manualshive.com logo in svg

Westermo DR-200, Reference Manual

The Westermo DR-200 Reference Manual is a comprehensive guide for users of this advanced networking device. It covers installation, configuration, and troubleshooting procedures in detail. You can download the manual for free from our website, ensuring you have all the information you need to optimize your DR-200 experience.

Share
Download
background image

108

6620-3201

4.46 Confi gure 

>

 IPSec 

>

 IKEv2 

>

 IKEv2 n 

When IKE Version 2 is supported, it is possible to specify whether the IKEv1 or IKEv2 protocol should 
be used to negotiate IKE SA’s. By default, IKEv1 is used and units which have been upgraded from 
IKEv1 to IKEv2 will not require any changes to their con

fi

 guration to continue working with IKEv1. 

Using the Web Page(s) 

Encryption algorithm: 

This parameter selects the encryption algorithm to be used for IKE exchanges over the IP connection. 
You can select “DES”, “3DES”, “AES” or leave the option blank (in which case key exchanges will not 
be attempted). 

Encryption key length (AES only): 

When the Initiator encryption algorithm is set to “AES”, this parameter may be used to select the key 
length as 128 (default), 192 or 256 bits. 

Authentication algorithm: 

This parameter selects the algorithm used to verify that the contents of data packets have not been 
changed in transit since they were sent. You may select none (i.e. blank), “MD5” or “SHA-1”. If the 
parameter is left blank negotiations will not be attempted. 

PRF algorithm: 

This parameter selects the pseudo random function to negotiate and can be selected from “MD5” or 
“SHA1”. 

MODP group: 

This is the DH group number to negotiate. Larger values result in “stronger” keys but take longer to 
generate. 

Duration (s): 

This parameter determines how long (in seconds) the initial IKEv2 Security Association will stay 
in force. When it expires any attempt to send packets to the remote system will result in IKEv2 
attempting to establish a new SA. Enter a value between 1 and 28800 seconds (8 hours). 

Re-key time (s): 

When the time left until expiry for this SA reaches the value speci

fi

 ed by this parameter, the IKEv2 SA 

will be renegotiated, i.e. a new IKEv2 SA is negotiated and the old SA is removed. Any IPSec “child” 
SA’s that were created are retained and become “children” of the new SA. 

Maximum re-transmits: 

This parameter speci

fi

 es the maximum number of times that IKEv2 will retransmit a negotiation frame 

as part of the exchange before failing. 

Re-transmit interval (s): 

This parameter speci

fi

 es the amount of time in seconds that IKEv2 will wait for a response from the 

remote system before retransmitting the negotiation frame. 

Inactivity timeout (s): 

This parameter speci

fi

 es the period of time in seconds after which when no response to a negotiation 

packet has been received from the remote IKEv2 will give up. 

NAT traversal enabled: 

When set to “On”, this parameter enables support for NAT traversal within IKEv2/IPSec. When one 
end of an IPSec tunnel is behind a NAT box, some form of NAT traversal may be required before 
the IPSec tunnel can pass packets. Turning NAT traversal on enables the IKE protocol to discover 
whether or not one or both ends of a tunnel is behind a NAT box, and implements a standard NAT 
traversal protocol if NAT is being performed. 
The version of NAT traversal supported is that described in the IETF draft “draft-ietf-ipsec-nat-t-ike 03.
txt”. 

Summary of Contents for DR-200

Page 1: ...Westermo Teleindustri AB 2006 DR 200 MR 200 ADSL Router GPRS Router www westermo com Web Interface and Command Line Reference Guide 6622 3201...

Page 2: ...cular purpose are made in relation to the accuracy and reliability or contents of this document Westermo reserves the right to revise this document or withdraw it at any time without prior notice Unde...

Page 3: ...range of communications capabilities our products provide a combination of powerful yet easy to use configuration management and diagnostic tools These include a protocol analyser a time stamped even...

Page 4: ...have the TCP IP Dial up adapter installed in the Network Configuration for Windows Check this by selecting Settings Control Panel Network Configuration 2 2 1 Installing the Driver File You will need...

Page 5: ...he Windows Start menu select All Programs Accessories Communications New Connection Wizard You will be presented with the New Connection Wizard introduction screen Click on Next to proceed to the Netw...

Page 6: ...g You are now ready to initiate a connection 2 2 4 Initiating a DUN Connection In the main dialog you are asked to enter a username and password The default settings for your unit are username and pas...

Page 7: ...st first connect it to a suitable asynchronous terminal You will first need to set the interface speed data format for your terminal to 115 200bps 8 data bits no parity and 1 stop bit these settings c...

Page 8: ...ith a result code to indicate whether the command was successful If all commands entered on the line are valid the OK result code will be issued If any command on the line is invalid the ERROR result...

Page 9: ...to match Note Speed locking is not necessary when you use the text commands via a Telnet session Westermo application commands referred to just as text commands throughout the remainder of this guide...

Page 10: ...ATD command followed by the X 28 CALL command An outgoing TPAD Transaction PAD call may be made by using the TPAD a address command followed by the appropriate NUA this is normally only carried out u...

Page 11: ...e displayed as a series of dots for security purposes Correct entry of the username and password will display the main operations page Clicking on the Click to load Applet graphics button will display...

Page 12: ...dBm effectively no signal 1 111 dBm to 87 dBm weak signal 2 85 dBm to 71 dBm medium strength signal 3 69 dBm to 51 dBm strong signal The minimum recommended strength indication is 2 LED s If you have...

Page 13: ...event the unit from answering any calls to numbers that do not end in 123 Sub address This parameter provides the filter for the ISDN sub address facility It is blank by default but when set to an app...

Page 14: ...e LAPB Configuration The following parameters are only used if a V 120 connection is established in Multi frame mode N400 counter This is the standard LAPB LAPD retry counter The default value is 3 an...

Page 15: ...3 4 V Mode 0 V120 mode 1 V110 mode 2 V110 V120 detect 3 X75 Transparent 4 X75 T 70 NL Dial Retries If an ISDN connection is established but rate adaption is not negotiated this parameter will allow t...

Page 16: ...01 NS 00 NR 01 40 03 00 02 X25 RESTART CONFIRMATION from DTE to DCE LCG 0 LCN 0 PTI 10 00 FF Both B and D channel analysis can be enabled simultaneously if necessary and you can select which LAPB and...

Page 17: ...PAK Size allows you to specify the maximum number of bytes from each X 25 Information Frame that will be included in the trace Frames that are larger than this value are truncated Bear in mind that th...

Page 18: ...s are Parameter Values Equivalent Web Parameter anon off on Analyser asyon 1 15 ASY source ikeon off on IKE ipfilt number list IP filters l1on off on Protocol layers layer 1 l2on off on Protocol layer...

Page 19: ...ON ON Ethernet IP or PPP sources These are a special case and cannot be configured from the command line using the ana command Instead these sources must be turned on or off from the command line by...

Page 20: ...OFF OFF ON OFF ON 6 OFF OFF ON ON OFF 7 OFF OFF ON ON ON 8 OFF ON OFF OFF OFF 9 OFF ON OFF OFF ON 10 OFF ON OFF ON OFF 11 OFF ON OFF ON ON 12 OFF ON ON OFF OFF 13 OFF ON ON OFF ON 14 OFF ON ON ON OFF...

Page 21: ...unit is powered up this is equivalent to AT C0 Selecting Off configures the unit so that the DCD signal is normally on but goes off for the length of time specified by S10 after a call is disconnecte...

Page 22: ...to set the ASY port parity to Even Odd or None as required Disable Port This parameter will disable the ASY port from the software stack The ASY port will not be able to send data and any data receiv...

Page 23: ...de Z Load profile C DCD control D DTR response K Flow control W Store profile Y Power up profile S0 Answer Ring count S1 Ring count S2 Escape character S12 Escape delay S15 Forwarding register S23 Par...

Page 24: ...ameter is set to On the socket will not be cleared by the unit at the end of a transaction data call or data session depending on what the TransIP ASY port was bound to and protocol it was implementin...

