manualshive.com logo in svg

FireBrick FB6602, User Manual

Share
Download
FireBrick FB6602 User Manual Download Page 68

Tunnels

53

i.e. the first packet to be sent is routed down the first tunnel in the set, each subsequent packet is routed down
the subsequent tunnel in the set, and the (N+1)'th packet (where N is the number of tunnels in the set) is again
routed down the first tunnel. This provides the ability to obtain aggregated bandwidths when each tunnel is
carried over a different physical link, for example, such as using multiple ADSL or VDSL (FTTC) connections.

Note

Using tunnel bonding to aggregate access-network connections such as ADSL or VDSL to provide a
single 'fat pipe' to the Internet requires there to be another FB105 tunnel end-point device to terminate
the tunnels. Ideally this 'head-end' device is owned and operated by your ISP, but it is also possible to
use a head-end device hosted by a third party, or in a datacentre in which you already have equipment.
ISPs that can offer tunnel-bonding for Internet access include Andrews & Arnold [http://aa.net.uk]
and Watchfront [http://www.watchfront.co.uk].

To form a bonded tunnel set, simply specify the 

set

 attribute of each tunnel in the set to be a value unique

to that set. Although not required, you would typically use a 

set

 value of 1 for the first set you have defined.

You can defined multiple bonded sets by using different values of the 

set

 attribute in each set.

11.1.6. Tunnels and NAT

If you are using NAT in your network, it may have implications for how to successfully use FB105 tunnelling.
The issues depend on where (on what device) in your network NAT is being performed.

11.1.6.1. FB6000 doing NAT

If you have a bonded tunnel set implementing a single logical WAN connection, then the FB6000 will typically
have multiple WAN-side IP addresses, one per physical WAN connection. If you are using the FB6000 to NAT
traffic to the WAN, the real source IP address of the traffic will be translated by the NAT process to one of
the IP addresses used by the FB6000.

When this NAT'd traffic is carried via a tunnel, it will be the source address of the tunnel payload packet that
is modified.

Whatever address is used, reply traffic will come back to that address. In order to ensure this reply traffic is
distributed across the tunnel set by the far-end tunnelling device, the address used needs to be an address that
is routed down the tunnel set, rather than one associated with any particular WAN connection.

In order to handle this scenario, the 

internal-ip

 attribute can be used to define which IP address is used

as the source IP address of the tunnel payload packets.

**TBC do you therefore need at least a /32 public IP that is used by the brick, and is not associated with any
specific WAN connection? So far I have seen NAT used only where there is also a block of public IPs routed
down the tunnel set.**

11.1.6.2. Another device doing NAT

If you are using another device that is performing NAT (for example, a NAT'ing ADSL router) and that device
is on the route that tunnel wrapper packets will take , you may have to set up what is generally called port
forwarding on your NAT'ing router.

If the FB6000 is behind a NAT router, it will not have a public IP address of its own which you can reference
as the far-end IP address on the other end-point device. Instead, you will need to specify the WAN address of
the NAT router for this far-end address. Whether you need to setup a port forwarding rule on your NAT router
depends on whether the FB6000 behind the router has a far-end IP address specified in tunnel definition(s),
as follows :-

• If it does, then it will be sending tunnel wrapper packets via the NAT router such that a session will have

been created in the NAT router by the session tracking functionality that is used to implement NAT (this

Summary of Contents for FB6602

Page 1: ...FireBrick FB6602 User Manual FB6000 Versatile Network Appliance...

Page 2: ......

Page 3: ...FireBrick FB6602 User Manual This User Manual documents Software version V1 24 093 Copyright 2012 2013 FireBrick Ltd...

Page 4: ...he Object Hierarchy 10 3 2 The Object Model 10 3 2 1 Formal definition of the object model 11 3 2 2 Common attributes 11 3 3 Configuration Methods 11 3 4 Web User Interface Overview 11 3 4 1 User Inte...

Page 5: ...xternal destinations 29 5 3 1 Syslog 29 5 3 2 Email 30 5 3 2 1 E mail process logging 31 5 4 Factory reset configuration log targets 31 5 5 Performance 31 5 6 Viewing logs 31 5 6 1 Viewing logs in the...

