manualshive.com logo in svg

virtual access GW6600, User Manual

Introducing the virtual access GW6600 - a cutting-edge networking device designed to elevate your connectivity. Get started instantly with our comprehensive Quick Start Manual, available for free download at manualshive.com. Our user-friendly manual ensures a trouble-free setup, allowing you to unlock the full potential of your GW6600 effortlessly.

Share
Download
background image

31: Configuring firewall 

_______________________________________________________________________________________________________ 

_______________________________________________________________________________________________________ 

© Virtual Access 2018 

GW6600 Series User manual 

Issue: 1.7 

 

Page 332 of 519 

Web: n/a 
UCI: firewall.<zone label>.log_limit 
Opt: log_limit 

Limits the amount of log messages per interval. 

Table 120: Information table for firewall zone advanced settings 

31.2.1.5

 

Inter-zone forwarding 

This section controls the traffic flow between zones. Selecting a source or destination 
zone generates a forwarding rule. Only one direction is covered by any forwarding rule. 
Hence for bidirectional traffic flow between two zones then two rules are required, with 
source and destination alternated. 

 

Figure 168: The inter-zone forwarding section 

Web Field/UCI/Package Option 

Description 

Web: Allow forward to destination zones 
UCI: firewall.<forwarding label>.dest 
Opt: dest 

Allows forward to other zones. Enter the current 
zone as the source.  
Enabling this option puts two entries into the 
firewall file: destination and source.  

UCI firewall.<forwarding label>.src 
Opt: src 
Web: Allow forward from source zones   
UCI: firewall.<forwarding label>.dest 
Opt: dest 

Allows forward from other zones. Enter the current 
zone as the destination.  
Enabling this option puts two entries into the 
firewall file: destination and source.  
 

UCI: firewall.<forwarding label>.src 
Opt: src 

Table 121: Information table for inter-zone forwarding settings 

Note: the rules generated for forwarding traffic between zones relay connection tracking 
to be enabled on at least one of the source or destination zones. This can be enabled 
through the conntrack option or through masq. 

31.2.2

 

Firewall port forwards 

Port forwards are also known as redirects. This section creates the redirects using DNAT 
(Destination Network Address Translation) with Netfilter. The redirects are from the 
firewall zone labelled as wan to the firewall zone labelled as lan. These zones can refer to 
multiple external and internal interfaces as defined in the Firewall Zone settings. 
To edit an existing port forward select edit.  
To add a new port forward select add. 

Summary of Contents for GW6600

Page 1: ...GW6600 Series User manual Issue 1 7 Date 13 July 2018 ...

Page 2: ...14 Connecting the WiFi antenna 18 2 15 Powering up 18 2 16 Reset button 18 3 GW6600 Series LED behaviour 19 3 1 Main LED behaviour 19 3 2 Ethernet port LED behaviour 21 4 Factory configuration extraction from SIM card 22 5 Accessing the router 23 5 1 Configuration packages used 23 5 2 Accessing the router over Ethernet using the web interface 23 5 3 Accessing the router over Ethernet using an SSH ...

Page 3: ...7 1 Overview of some common commands 52 7 2 Using Unified Configuration Interface UCI 55 7 3 Configuration files 60 7 4 Configuration file syntax 60 8 Upgrading router firmware 62 8 1 Software versions 62 8 2 Upgrading firmware using CLI 68 8 3 Firmware recovery 70 9 System settings 71 9 1 Syslog overview 71 9 2 Configuration package used 71 9 3 Configuring system properties 72 9 4 System settings...

Page 4: ...29 13 6 PPPoA advanced settings 130 13 7 PPPoA firewall settings 131 13 8 Creating an ADSL PPPoA connection using UCI 132 13 9 Creating a new ADSL PPPoEoA connection 133 13 10 Configuring an ADSL PPPoEoA connection using UCI 139 13 11 Configuring an ADSL bridge connection with static IP 140 13 12 ADSL diagnostics 147 14 Configuring a mobile connection 150 14 1 Configuration package used 150 14 2 C...

Page 5: ...18 7 IPv6 routes using UCI 186 18 8 IPv6 routes using packages options 186 18 9 Static routes diagnostics 187 19 Configuring BGP Border Gateway Protocol 188 19 1 Configuration package used 188 19 2 Configuring BGP using the web interface 188 19 3 Configuring BGP using command line 192 19 4 View routes statistics 194 20 Configuring OSPF Open Shortest Path First 196 20 1 Introduction 196 20 2 Config...

Page 6: ...Configuration package used 280 25 2 Configuring Connection Watch using the web interface 280 25 3 Configuring cwatch using command line 282 25 4 cwatch diagnostics 283 26 Configuring DHCP server and DNS Dnsmasq 284 26 1 Configuration package used 284 26 2 Configuring DHCP and DNS using the web interface 284 26 3 Configuring DHCP and DNS using command line 294 27 Configuring DHCP client 299 27 1 Co...

Page 7: ...the web interface 364 32 5 Configuring an IPSec template to use with DMVPN 371 32 6 IPSec diagnostics using the web interface 373 32 7 IPSec diagnostics using UCI 373 33 Dynamic Multipoint Virtual Private Network DMVPN 374 33 1 Prerequisites for configuring DMVPN 374 33 2 Advantages of using DMVPN 374 33 3 DMVPN scenarios 375 33 4 Configuration packages used 377 33 5 Configuring DMVPN using the we...

Page 8: ...r management using package options 406 37 15 Configuring user access to specific web pages 407 38 Configuring Monitor 408 38 1 Introduction 408 38 2 Reporting device status to Monitor 408 38 3 Reporting GPS location to Monitor 414 38 4 Reporting syslog to Monitor 415 38 5 Configuring ISAD 417 39 Configuring SNMP 420 39 1 Configuration package used 420 39 2 Configuring SMNP using the web interface ...

Page 9: ...irtual Access proprietary SAToP CESoPSN protocol extension 486 43 4 Configuration package used 486 43 5 Configuring SAToP CESoPSN 487 43 6 Configuring main settings using UCI 488 43 7 Configuring port settings using the web interface 489 43 8 Configuring port settings using UCI 494 43 9 CESoPSN diagnostics 496 44 Configuring ISDN pseudowire 506 44 1 Introduction 506 44 2 Pseudowire functionality 5...

Page 10: ...SL2 ETH WiFi 3G HSPA 4G LTE CDMA 450 Dual SIM V 92 Modem Analog Leased Line ISDN BRI GW6610 1 4 Opt Opt Opt GW6611W 1 4 1 Opt Opt Opt GW6630 1 4 yes yes Opt Opt Opt GW6630W 1 4 1 yes yes Opt Opt Opt GW6640 1 4 yes yes yes Opt Opt Opt GW6640W 1 4 1 yes yes yes Opt Opt Opt GW6650 1 4 yes Opt Opt Opt GW6650W 1 4 1 yes Opt Opt Opt 1 2 Using this documentation You can configure your router using either...

Page 11: ...number to identify the section Web Field UCI Package Option Description Web Metric UCI network route 0 metric Opt metric Specifies the route metric to use Note these sections can be given a label for identification when using UCI or package options network route 0 route network route 0 metric 0 can be witten as network routename route network routename metric 0 However the documentation usually as...

Page 12: ...manual Issue 1 7 Page 12 of 519 1 2 2 Definitions Throughout the document we use the host name VA_router to cover all router models UCI commands and package option examples are shown in the following format root VA_router vacmd show current config 1 2 3 Diagnostics Diagnostics are explained at the end of each feature s chapter 1 2 4 UCI commands For detailed information on using UCI commands read ...

Page 13: ...IM V92 Modem ALL ISDN BRI GW6610 1 4 opt opt GW6611 1 4 opt yes opt GW6612 1 4 opt opt yes GW6630 1 4 opt yes yes opt GW6631 1 4 opt yes yes yes opt GW6632 1 4 opt yes yes opt yes GW6640 1 4 opt yes yes opt GW6641 1 4 opt yes yes yes opt GW6642 1 4 opt yes yes opt yes GW6650 1 4 opt yes opt 2 2 Hardware features 2 2 1 GW6600 Series hardware features Dual SIM sockets Dual antenna SMA connectors Fou...

Page 14: ...2 4 Power supply The GW6600 Series router has three power supply options 100V 240V AC PSU standard 100V 240V AC PSU with extended temperature support 20 C to 70 C 10V 59V DC power lead 2 5 Dimensions Unit size 225W 158D 37H mm Unit weight 916g 2 6 Compliance The GW6600 Series routers are compliant and tested to the following standards Safety EN60950 1 2006 A12 2011 EMC EN55022 2010 Class B and EN5...

Page 15: ...F Worldwide CDMA TX 452 500 457 475 RX 462 000 467 475 20 C to 60 C RFF G Worldwide 850 900 1800 1900 850 900 2100 B1 B3 B5 B7 B20 400C to 70 C RFG H North America 850 1900 B2 B4 B5 B17 30 C to 70 C RFH J Worldwide 450 40 C to 70 C RFJ K EMEA APAC 850 900 1800 1900 850 900 1800 1900 B1 B2 B3 B7 B8 B 20 B5 B28 20 C to 70 C RFK L Europe APAC 900 1800 900 2100 40 C to 70 C RFL M North America 850 190...

Page 16: ...r connection of up to four antennas for antenna diversity Antenna diversity helps improve the quality of a wireless link by mitigating problems associated with multipath interference 2 9 Components To enable and configure connections on your router it must be correctly installed The GW6600 Series router contains an internal web server that you use for configurations Before you can access the inter...

Page 17: ...nformation Table 4 GW6600 Series router optional components 2 10 Inserting the SIM cards 2 10 1 GW6600 Series models Ensure the unit is powered off Hold the SIM 1 card with the chip side facing down and the cut corner front left Gently push the SIM card into the SIM slot 1 until it clicks in If using SIM 2 hold the SIM with the chip side facing down and the cut corner front left Gently push the SI...

Page 18: ...f time you hold the reset button will determine its behaviour Press Duration PWR CONFIG LED behaviour Router Behaviour on depress 0 3 seconds On Normal reset to running config No special LED activity Between 3 and 15 seconds Flashing slowly Releasing between 3 15 seconds switches the router back to factory configuration Between 15 and 20 seconds On Releasing between 15 20 seconds performs a normal...

Page 19: ...r LED On Power Off No power Boot loader does not exist Config LED On Unit running a valid configuration file Flashing slowly Unit running in recovery mode 2 5 flashes per second Flashing quickly Unit running in factory configuration 5 flashes per second SIM1 SIM2 LEDs On SIM selected and registered on the 3G 4G network Off Not selected or SIM not inserted Flashing SIM selected and not registered o...

Page 20: ... GW6641 models Dial modem SYN LED On Connection established Off Not connected Flashing Modem training Dial modem DAT LED Off No data transmit Flashing Transmit data Table 7 Dial modem LED behaviour on GW6600 Series models Applies to the GW6610 LL model Leased Line SYN LED On CESoP enabled Off CESoP disabled Leased Line DAT LED On Receive data Off No data received Table 8 Lease Line LED behaviour o...

Page 21: ...LED on the left hand side is the LINK LED and the ACT LED is on the right hand side Figure 2 Ethernet LED activity Link LED green On Physical Ethernet link detected Off No physical Ethernet link detected Data LED amber Flashing Data is being transmitted or received over the link Off No data activity Table 10 Ethernet LED behaviour on GW6000 Series models Link LED green On Physical Ethernet link de...

Page 22: ...u are inserting has the required configuration written on it 2 Ensure the router is powered off 3 Hold the SIM 1 card with the chip side facing down and the cut corner front left 4 Gently push the SIM card into SIM slot 1 until it clicks in 5 Power up the router Depending on the model the power LED and or the configuration LED flash as usual The SIM LED starts flashing This indicates the applicati...

Page 23: ...Ethernet using the web interface DHCP is disabled by default so if you do not receive an IP address via DHCP assign a static IP to the PC that will be connected to the router PC IP address 192 168 100 100 Network mask 255 255 255 0 Default gateway 192 168 100 1 Assuming that the PC is connected to Port A on the router in your internet browser type in the default local IP address 192 168 100 1 and ...

Page 24: ... client and connect to the router s management IP address on port 22 192 168 100 1 24 On the first connection you may be asked to confirm that you trust the host Figure 4 Confirming trust of the routers public key over SSH Figure 5 SSH CLI logon screen In the SSH CLI logon screen enter the default username and password Username root Password admin 5 3 1 SCP Secure Copy Protocol As part of accessin...

Page 25: ...outer reboot To re enable SSH enter root VA_router etc init d dropbear enable root VA_router reboot Note As SSH is enabled by default initial connection to the router to enable Telnet must be established over SSH 5 5 Configuring the password 5 5 1 Configuration packages used Package Sections system main 5 6 Configuring the password using the web interface To change your password in the top menu cl...

Page 26: ...x8A U5kLCMpi9dcahRhOl7eZV1 If you are changing the password using UCI enter the new password in plain text using the password option root VA_router uci system main password newpassword root VA_router uci commit The new password will take effect after reboot and will now be displayed in encrypted format via the hashpassword option 5 8 Configuring the password using package options The root password...

Page 27: ...em config system main option hostname VirtualAccess option timezone UTC config pam_auth option enabled yes option pamservice login option pammodule auth option pamcontrol sufficient option type radius option servers 192 168 0 1 3333 test 20 192 168 2 5 secret 10 config pam_auth option enabled yes option pamservice sshd option pammodule auth option pamcontrol sufficient it checks package management...

Page 28: ...enticates against remote RADIUS if password authentication fails then it tries local database user defined in package management_users Required If either authentication fails or RADIUS server is not reachable then user is not allowed to access the router success done new_authtok_reqd done authinfo_unavail ignore default die Local database is only checked if RADIUS server is not reachable UCI syste...

Page 29: ...ption pamservice sshd option pammodule account option pamcontrol sufficient option type tacplus option servers 192 168 0 1 49 secret option args service ppp config pam_auth option enabled yes option pamservice sshd option pammodule session option pamcontrol sufficient option type tacplus option servers 192 168 0 1 49 secret option args service ppp config pam_auth option enabled yes option pamservi...

Page 30: ...amcontrol sufficient option type tacplus option servers 192 168 0 1 49 secret option args service ppp config pam_auth option enabled yes option pamservice login option pammodule auth option pamcontrol sufficient option type tacplus option servers 192 168 0 1 49 secret config pam_auth option enabled yes option pamservice login option pammodule account option pamcontrol sufficient option type tacplu...

Page 31: ... management_users Required If either authentication fails or TACACS server is not reachable then user is not allowed to access the router success done new_authtok_reqd done authinfo_unavail ignore default die Local database is only checked if TACACS server is not reachable UCI system pam_auth 0 pammodule auth Opt pammodule Selects which TACACS module this part of configuration relates to auth auth...

Page 32: ... Page 32 of 519 The router uses a package called Dropbear to configure the SSH server on the box You can configure Dropbear via the web interface or through an SSH connection by editing the file stored on etc config_name dropbear 5 11 1 Configuration packages used Package Sections dropbear dropbear 5 11 2 SSH access using the web interface In the top menu click System Administration The Administra...

Page 33: ...dropbear dropbear 0 RootPasswordAuth Opt RootPasswordAuth Allows the root user to login with password 0 Disabled 1 Enabled Web Gateway ports UCI dropbear dropbear 0 GatewayPorts Opt GatewayPorts Allows remote hosts to connect to local SSH forwarded ports 0 Disabled 1 Enabled Web Idle Session Timeout UCI dropbear dropbear 0 IdleTimeout Opt IdleTimeout Defines the idle period where remote session wi...

Page 34: ...mation about the key its owner s ID and the digital signature of an individual that has verified the content of the certificate In asymmetric cryptography public keys are announced to the public and a different private key is kept by the receiver The public key is used to encrypt the message and the private key is used to decrypt it To access certs and private keys in the top menu click System Adm...

Page 35: ...viour of the server and default values for certificates generated for SSL operation uhttpd supports multiple instances that is multiple listen ports each with its own document root and other features as well as cgi and lua There are two sections defined Main this uHTTPd section contains general server settings Cert this section defines the default values for SSL certificates 5 14 1 Configuration p...

Page 36: ... 0 0 0 80 Bind at port 80 only on IPv4 interfaces 80 Bind at port 80 only on IPv6 interfaces Range IP address and or port Web Secure Listen Address and Port UCI uhttpd main listen_https Opt list listen_https Specifies the ports and address to listen on for encrypted HTTPS access The format is the same as listen_http 0 0 0 0 443 Bind at port 443 only 443 Range IP address and or port Web Home path U...

Page 37: ...for CGI or lua requests in seconds Requested executables are terminated if no output was generated 60 Range Web Network timeout UCI uhttpd main network_timeout Opt network_timeout Maximum wait time for network activity Requested executables are terminated and connection is shut down if no network activity occured for the specified number of seconds 30 Range Web N A UCI uhttpd main realm Opt realm ...

Page 38: ...may exist The init script will launch one webserver instance per section A standard uhttpd configuration is shown below root VA_router uci show uhttpd uhttpd main uhttpd uhttpd main listen_http 0 0 0 0 80 uhttpd main listen_https 0 0 0 0 443 uhttpd main home www uhttpd main rfc1918_filter 1 uhttpd main cert etc uhttpd crt uhttpd main key etc uhttpd key uhttpd main cgi_prefix cgi bin uhttpd main sc...

Page 39: ...ld UCI Package Option Description Web Days UCI uhttpd px5g days Opt days Validity time of the generated certificates in days 730 Range Web Bits UCI uhttpd px5g bits Opt bits Size of the generated RSA key in bits 1024 Range Web Country UCI uhttpd px5g country Opt country ISO code of the certificate issuer Web State UCI uhttpd px5g state Opt state State of the certificate issuer Web Location UCI uht...

Page 40: ...ublin option location Dublin option commonname 00E0C8000000 5 15 Basic authentication httpd conf For backward compatibility reasons uhttpd uses the file etc httpd conf to define authentication areas and the associated usernames and passwords This configuration file is not in UCI format Authentication realms are defined in the format prefix username password with one entry and a line break Prefix i...

Page 41: ...2 168 1 1 443 config uhttpd main list listen_http 192 168 1 1 80 list listen_https 192 168 1 1 443 5 17 Displaying custom information via login screen The login screen by default shows the hostname of the router in addition to the username and password prompt However the router can be configured to show some other basic information if required using a UDS script Note this can only be configured vi...

Page 42: ...i version serial br local sig luci dispatcher uci cursor_state get mobile 3g_1_1 sig_dbm or 113 sig tonumber sig local hue sig 113 2 local hue math min math max hue 0 120 Signal strength h3 style color hsl hue 90 50 display inline sig h3 dBm 5 17 2 2 Login screen custom information using package options root VA_router uci export luci package luci config core main option login_page_info_template tm...

Page 43: ...b interface and command line interface CLI When showing examples of the command line interface we use the host name VA_router to indicate the system prompt For example the table below displays what the user should see when entering the command to show the current configuration in use on the router root VA_router va_config sh 6 1 System information General information about software and configurati...

Page 44: ... 00E0C8121215 VA_MODEL GW0000 VA_ACTIVEIMAGE image2 VA_ACTIVECONFIG config1 VA_IMAGE1VER VIE 16 00 44 VA_IMAGE2VER VIE 16 00 44 6 2 Identify your software version To check which software version your router is running in the top menu browse to Status Overview Figure 14 The status page showing a software version prior to 72 002 Figure 15 The status page showing software version 72 002 In the Firmwa...

Page 45: ...onfig1 and etc config2 Multiple configuration files exist in each folder Each configuration file contains configuration parameters for different areas of functionality in the system A symbolic link exists at etc config which always points to one of factconf config1 or config2 is the active configuration file Files that appear to be in etc config are actually in etc factconf config1 config2 dependi...

Page 46: ...e format It is used internally to evaluate configuration files as shell scripts import config Imports configuration files in UCI syntax add config section type Adds an anonymous section of type section type to the given configuration add_list config section option string Adds the given string to an existing list option show config section option Shows the given option section or configuration in c...

Page 47: ...t VA_router etc config1 cp etc config2 etc config1 6 8 Exporting a configuration file If you have software versions prior to 72 002 to export a configuration file using the web interface go to section 6 8 1 If you have software version 72 002 or above export a configuration file using the web interface go to section 6 8 2 To export a configuration file using CLI for any software version go to sect...

Page 48: ... operations page In the Flash Operation section click the configuration file in the Contents column to download it 6 8 3 Exporting a configuration file using UCI You can view any configuration file segment using UCI To export the running configuration file enter root VA_router uci export To export the factory configuration file enter root VA_router uci c etc factconf export To export config1 or co...

Page 49: ...figuration file using the web interface for software versions pre 72 002 You can import a configuration file to the alternate configuration segment using the web interface This will automatically reboot the router into this configuration file In the top menu select System Backup Flash Firmware The Flash operations page appears Figure 18 The flash operations page Under Backup Restore choose Restore...

Page 50: ...import a configuration file to the alternate configuration segment using the web interface In the top menu select System Flash Operations The Flash operations page appears Figure 20 The flash operations page In the Operations column click Upload new Select the appropriate file Figure 21 The flash operations succeed upload configuration page If you select Flash image and do not reboot the router wi...

Page 51: ..._____________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 51 of 519 6 9 3 Importing a configuration file using UCI You can import a configuration file to any file segment using UCI To import to config1 enter root VA_router uci c etc config1 import paste in config file CTRL D Note it is very important that the config file is in the correct format otherwise it will not impor...

Page 52: ...d enter root VA_router uci set system main password root VA_router uci commit system To reboot the system enter root VA_router reboot The system provides a Unix like command line Common Unix commands are available such as ls cd cat top grep tail head more and less Typical pipe and redirect operators are also available such as The system log can be viewed using any of the following commands root VA...

Page 53: ...current folder enter root VA_router ls bin etc lib opt sbin usr bkrepos home linuxrc proc sys var dev init mnt root tmp www For more details add the l argument root VA_router ls l drwxrwxr x 2 root root 642 Jul 16 2012 bin drwxr xr x 5 root root 1020 Jul 4 01 27 dev drwxrwxr x 1 root root 0 Jul 3 18 41 etc drwxr xr x 1 root root 0 Jul 9 2012 lib drwxr xr x 2 root root 3 Jul 16 2012 mnt drwxr xr x ...

Page 54: ...prompt To view scheduled jobs enter root VA_router crontab l 0 slaupload 00FF5FF92752 TFTP 1 172 16 250 100 69 To view currently running processes enter root VA_router ps PID Uid VmSize Stat Command 1 root 356 S init 2 root DW keventd 3 root RWN ksoftirqd_CPU0 4 root SW kswapd 5 root SW bdflush 6 root SW kupdated 8 root SW mtdblockd 89 root 344 S logger s p 6 t 92 root 356 S init 93 root 348 S sys...

Page 55: ...em UCI consists of a Command Line Utility CLI the files containing the actual configuration data and scripts that take the configuration data and apply it to the proper parts of the system such as the networking interfaces Entering the command uci on its own will display the list of valid arguments for the command and their format root VA_router lib config uci Usage uci options command arguments C...

Page 56: ...ith a text editor but for scripts GUIs and other programs working directly with UCI files export config Exports the configuration in a UCI syntax and does validation import config Imports configuration files in UCI syntax changes config Lists staged changes to the given configuration file or if none given all configuration files add config section type Adds an anonymous section of type section typ...

Page 57: ... 2 2 Export a configuration Using the uci export command it is possible to view the entire configuration of the router or a specific package Using this method to view configurations does not show comments that are present in the configuration file root VA_router uci export httpd package httpd config httpd option port 80 option home www 7 2 3 Show a configuration tree The configuration tree format ...

Page 58: ..._switch 0 eth1 D It is also possible to display a limited subset of a configuration root VA_router uci show network wan network wan interface network wan username foo network wan password bar network wan proto 3g network wan device dev ttyACM0 network wan service umts network wan auto 0 network wan apn hs vodafone ie 7 2 4 Display just the value of an option To display a specific value of an indiv...

Page 59: ...a_eventd va_eventd main enabled yes va_eventd main event_queue_file tmp event_buffer va_eventd main event_queue_size 128K va_eventd conn_tester 0 conn_tester va_eventd conn_tester 0 name Pinger va_eventd conn_tester 0 enabled yes va_eventd conn_tester 0 type ping va_eventd conn_tester 0 ping_dest_addr 192 168 250 100 va_eventd conn_tester 0 ping_success_duration_sec 5 va_eventd target 0 target va_...

Page 60: ...nd urls etc config monitor Monitor details Basic etc config dropbear SSH server options etc config dhcp Dnsmasq configuration and DHCP settings etc config firewall NAT packet filter port forwarding etc etc config network Switch interface L2TP and route configuration etc config system Misc system settings including syslog Other etc config snmpd SNMPd settings etc config uhttpd Web server options uH...

Page 61: ... be combined into a single list of values with the same order as in the configuration file The indentation of the option and list statements is a convention to improve the readability of the configuration file but it is not syntactically required Usually you do not need to enclose identifiers or values in quotes Quotes are only required if the enclosed value contains spaces or tabs Also it is lega...