Page 25: ...de to IP Address Try Next In the case that a connection to the primary IP address has just failed this parameter determines whether a connection to the backup IP address should be attempted immediatel...

Page 26: ...or the Microsoft SCEP server you browse to a web interface If the server requires a challenge password it will be displayed on the page along with the CA certificate fingerprint This challenge passwor...

Page 27: ...instance parameter value where instance is 0 The parameters and values are Parameter Values Equivalent Web Parameter challenge_pwd text Challenge password commonname text Common name country text Cou...

Page 28: ...nts the SCEP application on the server CA Identifier CA identifier Private Key filename The filename of the private key Certificate request filename The filename of the certificate request Certificate...

Page 29: ...he parameters and values are Parameter Values Equivalent Web Parameter app text Application caencfile text CA encryption certificate filename cafile text CA certificate filename caident text CA Identi...

Page 30: ...he page are used to generate the private key and the certificate request Generate Private Key Clicking this button will generate the private key Generate Certificate Request Clicking this button will...

Page 31: ...tificate request enter the command creq new parameter value parameter value The parameters and values are Parameter Values Equivalent Web Parameter b number New Key Size k text Private key filename o...

Page 32: ...n code specified The reason code is simply a numeric value that may be selected to suit your particular application If any one of the entries is set to Answer the unit will only answer incoming calls...

Page 33: ...nd Line Response Manipulation which is available on the Westermo web site Using the Web Page s The Configure Command Filters page contains a table that allows you to enter a series of command filters...

Page 34: ...configure or display the command mappings To display the current command mappings enter the following commands cmd n cmdmapo cmd n cmdmapi where n is the table entry number i e 0 to 3 The cmdmapi par...

Page 35: ...dresses starting with the address set for the Minimum assigned IP address parameter DNS server address This parameter specifies the IP address of a DNS server to be used by clients on the LAN This wil...

Page 36: ...nce 1 will run on Ethernet port 1 etc On models with a single Ethernet port only one DHCP instance is available To change the value of a parameter use the following command dhcp 0 parameter value The...

Page 37: ...y enter the MAC addresses of the devices that you want to allocate a fixed IP addresses to in the left hand column and the required IP addresses in the right hand column It is important to ensure that...

Page 38: ...the interval in seconds at which the unit will issue update messages to the DNS server Username This parameter is used to store the username that has been allocated to you by the Dynamic DNS service P...

Page 39: ...where instance is 0 To change the value of a parameter use the command in the format dnsupd instance parameter value The parameters and values are Parameter Values Equivalent Web Parameter autotzone...

Page 40: ...ode G lite Annex A only attempt to connect in ITU G 992 2 G lite mode AFE For units fitted with an Annex B ISDN interface this parameter is used to select the type of ADSL Analogue Front End AFE that...

Page 41: ...516 VC multiplexed PPP over Ethernet PPPoE LLC RFC 2516 LLC encapsulated PPP over Ethernet Bridged Ethernet VC Mux RFC 2684 VC multiplexed bridged Ethernet Bridged Ethernet LLC RFC 2684 LLC encapsulat...

Page 42: ...VPI Another text command pingatmmay be used to transmit an OAM F5 loop back requests over the specified APVC The format of the command is pingatm instance type count where instance is 0 3 type is end...

Page 43: ...assword Specifies the password to use when updating hostnames Confirm password Enter the password again in this field to confirm it Interface Defines which interface PPP or Ethernet this DYNDNS instan...

Page 44: ...r Values Equivalent Web Parameter epassword text None this is the password in encrypted format This parameter is not configurable hostname1 text Hostname 1 hostname2 text Hostname 2 hostname3 text Hos...

Page 45: ...s ports is connected to another hub or switch on the same physical network otherwise an Ethernet loop can occur The default behaviour is HUB rather than Port Isolate Note VLAN tagging is not available...

Page 46: ...not on the LAN to which the unit is connected will be forwarded to this gateway NAT mode This parameter is used to select whether IP Network Address Translation NAT or Network Address and Port Transl...

Page 47: ...ame time for this Ethernet instance When set to Off the Ethernet instance will operate in half duplex mode Firewall This parameter is used to enable or disable firewall operation for this Ethernet ins...

Page 48: ...prevent the unit from disconnecting the link even when there is no genuine traffic This effect can be prevented by using the appropriate commands and options within the firewall script However on Wes...

Page 49: ...PING IP address and No PING response out of service delay this parameter can be used to configure the router to use a back up interface automatically should there be a problem with this interface PIN...

Page 50: ...ce within the VRRP group from 0 to 255 255 is the highest priority and setting the priority to this value would designate this Ethernet port as the initial owner within the group The value selected fo...

Page 51: ...0 No restrictions 1 Disable management 2 Disable return RST 3 Disable management and return RST oossecs number Out of service time s pingint number PING request interval s pingip IP address PING IP a...

Page 52: ...parameter should be set to the maximum data rate that this PPP link is capable of sustaining It is used when calculating whether or not the data rate from a queue may exceed its Minimum Kbps setting...

Page 53: ...q3prio 0 4 Queue 3 Priority q4prof 0 11 Queue 4 Profile q4prio 0 4 Queue 4 Priority q5prof 0 11 Queue 5 Profile q5prio 0 4 Queue 5 Priority q6prof 0 11 Queue 6 Profile q6prio 0 4 Queue 6 Priority q7pr...

Page 54: ...this parameter specifies the interval in seconds between successive probe attempts when the interface is in VRRP master mode Probe failure limit This parameter specifies the number of probe failures...

Page 55: ...th instance where instance is the number of the Ethernet interface To change the value of a parameter use the following command eth instance parameter value The parameters and values are Parameter Val...

Page 56: ...ossible to allow a range of addresses by specifying only the significant portion of the MAC address in the table e g macfilt 0 mac 00042d to allow packets from Westermo units Using the Web Page s The...

Page 57: ...e TCP header to identify the destination VLAN for the packet ETH Instance The Ethernet port that will tag the outgoing packets Only packets sent from this interface will have VLAN tagging applied IP A...

Page 58: ...g command vlan instance where instance is the VLAN instance 0 9 To change the value of a parameter use the following command vlan instance parameter value The parameters and values are Parameter Value...

Page 59: ...r will delay the sending of SNMP traps email requests and SMS messages for a period of time after the unit powers up This is useful in circumstances where the sending of those items would fail if sent...

Page 60: ...the last 24 hour period Max SYSLOG messages day The value in this field is the maximum number of SYSLOG user informational messages that the unit can generate per day This is intended to prevent messa...

Page 61: ...ter the command event instance where instance is 0 At present there is only one event log i e 0 but the instance parameter has been included to allow for future expansion To change the value of a para...

Page 62: ...oose from Off the Analyser trace will continue as normal Freeze No more logging is performed until the email is sent or Delete The trace is deleted once the email is sent Attach Eventlog Selecting On...

Page 63: ...ler page Priority is Conditional on Entity If this parameter is On the event is conditional on which entity triggered the event e g eth ppp etc Choose the entity from the Entity drop down list Entity...

Page 64: ...PPP instances the priority for the reason will apply For example if you wish that only events on PPP0 and PPP3 have the priority set in the Priority parameter enter 5 1010 in decimal Log Level The pr...

Page 65: ...re already one or more lines in the file there will be two Insert buttons one next to the line which inserts a new line above the current line and one on the line below which inserts a new line below...

Page 66: ...echo on by entering ATE1 4 Type AT LS the unit should respond with OK 5 Type XMODEM FW TXT and press Enter and the unit will wait for the file transfer to start 6 Select the File transfer XMODEM Send...

Page 67: ...d for a TCP socket to close once the first FIN packet has been received If the timer elapses before the socket has completed closing the associated stateful inspection rule is removed TCP closed s Thi...

Page 68: ...To change the value of a parameter use the command in the format fwall 0 parameter value The parameters and values are Parameter Values Equivalent Web Parameter closed number TCP closed s closing numb...