Page 6: ...g 50 10 2 2 4 Speed and graphs 50 11 Tunnels 51 11 1 FB105 tunnels 51 11 1 1 Tunnel wrapper packets 51 11 1 2 Setting up a tunnel 51 11 1 3 Viewing tunnel status 52 11 1 4 Dynamic routes 52 11 1 5 Tun...

Page 7: ...6 Relaying L2TP connections 67 16 7 RADIUS Authentication and Accounting 67 16 8 RADIUS Control messages 67 16 9 Outgoing L2TP connections 68 17 Command Line Interface 69 A Factory Reset Procedure 70...

Page 8: ...on 92 G 1 10 Load XML configuration 92 G 1 11 Show profile status 92 G 1 12 Show RADIUS servers 92 G 1 13 Show DNS resolvers 92 G 2 Networking commands 92 G 2 1 Subnets 92 G 2 2 Ping and trace 93 G 2...

Page 9: ...settings 109 H 2 22 vrrp VRRP settings 110 H 2 23 dhcps DHCP server settings 111 H 2 24 dhcp attr hex DHCP server attributes hex 111 H 2 25 dhcp attr string DHCP server attributes string 112 H 2 26 d...

Page 10: ...inkSpeed Physical port speed 130 H 3 13 LinkDuplex Physical port duplex setting 130 H 3 14 LinkFlow Physical port flow control setting 131 H 3 15 LinkClock Physical port Gigabit clock master slave set...

Page 11: ...Icons for layout controls 13 3 3 Icons for configuration categories 13 3 4 The Setup category 14 3 5 Editing an Interface object 14 3 6 Show hidden attributes 15 3 7 Attribute definitions 15 3 8 Navig...

Page 12: ...2 List of system services 55 13 1 Packet dump parameters 60 13 2 Packet types that can be captured 61 C 1 DHCP client names used 75 E 1 SCCRQ 77 E 2 SCCRP 77 E 3 SCCCN 78 E 4 StopCCN 78 E 5 HELLO 78...

Page 13: ...p attr ip Attributes 112 H 36 pppoe Attributes 113 H 37 pppoe Elements 114 H 38 ppp route Attributes 114 H 39 ggsn Attributes 114 H 40 route Attributes 115 H 41 network Attributes 115 H 42 blackhole A...

Page 14: ...uplex setting 130 H 79 LinkFlow Physical port flow control setting 131 H 80 LinkClock Physical port Gigabit clock master slave setting 131 H 81 LinkLED y Yellow LED setting 131 H 82 LinkLED g Green LE...

Page 15: ...ware and ensures FireBrick are able to maximise performance from the hardware and maintain exceptional levels of quality and reliability The result is a product that has the feature set performance an...

Page 16: ...ory The procedure requires physical access to the FB6000 and can be applied if you have made configuration changes that have resulted in loss of access to the web user interface or any other situation...

Page 17: ...IEEE 802 1Q VLANs ideal for using the FB6000 with VLAN capable network switches In this case a single physical connection can be made between a VLAN capable switch and the FB6000 and with the switch...

Page 18: ...all FireBrick customers 1 2 3 Technical details There are a number of useful technical details included in the apendices These are intended to be a reference guild for key features 1 2 4 Document styl...

Page 19: ...k FireBrick provide extensive training and support to resellers and you will find them experts in Firebrick products However before contacting them please ensure you have upgraded your FB6000 to the l...

Page 20: ...readers regarding networking protocols common best practice and real world issues encountered 1 3 5 Training Courses FireBrick provide training courses for the FB2x00 series products and also training...

Page 21: ...your LAN and it will get an address Port 4 is configured by default not to give out any addresses and as such it should not interfere with your existing network You would need to check your DHCP serve...

Page 22: ...age for managing the configuration 2 2 1 Add a new user You now need to add a new user with a password in order to gain full access to the FireBrick s user interface Click on the Users icon then click...

Page 23: ...erface To do that tick the checkbox next to timeout and enter an appropriate value as minutes colon and seconds e g 15 00 for 15 minutes Click on the Save button near the top of the screen which will...

