manualshive.com logo in svg

FireBrick FB6602, Руководство пользователя

Поделиться
Скачать
FireBrick FB6602 Скачать руководство пользователя страница 66

51

Chapter 11. Tunnels

The FB6000 supports the following tunnelling protocols :-

• FB105 lightweight tunnelling protocol

• L2TP

Support for FB105 tunnels means the FB6000 can inter-work with existing FB105 hardware, and with FB2x00
devices.

11.1. FB105 tunnels

The FB105 tunnelling protocol is a FireBrick proprietary protocol that was first implemented in the FireBrick
FB105 device, and is popular with FB105 users for setting up VPNs etc. It is 'lightweight' in as much as it
is relatively simple, with low overhead and easy setup, but it does not currently offer encryption. Although
encryption is not available, the protocol does digitally sign packets, so that tunnel end-points can be confident
that the traffic originated from another 'trusted' end-point. Where it matters, encryption can be utilised via secure
protocols such as HTTPS or SSH over the tunnel.

The protocol supports multiple simultaneous tunnels to/from an end-point device, and Local Tunnel ID values
are used on an end-point device to identify each tunnel. The 'scope' of the Local ID is restricted to a single end-
point device - as such, the tunnel itself does not possess a (single) ID value, and is instead identified by the
Local IDs in use at both ends, which may well differ.

11.1.1. Tunnel wrapper packets

The protocol works by wrapping a complete IP packet in a UDP packet, with the destination port number of the
UDP packet defaulting to 1, but which can be set to any other port number if required. These UDP packets are
referred to as the 'tunnel wrappers', and include the digital signature. As with any other UDP traffic originating
at the FB6000, the tunnel wrappers are then encapsulated in an IP packet and sent to the IP address of the far-
end tunnel end-point. The IP packet that is contained in a tunnel wrapper packet is referred to as the 'tunnel
payload', and IP addresses in the payload packet are not involved in any routing decisions until the payload
is 'unwrapped' at the far-end.

Payload packet traffic is sent down a tunnel if the FB6000's routing logic determines that tunnel is the routing
target for the traffic. Refer to Chapter 7 for discussion of the routing processes used in the FB6000. Often, a
dynamic route is specified in the tunnel definition, such that traffic to a certain range of IP addresses (or possibly
all IP addresses, for a default route) is routed down the tunnel when it is in the Up state - see Section 11.1.4
for details.

Tip

Payload IP addressing is not restricted to RFC1918 private IP address space, and so FB105 tunnels
can be used to transport public IP address traffic too. This is ideal where you want to provide public
IP addresses to a network, but it is either impossible to route the addresses directly to the network -
e.g. it is behind a NAT'ing router, or is connected via networks (e.g. a 3rd party ISP) that you have no
control over - or you wish to benefit from having 'portable' public IP addresses e.g. you can physically
relocate a tunnel end-point FB6000 such that it is using different WAN connectivity, yet still have the
same public IP address block routed to an attached network.

11.1.2. Setting up a tunnel

You define a tunnel by creating an 

fb105

 top-level object. In the web User Interface, these objects are created

and managed under the "Tunnels" category, in the section headed "FB105 tunnel settings".

Содержание FB6602

Страница 1: ...FireBrick FB6602 User Manual FB6000 Versatile Network Appliance...

Страница 2: ......

Страница 3: ...FireBrick FB6602 User Manual This User Manual documents Software version V1 24 093 Copyright 2012 2013 FireBrick Ltd...

Страница 4: ...he Object Hierarchy 10 3 2 The Object Model 10 3 2 1 Formal definition of the object model 11 3 2 2 Common attributes 11 3 3 Configuration Methods 11 3 4 Web User Interface Overview 11 3 4 1 User Inte...

Страница 5: ...xternal destinations 29 5 3 1 Syslog 29 5 3 2 Email 30 5 3 2 1 E mail process logging 31 5 4 Factory reset configuration log targets 31 5 5 Performance 31 5 6 Viewing logs 31 5 6 1 Viewing logs in the...