Page 69: ...options To display current settings enter the command ftpcli instance where instance is 0 At present there is only one FTP client instance i e 0 but the instance parameter has been included to allow...

Page 70: ...eds to relay a file Server hostname This is the name of the FTP host to which files from the locally attached device are to be relayed Server username This is the username required for login to the sp...

Page 71: ...e g longer than an 8 3 style file name such as autoexec bat Email template This field contains the name of the template file that will be used to form the basis of any email messages generated by the...

Page 72: ...d text None this is the password in encrypted format This parameter is not configurable ftphost IP address Server hostname ftppwd text Server password ftpuser text Server username locuser text Local u...

Page 73: ...ust be used For example to issue a command to ASY port 3 you would use cmd 3 autocmd command where command is the command to be issued to ASY 3 on power up System hostname This parameter can be used t...

Page 74: ...connected to that port raises the DTR signal When set to GPRS Signal Strength the four LED s that normally indicate activity on the ASY ports GR2130 and GR2410 only function instead as a signal stren...

Page 75: ...se number This parameter specifies the value of the Object Identifier component following enterprises to be used by SNMP managers when accessing the MIB on the unit Object Identifiers of objects in th...

Page 76: ...cannot be activated i e the metric for the route is set to 16 This means the unit will subsequently attempt to route packets through other routes with matching net masks that are not out of service A...

Page 77: ...eter is set to On the CLI is included with the Calling Party element when the unit makes a call Auto Configure Email Fields This section is used to set up parameters for use in communicating with a co...

Page 78: ...To change the value of a parameter use the command in the format cmd instance parameter value The parameters and values are Parameter Values Equivalent Web Parameter anonftp off on Allow anonymous FT...

Page 79: ...d layer 3 re triggering when all routes are out of service and a packet comes in postbanner filename Post login banner ppp_detect off on PPP detect prebanner filename Pre login banner rip number RIP i...

Page 80: ...d To display current local port access level settings enter the command local instance where instance is 0 To change the value of a parameter use the command in the format local instance parameter val...

Page 81: ...to acknowledge received data immediately therefore setting this parameter to too small a value is not recommended Some stacks delay sending TCP ACKs in order that they can be incorporated with data s...

Page 82: ...ter Values Equivalent Web Parameter asymss number Asy port sockets MSS to advertise asyrxwin number ASY port sockets RX window to advertise xot_ipadd number Default XOT source IP address interface xot...

Page 83: ...e PPP instance that is configured by default configured to connect to the GPRS network Once your GPRS unit is correctly configured you can check to see if it has obtained an IP address from the networ...

Page 84: ...erating modes Each string is prefixed with the characters AT before being sent to the GPRS module and they are sent to the GPRS module in the order specified until an empty string is encountered For e...

Page 85: ...dited and sent using the Configure SMS Edit page If no number is specified it is possible that the unit will operate using the default message centre for the GSM service to which you have subscribed S...

Page 86: ...init_str1 text Initialisation string 2 init_str2 text Initialisation string 3 ipaddr IP address Static IP address link_retries number Link retries pin number PIN posthang_str text Post hang up string...

Page 87: ...Server Ethernet Port n Fill in the six sections appropriately Next server address is optional then click OK not forgetting to save the configuration later In the above example the unit has an IP addr...

Page 88: ...r is selected the Cell Monitor will retrieve GPRS specific cell information Monitoring interval s When this parameter is set to a non zero value this specifies the interval in seconds between informat...

Page 89: ...ll Status GPRS Module GPRS Cell Info Using Text Commands From the command line the cellmon command can be used to configure the Cell Monitor To display the current settings for the Cell Monitor enter...

Page 90: ...ix will be sent at the specified interval Position GLL When this parameter is enabled current position data will be sent at the specified interval Active satellites GSA When this parameter is enabled...

Page 91: ...P UTC and local date time data ZDA message must be enabled on the receiver TCP UDP mode 1 This parameter specifies whether GPS data is sent over a TCP IP connection or as UDP packets IP address 2 The...

Page 92: ...ites GSA enabled gsv_on off on Satellites in view GSV enabled rmc_on off on Position and time RMC enabled vtg_on off on Course over ground VTG enabled zda_on off on UTC and local date time data ZDA en...

Page 93: ...interpreter instance that it is connected to a GPS receiver so that commands received by this instance are ignored rather that treated as invalid commands Secondly it is used by the at gps command see...

Page 94: ...ate the dead route to other routers The unit will no longer use a metric advertised by a RIP update if the route has been set out of service locally Using Text Commands From the command line the rip c...

Page 95: ...ved within that time RIP packets must have a source address that is included in the RIP access list Using the Web Page s IP address This is a list of IP addresses that RIP packets must come from if th...

Page 96: ...d year parameters A value of 1 31 is the day of the month the key is valid from but this value must not exceed the number of days in the Key start month Key start month This parameter defines the mont...

Page 97: ...ay the current settings for a RIP authentication key enter the following command ripauth instance where instance is the instance of the RIP authentication key To change the value of a parameter use th...

Page 98: ...which match the IP address Mask or IP address Mask plus Source address Source Mask combination Either None PPP or Ethernet may be selected Interface sub config This parameter determines which PPP Sub...

Page 99: ...at the specified interval If the interface does connect the unit will clear the out of service status for the route Deactivate interface after successful activation retry When set to On this parameter...

Page 100: ...ivation failure retry interval s deact_add number Deactivate interface deact_ent 0 1 Deactivate interface 0 None 1 PPP dial_int 0 255 Redial delay s doinact2 off on Use 2nd inactivity timeout when thi...

Page 101: ...oint requesting it To achieve this the two endpoints commonly identify themselves and verify the identity of the other party They must do this in a secure manner so that the process cannot be listened...

Page 102: ...val on suspect link This parameter defines the interval at which DPD requests on a link that is deemed to be suspect Tunnel inactivity timer s This parameter defines the period of time for inactivity...

Page 103: ...u are using X 509 certificates Aggressive mode was developed to allow the host to identify a remote unit initiator from an ID string rather than from its IP address This means that it can be used over...

Page 104: ...that IKE will wait for a response from the remote system before retransmitting the negotiation frame Inactivity timeout s This parameter specifies the period of time in seconds after which when no re...

Page 105: ...ation algorithm deblevel 0 1 2 3 Debug level debug off on Use debug port dpd off on Dead Peer Detection encalg des 3des Encryption algorithm ikegroup 1 2 5 IKE MODP group inactto 0 255 Inactivity time...

Page 106: ...accept when acting as a responder This value may be decreased from the maximum value of 5 to ensure that negotiations times are not excessive Duration s This parameter determines how long in seconds t...

Page 107: ...re or display IKE responder settings To display current settings for the IKE responder enter the command ike instance where instance is 0 To change the value of a parameter use the command in the form...

Page 108: ...ciation will stay in force When it expires any attempt to send packets to the remote system will result in IKEv2 attempting to establish a new SA Enter a value between 1 and 28800 seconds 8 hours Re k...

Page 109: ...mmand ike2 instance where instance is 0 or 1 To change the value of a parameter use the command in the format ike2 instance parameter value The parameters and values are Parameter Values Equivalent We...

Page 110: ...the unit will allow remote peers to negotiate This can currently include MD5 SHA1 or both If the remote peer requests the use of an algorithm that is not included in this list the negotiation will fai...

Page 111: ...IKEv2 Responder settings To display current settings for the IKEv2 responder enter the command ike2 instance where instance is 0 To change the value of a parameter use the command in the format ike2...

Page 112: ...te system to identify the initiator When certificates are used this field should contain the Altname field in a valid certificate held on the unit RSA private key file This field is used to override t...

Page 113: ...ent by the remote Windows client this is usually the computer name Local port Remote port These parameters are used to match packets with a particular Eroute For example if Local port is 0 and Remote...

Page 114: ...when negotiating new IPSec SA s When used the IPSec SA keys cannot be predicted from any of the previous keys generated It can be set to No PFS 1 2 or 3 Larger values result in stronger keys but they...