Page 24: ...ername and password you chose We recommend you read Chapter 3 to understand the design of the FB6000 s user interface and then start working with your FB6000 s factory reset configuration Once you are...

Page 25: ...up of child objects and may also contribute to defining the detailed behaviour of the group define a context for an object for example an object used to define a locally attached subnet is a child of...

Page 26: ...figuration methods web based graphical User Interface accessed using a supported web browser an XML eXtensible Markup Language file representing the entire object hierarchy editable via the web interf...

Page 27: ...ooter area at the bottom of the page containing layout control icons and showing the current software version the remaining page area contains the content for the selected part of the user interface F...

Page 28: ...fig pages and the object hierarchy The structure of the config pages mirrors the object hierachy and therefore they are themselves naturally hierachical Your postition in the hierachy is illustrated i...

Page 29: ...object of that type and such an object already exists The existing object may have originated from the factory reset configuration You can push down into the hierarchy by clicking the Edit link in a...

Page 30: ...sting technical support and expect technical support staff to discuss your configuration primarily in terms of attribute and object element names rather than descriptive text or physical location on y...

Page 31: ...t to using the Add link one level up in the hierarchy Erase deletes the object being edited note that the object will not actually be erased until the configuration is saved Help browses to the online...

Page 32: ...e compact self closing tag A self closing tag is the same as a start tag but ends with and then has no content or end tag Since the and characters have special meaning there are special escape charact...

Page 33: ...as you might expect read only and so is safe in as much as you can t accidentally change the configuration 3 5 4 Example XML configuration An example of a simple but complete XML configuration is show...

Page 34: ...nterface with one subnet and a DHCP allocation pool see Chapter 6 3 6 Downloading Uploading the configuration The XML file may be retrieved from the FireBrick or uploaded to the FireBrick using HTTP t...

Page 35: ...lti part form data An example of doing this using curl run on a Linux box is shown below curl http FB6000 IP address or DNS name config config user username password form config filename 3 1 IP addres...

Page 36: ...nk to add a user To delete a user click the appropriate Edit link then click the Erase button in the navigation controls see Figure 3 8 As with any such object erase operation the object will not actu...

Page 37: ...ranted full access so for ADMIN or DEBUG level user s the default of full is suitable Table 4 2 Configuration access levels Level Description none No access unless explicitly listed view View only acc...

Page 38: ...and so we recommend you set the hostname to something appropriate for your network The hostname is set using the name attribute 4 2 2 Administrative details The attributes shown in Table 4 3 allow you...

Page 39: ...he FB6000 reboots very quickly and in many cases users will be generally unaware of the event You can also use a profile to restrict when software upgrades may occur for example you could ensure they...

Page 40: ...in software application version is shown next to the word Software e g Software FB2700 Hermia V1 07 001 2011 11 15T10 22 48 The software version is also displayed in the right hand side of the footer...

Page 41: ...upgrades are attempted see Chapter 8 for details on profiles The current setting of sw update in descriptive form can be seen on the main Status page adjacent to the word Upgrade as shown in Figure 4...

Page 42: ...ssibly hardware fault Flashing with approximately 1 second period Bootloader running waiting for network connection On Main application software running After power up the normal power LED indication...

Page 43: ...erface or command line which can show the history in the buffer and then follow the log in real time even when viewing via a web browser with some exceptions see Section 5 6 1 In some cases it is esse...

Page 44: ...nly used when diagnosing a problem Debug logging can be a lot of information for example in some cases whole packets are logged e g PPP It is generally best only to use debug logging when needed 5 3 L...

Page 45: ...r sending an e mail before sending another Having a hold off period means you don t get an excessive number of e mails since the logging system is initially storing event messages in RAM the e mail th...

Page 46: ...has not been deleted you can therefore simply set log default on any appropriate object to immediately enable logging to this default log target which can then be viewed from the web User Interface or...

Page 47: ...t attribute Event types log General system events log debug System debug messages log error System error messages log eth General Ethernet hardware messages log eth debug Ethernet hardware debug messa...

