket socket_number Command Type Command Name Add ...

Page 174: ... or receiver s IP address and service type s port number The maximum is 65535 The range is 0 65535 Ancillary Data Values Description auth On indicates that login password authentication should be performed on incoming connections Format auth on off The default is on drop_on_hangup Value specifying whether the TCP session is dropped after modem hangs up Off allows connection to remain active The de...

Page 175: ...ice command disables a network service such as TELNET or TFTP disable network service service_name If close_active_connection was specified as TRUE in the add network_service command then all active connections are closed when the service is disabled List Commands This section describes the following List commands list network services list available servers list network services The list network ...

Page 176: ...e Admin Status Server Type Type Protoc ol Module Description SNMPD NETWORK UDP SNMPAgent SNMP agent TELNETD NETWORK TCP Telnet TELNET server to the CLI TFTPD NETWORK UDP TFTP Server side of TFTP for accessing files Parameters Description admin_name Designation you assigned to network service with the add network service command The limit is 64 ASCII characters close_active_ connections Indicates w...

Page 177: ...rt Address Translation PAT Port Address Translation PAT is the most commonly used type of Address Translation It maps many private addresses on the local LAN to one public address The public address is the WAN interface address which can be dynamically learned or statically configured Most applications work well when PAT is enabled as long as the connections are initiated from the client on the lo...

Page 178: ...CLI OCG Adsl set nat interface interface name workstation default workstation ip address Network Address Translation NAT With Network Address Translation NAT a pool of public addresses are configured and are statically or dynamically mapped to private workstation addresses when accesses are made through the gateway to a public network The public to private address mapping remains active until the ...

Page 179: ...T policy by entering the following CLI commands OCG Adsl set tunnel name protocol ip workstation intended local workstation address OCG Adsl set tunnel name protocol ip nat_option pat To verify that the workstation intended to receive the call is set enter the following CLI command OCG Adsl show nat policy default_pptp 6_nat interface pptp 6 Configuring Network Address Translation NAT When Network...

Page 180: ...hen the initial TCP connection was initiated With this established mapping all frames from the remote host can be mapped back to the local LAN client s private address However the UDP connection stream initiated from the remote host does not have an existing port mapping When received the translator does not know for certain which client on the local LAN the frame should be directed to unless it h...

Page 181: ...nslated using the Default Workstation Monitoring NAT Use the following commands to display NAT sessions statistics and policies list nat The list nat command displays information for Network Address Translation NAT connections The command has the following parameters interfaces statistics Parameter Description interfaces Displays the Interface Name and NAT option stats Displays statistics for the ...

Page 182: ...21 6 CHAPTER 21 ADDRESS TRANSLATION COMMANDS ...

Page 183: ... work properly 1 Start the Registry Editor Regedt32 exe 2 Locate the following key in the registry HKEY_LOCAL_MACHINES System CurrentControlSet Services Rasman Parame ters 3 On the Edit menu click Add Value and then add the following registry value Value Name ProhibitIpSec Data Type REG_DWORD Value 1 4 Quit the Registry Editor 5 Reboot your PC for the changes you made to the Registry Settings to t...

Page 184: ...ds when found cause the packet to be dropped fragment offset 1 partial TCP headers all header options source route options fragment offset 1 Packets with an offset equal to one are discarded in accordance with RFC 1858 Some routers that may be used on the same network with the OfficeConnect Gateway may be configured to filter out specific traffic In some cases these routers will not apply the filt...

Page 185: ... the particular packet is dropped Show Commands show ip security show ip security settings These commands display the state enabled or disabled of IP security settings The settings shown in the following table are the defaults show security_option show security_option settings These commands display status of SNMP user access security service and administration by remote users Modify the SNMP user...

Page 186: ...22 4 CHAPTER 22 IPSEC COMMANDS ...