Page 115: ...table serves a dual purpose in that it may contain a series of entries for normal login access i e for dial in HTTP FTP or Telnet access and entries for IPSec look up In the screenshot below entries...

Page 116: ...versal keep alive interval s This parameter may be used to set a timer in seconds such that the unit will send regular packets to a NAT device in order to prevent the NAT table from expiring Link Erou...

Page 117: ...5 sha1 ESP authentication algorithm espenc off des 3des aes ESP encryption algorithm gre off on GRE idisfqdn no yes Send our ID as FQDN ifadd number Link eroute with interface ifent blank ppp eth Link...

Page 118: ...stname privkey filename RSA private key file proto off tcp udp IP protocol refirstport 0 65535 First remote port IKEv2 only remip IP address Remote subnet IP address remlastport 0 65535 Last remote po...

Page 119: ...me e g Host1 Then set the Peer ID parameter to Remote for example In addition an entry would be made in the user table with Remote for the Username and a suitable Password value e g mysecret Each of t...

Page 120: ...devices behind the router If Pass Packet is selected then data that matches an Eroute definition will be decrypted and authenticated depending on the Eroute options selected but data that does not mat...

Page 121: ...ect to the ISDN network This is the default value and should not be changed for normal operation across the ISDN network If your application involves using two units back to back one of the units shou...

Page 122: ...er is used to set the X 25 window size The value range is from 1 to 7 with the default being 7 Restart when activate This parameter can be set to No or Immediate When set to Immediate the LAPB instanc...

Page 123: ...meter ans off on Answering cli number CLI dtemode 0 1 DTE DCE mode 0 DTE 1 DCE keepact off on Keep Activated l1iface isdn port Layer 1 interface l1nb 0 1 Sync port msn number MSN n400 1 255 N400 count...

Page 124: ...is set to Yes the unit will try to reactivate a D channel connection after disconnection by the network by transmitting SABME frames If it is unable to reactivate the connection after retrying the num...

Page 125: ...n conjunction with the Tx Throughput parameter to limit the maximum data throughput on a LAPD link in bits per second If this parameter is set to 0 the unit will transmit data across the LADP link as...

Page 126: ...eter Values Equivalent Web Parameter d64schan number First D64 B channel d64smode off on D64S mode dtemode off on DTE DCE mode off DCE mode on DTE mode enabled off on Enabled keepact off on Keep activ...

Page 127: ...used to enable or disable L2TP answering MSN The MSN parameter provides the filter for the ISDN Multiple Subscriber Numbering facility It is blank by default but when set to an appropriate value with...

Page 128: ...an L2TP server Secret This parameter is only used if the Authenticate parameter is set to ON in which case it is used as part of the authentication process and both the router and the remote host mus...

Page 129: ...er Values Equivalent Web Parameter ans off on Answering aot off on Always on tunnel auth off on Authenticate debon 0 1 None Turn debugging mode on or off 0 OFF 1 ON l1iface isdn port Layer 1 interface...

Page 130: ...outer only converts the PPP from one form to another the router can initiate it s own PPP sessions This is used for example when The router is configured as a router to connect an Ethernet network to...

Page 131: ...is used Connections The parameters in this section are used to specify when the secondary ISDN B channel should be activated 1B 2B rate bytes s This is the transfer rate in bytes sec that will trigger...

Page 132: ...mands From the command line use the mlppp command to set or display MLPPP parameter settings To display current settings for MLPPP enter the following command mlppp instance where instance is 0 To set...

Page 133: ...mode This option allows you to configure a second GPRS PPP connection In this case the ASY port used would typically be a virtual port corresponding to a spare multiplex channel into the internal GPRS...

Page 134: ...r has been included to allow for future expansion To change the value of a parameter use the following command modemcc 0 parameter value The parameters and values are Parameter Values Equivalent Web P...

Page 135: ...e system and is usually only required for outgoing PPP calls Confirm password If altering the password the new password must also be entered here The unit will check that both fields are identical bef...

Page 136: ...e PPP will only answer a call if the trailing digits of the calling number match what is specified by this parameter For example if Calling Number was set to 3 incoming calls from 1234563 would be ans...

Page 137: ...stination unreachable responses The Disable management return RST option prevents users from managing the unit via the Telnet FTP and web interfaces and also disables the transmission of TCP RST packe...

Page 138: ...his field should be used to enter the address of the DNS server that should be used to resolve IP addresses If this field is left blank PPP will attempt to negotiate this address during the network ne...

Page 139: ...to V1 Compat the unit will transmit RIP version 2 packets to the subnet broadcast address This allows V1 capable routers to act upon these packets When RIP is enabled RIP packets are transmitted when...

Page 140: ...and request the keysize specified else the PPP negotiations will fail Note With MPPE is that there is no pre shared keys to set up or keys to set up at all The encryption keys are determined by the P...

Page 141: ...unit s IP network address This is only used when the network address is not remotely assigned Remote network mask This specifies the IP netmask for the Remote network address parameter see above This...

Page 142: ...er enter the command in the format ppp instance parameter value For example ppp 0 ans 1 The parameters and values are Parameter Values Equivalent Web Parameter ans off on Answering aodi_dly number AOD...

Page 143: ...k IP netmask Remote network mask maxneg number Maximum negotiation time s maxup number Maximum link up time s maxuptime number Max up time per day mins minup number Minimum link up time s mppe off on...

Page 144: ...imeout number Rx packet Inactivity timeout s tband number Time band timeout number Inactivity timeout s timeout2 number Inactivity timeout 2 s uplogmins number Log event up time mins use_modem 0 1 2 3...

Page 145: ...to request a call back when it dials into another unit Note that the answering PPP instance of the remote unit must also be configured with the phone number of the calling unit and a suitable username...

Page 146: ...it to get the remote to request the use of VJ compression Request remote PFC Setting this parameter to Yes causes the unit to get the remote to request Protocol Field Compression LCP echo request inte...

Page 147: ...nt to the PPP interface by TCP may be dropped by the network if they are sent too quickly after PPP negotiation has been completed This parameter may be used to delay the notification to TCP that PPP...

Page 148: ...low IPSec source IP from interface See above Layer 1 interface This parameter can be set to Default Port or Eth and determines whether PPP frames are carried over ISDN X 25 call local DUN Default opti...

Page 149: ...ng this option will allow a remote unit to authenticate with the unit using the CHAP MD 5 algorithm MS CHAP Algorithm Enabling this option will allow a remote unit to authenticate with the unit using...

Page 150: ...equest local ACFC l_addr off on Request IPCP local address option l_bacp phone number Request BACP l_callb off on Request call back l_chap off on Request local CHAP authentication l_comp off on Reques...

Page 151: ...t remote compression r_md5 0 1 Remote CHAP MD5 0 Disabled 1 Enabled r_mru hex number Desired remote MRU r_ms1 0 1 Remote MS CHAP Algorithm 0 Enabled 1 Disabled r_ms2 0 1 Remote MS CHAPv2 Algorithm 0 E...

Page 152: ...st LCN that will be assigned for outgoing X 25 CALLs The default is 1027 LCN direction This parameter determines whether the LCN used for outgoing X 25 calls is incremented or decremented from the sta...

Page 153: ...d or decremented from the starting value when multiple X 25 instances share one layer 2 LAPB or LAPD connection The default is Down and LCN s are decremented i e if the first call uses 1024 the next w...

Page 154: ...d to it and send at a higher rate up to the Maximum Kbps setting Queue priorities Below this heading is a list of the queues from 0 to 9 alongside each of which are drop down selection lists for assig...

Page 155: ...ity q7prof 0 11 Queue 7 Profile q7prio 0 4 Queue 7 Priority q8prof 0 11 Queue 8 Profile q8prio 0 4 Queue 8 Priority q9prof 0 11 Queue 9 Profile q9prio 0 4 Queue 9 Priority The queue priority values ar...

Page 156: ...cted the appropriate values click the Add button Each time you do this the new binding will appear in the list at the top of the page along with a Remove button Clicking the Remove button will remove...