Page 48: ...port groups can be defined with each group comprising a set of one or more physical ports that doesn t overlap with any other group The ports within the group work as a conventional Ethernet switch di...

Page 49: ...effectively expand the number of distinct physical interfaces with the upper limit on number being determined by switch capabilities or by inherent IEEE 802 1Q VLAN or FB6000 MAC address block size A...

Page 50: ...objects Zero or more DHCP server settings objects Zero or more Virtual Router Redundancy Protocol VRRP settings objects refer to Chapter 14 6 3 1 Defining subnets Each interface can have one or more...

Page 51: ...net is configured via DHCP In its simplest form a DHCP configured subnet is created by the following XML subnet 6 3 2 Setting up DHCP server parameters The FB6000 can act as a DHCP server to dynamical...

Page 52: ...d allocations In addition to specifying a full 48 bit 12 hexadecimal character MAC address in a dhcp object it is also possible to specify part of a MAC address specifically some number of leading byt...

Page 53: ...tiation is enabled the FB6000 port will normally advertise that it is capable of link speeds of 10Mb s 100Mb s or 1Gb s if you have reason to restrict the possible link speed to one of these values yo...

Page 54: ...ions detected Tx Blink on when Transmit activity Default for Yellow LED Rx Blink on when Receive activity Off Permanently off On Permanently on Link On when link up Link1000 On when link up at 1Gbit s...

Page 55: ...ion may be a single IP address in which case it is a 32 in CIDR notation for IPv4 A routing destination may encompass the entire IPv4 or IPv6 address space written as 0 0 0 0 0 for IPv4 or 0 for IPv6...

Page 56: ...also have a gateway specified either in the config or by DHCP or RA This gateway is just like creating a route to 0 0 0 0 0 or 0 as a specific route configuration It is mainly associated with the subn...

Page 57: ...es to subnets on Ethernet interfaces do not support this functionality This can be useful where a link such as PPPoE is defined with a given localpref value and a separate route is defined with a lowe...

Page 58: ...me complex profile logic to be defined that determines a final profile state from several conditions By combining profiles with the FB6000 s event logging facilities they can also be used for automate...

Page 59: ...by date and or time objects which are child objects of the profile object You can define multiple date ranges via multiple date objects the date test will pass if the current date is within any of th...

Page 60: ...Profiles 45 profile name Off set false profile name On set true...

Page 61: ...d interface name LAN port LAN graph LAN The graph is viewable directly as a PNG image from the FB6000 via the web User Interface to view a graph click the PNG item in the Graphs menu This will display...

Page 62: ...low s by creating a shaper top level object To create or edit a shaper object in the web User Interface first click on the Shape category icon To create a new object click the Add link To edit an exis...

Page 63: ...h services that are available in other countries 10 1 Types of DSL line and router in the United Kingdom In the UK there are various types of DSL line and router than can be used Any device that suppo...

Page 64: ...e a number of additional options see below but for most configurations this is all you need It causes the FB6000 to connect and set a default route for internet access via the PPP link 10 2 1 IPv6 If...

Page 65: ...me if you wanted to 10 2 2 3 Logging The PPP connection status and PPP negotiation can be logged by setting the log attribute to a valid log target This can be useful for debugging 10 2 2 4 Speed and...

Page 66: ...with any other UDP traffic originating at the FB6000 the tunnel wrappers are then encapsulated in an IP packet and sent to the IP address of the far end tunnel end point The IP packet that is containe...

Page 67: ...e state The table row background colour is also used to indicate tunnel state with green for Up and red for Down Note that there is a third state that a tunnel can be in that is Up Down TBC confirm th...

Page 68: ...the FB6000 to NAT traffic to the WAN the real source IP address of the traffic will be translated by the NAT process to one of the IP addresses used by the FB6000 When this NAT d traffic is carried vi...

Page 69: ...the UDP port number that was the source port used in the outgoing wrapper packets If it does not then you will have to manually setup a port forwarding rule since there will have been no outbound pac...

Page 70: ...rvice If a service object is not present the service is disabled Clicking on the Edit link next to the services object will take you to the lists of child objects Where a service object is not present...