Page 187: ...iation SA specified A value of 0 deletes all the SA s in the system The list sa command displays all the valid SAs in the system The show sa command shows the details of a security association List Command list sa Lists all the phase 1 and phase 2 valid security associations SA in the system The show sa command shows the details of a security association The delete sa command deletes a specified S...

Page 188: ...23 2 CHAPTER 23 SECURITY ASSOCIATION SA COMMANDS ...

Page 189: ...s Retransmission Algorithm type of algorithm used Minimum Timeout minimum retransmission timeout interval Maximum Timeout maximum retransmission timeout interval Maximum Connections sum of TCP connections allowed TCP Nagle Algorithm state of the Nagle algorithm which when enabled prohibits one octet sized TCP packet transmissions to an output buffer until there is sufficient data to fill a maximum...

Page 190: ... TCP packet transmissions and maintain high network throughput This algorithm withholds additional packet transmissions to an output buffer until there is sufficient data to fill a maximum sized segment You may want to disable this feature if your TCP application must transmit small TCP packets The default is enabled disable tcp nagle_algorithm Disallows use of the Nagle algorithm to allow transmi...

Page 191: ...njunction with the enable tcp keepalives command See the enable and disable tcp keepalives and show tcp settings commands for more information The range is 1 2147483 seconds The enable disable configuration is disabled by default ...

Page 192: ...24 4 CHAPTER 24 TCP COMMANDS ...

Page 193: ...s list Delete delete snmp community name delete snmp community_pool pool_name address IP_address or name delete snmp trap_community name delete snmp trap_community_pool name addresses ip address list Enable enable link_traps_interface enable security_option snmp user_access enable snmp authentication traps Disable disable link_traps_interface disable security_option snmp user_access disable snmp a...

Page 194: ...l pool_name command adds an entry to the SNMP Community address Pool table This command is used in conjunction with the add snmp community command to allow multiple management station control of the OfficeConnect Gateway through a pool of IP addresses The following parameter can be configured for the add snmp community_pool pool_name command Parameter Description community_name Group name that aut...

Page 195: ...p Community Address Pool table If IP addresses are in the single digit form as 1 1 1 1 eight entries can be added with the single CLI command if addresses are in triple digit form such as 146 115 112 111 four IP addresses can be added with the single CLI command The maximum size of the pool is 10 IP addresses Parameter Description pool_name Pool name defining a group of SNMP management stations Th...

Page 196: ..._pool pool_name address IP_address or name command removes an entry from the SNMP Community address Pool table The following table describes the parameters associated with this command See the add snmp community command for more information delete snmp trap_community name The delete snmp trap_community name command removes an SNMP trap community name from the list of names and IP addresses that ar...

Page 197: ...face_name eth 1 Although the default is Disabled on modem interfaces Hubs with Quad Modems installed must have the OfficeConnect Gateway setting disabled manually to effect the change The command is enabled for Ethernet and WAN connections Also see the disable link_traps interface and show interface interface_name settings commands enable security_option snmp user_access The enable security_option...

Page 198: ... snmp user_access The disable security_option snmp user_access command disables SNMP access to the system This prevents remote users from using SNMP and damaging the configuration Use the enable security_option snmp user_access command to re enable full SNMP access Also see the enable security_option snmp user_access command disable snmp authentication traps The disable snmp authentication traps c...

Page 199: ...he SNMP Community address Pool table This command lists the following type of information See add snmp community_pool pool_name command for more information list snmp trap_communities The list snmp trap_communities command displays SNMP trap communities defined using the add snmp trap_community command It lists the following information Community Name IP Address trap community designation for the ...

Page 200: ...ap community pool Set Commands This section describes the following Set related SNMP commands set snmp communities set snmp trap community community name set snmp community name The set snmp community name command modifies parameters for an SNMP community authorized user or host to which notifications are sent configured with the add snmp community community_name command The community name and IP ...

Page 201: ...rite access to all writable objects RO is the default on public 0 0 0 0 networks and RW the default on private networks address IP address of this SNMP management station expressed in the form nnn nnn nnn nnn community_pool Designation for the pool of IP addresses comprising this SNMP community The limit is 64 ASCII characters validate_address Method to determine access to this management station ...

Page 202: ...ity_pool name The show snmp trap_community_pool name command displays the specified SNMP trap community and IP addresses of associated trap communities defined using the add snmp trap_community name command It lists the following information show snmp counters The show snmp counters command displays many SNMP statistics The information is organized into Input and Output Counters categories Input C...

Page 203: ... processed Get Response PDUs sum of SNMP Get Response PDUs accepted and processed Trap PDUs sum of SNMP Trap PDUs accepted and processed Output Counters Packets sum of SNMP packets transmitted Too Big Errors sum of SNMP PDUs generated by SNMP and for which the value of the error status field is tooBig No Such Name Errors sum of SNMP PDUs generated by SNMP and for which the value of the error statu...

Page 204: ...25 12 CHAPTER 25 SNMP COMMANDS ...

Page 205: ...ted onto a network interface IP filtering analyzes the packet header information using the set of rules added to the filter specified for the interface Based on the rules the packet is either accepted or discarded IP filtering is performed based on the first matching rule that is found IP filtering searches for a matching rule in rule number order For this reason you should order your rules so tha...

Page 206: ...ter The limit is 20 ASCII characters default_action Indicates whether IP packets that do not match any of the rules added to this filter by add ip rule should be accepted or rejected Parameters Description number Each rule added to an IP filter must have a unique number The rules need not be added to the IP filter in increasing order by rule number but they will be displayed and searched in increa...

Page 207: ...nterface interface_name command has been modified by adding the output_ip_filter ip_filter_name parameter to the command set interface interface_name output_ip_filter ip_filter_name The output_ip_filter parameter has been added to this command to allow specifying the name of the IP filter to be used on a network interface Parameters Description ip_filter_name Name of the IP filter Parameters Descr...

Page 208: ...characters for IPSEC SA to be established successfully Show Command show ip filter ip_filter_name Use this command to view the contents of an IP filter The resulting screen display might look like the following SHOW IP FILTER boston Filter Action REJECT Rule Number 1 Start Source Address 192 168 1 1 Source Mask C End Source Address 0 0 0 0 Action ACCEPT Rule Number 2 Start Source Address 192 168 1...

Page 209: ... look like the following INTERFACE sdsl 1 PVC 6 16 SETTINGS Description FR_PVC Type FRAME_RELAY Speed 64000 High Speed 0 Administrative Status Up Operational Status Up Link Up Down Traps ENABLED Promiscuous Mode FALSE Connector Present INVALID Filter Access OFF Last Change 0d 00 00 00 Policy Access Private Policy File Input Filter Output Filter Output IP Filter boston Driver Type AUTO ...

Page 210: ...26 6 CHAPTER 26 IP FILTERS COMMANDS ...

Page 211: ...packet to pass through or discards it Filtering Capabilities The OfficeConnect Gateway supports the following filtering capabilities Input and output filtering packet filters can be created to control inbound or outbound data packets Source and destination address filtering a packet filter can accept or deny access to a host or user based on the address of the source and or destination Protocol Fi...

Page 212: ... routes into the Routing Table upon receipt input filter Generic Filters Generic filters are specified by byte and offset values in a packet Packets are filtered by comparing the packet s offset value and byte information with the values that you define in the filter The Hub accepts or rejects the packet based on the result Creating generic filters can be a complex task Only experienced users shou...

Page 213: ...lter file Protocol Rules You can define protocol rules within each protocol section in the filter file Protocol rules determine which packets may and may not access the network The rule syntax is line verb keyword operator value The combination of keyword operator and value forms the condition which when combined with the verb determines whether the packet is accepted or rejected When a packet is ...

Page 214: ...h rule must have a unique line number 1 999 You must arrange rules in increasing order verb This field can be one of the following ACCEPT allow the packet access if the condition is met REJECT do not allow the packet access if the condition is met AND logically use the AND condition with condition of the next rule to determine if the packet is accepted or rejected Both defined conditions must be m...

Page 215: ...an create filter files on your PC using any text editor Once the file is created you ll use the Trivial File Transfer Protocol TFTP to place the filter file in FLASH memory on your OfficeConnect Gateway Table 27 3 Field Description line Each rule must have a unique number 1 999 You Must Arrange Rules In Increasing Order verb This field can be one of the following ACCEPT allow the packet access if ...

Page 216: ...u expect to be matched most frequently are at the top of the list Delimit each rule with a semi colon For example filter IP 010 ACCEPT src addr 128 100 033 001 020 ACCEPT dst addr 200 135 038 009 4 Add filtering action if different from the default value of PERMIT For example 030 DENY 5 Continue to define protocol rules for each protocol section you want to filter Then visually inspect the file to...

Page 217: ...le is stored on the OfficeConnect Gateway FLASH memory verify filter filter_name Use this command to ensure filter file syntax is correct If the filter file fails to verify return to the text editor edit the file TFTP the file to the OfficeConnect Gateway and re verify Any subsequent entry of the same filter files requires they be re verified and reapplied using the set interface command show filt...

Page 218: ...es a packet with a false source address in order to appear as a trusted host or network there is no way for an output filter to tell if that packet came in through the wrong interface An input filter on the other hand can filter out packets purporting to be from networks that are actually connected to a different interface User Filters You can configure user filters for a specific user that contro...

Page 219: ...lter access parameter ON for a specific interface set interface interface_name filter_access OFF Use this command to set the filter access parameter OFF for a specific interface Filter file changes take effect on an interface immediately when you issue the set interface command Managing Filters This section provides information about how to perform filter management tasks including Displaying the ...

Page 220: ...output_filter Use this command to remove a filter that is assigned to an interface The value represents a null value and removes the defined filter from the interface For example to remove an output filter from an interface named eth 1 you would use this command set interface eth 1 output_filter Deleting a Packet Filter delete filter filter_name Use this command to remove a filter from the filter ...

Page 221: ... Examples This section briefly describes IP packet filtering options and provides rule examples for each IP packet filtering capability This section includes the following topics Source and Destination Address Filtering Masks TCP and UDP Parameter Filtering IP RIP Packet Filtering ICMP Packet Filtering Source and Destination Address Filtering Source and destination address filtering is generally u...

Page 222: ...ent from and destined for standard port numbers that provide common network services such as Domain Name Service DNS Simple Network Management Protocol SNMP and TELNET You can filter TCP and UDP packets by source and destination ports by defining filter rules that compare the port number in a TCP or UDP packet of a specific value The following filter file rule example would accept only TCP packets...

Page 223: ...ices Table 27 4 TCP UDP Description 20 File Transfer Protocol data 21 File Transfer Protocol control 23 Telnet 25 Simple Mail Transfer Protocol 43 43 Who Is 53 53 Domain Name Service 69 Trivial File Transfer Protocol 70 70 Gopher 79 79 Finger 80 World Wide Web HTTP 88 88 Kerberos 110 Post Office Protocol 111 111 Sun Remote Procedure Call 113 113 Authentication Service 119 Network News Transfer Pro...

Page 224: ...cted Spurious RIP messages can disrupt your routing tables If you are listening for RIP messages on a given interface you may wish to consider filtering out RIP updates from untrusted networks ICMP Packet Filtering Internet Control Message Protocol ICMP packets contain messages exchanged by IP modules in both hosts and gateways to report errors problems and operating information ICMP message types...