Page 157: ...N modems is predetermined Using the Web Page s Refer to the Configure PPP External Modems External Modemn section for a description of the parameters used to set up an internal PSTN modem where this f...

Page 158: ...an attempt to get the TCP socket generating the packets to back off it s transmit timers thus preventing the queue overflow which would result in all subsequent packets being dropped QOS is a complex...

Page 159: ...DSCP codes that are set to Default will have their queue number changed Using Text Commands From the command line use the dscp command to configure or display the DSCP mappings To display a DSCP mapp...

Page 160: ...received that would cause the maximum length to be exceeded are dropped WRED minimum threshold This parameter specifies the minimum queue length threshold for using the WRED algorithm to drop packets...

Page 161: ...g factor used should therefore be selected carefully to suit the type of traffic using the queue Using Text Commands From the command line use the qprof command to configure or display the queue profi...

Page 162: ...ssful and the server sends an IDLE TIMEOUT attribute 28 the idle time specified will be assigned to the remote session If no IDLE TIMEOUT attribute is sent the unit will apply the default idle timeout...

Page 163: ...counting NAS and is used to identify the RADIUS client The appropriate value will be supplied by the Secondary accounting NAS administrator Secondary accounting server IP address This password is supp...

Page 164: ...dary accounting NAS ID apassword text Primary accounting server password apassword2 text Secondary accounting server password aserver IP address Primary accounting server IP address aserver2 IP addres...

Page 165: ...essage Cancel Click on the Cancel button to clear the message Using Text Commands The sendsms command can be used to send an SMS message from the command line The format of the command is as follows s...

Page 166: ...face The Interface field is used to specify which instance of PPP to use for SMTP normally PPP1 Mail from address This parameter specifies the text to be inserted between the MAIL FROM braces command...

Page 167: ...instance is 0 At present there can only be one instance of SMTP i e 0 but the instance parameter has been included to allow for future expansion To change the value of a parameter use the following co...

Page 168: ...synchronous mode as selected by the Sync Port parameter below To configure ASY 0 or ASY 1 for synchronous operation refer to the Configure Sync Ports page Sync port This parameter is only relevant if...

Page 169: ...t to On a TEST frame is not transmitted and the TEST response is not expected Instead the unit assumes the station exists and proceed with the protocol as if the DLSw has received the TEST response SN...

Page 170: ...fault value is 1000 milliseconds 1 second and under normal circumstances it should not be necessary to change it T200 timer ms This is the standard LAPB re transmit timer The default value is 1000 mil...

Page 171: ...parameter to either PPP or ETH Ethernet the source address used by SNAIP will match that of the Ethernet or PPP interface specified by the Source IP from interface parameter below Source IP address in...

Page 172: ...d_null off on Send Null XID sock_inact number TCP socket inactivity timer s srcipadd number Source IP address interface srcipent PPP ETH Source IP address interface stations numbers Polling stations s...

Page 173: ...unit is booted Offset from GMT hrs This parameter should be set to or the number of hours the unit s time should be ahead or behind Greenwich Mean Time Daylight Savings Parameters The following parame...

Page 174: ...tp 0 parameter value The parameters and values are Parameter Values Equivalent Web Parameter dstmins 0 59 Daylight savings adjustment dstoffday 0 31 Daylight savings stop day dstoffhr 0 23 Daylight sa...

Page 175: ...configure the number of SSH server sockets that listen for new SSH connections It is possible to configure which authentication methods are able to be used in an SSH session and the preferred selectio...

Page 176: ...e significantly different V2 Options Actively start key exchange Some SSH clients wait for the server to initiate the key exchange process when a new SSH session is started unless they have data to se...

Page 177: ...number Maximum login time logintries number Maximum login attempts mac_md5 number MAC MD5 preference mac_md596 number MAC MD5 96 preference mac_sha1 number MAC SHA1 preference mac_sha196 number MAC SH...

Page 178: ...authentication Client private key filename The file that contains the private key that matches the public key stored in the certificate entered in the Client certificate filename parameter Using Text...

Page 179: ...sk combination it will route that packet through the interface specified by the Interface and Interface parameters Interface Interface Are used to specify the interface and number through which to rou...

Page 180: ...local IP addresses For example if you wanted to run a server on a local area network and make it externally accessible you would need to set up a static NAT mapping using the local IP address of the s...

Page 181: ...ntry number This lists the port number and the mapped IP address To change the value of a parameter use the command in the format nat entry parameter value The parameters and values are Parameter Valu...

Page 182: ...t be configured to use a synchronous port as its lower layer interface The parameters for a synchronous port are described below Clock source This specifies whether the direction of the clock signal I...

Page 183: ...t i e 0 but the port parameter has been included to allow for future expansion To change the value of a parameter use the following command sy 0 parameter value The parameters and values are Parameter...

Page 184: ...rnal jumpers that determine the clock mode By default these are set so that the unit acts as a clock sink For correct X 21 operation the jumper settings must match the setting of the Clock source para...

Page 185: ...g UDP Currently this only involves sending Backup IP addresses If an IP address is configured in the System messages destination field the unit will send IP address available and IP address unavailabl...

Page 186: ...tervals using the SNTP option Using the Web Page s This page allows you to set the date and time by filling in the appropriate dialog boxes Using Text Commands To set the time and date from the comman...

Page 187: ...times Days of the week are entered in the format Mon Tue Wed Thu Fri Sat and Sun To specify multiple days separate them by a comma Alternatively the working days from Monday to Friday inclusive may be...

Page 188: ...the days on which the transition occurs time specifies the time at which the transition occurs state specifies the type of transition on or off Valid days of the week are entered in the format Mon Tu...

Page 189: ...in the Download section of the Westermo web site www Westermo co uk Using the Web Page s The Configure TPAD folder expands to list separate pages for each of the available TPAD instances Each page is...

Page 190: ...when an outgoing TPAD call has been connected instead of the normal ENQ character For example this might be used to make a TPAD connection look like a PAD connection by specifying CON COM as the conn...

Page 191: ...default X 25 packet size to be used for TPAD transactions Layer 2 interface This parameter is used to select whether the TPAD instance will use ISDN B channel X 25 Dchannel X 25 TCP VXN or SSL as the...

Page 192: ...an Excessive Transaction Time event code 56 each time a TPAD transaction takes longer that the specified number of seconds This could be used in conjunction with an appropriate Event Handler configur...

Page 193: ...rough without the parity being changed set this option to Off ACK data This parameter causes the unit to acknowledge TPAD data packets from the terminal This parameter should normally be set to the de...

Page 194: ...ro for this parameter prevents the unit from replying Transaction delay ms Setting this parameter will cause the unit to pause for the specified number of milliseconds in between successfully connecti...

Page 195: ...backup interface LCN direction This parameter determines whether the LCN used for the backup X 25 interface is incremented or decremented from the starting value when multiple X 25 instances share a...

Page 196: ...sage numbering dorest off on Restarts dotermid off on Terminal ID translation dsync off on Direct sync eot_only off on EOT only fpar off on Force parity ASY ftime number Forward mode time s inclrc off...

Page 197: ...s tidtime number TID timeout s tl2deact number Layer 2 deactivation timer s trandel 0 5000 Transaction delay ms tresp number Response timeout s trig_str text Data trigger tsla number SLA Tran Time ms...

Page 198: ...ne echo interface When this parameter is set to No the interface used to send UDP echo packets will be specified in the Interface and Interface parameters below In this instance the interface must alr...

Page 199: ...lue The parameters and values are Parameter Values Equivalent web parameter dstip IP address Destination IP address dstport number Destination port ifadd number Interface ifent PPP ETH Interface inter...

Page 200: ...routers can dial into the local router static routes cannot always be used to ensure that packets which should be routed to the remote network are sent through the correct PPP interface This parameter...

Page 201: ...change the value of a parameter use the command in the format user number parameter value The parameters and values are Parameter Values Equivalent Web Parameter access 0 4 User access code 0 Super 1...