Page 71: ...an attack vector Access can be restricted using allow and local only controls as with any service If this allows access then a user can try and login However access can also be restricted on a per us...

Page 72: ...s are given using a profile e g time of day 12 4 2 Local DNS responses Instead of blocking names you can also make some names return pre defined responses This is usually only used for special cases a...

Page 73: ...service defaults to allowing access from anywhere The remaining SNMP service configuration attributes are community specifies the SNMP community name with a default of public port specifies the port...

Page 74: ...penetration testing they are intended to aid understanding of FB6000 configuration assist in development of your configuration and for diagnosing problems with the behaviour of the FB6000 itself 13 1...

Page 75: ...typically a command line client utility such as curl The output is streamed so that when used with curl and tcpdump you can monitor traffic in real time Limited filtering is provided by the FB6000 so...

Page 76: ...ot specify any IP addresses then all packets are returned If you specify one IP address then all packets containing that IP address as source or destination are returned If you specify two IP addresse...

Page 77: ...l if you are unable to determine a suitable timeout period and would like to run an ongoing capture which you stop manually This is achieved by specifying a very long duration and then interrupting ex...

Page 78: ...s If the master fails a backup takes over and this process is transparent to other devices which do not need to be aware of the change The members of the group communicate with each other using multic...

Page 79: ...then the master should have priority 255 Otherwise pick priorities from 1 to 254 It is usually sensible to space these out e g using 100 and 200 We suggest not setting priority 1 see profiles and test...

Page 80: ...d both become master The FB6000 s VRRP Status page shows if VRRP2 or VRRP3 is in use and whether the FireBrick is master or not 14 5 Compatibility VRRP2 and VRRP3 are standard protocols and so the FB6...

Page 81: ...his section of the manual is still in development Please see www firebrick co uk for technical notes 15 2 Using BGP in an ISP network Note This section of the manual is still in development Please see...

Page 82: ...eering Note This section of the manual is still in development Please see www firebrick co uk for technical notes 16 4 The importance of CQM graphs Note This section of the manual is still in developm...

Page 83: ...L2TP 68 16 9 Outgoing L2TP connections Note This section of the manual is still in development Please see www firebrick co uk for technical notes...

Page 84: ...ssed command history memory the CLI remembers a number of previously typed commands and these can be recalled using the Up and Down cursor keys Once you ve located the required command you can edit it...

Page 85: ...or any reason or any other situation where it is appropriate to start from scratch Disconnect all network and power leads Connect lead between far left and far right ports ports 1 and 4 Connect power...

Page 86: ...revert to the existing saved configuration when next powered up or restarted It is also possible to recover the configuration stored in flash memory if you know an administrative username and password...

Page 87: ...IDR The prefix notation introduced by CIDR was in the simplest sense to make explicit which bits in a 32 bit IPv4 address are interpreted as the network number or prefix associated with a site and whi...

Page 88: ...IPv4 subnet on the LAN interface after factory reset is 10 0 0 1 24 the address of the FB6000 on this subnet is therefore 10 0 0 1 and the prefix length is 24 bits leaving 8 bits for host addresses o...

Page 89: ...llocated to a specific FB6000 For information on how MAC addresses are used by the FB6000 please refer to this article on the FireBrick website http www firebrick co uk fb2700 mac php The label attach...

Page 90: ...lue that depends on whether the system name is set on the FB6000 as shown in Table C 1 Refer to Section 4 2 1 for details on setting the system name Table C 1 DHCP client names used System name Client...

Page 91: ...ach group from the others Where more than one switch is used with an uplink connection between switches VLAN tagging is used to multiplex packets from different VLANs across these single physical conn...

Page 92: ...g RADIUS request Vendor Name 8 Ignored FireBrick Ltd Assigned Tunnel ID 9 Mandatory Mandatory our tunnel ID Receive Window Size 10 Accepted assumed 4 if not present or less than 4 is specified Value 4...

Page 93: ...a tunnel has been allocated Note that a StopCCN may not have a zero tunnel ID in the header If this is the case the source IP port and assigned tunnel are used to identify the tunnel If an unknown tu...

Page 94: ...if relaying Passed on incoming value Last Received LCP CONFREQ 28 Accepted used in RADIUS and passed on if relaying Passed on incoming value Proxy Authen Type 29 Accepted used in RADIUS and passed on...

Page 95: ...Code 1 Ignored logged Sent as appropriate for tunnel close Q 931 Cause Code 12 Ignored Not sent Assigned Session ID 14 Expected see note Sent if assigned Note that a CDN may have a zero session ID in...

Page 96: ...he internet when the broadband fully supports 1500 byte MTU This is also relevant where the FB6000 is deliberately configured to use a smaller MRU for example when the L2TP connection is remote via a...

Page 97: ...received on L2TP Calling Station Id 31 Calling number as received on L2TP Acct Session Id 44 Unique ID for session as used on all following accounting records NAS Identifier 32 Configured hostname of...

Page 98: ...used Framed IPv6 Prefix 97 IPv6 prefix to be routed to line Maximum localpref used Framed IPv6 Route 99 May appear more than once Text format is IPv6 Address Bits metric The target IP is ignored but...

Page 99: ...in order to route native IPv6 prefixes to the line If there are any native IPv6 routes or the Framed IPv6 Interface attribute was specified then IPV6CP negotiation is started Framed IPv6 Route can al...

Page 100: ...reBrick NAS IP Address 4 NAS IPv4 address if using IPv4 NAS IPv6 Address 95 NAS IPv6 address if using IPv6 NAS Port 5 L2TP session ID Tunnel Type 64 Present for relayed L2TP sessions L2TP Tunnel Mediu...

Page 101: ...ium Type 65 Present for relayed L2TP 1 IPv4 or 2 IPv6 Tunnel Client Endpoint 66 Present for relayed L2TP text IPv4 or IPv6 address of our address on the outbound tunnel Tunnel Server Endpoint 67 Prese...

Page 102: ...refix to be routed to line Maximum localpref used Framed IPv6 Prefix 97 IPv6 prefix to be routed to line Maximum locapref used Framed IPv6 Route 99 May appear more than once Text format is IPv6 Addres...

Page 103: ...ance with the L2TP PPP RFCs This does not work on BT 21CN BRASs F Sets TCP MTU fix flag which causes the MTU option in TCP SYN to be adjusted if necessary to fit MTU f Sets no TCP MTU fix M Sets the c...

Page 104: ...uired in the config At this point a further check is made for a configured relay which can now be based on a login if one was not present before RADIUS authentication is completed and if the response...

Page 105: ...CUG defined 1 32768 which may be allow or restrict Interfaces port VLAN may also be defined in the same way A packet from an interface session with a CUG is tagged with that packet If the source is r...

Page 106: ...uptime Shows how long since the FB6000 restarted G 1 4 General status show status Shows general status information including uptime who owns the FireBrick etc This is the same as the Status on the web...

Page 107: ...ou can use the web interface and tools like curl to load configtations This command is provided as a last resort for emergency use so use with care G 1 11 Show profile status show profiles Shows profi...

Page 108: ...le the reverse DNS name is shown next to replies but there is deliberately no delay waiting for DNS responses so you may find it useful to run a trace a second time as results from the first attempt w...

Page 109: ...for a DHCP allocation overridding the clientname that was sent G 2 11 Show ARP ND status show arp show arp IPAddr Shows details of ARP and Neighbour discovery cache G 2 12 Show VRRP status show vrrp L...

Page 110: ...use a meaningful string e g panic testing fallback confirm yes G 7 2 Reboot reboot unsignedInt hard confirm string A reboot is a more controlled shutdown and restart unlike the panic command The firs...

Page 111: ...s configuration and so on Multiple copies are usually stored allowing you to delete a later version if needed and roll back to an older version G 7 8 Delete block from flash delete config unsignedInt...

Page 112: ...ant Quality Monitoring config ethernet ethernet Optional unlimited Ethernet port settings ggsn ggsn Optional GTP GGSN settings interface interface Optional up to 8192 Ethernet interface port group vla...