Страница 6: ...g 50 10 2 2 4 Speed and graphs 50 11 Tunnels 51 11 1 FB105 tunnels 51 11 1 1 Tunnel wrapper packets 51 11 1 2 Setting up a tunnel 51 11 1 3 Viewing tunnel status 52 11 1 4 Dynamic routes 52 11 1 5 Tun...

Страница 7: ...6 Relaying L2TP connections 67 16 7 RADIUS Authentication and Accounting 67 16 8 RADIUS Control messages 67 16 9 Outgoing L2TP connections 68 17 Command Line Interface 69 A Factory Reset Procedure 70...

Страница 8: ...on 92 G 1 10 Load XML configuration 92 G 1 11 Show profile status 92 G 1 12 Show RADIUS servers 92 G 1 13 Show DNS resolvers 92 G 2 Networking commands 92 G 2 1 Subnets 92 G 2 2 Ping and trace 93 G 2...

Страница 9: ...settings 109 H 2 22 vrrp VRRP settings 110 H 2 23 dhcps DHCP server settings 111 H 2 24 dhcp attr hex DHCP server attributes hex 111 H 2 25 dhcp attr string DHCP server attributes string 112 H 2 26 d...

Страница 10: ...inkSpeed Physical port speed 130 H 3 13 LinkDuplex Physical port duplex setting 130 H 3 14 LinkFlow Physical port flow control setting 131 H 3 15 LinkClock Physical port Gigabit clock master slave set...

Страница 11: ...Icons for layout controls 13 3 3 Icons for configuration categories 13 3 4 The Setup category 14 3 5 Editing an Interface object 14 3 6 Show hidden attributes 15 3 7 Attribute definitions 15 3 8 Navig...

Страница 12: ...2 List of system services 55 13 1 Packet dump parameters 60 13 2 Packet types that can be captured 61 C 1 DHCP client names used 75 E 1 SCCRQ 77 E 2 SCCRP 77 E 3 SCCCN 78 E 4 StopCCN 78 E 5 HELLO 78...

Страница 13: ...p attr ip Attributes 112 H 36 pppoe Attributes 113 H 37 pppoe Elements 114 H 38 ppp route Attributes 114 H 39 ggsn Attributes 114 H 40 route Attributes 115 H 41 network Attributes 115 H 42 blackhole A...

Страница 14: ...uplex setting 130 H 79 LinkFlow Physical port flow control setting 131 H 80 LinkClock Physical port Gigabit clock master slave setting 131 H 81 LinkLED y Yellow LED setting 131 H 82 LinkLED g Green LE...

Страница 15: ...ware and ensures FireBrick are able to maximise performance from the hardware and maintain exceptional levels of quality and reliability The result is a product that has the feature set performance an...

Страница 16: ...ory The procedure requires physical access to the FB6000 and can be applied if you have made configuration changes that have resulted in loss of access to the web user interface or any other situation...

Страница 17: ...IEEE 802 1Q VLANs ideal for using the FB6000 with VLAN capable network switches In this case a single physical connection can be made between a VLAN capable switch and the FB6000 and with the switch...

Страница 18: ...all FireBrick customers 1 2 3 Technical details There are a number of useful technical details included in the apendices These are intended to be a reference guild for key features 1 2 4 Document styl...

Страница 19: ...k FireBrick provide extensive training and support to resellers and you will find them experts in Firebrick products However before contacting them please ensure you have upgraded your FB6000 to the l...

Страница 20: ...readers regarding networking protocols common best practice and real world issues encountered 1 3 5 Training Courses FireBrick provide training courses for the FB2x00 series products and also training...

Страница 21: ...your LAN and it will get an address Port 4 is configured by default not to give out any addresses and as such it should not interfere with your existing network You would need to check your DHCP serve...

Страница 22: ...age for managing the configuration 2 2 1 Add a new user You now need to add a new user with a password in order to gain full access to the FireBrick s user interface Click on the Users icon then click...

Страница 23: ...erface To do that tick the checkbox next to timeout and enter an appropriate value as minutes colon and seconds e g 15 00 for 15 minutes Click on the Save button near the top of the screen which will...

Страница 24: ...ername and password you chose We recommend you read Chapter 3 to understand the design of the FB6000 s user interface and then start working with your FB6000 s factory reset configuration Once you are...