Page 202: ...currently set to OPNS Server OPNS service name The service to be used during OPNS negotiations which is different to the service used for transactions This parameter is supplied by Datawire and will u...

Page 203: ...tically attempt to negotiate a PUK with the OPNS server Enable debug output When this parameter is set to Yes debug information about the VXN task is routed to the debug port Using Text Commands To co...

Page 204: ...Reset XOT PVC if Responder When this parameter is set to On the unit is responsible for resetting the links on XOT PVC links when it is the responder The default for this parameter is Off Include len...

Page 205: ...stead of an NUI to determine the destination of a call then the NUI Mappings table can be used to convert an NUI to an NUA If a TPAD call specifies a call in which the NUI matches an entry the call ac...

Page 206: ...and in the right column enter the appropriate command string excluding the ATD which is inserted automatically Using Text Commands From the command line the macro command may be used to define CALL ma...

Page 207: ...cted until the corresponding X 25 call is answered The incoming TCP socket will trigger the corresponding X 25 call and if this call is being switched out then the TCP socket will not be answered unti...

Page 208: ...ollowing command ipx25 n parameter value The parameters and values are Parameter Values Equivalent Web Parameter cnf_mode off on Confirm Mode ip_port number IP Port iphdr off on IP length header nb_li...

Page 209: ...e when an X 25 call is received with either the NUA having 1234 followed by any 2 digits or a call being received with call user data with any 4 characters followed by aa then the call is switched to...

Page 210: ...PD 2 LAPB 0 3 LAPB 1 4 XOT 5 LAPD X actual instance determined by NUA 6 LAPB 0 PVC 7 LAPB 1 PVC 8 XOT PVC 9 TCP stream 10 UDP stream For example to set up table row 2 from the example you would enter...

Page 211: ...f this feature is to allow non PAD terminals to use an X 25 PAD network connection X 25 call macros are set up in the Configure X25 Macros web page or by using the macro text command Default packet si...

Page 212: ...these out of the X 25 call request This can be extremely useful in backup scenarios Consider the following example the unit is configured to do online authorisations via the ISDN Dchannel and to fall...

Page 213: ...ture select the Off option Data trigger This parameter specifies a string which if it appears in the received data causes a Data Trigger 47 event to be generated and recorded in the event log Inactivi...

Page 214: ...st off on Restarts inactevent number Inactivity Event Time s inacttim number Inactivity timeout s Ip_port Number IP Stream port ip_stream off on IP Stream mode iphdr off on IP length header l2iface la...

Page 215: ...enter it twice The first instance returns you to the PAD prompt the second resumes the call and transmits the character to the remote system Option Description 0 Disabled 1 PAD recall character is CTR...

Page 216: ...gnals enabled 4 PAD prompt enabled signals disabled 5 PAD prompt and signals enabled 4 91 7 7 Action on Break from DTE This parameter determines the action taken by the PAD on receipt of a break signa...

Page 217: ...NUL ASCII 0 that are sent after each CR to create such a delay Option Description 0 No padding characters after CR 1 255 Number of padding characters NUL sent after CR 4 91 10 10 Line Folding Controls...

Page 218: ...iting functions provided are character delete line delete and line re display The editing characters are defined by parameters 16 17 and 18 In addition parameter 19 determines which messages are issue...

Page 219: ...ow many line feeds are sent to the terminal before output is halted on a page wait condition In other words it defines the page length for paged mode output A page wait condition is cleared when the P...

Page 220: ...source IP address interface This parameter specifies the source if the IP address for XOT calls It can be set to Auto ETH or PPP XOT source IP address interface If the XOT source address interface is...

Page 221: ...command in the form pvc instance where instance is 0 3 To change the value of a parameter use the command in the form pvc instance parameter value The parameters and values are Parameter Values Equiva...

Page 222: ...d up from an XOT PVC connection TCP stream Data will be switched from backed up from a TCP socket The socket s IP address will be determined from the IP stream port setting UDP stream This is similar...

Page 223: ...determined that the outgoing interface is not LAPD it checks if the outgoing interface is LAPB If it is it then checks to see if the Called NUA field in the call packet matches the LAPB 0 NUA paramet...

Page 224: ...er may be used to specify an alternative interface to switch the X 25 call to Any of the other interfaces may be chosen or None If None is chosen then no backup call will be attempted Backup from LAPD...

Page 225: ...D channel LCN direction This parameter determines whether the LCN used for outgoing X 25 calls on LAPD is incremented or decremented from the starting value LAPD Max VCs This parameter sets the maximu...

Page 226: ...nnection is initiated automatically within the router and so does not originate from the local subnet LAN segment to which the unit is attached via the Ethernet interface However this means that if yo...

Page 227: ...session is capable of answering and terminating the call in preference to the call being switched This means that the PAD s Answering NUA parameters should be left blank to ensure that the unit s PADs...

Page 228: ...1 0 2 4 10 12 15 see below Backup from LAPB 1 to bufrlapb2 0 10 13 see below Backup from LAPB 2 to bufrlapd 0 2 10 12 15 see below Backup from LAPD to bufrxot 0 3 5 10 12 15 see below Backup from XOT...

Page 229: ...C to swfrlapb1 0 2 4 10 12 15 see below Switch from LAPB 1 to swfrlapb1pvc 0 6 8 10 12 15 see below Switch from LAPB 1 PVC to swfrlapb2 0 10 13 15 see below Switch from LAPB 2 to swfrlapb2pvc 0 10 12...

Page 230: ...ap instance parameter value The parameters and values are Parameter Values Equivalent web parameter cudfrom number CUD In cudto number CUD Out Interface 0 1 2 3 4 12 Interface 0 Any 1 LAPD 2 LAPB 0 3...

Page 231: ...called CONFIG DA0 and CONFIG DA1 This allows two different sets of configuration information to be stored using the Save option in the directory tree at the left of the web interface or by using the...

Page 232: ...otocol instance click on the appropriate symbol to expand the required branch and then select the specific instance you require For example to display the statistics for X 25 PAD 0 click on the symbol...

Page 233: ...yser trace from the command line use the type command to list the ANA TXT pseudo file type ana txt 6 2 Status DHCP Server The Status DHCP Server page displays a table of IP addresses leased by the DHC...

Page 234: ...on number for each module Using Text Commands From the command line the firmware versions can be listed using either ATI5 or id 6 6 Status GPRS Module The Status GPRS Module page displays information...

Page 235: ...s includes Longitude The current longitude contained in the last GGA GLL or RMC message from the GPS receiver module Latitude The current latitude contained in the last GGA GLL or RMC message from the...

Page 236: ...th an incorrect length Bad Checksum Number of IGMP packets received with an incorrect checksum RX Bad Queries Number of bad query packets received RX Bad Reports Number of bad report packets received...

Page 237: ...UA The User is the PAD or TPAD instance that is using the session The Link identifies the layer 2 protocol either LAPB or LAPD The Mode identifies whether the call is outgoing OUT or incoming IN Using...

Page 238: ...ommand described below is used to display a list of the currently stored files A typical file directory will include the following files Filename Description ana txt Pseudo file for Protocol Analyser...

Page 239: ...ry may only be updated several seconds after a particular file operation has been carried out 7 2 4 MOVE Move File The move command is used to replace one file with another whilst retaining the origin...

Page 240: ...MODEM file upload from the port at which the command is entered The format is xmodem filename where filename is the name under which the file will be saved when the upload is complete After entering t...

Page 241: ...at etc should also be configured as necessary 8 2 Initiating a V 120 Call Once the initial configuration is complete V 120 calls may be initiated using the appropriate ATD command For example atd01234...

Page 242: ...on other ASY ports This can be done by disabling answering for the other ports protocols or by using the MSN and or Sub address parameters to selectively answer calls to different telephone numbers u...

Page 243: ...ub address parameters being set to their default values An Adapt instance is bound to an asynchronous serial port ASY and the answer ring count S0 for that serial port is set to 1 A LAPB instance has...