Page 225: ...uration to discard all IP packets with a partial TCP header This command is similar to and a subset of the enable ip security drop_all_fragoffset command The default setting is enabled meaning these packets will be discarded When a packet is discarded the event is syslogged enable ip security_option drop_tcp_fragoffset1 Use this command to block TCP packets with an offset of 1 This is the default ...

Page 226: ... ddd m dst addr destination IP address equal not equal ddd ddd ddd ddd m tcp src port TCP source port all 1 65536 tcp dst addr TCP destination port all 1 65536 tcp one way Limit TCP traffic to one way equal not equal 1 65536 udp src port UDP source port all 1 65536 udp dest port UDP destination port all 1 65536 icmp type ICMP message type equal not equal 0 255 protocol protocol specific field equa...

Page 227: ...e of ancillary values Alternatively you can use the add tftp request input_file_name command to configure the TFTP service and use the enable tftp request input_file_name command to activate TFTP service The tftp command parameters are described in the following table Command Type Command Name TFTP tftp IP_name or address List list tftp clients list tftp requests Add add tftp client IP_name_or _ad...

Page 228: ...e TFTP Client Request Table It lists the following information Filename Name of file to be requested from or sent to the TFTP server Server Name or IP address of the TFTP server Action Type of request send to the TFTP server Put or Get get remotefile localfile Receive a file help Print help information mode ascii binary Set file transfer mode ASCII or Binary put localfile remotefile Send a file qu...

Page 229: ...l for administrators seeking to access the TFTP client OfficeConnect Gateway The following parameters are associated with this command action get b server IP_name_or_IP_address mode ascii octet rexmt _timeout 1 60 max_timeout 1 300 These parameters are described in the following table TFTP REQUEST TABLE Filename Server Action Status filter in Scylla PUT NORMAL OCG Styx GET GETTING Parameters Descr...

Page 230: ...ist tftp request command to display TFTP request status Also see the add tftp request input_file_name disable tftp request input_file_name and list traceroute commands Disable Commands disable tftp request input_file_name The disable tftp request command deactivates a request for service get or put from the TFTP server created with the add tftp request command Also see the add tftp request input_f...

Page 231: ...ancelled The range is 1 300 The default is 25 seconds Status State of each current TFTP request in the table Normal Request is in the table or has been successfully completed Getting Initial state TFTP server is receiving a file Putting Initial state TFTP server is sending a file Error Request has finished unsuccessfully and will generate an error message Error String Error message detailing why T...

Page 232: ...lowing example shows the information displayed in response to the show tftp request command screen SHOW TFTP REQUEST FOR FILE filter in Server scylla Action GET Mode ASCII Retransmit Timeout 5 Maximum Timeout 25 Status NORMAL Error String ...

Page 233: ...nds to reach each hop and return Traceroute utilizes ICMP to monitor network messages and UDP to send out the packet The command also can be implemented from an SNMP station Router DNS services are always used to resolve names and or verify addresses in dot notation An address of zero indicates there was no response from that hop The traceroute command has the following parameters maxhops number p...

Page 234: ...lution or failure Parameters Description IP name or address IP name or address of destination to target Maximum characters 255 maxhops Maximum number of hops traceroute runs before quitting The default is 30 The range is 1 255 port UDP port number that the probe is sent to The value should be an unused port on the destination host The default is 33434 The range is 1 65000 retries Number of times t...

Page 235: ...of traceroute target Hop Count Number of hops traceroute has traveled to reach destination State Status of traceroute process associated with this row When using SNMP or a command file only to perform a traceroute list the following states may be reported Traceroute generated packets received by the OfficeConnect Gateway will not increment the ICMP error counters Time Exceeded and Destination Unre...

Page 236: ... the specified traceroute in the table Possible states WAITING DNS waiting for DNS resolution DNS FAILED destination address could not be resolved BAD address resolved IP address is illegal HOPS EXCEEDED maximum number of hops was exceeded DEST UNREACHABLE trace timed out because route to the host could not be found TRACING performing traceroute COMPLETED SUCCESSFULLY traceroute completed successf...

Page 237: ...mber smaller than the current number of rows will NOT cause any row deletions but the effect will be noted in future attempts at row creation The range is 1 255 The default is 20 See list traceroute delete traceroute row number and show traceroute commands for more information TRACEROUTE SETTINGS for ROW 1 DESTINATION 10 0 0 2 State COMPLETED SUCCESSFULLY Hop Timeout 3 Hop Probes 3 Max Hops 30 UDP...

Page 238: ...29 6 CHAPTER 29 TRACEROUTE COMMANDS ...

Page 239: ...timeout period verbose yes no Parameters Description IP_name or address IP address in dotted notation or host name of remote system background When selected pings are run in a background process on your screen Can choose either background or verbose not both The default is NO count Number of pings requests to send The default is 1 The range is 1 1000 data String value specifying data to be sent No...

Page 240: ...tets ICMP header 8 octets The default is 64 bytes The range is 1 1400 timeout Period in seconds before determining that a transmission has not been replied to The range is 1 60 The default is 20 seconds verbose When set to yes data is displayed progressively for each ping if the count is more than one Output includes each ping request and the elapsed round trip time in milliseconds the ping destin...

Page 241: ...ic_address private_address 21 4 add network service 20 1 add pat tcp 21 2 add pat udp 21 2 add pppoe service_name 18 2 add pptp pns 19 2 add snmp community 25 2 add snmp community_pool 25 2 add snmp trap_community 25 3 25 4 add telnet client 5 2 add tftp client 28 3 add tftp request 28 3 add user 4 1 18 1 Add the Datalink 18 1 Adding Filters to the Managed List 27 10 Address Resolution Protocol 9 ...

Page 242: ...nd 1 6 show command settings 1 7 Command Line Interface CLI Abbreviating 1 10 Case sensitive commands 1 9 Comma separation 1 11 Command Language Structure 1 8 Concepts 1 1 Features Parameters 1 10 Keywords 1 10 Quotations 1 10 Rebooting 1 9 Syntax 1 10 Vertical line 1 10 Command Line Interface Conventions 1 9 Commands reboot 1 9 save all 1 5 Configure Bridging for the LANand WAN 6 2 Configuring 16...

Page 243: ...ter 26 3 delete ip source route 12 8 delete network service 20 3 delete pppoe service_name 18 2 delete pptp pns 19 2 delete sa 23 1 delete snmp community 25 4 delete snmp community_pool 25 4 delete snmp trap_community 25 4 delete snmp trap_community_pool 25 4 delete telnet client 5 2 delete tftp client 28 4 28 4 delete tftp request 28 4 delete traceroute row 29 3 delete user 4 2 Deleting a NAT Pol...

Page 244: ...d_compression 17 3 disable ppp bacp_bap 17 3 disable ppp protocol_field_compression 17 3 disable ppp receive_accm 17 3 disable pppoe on interface 18 3 disable pptp pns 19 2 disable security_option snmp user_access 25 6 disable snmp authentication traps 25 6 disable tcp keepalives 24 2 disable tcp nagle_algorithm 24 2 disable telnet 5 4 disable telnet disconnect_message 5 4 disable tftp request 28 ...

Page 245: ...address_filter 12 9 enable ip static_remote_routes 12 9 enable link_traps interface 25 5 enable network service 20 3 enable ntp 3 3 enable ppp acct_for_abnormal_disc 17 2 enable ppp address_field_compression 17 2 enable ppp protocol_field_compression 17 2 enable ppp receive_accm 17 2 enable pppoe on interface 18 2 enable pptp pns 19 2 enable security_option snmp user_access 25 5 enable snmp authen...

Page 246: ...rs 27 2 interface filters 27 7 keywords 27 16 list filters 27 7 27 9 managing filters 27 9 Protocol Rules 27 3 Protocol Sections 27 3 set interface 27 8 set packet_logging 21 6 26 5 setting filter access 27 9 show all filters 12 28 show filter 27 7 27 11 user filters 27 8 verify filter 27 7 Forward Broadcast Unicast Packets 6 5 Forward Unicast Packets Only 6 5 G Generating SYSLOG Messages for Filt...

Page 247: ...forwarding 12 10 disable ip rip 12 10 disable ip static_remote_routes 12 10 enable ip forwarding 12 9 enable ip rip 12 9 list ip routes 12 12 12 13 Services delete network service 20 3 enable network service 20 3 set network service 20 4 Statistics list networks 12 14 list tcp connections 24 2 show ip settings 12 23 TFTP add tftp client 28 3 delete tftp client 28 4 list tftp clients 28 2 Show Comm...

Page 248: ...ppoe sessions 18 3 list pptp pnss 19 3 list pptp tunnel sessions 19 4 list pptp tunnels 19 4 list processes 12 15 list rtab preferred 12 16 list sa 23 1 list snmp communities 25 6 list snmp community_pools 25 7 list snmp trap_communities 25 7 list snmp trap_community_pools 25 8 list tcp connections 24 2 list telnet client 5 3 list tftp clients 28 2 list tftp requests 29 3 list traceroute 29 3 list...

Page 249: ...ress_field_compression 17 3 disable ppp bacp_bap 17 3 disable ppp protocol_field_compression 17 3 list ppp 12 13 set ppp nbns_primary 17 3 set ppp nbns_secondary 17 3 set ppp system_dns_usage 17 3 show ppp 17 6 show ppp settings 17 6 WAN show ppp settings 17 6 PPP Commands 17 1 PPPoE Point to Point Protocol over Ethernet commands 18 1 PPPoE Commands 18 2 PPPoE Counters 18 4 PPPoE Settings 18 4 PPT...

Page 250: ... 22 2 enable ip security_option_disallow_all_header_options 22 2 enable ip security_option_disallow_source_route_options 22 2 enable ip security_option_drop_tcp_fragoffset1 22 2 show security_option 22 3 show security_option settings 22 3 Telnet disable telnet escape 5 3 5 4 Security Association Commands 23 1 set command 1 10 Set Commands set bridge aging_time 6 3 set bridge firewall discard_route...

Page 251: ...t tftp request 28 4 set time 3 2 3 2 set traceroute maximum_rows 29 5 set user 4 3 set user input_filter output_filter 27 9 set vodsl 7 3 set vodsl gateway_vendor 7 4 set voice interface 7 1 Set Commansd set vodsl interface pvc 7 4 set interface command 1 10 Set the Remote IP address 18 1 Setting the Default Workstation for Intelligent PAT 16 6 21 2 21 5 Show 3 4 3 5 Show All Commands 3 13 to 12 3...

Page 252: ...work settings 12 33 show ntp 3 4 show ntp settings 3 4 show packet_logging 12 33 show packet_logging settings 12 33 show ppp 17 6 show ppp settings 17 6 show pppoe 18 4 show pptp 19 4 show pptp settings 19 4 show pptp tunnel 19 5 show pptp tunnel session 19 6 show reset_action 3 13 show sa 23 1 show security_option 22 3 show security_option settings 22 3 show session 12 33 show snmp 25 10 show snm...

Page 253: ...ile 3 8 help 1 4 history 1 5 list facilities 12 14 list files 3 9 list processes 12 15 rename file 3 10 show configuration 3 5 12 30 show system settings 12 33 System Entities 1 8 list of common entities 1 8 T TCP Managing enable ip security_option_drop_tcp_fragoffset1 22 2 list tcp connections 24 2 set tcp maximum_connections 24 2 show tcp 24 1 telnet TCP_port 5 2 TCP Transmission Control Protoco...

Page 254: ...unnels 19 4 set pptp 19 8 show pptp 19 4 show pptp settings 19 4 VPN list all sessions vpn 19 3 list all tunnels 19 3 U UDP traceroute 29 1 Users add user 4 1 disable user 4 2 4 3 list users 4 4 show user settings 4 5 Using NetMeeting 21 2 V Verify Commands verify filter 27 7 Verifying Filter File Syntax 27 10 VoDSL set vodsl gateway_type 7 4 set vodsl interface 7 4 Voice list voice interfaces 7 3...

Page 255: ...xv RFC 1483 16 3 RFC 1483 MER 16 4 ...

Page 256: ...xvi ...

Page 257: ...in warranty service authorization Dated proof of purchase may be required Products returned to 3Com s Corporate Service Center must be pre authorized by 3Com with a Return Material Authorization RMA number marked on the outside of the package and sent prepaid and packaged appropriately for safe shipment and it is recommended that they be insured The repaired or replaced item will be shipped to Cus...

Page 258: ...D OF THE POSSIBILITY OF SUCH DAMAGES AND LIMITS ITS LIABILITY TO REPAIR REPLACEMENT OR REFUND OF THE PURCHASE PRICE PAID AT 3COM S OPTION THIS DISCLAIMER OF LIABILITY FOR DAMAGES WILL NOT BE AFFECTED IF ANY REMEDY PROVIDED HEREIN SHALL FAIL OF ITS ESSENTIAL PURPOSE DISCLAIMER Some countries states or provinces do not allow the exclusion or limitation of implied warranties or the limitation of inci...

Page 259: ...nt in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense This device complies with part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause u...

Page 260: ......

Reviews:

No comments

Related manuals for OfficeConnect 3C100XF

Pathport 6824 Manual preview
6824
Brand: Pathport Pages: 3
Moxa Technologies MGate MB3180 Quick Installation Manual preview
MGate MB3180
Brand: Moxa Technologies Pages: 6
Eaton SmartWire-DT EU5C-SWD-DP Manual preview
SmartWire-DT EU5C-SWD-DP
Brand: Eaton Pages: 88
MARCOM GW-DLMS-485-ELSA15 User Manual preview
GW-DLMS-485-ELSA15
Brand: MARCOM Pages: 13
TANDBERG Codian GW 3201 Series Getting Started preview
Codian GW 3201 Series
Brand: TANDBERG Pages: 18
Anybus AB7702 Installation Manual preview
AB7702
Brand: Anybus Pages: 2
H3C SecPath V1000-A Installation Manual preview
SecPath V1000-A
Brand: H3C Pages: 69
ADTRAN NetVanta 6330 Series Quick Start preview
NetVanta 6330 Series
Brand: ADTRAN Pages: 4
NEC MG-SIP Configuration Manual preview
MG-SIP
Brand: NEC Pages: 81
Plugwise Stretch 3 Installation Manual preview
Stretch 3
Brand: Plugwise Pages: 16
Everflourish 30UL-WB User Manual preview
30UL-WB
Brand: Everflourish Pages: 4
Owon SEG-X3 Quick Start Manual preview
SEG-X3
Brand: Owon Pages: 12
Technicolor CGM4140COM User Manual preview
CGM4140COM
Brand: Technicolor Pages: 6
Quark-Elec QK-A032 Manual preview
QK-A032
Brand: Quark-Elec Pages: 22
tiko Energy Solutions GM-01.0013E User Manual preview
GM-01.0013E
Brand: tiko Energy Solutions Pages: 36
tiko Energy Solutions M-Box NG User Manual preview
M-Box NG
Brand: tiko Energy Solutions Pages: 40
Comtrol IO-Link Master 4-EIP Initial Installation And Configuration preview
IO-Link Master 4-EIP
Brand: Comtrol Pages: 14
Davolink DV-302 Operation Manual preview
DV-302
Brand: Davolink Pages: 65

Brands by name

Popular brands

Load more brands