Page 62: ... in persistent storage is validated To avoid any unrecoverable errors during the process you must follow several safety steps described in this chapter On successful completion of the process you can restart the device running the new firmware 8 1 Software versions If you have software versions prior to 72 002 to upgrade firmware using the web interface go to section 8 1 2 If you have software ver...

Page 63: ...gure 23 The status page showing software version 72 002 In the Firmware Version row the first two digits of the firmware version identify the hardware platform for example LIS 15 while the remaining digits 00 72 002 show the software version 8 1 2 Upgrading router firmware for software versions pre 72 002 Copy the new firmware issued by Virtual Access to a PC connected to the router In the top men...

Page 64: ... or Browse Note the button will vary depending on the browser you are using Select the appropriate image and then click Flash Image The Flash Firmware Verify page appears Figure 25 The flash firmware verify page Click Proceed The System Flashing page appears Figure 26 The system flashing page When the waiting for router icon disappears the upgrade is complete and the login homepage appears To veri...

Page 65: ...sh operations page appears Figure 28 The flash operations page Under Flash Operations click Flash Image Only the inactive image is available to flash Select the appropriate image and then wait until image has loaded Note this process may take a while depending on the available connection speed When the image has loaded the Update Firmware page appears Figure 29 The flash firmware verify page Click...

Page 66: ...l only run the firmware if you click OK to return to the Flash Operations page There you can manually select Made Active after reboot Then click Reboot Now in the Reboot using Active Configuration section 8 1 5 Update flash image and reboot using new image immediately option Figure 31 The firmware update page after update flash image and reboot option selected If you select Update flash image and ...

Page 67: ... event that the firmware upgrade fails the Failed verification File is most likely corrupt or similar message will appear in the Verify file integrity row No changes will be made to the system and the general message File verification failed appears 8 1 7 Verify the firmware has been upgraded successfully To check the firmware version in the top menu browse to System Flash Operations or after rout...

Page 68: ...ter enter which curl which atftp The output shows the available application usr bin curl ATFTP Inline command usage atftp g r LIS 15 00 72 002 image l tmp LIS 15 00 72 002 image x x x x where x x x x is the IP address of your PC g is get operation and l r are local and remote file name to store CURL Inline command usage curl tftp x x x x LIS 15 00 72 002 image o tmp LIS 15 00 72 002 image where x ...

Page 69: ... version xx yy 72 002 and later uses an image check application Note it is the user s responsibility to verify the image before starting to write the image to flash process To use the image check on downloaded image enter image check tmp LIS 15 00 72 002 image In the case of any image corruption an appropriate error message appears Error no SquashFS filesystem after CRC d section data length 3 Err...

Page 70: ...Verify and compare the checksum with the MD5 sum of the downloaded image If the checksum of the written firmware in altimage matches the one from the downloaded image in tmp the new firmware has been programmed successfully 8 2 5 Setup an alternative image Provided the programming has succeeded you can set it as the next image to use after reboot enter vacmd set next image altimage To reboot using...

Page 71: ...lity priority and message section Often the message section begins with an optional tag identifying the usermode program name and process ID responsible for the message Messages can be stored locally and also forwarded remotely Separate filter options apply to each case At a broad level you can set the minimum severity level for local and remote targets only messages with a priority more severe th...

Page 72: ...is section Language and Style Configure the router s web language and style Time synchronization Configure the NTP server in this section 9 3 1 General settings Figure 34 General settings in system properties Web Field UCI Package Option Description Web Local Time Sets the local time and syncs with browser You can manually configure on CLI using date s YYYY MM DD hh mm ss Web hostname UCI system m...

Page 73: ...stem log stored in RAM will be lost on reboot Web value Description UCI RAM Store system log in RAM Lost on reboot Viewed using logread circular File Store system log in flash Maintained through reboot Viewed using cat log_file file Web System log buffer size UCI system main log_size Opt log_size File log buffer size in KB Note when the file reaches the configured size it is copied to the archive ...

Page 74: ...t Opt log_file_count Defines the file number of archive files for storage in flash when Log Storage is set to file When the system log file reaches the configured size it is copied to the archive file log_file_name 0 Existing archive files are copied to log_file_name x 1 Range 1 Store 1 archive log file in flash Web Custom log hostname UCI system main log_hostname Opt log_hostname Defines a custom...

Page 75: ...or will occur if action is not taken 5 Error Error conditions 4 Critical Critical conditions 3 Alert Should be addressed immediately 2 Emergency System is unusable 1 Web n a UCI system main audit_shell Opt audit_shell Log every command executed in shell 1 Enable 0 Disable Web n a UCI system main audit_cfg Opt audit_cfg Log changes made to configuration file through any interface 1 Enable 0 Disable...

Page 76: ..._hours Opt interval_hours Specifies interval of NTP requests in hours Default value set to auto Auto Range auto 1 23 Web NTP server candidates UCI system ntp server Opt list server Defines the list of NTP servers to poll the time from If the list is empty the built in NTP daemon is not started Multiple servers can be configured and are separated by a space if using UCI By default all fields are se...

Page 77: ...efore you reboot Figure 38 The reboot page Check the Reboot now check box and then click Reboot 9 4 System settings using command line System settings are configured under the system package etc config system There are several configuration sections Section Description system General system configuration options timeserver Router time and NTP conguration options syslog_filter Advanced filter rules...

Page 78: ...hours auto system ntp server 0 VA_router pool ntp org 10 10 10 10 9 4 2 System settings using package options root VA_router uci export system package system config system main option hostname VA_router option timezone UTC option log_ip 1 1 1 1 option log_port 514 option remoteloglevel 8 option log_file root syslog messages option log_size 400 option log_type file option log_file_count 3 option ti...

Page 79: ... messages local0 hotplug scripts security Same as auth syslog Internal syslog events user General user mode application messages Table 21 Syslog message severity list 9 5 1 2 Event severity list The severities are ordered from most severe to least severe Level Name Description 0 emerg System is unusable 1 alert Immediate action required 2 crit Critical conditions 3 error Error conditions 4 warning...

Page 80: ...ory size and does not survive a reset it is beneficial to write system messages to flash memory To do this modify the system config under the system package Set the options log_file log_size log_type and log_file_count as shown below root VA_router uci export system package system config system main option hostname VA_router option zonename UTC option timezone GMT0 option conloglevel 8 option cron...

Page 81: ...1 0 000000 bootconsole early0 enabled 0 000000 CPU0 revision is 00019556 MIPS 34Kc 0 000000 adding memory size 267386880 from DT 0 000000 MIPS machine is Virtual Access GW6600V series 0 000000 Determined physical RAM map 0 000000 memory 0ff00000 00000000 usable 0 000000 User defined physical RAM map 0 000000 memory 07200000 00000000 usable Note kernel messages are also copied to the main system lo...

Page 82: ...is found then the specified action is taken If no match occurs then the default action is taken as defined in the main system logging settings A message may match multiple filters They are processed in the order listed For example you may wish to record authorisation messages in the main system log but also make a copy in a separate authorisation log which can span a much longer period of time By ...

Page 83: ...ere are copied to the router runtime file var conf syslog conf which may be reviewed to determine current rules in use 9 6 2 Filter definitions Each filter ruleset is a series of lines Each line can be A filter pattern of the form facility op severity pattern target A blank line or comment line starting with hash If a message doesn t match any of the filter lines for a destination local or remote ...

Page 84: ...ng mobile mobile Match only messages beginning with the string mobile target Defines what to do with the log message when a match occurs It is optional for remote filters It can be the name of a disk file or one of the special target keywords listed below default Do whatever the default action is as if not filter rule matched ignore Never log this message useful for remote filtering console Log th...

Page 85: ...bug mem list text auth authpriv var log auth list text ipsec var log ipsec list text default 9 6 3 3 Example 3 As in Example 2 except do not send any auth or auth priv messages remotely config syslog_filter local list text debug mem list text auth authpriv var log auth list text ipsec var log ipsec list text default config syslog_filter remote list text auth authpriv ignore 9 6 3 4 Example 4 As in...

Page 86: ..._______ _______________________________________________________________________________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 86 of 519 root VA_router cat var conf syslog conf local auth authpriv var log auth ipsec var log ipsec default remote auth authpriv info ignore ...

Page 87: ...ection describes how to configure an Ethernet interface including configuring the interface as a DHCP server adding the interface to a firewall zone mapping the physical switch ports and defining loopback interface 10 1 Configuration packages used Package Sections network interface route va_switch alias firewall zone dhcp dhcp 10 2 Configuring an Ethernet interface using the web interface To creat...

Page 88: ...hernet interfaces Ports are marked with capital letters starting with A Type in space separated port character in the port map fields ATM Bridges ATM bridges expose encapsulated Ethernet in AAL5 connections as virtual Linux network interfaces which can be used in conjunction with DHCP or PPP to dial into the provider network 10 2 1 Interface overview editing an existing interface To edit an existi...

Page 89: ...2TPv3 L2TPv3 Tunnelling Protocol l2tpv3 PPP Point to Point Protocol ppp PPtP Point to Point Tunnelling Protocol pptp PPPoE PPP over Ethernet pppoe PPPoATM PPP over ATM pppoa LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT style 3G modem 3g PPP PSTN Modem PPP v90 modem pppmodem Web Create a bridge over multiple interfaces UCI network if name type Opt type If you select this option then...

Page 90: ...guration The common configuration section has four sub sections Section Description General Setup Configure the basic interface settings such as protocol IP address gateway netmask custom DNS servers Advanced Settings Bring up on boot Monitor interface state Override MAC address Override MTU and Use gateway metric Physical Settings Bridge interfaces VLAN PCP to SKB priority mapping Firewall settin...

Page 91: ... EV DO CDMA UMTS or GPRS connection using an AT style 3G modem 3g PPP PSTN Modem PPP v90 modem pppmodem Web IPv4 address UCI network if name ipaddr Opt ipaddr The IPv4 address of the interface This is optional if an IPv6 address is provided Web IPv4 netmask UCI network if name netmask Opt netmask Subnet mask to be applied to the IP address of this interface Web IPv4 gateway UCI network if name gat...

Page 92: ...ation advanced settings Figure 42 The Ethernet connection advanced settings page Web Field UCI Package Option Description Web Bring up on boot UCI network if name auto Opt auto Enables the interface to connect automatically on boot up 0 Disabled 1 Enabled Web Monitor interface state UCI network if name monitored Opt monitored Enabled if status of interface is presented on Monitoring platform 0 Dis...

Page 93: ...rface is down and will start or restart when parent interface starts Separate multiple interfaces by a space when using UCI Example option dependants PPPADSL MOBILE This replaces the following previous options in child interfaces gre option local_interface lt2p option src_ipaddr iot option wan1 wan2 6in4 option ipaddr 6to4 option ipaddr Web SNMP Alias ifindex UCI network x snmp_alias_ifindex Opt s...

Page 94: ...hem when using UCI Example network if name vlan_qos_map_ingress 1 2 2 1 Web skb priority to VLAN PCP mapping UCI network if name vlan_qos_map_egress Opt list vlan_qos_map_egress Socket buffer to VLAN priority code point mapping Multiple priority mappings are entered with a space between them when using UCI Example network if name vlan_qos_map_egress 1 2 2 1 Web Interface UCI network if name ifname...

Page 95: ...Issue 1 7 Page 95 of 519 Figure 44 GRE firewall settings 10 2 4 Interface overview IP aliases IP aliasing means associating more than one IP address to a network interface You can assign multiple aliases 10 2 4 1 IP alias packages Package Sections Network alias 10 2 4 2 IP alias using the web To use IP aliases enter a name for the alias and click Add This name will be assigned to the alias section...

Page 96: ...name proto Opt proto This maps the interface protocol to the alias Table 28 Information table for IP Aliases name assignment After you have clicked Add the IP Aliases configuration options page appears The IP Alias is divided into two sub sections general setup and advanced 10 2 4 3 IP aliases general setup Figure 46 The IP Aliases general setup section Web Field UCI Package Option Description Web...

Page 97: ... Broadcast UCI network alias name bcast Opt bcast Defines the IP broadcast address for the IP alias Web DNS Server UCI network alias name dns Opt dns Defines the DNS server for the IP alias Table 30 Information table for IP Alias advanced settings page 10 2 5 Interface overview DHCP server Note this option is only available for interfaces with a static IP address 10 2 5 1 DHCP server packages Pack...

Page 98: ... DHCP pool then default is disabled i e dhcp pool enabled Web Description UCI DHCPv4 DHCP for IPv4 ipv4 DHCPv6 DHCP for IPv6 ipv6_dhcp IPv6 Router Advertisements IPv6 RA ipv6_ra DHCPv6 Prefix Delegation DHCPv6 prefix delegation ipv6_pd Web Start UCI dhcp dhcp x start Opt start Defines the offset from the network address for the start of the DHCP pool Example for network address 192 168 100 10 24 s...

Page 99: ... Dynamically allocate leases 0 Use etc ethers file for serving DHCP leases Web Force UCI dhcp dhcp x force Opt force Forces DHCP serving on the specified interface even if another DHCP server is detected on the same network segment 0 Disabled 1 Enabled Web IPv4 Netmask UCI dhcp dhcp x netmask Opt netmask Defines a netmask sent to clients that overrides the netmask as calculated from the interface ...

Page 100: ...tatic network newinterface ifname eth0 network newinterface monitored 0 network newinterface ipaddr 2 2 2 2 network newinterface netmask 255 255 255 0 network newinterface gateway 2 2 2 10 network newinterface broadcast 2 2 2 255 network newinterface vlan_qos_map_ingress 1 2 2 1 network ethalias1 alias network ethalias1 proto static network ethalias1 interface newinterface network ethalias1 ipaddr...

Page 101: ...ny of the above values use uci set command 10 3 2 Interface configuration using package options root VA_router uci export network package network config interface newinterface option proto static option ifname eth0 option monitored 0 option ipaddr 2 2 2 2 option netmask 255 255 255 0 option gateway 2 2 2 10 option broadcast 2 2 2 255 list vlan_qos_map_ingress 1 2 list vlan_qos_map_ingress 2 1 conf...

Page 102: ...package dhcp config dhcp option interface newinterface option mode ipv4 option start 100 option leasetime 12h option limit 150 To change any of the above values use uci set command 10 3 3 Loopback interfaces Loopback interfaces are defined in exactly the same way as Ethernet interfaces Read the section above Note there is no software limitation as to how many loopback interfaces can exist on the r...

Page 103: ...h0 physical switch port mapping Must be entered in upper case A Eth0 assigned to switch port A B Eth0 assigned to switch port B C Eth0 assigned to switch port C D Eth0 assigned to switch port C Web eth1 UCI network va_switch 0 eth1 Opt eth1 Defines eth1 physical switch port mapping Must be entered in upper case A Eth1 assigned to switch port A B Eth1 assigned to switch port B C Eth1 assigned to sw...

Page 104: ...ove values use uci set command 10 5 3 Configuring port map using package options The configuration files are stored on etc config network root VA_router uci export network config va_switch option eth0 A option eth1 B option eth2 C option eth3 D To change any of the above values use uci set command 10 5 4 ATM bridges The ATM bridges section is not used when configuring an Ethernet interface 10 6 In...

Page 105: ...ier 0 collisions 0 txqueuelen 1000 RX bytes 569453 556 1 KiB TX bytes 77306 75 4 KiB lo Link encap Local Loopback inet addr 127 0 0 1 Mask 255 0 0 0 inet6 addr 1 128 Scope Host UP LOOPBACK RUNNING MTU 16436 Metric 1 RX packets 385585 errors 0 dropped 0 overruns 0 frame 0 TX packets 385585 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 0 RX bytes 43205140 41 2 MiB TX bytes 43205140...

Page 106: ...ssue 1 7 Page 106 of 519 10 6 2 ARP table status To show the current ARP table of the router enter root GW7314 arp 10 67 253 141 at 30 30 41 30 43 36 ether on eth8 10 47 48 1 at 0a 44 b2 06 ether on gre gre1 10 6 3 Route status To show the current routing status enter root VA_router route n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192 168 100 0 255 255 255 0 U...

Page 107: ...ies User manual Issue 1 7 Page 107 of 519 11 Configuring VLAN 11 1 Maximum number of VLANs supported Virtual Access routers support up to 4095 VLANs 11 2 Configuration package used Package Sections Network 11 3 Configuring VLAN using the web interface 11 3 1 Create a VLAN interface To configure VLAN using the web interface in the top menu select Network Interfaces Click Add new interface The Creat...

Page 108: ...s and netmask DHCP Client Address and netmask are assigned by DHCP Unmanaged Unspecified IPv6 in IPv4 RFC4213 Used with tunnel brokers IPv6 over IPv4 Stateless IPv6 over IPv4 transport GRE Generic Routing Encapsulation protocol IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point Protocol PPPoE PPP over Ethernet PPPoATM PPP over ATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT s...

Page 109: ... configuration with fixed address and netmask DHCP Client Address and netmask are assigned by DHCP Unmanaged Unspecified IPv6 in IPv4 RFC4213 Used with tunnel brokers IPv6 over IPv4 Stateless IPv6 over IPv4 transport GRE Generic Routing Encapsulation protocol IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point Protocol PPPoE PPP over Ethernet PPPoATM PPP over ATM LTE UMTS GPRS EV DO CDMA UMTS ...

Page 110: ...st of DNS server IP addresses optional Table 35 Information table for VLAN general settings 11 3 3 Firewall settings VLAN Use this section to select the firewall zone you want to assign to the VLAN interface Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it Figure 54 Firewall settings page When you h...

Page 111: ...n configure VLANs through CLI The VLAN configuration file is stored on etc config network uci export network package network config interface vlan100 option proto static option ifname eth0 100 option monitored 0 option ipaddr 192 168 100 1 option netmask 255 255 255 0 option gateway 192 168 100 10 option broadcast 192 168 100 255 option dns 8 8 8 8 Modify these settings by running uci set paramete...

Page 112: ...g a WiFi interface using the web interface To create a new WiFi interface via the web interface in the top menu click Network Wifi The Wireless overview page appears Figure 56 The wireless overview page Click Add to create a new WiFi interface The Wireless Network configuration page appears The Wireless Network configuration page consists of two sections Section Description Device Configuration Co...

Page 113: ...ced Settings HT mode country code distance optimization fragmentation threshold and RTS CTS threshold 12 2 1 1 Device configuration general setup Figure 57 The device configuration general setup section Web Field UCI Package Option Description Web Wireless network UCI wireless radio0 disabled Opt disanabled Enable or disables a wireless 1 Disables Wifi interface 0 Enables Wifi interface Web Channe...

Page 114: ...use 802 11g n Select the wireless protocol to use 802 11a n Select the wireless protocol to use Web HT mode UCI wireless radio0 htmode Opt country HT mode options 20MHz Specifies the channel width in 802 11 40MHz 2nd channel below Specifies the channel width in 802 11 40MHz 2nd channel above Specifies the channel width in 802 11 Web Country Code UCI wireless radio0 country Opt country Sets the cou...

Page 115: ...guration The interface configuration section is used to configure the network and security settings It has three sub sections Section Description General Setup Identification network and mode settings Wireless Security Encryption cipher and key security settings MAC Filter MAC address filter settings 12 2 2 1 Interface configuration general setup Use this section to configure the interface name mo...

Page 116: ...wds Client WDS sta wds Web Mode UCI wireless wifi iface 0 bssid Opt bssid Defines the BSSID value Only displayed if using client ad hoc or client wds modes Web Network UCI wireless wifi iface 0 network Opt network The network the wireless interface is attached to If using an existing interface select the appropriate network Select unspecified to not attach to any network or fill out the create fie...

Page 117: ...Opt key1 Specifies the first wireless key authentication phrase Web Key 2 UCI wireless wifi iface 0 key2 Opt key2 Specifies the second wireless key authentication phrase Web Key 3 UCI wireless wifi iface 0 key3 Opt key3 Specifies the third wireless key authentication phrase Web Key 4 UCI wireless wifi iface 0 key4 Opt key4 Specifies the fourth wireless key authentication phrase Web Radius Authenti...

Page 118: ...isted in the text field allow Allow all except listed Allows everything but the MAC address listed in the text field deny Web MAC List UCI wireless wifi iface 0 maclist Opt list maclist Defines the MAC addresses to use Multiple MAC address should be separated by a space if using UCI MAC must be in the format hh hh hh hh hh hh Table 40 Information table for interface configuration MAC filter sectio...

Page 119: ...ppears In the Interface Overview page click Edit on the Ethernet interface that will be bridged into the router s WiFi AP The Common Configuration page appears It has four sections This configuration only uses the Physical Settings section Figure 62 The physical settings section in the common configuration page Web Field UCI Package Option Description Web Bridge Interfaces UCI network lan type Opt...

Page 120: ...n a new Ethernet interface using package options root VA_router uci export network package network config interface newwifilan option proto static option ipaddr 192 168 111 1 option netmask 255 255 255 0 root VA_router uci export wireless package wireless config wifi device radio0 option type mac80211 option channel 11 option phy phy0 option hwmode 11ng option htmode HT20 list ht_capab SHORT GI 40...

Page 121: ...1 wireless radio0 channel 11 wireless radio0 phy phy0 wireless radio0 hwmode 11ng wireless radio0 htmode HT20 wireless radio0 ht_capab SHORT GI 40 TX STBC RX STBC1 DSSS_CCK 40 wireless radio0 txpower 17 wireless radio0 country US wireless wifi iface 0 wifi iface wireless wifi iface 0 device radio0 wireless wifi iface 0 mode ap wireless wifi iface 0 disabled 1 wireless wifi iface 0 ssid Test_AP wir...

Page 122: ...ab TX STBC list ht_capab RX STBC1 list ht_capab DSSS_CCK 40 option txpower 17 option country US config wifi iface option device radio0 option mode ap option disabled 1 option ssid Test_AP option network lan option encryption psk option key secretkey 12 4 4 AP mode on an existing Ethernet interface using UCI root VA_router uci show network network lan interface network lan ifname eth0 network lan p...

Page 123: ...sid Test_AP wireless wifi iface 0 network lan wireless wifi iface 0 encryption psk wireless wifi iface 0 key secretkey 12 5 Creating a WiFi in client mode using the web interface A WiFi network in Client mode receives a wireless network from another WiFi AP Configure the Wifi network in Client mode as described in the above section Configuring a WiFi interface selecting a new interface for the Wir...

Page 124: ...E Generic Routing Encapsulation protocol IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point Protocol PPPoE PPP over Ethernet PPPoATM PPP over ATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT style 3G modem Table 42 Information table for interfaces WClient page When you have clicked Save and Apply the router will restart the network package It may take up to one minute for conn...

Page 125: ...tion psk2 option key testtest 12 6 2 Client modem using UCI root VA_router uci show network network new interface network WCLIENT proto dhcp 12 6 2 1 uci show wireless root VA_router uci show wireless wireless radio0 wifi device wireless radio0 type mac80211 wireless radio0 channel 11 wireless radio0 phy phy0 wireless radio0 hwmode 11ng wireless radio0 htmode HT20 wireless radio0 ht_capab SHORT GI...

Page 126: ...witching technology where data is grouped into cells Connection between the user equipment and the BAS is then achieved using the Point to Point Protocol PPP running over the ATM connection path PPP is a defined industry standard used widely to allow two devices to communicate across a logical link It is extensively deployed by service providers as a means of connecting customers to Internet Proto...

Page 127: ... adsl 13 4 Creating a new ADSL PPPoA connection To create a new ADSL PPPoA interface via the web interface in the top menu click Network Interfaces The Interfaces overview page appears There are three sections in the Interfaces page Section Description Interface Overview Shows existing interfaces and their status You can create new and edit existing interfaces here Port Map In this section you can...

Page 128: ...scription Static Static configuration with fixed address and netmask DHCP Client Address and netmask are assigned by DHCP Unmanaged Unspecified IPv6 in IPv4 RFC4213 IPv4 tunnels that carry IPv6 IPv6 over IPv4 IPv6 over IPv4 tunnel GRE Generic Routing Encapsulation IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point Protocol PPPoE Point to Point Protocol over Ethernet PPPoATM Point to Point Pro...

Page 129: ...ettings Assign a firewall zone to the connection 13 5 PPPoA general setup Figure 67 The PPPoA common configuration page Web Field UCI Package Option Description Web Status UCI N A ifconfig Opt N A Shows the current status of the interface Note run ifconfig command on SSH to check interface status Web Protocol UCI network x proto Opt proto Protocol type The PPPoA interface protocol is showing as th...

Page 130: ... advanced settings page Web Field UCI Package Option Description Web Bring up on boot UCI network x auto Opt auto Enables the interface to connect automatically on boot up This option is enabled by default 0 Disabled 1 Enabled Web Monitor interface state UCI network x monitored Opt monitored Enabled if status of interface is presented on Monitoring platform 0 Disabled 1 Enabled Web Enable IPv6 neg...

Page 131: ...e option keepalive 5 1 Web Inactivity timeout UCI network x demand Opt demand Close inactive connection after the given amount of seconds use 0 to persist connection Web Dependant Interfaces UCI network x dependants Opt dependants Lists interfaces that are dependent on this parent interface Dependant interfaces will go down when parent interface is down and will start or restart when parent interf...