Страница 25: ...up of child objects and may also contribute to defining the detailed behaviour of the group define a context for an object for example an object used to define a locally attached subnet is a child of...

Страница 26: ...figuration methods web based graphical User Interface accessed using a supported web browser an XML eXtensible Markup Language file representing the entire object hierarchy editable via the web interf...

Страница 27: ...ooter area at the bottom of the page containing layout control icons and showing the current software version the remaining page area contains the content for the selected part of the user interface F...

Страница 28: ...fig pages and the object hierarchy The structure of the config pages mirrors the object hierachy and therefore they are themselves naturally hierachical Your postition in the hierachy is illustrated i...

Страница 29: ...object of that type and such an object already exists The existing object may have originated from the factory reset configuration You can push down into the hierarchy by clicking the Edit link in a...

Страница 30: ...sting technical support and expect technical support staff to discuss your configuration primarily in terms of attribute and object element names rather than descriptive text or physical location on y...

Страница 31: ...t to using the Add link one level up in the hierarchy Erase deletes the object being edited note that the object will not actually be erased until the configuration is saved Help browses to the online...

Страница 32: ...e compact self closing tag A self closing tag is the same as a start tag but ends with and then has no content or end tag Since the and characters have special meaning there are special escape charact...

Страница 33: ...as you might expect read only and so is safe in as much as you can t accidentally change the configuration 3 5 4 Example XML configuration An example of a simple but complete XML configuration is show...

Страница 34: ...nterface with one subnet and a DHCP allocation pool see Chapter 6 3 6 Downloading Uploading the configuration The XML file may be retrieved from the FireBrick or uploaded to the FireBrick using HTTP t...

Страница 35: ...lti part form data An example of doing this using curl run on a Linux box is shown below curl http FB6000 IP address or DNS name config config user username password form config filename 3 1 IP addres...

Страница 36: ...nk to add a user To delete a user click the appropriate Edit link then click the Erase button in the navigation controls see Figure 3 8 As with any such object erase operation the object will not actu...

Страница 37: ...ranted full access so for ADMIN or DEBUG level user s the default of full is suitable Table 4 2 Configuration access levels Level Description none No access unless explicitly listed view View only acc...

Страница 38: ...and so we recommend you set the hostname to something appropriate for your network The hostname is set using the name attribute 4 2 2 Administrative details The attributes shown in Table 4 3 allow you...

Страница 39: ...he FB6000 reboots very quickly and in many cases users will be generally unaware of the event You can also use a profile to restrict when software upgrades may occur for example you could ensure they...

Страница 40: ...in software application version is shown next to the word Software e g Software FB2700 Hermia V1 07 001 2011 11 15T10 22 48 The software version is also displayed in the right hand side of the footer...

Страница 41: ...upgrades are attempted see Chapter 8 for details on profiles The current setting of sw update in descriptive form can be seen on the main Status page adjacent to the word Upgrade as shown in Figure 4...

Страница 42: ...ssibly hardware fault Flashing with approximately 1 second period Bootloader running waiting for network connection On Main application software running After power up the normal power LED indication...

Страница 43: ...erface or command line which can show the history in the buffer and then follow the log in real time even when viewing via a web browser with some exceptions see Section 5 6 1 In some cases it is esse...

Страница 44: ...nly used when diagnosing a problem Debug logging can be a lot of information for example in some cases whole packets are logged e g PPP It is generally best only to use debug logging when needed 5 3 L...

Страница 45: ...r sending an e mail before sending another Having a hold off period means you don t get an excessive number of e mails since the logging system is initially storing event messages in RAM the e mail th...

Страница 46: ...has not been deleted you can therefore simply set log default on any appropriate object to immediately enable logging to this default log target which can then be viewed from the web User Interface or...

Страница 47: ...t attribute Event types log General system events log debug System debug messages log error System error messages log eth General Ethernet hardware messages log eth debug Ethernet hardware debug messa...

Страница 48: ...port groups can be defined with each group comprising a set of one or more physical ports that doesn t overlap with any other group The ports within the group work as a conventional Ethernet switch di...

Страница 49: ...effectively expand the number of distinct physical interfaces with the upper limit on number being determined by switch capabilities or by inherent IEEE 802 1Q VLAN or FB6000 MAC address block size A...

Страница 50: ...objects Zero or more DHCP server settings objects Zero or more Virtual Router Redundancy Protocol VRRP settings objects refer to Chapter 14 6 3 1 Defining subnets Each interface can have one or more...

Страница 51: ...net is configured via DHCP In its simplest form a DHCP configured subnet is created by the following XML subnet 6 3 2 Setting up DHCP server parameters The FB6000 can act as a DHCP server to dynamical...

Страница 52: ...d allocations In addition to specifying a full 48 bit 12 hexadecimal character MAC address in a dhcp object it is also possible to specify part of a MAC address specifically some number of leading byt...

Страница 53: ...tiation is enabled the FB6000 port will normally advertise that it is capable of link speeds of 10Mb s 100Mb s or 1Gb s if you have reason to restrict the possible link speed to one of these values yo...

Страница 54: ...ions detected Tx Blink on when Transmit activity Default for Yellow LED Rx Blink on when Receive activity Off Permanently off On Permanently on Link On when link up Link1000 On when link up at 1Gbit s...

Страница 55: ...ion may be a single IP address in which case it is a 32 in CIDR notation for IPv4 A routing destination may encompass the entire IPv4 or IPv6 address space written as 0 0 0 0 0 for IPv4 or 0 for IPv6...

Страница 56: ...also have a gateway specified either in the config or by DHCP or RA This gateway is just like creating a route to 0 0 0 0 0 or 0 as a specific route configuration It is mainly associated with the subn...

Страница 57: ...es to subnets on Ethernet interfaces do not support this functionality This can be useful where a link such as PPPoE is defined with a given localpref value and a separate route is defined with a lowe...

Страница 58: ...me complex profile logic to be defined that determines a final profile state from several conditions By combining profiles with the FB6000 s event logging facilities they can also be used for automate...

Страница 59: ...by date and or time objects which are child objects of the profile object You can define multiple date ranges via multiple date objects the date test will pass if the current date is within any of th...

Страница 60: ...Profiles 45 profile name Off set false profile name On set true...

Страница 61: ...d interface name LAN port LAN graph LAN The graph is viewable directly as a PNG image from the FB6000 via the web User Interface to view a graph click the PNG item in the Graphs menu This will display...

Страница 62: ...low s by creating a shaper top level object To create or edit a shaper object in the web User Interface first click on the Shape category icon To create a new object click the Add link To edit an exis...

Страница 63: ...h services that are available in other countries 10 1 Types of DSL line and router in the United Kingdom In the UK there are various types of DSL line and router than can be used Any device that suppo...

Страница 64: ...e a number of additional options see below but for most configurations this is all you need It causes the FB6000 to connect and set a default route for internet access via the PPP link 10 2 1 IPv6 If...

Страница 65: ...me if you wanted to 10 2 2 3 Logging The PPP connection status and PPP negotiation can be logged by setting the log attribute to a valid log target This can be useful for debugging 10 2 2 4 Speed and...

Страница 66: ...with any other UDP traffic originating at the FB6000 the tunnel wrappers are then encapsulated in an IP packet and sent to the IP address of the far end tunnel end point The IP packet that is containe...

Страница 67: ...e state The table row background colour is also used to indicate tunnel state with green for Up and red for Down Note that there is a third state that a tunnel can be in that is Up Down TBC confirm th...

Страница 68: ...the FB6000 to NAT traffic to the WAN the real source IP address of the traffic will be translated by the NAT process to one of the IP addresses used by the FB6000 When this NAT d traffic is carried vi...

Страница 69: ...the UDP port number that was the source port used in the outgoing wrapper packets If it does not then you will have to manually setup a port forwarding rule since there will have been no outbound pac...

Страница 70: ...rvice If a service object is not present the service is disabled Clicking on the Edit link next to the services object will take you to the lists of child objects Where a service object is not present...

Страница 71: ...an attack vector Access can be restricted using allow and local only controls as with any service If this allows access then a user can try and login However access can also be restricted on a per us...

Страница 72: ...s are given using a profile e g time of day 12 4 2 Local DNS responses Instead of blocking names you can also make some names return pre defined responses This is usually only used for special cases a...

Страница 73: ...service defaults to allowing access from anywhere The remaining SNMP service configuration attributes are community specifies the SNMP community name with a default of public port specifies the port...

Страница 74: ...penetration testing they are intended to aid understanding of FB6000 configuration assist in development of your configuration and for diagnosing problems with the behaviour of the FB6000 itself 13 1...

Страница 75: ...typically a command line client utility such as curl The output is streamed so that when used with curl and tcpdump you can monitor traffic in real time Limited filtering is provided by the FB6000 so...

Страница 76: ...ot specify any IP addresses then all packets are returned If you specify one IP address then all packets containing that IP address as source or destination are returned If you specify two IP addresse...

Страница 77: ...l if you are unable to determine a suitable timeout period and would like to run an ongoing capture which you stop manually This is achieved by specifying a very long duration and then interrupting ex...

Страница 78: ...s If the master fails a backup takes over and this process is transparent to other devices which do not need to be aware of the change The members of the group communicate with each other using multic...

Страница 79: ...then the master should have priority 255 Otherwise pick priorities from 1 to 254 It is usually sensible to space these out e g using 100 and 200 We suggest not setting priority 1 see profiles and test...

Страница 80: ...d both become master The FB6000 s VRRP Status page shows if VRRP2 or VRRP3 is in use and whether the FireBrick is master or not 14 5 Compatibility VRRP2 and VRRP3 are standard protocols and so the FB6...

Страница 81: ...his section of the manual is still in development Please see www firebrick co uk for technical notes 15 2 Using BGP in an ISP network Note This section of the manual is still in development Please see...

Страница 82: ...eering Note This section of the manual is still in development Please see www firebrick co uk for technical notes 16 4 The importance of CQM graphs Note This section of the manual is still in developm...

Страница 83: ...L2TP 68 16 9 Outgoing L2TP connections Note This section of the manual is still in development Please see www firebrick co uk for technical notes...

Страница 84: ...ssed command history memory the CLI remembers a number of previously typed commands and these can be recalled using the Up and Down cursor keys Once you ve located the required command you can edit it...

Страница 85: ...or any reason or any other situation where it is appropriate to start from scratch Disconnect all network and power leads Connect lead between far left and far right ports ports 1 and 4 Connect power...

Страница 86: ...revert to the existing saved configuration when next powered up or restarted It is also possible to recover the configuration stored in flash memory if you know an administrative username and password...

Страница 87: ...IDR The prefix notation introduced by CIDR was in the simplest sense to make explicit which bits in a 32 bit IPv4 address are interpreted as the network number or prefix associated with a site and whi...

Страница 88: ...IPv4 subnet on the LAN interface after factory reset is 10 0 0 1 24 the address of the FB6000 on this subnet is therefore 10 0 0 1 and the prefix length is 24 bits leaving 8 bits for host addresses o...

Страница 89: ...llocated to a specific FB6000 For information on how MAC addresses are used by the FB6000 please refer to this article on the FireBrick website http www firebrick co uk fb2700 mac php The label attach...

Страница 90: ...lue that depends on whether the system name is set on the FB6000 as shown in Table C 1 Refer to Section 4 2 1 for details on setting the system name Table C 1 DHCP client names used System name Client...

Страница 91: ...ach group from the others Where more than one switch is used with an uplink connection between switches VLAN tagging is used to multiplex packets from different VLANs across these single physical conn...

Страница 92: ...g RADIUS request Vendor Name 8 Ignored FireBrick Ltd Assigned Tunnel ID 9 Mandatory Mandatory our tunnel ID Receive Window Size 10 Accepted assumed 4 if not present or less than 4 is specified Value 4...

Страница 93: ...a tunnel has been allocated Note that a StopCCN may not have a zero tunnel ID in the header If this is the case the source IP port and assigned tunnel are used to identify the tunnel If an unknown tu...