Page 113: ...tem errors log eth string Web console Log Ethernet messages log eth debug string Not logging Log Ethernet debug log eth error string Web Flash console Log Ethernet errors log panic string Web logs Log...

Page 114: ...string Profile name source string Source of data used in automated config management table unsignedByte 0 99 routetable 0 Restrict login to specific routing table timeout duration 5 00 Login idle time...

Page 115: ...s H 2 6 log email Email logger settings Logging to email Table H 10 log email Attributes Attribute Type Default Description comment string Comment delay duration 1 00 Delay before sending since first...

Page 116: ...ettings The SNMP service has general service settings and also specific attributes for SNMP such as community Table H 12 snmp service Attributes Attribute Type Default Description allow List of IPName...

Page 117: ...enum 25 Timezone 1 to 2 earliest date in month tz12 day day Sun Timezone 1 to 2 day of week of change tz12 month month Mar Timezone 1 to 2 month tz12 time time 01 00 00 Timezone 1 to 2 local time of c...

Page 118: ...ly boolean false Restrict access to locally connected Ethernet subnets only log string Not logging Log events log debug string Not logging Log debug log error string Log as event Log errors port unsig...

Page 119: ...ptional unlimited Fixed local DNS host entries H 2 13 dns host Fixed local DNS host settings DNS forwarding resolver service Table H 18 dns host Attributes Attribute Type Default Description comment s...

Page 120: ...rt 3799 Control UDP port CoA DM dummy ip boolean true Send dummy framed IP response log string Not logging Log events log debug string Log debug log error string Log as event Log errors nsn conditiona...

Page 121: ...atch Attributes Attribute Type Default Description allow List of IPNameRange Match source IP address of RADIUS request authenticator boolean Require message authenticator backup ip List of IPNameAddr...

Page 122: ...is target to be valid deprecated tunnel assignment id string Tunnel Assignment ID to send tunnel client return boolean Return tunnel client as radius IP username List of string One or more patterns to...

Page 123: ...d LinkSpeed auto Speed setting for this port yellow LinkLED y Tx Yellow LED setting H 2 19 portdef Port grouping and naming Port grouping and naming Table H 25 portdef Attributes Attribute Type Defaul...

Page 124: ...Table H 27 interface Elements Element Type Instances Description dhcp dhcps Optional unlimited DHCP server settings subnet subnet Optional unlimited IP subnet on the interface vrrp vrrp Optional unli...

Page 125: ...settings VRRP settings provide virtual router redundancy for the FireBrick Profile inactive does not disable vrrp but forces vrrp low priority Table H 29 vrrp Attributes Attribute Type Default Descri...

Page 126: ...e 0 0 0 0 0 Address pool lease duration 2 00 00 Lease length log string Not logging Log events allocations mac List up to 12 hexBinary macprefix Partial or full MAC addresses name string Name ntp List...

Page 127: ...requested id unsignedByte Not optional Attribute type code name string Name value string Not optional Value H 2 26 dhcp attr number DHCP server attributes numeric Additional DHCP server attributes num...

Page 128: ...ds local IP4Addr Local IPv4 address localpref unsignedInt 4294967295 Localpref for route highest wins log string Not logging Log events log debug string Not logging Log debug log error string Not logg...

Page 129: ...ce of data used in automated config management H 2 30 ggsn GTP GGSN settings GTP GGSN settings Table H 39 ggsn Attributes Attribute Type Default Description allow List of IPNameRange List of IP ranges...

Page 130: ...network highest wins name string Name profile string Profile name source string Source of data used in automated config management speed unsignedInt Egress rate limit b s table unsignedByte 0 99 route...

Page 131: ...dresses define local IP addresses Table H 43 loopback Attributes Attribute Type Default Description bgp bgpmode BGP announce mode for routes comment string Comment ip List of IPAddr Not optional One o...

Page 132: ...olely the peers AS allow own as boolean Allow our AS inbound as unsignedInt Peer AS capability as4 boolean true If supporting AS4 capability graceful restart boolean true If supporting Graceful Restar...

Page 133: ...the neighbour ttl security byte Enable RFC5082 TTL security if ve 1 to 127 i e 1 for adjacent router If ve 1 to 128 set forced sending TTL i e 1 for TTL of 1 sending and not checking type peertype no...