Page 132: ...sign firewall zone UCI firewall zone 2 name Opt name Select existing firewall zone or select unspecified or create to create new firewall zone Table 46 Information table for PPPoADSL interface 13 8 Creating an ADSL PPPoA connection using UCI The configuration file is stored at Network file etc config network To view the configuration file enter uci export network config adsl device adsl option fwa...

Page 133: ... adsl fwannex a network adsl annex a network adsl Enabled yes network ADSL interface network ADSL proto pppoa network ADSL encaps vc network ADSL atmdev 0 network ADSL vci 35 network ADSL vpi 0 network ADSL username test5 pppoa com network ADSL password test5 network ADSL metric 1 13 9 Creating a new ADSL PPPoEoA connection From the top menu select Network Interfaces The Interfaces Overview page a...

Page 134: ...ux Virtual circuit multiplexing LLC Logical Link Control Table 47 Information table for ATM bridges 13 9 2 PPPoEoA advanced settings Figure 71 The ATM bridges advanced settings page Web Field UCI Package Option Description Web ATM device number UCI network atm bridge x atmdev Opt atmdev Leave the default ATM device number set to 0 Web Bridge unit number UCI network atm bridge x unit Opt unit Leave...

Page 135: ... Z a z 0 9 and _ Web Protocol of the new interface UCI network x proto Opt proto Protocol type Select PPPoE Option Description Static Static configuration with fixed address and netmask DHCP Client Address and netmask are assigned by DHCP Unmanaged Unspecified IPv6 in IPv4 RFC4213 IPv4 tunnels that carry IPv6 IPv6 over IPv4 IPv6 over IPv4 tunnel GRE Generic Routing Encapsulation IOT L2TP Layer 2 T...

Page 136: ...ption Web Protocol of the new interface UCI network x proto Opt proto Protocol type The protocol shows the one selected for this interface Web PAP CHAP username UCI network x username Opt username Type the PAP CHAP username Web PAP CHAP password UCI network x password Opt password Type the password Web Access Concentrator UCI network x acname Opt acname Leave this field empty to autodetect or type...

Page 137: ...g platform 0 Disabled 1 Enabled Web Enable IPv6 negotiation on the PPP link UCI network x ipv6 Opt ipv6 Enables IPv6 negotiation on the PPP 0 Disabled 1 Enabled Web Use default gateway UCI network x defaultroute Opt defaultroute If unchecked no default route is configured 0 Disabled 1 Enabled Web Use gateway metric UCI network x metric Opt metric Defines the route metric for this default route Low...

Page 138: ...space when using UCI Example option dependants PPPADSL MOBILE This replaces the following previous options in child interfaces gre option local_interface lt2p option src_ipaddr iot option wan1 wan2 6in4 option ipaddr 6to4 option ipaddr Web SNMP Alias ifindex UCI network x snmp_alias_ifindex Opt snmp_alias_ifindex Defines a static SNMP interface alias index for this interface that can be polled via...

Page 139: ...view the configuration file enter uci export network config adsl device adsl option fwannex a option annex a option Enabled yes config interface ADSL option proto pppoe option ifname nas0 option username test5 pppoe com option password test5 option ac test option service test option defaultroute 1 option metric 1 config atm bridge option unit 0 option atmdev 0 option encaps llc option payload brid...

Page 140: ...vice test network ADSL defaultroute 1 network ADSL metric 1 network atm bridge 0 atm bridge network atm bridge 0 unit 0 network atm bridge 0 atmdev 0 network atm bridge 0 encaps llc network atm bridge 0 payload bridged network atm bridge 0 vci 35 network atm bridge 0 vpi 0 13 11 Configuring an ADSL bridge connection with static IP 13 11 1 Bridged connection with static IP general setup From the to...

Page 141: ... Logical Link Control Table 52 Information table for ATM bridges 13 11 2 Bridged connection with static IP advanced settings Select the Advanced Settings tab The ATM Bridges page appears Figure 77 The ATM bridges advanced settings tab Web Field UCI Package Option Description Web ATM device number UCI network atm bridge x atmdev Opt atmdev Leave the default ATM device number set to 0 Web Bridge uni...

Page 142: ...o Protocol type Select Static Address Option Description Static Static configuration with fixed address and netmask DHCP Client Address and netmask are assigned by DHCP Unmanaged Unspecified IPv6 in IPv4 RFC4213 IPv4 tunnels that carries IPv6 IPv6 over IPv4 IPv6 over IPv4 tunnel GRE Generic Routing Encapsulation L2TP Layer 2 Tunnelling Protocol PPP Point to Point Protocol PPPoE Point to Point Prot...

Page 143: ... this field empty or type the gateway address Web IPv4 broadcast UCI network x broadcast Opt broadcast Leave this field empty to autodetect or type broadcast IP address Web Use custom DNS servers UCI network x dns Opt dns Leave this field empty to autodetect or type DNS IP address Web Accept router advertisements UCI network x accept_ra Opt accept_ra Accept router advertisement for ipv6 addresses ...

Page 144: ...e state will be reported to VA monitor via Keepalive 0 Disabled 1 Enabled Web Override MAC address UCI network x macaddr Opt macaddr Specify the mac address of the interface Leave this field blank if MAC address of Bridge interface should be copied from Ethernet interface Web Override MTU UCI network x mtu Opt mtu Optionally set up MTU size on the segment Web Dependant Interfaces UCI network x dep...

Page 145: ... Range 0 4294966295 Table 56 Information table for advanced settings 13 11 5 Bridged connection with static IP firewall settings Use this section to select the firewall zone you want to assign to this interface Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it Click Save Apply Figure 81 The interface...

Page 146: ... 10 33 4 7 option netmask 255 255 255 192 option metric 2 To view uci commands enter uci show network network adsl fwannex a network adsl annex a network adsl enabled yes network atm bridge 0 atm bridge network atm bridge 0 unit 0 network atm bridge 0 atmdev 0 network atm bridge 0 payload bridged network atm bridge 0 vpi 8 network atm bridge 0 vci 39 network atm bridge 0 encaps llc network Managem...

Page 147: ...ADSL line in the top menu select Status ADSL Status The ADSL Status page appears Figure 82 The ADSL status page To check an IP address transmit and received counter on an ADSL interface in the top menu select Network Interfaces The Interface Overview page appears Figure 83 The interfaces overview page 13 12 2 ADSL PPPoEoA connections To check the status of an ADSL line in the top menu select Statu...

Page 148: ... top menu select Status ADSL Status The ADSL Status page appears To check an IP address transmit and received counter on an ADSL interface in the top menu select Network Interfaces The Interface Overview page appears Figure 85 The interfaces overview page 13 12 4 ADSL status using UCI The ADSL chipset has its own subset of commands root VA_router etc init d dsl_control Syntax etc init d dsl_contro...

Page 149: ...r manual Issue 1 7 Page 149 of 519 status Get DSL status information lucistat Get status information in lua friendly format To view the current status of the ADSL interface enter root VA_router etc init d dsl_control status Chipset Lantiq Danube 1 5 Line State UP 0x801 showtime_tc_sync Data Rate 2 280 Mb s 291 Kb s Line Attenuation 6 3dB 3 3dB Noise Margin 31 1dB 35 9dB Line Uptime 2d 18h 8m 30s T...

Page 150: ...onnection using the web interface Note if you are creating multiple mobile interfaces simply repeat the steps in this chapter for each interface Multiple interfaces are required for dual SIM or multiple radio module scenarios Configuring static routes and or Multi WAN can be used to manage these interfaces In the top menu select Network Interfaces The Interfaces Overview page appears 14 2 1 Create...

Page 151: ...ayer 2 Tunnelling Protocol PPP PPPoE PPPoATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT style 3G modem Web Create a bridge over multiple interfaces UCI network 3G type Opt type Enables bridge between two interfaces Not relevant when configuring a mobile interface 0 Disabled 1 Enabled Web Cover the following interface UCI network 3G ifname Opt ifname Select interfaces for bridge c...

Page 152: ...network 3G proto Opt proto Protocol type Select LTE UMTS GPRS EV DO Web Description UCI Static Static configuration with fixed address and netmask static DHCP Client Address and netmask are assigned by DHCP dhcp Unmanaged Unspecified none IPv6 in IPv4 RFC4213 Used with tunnel brokers IPv6 over IPv4 Stateless IPv6 over IPv4 transport GRE Generic Routing Encapsulation protocol gre IOT IOT iot L2TP L...

Page 153: ...opformat Defines the operator format We recommended you use PLMN code The operator is case sensitive so if using long or short character format it must match the operator exactly To see the current operator using SSH enter the command cat var state mobile or using the web mobile stats page at Status Mobile Stats 0 Long character format 1 Short character format 2 PLMN code Web SIM UCI network 3G si...

Page 154: ...face state UCI network 3G monitored Opt monitored Enabled if status of interface is presented on Monitoring platform 0 Do not monitor interface 1 Monitor interface Web Authentication Type UCI network 3G auth Opt auth Enabled if status of interface is presented on Monitoring platform Web Description UCI CHAP CHAP authentication 2 PAP PAP authentication 1 Web Enable IPv6 negotiation on the PPP link ...

Page 155: ...3G dns Opt dns Specifies DNS server Only available if Use DNS servers advertised by peer is unselected When multiple DNS servers are required separate using space for UCI or option value Example uci set network 3G dns 1 1 1 1 2 2 2 2 Web LCP echo failure threshold UCI network 3G keepalive Opt keepalive Presumes peer to be dead after a given amount of LCP echo failures use 0 to ignore failures This...

Page 156: ...tion ipaddr 6to4 option ipaddr Web SNMP Alias ifindex UCI network x snmp_alias_ifindex Opt snmp_alias_ifindex Defines a static SNMP interface alias index for this interface that can be polled via the SNMP interface index snmp_alias_ifindex 1000 See Configuring SNMP section for more information Blank No SNMP interface alias index Range 0 4294966295 Web VRF UCI network 3G vrf Opt vrf Defines VRF for...

Page 157: ...lte umts gprs network 3G apn test apn network 3G username username network 3G password password network 3G ipv4mode dhcp network 3G ipv6mode none network 3G keepalive 5 1 network 3G operator_reselect 0 network 3G auth 2 14 3 2 Package options root VA_router package network config interface 3G option proto 3g option monitored 0 option auto 1 option sim any option defaultroute 1 option metric 1 opti...

Page 158: ...gnositcs Note the information presented on screen and data output using UCI depends on the actual mobile hardware being used Therefore the interfaces or output you see may differ from the samples shown here 14 4 1 Mobile status via the web To view mobile connectivity information in the top menu select Status Mobile Information The Mobile Information page appears The information presented depends o...

Page 159: ...____________________________________________ _______________________________________________________________________________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 159 of 519 Figure 91 The advanced information page Figure 92 The cell information page ...

Page 160: ...status root VA_router mobile_status Mobile Interface WAN Status idle SIM In yes SIM Slot 1 Operator vodafone IE Technology UMTS CS Network Status Home network PS Network Status Home network Signal dBm 107 IMEI 358743040012737 IMSI 272017113618040 For more advanced information enter mobile_status a root VA_router mobile_status a Mobile Interface WAN Status idle CS Network Status Home network PS Net...

Page 161: ...e Sections mobile main callers roaming_template 15 2 Configuring mobile manager using the web interface Select Services Mobile Manager The Mobile Manager page appears There are four sections in the mobile manager page Section Description Basic Enable SMS configure SIM pin code and select roaming SIM Advanced Configure advanced options such as collect ICCIDs and temperature polling interval CDMA CD...

Page 162: ... specify the pin code for SIM 2 Blank Range Depends on the SIM provider Web LTE bands for SIM1 UCI mobile main sim1_lte_bands Opt sim1_lte_bands Depending on the SIM card specify the LTE bands for SIM 1 Comma delimiter Example option sim1_lte_bands 3 20 Limits LTE bands to 3 and 20 Note currently only supported by Hucom Wetelcom SIMCom7100 Cellient MPL200 and Asiatel Blank Range LTE bands range fr...

Page 163: ...emp_poll_interval_sec Defines the time in seconds to poll the mobile module for temperature Set to 0 to disable 61 61 seconds Range Web Automatic Firmware Selection UCI mobile main enable_firmware_autoselect Opt enable_firmware_autoselect Enables the selection of an operator specific firmware in the radio module The selection is based on the ICCID of the used SIM At module initialisation the IMSI ...

Page 164: ...n hdr_userid Opt hdr_userid AN PPP user ID Supported on Cellient CDMA modem only Blank Range Depends on the CDMA provider Web HDR Auth User Password UCI mobile main hdr_password Opt hdr_password AN PPP password Supported on Cellient CDMA modem only Blank Range Depends on the CDMA provider Web Ordered Registration triggers module reboot UCI mobile main mobile main cdma_ordered_registration_reboot_ ...

Page 165: ...med into module as part of IMSI Range 0 7 Web Preferred Serving System UCI mobile main cdma_preferred_serving_system Opt cdma_preferred_serving_system The CDMA Preferred Serving System A B 5 Web Digital Analog Mode Preference UCI cdma_digital_analog_mode_preference Opt cdma_digital_analog_mode_preference Digital Analog Mode Preference 4 Web Primary Channel A UCI mobile main cdma_primary_channel_a ...

Page 166: ...acters Global value is accepted International value is accepted Web Enable UCI mobile caller 0 enabled Opt enabled Enables or disables incoming caller ID 0 Disabled 1 Enabled Web Respond UCI mobile caller 0 respond Opt respond If checked the router will return an SMS Select Respond if you want the router to reply 0 Disabled 1 Enabled Table 63 Information table for mobile manager callers settings 1...

Page 167: ...g_sim none uci set mobile main sms 1 uci set mobile main hdr_password 5678 uci set mobile main hdr_userid 1234 uci set mobile main init_get_iccids 1 uci set mobile caller 0 caller uci set mobile caller 0 name user1 uci set mobile caller 0 number 3538712345678 uci set mobile caller 0 enabled 1 uci set mobile caller 0 respond 1 uci set mobile caller 1 caller uci set mobile caller 1 name user2 uci se...

Page 168: ... caller option name vasupport option number 353871234567 option enabled 1 option respond 1 config caller option name vasupport1 option number 353872345678 option enabled 1 option respond 1 15 4 Monitoring SMS You can monitor inbound SMS messages using the router s web browser or via an SSH session To monitor SMS using the web browser login and select Status system log Scroll to the bottom of the l...

Page 169: ...x sendsms 353879876543 hello root VirtualAccess Aug 10 16 29 1 user notice VirtualAccess mobile 1737 Queue sms to 353879876543 hello 15 6 Sending SMS to the router The router can accept UCI show and set commands via SMS if the caller is enabled Note commands are case sensitive An example would be to SMS the SIM card number by typing the following command on the phone and checking the SMS received ...

Page 170: ...he web interface To create GRE interfaces through the web interface in the top menu select Network Interfaces There are three sections in the Interfaces page Section Description Interface Overview Shows existing interfaces and their status You can create new and edit existing interfaces here Port Map In this section you can map device ports to Ethernet interfaces Ports are marked with capital lett...

Page 171: ...DHCP Client Address and netmask are assigned by DHCP Unmanaged Unspecified IPv6 in IPv4 RFC4213 Used with tunnel brokers IPv6 over IPv4 Stateless IPv6 over IPv4 transport GRE Generic Routing Encapsulation protocol IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point protocol PPPoE PPP over Ethernet PPPoATM PPP over ATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT style 3G modem ...

Page 172: ...figuration general setup Figure 99 The GRE common configuration page Web Field UCI Package Option Description Web Protocol of the new interface UCI network if name proto Opt proto Shows the protocol the interface will operate on GRE should be currently selected Web Tunnel IP Address UCI network if name ipaddr Opt ipaddr Configures local IP address of the GRE interface Web Mask Length UCI network i...

Page 173: ... to be linked with the GRE tunnel interface optional Web Remote IP address UCI network if name remote_ip Opt remote_ip For point to point tunnels specifies Remote IP address Web TTL UCI network if name ttl Opt ttl Sets Time To Live value on the interface 128 Range Web Tunnel key UCI network if name key Opt key Sets GRE tunnel ID key optional Usually an integer Web MTU UCI network if name mtu Opt m...

Page 174: ... interface is down and will start or restart when parent interface starts Separate multiple interfaces by a space when using UCI Example option dependants PPPADSL MOBILE This replaces the following previous options in child interfaces gre option local_interface lt2p option src_ipaddr iot option wan1 wan2 6in4 option ipaddr 6to4 option ipaddr Web SNMP Alias ifindex UCI network x snmp_alias_ifindex ...

Page 175: ...etwork Static Routes For more information read the chapter Configuring Static Routes 16 3 GRE configuration using command line The configuration file is stored on etc config network For the examples below tunnel1 is used as the interface logical name 16 4 GRE configuration using UCI root VA_router uci show network network tunnel1 interface network tunnel1 proto gre network tunnel1 monitored 0 netw...

Page 176: ...0 overruns 0 carrier 0 collisions 0 txqueuelen 1000 RX bytes 10889090 10 3 MiB TX bytes 68820 67 2 KiB eth4 Link encap Ethernet HWaddr 00 1E 10 1F 00 00 inet addr 10 68 66 54 Bcast 10 68 66 55 Mask 255 255 255 252 inet6 addr fe80 21e 10ff fe1f 0 64 Scope Link UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 81 errors 0 dropped 0 overruns 0 frame 0 TX packets 127 errors 0 dropped 0 overr...

Page 177: ...ncap UNSPEC HWaddr 0A 44 42 36 00 00 7F E2 00 00 00 00 00 00 00 00 inet addr 13 13 13 2 Mask 255 255 255 248 inet6 addr fe80 5efe a44 4236 64 Scope Link UP RUNNING MULTICAST MTU 1472 Metric 1 RX packets 7 errors 0 dropped 0 overruns 0 frame 0 TX packets 7 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 0 RX bytes 912 912 0 B TX bytes 8GRE route status To show the current GRE route ...

Page 178: ...2 4 error correction Table 67 Dial modem standards 17 1 V 90 modem scenarios You can use the V 90 modem in several scenarios The table below gives a brief description of these scenarios while the following sections describe how to set up and configure the modem Scenario Description As a normal WAN interface Use the V 90 modem in the same way as other WAN interfaces such as DSL and ISDN As a backup...

Page 179: ...ing the modem as a dial out interface via UCI interface To allow the router to use the PSTN modem to make outbound calls you must configure a dial out interface The dial out configuration files are stored on Network files etc econf network uci export network config interface dialout5 option proto ppp option auto 0 option device dev ttyCX0 option noipdefault 1 option peerdns 0 option nopersist 1 op...

Page 180: ...of band management access to the router using the PSTN modem you must configure three settings Mgetty assigns the inbound call to the modem Dial in interface assigns and establishes a PPP connection Management user for control of a secure connection 17 4 1 Mgetty settings The configuration files are stored on Mgetty files etc config mgetty uci export mgetty config mgetty main option enabled yes co...

Page 181: ...200 mgetty ttyCX0 debug 9 17 4 2 Dial in interface settings The configuration files are stored on Network files etc config network uci export network config interface dialin option proto ppp option auto 0 option peerdns 1 option remote_ipaddr 172 168 101 2 option local_ipaddr 172 168 101 1 option noipdefault 1 option defaultroute 0 option remote_auth_options require_eap To view the configuration f...

Page 182: ...les etc config managerment_user uci export managment_users config user option enabled 1 option username test option password test option srpuser 1 option chapuser 0 option webuser 0 option smsuser 0 option linuxuser 0 To view the configuration files enter uci show managment_users managment_users user 0 user managment_users user 0 enabled 1 managment_users user 0 username test managment_users user ...

Page 183: ...ols are not used or they are not configured for such subnets They can be created based on outgoing interface or next hop IP address 18 1 Configuration package used Package Sections network route 18 2 Configuring static routes using the web interface In the top menu select Network Static Routes The Routes page appears Figure 103 The routes page In the IPv4 Routes section click Add Web Field UCI Pac...

Page 184: ...Package Option Description Web Interface UCI network route 1 interface Opt interface Specifies the logical interface name of the parent or master interface this route belongs to It must refer to one of the defined interface sections Web target UCI network route 1 target Opt target Specifies the route network IP address or subnet in CIDR notation Eample 2001 0DB8 100 F00 BA3 1 64 Web Gateway UCI ne...

Page 185: ...r example a route named myroute will be network myroute To define a named route using UCI enter network name_your_route route network name_your_route interface lan To define a named route using package options enter config route name_your_route option interface lan 18 5 IPv4 routes using UCI The command line example routes in the subsections below do not have a configured name root VA_router uci s...

Page 186: ... option interface lan option target 2 2 2 2 option netmask 255 255 255 255 option gateway 192 168 100 1 option metric 1 option mtu 1500 18 7 IPv6 routes using UCI root VA_router uci show network network route 1 route network route 1 interface lan network route 1 target 2001 0DB8 100 F00 BA3 1 64 network route 1 gateway 2001 0DB8 99 1 network route 1 metric 1 network route 1 mtu 1500 18 8 IPv6 rout...

Page 187: ...________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 187 of 519 18 9 Static routes diagnostics 18 9 1 Route status To show the current routing status enter root VA_router route n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192 168 100 0 255 255 255 0 U 0 0 0 eth0 Note a route will only be displayed in the routing table when the in...

Page 188: ... between gateway hosts each with its own router in a network of autonomous systems BGP is often the protocol used between gateway hosts on the internet The routing table contains a list of known routers the addresses they can reach and a cost metric associated with the path to each router so that the best available route is chosen 19 1 Configuration package used Package Sections bgpd routing peer ...

Page 189: ...ed 0 Disabled Web Router ID UCI bgpd bgpd router_id Opt router_id Sets a Unique Router ID in 4 byte format 0 0 0 0 Web Scan Time UCI bgpd bgpd scan_time Opt scan_time Defines the interval in seconds between RIB scans 60 60 seconds Range Web Autonomous System Number UCI bgpd bgpd asn Opt asn Defines the ASN for the local router Type in the ASN Blank Range 1 4294967295 Web Log keepalives UCI bgpd bg...

Page 190: ...onfigure a BGP route map Route maps provide a means to both filter and or apply actions to a route This allows a policy to be applied to routes Route maps are an ordered list of route map entries each with a set of criteria that must be matched before specific attributes of the route are modified Scroll down to the BGP Route Map section Type in a name for the BGP route map name and then click Add ...

Page 191: ...iscriminator BGP metric AS Path to Prepend Setting option to prepend AS to AS path BGP Community Setting option for BGP community IPv6 Next Hop Global Setting option for IPv6 Next Hop Global IPv6 Next Hop Local Setting option for IPv6 Next Hop Local Web Value UCI bgpd ROUTEMAP set Opt set Defines the set value when a match occurs Value format depends on the set option you have selected Table 72 In...

Page 192: ...P message is received 0 Range Web Keepalive Interval UCI bgpd peer 0 keepalive_sec Opt keepalive_sec Defines the interval in seconds for between two successive BGP keep alive messages 0 Range Web Connect Timer UCI bgpd peer 0 connect_sec Opt connect_sec Defines how long to wait after interface is up before retrying the connection on it 0 Range Table 73 Information table for BGP neighbours 19 3 Con...

Page 193: ...UTEMAP match 192 168 101 1 32 bgpd ROUTEMAP set_type ip next hop bgpd ROUTEMAP set 192 168 101 2 32 To change any of the above values use UCI set command 19 3 2 Configuring BGP using packages options root VA_router uci export bgpd package bgpd config routing bgpd option enabled yes option router_id 3 3 3 3 option asn 1 list network 11 11 11 0 29 list network 192 168 103 1 32 config peer option rou...

Page 194: ...____________________________________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 194 of 519 option match_type ip address option match 192 168 101 1 32 option set_type ip next hop option set 192 168 101 2 32 19 4 View routes statistics To view routes statistics in the top menu click Status Routes The routing table appears Figure 108 The routing table ...

Page 195: ...________________________________________________________________________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 195 of 519 To view routes via the command line enter root support route n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10 1 0 0 0 0 0 0 255 255 0 0 U 0 0 0 br lan2 ...

Page 196: ...r relationships with adjacent routers in the same area Instead of advertising the distance to connected networks OSPF advertises the status of directly connected links using Link State Advertisements LSAs OSPF sends updates LSAs when there is a change to one of its links and will only send the change in the update LSAs are additionally refreshed every 30 minutes OSPF traffic is multicast either to...

Page 197: ... see a number of subnets reachable via area 0 20 1 2 OSPF neighbours OSPF forms neighbour relationships called adjacencies with other routers in the same Area by exchanging Hello packets to multicast address 224 0 0 5 Only after an adjacency is formed can routers share routing information Each OSPF router is identified by a unique router ID The router ID can be determined in one of three ways The ...

Page 198: ...f the remote interface of each neighbour 20 1 3 OSPF designated routers In multi access networks such as Ethernet there is the possibility of many neighbour relationships on the same physical segment This leads to a considerable amount of unnecessary Link State Advertisement LSA traffic If a link of a router were to fail it would flood this information to all neighbours Each neighbour in turn woul...