Страница 94: ...if relaying Passed on incoming value Last Received LCP CONFREQ 28 Accepted used in RADIUS and passed on if relaying Passed on incoming value Proxy Authen Type 29 Accepted used in RADIUS and passed on...

Страница 95: ...Code 1 Ignored logged Sent as appropriate for tunnel close Q 931 Cause Code 12 Ignored Not sent Assigned Session ID 14 Expected see note Sent if assigned Note that a CDN may have a zero session ID in...

Страница 96: ...he internet when the broadband fully supports 1500 byte MTU This is also relevant where the FB6000 is deliberately configured to use a smaller MRU for example when the L2TP connection is remote via a...

Страница 97: ...received on L2TP Calling Station Id 31 Calling number as received on L2TP Acct Session Id 44 Unique ID for session as used on all following accounting records NAS Identifier 32 Configured hostname of...

Страница 98: ...used Framed IPv6 Prefix 97 IPv6 prefix to be routed to line Maximum localpref used Framed IPv6 Route 99 May appear more than once Text format is IPv6 Address Bits metric The target IP is ignored but...

Страница 99: ...in order to route native IPv6 prefixes to the line If there are any native IPv6 routes or the Framed IPv6 Interface attribute was specified then IPV6CP negotiation is started Framed IPv6 Route can al...

Страница 100: ...reBrick NAS IP Address 4 NAS IPv4 address if using IPv4 NAS IPv6 Address 95 NAS IPv6 address if using IPv6 NAS Port 5 L2TP session ID Tunnel Type 64 Present for relayed L2TP sessions L2TP Tunnel Mediu...

Страница 101: ...ium Type 65 Present for relayed L2TP 1 IPv4 or 2 IPv6 Tunnel Client Endpoint 66 Present for relayed L2TP text IPv4 or IPv6 address of our address on the outbound tunnel Tunnel Server Endpoint 67 Prese...

Страница 102: ...refix to be routed to line Maximum localpref used Framed IPv6 Prefix 97 IPv6 prefix to be routed to line Maximum locapref used Framed IPv6 Route 99 May appear more than once Text format is IPv6 Addres...

Страница 103: ...ance with the L2TP PPP RFCs This does not work on BT 21CN BRASs F Sets TCP MTU fix flag which causes the MTU option in TCP SYN to be adjusted if necessary to fit MTU f Sets no TCP MTU fix M Sets the c...

Страница 104: ...uired in the config At this point a further check is made for a configured relay which can now be based on a login if one was not present before RADIUS authentication is completed and if the response...

Страница 105: ...CUG defined 1 32768 which may be allow or restrict Interfaces port VLAN may also be defined in the same way A packet from an interface session with a CUG is tagged with that packet If the source is r...

Страница 106: ...uptime Shows how long since the FB6000 restarted G 1 4 General status show status Shows general status information including uptime who owns the FireBrick etc This is the same as the Status on the web...

Страница 107: ...ou can use the web interface and tools like curl to load configtations This command is provided as a last resort for emergency use so use with care G 1 11 Show profile status show profiles Shows profi...

Страница 108: ...le the reverse DNS name is shown next to replies but there is deliberately no delay waiting for DNS responses so you may find it useful to run a trace a second time as results from the first attempt w...

Страница 109: ...for a DHCP allocation overridding the clientname that was sent G 2 11 Show ARP ND status show arp show arp IPAddr Shows details of ARP and Neighbour discovery cache G 2 12 Show VRRP status show vrrp L...

Страница 110: ...use a meaningful string e g panic testing fallback confirm yes G 7 2 Reboot reboot unsignedInt hard confirm string A reboot is a more controlled shutdown and restart unlike the panic command The firs...

Страница 111: ...s configuration and so on Multiple copies are usually stored allowing you to delete a later version if needed and roll back to an older version G 7 8 Delete block from flash delete config unsignedInt...

Страница 112: ...ant Quality Monitoring config ethernet ethernet Optional unlimited Ethernet port settings ggsn ggsn Optional GTP GGSN settings interface interface Optional up to 8192 Ethernet interface port group vla...