Page 134: ...is rule applies to source string Source of data used in automated config management tag List of Community List of community tags to add H 2 39 cqm Constant Quality Monitoring settings Constant quality...

Page 135: ...nt string Sent Label for seconds polled label shaper string Shaper Label for shaper label time string Time Label for time label traffic string Traffic bit s Label for traffic level label tx string Tx...

Page 136: ...l2tp Attributes Attribute Type Default Description accounting interval duration 1 00 00 Periodic interim accounting interval Table H 53 l2tp Elements Element Type Instances Description incoming l2tp...

Page 137: ...unsignedByte 0 99 routetable 0 Routing table number for payload traffic pppdns1 IP4Addr PPP DNS1 IPv4 default pppdns2 IP4Addr PPP DNS2 IPv4 default pppip IP4Addr Local end PPP IPv4 profile string Prof...

Page 138: ...for remote ip routes highest wins name string Name password Secret Password check profile string Profile name relay hostname string Hostname for L2TP connection relay ip List of IPAddr Target IP s for...

Page 139: ...are up recover duration 1 Time before recover i e how long test has been passing route List of IPAddr Test passes if all specified addresses are routeable set boolean Manual override ignore ALL other...

Page 140: ...re pingable Ping targets Table H 61 profile ping Attributes Attribute Type Default Description flow unsignedShort Flow label IPv6 gateway IPAddr Ping via specific gateway bypasses session tracking if...

Page 141: ...ffic shaper Table H 64 shaper override Attributes Attribute Type Default Description comment string Comment profile string Not optional Profile name rx unsignedInt Rx rate limit target b s rx max unsi...

Page 142: ...s Type of access user has to config Table H 67 config access Type of access user has to config Value Description none No access unless explicitly listed view View only access no passwords read Read on...

Page 143: ...syslog facility Syslog facility Syslog facility usually used to control which log file the syslog is written to Table H 70 syslog facility Syslog facility Value Description KERN Kernel messages USER...

Page 144: ...H 72 day Day name 3 letter Value Description Sun Sunday Mon Monday Tue Tuesday Wed Wednesday Thu Thursday Fri Friday Sat Saturday H 3 8 radiuspriority Options for controlling platform RADIUS response...

Page 145: ...H 75 port Physical port Value Description 0 Port 0 left 1 Port 1 right H 3 11 Crossover Crossover configuration Physical port crossover configuration Table H 76 Crossover Crossover configuration Valu...

Page 146: ...ster status negotiated preference for master prefer slave Master status negotiated preference for slave force master Master status forced force slave Slave status forced H 3 16 LinkLED y Yellow LED se...

Page 147: ...e IPv6 route announce level IPv6 route announcement mode and level Table H 85 ramode IPv6 route announce level Value Description false Do not announce low Announce as low priority medium Announce as m...

Page 148: ...PPPoE client connects to access controller bras l2tp PPPoE server mode linked to L2TP operation H 3 24 ggsn calling Calling number options for GGSN Table H 89 ggsn calling Calling number options for...

Page 149: ...rate EBGP confederate ixp Internet exchange point peer on route server H 4 Basic types Table H 93 Basic data types Type Description string text string hexBinary hex coded binary data integer integer 2...

Page 150: ...ip6list List of IPv6 addresses IP6Addr mtu Max transmission unit 576 1600 unsignedShort vlan VLAN ID 0 untagged 0 4095 unsignedShort ip4rangelist List of IP4ranges IP4Range macprefixlist List of strin...

Page 151: ...tionship with interfaces 33 sequenced flashing of LEDs 27 Event logging external logging 29 overview 28 viewing logs 31 G Graphs 46 H Hostname setting 23 HTTP service configuration 56 I Interfaces def...

Page 152: ...t service configuration 56 Time out login sessions 22 Traffic shaping overview 46 Tunnels bonding FB105 52 FB105 51 viewing status FB105 52 U User Interface customising layout 12 general layout 12 nav...

Reviews:

No comments

Brands by name

Popular brands

Load more brands