Page 199: ... each other Full Indicates that the routers are fully synchronised The topology table of all routers in the area should now be identical Depending on the role of the neighbour the state may appear as Full DR Indicating that the neighbour is a Designated Router DR Full BDR Indicating that the neighbour is a Backup Designated Router BDR Full DROther Indicating that the neighbour is neither the DR no...

Page 200: ...em that separates an autonomous system into individual areas OSPF traffic can either be intra area within one area inter area between separate areas or external from another AS OSPF routers build a topology database of all links within their area and all routers within an area will have an identical topology database Routing updates between these routers will only contain information about links l...

Page 201: ...ecting to a separate Autonomous System such as the internet By redistributing another routing protocol into the OSPF process ASBRs provide access to external networks OSPF defines two types of external routes as shown in the table below Type 2 E2 Includes only the external cost to the destination network External cost is the metric being advertised from outside the OSPF domain This is the default ...

Page 202: ...the ospfd routing section The web automatically names the routing section ospfd Figure 111 The OSPF global settings configuration page Web Field UCI Package Option Description Web OSPF Enabled UCI ospfd ospfd enabled Opt enabled Enables OSPF advertisements on router 0 Disabled 1 Enabled Web Router ID UCI ospfd ospfd router_id Opt router_id This sets the Router ID of the OSPF process The Router ID ...

Page 203: ...ip_addr Opt ip_addr Specify the IP address for OSPF enabled interface Format A B C D Web Mask Length UCI ospfd network 0 mask_length Opt mask_length Specify the mask length for OSPF enabled interface The mask length should be entered in CIDR notation Web Area UCI ospfd network 0 area Opt area Specify the area number for OSPF enabled interface Web Stub Area UCI ospfd network 0 stub_area Opt stub_ar...

Page 204: ...pfd interface 0 ospf_interface Opt ospf_interface Defines the interface name Web Network Type UCI ospfd interface 0 network_type Opt network_type Defines network type for specified interface Default Autodetect it will be broadcast If broadcast is not supported on that interface then use point to point broadcast non broadcast point to point point to multipoint Web Passive UCI ospfd interface 0 pass...

Page 205: ...a either an insecure plain text password included with the packet or via a more secure MD5 based HMAC keyed Hashing for Message AuthentiCation Enabling authentication prevents routes being updated by unauthenticated remote routers but still can allow routes that is the entire OSPF routing table to be queried remotely potentially by anyone on the internet via OSPFv1 no Default value No authenticati...

Page 206: ...k 0 network ospfd network 0 ip_addr 12 1 1 1 Or using package options config network option ip_addr 12 1 1 1 20 5 OSPF using UCI root VA_router uci show ospfd ospfd ospfd routing ospfd ospfd enabled yes ospfd ospfd default_info_originate yes ospfd ospfd router_id 1 2 3 4 ospfd network 0 network ospfd network 0 ip_addr 12 1 1 1 ospfd network 0 mask_length 24 ospfd network 0 area 0 ospfd network 0 s...

Page 207: ... md5 ospfd interface 1 key_id 1 ospfd interface 1 md5_auth_key test 20 6 OSPF using package options root VA_router uci export ospfd package ospfd config routing ospfd option enabled yes option default_info_originate yes option router_id 1 2 3 4 config network option ip_addr 12 1 1 1 option mask_length 24 option area 0 option stub_area yes config interface option ospf_interface lan8 option hello_in...

Page 208: ... 255 255 0 0 U 0 0 0 eth1 10 206 4 64 0 0 0 0 255 255 255 252 U 0 0 0 usb0 11 11 11 0 0 0 0 0 255 255 255 248 U 0 0 0 gre GRE 89 101 154 151 10 206 4 65 255 255 255 255 UGH 0 0 0 usb0 192 168 100 0 0 0 0 0 255 255 255 0 U 0 0 0 eth0 192 168 101 1 11 11 11 1 255 255 255 255 UGH 11 0 0 gre GRE 192 168 104 1 11 11 11 4 255 255 255 255 UGH 20 0 0 gre GRE Note a route will only be displayed in the rout...

Page 209: ...e routing protocol suite embedded in the router firmware Quagga is split into different daemons for implementation of each routing protocol Zebra is a core daemon for Quagga providing the communication layer to the underlying Linux kernel and routing updates to the client daemons Quagga has a console interface to Zebra for advanced debugging of the routing protocols To access enter root VA_router ...

Page 210: ... is directly connected lo C 192 168 100 0 24 is directly connected eth0 O 192 168 101 1 32 110 11 via 11 11 11 1 gre GRE 02 35 28 O 192 168 104 1 32 110 20 via 11 11 11 4 gre GRE 02 30 45 O 192 168 105 1 32 110 10 is directly connected lo 02 47 52 C 192 168 105 1 32 is directly connected lo 20 8 1 OSPF debug console When option tty_enabled see Global settings section above is enabled in the OSPF c...

Page 211: ...irectly attached to lo OSPF router routing table OSPF external routing table To see OSPF neighbours from OSPF debug console enter sh ip ospf neighbour root VA_router sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL 1 1 1 1 255 Full DR 33 961s 11 11 11 1 gre GRE 11 11 11 5 0 0 0 To see OSPF interface details from OSPF debug console enter sh ip ospf interface r...

Page 212: ...AST MULTICAST OSPF not enabled on this interface eth7 is down ifindex 16 MTU 1500 bytes BW 0 Kbit BROADCAST MULTICAST OSPF not enabled on this interface gre GRE is up ifindex 19 MTU 1472 bytes BW 0 Kbit UP RUNNING MULTICAST Internet Address 11 11 11 5 29 Area 0 0 0 0 MTU mismatch detection enabled Router ID 192 168 105 1 Network Type BROADCAST Cost 10 Transmit Delay is 1 sec State Backup Priority ...

Page 213: ...outer on this network Multicast group memberships None Timer intervals configured Hello 10s Dead 40s Wait 40s Retransmit 5 Hello due in inactive Neighbor Count is 0 Adjacent neighbor count is 0 sit0 is down ifindex 7 MTU 1480 bytes BW 0 Kbit NOARP OSPF not enabled on this interface teql0 is down ifindex 4 MTU 1500 bytes BW 0 Kbit NOARP OSPF not enabled on this interface tunl0 is down ifindex 5 MTU...

Page 214: ..._________ _______________________________________________________________________________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 214 of 519 192 168 105 1 192 168 105 1 879 0x8000000b 0x4919 2 Net Link States Area 0 0 0 0 Link ID ADV Router Age Seq CkSum 11 11 11 1 1 1 1 1 595 0x80000004 0x5712 ...

Page 215: ...the virtual router IP address es on the LAN to be used as the default first hop router by end hosts The advantage gained from using VRRP is a higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every end host Two or more routers forming the redundancy cluster are configured with the same Router ID and Virtual IP address A VRRP router...

Page 216: ...9 21 3 1 Global settings The Global Settings section configures vrrp package main section To access configuration settings click ADD Figure 114 The VRRP global settings configuration page Web Field UCI Package Option Description Web VRRP Enabled UCI vrrp main enabled Opt Enabled Globally enables VRRP on the router 0 Disabled 1 Enabled 21 3 2 VRRP group configuration settings The VRRP Group Configu...

Page 217: ...1 7 Page 217 of 519 Figure 115 The VRRP group configuration page Web Field UCI Package Option Description Web Group Enabled UCI vrrp vrrp_group X enabled Opt Enabled Enables a VRRP group on the router 0 Disabled 1 Enabled Web Interface UCI vrrp vrrp_group X interface Opt interface Sets the local LAN interface name in which the VRRP cluster is to operate For example lan The interface name is taken ...

Page 218: ...0 track_ipsec Tunnel2 or using a list of options via package options list track_ipsec Tunnel1 list track_ipsec Tunnel2 Blank No IPSec connection to track Range Web Track IPsec Fail Time UCI vrrp vrrp_group X track_ipsec_fail_sec Opt track_ipsec_fail_sec Defines duration in seconds to determine IPsec tunnel failure 300 300 seconds Range Web IPSec connection UCI vrrp vrrp_group X ipsec_connection Op...

Page 219: ...ould monitor If a monitored IPSec connection goes down on the Master VRRP router it goes into Fault state and the Backup VRRP router becomes the Master Multiple IPsec connections are entered using uci set and uci add_list commands Example uci set vrrp vrrp_group 0 track_ipsec Tunnel1 uci add_list vrrp vrrp_group 0 track_ipsec Tunnel2 or using a list of options via package options list track_ipsec ...

Page 220: ...ot VA_router uci show vrrp vrrp main vrrp vrrp main enabled yes vrrp g1 vrrp_group vrrp g1 enabled yes vrrp g1 interface lan vrrp g1 track_iface WAN MOBILE vrrp g1 init_state BACKUP vrrp g1 router_id 1 vrrp g1 priority 100 vrrp g1 advert_int_sec 120 vrrp g1 password secret vrrp g1 virtual_ipaddr 10 1 10 150 16 vrrp g1 garp_delay_sec 5 vrrp g1 ipsec_connection Test vrrp g1 track_ipsec conn1 conn2 2...

Page 221: ...______________________________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 221 of 519 option init_state BACKUP option router_id 1 option priority 100 option advert_int_sec 120 option password secret option virtual_ipaddr 10 1 10 150 16 option garp_delay_sec 5 option ipsec_connection Test list track_ipsec conn1 list track_ipsec conn2 ...

Page 222: ...ost networking environments RIP is not the preferred choice for routing as its time to converge and scalability are poor compared to EIGRP or OSPF 22 1 1 RIP characteristics RIP is a standardised distance vector protocol designed for use on smaller networks RIP was one of the first true distance vector routing protocols and is supported on a wide variety of systems RIP adheres to the following dis...

Page 223: ... networks must be contiguous and subnets of a major network must be configured with identical subnet masks Otherwise route table inconsistencies or worse will occur RIPv1 sends updates as broadcasts to address 255 255 255 255 RIPv2 RFC 2453 is classless and therefore does include the subnet mask with its routing table updates RIPv2 fully supports VLSMs allowing discontinuous networks and varying s...

Page 224: ...re four sections in the RIP page Section Description Global Settings Enables RIP and configures the RIP routing section containing global configuration parameters The web automatically names the routing section ripd Interfaces Configuration Configures the interface sections Defines interface configuration for RIP and interface specific parameters Offset Configuration Configures the offset sections...

Page 225: ... establish a direct link between routers The neighbour command allows the network administrator to specify a router as a RIP neighbour Multiple RIP neighbours are entered using uci set and uci add_list commands Example uci set ripd ripd neighbor 1 1 1 1 uci add_list ripd ripd neighbor 2 2 2 2 or using a list of options via package options list neighbor 1 1 1 1 list neighbor 2 2 2 2 Web Update Time...

Page 226: ...ripd ripd vty_enabled Opt vty_enabled Enable vty for RIPd telnet to localhost 2602 Table 81 Information table for RIP global settings 22 3 2 Offset configuration This section is used for RIP metric manipulation RIP metric is a value for distance in the network Usually ripd package increments the metric when the network information is received Redistributed routes metric is set to 1 Figure 117 The ...

Page 227: ... UCI ripd interface 0 auth_mode Opt auth_mode RIPv2 only allows packets to be authenticated via either an insecure plain text password included with the packet or via a more secure MD5 based HMAC keyed Hashing for Message AuthentiCation Enabling authentication prevents routes being updated by unauthenticated remote routers but still can allow routes that is the entire RIP routing table to be queri...

Page 228: ...MD5 chain Table 84 Information table for MD5 authentication key chains commands 22 4 Configuring RIP using command line RIP is configured under the ripd package etc config ripd There are four config sections ripd interface key_chain and offset You can configure multiple interface key_chain and offset sections By default all RIP interface instances are named interface it is identified by interface ...

Page 229: ... UCI ripd offset 0 offset ripd offset 0 metric 1 Or using package options config offset option metric 1 22 4 1 RIP using UCI root VA_router uci show ripd ripd ripd routing ripd ripd version 2 ripd ripd enabled yes ripd ripd network lan2 gre1 ripd ripd neighbor 10 1 1 100 10 1 2 100 ripd ripd tb_update_sec 30 ripd ripd tb_timeout_sec 180 ripd ripd tb_garbage_sec 120 ripd ripd default_info_originate...

Page 230: ...rse 0 ripd interface 2 passive 0 ripd interface 2 auth_mode md5 ripd interface 2 key_chain Keychain1 ripd key_chain 0 key_chain ripd key_chain 0 key_chain_name Keychain1 ripd key_chain 0 key_id 1 ripd key_chain 0 auth_key 123 ripd offset 0 offset ripd offset 0 metric 1 ripd offset 0 match_network 10 1 1 1 24 22 4 2 RIP using package options root VA_router uci export ripd package ripd config routin...

Page 231: ... auth_mode no option split_horizon 1 option poison_reverse 0 option passive 0 config interface option rip_interface lan2 option split_horizon 1 option poison_reverse 0 option passive 0 option auth_mode text option auth_key textsecret config interface option rip_interface lan3 option split_horizon 1 option poison_reverse 0 option passive 0 option auth_mode md5 option key_chain keychain1 config key_...

Page 232: ... 255 255 248 U 0 0 0 gre GRE 89 101 154 151 10 205 154 65 255 255 255 255 UGH 0 0 0 usb0 192 168 100 0 0 0 0 0 255 255 255 0 U 0 0 0 eth0 192 168 104 1 11 11 11 4 255 255 255 255 UGH 3 0 0 gre GRE 192 168 154 154 11 11 11 1 255 255 255 255 UGH 2 0 0 gre GRE Note a route will only be displayed in the routing table when the interface is up 22 5 2 Tracing RIP packets RIP uses UDP port 520 To trace RI...

Page 233: ... Zebra for advanced debugging of the routing protocols To access enter telnet localhost zebra password zebra root VA_router telnet localhost zebra Entering character mode Escape character is Hello this is Quagga version 0 99 21 Copyright 1996 2005 Kunihiro Ishiguro et al User Access Verification Password To see RIP routing information from Zebra console enter sh ip route root VA_router sh ip route...

Page 234: ...tion RIP debug console can be accessed for advanced RIP debugging To access RIP debug console enter telnet localhost ripd password zebra root VA_router telnet localhost ripd Entering character mode Escape character is Hello this is Quagga version 0 99 21 Copyright 1996 2005 Kunihiro Ishiguro et al User Access Verification Password To see RIP status from RIP debug console enter sh ip rip root VA_ro...

Page 235: ... ip rip status Routing Protocol is rip Sending updates every 30 seconds with 50 next due in 17 seconds Timeout after 180 seconds garbage collect after 120 seconds Outgoing update filter list for all interface is not set Incoming update filter list for all interface is not set Default redistribution metric is 1 Redistributing Default version control send version 2 receive version 2 Interface Send R...

Page 236: ...ace state pings to an ICMP target signal level checks using signal threshold RSCP threshold and ECIO threshold option values A fail for any of the above health checks results in a fail After a configurable number of health check failures Multi WAN will move to the next highest priority interface Multi WAN will optionally stop the failed interface and start the new interface if required In some cir...

Page 237: ...ending on timer set by ifup_retry_sec 0 Disabled 1 Enabled Web Alternate Mode UCI multiwan config alt_mode Opt alt_mode Enables or disables alternate mode for Multi WAN If enabled the router will use an alternate interface after reboot 0 Disabled 1 Enabled Table 85 Information table for multi WAN page When you have enabled Multi WAN you can add the interfaces that will be managed by Multi WAN for ...

Page 238: ...___________________________ _______________________________________________________________________________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 238 of 519 Figure 121 Example interface showing failover traffic destination as the added multi WAN interface ...

Page 239: ...cted then multiwan does not send a ping health check to the icmp_host otherwise a ping is sent as normal to the icmp_host By default the conntrack_hosts is checked if the health interval is greater than 5 minutes This time threshold currently cannot be manipulated Conntrack is generally used to limit the traffic sent on a GSM network Default Conntrack checks for traffic from icmp_host IP when heal...

Page 240: ...he value stored for sig_dbm in mobile diagnostics 115 Disabled Range 46 to 115 dBm Web RSCP Threshold dBm UCI multiwan wan rscp_threshold Opt rscp_threshold Specifies the minimum RSCP signal strength in dBm before considering if the interface fails signal health check Uses the value stored for rscp_dbm in mobile diagnostics 115 Disabled Range 46 to 115 dBm Web ECIO Threshold dB UCI multiwan wan ec...

Page 241: ...lth_fail_retries 3 option health_recovery_retries 5 option priority 2 option manage_state yes option exclusive_group 0 option ifup_retry_sec 40 option icmp_hosts disable option icmp_interval 1 option timeout 3 option icmp_count 1 option conntrack_hosts disable option signal_threshold 111 option rscp_threshold 90 option ecio_threshold 15 option ifup_timeout_sec 120 root VA_router uci show multiwan ...

Page 242: ...an wan signal_threshold 111 multiwan wan rscp_threshold 90 multiwan wan ecio_threshold 15 23 4 Multi WAN diagnostics The multi WAN package is linked to the network interfaces within etc config network Note multi WAN will not work if the WAN connections are on the same subnet and share the same default gateway To view the multi WAN package enter root VA_router uci export multiwan package multiwan c...

Page 243: ...r troubleshooting root VA_router etc init d multiwan Syntax etc init d multiwan command Available commands start Start the service stop Stop the service restart Restart the service reload Reload configuration files or restart if that fails enable Enable service autostart disable Disable service autostart When troubleshooting make sure that the routing table is correct using route n Ensure all para...

Page 244: ...ultiwan package is used to run failover between interfaces Typically these auto generated interfaces are sorted by signal strength Details for these interfaces are provided in the mobile package When you have created the interfaces Multi WAN manages the operation of primary predefined and failover auto created interfaces Multi WAN periodically does a health check on the active interface A health c...

Page 245: ... time set by multiwan option ifup_timeout continue to step 2 Otherwise go to step 4 7 A health check is periodically done on the PMP interface as determined by the multiwan option health_interval If the health check fails for the number of retries multiwan option health_fail_retries disconnect the PMP interface 8 Connect the first auto generated interface 9 If the interface connects within the tim...

Page 246: ...ure 123 The create interface page Web Field UCI Package Option Description Web Name of the new interface UCI network 3g_s sim number _ short operator name Opt 3g_s sim number _ short operator name Type the name of the new interface Type the interface name in following format 3g_s sim number _ short operator name Where sim number is number of roaming SIM 1 or 2 and short operator name is first four...

Page 247: ...anaged Unspecified IPv6 in IPv4 RFC4213 IPv4 tunnels that carry IPv6 IPv6 over IPv4 IPv6 over IPv4 tunnel GRE Generic Routing Encapsulation IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point Protocol PPPoE Point to Point Protocol over Ethernet PPPoATM Point to Point Protocol over ATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT style 3G modem Web Create a bridge over multiple ...

Page 248: ...tocol over ATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT style 3G modem Web Service Type UCI network x service Opt service Service type that will be used to connect to the network gprs_only Allows GSM module to only connect to GPRS network lte_only Allows GSM module to only connect to LTE network cdma Allows GSM module to only connect to CDMA network auto GSM module will automat...

Page 249: ..._______________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 249 of 519 24 2 1 4 Set multi WAN options for primary predefined interface On the web interface go to Network Multi Wan The Multi WAN page appears Figure 125 The multi WAN page In the WAN Interfaces section type in the name of the Multi WAN interface Click Add The Multi WAN page appears Figure 126 The mult...

Page 250: ...target IP address for ICMP packets Disable Disables the option DNS servers DNS IP addresses will be used WAN Gateway Gateway IP address will be used custom Ability to provide IP address Web Health Monitor Conntrack Test Host s UCI multiwan wan conntrack_hosts Opt conntrack_hosts Conntrack is the feature used to track if there is any traffic to and from an IP destination within the health interval ...

Page 251: ... Interface State Up Down UCI multiwan x manage_state Opt manage_state Defines whether multi WAN will start and stop the interface Select Enabled 0 Disabled 1 Enabled Web Minimum ifup Interval UCI multiwan x ifup_retry_sec Opt ifup_retry_sec Specifies the interval in seconds before retrying the primary interface when pre empt mode is enabled Web Interface Start Timeout UCI multiwan x ifup_timeout O...

Page 252: ...h fail occurs when either rscp_dbm falls below 105dBm or ecio_db falls below 15dB Tech values are 0 GSM 1 GSM Compact 2 UTRAN 3 GSM w EGPRS 4 UTRAN w HSPDA 5 UTRAN w HSUPA 6 UTRAN w HSUPA and HSDPA 7 E UTRAN Table 89 Information table for Multi WAN page Click Save 24 2 2 Set options for automatically created interfaces failover From the top menu on the web interface page select Services Mobile Man...

Page 253: ...b PIN code for SIM2 UCI mobile main sim2pin Opt sim2pin Depending on the SIM card specify the pin code for SIM 2 Blank Range Depends on the SIM provider Web LTE bands for SIM1 UCI mobile main sim1_lte_bands Opt sim1_lte_bands Depending on the SIM card specify the LTE bands for SIM 1 Comma delimiter Example option sim1_lte_bands 3 20 Limits LTE bands to 3 and 20 Note currently only supported by Huc...

Page 254: ...I mobile main temp_poll_interval_sec Opt temp_poll_interval_sec Defines the time in seconds to poll the mobile module for temperature Set to 0 to disable 61 61 seconds Range Web Automatic Firmware Selection UCI mobile main enable_firmware_autoselect Opt enable_firmware_autoselect Defines whether to use time obtained from the mobile carrier to update the system clock when NTP is enabled 0 Disabled ...

Page 255: ...t imsi Allows the IMSI International Mobile Subscriber Identity to be changed Default Programmed in module Digits Up to 15 digits Web HDR Auth User ID UCI mobile main hdr_userid Opt hdr_userid AN PPP user ID Supported on Cellient CDMA modem only Blank Range Depends on the CDMA provider Web HDR Auth User Password UCI mobile main hdr_password Opt hdr_password AN PPP password Supported on Cellient CD...

Page 256: ..._SID registration flag 0 Disabled 1 Enabled Web MOB_TERM_FOR_NID registration flag UCI mobile main cdma_mob_term_for_nid_registration_flag Opt cdma_mob_term_for_nid_registration_flag The MOB_TERM_FOR_NID registration flag 0 Disabled 1 Enabled Web Access Overload Control UCI mobile main cdma_access_overload_control Opt cdma_access_overload_control Allows the access overload class to be changed Defa...

Page 257: ...e form SID1 NID1 SID2 NID2 Format SID1 0 65535 NID 0 65535 Default 0 65535 Table 92 Information table for mobile manager CDMA settings 24 2 6 Mobile manager callers Figure 130 The mobile manager CDMA page Web Field UCI Package Option Description Web Name UCI mobile caller 0 name Opt name Name assigned to the caller Blank Range No limit Web Number UCI mobile caller 0 number Opt number Number of the...

Page 258: ...b Interface Signal Sort UCI mobile roaming_template 0 sort_sig_st rength Opt sort_sig_strength Sorts interfaces by signal strength priority so those that have a better signal strength will be tried first 0 Disabled 1 Enabled Web Roaming SIM UCI mobile main roaming_sim Opt roaming_sim Sets in which slot to insert roaming SIM card 1 SIM slot 1 2 SIM slot 2 Web Firewall Zone UCI mobile roaming_templa...

Page 259: ...f no valid_service order is defined then the configured Service Type is used Example mobile roaming_template 0 service_order gprs umts lte auto Blank Automatically detect best service Range gprs umts lte auto Web Health Monitor Interval UCI mobile roaming_template 0 health_int erval Opt health_interval Sets the period in seconds to check the health status of the interface The Health Monitor interv...

Page 260: ...P Timeout UCI mobile roaming_template 0 timeout Opt timeout Specifies the time in seconds that Health Monitor ICMP will timeout at Sets ping timeout in seconds Choose the time in seconds that the health monitor ICMP will timeout at 3 Wait 3 seconds for ping reply Range Web Health Monitor ICMP Interval UCI mobile roaming_template 0 interval Opt icmp_interval Defines the interval in seconds between ...

Page 261: ...132 The reboot page Check the Reboot now check box and then click Reboot 24 2 8 Scenario 2 PMP roaming pre empt disabled As in the previous section multi WAN connects the PMP interface and uses auto created interfaces for failover However in this scenario the auto created interface will not be disconnected as soon as the ifup_retry_sec expires for the PMP interface The primary interface will be re...

Page 262: ...pt not selected Click Save Apply In the top menu select System Reboot The System Reboot page appears Figure 134 The system reboot page Check the Reboot now check box and then click Reboot 24 2 9 Scenario 3 No PMP roaming In this scenario there is no PMP interface that can be used for a connection The router scans the available mobile networks at boot and sorts the networks according to signal stre...

Page 263: ...appears There are three sections Basic settings Configure SMS select roaming SIM and collect ICCCIDs Callers Configure callers that can use SMS Roaming Interface Template Configure common values for interface created by Automatic Operator Selection 24 2 10 1 Basic settings Web Field UCI Package Option Description Web SMS Enable UCI mobile main sms Opt sms Enables SMS no Disabled yes Enabled Web Co...

Page 264: ...Name assigned to the caller Blank Range Web Number UCI mobile caller 0 number Opt number Number of the caller allowed to SMS the router Add in specific caller numbers or use the wildcard symbol Blank Range Web Enable UCI mobile caller 0 enabled Opt enabled Enables or disables incoming caller ID no Disabled yes Enabled Web Respond UCI mobile caller 0 respond Opt respond If checked the router will r...

Page 265: ...me Opt username Username used to connect to APN Web PAP CHAP password UCI mobile roaming_template 0 password Opt password Password used to connect to APN Web Service Order UCI mobile roaming_template 0 service_or der Opt service_order Defines a space separated list of services in preferred order Valid options are gprs umts lte auto If no valid_service order is defined then the configured Service T...

Page 266: ...ll timeout at 3 Wait 3 seconds for ping reply Range Web Health Monitor ICMP Interval UCI mobile roaming_template 0 interval Opt icmp_interval Defines the interval in seconds between multiple pings sent at each health check 1 Range Web Attempts Before WAN Failover UCI mobile roaming_template 1 health_fail _retries Opt health_fail_retries Defines the number of health check failures before interface ...

Page 267: ...0 Disabled 1 Enabled Web Preempt UCI multiwan config preempt Opt pre empt Enables or disables pre emption for multiwan If enabled the router will keep trying to connect to a higher priority interface depending on timer set by ifup_retry_sec Leave this option unselected 0 Disabled 1 Enabled Web Alternate Mode UCI multiwan config alt Opt alt Enables or disables alternate mode for multiwan If enabled...

Page 268: ... config interface 3g_s1_voda option auto 0 option proto 3g option service_order auto lte umts gprs option apn testIE option username test option password test option sim 1 option operator vodafone IE To view uci commands enter root VA_router uci show network network loopback interface network loopback ifname lo network loopback proto static network loopback ipaddr 127 0 0 1 network loopback netmas...

Page 269: ...nfigurations are stored in the mobile package etc config mobile To view the mobile configuration file enter root VA_router uci export mobile config mobile main option sms yes option roaming_sim 1 option init_get_iccids no config caller option name Test option number option enabled yes option respond yes config roaming_template option roaming_sim 1 option firewall_zone wan option apn test IE option...

Page 270: ... roaming_template 0 firewall_zone wan mobile roaming_template 0 apn test IE mobile roaming_template 0 username test mobile roaming_template 0 password test mobile roaming_template 0 service umts mobile roaming_template 0 health_interval 4 mobile roaming_template 0 icmp_hosts disable mobile roaming_template 0 timeout disable mobile roaming_template 0 health_fail_retries 3 mobile roaming_template 0 ...

Page 271: ...1 To view the uci command of package multiwan enter root VA_router uci show multiwan multiwan config multiwan multiwan config enabled 1 multiwan config preempt 1 multiwan main_voda interface multiwan main_voda health_fail_retries 3 multiwan main_voda health_interval 3 multiwan 3g_s1_voda timeout 1 multiwan 3g_s1_voda icmp_hosts disable multiwan 3g_s1 main _voda priority 10 multiwan 3g_s1_voda excl...

Page 272: ...bile package enter root VA_router uci export mobile package mobile config mobile main option sms yes option roaming_sim 1 option debug 1 config caller option name Eval option number option enabled yes option respond yes config roaming_template option roaming_sim 1 option firewall_zone wan option apn test IE option username test option password test option service umts option health_fail_retries 2 ...

Page 273: ...mobile roaming_template 0 firewall_zone wan mobile roaming_template 0 apn stream co uk mobile roaming_template 0 username default mobile roaming_template 0 password void mobile roaming_template 0 service umts mobile roaming_template 0 health_fail_retries 2 mobile roaming_template 0 signal_threshold 100 mobile roaming_template 0 priority 5 mobile roaming_template 0 ifup_timeout_sec 180 mobile roami...

Page 274: ...ig preempt no multiwan config alt_mode no 24 5 Automatic operator selection diagnostics via the web interface 24 5 1 Checking the status of the Multi WAN package When interfaces are auto created they are presented in the network and in the Multi WAN package To check interfaces created in the Multi WAN package from the top menu select Network Multi WAN To check interfaces that have been created in ...

Page 275: ...h the time of scan and number of services found To check roaming interfaces discovered enter root VA_router cat var const_state roaming roaming main2_voda_lte service roaming main2_voda_lte name vodafone IE roaming main2_voda_lte shortname voda IE roaming main2_voda_lte opnum 27201 roaming main2_voda_lte interface main2_voda roaming main2_voda_lte servicetype 7 roaming main2_voda_lte sim 2 roaming...

Page 276: ...RL roaming main2_o2IR_umts shortname o2 IRL roaming main2_o2IR_umts opnum 27202 roaming main2_o2IR_umts interface main2_o2IR roaming main2_o2IR_umts servicetype 2 roaming main2_o2IR_umts sim 2 roaming main2_o2IR_umts tested 1 roaming main2_o2IR_umts signalstrength 85 roaming main2_o2IR_gprs service roaming main2_o2IR_gprs name o2 IRL roaming main2_o2IR_gprs shortname o2 IRL roaming main2_o2IR_gprs...

Page 277: ...2_3IRL icmp_hosts disable multiwan main2_3IRL health_interval 4 multiwan main2_3IRL priority 5 multiwan main2_3IRL ifup_retry_sec 120 multiwan main2_3IRL health_fail_retries 3 multiwan main2_o2IR interface multiwan main2_o2IR timeout disable multiwan main2_o2IR health_recovery_retries 5 multiwan main2_o2IR exclusive_group 3g multiwan main2_o2IR manage_state yes multiwan main2_o2IR signal_threshold...

Page 278: ...in2_3IRL proto 3g network main2_o2IR interface network main2_o2IR snmp_alias_ifindex 3 network main2_o2IR sim 2 network main2_o2IR defaultroute yes network main2_o2IR username campen1 network main2_o2IR apn vpn amylan co uk network main2_o2IR opformat 2 network main2_o2IR phy 1 1 network main2_o2IR roaming_sim 2 network main2_o2IR operator 27202 network main2_o2IR password campen1 network main2_o2...

Page 279: ... 05 02 38 2018 mobile 3g_1_1 imsi 204043726930595 mobile 3g_1_1 imsi2 204043726930595 mobile 3g_1_1 lte_band 3 mobile 3g_1_1 last_error no network service mobile 3g_1_1 mcc 272 mobile 3g_1_1 last_error_time 2018 02 22 10 41 27 mobile 3g_1_1 lac 11 mobile 3g_1_1 cell 46542698 mobile 3g_1_1 mnc 05 mobile 3g_1_1 operator_code 27205 mobile 3g_1_1 operator_name 3 IRL DATA ONLY mobile 3g_1_1 rscp_dbm 86...

Page 280: ...If no data is received over the monitored interface during the configured duration then the recovery action is performed If more than one interface is specified under a single Connection Watch the recovery action will be performed only if no data is received on both of the interfaces for the defined period Currently three configurable periods and associated recovery actions can be defined 25 1 Con...

Page 281: ... 0 test_ifaces Opt test_ifaces Defines the interface name s to monitor Multiple interfaces are delimited by space separator Example option test_ifaces WANADSL WANMOBILE If multiple interfaces are defined the failure action will only be triggered if no traffic is received on all interfaces for the defined period Web Failure Time for Action 1 UCI cwatch watch 0 failure_time_1 Opt failure_time_1 Defi...

Page 282: ...duration to monitor an interface for receive traffic Duration can be specified in seconds minutes hours days 24h Range s m h d Web Failure Action 3 UCI cwatch watch 0 failure_action_3 Opt failure_action_3 Defines the failure action associated with failure_time_3 Example to reset usb option failure_action_3 reboot blank Range Table 99 Information table for cwatch section 25 3 Configuring cwatch usi...

Page 283: ...ction_2 etc init d usb_startup restart cwatch WATCH_MOBILE failure_time_3 24h cwatch WATCH_MOBILE failure_action_3 reboot 25 3 2 cwatch using package options root VA_router uci export cwatch package cwatch config watch WATCH_MOBILE option enabled 1 option test_ifaces wan option failure_time_1 1h option failure_action_1 ifup wan option failure_time_2 10h option failure_action_2 etc init d usb_start...

Page 284: ...interfaces and different subnets You can manually configure lease time as well as setting static IP to host mappings Domain Name Server DNS is responsible for resolution of IP addresses to domain names on the internet Dnsmasq is the application which controls DHCP and DNS services Dnsmasq has two sections one to specify general DHCP and DNS settings and one or more DHCP pools to define DHCP operat...

Page 285: ..._____________________________________________________________________ _______________________________________________________________________________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 285 of 519 Figure 141 The DHCP and DNS page ...

Page 286: ...ocal Opt local Specifies the local domain Names matching this domain are never forwarded and are resolved from DHCP or host files only lan Range Web Local Domain UCI dhcp dnsmasq 0 domain Opt domain Specifies local domain suffix appended to DHCP names and hosts file entries lan Range Web Log Queries UCI dhcp dnsmasq 0 logqueries Opt logqueries Writes received DNS requests to syslog 0 Disabled 1 En...

Page 287: ...here given DHCP leases will be stored The DHCP lease file allows leases to be picked up again if dnsmasq is restarted tmp dhcp leas es Store DHCP leases in this file Range Web Ignore resolve file UCI dhcp dnsmasq 0 noresolv Opt noresolv Defines whether to use the local DNS file for resolving DNS 0 Use local DNS file 1 Ignore local DNS file Web Resolve file UCI dhcp dnsmasq 0 resolvfile Opt resolvf...

Page 288: ...ettings Figure 143 The TFTP settings section Web Field UCI Package Option Description Web Enable TFTP server UCI dhcp dnsmasq 0 enable_tftp Opt enable_tftp Enables the TFTP server 0 Disabled 1 Enabled Web TFTP server Root UCI dhcp dnsmasq 0 tftp_root Opt tftp_root Defines root directory for file served by TFTP Web Network boot image UCI dhcp dnsmasq 0 dhcp_boot Opt dhcp_boot Defines the filename o...

Page 289: ...s Figure 144 The advanced settings page Web Field UCI Package Option Description Web Filter private UCI dhcp dnsmasq 0 Opt boguspriv Enables disallow option for forwarding reverse lookups for local networks This rejects reverse lookups to private IP ranges where no corresponding entry exists in etc hosts 1 Enabled 0 Disabled Web Filter useless UCI dhcp dnsmasq 0 filterwin2k Opt filterwin2k Enables...

Page 290: ...der of the resolve file 1 Enabled 0 Disabled Web Bogus NX Domain override UCI dhcp dnsmasq 0 bogusnxdomain Opt list bogusnxdomain A list of hosts that supply bogus NX domain results When using UCI multiple servers enter the server names with a space between them Empty list Range Web DNS server port UCI dhcp dnsmasq 0 port Opt port Listening port for inbound DNS queries 53 Set to 0 to disable DNS f...

Page 291: ...ays the remaining lease time Table 104 Information table for active leases section 26 2 6 Static leases Use static leases to assign fixed IP addresses and symbolic hostnames to DHCP clients Static leases are also required for non dynamic interface configurations where only hosts with a corresponding lease are served Click Add to add a new lease entry Figure 146 The static leases section Web Field ...

Page 292: ...lect Edit Scroll to DNCP Server section Note this section is only available for interfaces with a static IP address To assign a DHCP Server to the interface click Setup DHCP Server Figure 147 The DHCP Server settings section The DHCP Server configuration options will appear The DHCP Server is divided into two sub sections General Setup and Advanced Settings 26 2 7 1 DHCP server general setup Figur...

Page 293: ...reater than 24 it may be greater than 255 to span subnets Alternatively specify in IP address notation using the wildcard 0 where the octet is required to inherit bits from the interface IP addess Example to define a DHCP scope starting from 10 1 20 0 on an interface with 10 1 0 0 16 address set start to 0 0 20 1 100 Range Web Limit UCI dhcp dhcp x limit Opt limit Defines the size of the address p...

Page 294: ...470 or list dhcp_option mtu 1470 you can assign a specific MTU per DHCP pool Your client must accept the MTU option for this to work Options that contain multiple values should be separated by a comma Example list dhcp_option 6 192 168 2 1 192 168 2 2 No options defined Syntax Option_number option_value Web n a UCI dhcp dhcp x networkid Opt networkid Assigns a network id to all clients that obtain...

Page 295: ...onf auto dhcp dnsmasq 0 nohosts 0 dhcp dnsmasq 0 addnhosts hostfile1 hostfile2 dhcp dnsmasq 0 interface lan dhcp dnsmasq 0 server 1 1 1 1 2 2 2 2 dhcp dnsmasq 0 rebind domain tes domain dhcp dnsmasq 0 enable_tftp 0 dhcp dnsmasq 0 tftp_root tmp tftp dhcp dnsmasq 0 dhcp_boot boot image dhcp dnsmasq 0 nonegcache 0 dhcp dnsmasq 0 strictorder 0 dhcp dnsmasq 0 bogusnxdomain 1 1 1 1 2 2 2 2 dhcp dnsmasq ...

Page 296: ...ist bogusnxdomain 2 2 2 2 option port 53 option dhcpleasemax 150 option ednspacket_max 1280 option dnsforwardmax 150 Options local and domain enable dnsmasq to serve entries in etc hosts as well as the DHCP client s names as if they were entered into the LAN DNS domain For options domainneeded boguspriv localise_queries and expandhosts make sure that requests for these local host names and the rev...

Page 297: ...ess 192 168 1 2 and the name mypc for a machine with the Ethernet hardware address 00 11 22 33 44 55 26 3 2 1 Static leases using UCI root VA_router uci show dhcp mypc dhcp mypc host dhcp mypc ip 192 168 1 2 dhcp mypc mac 00 11 22 33 44 55 dhcp mypc name mypc 26 3 2 2 Static leases using package options root VA_router uci export dhcp package dhcp config host mypc option ip 192 168 1 2 option mac 0...

Page 298: ...kage options config dhcp option interface LAN However to better identify it is recommended to give the dhcp pool instance a name For example to create a dhcp pool instance named LAN To define a named dhcp pool instance using UCI enter dhcp LAN dhcp dhcp LAN interface LAN To define a named dhcp pool instance using package options enter config dhcp LAN option interface LAN 26 3 3 1 Configuring DHCP ...

Page 299: ...ion will only detail the configuration for DHCP client For information on how to configure other interface options such as firewall zone mapping of switch ports etc refer to standard interface configuration document 27 1 Configuration packages used Package Sections network interface 27 2 Configuring DHCP client using the web interface DHCP client is configured under the interface configuration by ...

Page 300: ...rnet interfaces Ports are marked with capital letters starting with A Type in space separated port character in the port map fields ATM Bridges ATM bridges expose encapsulated Ethernet in AAL5 connections as virtual Linux network interfaces which can be used in conjunction with DHCP or PPP to dial into the provider network 27 2 1 Editing an existing interface for DHCP client To edit an existing in...

Page 301: ...ing Encapsulation protocol IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point Protocol PPPoE PPP over Ethernet PPPoATM PPP over ATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT style 3G modem Web Create a bridge over multiple interfaces UCI network if name type Opt type If you select this option then the new logical interface created will act as a bridging interface between th...

Page 302: ...Section Description General Setup Configure the basic interface settings such as protocol IP address gateway netmask custom DNS servers Advanced Settings Bring up on boot Monitor interface state Override MAC address Override MTU and Use gateway metric Physical Settings Bridge interfaces VLAN PCP to SKB priority mapping Firewall settings Assign a firewall zone to the interface Only General setup an...

Page 303: ...over IPv4 transport GRE Generic Routing Encapsulation protocol IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point protocol PPPoE PPP over Ethernet PPPoATM PPP over ATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT style 3G modem Web Hostname to send when requesting DHCP UCI network if name hostname Opt hostname Defines the hostname to include in DHCP requests Web Accept router ...

Page 304: ... interface state UCI network if name monitored Opt monitored Enabled if status of interface is presented on Monitoring platform 0 Disabled 1 Enabled Web Use broadcast flag UCI network if name broadcast Opt broadcast Enables the broadcast flag in DHCP requests required for certain ISPs 0 Disabled 1 Enabled Web Use default gateway UCI network if name gateway Opt gateway Defines whether to suppress t...

Page 305: ...r Override the MAC address assigned to this interface Must be in the form hh hh hh hh hh hh where h is a hexadecimal number Web Override MTU UCI network if name mtu Opt mtu Defines the value to override the default MTU on this interface 1500 1500 bytes Web Dependant Interfaces UCI network if_name dependants Opt dependants Lists interfaces that are dependent on this parent interface Dependant inter...

Page 306: ...k config interface DHCPCLIENTLAN option proto dhcp option ifname eth3 option monitored 0 option broadcast 0 option accept_ra 1 option send_rs 0 option metric 1 27 4 DHCP client diagnostics 27 4 1 Interface status To see IP address of DHCP client interface enter ifconfig root VA_router ifconfig 3g CDMA Link encap Point to Point Protocol inet addr 10 33 152 100 P t P 178 72 0 237 Mask 255 255 255 25...

Page 307: ... 16436 Metric 1 RX packets 385585 errors 0 dropped 0 overruns 0 frame 0 TX packets 385585 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 0 RX bytes 43205140 41 2 MiB TX bytes 43205140 41 2 MiB To display a specific interface enter root VA_router ifconfig eth0 eth0 Link encap Ethernet HWaddr 00 E0 C8 12 12 15 inet addr 192 168 100 1 Bcast 192 168 100 255 Mask 255 255 255 0 inet6 ad...

Page 308: ..._______________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 308 of 519 27 4 3 Route status To show the current routing status enter root VA_router route n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192 168 100 0 255 255 255 0 U 0 0 0 eth0 Note a route will only be displayed in the routing table when the interface is up ...

Page 309: ...P forwarding This section describes how to configure the router to forward DHCP requests from an interface to a network DHCP server 28 1 Configuration packages used Package Sections dhcp_fwd dhcpfwd 28 2 Configuring DHCP forwarding using the web interface To configure DHCP forwarding using the web interface in the top menu click Network DHCP Forwarder The DHCP forwarder page appears The web GUI cr...

Page 310: ...sing a list of options via package options list listen_interface LAN1 list listen_interface LAN2 Web DHCP Servers UCI dhcp_fwd main server Opt list server Defines a list of the network DHCP servers to forward DHCP messages to Multiple interface_name s are entered using uci set and uci add_list commands Example uci set dhcp_fwd main server 1 1 1 1 uci add_list dhcp_fwd main main server 2 2 2 2 or u...

Page 311: ...cket This means that when forwarding over an IPSec tunnel a source NAT firewall rule is required to change the source IP to match an IPSec connection rule 28 4 1 Configuration packages used Package Sections firewall redirect 28 4 2 Configuring source NAT for DHCP forwarding over IPsec To enter a source NAT rule browse to Network Firewall Select Traffic Rules tab The Firewall Traffic Rules page app...

Page 312: ...r the source NAT rule Select the interface where the DHCP requests are originating Web Destination Zone UCI firewall redirect X dest Opt dest Defines destination interface for the source NAT rule Select the interface where the DHCP requests are intended to be transmitted Web To source IP UCI firewall redirect X src_dip Opt src_dip Defines the IP address to rewrite matched traffic souce IP Select t...

Page 313: ...ewall redirect X src Opt src Defines the source interface for the source NAT rule Select the interface where the DHCP requests are originating Web Destination Zone UCI firewall redirect X dest Opt dest Defines destination interface for the source NAT rule Select the interface where the DHCP requests are intended to be transmitted Web Destination port UCI firewall redirect X port Opt port Defines t...

Page 314: ..._port 67 28 5 DHCP forwarding diagnostics 28 5 1 Tracing DHCP packets To trace DHCP packets on any interface on the router enter tcpdump i any n p port 67 root VA_router tcpdump i any n p port 67 root VA_router tcpdump verbose output suppressed use v or vv for full protocol decode listening on any link type LINUX_SLL Linux cooked capture size 65535 bytes 16 39 20 666070 IP 0 0 0 0 68 255 255 255 2...

Page 315: ...______________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 315 of 519 16 39 20 666166 IP 0 0 0 0 68 255 255 255 255 67 BOOTP DHCP Request from 00 e0 c8 13 02 3d length 360 28 5 2 ARP table status To show the current ARP table of the router enter arp root VA_router arp 10 67 253 141 at 30 30 41 30 43 36 ether on eth8 10 47 48 1 at 0a 44 b2 06 ether on gre gr...

Page 316: ...ever the IP address changes the client notifies the DNS provider to update the corresponding domain name When the DNS provider responds to queries for the domain name it sets a low lifetime typically a minute or two at most on the response so that it is not cached Updates to the domain name are thus visible throughout the whole Internet with little delay Note most providers impose restrictions on ...

Page 317: ...I ddns name update_url Opt update_url Defines the customer DNS provider Displayed when the service is set to custom in the web interface Web Hostname UCI ddns name domain Opt domain Defines the fully qualified domain name associated with this entry This is the name to update with the new IP address as needed Web Username UCI ddns name username Opt username Defines the user name to use for authenti...

Page 318: ..._unit 10 Range Web Check time unit UCI ddns name check_unit Opt check_unit Defines the time unit to use for check for an IP change Used in conjunction with check_interval Minutes hours Web Force update every UCI ddns name force_interval Opt force_interval Defines how often to force an IP update to the provider Used in conjunction with force_unit 72 Disabled Range Enabled Web Force time unit UCI dd...

Page 319: ...of 519 ddns ddns1 check_unit minutes ddns ddns1 force_interval 72 ddns ddns1 force_unit hours ddns ddns1 interface dsl0 Package options for DDNS root VA_router uci export ddns package ddns config service ddns1 option enabled 1 option service_name dyndns org option domain fqdn_of_interface option username test option password test option ip_source network option ip_network dsl0 option check_interva...

Page 320: ...resses It is used preferentially to other name resolution methods such as DNS The hosts file contains lines of text consisting of an IP address in the first text field followed by one or more host names Each field is separated by white space tabs are often preferred for historical reasons but spaces are also used Comment lines may be included they are indicated by an octothorpe in the first positi...

Page 321: ...ion Web Hostname UCI network host hostname Opt hostname Defines the hostname Web IP Address UCI network host addr Opt addr Defines the IP address associated with the hostname Table 115 Information table for host records settings 30 2 3 Local host records using command line Local host records are configured in the host section of the network package etc config network Multiple hosts can be configur...

Page 322: ...package network config host option hostname Device1 option addr 1 1 1 1 30 2 4 Local host records diagnostics 30 2 4 1 Hosts file Local host records are written to the local hosts file stored at etc hosts To view the local hosts file enter root VA_router cat etc hosts 127 0 0 1 localhost 1 ip6 localhost ip6 loopback 1 1 1 1 Device1 30 3 PTR records PTR records are used for reverse DNS The primary ...

Page 323: ...Description Web Hostname UCI dhcp domain name Opt name Defines the domain name for the PTR record Web IP Address UCI dhcp domain ip Opt ip Defines the IP address associated with the domain name Table 116 Information table for hostnames settings 30 3 3 PTR records using command line PTR records are configured in the domain section of the dhcp package etc config dhcp Multiple domains can be configur...

Page 324: ...0 3 4 1 PTR records table To view PTR records enter root VA_router pgrep fl dnsmasq 4724 usr sbin dnsmasq K D y Z b E s lan S lan l tmp dhcp leases r tmp resolv conf auto stop dns rebind rebind localhost ok A Device1 lan 1 1 1 1 ptr record 1 1 1 1 in addr arpa Device1 lan A Device2 lan 2 2 2 2 ptr record 2 2 2 2 in addr arpa Device2 lan 30 4 Static leases Static leases are used to assign fixed IP ...

Page 325: ...ption Web Hostname UCI dhcp host name Opt name Defines the symbolic hostname to assign Web MAC Address UCI dhcp host mac Opt mac Defines the MAC address for this host MAC addresses should be entered in the format aa bb cc dd ee ff Web IPv4 Address UCI dhcp host ip Opt ip Defines the IP address to be used for this host Table 117 Information table for static leases settings 30 4 3 Static leases usin...

Page 326: ...Access 2018 GW6600 Series User manual Issue 1 7 Page 326 of 519 Or using package options config host option name Host1 30 4 3 1 Static leases using uci root VA_router uci show dhcp dhcp host 0 host dhcp host 0 name Host1 dhcp host 0 mac aa bb cc dd ee ff dhcp host 0 ip 4 4 4 4 30 4 3 2 Static leases using package option root VA_router uci export dhcp package dhcp config host option name Host1 opti...

Page 327: ...pass through the firewall Dropped packets are prohibited from passing Rejected packets are also prohibited but an ICMP message is returned to the source host A minimal firewall configuration for a router usually consists of one defaults section at least two zones LAN and WAN and one forwarding to allow traffic from LAN to WAN Other sections that exist are redirects rules and includes 31 1 Configur...

Page 328: ...alid Opt drop_invalid Drops packets not matching any active connection 0 Disabled 1 Enabled Web Input UCI firewall defaults input Opt input Default policy for the Input chain Accept Accepted packets pass through the firewall Reject Rejected packets are blocked by the firewall and ICMP message is returned to the source host Drop Dropped packets are blocked by the firewall Web Output UCI firewall de...

Page 329: ... by software the only hardware limitation is the amount of RAM installed on the device 31 2 1 3 Firewall zone general settings Figure 166 The firewall zone general settings Web Field UCI Package Option Description Web name UCI firewall zone label name Opt name Sets the unique zone name Maximum of 11 characters allowed Note the zone label is obtained by using the uci show firewall command and is of...

Page 330: ... Default policy for internal zone traffic between interfaces Forward rules for a zone describe what happens to traffic passing between different interfaces within that zone Accept Accepted packets pass through the firewall Reject Rejected packets are blocked by the firewall and ICMP message is returned to the source host Drop Dropped packets are blocked by the firewall Web Masquerading UCI firewal...

Page 331: ...ssible by prefixing the subnet with Multiple subnets are allowed Web Restrict Masquerading to given destination subnets UCI firewall zone label masq_dest Opt masq_dest Limits masquerading to the given destination subnets Negation is possible by prefixing the subnet with Multiple subnets are allowed Multiple IP addresses subnets should be separated by a space for example option masq_dest 1 1 1 1 2 ...

Page 332: ...er zones Enter the current zone as the source Enabling this option puts two entries into the firewall file destination and source UCI firewall forwarding label src Opt src Web Allow forward from source zones UCI firewall forwarding label dest Opt dest Allows forward from other zones Enter the current zone as the destination Enabling this option puts two entries into the firewall file destination a...

Page 333: ... udp Match UDP packets only udp Web External port UCI firewall redirect label src_dport Opt src_dport Specifies the incoming TCP UDP port or port range to match This is the incoming destination port specified by the external host Port ranges specified as start stop for example 2001 2020 Blank Match traffic to any port Range 1 65535 Web Internal IP address UCI firewall redirect label dest_ip Opt de...

Page 334: ...ct should be enabled or disabled 0 Disabled 1 Enabled Web name UCI firewall redirect label name Opt name Sets the port forwarding name For Web UI generated redirects the redirect label takes the form of redirect x where x is an integer starting from 0 Web Protocol UCI firewall redirect label proto Opt proto Defines layer 4 protocol to match incoming traffic Option Description UCI tcp udp Match eit...

Page 335: ...35 Web External port UCI firewall redirect label src_dport Opt src_dport Specifies the incoming TCP UDP port or port range to match This is the incoming destination port specified by the external host Port ranges specified in format start stop for example 2001 2020 You can enter multiple ports using a space separator For example option src_dport 22 23 see note below on use with options src_port an...

Page 336: ...ts of ports If src_port is a list then src_dport dst_port cannot be to avoid ambiguity If src_dport dest_port are lists of different lengths then the missing values of the shorter list default to the corresponding port in the other list For example if configuration file is option src_dport 21 22 23 option dest_port 21 22 23 24 then the firmware will interpret the values as option src_dport 21 22 2...

Page 337: ... specific icmp types This option is only valid when ICMP is selected as the protocol ICMP types can be listed as either type names or type numbers Note for a full list of valid ICMP type names see the ICMP Options table below Web Source zone UCI firewall rule label src Opt src Specifies the traffic source zone must refer to one of the defined zone names For typical port forwards this is usually WA...

Page 338: ...Opt limit Sets maximum average matching rate specified as a number with an optional second minute hour or day suffix Example 3 hour Web n a UCI firewall rule label limit_burst Opt limit_burst Sets maximum initial number of packets to match This number gets recharged by one every time the limit specified above is not reached up to this number Web n a UCI firewall rule label recent Opt recent Sets n...

Page 339: ...alid 1 uci set firewall defaults 0 input ACCEPT uci set firewall defaults 0 output ACCEPT uci set firewall defaults 0 forward ACCEPT Note this command is only required if there is no defaults section 31 3 2 Firewall zone settings By default all firewall zone instances are named zone instances are identified by zone then the zone position in the package as a number For example for the first zone in...

Page 340: ... in the package using UCI firewall forwarding 0 forwarding firewall forwarding 0 src lan Or using package options config forwarding option src lan To enable forwarding of traffic from WAN to LAN enter uci add firewall forwarding uci set firewall forwarding 1 dest wan uci set firewall forwarding 1 src lan 31 3 4 Firewall port forwards By default all port forward instances are named redirect instanc...

Page 341: ...e for the first rule in the package using UCI firewall rule 0 rule firewall rule 0 enabled 1 Or using package options config rule option enabled 1 To set traffic rules enter uci add firewall rule uci set firewall rule 1 enabled 1 uci set firewall rule 1 name Allow_ICMP uci set firewall rule 1 family any uci set firewall rule 1 proto ICMP uci set firewall rule 1 icmp_type any uci set firewall rule ...

Page 342: ...00 ba3 64 option target ACCEPT Similarly the following rule is automatically treated as IPv4 only config rule option src wan option dest_ip 88 77 66 55 option target REJECT Rules without IP addresses are automatically added to iptables and ip6tables unless overridden by the family option Redirect rules port forwards are always IPv4 since there is no IPv6 DNAT support at present 31 5 Implications o...

Page 343: ...tion tracking By default the firewall will disable connection tracking for a zone if no masquerading is enabled This is achieved by generating NOTRACK firewall rules matching all traffic passing via interfaces referenced by the firewall zone The purpose of NOTRACK is to speed up routing and save memory by circumventing resource intensive connection tracking in cases where it is not needed You can ...

Page 344: ...manner because it is not using default port 22 config redirect option name ssh option src wan option proto tcpudp option src_dport 5555 option dest_ip 192 168 1 100 option dest_port 22 option target DNAT option dest lan 31 7 3 Source NAT SNAT Source NAT changes an outgoing packet destined for the system so that is looks as though the system is the source of the packet Define source NAT for UDP and...

Page 345: ...destination port forwarding This usage is similar to SNAT but as the destination IP address is not changed machines on the destination network need to be aware that they ll receive and answer requests from a public IP address that is not necessarily theirs Port forwarding in this fashion is typically used for load balancing config redirect option src wan option src_dport 80 option dest lan option ...

Page 346: ... a forward rule rejecting traffic from LAN to WAN on the ports 1000 1100 config rule option src lan option dest wan option dest_port 1000 1100 option proto tcpudp option target REJECT 31 7 9 Denial of service protection rule The example below shows a sample configuration of SSH DoS attack where if more than two SSH connections are attempted within 120 seconds every further connection will be dropp...

Page 347: ...n ipaddr 10 1 28 122 option netmask 255 255 0 0 option ifname eth1 eth3 12 option ipv4_rp_filter 1 31 7 11 Simple DMZ rule The following rule redirects all WAN ports for all protocols to the internal host 192 168 1 2 config redirect option src wan option proto all option dest_ip 192 168 1 2 31 7 12 Transparent proxy rule external The following rule redirects all outgoing HTTP traffic from LAN thro...

Page 348: ...le below redirects all outgoing HTTP traffic from LAN through a proxy server listening at port 3128 on the router itself config redirect option src lan option proto tcp option src_dport 80 option dest_port 3128 31 7 14 IPSec passthrough This example enables proper forwarding of IPSec traffic through the WAN AH protocol config rule option src wan option dest lan option proto ah option target ACCEPT...

Page 349: ...cludes is Linux standard and therefore different from UCIs 31 7 16 Firewall management After a configuration change to rebuild firewall rules enter root VA_router etc init d firewall restart Executing the following command will flush all rules and set the policies to ACCEPT on all standard chains root VA_router etc init d firewall stop To manually start the firewall enter root VA_router etc init d...

Page 350: ...______________________________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 350 of 519 To see the rules as they are executed run the fw command with the FW_TRACE environment variable set to 1 root VA_router FW_TRACE 1 fw reload To direct the output to a file for later inspection enter root VA_router FW_TRACE 1 fw reload 2 tmp iptables lo ...

Page 351: ...ead the chapter Dynamic Multipoint Virtual Private Network DMVPN The number of IPSec tunnels supported by Virtual Access routers is not limited in any way by software the only hardware limitation is the amount of RAM installed on the device 32 1 Configuration package used Package Sections strongswan general connection secret 32 2 Configuring IPSec using the web interface To configure IPSec using t...

Page 352: ...e an old one 0 Disabled 1 Enabled replace Identical to Yes keep Rejects new IKE SA and keep the duplicate established earlier Web Cache CRLs UCI strongswan general cachecrls Opt cachecrls Certificate Revocation Lists CRLs fetched via HTTP or LDAP will be cached in etc ipsec d crls under a unique file name derived from the certification authority s public key 0 Disabled 1 Enabled Web Disable Revoca...

Page 353: ...ressive mode Note using aggressive mode along with PSK authentication is less secure method than main mode and should be avoided 0 Disabled 1 Enabled Web Name UCI strongswan connection X name Opt name Specifies a name for the tunnel Web Autostart Action UCI strongswan connection X auto Opt auto Specifies when the tunnel is initiated start On start up route When traffic routes this way add Loads a ...

Page 354: ...public IP address of the remote peer Web Local ID UCI strongswan connection X localid Opt localid Defines the local peer identifier Web Remote ID UCI strongswan connection X remoteid Opt remoteid Defines the remote peer identifier Web Local LAN IP Address UCI strongswan connection X locallan Opt locallan Defines the local IP of LAN Web Local LAN IP Address Mask UCI strongswan connection X locallan...

Page 355: ... remoteproto Restricts the connection to a single protocol on the remote side Web Remote Port UCI strongswan connection X remoteport Opt remoteport Restricts the connection to a single port on the remote side Web Authby UCI strongswan connection X authby Opt authby Defines how the two secure gateways should authenticate Note using aggressive mode along with PSK authentication is unsecure and shoul...

Page 356: ...Sec settings Figure 175 The IPSec connections settings Web Field UCI Package Option Description Web XAuth Identity UCI strongswan connection X xauth_identity Opt xauth_identity Defines Xauth ID Web IKE Algorithm UCI strongswan connection X ike Opt ike Specifies the IKE algorithm to use The format is encAlgo authAlgo DHGroup encAlgo 3des aes128 aes256 serpent twofish blowfish authAlgo md5 sha sha2 ...

Page 357: ...face names is automatically generated If you want to specify more than one interface use the custom value Example if you have a 3G WAN interface called wan and a WAN ADSL interface called dsl and wanted to use one of these interfaces for this IPSec connection you would use wan adsl Web IKE Life Time UCI strongswan connection X ikelifetime Opt ikelifetime Specifies how long the keyring channel of a...

Page 358: ...ction None Disables DPD Clear Clear down the tunnel if peer does not respond Reconnect when traffic brings the tunnel up Hold Clear down the tunnel and bring up as soon as the peer is available Restart Restarts DPD when no activity is detected Web DPD Delay UCI strongswan connection X dpddelay Opt dpddelay Defines the period time interval with which R_U_THERE messages and INFORMATIONAL exchanges a...

Page 359: ...n secret X idtype Opt idtype Defines whether IP address or userfqdn is used Web ID selector UCI strongswan secret X localaddress Opt localaddress Defines the local address this secret applies to Web ID selector UCI strongswan secret X remoteaddress Opt remoteaddress Defines the remote address this secret applies to Web N A UCI strongswan secret X userfqnd Opt userfqnd FQDN or Xauth name used of Ex...

Page 360: ...an general debug none uci set strongswan general initial_contact 0 uci commit This will create the following output config general general option enabled yes option strictcrlpolicy no option uniqueids yes option cachecrls no option debug none option initial_contact 0 32 3 2 Connection settings touch etc config strongswan uci add strongswan connection uci set strongswan connection 0 ikelifetime 3h ...

Page 361: ...remotelan 172 19 101 3 uci set strongswan connection 0 remotelanmask 255 255 255 255 uci set strongswan connection 0 authby xauthpsk uci set strongswan connection 0 xauth_identity testxauth uci set strongswan connection 0 ike 3des md5 modp1024 uci set strongswan connection 0 esp 3des md5 uci set strongswan connection 0 waniface wan uci set strongswan connection 0 inherit_child 0 uci set strongswan...

Page 362: ...c tunnel This includes the traffic destined to the router s IP address To avoid this situation you must include an additional config connection section Commands touch etc config strongswan uci add strongswan connection uci set strongswan connection 1 name local uci set strongswan connection 1 enabled yes uci set strongswan connection 1 locallan 10 1 1 1 uci set strongswan connection 1 locallanmask...

Page 363: ...ci set strongswan secret 0 enabled yes uci set strongswan secret 0 localaddress 192 168 209 1 uci set strongswan secret 0 remoteaddress 100 100 100 100 uci set strongswan secret 0 secrettype psk uci set strongswan secret 0 secret secret uci commit This will create the following output config secret option enabled yes option localaddress 192 168 209 1 option remoteaddress 100 100 100 100 option sec...

Page 364: ...userfqdn testxauth option remoteaddress 100 100 100 100 option secret xauth option secrettype XAUTH 32 4 Configuring an IPSec template for DMVPN via the web interface To configure IPSec using the web interface in the top menu select Services IPSec The strongSwan IPSec VPN page appears There are three sections Common Settings Control the overall behaviour of strongSwan This behaviour is common acro...

Page 365: ... are unique so a new automatically keyed connection using the same ID is almost invariably intended to replace an old one 0 Disabled 1 Enabled replace Identical to Yes keep Rejects new IKE SA and keep the duplicate established earlier Web Cache CRLs UCI strongswan general cachecrls Opt cachecrls Certificate Revocation Lists CRLs fetched via HTTP or LDAP will be cached in etc ipsec d crls under a u...

Page 366: ..._____________________________________________________ _______________________________________________________________________________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 366 of 519 Figure 178 The connections settings section ...

Page 367: ...nection X type Opt type Defines the type of IPSec connection tunnel Connection uses tunnel mode transport Connection uses transport mode pass Connection does not perform any IPSec processing drop Connection drops all the packets Web Remote GW Address UCI strongswan connection X remoteaddress Opt remoteaddress Sets the public IP address of the remote peer Leave blank for DMVPN Web Local ID UCI stro...

Page 368: ...t authby Defines how the two secure gateways should authenticate Note using aggressive mode along with PSK authentication is unsecure and should be avoided Pubkey For public key signatures Rsasig For RSA digital signatures ecdsasig For Elliptic Curve DSA signatures Psk Using a preshared key xauthrsasig Enables eXtended Authentication XAuth with addition to RSA signatures xauthpsk Using extended au...

Page 369: ...n and a WAN ADSL interface called dsl and wanted to use one of these interfaces for this IPSec connection you would use wan adsl Web IKE Life Time UCI strongswan connection X ikelifetime Opt ikelifetime Specifies how long the keyring channel of a connection ISAKMP or IKE SA should last before being renegotiated 3h Timespec 1d 3h 25m 10s Web Key Life UCI strongswan connection X keylife Opt keylife ...

Page 370: ...ent if no other traffic is received 30s Timespec 1d 2h 25m 10s Web DPD Timeout UCI strongswan connection X dpdtimeout Opt dpdtimeout Defines the timeout interval after which all connections to a peer are deleted in case of inactivity 150s Timespec 1d 2h 25m 10s Table 132 Information table for IPSec connections settings 32 4 3 Configure secrect settings Each tunnel requires settings to configure ho...

Page 371: ... an IPSec template to use with DMVPN The following example shows how to configure an IPSec connection template to use with DMVPN Commands touch etc config strongswan uci set strongswan general general uci set strongswan general enabled yes uci set strongswan general strictcrlpolicy no uci set strongswan general uniqueids yes uci set strongswan general cachecrls yes uci set strongswan general nattr...

Page 372: ...ret 0 secrettype psk uci set strongswan secret 0 secret secret This will create package strongswan config general general option enabled yes option strictcrlpolicy no option uniqueids yes option cachecrls yes option nattraversal yes config connection option enabled yes option name dmvpn option type transport option localproto gre option remoteproto gre option ike aes sha1 modp1024 option esp aes12...

Page 373: ...n underscore for example dmvpn_213 233 148 2 32 7 IPSec diagnostics using UCI 32 7 1 IPSec configuration To view IPSec configuration via UCI enter root VA_router uci export strongswan To restart strongSwan enter root VA_router etc init d strongswan restart 32 7 2 IPSec status 32 7 3 To view IPSec status enter root VA_router ipsec statusall Security Associations 1 up 0 connecting dmvpn_89_101_154_1...

Page 374: ... IPSec configuration to the physical interface This reduces the number of lines of configuration required for a VPN development For example for a 1000 site deployment DMVPN reduces the configuration effort at the hub from 3900 lines to 13 Adding new peers spokes to the VPN requires no changes at the hub Better scalability of the network Dynamic IP addresses can be used at the peers site Spokes can...

Page 375: ...AN interface ADSL 3G and initiate main mode IPSec in transport mode to the hub After an IPSec tunnel is established spokes register their NHRP membership with the hub GRE tunnels come up Hub caches the GRE tunnel and real IP addresses of each spoke When spoke1 wants to talk to spoke2 it sends an NHRP resolution request to the hub The hub checks its cache table and forwards that request to spoke2 S...

Page 376: ...ith the source of the packet Hub sends an NHRP registration reply with a NAT extension to spoke1 The NAT extension informs spoke1 that it is behind the NAT ed device Spoke1 registers its pre and post NAT address When spoke1 wants to talk to spoke2 it sends an NHRP resolution request to the hub Hub checks its cache table and forwards that request to spoke2 Spoke2 caches spoke1 s GRE pre and post NA...

Page 377: ...nterface The DMVPN section contains fields required to configure the parameters relative to the DMVPN Hub These are used for DMVPN tunnels such as GRE tunnels GRE tunnel remote IP DMVPN Hub IP and password 33 5 1 DMVPN general settings In the top menu select Network DMVPN The DMVPN page appears There are two sections General and DMVPN Hub Settings Figure 183 The DMVPN general section Web Field UCI...

Page 378: ...terface on the hub For example if the mask is 255 255 0 0 the length will be 16 Web DMVPN Hub IP Address UCI dmvpn interface X nhs_ip Opt nhs_ip Configures the physical IP address for the DMVPN hub Web NHRP Authentication UCI dmvpn interface X cisco_auth Opt cisco_auth Enables authentication on NHRP The password will be applied in plaintext to the outgoing NHRP packets Maximum length is 8 characte...

Page 379: ...ec connections page In the Name column the syntax contains the IPSec name defined in package dmvpn and the remote IP address of the hub or the spoke separated by an underscore for example dmvpn_213 233 148 2 To check the status of DMVPN in the top menu click Status DMVPN Figure 186 The NBMA peers page To check DMVPN status enter opennhrpctl show Status ok Interface gre GRE Type local Protocol Addr...

Page 380: ...n with local route local_addr Local destination IP or off NBMA subnet Protocol Address Tunnel IP address NBMA Address Pre NAT IP address if NBMA NAT OA Address is present or real address if NAT is not present NBMA NAT OA Address Post NAT IP address This field is present when Address is translated in the network Flags up Can send all packets registration ok unique Peer is unique used Peer is kernel...

Page 381: ...ue 1 7 Page 381 of 519 You can check DMVPN status using UCI commands opennhrpctl show Status ok Interface gre GRE Type local Protocol Address 11 11 11 7 32 Alias Address 11 11 11 3 Flags up Interface gre GRE Type local Protocol Address 11 11 11 3 32 Flags up Interface gre GRE Type cached Protocol Address 11 11 11 2 32 NBMA Address 178 237 115 129 NBMA NAT OA Address 172 20 38 129 Flags used up Exp...

Page 382: ...ry group of receivers that expresses an interest in receiving a particular data stream The receivers the designated multicast group are interested in receiving a data stream from the source They indicate this by sending an Internet Group Management Protocol IGMP host report to their closest router in the network The routers are then responsible for delivering the data from the source to the receiv...

Page 383: ... for PIM global settings 34 3 2 Interfaces configuration Figure 188 The interfaces configuration section Web Field UCI Package Option Description Web Enabled UCI pimd interface x enabled Opt enabled Enables multicast management of the given interface by the PIM application 0 Disabled 1 Enabled Web Interface UCI pimd interface x interface Opt interface Selects the interface to apply PIM settings to...

Page 384: ...onfig pimd To view the configuration file enter uci export pimd root VA_router etc config1 uci export pimd package pimd config routing pimd option enabled yes config interface option enabled yes option interface lan option ssm yes option igmp yes config interface option enabled yes option interface wan option ssm yes option igmp no Alternatively enter uci show pimd root VA_router etc config1 uci s...

Page 385: ..._________________________________________ _______________________________________________________________________________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 385 of 519 pimd interface 1 ssm yes pimd interface 1 igmp no To change any of the above values use uci set command ...

Page 386: ... network configuration shows how to configure VLAN priorities for specific interfaces VLANs root VA_router uci export network package network config va_switch option eth0 A E option eth1 B F option eth2 C G option eth3 D option eth4 H config interface VLAN_1 option type bridge option proto static option ipaddr 10 1 28 99 option netmask 255 255 0 0 option ifname eth0 eth4 config interface VLAN_2 op...

Page 387: ...vlan_qos_map_egress 0 1 The above sample configuration specifies that any frames on VLAN2 VLAN3 and VLAN4 will be processed or have their PCP value adjusted according to QoS values set VLAN1 VLAN1 is an untagged VLAN so there are no 802 1Q tags on the frames VLAN2 Any frames received on VLAN2 destined to VLAN2 with PCP priority of 1 will be forwarded without altering the priority it will be still ...

Page 388: ...highest priority and 0 is the lowest These queues prioritise 802 1Q tagged frames as they are received on the port these are hardware defined When 802 1Q frames are received on the port they are processed according to the above queues on arrival even if not defined in the configuration Then if value vlan_qos_map_ingress is configured you can modify the PCP priority for egress if the frame was to b...

Page 389: ...ce criteria parameters 36 1 QoS configuration overview A minimal QoS configuration usually consists of One interface section Some rules allocating packets to at least two buckets Configuration of the buckets 36 2 Configuration packages used Package Sections qos interface classgroup class classify 36 3 Configuring QoS using the web interface Browse to the router s IP address and login Select Networ...

Page 390: ...Enables or disables QoS interface 1 Enabled 0 Disabled Web Classification group UCI qos interface classgroup Opt classgroup Creates a mapping before previously created classgroup and interface to which it should be assigned to Web Calculate overhead UCI qos interface overhead Opt overhead Decreases upload and download ratio to prevent link saturation Web Half duplex UCI qos interface halfduplex Op...

Page 391: ...Source host Web Destination host UCI Opt Destination host Web Service UCI Opt Selectable service Web Protocol UCI Opt Protocol to classify Web Ports UCI Opt Upload speed kbits sec Web Number of bytes UCI Opt Number of bytes for bucket Table 140 Information table for classification rules 36 4 Configuring QoS using UCI You can also configure QoS using UCI The configuration file is stored on etc conf...

Page 392: ...ich it should be assigned to Web Calculate overhead UCI qos interface overhead Opt overhead Decrease upload and download ratio to prevent link saturation Web Half duplex UCI qos interface halfduplex Opt halfduplex Enables or disables half duplex operation 1 Enabled 0 Disabled Web Download speed UCI qos interface download Opt download Download speed limit in kbits sec Web Upload speed UCI qos inter...

Page 393: ...etsize 1500 Opt packetsize Specifies packet size for the class in bytes UCI qos Normal avgrate 30 Opt avgrate Average rate for this class value in of bandwidth in UCI qos Normal priority 5 Opt priority Specifies priority for the class in UCI qos Express class Opt Express Specifies class name UCI qos Express packetsize 1000 Opt packetsize Specifies packet size for the class in bytes UCI qos Express...

Page 394: ...s classify 0 target Express Opt target Specifies target class UCI qos classify 0 proto udp Opt proto Specifies protocol 36 5 Example QoS configurations config interface ADSL option classgroup Default option enabled 1 option overhead 1 option download 900 option upload 245 config classgroup Default option classes Express Normal option default Normal config class Normal option packetsize 1500 option...

Page 395: ...nfiguration files when it boots up The router is installed with a factory config that will allow it to contact Activator The autoload feature controls the behaviour of the router in requesting firmware and configuration files this includes when to start the Activation process and the specific files requested The HTTP Client uhttpd contains information about the Activator server and the protocol us...

Page 396: ...ignals the end of the autolaod sequence to Activator Activator identifies the device using the serial number of the router syntax is used to denote the serial number of the router when requesting a file The requested files are written to the alternate image or config segment You can change the settings either directly in the configuration file or via appropriate UCI set commands It is normal proce...

Page 397: ...oload main StartTimer Opt StartTimer Defines how long to wait after the boot up completes before starting activation 10 Range 0 300 secs Web Retry Timer UCI autoload main RetryTimer Opt RetryTimer Defines how many seconds to wait between retries if a download of a particular autoload entry fails 30 Range 0 300 secs Web N A UCI autoload main NumberOfRetries Opt Numberofretries Defines how many retr...

Page 398: ...age Opt BootUsingImage Specifies which image to boot up with after the activation sequence completes successfully Altimage Alternative image Image 1 image 1 Image 2 image 2 Entries Web Configured UCI autoload entry x Configured Opt Configured Enables the autoload sequence to process this entry 1 Enabled 0 Disabled Web Segment Name UCI autoload entry x SegmentName Opt SegmentName Defines where the ...

Page 399: ...ad main BootUsingConfig altconfig autoload main BootUsingImage altimage autoload entry 0 entry autoload entry 0 Configured yes autoload entry 0 SegmentName altconfig autoload entry 0 RemoteFilename ini autoload entry 1 entry autoload entry 1 Configured yes autoload entry 1 SegmentName altimage autoload entry 1 RemoteFilename img autoload entry 2 entry autoload entry 2 Configured yes autoload entry...

Page 400: ...ame img config entry option Configured yes option SegmentName config1 option RemoteFilename vas 37 7 HTTP Client configuring activation using the web interface This section contains the settings for the HTTP Client used during activation and active updates of the device The httpclient core section configures the basic functionality of the module used for retrieving files from Activator during the ...

Page 401: ...or that uses http port 80 This can be an IP address or FQDN The syntax should be x x x x 80 or FQDN 80 Multiple servers should be separated by a space using UCI Web Secure Server IP Address UCI httpclient default SecureFileServer Opt list SecureFileServer Specifies the address of Secure Activator that uses port 443 This can be an IP address or FQDN The syntax should be x x x x 443 or FQDN 443 Mult...

Page 402: ... the certificate key etc httpclient key Range Web N A UCI httpclient default ActivatorChunkyDownlo adPath Opt ActivatorChunkyDownloadPath Enables partial download activations and active updates The default value is httpclient default ActivatorChunkyDownloadPath activator parti al download The url on activator to which the client should send requests for chunky image download Web N A UCI httpclient...

Page 403: ...al download httpclient default ChunkSize 100k httpclient default RateLimit 2 httpclient default CAFile httpclient default IgnoreServerCertificateStatus 0 37 9 Httpclient Activator configuration using package options root VA_router uci export httpclient package httpclient config core default option Enabled yes list FileServer 1 1 1 1 80 list FileServer 1 1 1 2 80 listSecureFileServer 1 1 1 1 443 li...

Page 404: ...ord Opt password Specifies the user s password When entering the user password enter in plain text using the password option After reboot the password is displayed encrypted via the CLI using the hashpassword option UCI management_users user x hashpassword Opt hashpassword Note a SRP user password will be displayed using the srphash option Web n a UCI management_users user x webuser Opt webuser Sp...

Page 405: ...ogin details 37 11 Configuring the management user password using UCI The user password is displayed encrypted via the CLI using the hashpassword option root VA_router uci show management_users management_users user 0 username test management_users user 0 hashpassword 1 XVzDHHPQ SKK4geFonctihuffMjS4U0 If you are changing the password via the UCI enter the new password in plain text using the passw...

Page 406: ...t using UCI root VA_router uci show management_users management_users user 0 user management_users user 0 enabled 1 management_users user 0 username test management_users user 0 hashpassword 1 XVzDHHPQ SKK4geFonctihuffMjS4U0 management_users user 0 webuser 1 management_users user 0 linuxuser 1 management_users user 0 papuser 0 management_users user 0 chapuser 0 management_users user 0 srpuser 0 ma...

Page 407: ... Page 407 of 519 37 15 Configuring user access to specific web pages To specify particular pages a user can view add the list allowed_pages Examples are listallowed_pages admin status The user can view admin status page only listallowed_pages admin system flashops The user can view flash operation page only To specify monitor widgets only enter listallowed_pages monitor widgetname Example widget n...

Page 408: ...rent information that can be sent to Monitor including the required router configuration for Reporting device status to Monitor Reporting GPS location to Monitor Reporting syslog to Monitor Configuration of interface statistics collection ISAD For detailed information on operating Monitor read the Monitor User Manual 38 2 Reporting device status to Monitor To allow Monitor to track the IP address ...

Page 409: ...kage Option Description Web Enabled UCI monitor keepalive 0 enabled Opt Enabled Enables Monitor to send heartbeats to the router 0 Disabled 1 Enabled Web Dev Reference UCI monitor keepalive 0 dev_reference Opt dev_reference Sets a unique identification for this device known to Monitor Web Monitor Address UCI monitor keepalive 0 monitor_ip Opt list monitor_ip Defines the IP address of Monitor It is...

Page 410: ...r keepalive 0 snmp_auth_pass Opt snmp_auth_pass Specifies snmpv3 authentication password Web Authentication Protocol UCI monitor keepalive 0 snmp_auth_proto Opt snmp_auth_proto Specifies snmpv3 authentication protocol Blank Default value MD5 MD5 as authentication protocol SHA SHA as authentication protocol Web Privacy Protocol UCI monitor keepalive 0 snmp_priv_proto Opt snmp_priv_proto Specifies s...

Page 411: ...he keepalive position in the package as a number For example for the first keepalive in the package using UCI monitor keepalive 0 keepalive monitor keepalive 0 enabled 1 Or using package options config keepalive option enabled 1 However to better identify it is recommended to give the keepalive instance a name For example to create a keepalive instance named keepalivev1 To define a named keepalive...

Page 412: ...eepalivev3 interval_min 1 monitor keepalivev3 monitor_ip 172 16 250 101 monitor keepalivev3 dev_reference TEST monitor keepalivev3 snmp_version 3 monitor keepalivev3 snmp_uname TEST monitor keepalivev3 snmp_auth_pass vasecret monitor keepalivev3 snmp_auth_proto MD5 monitor keepalivev3 snmp_priv_pass vasecret monitor keepalivev3 snmp_priv_proto DES 38 2 5 Keepalive using package options root VA_rou...

Page 413: ...artbeat via web interface The keepalive heartbeat can send information on multiple interfaces To send an interface status to Monitor select Network Interfaces then under the required interface select Edit Under Advanced Settings enable the Monitor interface state option Figure 196 The interface common configuration page Web Field UCI Package Option Description Web Monitor interface state UCI netwo...

Page 414: ...r GPS location you can configure the GPS coordinates to be sent in the heartbeat keepalive from the router GPS location is only available in supported hardware models Ensure monitor keepalive heartbeat is correctly configured as in section 38 2 above 38 3 1 Configuration package used Package Sections gpsd gpsd 38 3 2 Configuring GPS location via the web interface Select Services GPS The GPS config...

Page 415: ... 38 3 3 1 GPS using UCI root VA_router uci show gpsd gpsd core gpsd gpsd core enabled 1 38 3 3 2 GPS using package options root VA_router uci export gpsd package gpsd config gpsd core option enabled 1 38 3 4 GPS diagnostics To view information on GPS coordinates via the web interface select Status GPS Information Figure 198 The GPS status page To view GPS coordinates via command line enter gpspeek...

Page 416: ...syslog events are sent to the syslog server Figure 199 The system properties page Web Field UCI Package Option Description Web External system log server UCI system main log_ip Opt log_ip Defines the external syslog server IP address Web External system log server UCI system main log_port Opt log_port Defines the external syslog server destination port number for syslog messages 514 Range Table 14...

Page 417: ...ransmit and receive packets bytes errors for a period Signal strength and also temperature parameters are also stored in the bins Bins are uploaded to Monitor periodically Note Ensure monitor keepalive heartbeat and interface status is correctly configured as in section 30 2 above Interfaces should have option monitored enabled as part of the collection ISAD replaces the deprecated SLA feature 38 ...

Page 418: ...formation table for ISAD Monitor keepalive ISAD interface stats section 38 5 3 Configuring ISAD using the command line ISAD is configured under the Monitor package 38 5 3 1 ISAD using UCI root VA_router uci show monitor monitor keepalivev1 keepalive monitor keepalivev1enabled 1 monitor keepalivev1 interval_min 1 monitor keepalivev1 dev_reference router1 monitor keepalivev1 monitor_ip 10 1 83 36 mo...

Page 419: ...d_ts 85020 monitor bin_0 start_ts 84960 monitor bin_1 isad monitor bin_1 end_ts 85080 monitor bin_1 start_ts 85020 monitor bin_2 isad monitor bin_2 end_ts 85140 monitor bin_2 start_ts 85080 38 5 5 ISAD operation The bin statistics stored on the router must be periodically pushed statistics to Monitor This is normally done centrally when statistics are enabled on Monitor Monitor contacts each route...

Page 420: ...ckage Sections snmpd access agent com2sec constant exec group heartbeat informreceiver inventory inventory_iftable monitor_disk monitor_ioerror monitor_load monitor_memory monitor_process pass system trapreceiver usm_user view The SNMP application has several configuration sections System and Agent Configures the SNMP agent Com2Sec Maps SNMP community names into an arbitrary security name Group As...

Page 421: ...htrapenabled Opt authtrapenabled Enables or disables SNMP authentication trap 0 Disabled 1 Enabled Note this is the SNMP poll authentication trap to be set when there is a community mismatch Web Enable Link State Notification UCI snmpd agent 0 link_updown_notify Opt link_updown_notify Generates trap info when interface goes up or down When enabled the router sends a trap notification link up or do...

Page 422: ...Description Web Security Name UCI snmpd com2sec x secname Opt secname Specifies an arbitrary security name for the user Web Source UCI snmpd com2sec x source Opt source A hostname localhost or a subnet specified as a b c d mask or a b c d bits or default for no restrictions Web Community UCI snmpd com2sec x community Opt community Specifies the community string being presented in the request Table...

Page 423: ...oup Table 152 Information table for group settings 39 2 4 View settings View settings define a named view which is a subset of the overall OID tree This is most commonly a single subtree but several view directives can be given with the same view name to build up a more complex collection of OIDs Figure 204 The view settings section Web Field UCI Package Option Description Web Name UCI snmpd view ...

Page 424: ...NMPv3 request context is matched against the value according to the prefix below For SNMP v1 and SNMP v2c the context must be none none all Web Version UCI snmpd access x version Opt version Specifies the SNMP version number being used in the request any v1 v2c and usm are supported v1 SNMP v1 v2v SNMP v2 usm SNMP v3 any Any SNMP version Web Level UCI snmpd access x level Opt level Specifies the s...

Page 425: ...ings page Web Field UCI Package Option Description Web Host UCI snmpd trapreceiver x host Opt host Host address Can be either an IP address or an FQDN Web Port UCI snmpd trapreceiver x port Opt port UDP port to be used for sending traps Range 162 Web Version UCI snmpd trapreceiver x version Opt version SNMP version v1 V2 Web Community UCI snmpd trapreceiver x community Opt community Community to u...

Page 426: ... Figure 208 The USM user settings page Web Field UCI Package Option Description Web Username UCI snmpd usm_user 0 name Opt name Defines a USM username Web Auth Protocol UCI snmpd usm_user 0 auth_protocol Opt auth_protocol Defines the authentication protocol to use Note if omitted the user will be defined as noauth user MD5 SHA Web Auth Password UCI snmpd usm_user 0 auth_password Opt auth_password ...

Page 427: ...d agent agent snmpd agent agentaddress UDP 161 snmpd agent authtrapenabled yes snmpd agent link_updown_notify yes 39 3 2 System settings using package options root VA_router uci export snmpd package snmpd config system option sysLocation Office 123 option sysContact Mr White option sysName Backup Access 4 config agent option agentaddress UDP 161 option authtrapenabled 1 option link_updown_notify 1...

Page 428: ...pd c2s_1 source default snmpd c2s_1 community public snmpd c2s_1 secname rw snmpd c2s_2 com2sec snmpd c2s_2 source localhost snmpd c2s_2 community private snmpd c2s_2 secname ro 39 3 3 2 Com2sec using package options config com2sec public option secname ro option source default option community public config com2sec private option secname rw option source localhost option community private 39 3 4 ...

Page 429: ...p_1_access level noauth snmpd grp_1_access prefix exact snmpd grp_1_access read all snmpd grp_1_access write none snmpd grp_1_access notify none snmpd grp_1_access group public snmpd grp_2_v1 group snmpd grp_2_v1 version v1 snmpd grp_2_v1 group public snmpd grp_2_v1 secname ro snmpd grp_2_v2c group snmpd grp_2_v2c version v2c snmpd grp_2_v2c group public snmpd grp_2_v2c secname ro snmpd grp_2_usm ...

Page 430: ...ettings using package options config group public_v1 option group public option version v1 option secname ro config group public_v2c option group public option version v2c option secname ro config group public_usm option group public option version usm option secname ro config group private_v1 option group private option version v1 option secname rw config group private_v2c option group private op...

Page 431: ...ptions config view all option viewname all option type included option oid 1 config view mib2 option viewname mib2 option type included option oid iso org dod Internet mgmt mib 2 39 3 6 Access settings The following example shows the public group being granted read access on the all view and the private group being granted read and write access on the all view Although it is possible to write some...

Page 432: ... By default all SNMP trap instances are named trapreceiver it is identified by trapreceiver then the trap receiver position in the package as a number For example for the first trap receiver in the package using UCI snmpd trapreceiver 0 trapreceiver snmpd trapreceiver 0 host 1 1 1 1 161 Or using package options config trapreceiver option host 1 1 1 1 161 However to better identify it is recommende...

Page 433: ...y COMMUNITY STRING 39 3 8 SNMP inform receiver settings By default all SNMP inform receiver instances are named informreceiver it is identified by informreceiver then the inform receiver position in the package as a number For example for the first inform receiver in the package using UCI snmpd informreceiver 0 informreceiver snmpd informreceiver 0 host 1 1 1 1 Or using package options config info...

Page 434: ...rivate 39 3 9 SNMP USM user settings By default all USM User instances are named usm_user it is identified by usm_user then the USM user position in the package as a number For example for the first USM User in the package using UCI snmpd usm_user 0 usm_user snmpd usm_user 0 name username Or using package options config usm_user option name username However to better identify it is recommended to ...

Page 435: ...An alias entry is created in the SNMP ifEntry table at index snmp_alias_ifindex 1000 This entry is a shadow of the real underlying Linux interface corresponding to the UCI definition You may use any numbering scheme you wish the alias values do not need to be consecutive 39 4 1 Configuration package used Package Sections network interface 39 4 2 Configuring SNMP interface alias To enter and SNMP a...

Page 436: ...ce index snmp_alias_ifindex 1000 Blank No SNMP interface alias index Range 0 4294966295 Web n a UCI network interface X snmp_alias_ifdescr Opt snmp_alias_ifdescr Defines an alias name to be reported for the UCI name in the enterprise MIB for UCI interfaces and in alias entries in the ifIndex table If present this option supercedes the default ifDescr value usually the UCI interface name or configu...

Page 437: ...nmpd conf 39 5 2 SNMP port To check that SNMP service is listening on the configured port enter netstat pantu grep snmp root VA_router netstat pantu grep snmp udp 0 0 0 0 0 0 161 0 0 0 0 6970 snmpd 39 5 3 Retrieving SNMP values SNMP values can be queried by an snmpwalk or snmpget either locally or remotely 39 5 3 1 snmpwalk To do an snmpwalk locally enter snmpwalk An example snmpwalk is shown belo...

Page 438: ...0 131 iso 3 6 1 2 1 1 9 1 4 4 Timeticks 35 0 00 00 35 iso 3 6 1 2 1 1 9 1 4 5 Timeticks 38 0 00 00 38 iso 3 6 1 2 1 1 9 1 4 6 Timeticks 38 0 00 00 38 iso 3 6 1 2 1 1 9 1 4 7 Timeticks 38 0 00 00 38 iso 3 6 1 2 1 1 9 1 4 8 Timeticks 38 0 00 00 38 iso 3 6 1 2 1 1 9 1 4 9 Timeticks 60 0 00 00 60 39 5 3 2 snmpget To do an snmpget locally use snmpget An example snmpget is shown below root VA_router snm...

Page 439: ...eventd application defines three types of object Forwardings Rules that define what kind of events should be generated For example you might want an event to be created when an IPSec tunnel comes up or down Targets Define the targets to send the event to The event may be sent to a target via a syslog message a snmp trap or email Connection testers Define methods to test the target is reachable IP ...

Page 440: ... type 40 2 4 Supported connection testers The table below describes the methods to test a connection that are currently supported Type Description link Checks if the interface used to reach the target is up ping Pings the target And then assumes there is connectivity during a configurable amount of time Table 160 Event system supported connection tester methods 40 3 Configuring the event system us...

Page 441: ...able 161 Information table for event system basic settings 40 3 2 Connection tester A connection tester is used to verify the event destination before forwarding the event Connection testers configure the uci conn_tester section rules Multiple connection testers can be configured There are two types of connection tester Type Description link Checks if the interface used to reach the target is up p...

Page 442: ...ter as up Note only displayed if connection tester type is set to Ping 60 Range Web Link Interface UCI va_eventd conn_tester 0 link_iface Opt link_iface Defines the interface to monitor when the connection tester type is set to link Configured interfaces are listed Note only displayed if connection tester type is set to Link Range Table 162 Information table for event system connection tester sett...

Page 443: ...og Web Value Description UCI Syslog syslog SNMP Trap snmptrap Email email Execute exec SMS sms File File target file Web Connection Tester Name UCI va_eventd target 0 conn_tester Opt conn_tester Defines the connection tester if any to use to verify the syslog target None No connection tester UCI option not present Range Web Destination Address UCI va_eventd target 0 target_addr Opt target_addr Def...

Page 444: ...tion 0 Disabled 1 Enabled Web Destination name UCI va_eventd target 0 name Opt name Defines a name for the event destination Range Web Type UCI va_eventd target 0 type Opt type Defines the event destination type For an email server choose Email Web Value Description UCI Syslog Syslog target syslog SNMP Trap SNMP target snmptrap Email Email target email Execute Execure target exec SMS SMS target sm...

Page 445: ...CI va_eventd target 0 smtp_addr Opt smtp addr Defines the email server address and port Range a b c d port or fqdn port Web SMTP User Name UCI va_eventd target 0 smtp_user Opt smtp_user Defines user name for SMTP authentication Range name site com Web SMTP Password UCI va_eventd target 0 smtp_password Opt smtp_password Defines the password for SMTP authentication Range Web Use TLS UCI va_eventd ta...

Page 446: ...eb Value Description UCI Syslog Syslog target syslog SNMP Trap SNMP target snmptrap Email Email target email Execute Execure target exec SMS SMS target sms File File target file Web Connection Tester Name UCI va_eventd target 0 conn_tester Opt conn_tester Defines the connection tester if any to use to verify the SNMP target None No connection tester UCI option not present Range Web Destination Add...

Page 447: ..._auth_pass Opt snmp_auth_pass Defines the SNMPv3 authentication password Only displayed when SNMPv3 authentication protocol is configured MD5 SHA Web Privacy Protocol UCI va_eventd target 0 snmp_priv_proto Opt snmp_priv_proto Defines the SNMPv3 privacy protocol Only displayed when SNMP authentication protocol is configured DES AES Web Privacy Password UCI va_eventd target 0 snmp_priv_pass Opt snmp...

Page 448: ...r the event destination Range Web Type UCI va_eventd target 0 type Opt type Defines the event destination type For shell command execution choose Execute Web Value Description UCI Syslog Syslog target syslog SNMP Trap SNMP target snmptrap Email Email target email Execute Execure target exec SMS SMS target sms File File target file Web Connection Tester Name UCI va_eventd target 0 conn_tester Opt c...

Page 449: ...he event destination Range Web Type UCI va_eventd target 0 type Opt type Defines the event destination type For SMS destination choose SMS Web Value Description UCI Syslog syslog SNMP Trap snmptrap Email email Execute exec SMS sms File file Web Connection Tester Name UCI va_eventd target 0 conn_tester Opt conn_tester Defines the connection tester if any to use to verify the SMS target None No conn...

Page 450: ...I va_eventd target 0 type Opt type Defines the event destination type For file choose File Web Value Description UCI Syslog syslog SNMP Trap snmptrap Email email Execute exec SMS sms File file Web Connection Tester Name UCI va_eventd target 0 conn_tester Opt conn_tester Defines the connection tester if any to use to verify the File target None No connection tester UCI option not present Range Web ...

Page 451: ...isabled 0 Enabled Web Class Name UCI va_eventd forwarding 0 className Opt className Only match events with the given class name Available class names are listed or can be viewed using the command vae_cli d Web Event Name UCI va_eventd forwarding 0 eventName Opt eventName Only match events with the given event name Available event names are listed The event name is optional and can be omitted Web M...

Page 452: ...ent destination to forward the event to All configured event destinations will be displayed Table 169 Information table for event system event filters settings 40 4 Configuring the event system using command line The event system configuration files are stored at etc config va_eventd There are four config sections main conn_tester target and forwarding You can configure multiple conn_tester target...

Page 453: ...gs va_eventd main va_eventd va_eventd main event_queue_file tmp event_buffer va_eventd main event_queue_size 128K Sample SNMP va_eventd conn_tester 0 conn_tester va_eventd conn_tester 0 type ping va_eventd conn_tester 0 ping_dest_addr 192 168 100 1 va_eventd conn_tester 0 ping_success_duration_sec 60 va_eventd conn_tester 0 name SNMPTest va_eventd conn_tester 0 ping_source LAN1 va_eventd target 0 ...

Page 454: ...name SyslogTest va_eventd conn_tester 1 type ping va_eventd conn_tester 1 ping_dest_addr 192 168 100 2 va_eventd conn_tester 1 ping_source LAN1 va_eventd conn_tester 1 ping_success_duration_sec 60 va_eventd target 1 target va_eventd target 1 name SyslogTarget va_eventd target 1 type syslog va_eventd target 1 conn_tester SyslogTest va_eventd target 1 target_addr 192 168 100 2 514 va_eventd target 1...

Page 455: ...get 2 tls_starttls 0 va_eventd target 2 tls_forcessl3 0 va_eventd forwarding 2 forwarding va_eventd forwarding 2 enabled yes va_eventd forwarding 2 className power va_eventd forwarding 2 eventName IgnitionOff va_eventd forwarding 2 severity notice notice va_eventd forwarding 2 target EmailTarget Sample SMS va_eventd target 3 target va_eventd target 3 name SMStarget va_eventd forwarding 3 target SM...

Page 456: ...File va_eventd target 5 target va_eventd target 5 name FileTarget va_eventd target 5 type file va_eventd target 5 file_name tmp eventfile va_eventd target 5 max_size_kb 1028 va_eventd forwarding 5 forwarding va_eventd forwarding 5 enabled yes va_eventd forwarding 5 target FileTarget va_eventd forwarding 5 severity debug error 40 4 1 1 Event system using package options root VA_router uci export va...

Page 457: ...uth_proto MD5 option snmp_auth_pass md5password option snmp_priv_proto AES option snmp_priv_pass aespassword option snmp_context v3context option snmp_context_eid v3contextID option snmp_sec_eid v3SecurityID config forwarding option enabled yes option className mobile option severity notice notice option target SNMPTarget option eventname LinkUp Sample Syslog config conn_tester option name SyslogT...

Page 458: ...ink option link_iface PoAADSL config target option timeout_sec 10 option name EmailTarget option type email option conn_tester EmailTest option from from example com option to to example com option subject_template serial severityName eventName option body_template eventName class subclass happened option smtp_addr 192 168 100 3 25 option smtp_user root option smtp_password admin option use_tls no...

Page 459: ...789 config forwarding option enabled yes option target SMSTarget option className auth option eventName LoginSSH option severity notice notice Sample Execute config target option name ExecTarget option type exec option cmd_template logger t eventer eventName config forwarding option enabled yes option target ExecTarget option className ppp option severity debug error Sample File config target opti...

Page 460: ...wn informat p1 p2 field p3 is no internal 4 EventdSystemErr error p1 p2 p3 p4 p5 internal 5 EventdSystemWarn error p1 p2 p3 p4 p5 internal 6 EventdUpAndRunning informat internal 7 EventdStopped warning p1 mobile 1 SIMin notice SIM card p1 inserted mobile 2 SIMout notice SIM card p1 removed mobile 3 LinkUp notice 3g link p1 up using sim p2 mobile 4 LinkDown notice 3g link p1 down mobile 5 SMSByPass...

Page 461: ...oginConsole notice Console login user p1 on p2 auth 12 LogoffConsole notice Console logoff on p1 auth 13 LoginTelnet notice Telnet login user p1 auth 14 LoginLuCI notice LuCI login user p1 auth 15 ConsoleCommand informat p1 p2 p3 auth 16 LuCIAction informat p1 p2 p3 p4 p5 ipsec 6 IPSecInitIKE informat IPSec IKE p1 established ipsec 7 IPSecInitSA informat IPSec SA p1 established ipsec 8 IPSecCloseI...

Page 462: ...station p2 failed to con ppp 1 LinkUp informat PPP for interface p2 protoco ppp 2 LinkDown informat PPP for interface p2 protoco ppp 3 ConnEstablished informat PPP connection for interface p adsl 1 LinkUp notice ADSL trained Starting interface adsl 2 LinkDown notice ADSL down Stopping interface adsl 3 Silent debug ADSL silent adsl 4 Training debug ADSL training adsl 5 TrainingSuccess notice ADSL t...

Page 463: ...n DISCLAIMER data usage statistics calculated by Virtual Access data usage feature are best estimates and may vary from the mobile carrier statistics that are used for billing Virtual Access cannot be held liable for any fees charged by the carrier to the customer for their data usage We recommend that the configured data usage is lower than the allowance and that traffic percentage alerts are use...

Page 464: ...8 Web Interfaces UCI procrustes limit 0 interfaces Opt interfaces Monitor and apply limits to these interfaces as a group Configure multiple interfaces via UCI using a space separator Example uci set procrustes limit 0 interfaces lan wan Web Monthly Limit MB UCI procrustes limit 0 monthly_data_limit Opt monthly_data_limit Defines monthly data traffic limit in megabytes MB This is total RX and TX o...

Page 465: ...kage options config limit option enabled 1 However to better identify instances it is recommended to give the limit instance a name For example create a limit instance named MOBILE1 To define a named limit instance using UCI enter procrustes limit 0 wan procrustes wan enabled 1 To define a named limit instance using package options enter config limit wan option enabled 1 The following examples sho...

Page 466: ...rning_levels 15 25 config limit wan option enabled 1 option interfaces MOBILE1 option billing_period_start_day 1 option monthly_data_limit 30 option monthly_warning_levels 15 25 41 4 Data usage status Select Status Overview The Status page appears To check current data usage scroll to Network Data Usage MiB row Data usage is presented as progress bar Figure 221 The data usage status progress bar 4...

Page 467: ...CE procrustes No limits defined Exiting ERROR mobile SIM iccid is blacklisted not establishing connection 41 5 2 Viewing data usage The router has monitoring application named procrustatus lua that can be used for viewing data usage This application displays data statistics used for different interface groups percentage of time left to next billing period start and percentage of data left for use ...

Page 468: ... serial port You can configure the IP endpoint of each Terminal Server session to be a TCP server each session is listening on a unique port TCP client Terminal Server makes a TCP connection to external TCP server UDP endpoint Terminal Server forwards data between a UDP stream and a serial port 42 2 Configuration packages used Package Sections tservd main port 42 3 Configuring Terminal Server usin...

Page 469: ...nable Enables detailed debug logging 0 Disabled 1 Enabled Web Syslog severity UCI tservd main log_severity Opt log_severity Determines the syslog level Events up to this priority will be logged 0 Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 Notice 6 Informational 7 Debug Web Log RX TX UCI tservd main debug_rx_tx_enable Opt debug_rx_tx_enable Enables logging data transfers 0 Disabled 1 Enabled ...

Page 470: ...twork 256 256 bytes Range 0 2048 Web Network Forwarding Timeout ms UCI tservd port 0 fwd_timeout Opt fwd_timeout Forwarding timeout in milliseconds serial to network 30 30 ms Range 0 10000 Web Network Forwarding Timer Mode UCI tservd port 0 fwd_timer_mode Opt fwd_timer_mode Forwarding timer mode serial to network Idle Timer is re started on each received data Aging Timer started on the first Rx We...

Page 471: ...trol When either side TCP socket closes the main terminal server client re connects to the normal IP destination and the server proxy returns to listening for another connection from the far end 0 Disabled 1 Enabled Web Disable Remote Client s Local Echo Telnet option UCI tservd port 0 disable_echo Opt disable_echo Set to 1 to send IAC WILL ECHO Telnet option to remote client forcing it to disable...

Page 472: ...______________________________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 472 of 519 The figure below shows the options available if you have selected RS232 mode Figure 224 The serial section fields port mode RS232 The figure below shows the options available if you have selected RS485 mode Figure 225 The serial section fields port mode RS485 ...

Page 473: ...selected X 21 mode Figure 226 The serial section fields port mode X 21 Web Field UCI Package Option Description Web Device UCI tservd port 0 devName Opt devName Serial device name dev ttySC0 serial port 1 dev ttySC1 serial port 2 dev ttySC2 serial port 3 dev ttySC3 serial port 4 Web Port mode UCI tservd port 0 port_mode Opt port_mode Sets the serial interface mode rs232 RS232 mode rs485hdx RS485 2...

Page 474: ...ial device number of stop bits 1 Range 1 2 Web Flow Control UCI tservd port 0 fc_mode Opt fc_mode Serial flow control mode 0 None 1 RTS CTS 2 XON XOFF Web RS485 Termination UCI tservd port 0 rs485_line_termination Opt rs485_line_termination Enables or disable RS485 termination Applies only if port mode is set to RS485 0 Disabled 1 Enabled Web Auto RTS Invert UCI tservd port 0 rtsinvert Opt rtsinve...

Page 475: ...e transmission Web Synchronous rate UCI tservd port 0 sync_speed Opt sync_speed Defines the synchronous speed in bps Set to 0 for external clock If not set to 0 an internal clock is used This setting is only displayed if an Atmel USB serial card is enabled 64000 64 kbps Range 2048000 1024000 768000 512000 384000 256000 128000 19200 9600 Web Invert receive clock UCI tservd port 0 sync_invert_rxclk ...

Page 476: ...0 x21_clk_invert Opt x21_clk_invert Enables X 21 DCE CLK signal inversion 0 Normal 1 Invert Web Dual X 21 card RX data delay UCI tservd port 0 x21_data_delay Opt x21_data_delay Sets X 21 card RX data delay in number of bit positions 0 Range 0 7 Web n a UCI tservd port 0 sync_tx_idle Opt sync_tx_idle Defines the value of idle character decimal to transmit in case of transmit underrun In HDLC mode t...

Page 477: ...V23 transmitter to rampdown carrier from peak to zero 30 Range Web n a UCI tservd port 0 v23_tx_maxfill Opt v23_tx_maxfill Defines the maximum transmit queue fill level in bytes 127 Range 0 255 Table 173 Information table for port settings serial section 42 3 2 3 Port settings network section In this section you can configure the network side of the Terminal Server Note the displayed settings vary...

Page 478: ...s for failover 0 0 0 0 Range IPv4 address Web Enable TCP Keepalives UCI tservd port 0 tcp_keepalives_enabl ed Opt tcp_keepalives_enabled Enable or disables TCP keepalives Only displayed if Transport Mode is TCP 0 Disabled 1 Enabled Web TCP Keepalive Interval UCI tservd port 0 tcp_keepalive_interva l Opt tcp_keepalive_interval Interval in seconds between TCP keepalive probes Only displayed if Trans...

Page 479: ..._ms Opt disc_time_ms Time in milliseconds to start reconnecting after setting DTR low 5000 5 seconds Range 0 10000 Web UDP Keepalive Interval UCI tservd port 0 udpKaIntervalMs Opt udpKaIntervalMs Defines time in milliseconds to send UDP keepalives empty UDP packets when no data to send Only displayed if transport mode is UDP 0 Disabled Range 0 65535 Web UDP Keepalive Count UCI tservd port 0 udpKaC...

Page 480: ... on the chosen network configuration the DSR behaviour may vary 42 6 1 DSR signal behaviour in TCP client mode 42 6 1 1 TCP connection management Initial TCP connection initiation or next TCP connection initiation after disconnection is affected by configuration options tcp_always_on and close_tcp_on_dsr When option tcp_always_on is enabled terminal server keeps the TCP session always connected If...

Page 481: ...WN the terminal server waits for a DSR UP signal and then initiates a new TCP connection 42 6 2 DSR signal behaviour in TCP server mode 42 6 2 1 TCP connection initiation at startup After a short startup delay the terminal server starts listening for an incoming TCP connection from the remote peer 42 6 2 2 TCP connection clearing When in a TCP connection state the TCP connection is cleared only by...

Page 482: ...ters dev ttySC1 To enable serial_mode_gpio_control set the option to 1 Use the portmode option in addition to serial_mode_gpio_control to select between RS232 RS485 full duplex RS485 half duplex X 21 and V 23 42 7 1 Checking the current serial_mode_gpio_control To check if Terminal Server is running enter the following command root VA_router uci show tservd grep serial_mode_gpio_control The output...

Page 483: ...Bytes Rx 0 Tx 0 DSR Up 0 Down 0 42 8 3 Terminal Server debug statistics To see debug statistics about Terminal Server enter root VA_router tserv show debug all TERMINAL 1 Dev dev ttySC0 State LISTENING netRxBuf length 0 offset 0 hdrsz 0 ttyRxBuf length 0 offset 16 hdrsz 16 line_status_mask 0x0 line_status 0x0 RFC2217 negotiated 0 Tcp tx last error 0 42 8 4 Terminal Server serial signals debugging ...

Page 484: ... show serial interface status tserv send serial0 data send data to serial port 0 tserv start capture N N port number 0 to 3 start capturing rx serial data tserv print capture N N port number 0 to 3 print captured rx serial data tserv show serial txlog hex Port length Port port cfg index 0 to 3 length length to show tserv show serial rxlog hex Port length Port port cfg index 0 to 3 length length to...

Page 485: ...erfaces It is used to carry an analogue leased line an X 21 interface an E1 timeslot or a group of E1 timeslots over a packet switched network Both SAToP and CESoPSN are pseudowire protocols 43 2 Clocking For the SAToP CESoPSN function to work satisfactory it is essential that you synchronize the clocks used for the TDM signals of the routers That is run at exactly the same frequency otherwise ove...

Page 486: ...e 43 3 Virtual Access proprietary SAToP CESoPSN protocol extension To compensate for packet loss in the network Virtual Access implemented a proprietary extension to SAToP CESoPSN When enabled a copy of the previous packet payload is added to the end of the packet With the help of this mechanism it is possible to overcome the loss of single packets However the loss of consecutive packets cannot be...

Page 487: ...age 487 of 519 43 5 Configuring SAToP CESoPSN To configure SAToP CESoPSN using the web interface in the top menu select Services CESoPSN The SAToP CESoPSN page appears 43 5 1 Configuring main settings using the web interface The web interface is divided into 3 sections Basic Blackbox and Advanced Note the Blackbox tab only appears if Blackbox is configured on your router Figure 230 SAToP CESoPSN b...

Page 488: ...isabled 1 Enabled Web TOS Value UCI cesopd main tos_value Opt tos_value Note before changing this value consult with Virtual Access support 16 Decimal value of the TOS field in the IP header Range 0 255 Blackbox settings Web Blackbox Enable UCI cesopd main blackbox_enabled Opt blackbox_enabled Enables blackbox recordings See section cesop blackbox show for more information 0 Disabled 1 Enabled Web...

Page 489: ...ser manual Issue 1 7 Page 489 of 519 option tos_enabled 1 option tos_value 1 option blackbox_enabled 0 option blackbox_hours 10 option blackbox_samples 20 43 7 Configuring port settings using the web interface The web interface for port settings is divided into 5 sections Basic Advanced E1 Dual X 21 and Analog Leased Line LL Note for E1 CESoPSN a port represents a timeslot or group of timeslots Fi...

Page 490: ..._________________________________________ _______________________________________________________________________________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 490 of 519 Figure 235 CESoPSN E1 port settings Figure 236 CESoPSN dual X 21 port settings ...

Page 491: ...paddr Opt udp_remote_ipaddr Specifies the remote IP address to send packets to 127 0 0 1 Specific remote interface IP address Range Packets are accepted from all sources and received source IP address will be used as the destination Web Remote Port UCI cesopd port udp_remote_port Opt udp_remote_port UDP port to send packets to The port can be 0 in which case the source port of the incoming packets...

Page 492: ... rate has to be a multiple of 64000 For the analogue LL interface only 64000 is supported Range 64000 2048000 Web External clock mode UCI cesopd port ext_clock Opt ext_clock Enables the use of an external clock N A for E1 and analogue LL 0 Disabled 1 Enabled Table 176 Information table for basic port settings Web Field UCI Package Option Description Web RTP Payload Type UCI cesopd port rtp _payloa...

Page 493: ... framing For SATOP this should be set for E1 unframed For CESoPSN this should be set for E1 double frame or E1 CRC 4 multiframe For CESoPSN this should be defined for first port only 0 E1 unframed 1 E1 double frame basic frame 2 E1 CRC 4 multi frame Web Impedance UCI cesopd port e1t1_line_code Opt e1t1_line_code Specifies the impedance For CESoPSN this should be defined for first port only 0 75 oh...

Page 494: ...ogue LL interface operates in 2 wire mode 1 Analogue LL interface operates in 4 wire mode Web PCM Encoding UCI cesop port all_pcm_encoding Opt all_pcm_encoding Selects the PCM companding algorithm For more information see ITU T G 711 alaw Selects the A law algorithm ulaw Selects the µ law algorithm Web Receive Attenuator Enabled UCI cesop port all_rx_attenuator_enabl ed Opt all_rx_attenuator_enabl...

Page 495: ...s are the configuration for further timeslots or groups of timeslots All the ports have the same devname in this case The examples below show a port section labelled Port 1 config port Port1 option enable 1 option devname ttyLC0 option udp_local_ipaddr 0 0 0 0 option udp_remote_ipaddr 10 1 42 63 option udp_local_port 5152 option udp_remote_port 5152 option rtp_payload_type 96 option rx_jitter_buff...

Page 496: ...ire_mode 0 option all_pcm_encoding alaw option all_tx_analogue_loss_enabled 1 option all_tx_digital_loss 6 option all_rx_analogue_gain_enabled 1 option all_rx_digital_gain 2 option all_rx_attenuator_enabled 1 43 8 3 Dual X 21 interface settings config port Port1 option fifo_irq_level 1 option bit_reverse 0 option x21_clk_invert 0 option x21_data_delay 0 option x21_use_vco 0 43 9 CESoPSN diagnostic...

Page 497: ...s cesop clear stats clear statistics cesop quit terminate cesopd process cesop show debug show diagnostical information cesop blackbox show blackbox information cesop upgrade usbcard upgrade usb card cesop show usbcard status show USB serial card status cesop show usbcard stats show USB serial card statistics cesop clear usbcard stats clear USB serial card statistics cesop show usbcard version sho...

Page 498: ...1 T1 card enable 1 clock_recovery_enabled 1 clock_recovery_debug 0 remote_loopback 0 udp_local_ipaddr 1 1 1 1 udp_local_port 50151 udp_remote_ipaddr 1 1 1 2 udp_remote_port 50152 rtp_header_enabled 1 rtp_payload_type 100 packetization_latency 8 rx_jitter_buffer_enabled 0 rx_jitter_buffer_size_ms 16 app_bit_reverse 0 app_rx_shift 0 va_prop_payload_redundancy_enabled 0 devname ttyU0 local_loopback 0...

Page 499: ...0 all_rx_digital_gain 0 all_tx_digital_loss 0 e1t1_end 1 e1t1_line_code 1 e1t1_framing 2 e1t1_impedance 1 e1t1_timeslot 1 e1t1_protocol 0 43 9 2 cesop show status To show the current operating configuration enter root VA_router cesop show status Port 1 Clock Recovery Status Output Voltage 1 769998V Protocol Status UDP Session Open Remote IP Address 1 1 1 2 Remote UDP Port 50152 Protocol CESoP Rx C...

Page 500: ...rmation enter root VA_router cesop show stats Port 1 Serial statistics Frames read 18359581 Frames written 18359581 Bytes read 1175013184 Bytes written 1468766480 UDP statistics Datagrams transmitted 18359581 Datagrams received 18359581 Bytes transmitted 1468766480 Bytes received 1468766480 Transmit failures 0 Receive failures 0 SAToP CESoP statistics Rx header errors 0 Rx packets lost 1 Rx lost p...

Page 501: ...pretation of the output produced by cesop show debug command is not explained here root VA_router cesop show debug Port 1 Clock Recovery Status Output Voltage 1 763998V Protocol Status UDP Session Open Remote IP Address 1 1 1 2 Remote UDP Port 50152 Protocol CESoP Rx RTP Payload Type 100 Rx RTP SSRC 87654321 Rx Payload Size 64 Rx CESoPSN Header L Bit 0 Rx CESoPSN Header R Bit 0 Rx CESoPSN Header M...

Page 502: ...smitted 90880 Bytes received 90880 Transmit failures 0 Receive failures 0 Receive address errors 0 SAToP CESoP statistics Rx header errors 0 Rx packets lost 0 Rx lost packets recovered 0 Rx TDM payload length errors 0 Tx TDM payload length errors 0 43 9 5 cesop blackbox show If enabled the blackbox records instances of packet loss or the late transmission and reception of packets The information s...

Page 503: ...cal Lost active 0 min mean max 293 7998 15715 Receive sample buffers 2016 01 29 09 51 18 2846 min mean max 366 17737 495308 Local Lost active 0 min mean max 7446 7987 8534 43 9 6 cesop upgrade usbcard The command cesop upgrade usbcard re programs the E1 card with the image in lib firmware va userial bin The command is used for software upgrade of the E1 card If an upgrade is necessary the image wi...

Page 504: ...rors 1 Remote CRC Errors 0 TX Slips 275 RX Slips 0 Errored Seconds 0 Severely Errored Seconds 0 Unavailable Seconds 0 Flow 0 Bytes TX 1806272 RX 1806336 Frames TX 0 RX 0 rxCrcErrors 0 rxLengthErrors 0 txUnderrunErr 4 txFifoErr 0 rxOverrunErr 0 rxCrcErr 0 rxLengthErr 0 rxAborts 0 43 9 8 cesop clear usbcard stats To reset the E1 card statistical counters enter root VA_router cesop clear usbcard stat...

Page 505: ...he BER pattern is transmitted towards the E1 interface and checked against the received data from the E1 interface If the E1 is configured as framed the first configured timeslot or group of timeslots is used To start the bit error rate test enter root VA_router cesop bert start To stop the bit error rate test enter root VA_router cesop bert stop 43 9 12 cesop show bert stats To view the bit error...

Page 506: ... to make and receive calls to and from any number on the real network The router is equipped with an ADSL WAN interface and is the interface of choice for connecting the device to the core network Note success of the pseudowire relies on the network s ability to transfer the data without loss between the Virtual Access router and the provider IP packet loss will result in momentary corruption of d...

Page 507: ...ow the BRI interface to effectively run at the same clock rate as the provider 44 3 ISDN pseudowire in client role The most typical scenario for the GW6610V F ISDN is for it to act in a client role whereby locally attached ISDN equipment can make and receive calls on a remote ISDN network over an IP network typically via the ADSL interface on the GW6610V F ISDN router In the example below it is as...

Page 508: ...ig provider option host 10 1 23 15 option hostport 5060 option username usernameForUnit20 option secret secretForUnit20 UCI Package Option Description UCI config provider host Opt host Specifies the IP address of the provider to register with UCI config provider hostport Opt hostport Specifies the port to send registration requests to UCI config provider username Opt username Specifies the usernam...

Page 509: ... BRI interface on the router Most ISDN user equipment supports two or more MSNs LCR configuration files are stored on etc config lcr root VA_router uci export lcr package lcr config lcr main option enable 1 list msn 384720 list msn 384721 UCI Package Option Description UCI config lcr main enable Opt enable Specifies whether or not LRC should run and allow asterisk access to the ISDN hardware 1 Ena...

Page 510: ...iation for this username and an MSN hosted by this unit Calls to MSNs configured on this site will only be routed to this site if the provider is configured with the appropriate username password MSN triplet UCI config provider secret Opt secret Specifies the password to present to the provider to identify this site Table 180 Options for provider configurations UCI Package Option Description UCI c...

Page 511: ...y the other GW6610V F ISDN unit As most ISDN equipment supports at least two MSN numbers there are typically two or more such sections Note on the other device there will also be an LCR configuration and an Asterisk configuration where the provider and client sections are swapped A typical example of an asterisk and LCR configuration for the other unit in a back to back configuration is shown belo...

Page 512: ... Server or CESoPSN The LL interface has the device name ttyLC0 45 1 Terminal Server V 23 modem emulation When used with the Terminal Server application the LL interface enables a V 23 modem emulation The V 23 modem emulation passes the decoded modem call data to the terminal server application Note gain and attenuation cannot currently be controlled when operating in V 23 modem emulation mode 45 2...

Page 513: ..._________________________________________________________________ _______________________________________________________________________________________________________ Virtual Access 2018 GW6600 Series User manual Issue 1 7 Page 513 of 519 Figure 238 Gain and attenuation flow ...

Page 514: ... ttyLCO Mode Transparent Wire mode 2 wire PCM Encoding A Law root client_B 45 5 Leased line LL statistics To view statistical information about the LL interface enter root VA_router va5420_stats dev ttyLC0 TRANSMIT STATS tx bytes 44661000 tx buffer full counts 0 tx underruns 289 tx discards bytes 16280 RECEIVE STATS rx bytes 44692864 rx overruns 33 rx discards bytes 0 V 23 MODE STATS rx bytes 0 tx...

Page 515: ...her a jitter buffer is enabled and what size it is enter root VA_router uci export cesopd package cesopd config cesopd main option log_severity 5 option enable 1 config port Port1 option rx_jitter_buffer_enabled 1 option rx_ _buffer_size_ms 20 If the cesop application is running to check stats enter root VA_router cesop show config Main Config enable 1 nodaemon 0 log_severity 7 Port 1 config cardT...

Page 516: ...00 Series User manual Issue 1 7 Page 516 of 519 45 5 1 Leased line LL statistics clearing To clear statistics for LL interface enter root VA_router va5420_stats_reset dev ttyLC0 Statistics reset 45 6 LL wiring 45 6 1 2 wire RJ11 RJ45 2 RED TIP 5 tx rx 3 GREEN RING 4 tx rx 45 6 2 4 wire RJ 11 RJ 45 1 YELLOW TIP1 5 TIP1 2 RED TIP 6 TIP 3 GREEN RING 3 RING 4 BLACK RING1 4 RING1 45 6 3 RJ45 1 not conn...

Page 517: ...erface using the relevant application for example Terminal Server therefore there is no standalone serial configuration page You can monitor the various serial interfaces using either the command line or the web interface 46 2 Monitoring serial interfaces using the web interface In the top menu select Status Serial Interfaces Depending on the number of serial interfaces present in the device a num...

Page 518: ... GW6600 Series User manual Issue 1 7 Page 518 of 519 46 2 2 Serial status Figure 240 The serial status page for serial 0 46 3 Monitoring serial interfaces using command line 46 3 1 Serial statistics using command line To view serial statistics enter serial_stats root VirtualAccess serial_stats ttyU0 statistics Tx Frames 0 Tx Bytes 9 Tx Underruns 0 Tx Discards 0 Rx Frames 0 Rx Bytes 258856 Rx Overr...

Page 519: ...ge 519 of 519 46 3 2 Serial status using command line To view serial statistics enter serial_status root VirtualAccess serial_status ttyU0 status Cable Id V 24 DTE Hardware Version QD3128B Firmware Version 1 3 15 DAC Voltage 1650000uV DTR 1 DSR 1 RTS 1 DCD 0 46 3 3 Resetting serial statistics To reset serial statistics enter serial_stats_reset root VirtualAccess serial_stats_reset ttyU0 Serial int...

Reviews:

No comments

Related manuals for GW6600

Enterasys X-Pedition 2000 Getting Started Manual preview
X-Pedition 2000
Brand: Enterasys Pages: 86
National Instruments FieldPoint cFP-RTD-122 Operating Instructions Manual preview
FieldPoint cFP-RTD-122
Brand: National Instruments Pages: 15
Moxa Technologies PT-7324 Series User Manual preview
PT-7324 Series
Brand: Moxa Technologies Pages: 36
Rajant Corporation BreadCrumb CX1 User Manual preview
BreadCrumb CX1
Brand: Rajant Corporation Pages: 40
NETGEAR MA 301 Reference Manual preview
MA 301
Brand: NETGEAR Pages: 20
Option Audio GlobeSurfer X-1 User Manual preview
GlobeSurfer X-1
Brand: Option Audio Pages: 30
IEI Technology PUZZLE-IN005 User Manual preview
PUZZLE-IN005
Brand: IEI Technology Pages: 106
Datavideo NVW-150 Instruction Manual preview
NVW-150
Brand: Datavideo Pages: 71
ADTRAN NetVanta 300 Series Quick Start Manual preview
NetVanta 300 Series
Brand: ADTRAN Pages: 2
Linksys USB100H1 User Manual preview
USB100H1
Brand: Linksys Pages: 44
Haier AB09SC2VH2 User Manual preview
AB09SC2VH2
Brand: Haier Pages: 9
Cisco MC16E Installation Manual preview
MC16E
Brand: Cisco Pages: 28
Cisco LINKSYS WUSB54GR User Manual preview
LINKSYS WUSB54GR
Brand: Cisco Pages: 205
MikroTik RouterBOARD 711-5HnD Quick Setup Manual And Warranty Information preview
RouterBOARD 711-5HnD
Brand: MikroTik Pages: 2
3Com Switch 5500G-EI PWR 48-Port Specifications preview
Switch 5500G-EI PWR 48-Port
Brand: 3Com Pages: 8
3Com 3C421600A Release Note preview
3C421600A
Brand: 3Com Pages: 10
Excito B3 User Manual preview
B3
Brand: Excito Pages: 154
Albalá Ingenieros SEM2000C01 Manual preview
SEM2000C01
Brand: Albalá Ingenieros Pages: 26

Brands by name

Popular brands

Load more brands