Page 244: ...ce will answer when either of the numbers are called However if the ISDN number dialled is 123456 and 456 is entered into the MSN parameter of PPP then PPP will answer instead This will also have the...

Page 245: ...nterface conforms to the X 3 X 28 and X 29 standards Up to six PAD instances from an available pool of 8 can be created and dynamically assigned to the asynchronous serial ports or the REM pseudo port...

Page 246: ...es to be requested in the call separated by commas terminated with a dash address is the destination network address user data is any optional user data to be included with the call The facility codes...

Page 247: ...nd a window size of 2 The user or system then has 15 seconds in which to pass up to 124 bytes of data to the PAD to be included in the clear indication packet that is sent in response to the call The...

Page 248: ...y the network or by the remote host the unit returns a diagnostic message before the NO CARRIER result code Messages may be numeric or verbose depending on the setting of the ATV command The following...

Page 249: ...ity has been cleared 88 Incompatible destination 90 Destination address missing or incomplete 91 Invalid transit network selection 95 Invalid message unspecified 96 Mandatory information element is mi...

Page 250: ...cannot be routed as requested RNA 25 reverse charging not allowed ID 33 incompatible destination FNA 41 fast select not allowed SA 57 ship cannot be contacted If an unknown reason code is received the...

Page 251: ...table Parameter Profile 50 51 90 91 1 1 0 1 0 2 0 0 1 0 3 0 0 126 0 4 5 5 0 20 5 0 3 1 0 6 5 5 1 0 7 0 8 2 2 8 0 0 0 0 9 0 0 0 0 10 0 0 0 0 11 15 15 15 15 12 0 3 1 0 13 0 0 0 0 14 0 0 0 0 15 0 0 0 0...

Page 252: ...4 12 SET Set Local X 3 Parameters SET is used to set one or more of the local X 3 parameters for the duration of the current session The format of the command is SET par value par value par value 10 4...

Page 253: ...s on the following pages Standard Page As a minimum requirement the Username and Password parameters should be initialised If necessary you may set the AODI Enabled parameter to Yes to configure the u...

Page 254: ...aphic protection The combination of these techniques is designed to ensure the integrity and confidentiality of the data transmission Put simply IPSec is about ensuring that only authorised users can...

Page 255: ...rdering generally use 128 bit encryption Note Data rates are the maximum that could be achieved but may be lower if other applications are running at the same time or small IP packet sizes are used 12...

Page 256: ...ablished two way secure link you can use it to establish some rules for further communication Before this gets any more complicated we ll assume that Westermo are a competent authority to issue certif...

Page 257: ...vided by the remote unit is used to find the correct certificate to use If the correct certificate is found the code then checks that it has been signed by one of the certificate authority certificate...

Page 258: ...can also be used to generate SNMP traps 13 2 Firewall Script Syntax A firewall must be individually configured to match the needs of authorised users and their applications On Westermo routers the ru...

Page 259: ...ersol The optional icmp code field can also be a decimal number representing the ICMP code of the return ICMP packet but if the icmp type is unreach then the code can also be one of the following pre...

Page 260: ...he FWLOG TXT file each time it processes a packet that matches the rule This log will normally detail the rule that was matched along with a summary of the packet contents If the log option is followe...

Page 261: ...Eroute 2 The oneroute option can be followed with the keyword any which will match if the packet is on any eroute routeto When the routeto option is specified and the firewall is processing a receive...

Page 262: ...nd may be specified in one of several ways The basic syntax is ip range all from ip object to ip object flags icmp where ip object is an IP address specification Full details of the syntax with exampl...

Page 263: ...n ip object is simply an IP address preceded by from or to For example to block all packets destined for address 10 1 2 98 the script rule would be block out from any to 10 1 2 98 An ip object can als...

Page 264: ...the Telnet server port 23 on IP address 10 1 2 63 will match this rule and further checking is prevented by the break end option The above example illustrates the comparison Other comparison methods s...

Page 265: ...onally followed by an exclamation mark and a second list of flags that the unit should check for being clear For example flags s a would test for the s flag being on and the a flag being off with all...

Page 266: ...o icmp from any to 10 1 2 0 24 icmp type echorep Both of these rules allow echo replies to come in from interface ppp 0 if they are addressed to our example local network address 10 1 2 In addition to...

Page 267: ...format inspect inspect state oos interface name logical name secs t secs c count d count r ping tcp secs secs rd x dt secs stat The field can be used on its own or with an optional oos Out Of Service...

Page 268: ...potential for a security breach has now been virtually eliminated because even if a hacker could time his attack perfectly he would still have to forge a response packet using the correct source addr...

Page 269: ...lowed in once an echo request has been sent out on that interface The moment that a valid echo reply comes back or there is a timeout echo replies will again be blocked Furthermore the full IP address...

Page 270: ...re When a recovery procedure is specified then after the oos timeout has expired instead of bringing the interface back into service immediately the link is tested first It is tested by either sending...

Page 271: ...the Stat Option The inspect state option can be used with the stat option The stat option will cause this firewall rule to record statistics associated with this firewall rule Transaction times counts...

Page 272: ...ol field in the IP packet This will be expanded to text as well for the well known protocols Src Port The value of the source port field in the TCP UDP header Dst Port The value of the source port fie...

Page 273: ...fied 2002 09 04 16 30 06User Info100 100 100 50Aug 15 16 31 59 arm 1140 IP Filter Filter Rule block return icmp unreach host unr in log syslog breakend on eth 0 proto tcp from any to 100 100 100 50 po...

Page 274: ...ur To do this use the c count option For example pass out break end on PPP 2 proto TCP from 10 1 1 1 to 10 1 2 1 port telnet flags S A inspect state oos 60 t 10 c 5 PPP 2 will now only be set OOS afte...

Page 275: ...l rule to include this option gives pass out break end on PPP 2 proto TCP from 10 1 1 1 to 10 1 2 1 port telnet flags S A inspect state oos 60 t 10 c 5 d 10 r tcp 120 10 rd 3 Now the interface will be...

Page 276: ...e FWLOG TXT file created as the result of a debug rule may be identified by the short description FW_DEBUG at the top of the log entry An example rule set using a debug rule debug in on ppp 2 proto tc...

Page 277: ...e connection launch the DUN If the remote unit is configured correctly with one of the PPP instances enabled for answering it will connect and the linked computers icon will appear in the Windows syst...

Page 278: ...iles as if they were in a normal Windows directory If you are using a specific FTP client program these operations may be carried out using menu options or buttons 14 3 2 FTP under DOS To use FTP unde...

Page 279: ...ed the message e g PPP 0 a reason code additional information such as an X 25 address or ISDN telephone number The specific events that generate a log entry are pre defined and cannot be altered These...

Page 280: ...all ISDN call control Calling party num 39 Starting Backup X 25 call X 25 n a 40 Watchdog had occurred Bootloader n a 41 Command returned error Command Command 42 V120 Disconnect V120 n a 43 LAPB Inac...

Page 281: ...blocks apply to all entries in the preceding EVENT block Each reason block starts with a line containing the text REASONS This is followed by a separate line for each reason code in the format reason...

Page 282: ...lls A further option for the ATD command for X 25 applications is to combine the ISDN call and the subsequent X 25 CALL in the same command To do this follow the telephone number with the symbol and t...

Page 283: ...c1 d2 k1 e1 q0 v1 S0 0 S2 43 S12 50 S31 3 S45 5 STORED PROFILE 1 c1 d2 k1 e1 q0 v1 S0 0 S2 43 S12 50 S31 3 S45 5 OK 16 7 W Write SREGS DAT The AT W command is used to save the current command and S re...

Page 284: ...r associated with that port will be dialled when the DTR signal for that port changes from Off to On i e DTR dialling can only be used with the number associated with the port to which the terminal is...

Page 285: ...terminals that generate large amounts of extraneous text If not ignored this text can cause many error messages to be generated by the router and may result in a communications failure To turn on thi...

Page 286: ...ngs n a S2 Escape character ASCII 43 0 255 S12 Escape delay ms 50 0 255 S15 Data forwarding timer ms 2 0 255 S23 Parity 0 none 1 odd or 2 even 0 0 2 S31 ASY interface speed refer to full description n...

Page 287: ...rwarding timer for the ASY port in multiples of 10ms The default data forwarding time is 20ms and in normal use this there should be no need to change this However setting S15 to 1 enables a special m...

Page 288: ...to detect 6 19 200 1 Reserved 7 9 600 2 Reserved 8 4 800 3 115 200 9 2 400 4 57 600 10 1 200 5 38 400 11 300 ats31 5 then change the speed of your terminal to 38 400bps before entering any more AT com...

Page 289: ...displays the specified configuration either 0 1 or c for the current configuration save saves the current settings as the specified configuration either 0 or 1 powerup sets the specified configuration...

Page 290: ...eepalive_time l port s port ok t telnet_mode The parameters are detailed in the following table The command can also be made to execute automatically on power up by using the cmd n autocmd cmd macro c...

Page 291: ...ied in the appropriate Eroute A similar effect can also be achieved by setting the parameter GP sockets use IP from interface Ethernet n in the Web interface on the Configure General page 19 2 TCPDIAL...

Page 292: ...r Clock RxC 17 n a n a Data Terminal Ready DTR 20 4 2 External Transmitter Clock ETC 24 n a n a A range of suitable adapters and cables are available from Westermo 20 2 X 21 Serial Port Connectors On...

Page 293: ...on the jumper settings must match the setting of the Clock source parameter configured on the Configure Sync ports page To change this you will need to open the unit by removing the four rubber feet a...

Page 294: ...DTR 20 20 DTR GND 7 7 GND RxC 17 17 RxC ETC 24 24 ETC N B Frame Ground is optional RS232 V 24 Straight Through Cable 25 9 pin This is normally the cable to use to connect a V 24 asynchronous terminal...

Page 295: ...outer to an external asynchronous modem Signal RJ45 Pin 9 way Pin Signal TxD 6 2 RxD RxD 3 3 TxD RTS 1 8 CTS DCD 7 4 DTR CTS 8 7 RTS DTR 2 1 DCD GND 5 5 GND X 21 Straight Through Cable 25 15 pin This...

Page 296: ...o to an X 21 leased line Signal 25 Pin Westermo DCE 15 Pin DCE Signal Frame Ground Case 1 1 Frame Ground Case RxDA 2 2 TxDA RXDB 3 9 TxDB TxDA 4 4 RxDA TxDB 5 11 RXDB INDB 6 10 CTLB GND 7 8 GND CTLB 8...

Page 297: ...EVENTS 83 FTP Client Req By e to c REASONS 1 Retry EVENTS 84 FTP Client Session Closed REASONS 1 Normal closure 2 Socket closed 3 No socket ID available 4 No connection to remote 5 No stored confirmat...

Page 298: ...ckup X25 Call 41 0 CMD a Error Result c 42 0 V120 a Disconnect 43 0 LAPB a Inactivity Timer 44 0 Warning Req a bios buffers 45 0 IP Act_Rq to e a s c 46 0 DNS Query on c 47 0 e a Data Trigger c 48 0 A...

Page 299: ...5 0 e a Orderly Shutdown 81 0 V110 User Rate c EVENTS 67 0 TPAD a TID change c REASONS 01 Login02 Ready 03 Abort 04 Conflict Removal EVENTS 05 0 e a down REASONS 01 Inactivity 02 Remote disconnect 03...

Page 300: ...NULL template 03 Recd unexpected data 04 No Destination Address EVENTS 20 2 SMTP err REASONS 01 No connection 02 Socket err 03 Link err EVENTS 28 0 e a X25 call cleared REASONS 01 Busy 09 Out of order...

Page 301: ...ceeded EVENTS 76 0 e a Resetting Modem REASONS 01 Requested by user 02 No response to commands 03 CTRL E heartbeat stopped 04 Modem enabled or disabled EVENTS 79 0 e a Open Failed REASONS 05 Incompati...

Page 302: ...EVENTS 91 IKE Negotiation Failed REASONS 1 Retries Exceeded 2 Inactivity 3 Bad Packet 4 No SA Found 5 No Transform Selected 6 No Password Available c 7 Rx Key Exchange Failed 8 Rx Nonce Failed 9 Rx ID...

Page 303: ...456 123 co uk abc def co uk From The From field is normally used to supply the email address of the sending unit but alternatively you may enter a simple string For example From IR2140 Subject The Sub...

Page 304: ...vent that caused the email transmission Smtpid Inserts the unit ID for this device as configured by the unit identity field in the Configure General web page or the cmd 0 unitid text command pppip ins...

Page 305: ...e Authority CHAP Challenge Handshake Authentication Protocol CLI Calling Line Identification or Command Line Interface CTS Clear To Send CUD Call User Data CUG Call User Group D DCE Data Communication...

Page 306: ...ity Association and Key Management Protocol ISDN Integrated Services Digital Network L L2TP Layer 2 Tunnelling Protocol LAN Local Area Network LAPB Link Access Procedure Balanced LAPD Link Access Prot...

Page 307: ...hone Network PUK Power Up Key PVC Permanent Virtual Circuit Q QOS Quality Of Service R RADIUS Remote Authentication Dial In User Service RIP Routing Information Protocol RTS Request To Send S SA Secur...

Page 308: ...PAD Transaction Packet Assembler Disassembler U UDP User Datagram Protocol UMTS Universal Mobile Telecommunications System V VLAN Virtual Local Area Network VPN Virtual Private Network VRRP Virtual Ro...

Page 309: ......

Page 310: ......

Page 311: ......

Page 312: ...80 01 info westermo se Westermo OnTime AS Gladsvei 20 0489 Oslo Norway Phone 47 22 09 03 03 Fax 47 22 09 03 10 E mail contact ontimenet com Westermo Data Communications Ltd Talisman Business Centre D...

Reviews:

No comments

Related manuals for DR-200

Edge-Core SDW100 Quick Start Manual preview
SDW100
Brand: Edge-Core Pages: 7
NetComm 3GM1WN Quick Start Manual preview
3GM1WN
Brand: NetComm Pages: 3
Juniper MX2010 Hardware Manual preview
MX2010
Brand: Juniper Pages: 825
Aewin Technologies SCB-9651 User Manual preview
SCB-9651
Brand: Aewin Technologies Pages: 86
Leviton IPHS5-1LW Product Bulletin preview
IPHS5-1LW
Brand: Leviton Pages: 4
Hunter Pro-C Series Programming Instructions preview
Pro-C Series
Brand: Hunter Pages: 2
Rosco ND100 User Manual preview
ND100
Brand: Rosco Pages: 20
Oracle Acme Packet 3900 Hardware Installation And Maintenance Manual preview
Acme Packet 3900
Brand: Oracle Pages: 70
Steren COM-840 Instruction Manual preview
COM-840
Brand: Steren Pages: 130
PC Concepts Full-Rated Router ADSL2+ User Manual preview
Full-Rated Router ADSL2+
Brand: PC Concepts Pages: 104
Echelon 42150 User Manual preview
42150
Brand: Echelon Pages: 99
Vivotek ND9312 User Manual preview
ND9312
Brand: Vivotek Pages: 185
ratiotec CONNECT Box Pro Instruction Manual preview
CONNECT Box Pro
Brand: ratiotec Pages: 12
Comtrend Corporation CT-510 User Manual preview
CT-510
Brand: Comtrend Corporation Pages: 69
Sarian Systems DR 6410 Installation Manual preview
DR 6410
Brand: Sarian Systems Pages: 9
Billion BiPAC 7404V series User Manual preview
BiPAC 7404V series
Brand: Billion Pages: 165
Johnson Controls Intelligent Fire Integrator 4WRMB Installation & Operation Manual preview
Intelligent Fire Integrator 4WRMB
Brand: Johnson Controls Pages: 70
Asus RT-AC56U User Manual preview
RT-AC56U
Brand: Asus Pages: 30

Brands by name

Popular brands

Load more brands