Страница 113: ...tem errors log eth string Web console Log Ethernet messages log eth debug string Not logging Log Ethernet debug log eth error string Web Flash console Log Ethernet errors log panic string Web logs Log...

Страница 114: ...string Profile name source string Source of data used in automated config management table unsignedByte 0 99 routetable 0 Restrict login to specific routing table timeout duration 5 00 Login idle time...

Страница 115: ...s H 2 6 log email Email logger settings Logging to email Table H 10 log email Attributes Attribute Type Default Description comment string Comment delay duration 1 00 Delay before sending since first...

Страница 116: ...ettings The SNMP service has general service settings and also specific attributes for SNMP such as community Table H 12 snmp service Attributes Attribute Type Default Description allow List of IPName...

Страница 117: ...enum 25 Timezone 1 to 2 earliest date in month tz12 day day Sun Timezone 1 to 2 day of week of change tz12 month month Mar Timezone 1 to 2 month tz12 time time 01 00 00 Timezone 1 to 2 local time of c...

Страница 118: ...ly boolean false Restrict access to locally connected Ethernet subnets only log string Not logging Log events log debug string Not logging Log debug log error string Log as event Log errors port unsig...

Страница 119: ...ptional unlimited Fixed local DNS host entries H 2 13 dns host Fixed local DNS host settings DNS forwarding resolver service Table H 18 dns host Attributes Attribute Type Default Description comment s...

Страница 120: ...rt 3799 Control UDP port CoA DM dummy ip boolean true Send dummy framed IP response log string Not logging Log events log debug string Log debug log error string Log as event Log errors nsn conditiona...

Страница 121: ...atch Attributes Attribute Type Default Description allow List of IPNameRange Match source IP address of RADIUS request authenticator boolean Require message authenticator backup ip List of IPNameAddr...

Страница 122: ...is target to be valid deprecated tunnel assignment id string Tunnel Assignment ID to send tunnel client return boolean Return tunnel client as radius IP username List of string One or more patterns to...

Страница 123: ...d LinkSpeed auto Speed setting for this port yellow LinkLED y Tx Yellow LED setting H 2 19 portdef Port grouping and naming Port grouping and naming Table H 25 portdef Attributes Attribute Type Defaul...

Страница 124: ...Table H 27 interface Elements Element Type Instances Description dhcp dhcps Optional unlimited DHCP server settings subnet subnet Optional unlimited IP subnet on the interface vrrp vrrp Optional unli...

Страница 125: ...settings VRRP settings provide virtual router redundancy for the FireBrick Profile inactive does not disable vrrp but forces vrrp low priority Table H 29 vrrp Attributes Attribute Type Default Descri...

Страница 126: ...e 0 0 0 0 0 Address pool lease duration 2 00 00 Lease length log string Not logging Log events allocations mac List up to 12 hexBinary macprefix Partial or full MAC addresses name string Name ntp List...

Страница 127: ...requested id unsignedByte Not optional Attribute type code name string Name value string Not optional Value H 2 26 dhcp attr number DHCP server attributes numeric Additional DHCP server attributes num...

Страница 128: ...ds local IP4Addr Local IPv4 address localpref unsignedInt 4294967295 Localpref for route highest wins log string Not logging Log events log debug string Not logging Log debug log error string Not logg...

Страница 129: ...ce of data used in automated config management H 2 30 ggsn GTP GGSN settings GTP GGSN settings Table H 39 ggsn Attributes Attribute Type Default Description allow List of IPNameRange List of IP ranges...

Страница 130: ...network highest wins name string Name profile string Profile name source string Source of data used in automated config management speed unsignedInt Egress rate limit b s table unsignedByte 0 99 route...

Страница 131: ...dresses define local IP addresses Table H 43 loopback Attributes Attribute Type Default Description bgp bgpmode BGP announce mode for routes comment string Comment ip List of IPAddr Not optional One o...

Страница 132: ...olely the peers AS allow own as boolean Allow our AS inbound as unsignedInt Peer AS capability as4 boolean true If supporting AS4 capability graceful restart boolean true If supporting Graceful Restar...

Страница 133: ...the neighbour ttl security byte Enable RFC5082 TTL security if ve 1 to 127 i e 1 for adjacent router If ve 1 to 128 set forced sending TTL i e 1 for TTL of 1 sending and not checking type peertype no...

Страница 134: ...is rule applies to source string Source of data used in automated config management tag List of Community List of community tags to add H 2 39 cqm Constant Quality Monitoring settings Constant quality...

Страница 135: ...nt string Sent Label for seconds polled label shaper string Shaper Label for shaper label time string Time Label for time label traffic string Traffic bit s Label for traffic level label tx string Tx...

Страница 136: ...l2tp Attributes Attribute Type Default Description accounting interval duration 1 00 00 Periodic interim accounting interval Table H 53 l2tp Elements Element Type Instances Description incoming l2tp...

Страница 137: ...unsignedByte 0 99 routetable 0 Routing table number for payload traffic pppdns1 IP4Addr PPP DNS1 IPv4 default pppdns2 IP4Addr PPP DNS2 IPv4 default pppip IP4Addr Local end PPP IPv4 profile string Prof...

Страница 138: ...for remote ip routes highest wins name string Name password Secret Password check profile string Profile name relay hostname string Hostname for L2TP connection relay ip List of IPAddr Target IP s for...

Страница 139: ...are up recover duration 1 Time before recover i e how long test has been passing route List of IPAddr Test passes if all specified addresses are routeable set boolean Manual override ignore ALL other...

Страница 140: ...re pingable Ping targets Table H 61 profile ping Attributes Attribute Type Default Description flow unsignedShort Flow label IPv6 gateway IPAddr Ping via specific gateway bypasses session tracking if...

Страница 141: ...ffic shaper Table H 64 shaper override Attributes Attribute Type Default Description comment string Comment profile string Not optional Profile name rx unsignedInt Rx rate limit target b s rx max unsi...

Страница 142: ...s Type of access user has to config Table H 67 config access Type of access user has to config Value Description none No access unless explicitly listed view View only access no passwords read Read on...

Страница 143: ...syslog facility Syslog facility Syslog facility usually used to control which log file the syslog is written to Table H 70 syslog facility Syslog facility Value Description KERN Kernel messages USER...

Страница 144: ...H 72 day Day name 3 letter Value Description Sun Sunday Mon Monday Tue Tuesday Wed Wednesday Thu Thursday Fri Friday Sat Saturday H 3 8 radiuspriority Options for controlling platform RADIUS response...

Страница 145: ...H 75 port Physical port Value Description 0 Port 0 left 1 Port 1 right H 3 11 Crossover Crossover configuration Physical port crossover configuration Table H 76 Crossover Crossover configuration Valu...

Страница 146: ...ster status negotiated preference for master prefer slave Master status negotiated preference for slave force master Master status forced force slave Slave status forced H 3 16 LinkLED y Yellow LED se...

Страница 147: ...e IPv6 route announce level IPv6 route announcement mode and level Table H 85 ramode IPv6 route announce level Value Description false Do not announce low Announce as low priority medium Announce as m...

Страница 148: ...PPPoE client connects to access controller bras l2tp PPPoE server mode linked to L2TP operation H 3 24 ggsn calling Calling number options for GGSN Table H 89 ggsn calling Calling number options for...

Страница 149: ...rate EBGP confederate ixp Internet exchange point peer on route server H 4 Basic types Table H 93 Basic data types Type Description string text string hexBinary hex coded binary data integer integer 2...

Страница 150: ...ip6list List of IPv6 addresses IP6Addr mtu Max transmission unit 576 1600 unsignedShort vlan VLAN ID 0 untagged 0 4095 unsignedShort ip4rangelist List of IP4ranges IP4Range macprefixlist List of strin...

Страница 151: ...tionship with interfaces 33 sequenced flashing of LEDs 27 Event logging external logging 29 overview 28 viewing logs 31 G Graphs 46 H Hostname setting 23 HTTP service configuration 56 I Interfaces def...

Страница 152: ...t service configuration 56 Time out login sessions 22 Traffic shaping overview 46 Tunnels bonding FB105 52 FB105 51 viewing status FB105 52 U User Interface customising layout 12 general layout 12 nav...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды