THOMSON SpeedTouch 620 Скачать руководство пользователя страница 94 | Manualshive

Страница: 94 / 216

background image

Chapter 8

SpeedTouch™ Remote Access

E-DOC-CTC-20051017-0155 v1.0

84

8.2 Secure Remote Web Interface Access

HTTPs service

Introduction

The SpeedTouch™ supports secure HTTP or HTTPS. The Transport Layer Security
(prior SSL implemented by Netscape) provides communications privacy over the
Internet. The protocol allows client/server applications to communicate in a way
that is designed to prevent eavesdropping, tampering, or message forgery.
The primary goal of the TLS Protocol is to provide privacy and data integrity
between two communicating applications.

The remote

management certificate

When booting, the SpeedTouch™ verifies if a certificate exists for remote
management. If no certificate is found, the SpeedTouch™ generates its own
certificate. When the SpeedTouch™ receives an HTTPs request on port 443, it
transmits this certificate to the client. The client can either accept of refuse the
server identity. Depending on client implementation, the end-user is prompted
whether or not to trust the server.

When a web user logs in or tries to log in the SpeedTouch™, a syslog message is
generated. This message indicates the user name and the underlying protocol
(HTTP or HTTPS)

After negotiating the cipher between the two peers involved in the TLS protocol,
data is encrypted for further communications. The minimum level of security
required for the connection is indicated by each peer. If the minimum requirement
of each peer cannot be achieved, the connection is closed.

Default HTTPs

service configuration

Use the following CLI command to see the default HTTPs service configuration.

=>

:service system list name=HTTPs expand=enabled

Idx Name

Protocol

SrcPort

DstPort

Group

-----------------------------------------------------------------------

1 HTTPs

tcp

443

Description............... HTTP web server over ssl

Properties................ server

Attributes................ state port aclip aclif aclifgroup map log

User Managed Attributes... state port aclip aclif aclifgroup map log

Attribute Values :

State...................... enabled

Port....................... 443

Ip Access List............. any

Interface Access List...... any

Interface Group Access List lan

Map List................... 443

Logging.................... disabled

=>

«
...
92
93
94
95
96
...
»

Содержание SpeedTouch 620

Страница 1: ...SpeedTouch 620 Wireless Business DSL Routers Operator s Guide P o w er E th er n et W LA N P lu g i n IS D N In te rn et D S L...

Страница 2: ......

Страница 3: ...SpeedTouch 620 Operator s Guide...

Страница 4: ...Wi Fi CERTIFIED Wi Fi ZONE Wi Fi Alli ance their respective logos and Wi Fi Protected Access are trademarks of the Wi Fi Alliance UPnP is a certification mark of the UPnP Implementers Corporation Micr...

Страница 5: ...are 15 3 1 About the System Software 15 3 2 System Software Management via FTP 16 3 2 1 Backup System Software via FTP 17 3 2 2 Upgrade or Restore System Software via FTP 19 3 2 3 Manual System Softwa...

Страница 6: ...SNTP Client 56 6 3 Website Filtering 60 6 3 1 The Website Filtering Configuration Pages 62 6 3 2 How to Verify the Filtering Configuration 63 6 3 3 How to Activate a Web Filtering License 65 6 3 4 Con...

Страница 7: ...Configuration LAC Support TR 064 106 8 8 CPE WAN Management Protocol CWMP Support TR 069 108 9 The Integrated SpeedTouch ISDN Modem 113 9 1 About the ISDN Modem 114 9 2 How to Configure the ISDN Modem...

Страница 8: ...ion 145 10 2 6 How to Force the Source IP Address 146 10 2 7 How to Configure the SNMP Target 147 10 2 8 How to Read SNMP Parameters via the CLI 149 10 2 9 How to Allow Remote SNMP 151 10 2 10 How to...

Страница 9: ...gnostics 179 11 3 1 About CLI Diagnostics 180 11 3 2 Lower Layer Diagnostics 181 11 3 3 Router Services Diagnostics 184 11 3 4 Routing Diagnostics 186 11 3 5 Ethernet Diagnostics 189 11 3 6 Management...

Страница 10: ...Contents E DOC CTC 20051017 0155 v1 0 vi...

Страница 11: ...le Documentation and software updates THOMSON continuously develops new solutions but is also committed to improve its existing products For more information on THOMSON s latest technological innovati...

Страница 12: ...About this Operator s Guide E DOC CTC 20051017 0155 v1 0 2...

Страница 13: ...or s Guide applies to the SpeedTouch 620 Wireless Business DSL Router Contents This Operator s guide consists of 2 major parts Configuration How to manage the SpeedTouch system configuration The Speed...

Страница 14: ...Chapter 1 Introduction E DOC CTC 20051017 0155 v1 0 4...

Страница 15: ...er 4 0 Netscape s Communicator 4 06 or equivalent The web browser must support Java Script CLI Telnet access requirements To access the CLI via an IP Telnet session you need A TCP IP connection betwee...

Страница 16: ...nner pops up followed by the CLI prompt If the SpeedTouch is protected by a system password authentication will be required before access is granted to the CLI ______ SpeedTouch 620 ___ _____ 5 4 0 10...

Страница 17: ...enu Displays menu Displays this help information exit Exits this shell Exits group selection saveall Saves current configuration ping Send ICMP ECHO_REQUEST packets traceroute Send ICMP UDP packets to...

Страница 18: ...ks for the command groups for the commands and the options but not for values For example typing the letter l at the firewall command group selection followed by pressing TAB results in the full comma...

Страница 19: ...OC CTC 20051017 0155 v1 0 9 History of Commands The CLI allows you to re use commands you have used before during a CLI session To scroll through the previously used CLI commands use UP ARROW and DOWN...

Страница 20: ...e command group from which the command should be executed for example firewall list firewall list Config State disabled Keep disabled TcpChecks none TcpWindow 65536 UdpChecks disabled IcmpChecks disab...

Страница 21: ...fault values for all parameters In case the CLI command features required parameters you are prompted to complete the command with the required and the optional if present parameters For optional para...

Страница 22: ...12 Saving the configuration After configuring the SpeedTouch via the CLI it is advised to save your configuration You can save the complete SpeedTouch configuration to persistent memory by executing t...

Страница 23: ...each level you can select and press ENTER to go up one level Use TAB to change from the command menu to the control menu the lower bar of the menu and vice versa Executing commands To setup a CLI comm...

Страница 24: ...Chapter 2 SpeedTouch Command Line Interface E DOC CTC 20051017 0155 v1 0 14...

Страница 25: ...you can visit the SpeedTouch support pages at http www speedtouch com System software packages and security All SpeedTouch system software packages are Digitally signed and encrypted Packages that may...

Страница 26: ...the active software version is stored The dl subdirectory stores the dormant system software the passive software version In case no SpeedTouch system software upgrade was performed before both activ...

Страница 27: ...Access Policy Configuration Guide for more information C ftp SpeedTouch IP address Connected to SpeedTouch IP address 220 Inactivity timer 120 seconds Use site idle secs to change User SpeedTouch IP a...

Страница 28: ...ectory s contents ftp dir 200 Connected to 192 168 1 60 port 1312 150 Opening data connection for bin ls rwxrwxrwx 1 0 0 3601488 Jun 29 1971 ZZUIAA5 40A rwxrwxrwx 1 0 0 20 Jun 29 1971 start cmd r r r...

Страница 29: ...Software via FTP Upgrade Restore procedure The procedure to upgrade or restore the SpeedTouch system software consists of three main steps Step Action 1 Transfer system software to the SpeedTouch 2 M...

Страница 30: ...Password required Password 230 OK 2 Enter binary file transfer mode Optionally you can enable hashing ftp bin 200 TYPE is now 8 bit binary ftp hash Hash mark printing On ftp 2048 bytes hash mark 3 Ch...

Страница 31: ...will automatically clean its file system 6 Put the upgrade system software to the SpeedTouch dl subdirectory ftp put ZZUIAA5 411 200 Connected to 192 168 1 254 port 3638 150 Opening data connection fo...

Страница 32: ...em software the same mechanism as used via the Web Interface is valid the system software files are switched Proceeding from the same FTP session you opened in the previous procedures use the quote si...

Страница 33: ...s factory default settings Therefore prior to performing an upgrade of the system software it is recommended to back up the SpeedTouch configuration Before you start You need a third party BOOTP TFTP...

Страница 34: ...ch you will need to specify its MAC address and define an IP range for basic communication between the BOOTP TFTP server and the SpeedTouch 4 Set the SpeedTouch in BOOTP by executing the software upgr...

Страница 35: ...ctory This file contains all CLI commands needed to reproduce the configuration present at the moment it was saved Backing up configurations You can make backup files of the SpeedTouch configuration f...

Страница 36: ...terface Via the basic Web Interface Via the expert Web Interface Backing up configurations via the basic Web Interface Proceed as follows Step Action 1 Open a web browser and go to the SpeedTouch Web...

Страница 37: ...Step Action 1 Open a web browser and go to the SpeedTouch Web Interface 2 Go to Home SpeedTouch Configuration 3 Click Save or Restore Configuration 4 Click on Browse and choose the configuration file...

Страница 38: ...uch Web Interface 2 Go to expert mode 3 Click Save All to save the current configuration 4 Open the Update page via Home SpeedTouch System Update 5 Click the Configuration Files tab and select the fil...

Страница 39: ...ck Browse to locate the configuration file on your local disk you intend to restore Select the file and click OK 5 Click Upload to transfer the configuration file to the SpeedTouch Be aware that by up...

Страница 40: ...configuration files The SpeedTouch s last saved configuration is stored in the SpeedTouch dl subdirectory of the SpeedTouch file system There may be a user ini file present in the system s active sub...

Страница 41: ...he current configuration of the SpeedTouch to a user ini file in the dl subdirectory config backup filename user configuration filename Allows to save the current configuration of the SpeedTouch to a...

Страница 42: ...the new loaded configuration is appended to the existing current configuration The latter may result in an unexpected behaviour of the SpeedTouch echo no yes Allows you to specify whether to echo eac...

Страница 43: ...rompt enter a user name and at the password prompt the password see The SpeedTouch Multi Level Access Policy Configuration Guide for more information C ftp SpeedTouch IP address Connected to SpeedTouc...

Страница 44: ...m r r r 1 0 0 692 Jun 29 1971 sshdsa pem rwxrwxrwx 1 0 0 66920 Jun 29 1971 user ini rw rw rw 1 0 0 4056 Jun 29 1971 user tpl rw rw r 1 0 0 34633 Jun 29 1971 security cfg 226 Options l 9 matches total...

Страница 45: ...However the SpeedTouch file system will truncate the full name including the extension to maximum 13 characters For example when transferring a file abcdefghijklmnopqrstuvwxyz ini to the SpeedTouch fi...

Страница 46: ...subdirectory by making a listing of the subdirectory s contents ftp dir 200 Connected to 192 168 1 254 150 Opening data connection for bin ls rwxrwxrwx 1 0 0 20 Jun 29 1971 start cmd rwxrwxrwx 1 0 0...

Страница 47: ...ts ftp dir 200 Connected to 192 168 1 254 150 Opening data connection for bin ls rwxrwxrwx 1 0 0 20 Jun 29 1971 start cmd rwxrwxrwx 1 0 0 2952448 Jun 29 1971 ZZUIAA5 314 r r r 1 0 0 9 Jun 29 1971 seed...

Страница 48: ...h file system help config load Load saved or default configuration Syntax load load_ip disabled enabled defaults disabled enabled flush enabled disabl ed echo disabled enabled filename string Paramete...

Страница 49: ...9 Jun 29 1971 seed dat r r r 1 0 0 729 Jun 29 1971 sslcert pem r r r 1 0 0 908 Jun 29 1971 sslkey pem r r r 1 0 0 692 Jun 29 1971 sshdsa pem rwxrwxrwx 1 0 0 66920 Jun 29 1971 user ini rw rw rw 1 0 0 4...

Страница 50: ...he dl or active subdirectories by default However via FTP access you are able to upload additional template files from the SpeedTouch Setup CD or custom template files to the SpeedTouch dl subdirector...

Страница 51: ...ch between system languages via the system language bar Delete a system language via the SpeedTouch Web Interface Uploading a new system language To upload a new system language proceed as follows Ste...

Страница 52: ...language in the system language bar The system language bar can be found on the top right side of the SpeedTouch Web Interface By default the SpeedTouch is shipped with only one language The system la...

Страница 53: ...ed as follows Step Action 1 Open a web browser and go to the SpeedTouch Web Interface 2 Go to the Expert Mode 3 Open the language page via Home SpeedTouch System Update 4 Click on the Language Packs t...

Страница 54: ...Chapter 4 SpeedTouch Configuration Management E DOC CTC 20051017 0155 v1 0 44...

Страница 55: ...peedTouch is able to support additional functionality on top of its basic feature set These additional software modules however are not enabled by default and must be activated by means of a software...

Страница 56: ...ule following information is provided How to Access the Software Modules Page In expert mode go to SpeedTouch Addon Table Item Description Name The name of the software module The name also serves as...

Страница 57: ...rvice Provider Applying for a software key Contact your local product dealer for available software module activation possibilities software addon list VPN256 32 module info Software key status No Key...

Страница 58: ...re keys may be residing in the SpeedTouch active directory If so and you want to remove these software keys in order to prevent them to re activate a software module in a future system software upgrad...

Страница 59: ...CTC 20051017 0155 v1 0 49 6 SpeedTouch System Services Overview This chapter covers the following services Service See Dynamic DNS 6 1 Simple Network Time Protocol SNTP 6 2 Website Filtering 6 3 Intr...

Страница 60: ...host name at one of the available dynamic DNS service providers available on the Internet The SpeedTouch supports by default the following dynamic DNS service providers DynDNS www dyndns org services...

Страница 61: ...NS service providers or to create custom dynamic DNS service providers dyndns help Following commands are available add Add a Dynamic DNS client modify Modify a Dynamic DNS client delete Delete a Dyna...

Страница 62: ...ltiple host names to be assigned to the same dynamic DNS service host names always reside in a group You are free to choose a group name it is only used for referring to the group during CLI configura...

Страница 63: ...intf PPPoE_1 user JohnDoe MyISP com password First time typing the password Please retype password for verification password Second time typing the password for verification group MyDynDNSHost mx Lef...

Страница 64: ...namic DNS service dyndns service list dyndns server members dyndns org port 80 request nic update update interval 2097120s retry interval 30s max retry 3 statdns server members dyndns org port 80 requ...

Страница 65: ...Web Page The Basic Web interface has a page on Dynamic DNS To access this page go to Basic mode Toolbox Dynamic DNS This page shows the Dynamic DNS settings To change the settings and enable disable...

Страница 66: ...aylight saving switch you should update it manually at the correct moments twice a year The RTC The SpeedTouch contains a battery to allow the RTC to maintain the time even when the device is powered...

Страница 67: ...0 57 The Manual tab Select Manual to Set a date manually format dd mm yyyy Set a time manually format HH mm ss Select a geographical timezone from GMT 12 00 to GMT 12 00 Enable or disable summertime...

Страница 68: ...P server Step Action 1 Click New 2 Enter the IP address or DNS hostname of an NTP server 3 Specify the NTP version of the server 4 Click Apply This enables the SNTP client which contacts the NTP serve...

Страница 69: ...the SpeedTouch SNTP client and set the polling interval system rtc settime date 04 07 2003 time 10 34 55 timezone 01 00 daylightsaving off help system rtc settime Set Get date time timezone daylight...

Страница 70: ...s to specific web sites based on their address You can also block access to a specific site and redirect the browser to another site You can do this by configuring an address filter similar to this ex...

Страница 71: ...levels or create your own The following is an example of part of a content level Note that x marks forbidden content while v marks allowed content Overview This section covers the following topics Se...

Страница 72: ...ring Configuration Pages Page Overview The website filtering section of the SpeedTouch web interface offers three pages Page Description Overview Allows you to view the filtering configuration Configu...

Страница 73: ...o Verify the Filtering Configuration Procedure Proceed as follows to verify the website filtering configuration Result you are taken to the website filtering overview page Step Action 1 Go to the Spee...

Страница 74: ...cified websites and the actions to be taken Content based filtering information license information and information about the active content level Note to view more detailed information on the content...

Страница 75: ...ep Action 1 Go to the SpeedTouch configuration home page 2 In the Toolbox section click Web Site filtering Result you are taken to the website filtering overview page 3 In the Pick a task section clic...

Страница 76: ...Actions for Uncategorised Sites Uncategorised sites are sites that are not targeted by any of the active filters For these sites you can allow access block access Procedure Proceed as follows to set t...

Страница 77: ...to the first bullet in the list Address Based Filtering 5 In the last row of the table enter the URL of the web site for which you want to create an entry in the filter 6 Select the action to be take...

Страница 78: ...nagers Block illegal adult extreme online ordering gambling and spyware websites Children Allow only children safe websites BlockAll Block all categorized web sites Step Action 1 Go to the SpeedTouch...

Страница 79: ...site filtering Overview page Result The Web interface shows a description of the content level as well as full details on which type of content is allowed and which is not 2 Click on Details Step Act...

Страница 80: ...hing allowed leaving you to determine which categories are to be blocked select Black List 5 Click Next 6 Select or de select the content classes and subclasses you want to include or exclude Note tha...

Страница 81: ...sion Detection page also shows a Pick Task section which has two possible tasks To execute a task simply click it in the Pick a Task section Step Action 1 Go to the Basic configuration home page of th...

Страница 82: ...of the web interface 2 In the Toolbox section click Remote Assistance Result the Web Interface shows the following page The system selects the user with the defremadmin property set to enabled The Spe...

Страница 83: ...edTouch System Services E DOC CTC 20051017 0155 v1 0 73 Connection Type On most variants the connection will be HTTPS secure HTTP However some variants do not support SSH and will therefore use an HTT...

Страница 84: ...Chapter 6 SpeedTouch System Services E DOC CTC 20051017 0155 v1 0 74...

Страница 85: ...ilevel directory structure with two nodes active and dl The root directory is secured and contains two subdirectories active and dl The active subdirectory contains the system software in execution Ot...

Страница 86: ...ultiple files dl Subdirectory Access is allowed Listing of files dir FTP m get of multiple files FTP m put of multiple files FTP m delete of multiple files Preparing for FTP file transfers To allow co...

Страница 87: ...data connection for bin ls rwxrwxrwx 1 0 0 20 Jun 29 1971 start cmd rwxrwxrwx 1 0 0 2889484 Jun 29 1971 ZZUIAA5 321 r r r 1 0 0 9 Jun 29 1971 seed dat r r r 1 0 0 729 Jun 29 1971 sslcert pem r r r 1...

Страница 88: ...configuration file residing in the dl directory Default configuration files e g isp def Depending on your ISP s or network administrator s preferences your SpeedTouch may have a deviant default config...

Страница 89: ...SpeedTouch Services A Service is an application running on the SpeedTouch By activating a service the SpeedTouch adds the appropriate NAT entries and firewall rules for example to disable access to t...

Страница 90: ...owed access to that specific service The interface access list can contain 1 or more of the following groups lan the local or corporate network local the serial console cable wan the Internet IPSec Pr...

Страница 91: ...you should use HTTP For this additional configuration of the HTTP service is needed Use the following CLI command to allow HTTP access from the WAN to the SpeedTouch If you take a look at the HTTP ser...

Страница 92: ...ge of IP addresses Use the following CLI command to restrict the allowed traffic to 1 IP address Use the following CLI command to restrict the allowed traffic to a subnet Use the following CLI command...

Страница 93: ...xecuting the following command The command above will change the HTTP server port of the SpeedTouch from port 80 default to port 82 For more information on Hyper NAT see the SpeedTouch Hyper NAT Confi...

Страница 94: ...tity Depending on client implementation the end user is prompted whether or not to trust the server When a web user logs in or tries to log in the SpeedTouch a syslog message is generated This message...

Страница 95: ...see that the wan group is added to the Interface Access List service system ifadd name HTTPs group wan service system list name HTTPs expand enabled Idx Name Protocol SrcPort DstPort Group 1 HTTPs tcp...

Страница 96: ...of IP addresses Use the following CLI command to restrict the allowed traffic to 1 IP address Use the following CLI command to restrict the allowed traffic to a subnet Use the following CLI command t...

Страница 97: ...he following command The command above will change the HTTPs server port of the SpeedTouch from port 443 default to port 448 For more information on Hyper NAT see the SpeedTouch Hyper NAT Configuratio...

Страница 98: ...Telnet service is needed Use the following CLI command to allow WAN Telnet access to the SpeedTouch Use the following CLI command to take a look at the Telnet service configuration you will see that t...

Страница 99: ...of IP addresses Use the following CLI command to restrict the allowed traffic to 1 IP address Use the following CLI command to restrict the allowed traffic to a subnet Use the following CLI command to...

Страница 100: ...e following command The command above will change the Telnet server port of the SpeedTouch from port 23 default to port 50 For more information on Hyper NAT see the SpeedTouch Hyper NAT Configuration...

Страница 101: ...SpeedTouch supports the following authentication methods password Password Authentication publickey Public Key Based Authentication The user can configure the authentication to be used during SSH sess...

Страница 102: ...s present 2 ssh publickey add name Super role SuperUser Paste your public key here End with ctrl d AAAAB3NzaC1kc3MAAACAeFoVl4XEhVWB64jVtYRHCoGYuPWSkV79Xv4GkBxGIKpr MUPO4DrkCPJrUb13QZ2ssBb4KBlKTCregdve...

Страница 103: ...stem list name SSH expand enabled Idx Name Protocol SrcPort DstPort Group 1 SSH tcp 22 Description SSH server Properties server Attributes state port aclip aclif aclifgroup map log User Managed Attrib...

Страница 104: ...you will see that the wan group is added to the Interface Access List service system ifadd name SSH group wan service system list name SSH expand enabled Idx Name Protocol SrcPort DstPort Group 1 SSH...

Страница 105: ...nge of IP addresses Use the following CLI command to restrict the allowed traffic to 1 IP address Use the following CLI command to restrict the allowed traffic to a subnet Use the following CLI comman...

Страница 106: ...d by executing the following command The command above will change the SSH server port of the SpeedTouch from port 22 default to port 35 For more information on Hyper NAT see the SpeedTouch Hyper NAT...

Страница 107: ...FTP service is needed Use the following CLI command to allow WAN FTP access to the SpeedTouch via CLI commands Use the following CLI command to look at the FTP service configuration we notice that th...

Страница 108: ...nge of IP addresses Use the following CLI command to restrict the allowed traffic to 1 IP address Use the following CLI command to restrict the allowed traffic to a subnet Use the following CLI comman...

Страница 109: ...port for the FTP server is set to 21 This can be changed by executing the following command The command above will change the FTP server port of the SpeedTouch from port 21 default to port 26 For more...

Страница 110: ...password Password Authentication publickey Public Key Based Authentication The user can configure the authentication to be used during SSH session setup this can be done by executing the following CL...

Страница 111: ...s present 2 ssh publickey add name Super role SuperUser Paste your public key here End with ctrl d AAAAB3NzaC1kc3MAAACAeFoVl4XEhVWB64jVtYRHCoGYuPWSkV79Xv4GkBxGIKpr MUPO4DrkCPJrUb13QZ2ssBb4KBlKTCregdve...

Страница 112: ...stem list name SSH expand enabled Idx Name Protocol SrcPort DstPort Group 1 SSH tcp 22 Description SSH server Properties server Attributes state port aclip aclif aclifgroup map log User Managed Attrib...

Страница 113: ...you will see that the wan group is added to the Interface Access List service system ifadd name SSH group wan service system list name SSH expand enabled Idx Name Protocol SrcPort DstPort Group 1 SSH...

Страница 114: ...ange of IP addresses Use the following CLI command to restrict the allowed traffic to 1 IP address Use the following CLI command to restrict the allowed traffic to a subnet Use the following CLI comma...

Страница 115: ...fault port for the SSH server is set to 22 This can be changed by executing the following command The command above will change the SSH server port of the SpeedTouch from port 22 default to port 35 Fo...

Страница 116: ...he diagram below shows the architecture and protocol stack for TR 064 on the SpeedTouch Configuration Options It is impossible to configure LAC via the Web interface Only CLI commands can be used How...

Страница 117: ...7 0155 v1 0 107 How to Configure LAC Parameter Descripion The CLI command uses the following parameters Parameter Value Description tr64 enabled or disabled Enable or disable LAC TR 064 tr64auth enabl...

Страница 118: ...orted Features The TR 069 functionality as supported by the SpeedTouch has the following features Start up mechanism including Remote Inventory with support of SSL and DNS name resolution for ACS Tran...

Страница 119: ...led Mode full Max Envelopes 2 Session Timeout 60 No Ip Timeout 10 Connection Request Port 51005 Periodic Inform enabled Periodic Inform Interval 3600 s Connection Request disabled Connection Request U...

Страница 120: ...ds noIpTimeout number Set the time in seconds the IP may be 0 after uploading a new config file maxEnvelopes number Set the maximum number of SOAP envelopes sent within one http message connectionRequ...

Страница 121: ...he CWMP Server parameters How to Configure the CWMP Server Parameter Description The CLI command uses the following parameters config url string username string password string Parameter Value Descrip...

Страница 122: ...Chapter 8 SpeedTouch Remote Access E DOC CTC 20051017 0155 v1 0 112...

Страница 123: ...OC CTC 20051017 0155 v1 0 113 9 The Integrated SpeedTouch ISDN Modem Overview This chapter covers the following topics Topic See Page About the ISDN Modem 114 How to Configure the ISDN Modem 116 ISDN...

Страница 124: ...are 3 ways of securing the ISDN modem of the SpeedTouch Reduce the amount of people that can dial in to the SpeedTouch by configuring a group of allowed dial in numbers On a higher layer level it is p...

Страница 125: ...able to change the SpeedTouch configuration using a WAN interface Add the ISDN modem to the required service you want to use Dealing in via the SpeedTouch to surf to the corporate network Take into ac...

Страница 126: ...fconfig intf ISP1 number 090934100 mlppp disabled mode dialout The PPP Multilink protocol mlppp can be enabled or disabled disabled dialup 64 Kbps enabled dialup 128 Kbps MLPPP is by default disabled...

Страница 127: ...will be charged with the connection cost To avoid this it is possible to use the callback option if the other end supports it The SpeedTouch establishes a dial in connection and provides all necessary...

Страница 128: ...e 2 Click Connections 3 Click Routed PPoI Result on the page that appears you see a predefined connection called ISDN backup 4 Click the arrow to open the configuration pages for this connection Resul...

Страница 129: ...when the PPP connection is established You cannot enable Callback via the Web interface For this you must use CLI If you do not enable it the SpeedTouch will establish the ISDN connection over which t...

Страница 130: ...DN B links 64 kbps thus creating a bandwidth of either 64 or 128 kbps BODStart Numerical in kbps Default 40 If multilink ppp is enabled and the required bandwidth exceeds this value a second ISDN B li...

Страница 131: ...PPP Connection Via CLI Use the following command sequence to configure the PPP connection via CLI ppp ifconfig intf bu_isdn dest buisdn user cpesit rednet password pcomp disabled accomp enabled trace...

Страница 132: ...the system will retry establishing the connection after this interval passive enabled or disabled Enable or disable passive mode silent enabled or disabled Enable or diable silent mode echo enabled or...

Страница 133: ...s Default 120 Delay during which DOD is disengaged This interval is meant to allow the DSL line time to synchronize primdns ip address IP address of the primary dns server secdns ip address IP addres...

Страница 134: ...allback option if the other end supports it The SpeedTouch establishes a dial in connection and provides all necessary information and disconnects The system then waits for a callback to establish the...

Страница 135: ...2 Click Connections 3 Click Routed PPoI Result on the page that appears you see a predefined connection called ISDN backup 4 Click on the arrow to open the configuration pages for this connection Res...

Страница 136: ...ved when the PPP connection is established You cannot enable Callback via the Web interface For this you must use CLI If you do not enable it the SpeedTouch will establish the ISDN connection over whi...

Страница 137: ...2 ISDN B links 64 kbps thus creating a bandwidth of either 64 or 128 kbps BODStart Numerical in kbps Default 40 If multilink ppp is enabled and the required bandwidth exceeds this value a second ISDN...

Страница 138: ...PPP Connection Via CLI Use the following command sequence to configure the PPP connection via CLI ppp ifconfig intf bu_isdn dest buisdn user cpesit rednet password pcomp disabled accomp enabled trace...

Страница 139: ...the system will retry establishing the connection after this interval passive enabled or disabled Enable or disable passive mode silent enabled or disabled Enable or diable silent mode echo enabled or...

Страница 140: ...ay during which DoD is disengaged This interval is meant to allow the DSL line time to synchronize primdns ip address IP address of the primary dns server secdns ip address IP address of the secondary...

Страница 141: ...ng sms PC Answering machine with auto attendant It features an address manager and Outlook integration How to Install Remote CAPI Proceed as follows The Remote CAPI function only works with PC applica...

Страница 142: ...ed as follows to enable Remote CAPI via the Web Interface How to Enable Remote CAPI via CLI Use the following command sequence to enable RCAPI Step Action 1 Use the Control Panel to start the Remote C...

Страница 143: ...051017 0155 v1 0 133 10 SpeedTouch Monitoring Overview This chapter covers the following topics Topic See Page 10 1 An Introduction to SNMP 134 10 2 SNMP configuration 139 10 3 The SpeedTouch Syslog 1...

Страница 144: ...e SpeedTouch SNMP implementation and how to use it SNMP in the SpeedTouch SNMP has become the de facto standard for network management Especially the monitoring aspect has become important network adm...

Страница 145: ...parameters Reading these parameters get may provide the user with information he should not have access to Writing to a MIB set can have severe consequences Therefore as a security measure it is not...

Страница 146: ...MP TCP and UDP protocols RFC2863 IF MIB The IF MIB is an extension and replacement of the interface table in MIB II It contains statistics on the number of bytes and packets transported across the rep...

Страница 147: ...pro actively aware of network problems that impact application performance and to solve the problems even before the customer complains The SpeedTouch can be configured to automatically generate activ...

Страница 148: ...bout the ADSL line such as Signal to Noise Ratio SNR output power and attainable bit rate For using the RFC2662 ADSL MIB the PerfHist TC MIB is required available on the SpeedTouch Setup CD RFC3276 SH...

Страница 149: ...enter a CLI command from the root precede it with and provide the full command path For more information on these commands refer to the CLI Command Guide Overview This section covers the following co...

Страница 150: ...ow to Allow Access to the SNMP Agent Default Setting By default access to the SNMP Agent is disabled Before you are able to use SNMP you must enable it Command Use the following command to allow acces...

Страница 151: ...he following command to view the SNMP configuration This returns the following output You can the same command to view the SNMPV3 Traps service system list name SNMPV3_AGENT expand enabled Description...

Страница 152: ...e and Location Command Use the following CLI command to view the default configuration Default Configuration The default configuration is as follows Administrator snmp config SNMP System Contact Servi...

Страница 153: ...tep Action 1 Create a new community snmp community add index RWCommunity securityname RWCommunity communityname private 2 Create a new view snmp view add viewname all viewtree iso type include 3 Confi...

Страница 154: ...ist Trap_tag params Trap_params 2 Create a notify filter snmp notify add name trap_notify_test tag Trap_tag 3 Configure the target parameters snmp targetparams add paramname Trap_params mpmodel v1 sec...

Страница 155: ...II RFC1213 Use the following CLI command to do so Parameters This command has the following parameters config sysContact quoted string sysName quoted string sysLocation quoted string traps disabled en...

Страница 156: ...cal Loop Interface Use the following command to assign an IP address to the local loop interface How to Make the Local Loop Address the Primary Address Use the folllowing commands to make this IP addr...

Страница 157: ...volatile nonVolatile permanent readOnly mms number 484 65535 Parameter Value Description name string Name of this target addr ip address IP address of the target port number 0 65535 Target port numbe...

Страница 158: ...ng String containing one or more tags A tag corresponds to a tag in the usmUserTable the snmpCommunityTable or the snmpNotifyTable params V1Params String used to select a set of entries in the snmpTar...

Страница 159: ...tid the object identity to getNext from Example To get the iP address table use Administrator snmp get objectid string Administrator snmp 1 3 6 1 2 1 10 94 1 1 7 1 12 601 VB_counter 1 3 6 1 2 1 10 94...

Страница 160: ...le below skims through this MIB object Administrator snmp walk objectid string Administrator snmp walk ObjectId 1 3 6 1 2 1 1 VB_octetStr 1 3 6 1 2 1 1 1 0 SpeedTouch 620 VB_objId 1 3 6 1 2 1 1 2 0 1...

Страница 161: ...command Receiving Traps To allow the remote SNMP manager to receive SNMP traps generated by the SpeedTouch no extra configuration is necessary It is however possible to configure which traps are sent...

Страница 162: ...ng that user access to that view Users and Communities The use of Users Views and Groups is defined in SNMPv3 SNMP v1 and SNMPv2 however use communities In SNMPv1 users are represented as communities...

Страница 163: ...2 1 10 ETHER like ADSL 1 10 94 HDSL 1 10 48 1 3 6 1 2 1 16 RMON 1 3 6 1 2 1 17 BRIDGE 1 3 6 1 2 1 26 MAU 1 3 6 1 2 6 3 10 2 SNMPv2 Framework 1 3 6 1 2 1 16 RMON 1 3 6 1 2 1 80 PING 1 3 6 1 2 1 81 TRAC...

Страница 164: ...ommand to create a new view snmp view add viewname View_All viewtree iso type include 2 Use the following command to create a new group with read write and notification access to that view snmp group...

Страница 165: ...LanAdmin snmpengineID localSnmpID authprot usmNoAuthProtocol privprot usmNoPrivProtocol targettag storage nonVolatile securityname WanAdmin snmpengineID localSnmpID authprot usmNoAuthProtocol privprot...

Страница 166: ...name V1RWGroup storage nonVolatile securitymodel usm securityname SU groupname SU_Group storage nonVolatile securitymodel usm securityname user groupname Basic_Group storage nonVolatile securitymodel...

Страница 167: ...Access List Use the following command The group parameter determines which interface group has access to the SNMP service How to View the Configuration Use the following command to view the configurat...

Страница 168: ...ofile Using that Filter Use the snmp notifyprofile add command Example How to Create NotifyTags Use the snmp notify add command Example Step Action 1 Set the message handling parameters 2 Create a not...

Страница 169: ...d command Example How to Enable Traps Use the following command sequence More Information For more information about these commands refer to the CLI Command Guide snmp target add name Test_trap_pc add...

Страница 170: ...mon WELF Compliancy All syslog messages are compliant with Webtrend Extended Log Format WELF formatting The SNMP service Next to Syslog the SpeedTouch supports SNMP for extended device management For...

Страница 171: ...ssage body containing the message itself Via the Priority identification it is possible to determine the severity and facility of a message hence it allows to diversify the messages according to their...

Страница 172: ...User level messages user 8 Mail system mail 16 System daemons deamon 24 Authorization messages auth 32 Syslog daemon messages syslog 40 Line Printer subsystem Lpr 48 Network news subsystem news 56 UUC...

Страница 173: ...uration module DHCP Client module DHCP Relay module DHCP server module Firewall module HTTP module IPSec VPN module Linestate module Login authentication module NAPT module PPP dial in client module R...

Страница 174: ...lection of syslog messages the SpeedTouch has generated Browse to the SpeedTouch Expert pages and open the Syslog pages via Home SpeedTouch Syslog The advantage of offering the syslog Web Interface is...

Страница 175: ...g page select the Configuration tab The table allows you to overview the hosts configured to receive syslog messages generated by the SpeedTouch To add a host you must type one or more comma separated...

Страница 176: ...on flush Flushes syslog rules list List the current syslog configuration Following command groups are available msgbuf syslog msgbuf help Following commands are available show Show messages in the sys...

Страница 177: ...o traffic restrictions apply for the local network Simply add a syslog rule via the SpeedTouch syslog configuration web page or the CLI Specify the IP address of the host and optionally refine the set...

Страница 178: ...configured before See Syslog host on the local network will receive all generated syslog messages the remote syslog host only receives syslog messages from all facilities with severity warning error c...

Страница 179: ...is retrieved from the ENV variables BOARDSERIAL_NBR _PRL For example the SpeedTouch 620 Serial number can be CP0452JT02D DSLBB620AA Self test result The self test result will be retrieved from an ENV...

Страница 180: ...70 SpeedTouch Identification over AWS The ADSL Work Station AWS is the graphical management tool to control and configure DSL lines on a DSLAM The figure below is an example of a screenshot of an AWS...

Страница 181: ...w for extended monitoring of the system s performance operation and connection status You can access the diagnostics either with the Web interface or via CLI The Web interface also provides a page sho...

Страница 182: ...Page Proceed as follows Additional Pages There are two additional pages available in the Office Network submenu Devices provides an overview of all devices Interfaces provides an overview of all inte...

Страница 183: ...ent on the LAN To see more details of a specific device click on the corresponding device name e g a00098 in the above example From these pages you can also perform the following tasks Assign a game o...

Страница 184: ...E DOC CTC 20051017 0155 v1 0 174 The Interfaces Page The Devices page provides information on the devices present on the LAN To see more details of a specific interface click on the corresponding int...

Страница 185: ...ostic Web Interface Proceed as follows 1 Open a web browser an go to the SpeedTouch Web Interface 2 Go to the Expert Mode pages 3 Open the diagnostic pages via Home SpeedTouch Diagnostics Navigation a...

Страница 186: ...System Diagnostics The information shown is mainly meant for uniquely identifying your device for example as reference for helpdesking Among others following information is provided Device identifier...

Страница 187: ...interface following data are shown The interface s mode forwarding or disabled The operation mode of the interface 10BaseTHD 10MB s Base T Half Duplex 10BaseTFD 10MB s Base T Full Duplex 100BaseTHD 1...

Страница 188: ...on the DSL line flavour status bandwidth characteristic and throughput counters some line properties and statistics are shown The WAN connections diagnostics This section shows per WAN connection rel...

Страница 189: ...179 11 3 Command Line Interface Diagnostics Overview This chapter covers the following topics Topic See Page About CLI Diagnostics 180 Lower Layer Diagnostics 181 Router Services Diagnostics 184 Rout...

Страница 190: ...agnostical CLI commands Most CLI command groups feature one or more diagnostical commands this chapter provides a brief description of these commands For a full description refer to the SpeedTouch CLI...

Страница 191: ...up Operation Mode G 992 1 Annex B Channel Mode fast Number of resets 1 Vendor Local Remote Country 0f 00 Vendor TMMB VendorSpecific 0000 0000 StandardRevisionNr 00 00 Downstream Upstream Margin dB 9...

Страница 192: ...example is provided of an ATM OAM ping atm debug aal5stats port dsl0 vpi 8 vci 36 clear atm debug aal5stats port dsl0 vpi 8 vci 36 of CRC 32 errors 0 of SAR timeouts 0 of too long SDU errors 0 of inv...

Страница 193: ...ries This information shall be available on the CLI This information shall not be saved The VP VC information received via the management channel will dynamically add for example an enabled LLC SNAP B...

Страница 194: ...dhcp server debug stats DHCP server state Running DHCP server statistics Corrupted packet recv 1 DISCOVER 5 REQUEST 3 DECLINE 15 RELEASE 1 INFORM 6 Pure BOOTP REQUESTS 0 Other message types 213 OFFER...

Страница 195: ...dns server debug stats Displays statistics of SpeedTouch s DNS server forwarder dns server debug stats Corrupted packets received 1 Local questions resolved 5 Local negative answers sent 9 Total DNS p...

Страница 196: ...per firewall rule the number of packets and corresponding bytes that passed the firewall rule firewall rule debug stats chain index packets bytes sink 1 0 0 2 402 100663 forward 1 0 0 2 0 0 3 0 0 sour...

Страница 197: ...abled srcaddr ip address Parameter Value Description addr ip address The destination IP address count number 1 1000000 The number of pings to send size number 0 20000 The size of the ping payload s in...

Страница 198: ...nt number 1 10 The number of times to reissue a traceroute request with the same time to live size number 1 20000 The size of the packet payload interval number 1000 60000 The size of the packet paylo...

Страница 199: ...four as capturing port To verify which port has been set as capture port use the following command You can now set a port that you want to monitor to on the mirror capture port This can be done for e...

Страница 200: ...ollowing commands When there is no need to mirror traffic to ethernet port four any more you can disable the mirroring by executing the following command eth switch mirror ingress Ingress mirror port...

Страница 201: ...eedTouch SNMP module and Syslog see 10 1 An Introduction to SNMP on page 134 and 10 3 The SpeedTouch Syslog on page 160 System To monitor the SpeedTouch physical status following command is available...

Страница 202: ...Chapter 11 SpeedTouch Advanced Diagnostics E DOC CTC 20051017 0155 v1 0 192...

Страница 203: ...RFC 2925 Ping and traceroute are two very useful functions for managing networks Ping is typically used to determine if a path exists between two hosts while traceroute shows an actual path Ping Proce...

Страница 204: ...entries in the history table number 0 50 storagetype The storage type of this entry volatile or nonVolatile trap The value determines when and if to generate a notification flag flag probeFailure tes...

Страница 205: ...pe nonVolatile trap trapprobefilter 2 traptestfilter 12 type IcmpEcho descr srcaddr 0 0 0 0 intf lan1 bypassrt disabled dsfield 0 sla ping modify test internet size 200 count 15 datafill test frequenc...

Страница 206: ...eived 0 02 01 70 05 00 45 840097 2969 1120 resp received 0 02 01 70 05 00 46 850092 2970 1081 resp received 0 02 01 70 05 00 47 860067 2971 1134 resp received 0 02 01 70 05 00 48 870117 2972 1128 resp...

Страница 207: ...ulate a round trip time Some systems use ICMP probes ICMP Echo request packets instead of UDP ones to implement traceroute In both cases traceroute relies on the probes being rejected via an ICMP mess...

Страница 208: ...35 maxTtl The upper limit on the number of routers through which a packet can pass number 1 255 initTtl The initial time to live value number 0 255 createHopEntries Enables creation of traceroute hop...

Страница 209: ...uting tables disabled or enabled dffield Enables setting of the don t fragment flag in the IP headers of the traceroute requests disabled or enabled dsfield The value to store in the Differentiated Se...

Страница 210: ...route list route owner modem dest 11 0 0 138 size 0 timeout s 3 probePerHop 3 port 33434 maxTTL 30 InitialTTL 1 frequency s 0 maxrows 50 maxfailures 5 createHopEntries no trapflag type UdpEcho storage...

Страница 211: ...1 10 for a traceroute operation testAttempts The current number of attempts to determine a path to a target testSuccesses The current number of attempts to determine a path to a target that have succ...

Страница 212: ...Chapter 12 SLA Monitoring E DOC CTC 20051017 0155 v1 0 202...

Страница 213: ...SpeedTouch and will load the user ini file upon reboot so the previous saved configuration will be restored Reset to factory defaults To reset the SpeedTouch to factory defaults usethe following comma...

Страница 214: ...in the isp def if present The reset button can be disabled by executing the following command This command will disable the reset button on the back of the SpeedTouch In case of problems proceed as fo...

Страница 215: ......

Страница 216: ...Need more help Additional help is available online at www speedtouch com THOMSON 2006 All rights reserved E DOC CTC 20051017 0155 v1 0...

Отзывы:

Нет отзывов

Похожие инструкции для SpeedTouch 620

Бренд: A-Link Страницы: 6

Бренд: Idis Страницы: 31

Бренд: Patton electronics Страницы: 65

Бренд: ZyXEL Communications Страницы: 2

Бренд: Dahua Страницы: 24

Бренд: NA Страницы: 22

EonServ 5000 Series

Бренд: Surveon Страницы: 33

NSLU2 - Network Storage Link NAS Server

Бренд: Linksys Страницы: 64

Бренд: TRENDnet Страницы: 62

ExpressBox2 EB2

Бренд: Magma Страницы: 74

Бренд: Dahua Страницы: 113

B-Control Fader BCF2000

Бренд: Behringer Страницы: 13

OmniStor 4900F Series

Бренд: Rackable Systems Страницы: 196

ENHANCED PSD 239 H2R

Бренд: ADTRAN Страницы: 2

Бренд: Tripp Lite Страницы: 2

Бренд: ZyXEL Communications Страницы: 28

Nvidia Jetson Series

Бренд: Aetina Страницы: 7

Бренд: Aetina Страницы: 22

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды