Tiesse Imola 0220 Скачать руководство пользователя | Manualshive

Страница: 183 / 376

background image

Firewall functions: IPTABLES

U

SER

G

UIDE

183



SYN packet from client to server



SYN/ACK packet from server to client



ACK packet from client to server

At this point the connection is established and is able to transmit data:

In this way if NEW and ESTABLISHED packets can exit and only ESTABLISHED packets can enter, all
the attempts of connection to our internal network will be denied.

By executing the

iptables-conntrack

command, the status shown once received the first SYN

packet is as follows:

tcp 6 117 SYN_SENT src=192.168.1.5 dst=192.168.1.35 sport=1031 dport=23
[UNREPLIED] src=192.168.1.35 dst=192.168.1.5 sport=23 dport=1031 use=1

The next internal status is reached when a packet is received in the opposite direction:

tcp 6 57 SYN_RECV src=192.168.1.5 dst=192.168.1.35 sport=1031 dport=23
src=192.168.1.35 dst=192.168.1.5 sport=23 dport=1031 use=1

The status of established is reached when the final ACK arrives:

tcp 6 431999 ESTABLISHED src=192.168.1.5 dst=192.168.1.35 sport=1031
dport=23 src=192.168.1.35 dst=192.168.1.5 sport=23 dport=1031 [ASSURED] use=1

The following diagram shows the flow of terminating packets (closing in normal conditions):

As it can be seen, the connection is not completely closed until the final ACK arrives.

Notice that the connection tracking mechanism does not consider the TCP flags within the packets
and that a packet without SYN or ACK will be counted as

NEW

. If you want to associate the status

NEW

with the presence of SYN, the following rule should be added:

iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

iptables -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP

Various parameters set the timeout associated with TCP session States:



tcp_timeout_close

«
...
181
182
183
184
185
...
»

Содержание Imola 0220

Страница 1: ...Imola Lipari Levanto Imola E User Guide CLI Commands ver 1 6 9...

Страница 2: ...ights reserved Any disclosure derivation or reproduction of this document even partial is strictly prohibited without prior written authorization by Tiesse S p A Intellectual property rights Registere...

Страница 3: ...ersons In case of a model equipped with rear bush for grounding see picture connect the device to the power system ground via lug and yellow green cable SIM INSERTION EXTRACTION Only for models in whi...

Страница 4: ...ctrical and electronic equipment waste The crossed out wheelie bin symbol Waste Electrical and Electronic Equipment Directive WEEE Directive on Tiesse s routers and packaging indicates that the produc...

Страница 5: ...gs 25 ACCESS VIA ETH0 AND ETH1 PORTS 26 eth0 eth1 default settings 26 USERNAME AND PASSWORD 26 GRANTING AND REVOKING PRIVILEGES 28 PRIVILEGE LEVELS AND ENABLE COMMAND 28 ACCESS VIA SSH 31 PASSWORD REC...

Страница 6: ...TRODUCTION 67 CONFIGURATION OF PHYSICAL CONNECTION 67 ADSL CONFIGURATION 68 VDSL CONFIGURATION 70 DISPLAY 71 ADSL VDSL LEDS MEANING 72 SHDSL INTERFACE 73 CONFIGURATION 73 DISPLAYING SHDSL CONFIGURATIO...

Страница 7: ...FIGURATION 118 DISPLAY 120 SERIAL CONNECTORS 120 USING THE CONSOLE PORT AS AUX 121 USING THE CONSOLE PORT TO CONNECT SERIAL DEVICES 122 TERMINAL SERVER 122 MODBUS RTU GATEWAY 123 AT HAYES EMULATOR 124...

Страница 8: ...WALL FUNCTIONS IPTABLES 168 INTRODUCTION 168 TABLES CHAINS RULES AND TARGET 168 FIREWALL WITH FILTER TABLE 169 NETWORK ADDRESS TRANSLATION WITH NAT TABLE 170 PORT FORWARDING 170 PACKETS ALTERATION WIT...

Страница 9: ...NSE MODE protocol configuration 224 PIM SPARSE MODE protocol Configuration 224 MULTICAST SOURCE DISCOVERY PROTOCOL 226 IGMP PROTOCOL 226 IGMP snooping 227 IGMP proxy 227 STATIC MULTICAST ROUTING 228 C...

Страница 10: ...ATION AND STATISTICS 277 OUTPUT BANDWIDTH LIMITATION 280 COMANDI SET DSCP E SET DSCP CLASS 281 TACACS PROTOCOL 282 TACACS PROTOCOL CONFIGURATION 282 ACCOUNTING AND AUTHORIZATION 284 RADIUS PROTOCOL 28...

Страница 11: ...IGURATION 326 SIP CONFIGURATION 327 SIP PROXY 327 SIP ALG 328 VOIP CONFIGURATION 329 REGISTRATION 329 Registering to a SIP provider registrar 329 Timings involved in the registration phase 329 Unregis...

Страница 12: ...BLES 359 GRE PROTOCOL 359 CONFIGURATION EXAMPLES 360 DHCP SERVER 360 VLAN IN ACCESS MODE 360 ADSL NAT WITH AN IP LAN CUSTOMER WITH PUBLIC AND PRIVATE IP 361 ADSL IP WITH A POOL OF PUBLIC AND PRIVATE I...

Страница 13: ...ls The following table shows the main models of both Imola and Imola LX family To those ones you may consider also the models with optional connectivity or with custom configuration Optionals comes wi...

Страница 14: ...which may supply both an AC DC converter Internal Power Supply and a DC DC converter External Power Supply The main characteristics are Network Processor 64 256 MB RAM depending on the model 512KB Bo...

Страница 15: ...tion 1 GPRS models no longer in production 2 GPRS EDGE 3 GPRS EDGE UMTS HSDPA 4 GPRS EDGE UMTS HSDPA HSUPA 5 GPRS EDGE UMTS HSDPA HSUPA LTE Y 0 1 Ethernet port present 1 2 Ethernet ports 2 5 switch Et...

Страница 16: ...hed routed ports o 1 A VDSL2 port o 1 G SHDSL port The model 5262 IKW has o LTE interface o 1 Gigabit Ethernet port o 5 Gigabit Ethernet switched routed ports o 1 A VDSL2 port o 1 b g n Wifi These car...

Страница 17: ...e with the central On Shows that the synch phase has been successful Data Green Blinking Data traffic ISDN interface 2 LEDs integrated in the connector Left Yellow On Physical ISDN level is active ong...

Страница 18: ...ve xDSL interface xDSL Green Slow Blinking 1sec on 1sec off Activating the modem is waiting for the connection Fast Blinking 0 500 ms on 0 500 ms off Handshaking Fixed on The connection is active Mobi...

Страница 19: ...uting RIP OSPF BGP routing and BFD support PIM protocol support Protocol Independent Multicast in Dense mode Sparse mode and Source Specific Multicast IGMP Proxy and IGMP Snooping support Band Optimiz...

Страница 20: ...nal power supply AC DC 5Vdc 1A As in the Imola models in order to distinguish the different features and communication interfaces each model is identified by the label Lipari XY00 where X identifies t...

Страница 21: ...CADA etc Levanto 410 has a 3G port a Ethernet port and a DB9 DCE serial port in the factory configuration the serial port is used as console Levanto 441 has a 4G port a Ethernet port and four RJ45 ser...

Страница 22: ...nd the presence of redundant power supplies ensure the continuity of operation We particularly care about the immunity from electromagnetic perturbation environment conditions and safety reuglations I...

Страница 23: ...e different from model to model Below you find a scheme for the different kind of console port Imola Lipari DB9 male connector Imola RJ45 connector Levanto 310 410 DB9 female connector Levanto 441 RJ4...

Страница 24: ...uld be used Thanks to the auto mdx function any kind of cable may be used in case of connection to any port of the integrated switch Tiesse spa IMOLA Interworking Unit No Radius configured Using Local...

Страница 25: ...addition of the Tacacs support it is possible to pass from release 4 3 0 to release 4 3 1 The suffix N indicates the build number It increases in case of small bug fixing which do not require non regr...

Страница 26: ...etmask 255 255 0 0 255 255 0 0 Broadcast 10 10 255 255 172 151 255 255 Network Address 10 10 0 0 172 151 0 0 In models with a LAN integrated switch IMOLA X2X0 the connection to eth1 port can be made v...

Страница 27: ...ttyp0 mario You are logged on ttyp0 mario Imola set hostname MyRouter Command set hostname MyRouter not allowed for this user mario Imola su root Password root Imola set hostname MyRouter Setting hos...

Страница 28: ...s grant to operator set eth1 revoke to technician set isdn dialer ippp1 allow operator to configure the Ethernet port and denies technician the right to configure the ISDN dialer In order to eliminate...

Страница 29: ...r example by using set privilege level 3 set adsl it is specified that users which have received a 3 level of privilege can execute all the configuration commands of the ADSL interface In order to eli...

Страница 30: ...n occurs through the poor user telnet 10 10 113 1 Trying 10 10 113 1 Connected to 10 10 113 1 Escape character is IMOLA port 0 login poor Password TACACS Authentication OK Service Type is Login User P...

Страница 31: ...to the Tacacs server ACCESS VIA SSH The command set ssh2 enabled enables the access to the router via SSHv2 protocol As in the Telnet sessions the access is governed by the RADIUS or Tacacs servers i...

Страница 32: ...e commands the router reset itself to the factory configuration and the previous settings are lost REBOOT OF THE ROUTER The router can be rebooted using the command reboot After the reboot all the uns...

Страница 33: ...Accessing IMOLA USER GUIDE 33 syslog disabled ADSL disabled GPRS disabled Dynamic Routing and tunneling disabled...

Страница 34: ...ee different types of configuration current saved started The current configuration contains all the values set during configuration The saved configuration is that saved in Imola non volatile memory...

Страница 35: ...necessary to execute the save command and make the reboot of the router The command sync config allows to accommodate the router to a specific configuration The specific configuration can be a default...

Страница 36: ...int file the sintax is sync config checkpoint checkpoint name immediately sync config checkpoint checkpoint name in N seconds COMMAND LINE INTERFACE CLI GUIDE The Imola CLI has an online help which he...

Страница 37: ...la Figure 3 command line completion and listing of parameters by pressing the TAB key root Imola set eth1 set eth1 ipaddr Configure IP address set eth1 broadcast Confgure Broadcast Address set eth1 dh...

Страница 38: ...ew the password in encrypted form The original passwords are hidden from the user who is not authorized to know in this way they can be used to set up similar configurations on different routers This...

Страница 39: ...in pppuser crypted password 6XY4 Gzy Configuration of a RADIUS server set radius authhost 1 2 3 4 set radius secret 1 2 3 4 mypassword set radius on executing set crypted passwords on show config curr...

Страница 40: ...L VDSL2 port Gigabit Ethernet port 4 ports Fast Ethernet switch Wi Fi b g n ports FXO port 4 FXS ports 4 ISDN BRI ports V 35 interface expansion slot G SHDSL interface expansion slot while Imola 0760...

Страница 41: ...n Slow Blinking 1sec on 1sec off Activating the modem is waiting for the connection Fast Blinking 0 5s on 0 5s off Handshaking Fixed on The connection is active FXS interface 1 2 3 4 Green Fixed on Th...

Страница 42: ...is active GbE interface GbE Green Fixed on The connection is active Wi Fi interface Wi Fi Green Fixed on The connection is active FXS interface 1 2 3 4 Green Fixed on The port has been configured via...

Страница 43: ...command is set eth0 ipaddr 10 10 9 1 netmask 255 255 0 0 broadcast 10 10 255 255 It is possible to enable the dynamic NAT over all outbound packets from the interface using set eth0 masquerade You ca...

Страница 44: ...tmask For example in order to set or remove the alias with IP address 10 10 10 3 24 on the eth0 interface the following command can be used set alias eth0 ipaddr 10 10 10 3 netmask 255 255 255 0 set n...

Страница 45: ...the specific chapter DISPLAYING INTERFACE STATUS In order to display the configuration of an interface the following CLI command is used ifconfig eth0 which shows IP address Netmask Broadcast MAC add...

Страница 46: ...using the commands set trigger eth0 up action set trigger eth0 down action set trigger eth1 up action set trigger eth1 down action where action may be any CLI command supported by Imola A sequence of...

Страница 47: ...hecks or sets the status of the eth0 and eth1 Fast Ethernet interfaces and of the 5 interfaces of the integrated switch eth1 eth2 eth3 eth4 and eth5 The command is mostly used for evaluation purposes...

Страница 48: ...nal 1 Gigabit Ethernet port 1 Switch with 8 FE ports 1 ADSL VDSL port 1 Wi Fi port 1 Ethernet Power Supply PSE port The PSE port according to the IEEE 802 3af t has to its ends a supply voltage from 2...

Страница 49: ...h set eps0 masquerade If you want to limit the outgoing bandwidth to a maximum value by using set eps0 bandwidth N where N is expressed in Kbit s You can set an IPv6 address with set eps0 ipv6addr X X...

Страница 50: ...telephone number for outgoing calls login and password for authentication of outgoing calls login and password for authentication of incoming calls In order to make automatic outgoing calls an IP inte...

Страница 51: ...pp0 Current setup of interface ippp0 EAZ MSN Phone number s Outgoing 0125629552 Incoming Dial mode manual Secure off Callback off Reject before Callback off Callback delay 5 Dialmax 1 Hangup Timeout 6...

Страница 52: ...ap set isdn dialer ippp1 login user is used to configure the user which will be used for authentication during the connection to the telephone number set isdn dialer ippp1 ipaddr 1 1 1 1 nexthop 2 2 2...

Страница 53: ...no Default Route no Masquerade no ippp1 is not connected 9 ippp1 POINTOPOINT NOARP UP mtu 1500 qdisc pfifo_fast qlen 30 link ppp RX bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX bytes pack...

Страница 54: ...ivations 00000007 chan B2 deactivations 00000006 D frames rcvd 00000533 D frames sent 00000188 D rxowf 00000000 B1 frames rcvd 00000350 B1 frames sent 00000172 B1 rxowf 00000000 B2 frames rcvd 0000005...

Страница 55: ...follows root Imola show interface isdn dialer ippp1 statistics 19 ippp1 POINTOPOINT NOARP UP mtu 1500 qdisc pfifo_fast qlen 30 link ppp RX bytes packets errors dropped overrun mcast 311 22 0 0 0 0 TX...

Страница 56: ...er outgoing call number Sec Used line occupancy Setup Time duration setup time Term Cause disconnection cause code Txed Bytes Rxed Bytes transmitted and received bytes The value of the code shown in t...

Страница 57: ...the same order through which they were set For example the following commands set trigger isdn up ip route add 12 12 12 12 dev ippp1 set trigger isdn up logger r 10 10 1 212 ISDN is up set trigger isd...

Страница 58: ...from 85 34 166 18 icmp_seq 3 ttl 56 time 89 054 msec 64 bytes from 85 34 166 18 icmp_seq 4 ttl 56 time 82 312 msec 64 bytes from 85 34 166 18 icmp_seq 5 ttl 56 time 189 865 msec 64 bytes from 85 34 16...

Страница 59: ...ed in the following example set isdn traffic control input threshold 30000 set isdn traffic control output threshold 20000 set isdn traffic control mode or set isdn traffic control timer unit 10 set i...

Страница 60: ...1 p tcp dport 80 j QUEUE To activate the ISDN session only when you do a ping command from the router toward a host set isdn dial control on set iptables A OUTPUT o ippp1 p icmp d 10 10 10 10 j QUEUE...

Страница 61: ...T I 363 5 ITU T I 432 ITU T I 610 ITU T I 731 RFC 2684 former RFC 1483 Multiprotocol over ATM RFC 2364 PPP over ATM RFC 2516 PPP over Ethernet In Imola XX20 models the following standards are also su...

Страница 62: ...se according to the information received from the Service Provider the following commands could be used set adsl pvc atm0 atm7 ipaddr value set adsl pvc atm0 atm7 nexthop set adsl pvc atm0 atm7 netmas...

Страница 63: ...n You can set the router so that it can send the Loopback F4 F5 OAM cells on a particular PVC In case there is no reply the PVC is put on a down state set adsl pvc atm0 atm7 oma manage interval N It i...

Страница 64: ...w interface adsl statistics status For example the command show interface adsl status produces the following output root Imola show interface adsl status General Information FW Revision 0x061d 0x1235...

Страница 65: ...tus by sending an F5 OAM cell Here follows an example usage root TLC GTW oamping flow 5 vpi 8 vci 35 seq 0 response from vpi vci 8 35 time 28 0 ms seq 1 response from vpi vci 8 35 time 27 6 ms seq 2 r...

Страница 66: ...er adsl up action set trigger adsl down action where action can be any CLI command supported by Imola A sequence of actions is configured through a sequence of a commands set trigger adsl up action1 s...

Страница 67: ...DSL or Multimode physical connection type using set dsl line mode multimode VDSL ADSL In multimode the router is able to recognize the standard reference during the alignment phase and consequently to...

Страница 68: ...L configuration on those models that have ADSL interface only The ADSL mode supports up to 8 PVC Permanent Virtual Circuit and to configure them it can be used set ADSL pvc_number value To configure t...

Страница 69: ...n and password for the authentication set ADSL login value password value To configure the ATM type traffic set ADSL pvc atm0 atm7 service service type where service type take the values UBR CBR VBR e...

Страница 70: ...Paddr IP_address netmask netmask broadcast broadcast It is possible to set a IPv6 address by set vdsl0 IPv6addr X X X X M It is possible to set or to remove the DHCP Client service using set vdsl0 dhc...

Страница 71: ...to use the PPPoE protocol on the VDSL connection see the specific chapter to learn all of its commands DISPLAY It is possible to view the informations on the operative status of the ADSL VDSL connect...

Страница 72: ...count 0 0 CRC Slow count 0 1 Performance Counters Rx Tx Block Count Bearer 0 0 0 Block Count Bearer 1 2732066 9930 numReInit 0 numInitFailure 0 PowerOnNumReInit 0 FastLosShutDownCnt 0 NeLpr 0 Modem S...

Страница 73: ...rder to activate the SHDSL interface the command is set shdsl on In order to deactivate the SHDSL interface the command is set shdsl off In order to deactivate the SHDSL interface and disable the conf...

Страница 74: ...configure the encapsulation type the command is set shdsl pvc shdslX encap rfc1483 bridged rfc1483 llc In order to configure the PVC number and type the command is set shdsl pvc_number value set shdsl...

Страница 75: ...ATUS AND STATISTICS It is possible to display information about SHDSL configuration PVCs statistics and status of the SHDSL interface The command show interface shdsl statistics produces the following...

Страница 76: ...0 Modem Status DATA Mode for 10 hr 1 min 54 sec It is also possible to display OAM cells through the command show interface shdsl oam SHDSL LEDS MEANING In Imola4 routers the interface status is indi...

Страница 77: ...ip route add 12 12 12 12 dev atm0 set trigger shdsl up logger r 10 10 1 212 SHDSL is up set trigger shdsl down ip route del 12 12 12 12 dev atm0 set trigger shdsl down logger r 10 10 1 212 SHDSL is do...

Страница 78: ...Relay interface The command set no frame relay deactivates the Frame Relay interface and disables the configuration Before the activation of the Frame Relay interface it is necessary to execute some...

Страница 79: ...s not available set backup checking interface pvcX set trigger backup up cmdUp set trigger backup down cmdDown set backup on off where the cmdUp command will be executed when the backup is activated a...

Страница 80: ...1 1 Nexthop IP Address 1 1 1 2 Default Route on here yes Masquerade no DLCI 16 pvc0 Status active Last time pvc status changed 0 47 11 15 pvc0 POINTOPOINT UP mtu 1500 qdisc noqueue link dlci 00 10 pe...

Страница 81: ...t root Imola show interface frame relay status Mode V 35 Clock EXTERNAL Encoding NRZ Parity CRC16_PR1_CCITT Modem Status DTR active DSR active CTS active Data Reception Packets 55753 Bytes 9476470 Dro...

Страница 82: ...king the interface if there is no answer set pppofr lcp echo interval n set pppofr lcp echo failure n To turn on the service set pppofr on To turn off the service set pppofr off Displaying the interfa...

Страница 83: ...ppp13 set trigger pppofr up logger PPPoFR is up set trigger pppofr down ip route del 173 151 0 0 24 dev ppp13 set trigger pppofr down logger PPPoFR is down these commands send a SYSLOG message to not...

Страница 84: ...ure functions and values supplied by the Service Provider using the following CLI commands APN configuration set gprs apn value On router models 5xxx the protocol IPv6 is supported on the mobile netwo...

Страница 85: ...set the frequency of transmission of lcp echo request packets and the number of attempts before ending the GPRS interface It will be automatically re established It is also possible to negotiate DNS p...

Страница 86: ...rs selrat value where value can be 2G Only 3G Only 2G 3G Only LTE Only LTE Preferred 3G LTE 2G 3G LTE auto allows to specify the radio access technology Usually the value auto is used when you want to...

Страница 87: ...and the assigned name is pppX where X is an index which usually has value 0 ppp0 In the same way an ADSL connection with PPP over ATM encapsulation PPPoA is indicated by pppX The choice of the index...

Страница 88: ...576 Idle Timeout 3600 Masquerade yes Deflt Route yes The command show interface gprs status shows the status of the session The video output produced may change according to the access technology root...

Страница 89: ...hed LTE band B7 LTE bw 15 MHz LTE Rx chan 3175 LTE Tx chan 21175 EMM state Registered Normal Service EMM connection RRC Connected RSSI dBm 53 Tx Power 26 RSRP dBm 77 TAC 0BDF 3039 RSRQ dB 7 Cell ID 04...

Страница 90: ...Jan 1 04 47 38 localhost pppd 13380 Remote message TTP Com PPP Password Verified OK Jan 1 04 47 39 localhost pppd 13380 local IP address 217 201 192 147 Jan 1 04 47 39 localhost pppd 13380 remote IP a...

Страница 91: ...x0 auth chap MD5 magic 0x6d503910 sent LCP ConfAck id 0x0 asyncmap 0x0 auth chap MD5 magic 0x6d503910 rcvd LCP ConfAck id 0x1 mru 1476 asyncmap 0x0 magic 0xe2270bc4 pcomp sent LCP EchoReq id 0x0 magic...

Страница 92: ...mmands set trigger gprs up ip route add 12 12 12 12 dev ppp0 set trigger gprs up logger r 10 10 1 212 ADSL is up set trigger gprs up hello 85 34 166 18 514 set trigger gprs down ip route del 12 12 12...

Страница 93: ...S Traffic is too High set trigger gprs tc down logger h 192 168 2 1 GPRS Traffic is at normal rate set trigger gprs up set gprs traffic control on set trigger gprs down set gprs traffic control off Tr...

Страница 94: ...ive command can be used to send an ICMP request ping to the address associated with the GPRS interface In order to control the connection the command sends it at regular and configurable intervals set...

Страница 95: ...egative test the output is the following root IMOLA gprsping 85 34 166 150 Starting GPRS Ping This will take some time please wait PING 85 34 166 150 85 34 166 150 from 95 74 64 177 ppp9 56 84 bytes o...

Страница 96: ...ntains received and sent data since the router start up SMS HANDLING The package Tiesse SMS manages all the operations about the sending receiving of Short Text Messages by a router Tiesse equipped wi...

Страница 97: ...ter so that upon receipt of an SMS Tiesse CLI commands it also provides the same output of any response to the sender As an example suppose you have configured the SMS messaging with password TIESSE a...

Страница 98: ...ble the messaging service with the newly introduced parameter you should run the CLI command set sms on Once the service is properly set up and activated messages can be sent by the router using the c...

Страница 99: ...md send sms d 3933523054400 Customer Innocenti Lambrate MI TGU 0123111321 ROUTER JUST REBOOTED The messaging service offers an interface for reading SMS conventional messages by which is meant the who...

Страница 100: ...e IP address Using the following sequence of commands the hello message can be regularly sent set timer tick 600 set trigger timer tick hello 85 34 166 18 22000 The message is sent as a UDP packet If...

Страница 101: ...CGSM DS ES OK Displaying the network signal root IMOLA gprsat AT CSQ AT CSQ CSQ 6 0 OK The dBm signal is obtained through 2 CSQ 113 Checking available network providers root IMOLA gprsat at cops 9 AT...

Страница 102: ...r it is also available a specific seat for a second SIM externally accessible The internal SIM is the Primary SIM while the external SIM is the Secondary SIM Their usage is mutually exclusive and it i...

Страница 103: ...dress DOUBLE SIM APPLICATION ON A LTE NETWORK The following sequence of command shows how a typical use of a double SIM on a LTE network works set gprs primary apn myapnprimary xxx it set gprs login m...

Страница 104: ...up and in particular select the second SIM change the parameters and turn on the new connection The command set backup of the example above is well explained in the next chapters SIM UNLOCK The activ...

Страница 105: ...NG The command show interface gprs status gives information about the performance of the mobile session and it also displays the IMEI code associated with the modem and the IMSI code associated with t...

Страница 106: ...wifi no wlanx The service configuration is composed by radio and logical interface In the radio interface to select manually the channel use set wifi channel 1 11 To se the automatic selection of the...

Страница 107: ...ptions can be the address of the accounting server set wifi wlanX encryp wpa eap accthost ADDRESS the port of the accounting server default 1813 set wifi wlanX encryp wpa eap acctport NUMBER secret sh...

Страница 108: ...nX mac filter clean all mac On the wlanX interface you can configure the DHCP server using10 set dhcp server You can set the logging level of the Wi Fi module with set wifi wlanX debug level 1 2 3 4 5...

Страница 109: ...tmask netmask To specify the DNS servers that the client on the LAN must use the syntax is set hotspot dns address address with this command you can specify up to two DNS server address To allow the c...

Страница 110: ...the navigation To do so use To give authorization to the domains example huffingtonpost com tiesse com set hotspot uam allow domains string To give authorization certain hosts using IP address or hos...

Страница 111: ...nid macaddr ipaddr value hotspot logout sessionid macaddr ipaddr value where sessionid macaddr ipaddr can be read thanks to the command show hotspot users If you want to make the Hotspot service activ...

Страница 112: ...n thus established Conversely the data received on the TCP IP are unencapsulated and sent to the serial port it can work as a client in this case it is the router that establishes a TCP IP connection...

Страница 113: ...d to the first port those for the second are the same but instead of 0 tserv0 you have to write 1 tserv1 set tserv0 tty speed value sets the transmission speed on the serial port 2400 4800 9600 19200...

Страница 114: ...e serial port set tserv0 primary host ipaddr set tserv0 primary port port configures the IP address and the port of the primary host to which you connect and send the received data from the serial por...

Страница 115: ...tserv0 allows to view the current configuration Below you find as example the default configuration output set tserv0 primary host 127 0 0 1 set tserv0 primary port 8899 set tserv0 no secondary host s...

Страница 116: ...t iec101 0 station addr value configure the station address of the UP connected to the first serial port set iec101 0 speed value configures the speed on the first serial port The values from 2400 to...

Страница 117: ...mber of outstanding frame without confirmation Default value is 12 set iec104 on activates the application with the set parameters and to deactivate the application set iec104 off To display the curre...

Страница 118: ...ec104 logging 1 set iec104 dumping 0 set iec104 max sessions 1 set iec104 max buffer size 1024 set iec104 backlog 10 set iec104 idle timer 0 set iec104 t1 timer timer 15000 set iec104 t2 timer timer 1...

Страница 119: ...me interval in seconds of inactivity of the PPP connection if in this time interval no data is received or sent the PPP connection is shut down set ppp serial0 idle 0 set ppp serial0 rx idle value it...

Страница 120: ...with the name of the interface will be ppp1 for the first port MO and ppp2 for the second port M1 set ppp serial0 on activates the application with the set parameters To deactivate the application us...

Страница 121: ...r other uses The command set ttyaux raw port PORT configures a service that listens on the specified TCP port and transmits on the serial port in a transparent mode all characters received from the ne...

Страница 122: ...ork receives the data and send them to the serial port and viceversa The module manage also the data received in spontaneous mode from the serial port in this case if any TCP connections do not exist...

Страница 123: ...dumping these commands enable disable the log messages and the trace of the package sent or received from to the serial port The dumping must not ben used when in regime but onl for trouble shooting...

Страница 124: ...order to optimize the reception time set modbus no rtu parsing enables the transparent modality of the treatment of the answer from the RTU This is the default value set modbus on when the application...

Страница 125: ...ped characters ATDa b c d port prot The value of a b c d is a valid IP address port is a sequence of decimal number that identify the port The command opens a connection toward the specified address a...

Страница 126: ...sed to remotely access a router or a switch via console port linked to Levanto TRANSPARENT MODE To use this modality see below for the TCP serial port correspondence TCP port Serial port 20024 2 20025...

Страница 127: ...x remote port PORT If the command aren t available the characters will be rejected The active connection toward a remote host will be shut down after 120 seconds of inactivity the same will happen if...

Страница 128: ...v Code Point on a COS value Class of Service of 802 1p protocol set vlan vlan device map to cos cos dscp dscp_0 dscp_7 In order to cancel a VLAN the command is set vlan rem vlan device In order to rem...

Страница 129: ...ccess trunk or hybrid mode access mode identifies a port which receives and transmits packets without 802 1q tags allowing a system that is not able to operate in 802 1q to participate in a 802 1q VLA...

Страница 130: ...ity is disabled The command set switch port N crossover enables it again In order that the set configuration becomes operational the following command is necessary set switch on In order to remove the...

Страница 131: ...In255Octets 00000000 In511Octets 00000000 In1023Octets 00000000 InMaxOctets 00000000 Jabber 00000000 Oversize 00000000 InDiscards 00000000 Filtered 00000000 OutUnicasts 00000000 OutBroadcasts 0000000...

Страница 132: ...ion with Server set eth4 Any VLAN must be created on individual ports for example set vlan add vid 50 interface eth5 set vlan eth5 50 ipaddr 192 168 50 1 netmask 255 255 255 0 If you have a LAN Splitt...

Страница 133: ...br br0 set bridge addif br0 eth1 50 set bridge addif br0 eth2 50 set bridge br br0 description Bridge between eth1 and eth2 set bridge br br0 ipaddr 192 168 50 1 netmask 255 255 255 0 set bridge br br...

Страница 134: ...rt PortID mac 00 0d 5a ce fa f6 PortDescr eth5 PMD autoneg supported yes enabled yes Adv 10Base T HD yes FD yes Adv 100Base TX HD yes FD yes MAU oper type 100BaseTXFD 2 pair category 5 UTP full duplex...

Страница 135: ...set lan bonding bond0 miimon 100 set lan bonding bond0 primary eth1 set lan bonding bond0 slave eth2 set lan bonding bond0 on In the first example the packets are sent to both eth1 and eth2 ports acc...

Страница 136: ...et is not blocked even if the MAC address is different from the one that requested the authentication For example with set eth1 dot1x enable single mac set eth2 dot1x enable whole port on the eth1 por...

Страница 137: ...uthentication process are Tunnel Type VLAN Tunnel Medium Type IEEE 802 Tunnel Private Group Id 10 20 Below you can see a typical configuration set eth1 dot1x set eth1 on set eth2 dot1x set eth2 on set...

Страница 138: ...radius server add user vll password vll vlan id 10 set radius server on to the gmg user are associated the VLAN IDs 10 20 30 113 and 500 while to the user vll is associated the VLAN ID 10 If the authe...

Страница 139: ...x1 mode trunk To operate in trunk mode and accept the native frame use the command set switch port fx0 fx1 mode hybrid In this case you must specify the ids of VLANs enabled through the door set switc...

Страница 140: ...you have to build a VLAN on the switch interface with the same VLAN id in the following way set vlan add vid vid interface eth1 The command builds a VLAN device with notation eth1 vid which can be ass...

Страница 141: ...0 0 set shdsl on The two circuits correspond to the network interfaces named shdsl 835 and shdsl 836 By setting the commands set pvc bundle pvc0 shdsl 835 set pvc bundle pvc1 shdsl 836 set pvc bundle...

Страница 142: ...et pvc bundle ipaddr 192 168 1 2 set pvc bundle netmask 255 255 255 252 set iptables t mangle A PREROUTING p tcp dport 80 s 10 10 0 0 16 j MARK set mark 0x04 set iptables t mangle A PREROUTING p tcp d...

Страница 143: ...uerade set adsl pvc atm0 ipaddr 0 0 0 0 set adsl pvc atm1 encap rfc1483 llc set adsl pvc atm1 vpi 8 vci 36 set adsl pvc atm1 service UB set adsl pvc atm1 no default route set adsl pvc atm1 no masquera...

Страница 144: ...vc0 set pvc bundle pvc1 pvc1 set pvc bundle ipaddr 94 95 231 154 set pvc bundle netmask 255 255 255 252 set pvc bundle default route set pvc bundle on In order to add routes on bundle interface in add...

Страница 145: ...he redistribution of routes the routing table for the operations of Policy Based Routing see next paragraph The available options are tag N tag N distance N table N tag N distance N For example set ro...

Страница 146: ...oute In the default configuration the routes that are acquired via DHCP are set with an administrative distance of 180 The command set dhcpcd route opzioni allows to re configure the routing table cha...

Страница 147: ...layed using the following command show ip route For example root IMOLA show ip route Router show ip route Codes K kernel route C connected S static R RIP O OSPF B BGP selected route FIB route C 10 10...

Страница 148: ...efix 10 10 10 0 24 or the keyword any that mean any address or the keyword this that mean any address of the router itself PORT is a numeric number that identify UDP or TCP ports or a string that tell...

Страница 149: ...e packets marked with M value To mark the packets you can use the command set mark for example set mark 4 protocol tcp from 10 10 0 0 16 from any source port any to any dest port 80 out interface any...

Страница 150: ...order to display the status of the interface the command is show interface loopback For example root Imola show interface loopback 3 dummy0 BROADCAST NOARP UP mtu 1500 qdisc noqueue link ether 00 00 0...

Страница 151: ...the broadcast address Bcast the value of Maximum Transfer Unit MTU together with some flags indicating the status of the interface Up indicates that the interface is administratively active ifAdminSt...

Страница 152: ...over ATM encapsulation is root Imola ifconfig ppp0 ppp0 Link encap Point Point Protocol inet addr 82 54 202 150 P t P 192 168 100 1 Mask 255 255 255 255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU 1500...

Страница 153: ...ce dummy1 up up 10 10 1 7 32 eth0 up up 10 10 7 11 16 100 100 113 1 24 eth1 up up 192 168 22 254 24 eth1 10 up up 192 168 10 1 24 shows the alias 100 100 113 1 24 as a secondary address of the eth0 in...

Страница 154: ...tables providing correlation between IP addresses and physical addresses In order to operate on IPv6 elements addresses routes neighbour it is necessary to specify the 6 option For example ip 6 addr...

Страница 155: ...t qlen 30 link ppp inet 11 11 11 11 peer 22 22 22 22 32 scope global ippp1 The command ip route show displays the routing tables root Imola ip route show 10 8 0 2 dev tun0 proto kernel scope link src...

Страница 156: ...pecified address is already associated with another MAC address in that case you can replace it with ip neigh replace IPADDR lladdr xx xx xx xx xx xx dev ifname the above command adds the static entry...

Страница 157: ...ip interface brief show interface brief Interface Status Protocol IP Address s Description dummy0 up up 10 10 0 7 32 Loopback Interface dummy1 up up 10 10 1 7 32 eth0 up up 10 10 7 11 16 100 100 113 1...

Страница 158: ...are also useful to transfer certificates used by various service or for example to send log files to a remote system There are other two commands available telnet ssh they are used to access the rout...

Страница 159: ...ng 151 1 1 1 s 1472 M do Q 192 i 0 2 c 4 PING 151 1 1 1 151 1 1 1 from 85 34 166 22 1472 1500 bytes of data 1480 bytes from 151 1 1 1 icmp_seq 0 ttl 55 time 58 794 msec 1480 bytes from 151 1 1 1 icmp_...

Страница 160: ...1 1 1 all the packets excepting direct packets and those received from the 151 1 1 1 host tcpdump i eth0 host not 151 1 1 1 only packets received with source address 85 34 166 18 tcpdump i atm0 src ho...

Страница 161: ...to the host exactly as they were captured while TZSP indicated that the packets will be encapsulated in a UDP frame The TEE protocol can be used in case the host target is on the same LAN of the route...

Страница 162: ...0 overruns 0 collisions In order to interrupt the measuring the command is no load avg SET INTERFACE COMMAND The command set interface defines working parameters for a particular network interface Th...

Страница 163: ...nd is described in detail in the following chapter ACCESS LIST The list of rules for accepting or rejecting IP packets known as Access List and optionally make the logging can be activated with the co...

Страница 164: ...fy the network interfaces to which the access list have to be applied For example suppose to have a router where atm0 is the interface to the public network and eth0 to the internal one to allow the T...

Страница 165: ...a network prefix 10 10 10 0 24 or the keyword any to point any address or the keyword this to point any address of the router itself PORT is a numeric value that identify the UDP or TCP port or a str...

Страница 166: ...tocol PROT from ADDRESS to ADDRESS in interface INTF dest ip ADDRESS set dest nat protocol PROT from ADDRESS to ADDRESS in interface INTF dest subnet ADDRESS set dest nat protocol PROT from ADDRESS so...

Страница 167: ...th the IP recipient 8 1 10 2 the packets aimed to the 8 8 10 3 public address will be processed with the IP recipient 8 1 10 3 and so on To perform the NAT operation more selectively and modify for ex...

Страница 168: ...he network packets protocol IP address service etc e g p tcp dport 80 d 10 0 1 1 Each rule terminates with an indication target which indicates what to do with the packets identified e g j ACCEPT j DR...

Страница 169: ...D s 10 0 1 1 d 192 168 0 1 j ACCEPT In order to deny access to port 80 to the host with IP 10 0 1 2 the command is iptables I FORWARD p tcp dport 80 s 10 0 1 2 d 192 168 0 1 j DROP Rules are analysed...

Страница 170: ...ERADE Packets addressed to the sub network 192 168 1 0 24 have IP 172 16 1 1 while packets addressed to sub network 192 168 2 0 24 have IP 172 16 2 2 iptables t nat A POSTROUTING d 192 168 1 0 24 j SN...

Страница 171: ...y In order to set MSS to a value of 1400 iptables A FORWARD p tcp tcp flags SYN RST SYN j TCPMSS set mss 1400 In order to adapt the value of MSS to that of MTU iptables A FORWARD p TCP TCP flags SYN R...

Страница 172: ...l ports between 1 and 1024 dport port port The destination port or a range of destination ports For example 1 1024 all the ports between 1 and 1024 tcp flags flag Used to specify the presence of flags...

Страница 173: ...rough syslog and moves on through the chains Possible options are log level and log prefix j DNAT The destination IP of the packet is modified The target is used only in NAT table PREROUTING and OUTPU...

Страница 174: ...mple iptables j REJECT help iptables j TOS help iptables j DSCP help ADVANCED MATCH CRITERIA In addition to the previous criteria there are also very flexible and powerful extensions The following tab...

Страница 175: ...e in order to cancel received multicast packets iptables A INPUT m addrtype dst type MULTICAST j DROP m length It sets a filter on packet length by using the option length len1 len2 For example in ord...

Страница 176: ...ports to indicate both source and destination ports m nth It verifies the match every N packets for example iptables A FORWARD p icmp d 10 10 10 10 m nth every 3 j LOG every 3 consecutive matches a lo...

Страница 177: ...ce 23 s 10 10 1 1 j LOG log level notice iptables A INPUT p tcp dport 23 s 10 10 1 1 j DROP The first rule logs packets with facility notice coming from address 10 10 1 1 towards the Telnet port The s...

Страница 178: ...get prot opt in out source destination 86 3513 all eth0 any anywhere anywhere In order to reset the counters iptables Z In order to count all the packets addressed by the router to the IP address 10 1...

Страница 179: ...IP address and addressed to Imola redirected to IP address 192 168 0 2 iptables t nat A PREROUTING p tcp dport 7 j DNAT to 192 168 0 2 Traffic addressed to port 7 echo service coming from any IP addre...

Страница 180: ...guildwars h323 halflife2 deathmatch hddtemp hotline http http rtsp ident imap imesh ipp irc jabber kugoo live365 liveforspeed lpd mohaa msn filetransfer msnmessenger mute napste r nbns ncp netbios nn...

Страница 181: ...class BESTEFFORT bandwidth percent 100 set qos ext class BESTEFFORT filter priority 2 set qos ext on Another example of action block the e mail traffic set iptables A FORWARD m layer7 l7proto pop3 j...

Страница 182: ...until no more traffic about this connection appears When the entry changes status it is set to the default value Current status of the entry The internal status are slightly different from those used...

Страница 183: ...92 168 1 5 dst 192 168 1 35 sport 1031 dport 23 src 192 168 1 35 dst 192 168 1 5 sport 23 dport 1031 use 1 The status of established is reached when the final ACK arrives tcp 6 431999 ESTABLISHED src...

Страница 184: ...timeout_syn_sent Represents the time out bound to the SYN SENT state Default value is 120 seconds tcp_timeout_recv_sent Represents the time out associated with SYN RECEIVED State The default value is...

Страница 185: ...since they never establish connections However there are some types of packets which generate return packets and as a consequence they can take NEW and ESTABLISHED status For example the packets echo...

Страница 186: ...r active or passive When they are active the FTP client sends to the server a port and an IP address to connect to The FTP client then opens the port the server connects from a non privileged port cho...

Страница 187: ...the command set conntrack sip alg timeout SECONDS defines the timeout associated to the SIP protocol sessions Finally the command set conntrack generic timeout SECONDS defines the timeout associated...

Страница 188: ...nntrack snat show conntrack snat from ADDR show conntrack snat from ADDR1 to ADDR2 show conntrack snat proto PROT show conntrack snat proto PROTO from ADDR source port PORT to ADDR dest port PORT It i...

Страница 189: ...he source interface eth1 100 address 192 168 0 1 and will go toward the peer with address 192 168 0 2 via UDP port 3780 Multicast This modality allows two or more routers to keep up to date their conn...

Страница 190: ...et stfl nat primary and set stfl nat backup must be associated to some triggers on the up and down event of the VRRP module See the below example that clarifies better how to use the commands VRRP Mas...

Страница 191: ...t group 3781 mcast address 225 0 0 50 interface eth1 source 10 1 1 2 set stfl nat on The command show stfl nat status shows the connection state both the local router and the peer root IMOLA show stfl...

Страница 192: ...ddress 85 34 147 17 The default policy is to cancel packets iptables P INPUT DROP iptables P OUTPUT DROP iptables P FORWARD DROP Do not accept packets related to new sessions without SYN iptables A FO...

Страница 193: ...34 147 17 dport 80 j DNAT to 192 168 1 2 S NAT towards outside iptables t nat A POSTROUTING o atm0 s 192 168 0 0 24 j SNAT to source 85 34 147 18 iptables t nat A POSTROUTING o atm0 s 192 168 1 2 j SN...

Страница 194: ...ble the spoofing protection is set ifname reverse path filter where ifname can be one of the interfaces below set ethX reverse path filter set vlan ethX N reverse path filter set bridge br br0 reverse...

Страница 195: ...it assumes the role of Master In the same way if the master node receives some advertisements with a higher priority value than the one it owns it becomes a backup In order to configure the interface...

Страница 196: ...s used show vrrp which displays the following information root Imola show vrrp VRRP ID 11 on eth1 we are now the master router VRRP ID 11 Priority 100 Virtual IP s 10 10 10 10 Virtual MAC 00 00 5e 00...

Страница 197: ...priority 100 set vrrp 12 vipaddr 10 10 12 11 set vrrp on In this case if you want to use the triggers mechanism you have to use set trigger vrrp VRID up command set trigger vrrp VRID down command wher...

Страница 198: ...of VRRP groups For example the commands vrrpd i eth1 n v 12 p 120 12 12 1 1 vrrpd i eth1 n v 13 p 130 13 13 1 1 activate two VRRP services on the eth1 interface respectively with group 12 priority 12...

Страница 199: ...up configured using the command set vrrp The command show vrrp shows the status of all the active instances root MR IMOLA show vrrp VRRP ID 12 on eth0 30 we are now the master router VRRP ID 12 Priori...

Страница 200: ...URATION The RIP protocol includes a periodic announcement of networks directly connected with the router In order to configure the interface on which RIP announces will be sent the following command i...

Страница 201: ...filter or apply various actions to the received routes or the ones to be announced set rip redistribute connected route map subnet out subnet out is the name associated to the route map subnet out can...

Страница 202: ...h tag 1 65356 set rip route map rm name deny match interface word set rip route map rm name deny match ip address word set rip route map rm name deny match ip address prefix list word set rip route ma...

Страница 203: ...1 0 0 16 area 0 0 0 0 set ospf on In order to configure parameters related to a specific interface the command is set ospf interface ifname parameter value For example in order to set a cost and a pri...

Страница 204: ...set ospf area 0 4294967295 filter list prefix NAME in set ospf area 0 4294967295 filter list prefix NAME out set ospf redistribute kernel connected static rip bgp set ospf redistribute kernel connecte...

Страница 205: ...x list WORD deny permit A B C D M ge 0 32 le 0 32 set ospf ip prefix list WORD deny permit A B C D M le 0 32 set ospf ip prefix list WORD deny permit A B C D M le 0 32 ge 0 32 set ospf ip prefix list...

Страница 206: ...rip set bgp redistribute ospf set bgp neighbor peer remote as value set bgp neighbor peer ebgp multihop set bgp neighbor peer description set bgp neighbor peer version 4 set bgp neighbor peer next ho...

Страница 207: ...ttl 1 255 route map name permit deny seq set weight 0 4294967295 route map name permit deny seq match as path WORD route map name permit deny seq match community 1 99 100 500 WORD route map name permi...

Страница 208: ...nario without losing generality there are two routers A and PE connected to a WAN network The router called A is configured with following IP address loopback 172 20 1 221 LAN 10 45 15 192 27 The foll...

Страница 209: ...st reset never Next connect timer due in 74 seconds Read thread off Write thread off When the router connection has been established it displays BGP neighbor is 88 58 10 245 remote AS 3269 local AS 65...

Страница 210: ...1 32 0 0 0 0 0 32768 i Total number of prefixes 8 Where both announced and received routes from neighbor are displayed BGP routing table is displayed with the command show ip route bgp Codes K kernel...

Страница 211: ...269 65210 i 10 8 0 0 24 88 58 10 245 0 0 3269 3269 65210 i 10 10 0 0 16 88 58 10 245 0 0 3269 i 192 168 184 6 32 88 58 10 245 0 3269 65201 i Total number of prefixes 7 A complete configuration could b...

Страница 212: ...t i internal r RIB failure S Stale R Removed Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 0 0 0 0 88 58 10 245 0 3269 i 7 0 255 1 32 88 58 10 245 0 0 3269 3269 65210...

Страница 213: ...8 58 10 245 default originate Connected network redistribution with BGP By using the command set bgp network A B C D N or set bgp network A B C D N the network A B C D N will be announced in an indisc...

Страница 214: ...redistribution with BGP In the same way it is possible to configure BGP in order to announce routes towards which there is a static route set bgp local as 65201 set bgp neighbor 88 58 10 245 remote a...

Страница 215: ...es s suppressed d damped h history valid best i internal r RIB failure S Stale R Removed Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 10 45 15 192 27 88 58 10 246 1 3...

Страница 216: ...te FIB route O 10 45 15 192 27 110 10 is directly connected eth1 00 10 10 O 172 20 1 219 32 110 20 via 10 45 15 219 eth1 00 03 32 O 192 168 1 0 24 110 20 via 10 45 15 219 eth1 00 03 32 Now to the BGP...

Страница 217: ...9 32 88 58 10 246 20 32768 172 20 1 221 32 88 58 10 246 1 32768 192 168 1 0 88 58 10 246 20 32768 Total number of prefixes 6 If the connection with router 0 is interrupted the routes status becomes ro...

Страница 218: ...is directly connected eth0 00 13 32 O 172 20 1 219 32 110 10 is directly connected dummy0 00 22 01 O 192 168 1 0 24 110 10 is directly connected eth1 00 21 56 While there are two OSPF neighbor of the...

Страница 219: ...ia OSPF are tagged14 so BGP redistributes only not tagged OSPF routes The sequence of commands on router A is set bgp local as 65201 set bgp neighbor 88 58 10 245 remote as 3269 set bgp neighbor 88 58...

Страница 220: ...ap From B in set bgp neighbor 94 92 113 170 soft reconfiguration inbound set bgp neighbor 94 92 113 170 timers 60 180 set bgp neighbor 94 92 113 170 version 4 set bgp network 10 10 0 0 16 set bgp netw...

Страница 221: ...16 88 58 10 246 0 150 0 65201 172 20 1 219 32 88 58 10 246 20 150 0 65201 94 92 113 170 20 140 0 65201 172 20 1 221 32 88 58 10 246 1 150 0 65201 192 168 1 0 88 58 10 246 20 150 0 65201 94 92 113 170...

Страница 222: ...tive neighbor 94 92 113 170 advertisement interval 5 set bgp directive neighbor 94 92 113 170 default originate set bgp directive neighbor 94 92 113 170 remote as 65201 set bgp directive neighbor 94 9...

Страница 223: ...l r RIB failure S Stale R Removed Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 7 0 255 1 32 0 0 0 0 0 32768 3269 65210 i 7 0 255 2 32 0 0 0 0 0 32768 3269 65210 i 10...

Страница 224: ...oves it from the configuration PIM DENSE MODE protocol configuration The configuration of PIM protocol in dense mode includes the following commands set pim mode dense used to define the working mode...

Страница 225: ...es the value for Register Rate Limit The parameter can have a numeric value or infinity value set pim register source val It defines the IP address to be used as source for PIM Register messages set p...

Страница 226: ...default groups 232 0 0 0 8 MULTICAST SOURCE DISCOVERY PROTOCOL The Multicast Source Discovery MSDP allows two routers to connect by using the PIM active service so you can manage the RP redundancy To...

Страница 227: ...ted In order to specify the upstream interface the command is set igmp proxy upstream ifname In order to specify the downstream interface the command is set igmp proxy downstream ifname By using the c...

Страница 228: ...set igmp proxy downstream eth1 set igmp proxy on Multicast traffic comes from the tunnel tun0 with source 10 84 23 0 24 In addition to the network associated with the tunnel it is also rerouted on the...

Страница 229: ...n the established limit is reached With the option drop the route is not created There are commands useful to analyse and diagnose Multicast traffic The most useful are set multicast accept icmp echo...

Страница 230: ...gured it is possible to set the following parameters MTU Max Transfer Unit TTL Time to Live Multicast enable multicast transmission keep alive it is possible to enable keep alive functionality by conf...

Страница 231: ...GRE tunnel between the local GPRS interface and the remote host 89 119 108 108 it is possible to create the tgprs0 tunnel by using the following CLI commands set gre tunnel 0 name tgprs0 set gre tunne...

Страница 232: ...value of the physical interface and 24 is the overhead of the tunnel itself The value of the TTL field is set with the command set gre generic ttl N To avoid possible problems with routing protocols o...

Страница 233: ...v atm0 set trigger gre up ip route add 192 168 1 0 24 dev tunnel 0 set trigger gre down ip route del 192 168 1 0 24 dev tunnel 0 set trigger gre down ip route add 192 168 1 0 24 dev atm0 with which it...

Страница 234: ...nel 0 set gre tunnel 0 multicast set gre tunnel 0 ttl 64 set gre tunnel 0 tunnel source 217 201 121 1 set gre tunnel 0 tunnel destination 85 34 166 17 set gre tunnel 0 tunnel address 192 168 10 11 24...

Страница 235: ...HUB SPOKE SETTINGS WITH CON ENCRYPTED TRAFFIC The example below shows a Hub Spoke setting on a router Imola in the role of the Hub and two more Imola in the Spoke role The same argument is reopen in...

Страница 236: ...ocol 47 set ipsec phase2 TUN0 mode transport set ipsec phase2 TUN0 security esp set ipsec phase2 TUN0 level unique set ipsec pre shared key NHRPSPOKE tiesseadm set ipsec on SPOKE 1 set gre tunnel 0 na...

Страница 237: ...set gre tun0 tunnel destination 85 34 166 1 set gre tun0 tunnel address 172 16 66 2 24 set gre tun0 tunnel peer 172 16 66 254 24 set gre tun0 multicast set gre tun0 ttl 64 set gre tun0 on set nhrp in...

Страница 238: ...figuration of MPLS Label using the command set gre tun0 mpls LABEL VALUE or implicitly by the BGP protocol when it is received an announcement of a VPNv4 network that contains the value of the Route D...

Страница 239: ...ation parameter related to Phase I from those characteristics of Phase II In this way listings are much more synthetic and more comprehensible For example to configure the parameters referred to Phase...

Страница 240: ...on has been indicated with the string 3DES_MD5 to explicitly relate this parameter s group to a particular way to operate the VPN encryption An explanation of the most important commands shown in the...

Страница 241: ...CL_2 pfs group 2 set ipsec phase2 ACL_2 mode tunnel set ipsec phase2 ACL_2 security esp set ipsec phase2 ACL_2 level unique set ipsec phase2 ACL_2 local subnet 192 168 2 0 24 set ipsec phase2 ACL_2 lo...

Страница 242: ...k_Lan pfs group 5 set ipsec phase2 NewYork_Lan mode tunnel set ipsec phase2 NewYork_Lan security esp set ipsec phase2 NewYork_Lan level unique set ipsec phase2 NewYork_Lan local subnet 192 168 1 0 24...

Страница 243: ...uthentication algorithm hmac sha1 set ipsec phase2 3DES pfs group 2 set ipsec phase2 3DES lifetime 28800 sec set ipsec phase2 3DES mode tunnel set ipsec phase2 3DES security esp set ipsec phase2 3DES...

Страница 244: ...some important command lines set ipsec phase1 WARRIOR mode cfg tells to the client to adopt the configuration mode which determines a sort of auto configuration of the client based on the arrival of...

Страница 245: ...t ipsec phase1 PHASE_I xauth login use mac set ipsec phase1 PHASE_I proposal check obey set ipsec phase1 PHASE_I mode cfg set ipsec phase2 PHASE_II match phase1 WARRIOR set ipsec phase2 PHASE_II encry...

Страница 246: ...enerate locally its certificates and then apply for the registration to an external CA To do that use make and enroll cert CA IPAddress that creates a group of certificates locally then it connect to...

Страница 247: ...e2 NHRP mode tunnel set ipsec phase2 NHRP security esp set ipsec phase2 NHRP level unique set ipsec phase2 NHRP local subnet 1 1 1 1 32 set ipsec phase2 NHRP remote subnet 192 168 203 253 32 set ipsec...

Страница 248: ...set ipsec on Starting ipsec daemon done root IMOLA VPN connexion established To see all messages of activation from the logs it s necessary to launch their visualization immediately after giving the...

Страница 249: ...IMOLA racoon WARNING attribute has been modified Sep 2 18 49 42 IMOLA racoon INFO IPsec SA established ESP Tunnel 192 168 203 252 500 192 168 203 253 500 spi 158105024 0x96c7dc0 Sep 2 18 49 42 IMOLA...

Страница 250: ...urity Policy Index related to the incoming from 1 1 1 1 to 3 3 3 3 and outgoing from 3 3 3 3 to 1 1 1 1 traffic To show ISAKMP policies we can use the simple command root IMOLA show ipsec isakmp Desti...

Страница 251: ...0 s validtime 0 s spid 232 seq 22 pid 21170 refcnt 1 1 1 1 1 any 3 3 3 3 any 255 out prio def ipsec esp tunnel 192 168 203 252 192 168 203 253 require created Sep 2 18 48 48 2000 lastused Sep 2 19 05...

Страница 252: ...sed to specify the authentication key for activating the Tunnel set l2tp source ipaddr is used to specify the IP address with which to send the connection requests The default value is the one associa...

Страница 253: ...can be displayed with show interface l2tp that shows ppp13 Link encap Point to Point Protocol inet addr 13 13 0 2 P t P 13 13 0 1 Mask 255 255 255 255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU 1500 M...

Страница 254: ...4321 set l2tpv3 pseth0 remote cookie size 4 set l2tpv3 pseth0 local id 11 set l2tpv3 pseth0 remote id 22 set l2tpv3 pseth0 description Tunnel L2TPv3 Manual set l2tpv3 pseth0 on This activate an inform...

Страница 255: ...te L2TPv3 If it is necessary to have in the group of bridge more than two interfaces such as eth0 and eth1 you must use the command set bridge like in the following chapters To delete a tunnel configu...

Страница 256: ...ed by the peer itself TUNNEL SETTINGS IN VLAN MODE It is possible to set the tunnel L2TPv3 in VLAN mode and make possible that the packets on the tunnel have the TAG 802 1q To do so use the commands s...

Страница 257: ...In certain cases it could be useful to make communicate two devices using different VLAN Ids you do so with set l2tpv3 pseth0 force vlan id N this command allows the transmission on the tunnel of pack...

Страница 258: ...eth1 set bridge addbr br0 set bridge addif br0 eth1 30 set bridge addif br0 pseth0 30 set bridge br0 on L2TPV3 ON IPSEC ON LTE CONFIGURATION Like the GRE tunnels even the L2TPv3 tunnel can be configu...

Страница 259: ...e2 PHASE2 level unique set ipsec phase2 PHASE2 local subnet 2 2 2 2 32 set ipsec phase2 PHASE2 remote subnet 1 1 1 1 32 set ipsec pre shared key 85 34 166 20 set ipsec off set l2tpv3 pseth0 tunnel sou...

Страница 260: ...rm set tiesse esp 3des esp md5 hmac crypto dynamic map TIESSE 10 set transform set tiesse set pfs group5 set isakmp profile IMOLA match address 110 crypto map TIESSE 10 ipsec isakmp dynamic TIESSE int...

Страница 261: ...ns 1 PeerIP 7 10 100 100 State established Session LNS MyID 55811 AssignedID 32030 State established To manually stop a session root IMOLA admin l2tpv3 tunnel stop session tunnel MyID 14685 Session My...

Страница 262: ...o enable or disable a static default route on the PPP interface set pppoe default route set pppoe no default route To set the value of MTU Maximum Transmit Unit and MRU Maximum receie Unit of the PPP...

Страница 263: ...show interface pppoe the command then shows the information as displayed below ppp0 Link encap Point to Point Protocol inet addr 13 13 0 2 P t P 13 13 0 1 Mask 255 255 255 255 UP POINTOPOINT RUNNING...

Страница 264: ...route Configure this interface as default route description Configure description forward delay Configure forward delay time hello time Configure hello time ipaddr Configure ip address local proxy ar...

Страница 265: ...out the Spanning Tree protocol show interface bridge br0 stp br0 bridge id 8000 000d5a8ef905 designated root 8000 000d5a8ef905 root port 0 path cost 0 max age 20 00 bridge max age 20 00 hello time 2 0...

Страница 266: ...l port 4950 interface eth1 20 helper 88 1 1 2 set udp forwarding protocol port 4951 interface eth1 10 helper 88 1 1 3 The command set no udp forwarding protocol port 4950 interface eth1 20 stops the s...

Страница 267: ...ers must be previously enabled This module provides the commands start peppino stop peppino show pep status The command start peppino activates the Proxy module and starts to listien on the 5000 TCP p...

Страница 268: ...d 1 the session is authenticated via certificate if it is present and requested by the peer 2 a certificate is always requested 3 both router and peer certificates must be on the router itself the pee...

Страница 269: ...l cert download sni client stunnel pem from 10 10 100 10 via tftp ssl cert download sni 2 CAcert pem from 10 10 100 10 via tftp ssl cert download sni 2 client stunnel pem from 10 10 100 10 via tftp ss...

Страница 270: ...c secre used to set the pre shared password key for encryption set ezvpn id used to set the VPN group set ezvpn xauth username used to set the username for XAUTH authentication set ezvpn xauth passwor...

Страница 271: ...set ezvpn xauth username user01 SampleVPN set ezvpn xauth password 01password01 set ezvpn vendor netscreen set ezvpn no masquerade set ezvpn directive Logging set ezvpn on EZVPN TRIGGER CONFIGURATION...

Страница 272: ...cording to HTB Hierarchical Token Bucket while the default queuing behavior is FIFO First In First Out kind TRAFFIC POLICY CONFIGURATION It is necessary to configure a traffic policy first set qos ext...

Страница 273: ...to indicate an absolute value in Kbits set qos ext class name bandwidth value or a percentage of the total available bandwidth set qos ext class name bandwidth percent value It is possible to specify...

Страница 274: ...SFQ one but it is applied when the output interface is a GRE tunnel TRAFFIC CLASSIFICATION In order to assign traffic to a class one or more filters are defined by using the following command set qos...

Страница 275: ...possible to specify on which chain pre routing or post routing the traffic must be filtered set qos ext filter group name chain pre routing post routing output forward It is also necessary to specify...

Страница 276: ...d value of 2 set qos ext class name filter priority value TRAFFIC MARKING It is possible to set a value of DSCP of DSCP class or IP Precedence on all the packets which flow for a class In order to mar...

Страница 277: ...not present anymore starting from NOS X 4 0 8 version So it will just do to add the following directive to the configuration set qos ext on In order to deactivate QoS rules the command is set qos ext...

Страница 278: ...nt 1 protocol ip pref 1 fw handle 0x64 classid RT filter parent 1 protocol ip pref 2 fw filter parent 1 protocol ip pref 2 fw handle 0x12c classid DATA2 filter parent 1 protocol ip pref 2 fw handle 0x...

Страница 279: ...CP all any any anywhere anywhere MARK match 0x12c DSCP set 0x00 0 0 ACCEPT all any any anywhere anywhere MARK match 0x12c Chain INPUT policy ACCEPT 4792 packets 407K bytes pkts bytes target prot opt i...

Страница 280: ...with option which you have to specify when you configure a network interface For example set eth0 bandwidth N set eth1 10 bandwidth N set adsl pvc atm0 bandwidth N where N is a number in Kbit sec that...

Страница 281: ...ORT to ADDRESS dest port PORT out interface INTF in interface INTF where VAL is a numeric value from 1 to 65 that you must insert in the packet s DSCP field PROTOCOL tells the protocol used that can b...

Страница 282: ...o Tacacs Serve The use of accounting functions If they are enabled each command executed will be notified to the server e memorized by the server on its database The use of authorization functions If...

Страница 283: ...command set tacacs source 172 20 1 1 establishes that Tacacs packets originated by the router must be sent by using the value 172 20 1 1 as IP source It is also available set tacacs source loopback in...

Страница 284: ...g message sent to the server when there is the authentication Accounting start and a message is sent when the session ends Accounting stop The most important parts of the Start message are Name of the...

Страница 285: ...ver used For example user limited login cleartext limited service exec priv lvl 15 cmd set permit eth1 permit gprs apn permit isdn dialer ippp1 cmd ping permit cmd show deny interface deny ip bgp perm...

Страница 286: ...or rejected by TACACS limited IMOLA iptables A FORWARD i eth1 j DROP Command iptables A FORWARD i eth1 j DROP rejected by TACACS Allowed commands are executed without any problem limited IMOLA set gpr...

Страница 287: ...he authentication request before the authentication of a user is presented to the RADIUS Server It is also possible to send all the commands set on the configuration interface to the Account Server Au...

Страница 288: ...ndicates the reply timeout in seconds from the RADIUS Server set radius source 172 20 1 1 the RADIUS packets from the router will be sent by using the value 172 20 1 1 as IP source address It is also...

Страница 289: ...e where the value of the parameter community must be a string of ASCII characters the value of the parameter source is the IP address of the manager which can use this community and the value of the p...

Страница 290: ...poll frequency value set snmp trap retries value set snmp trap timeout value set snmp on For example the sequence of commands set snmp trap poll frequency 30 set snmp trap retries 5 set snmp trap time...

Страница 291: ...n mode through the command set snmp user priv username DES AES secret priv pass phrase where DES and AES are encryption protocols If the optional parameter secret is not specified the same authenticat...

Страница 292: ...set snmp trap retries 3 set snmp trap poll frequency 30 set snmp no trap isdn set snmp on In order to display the values of current SNMP configuration parameters the following CLI command is used sho...

Страница 293: ...ic input NB It does not perform packet inspection and is not a technology IDS IPS Target Some network anomalies are detectable by processing the data provided by Fprobe search results for pattern a ho...

Страница 294: ...he traffic set netflow interface IfName IP and collector Port server analyzing flows set netflow collector IP Collector port Port Port is optional if omit default value is 2055 Netflow version defines...

Страница 295: ...he command is show netflow And the output is NetFlow Statistics received 0 0 0 pending 0 0 ignored 0 lost 0 0 dropped 0 cache 0 0 emit 0 0 0 memory 10000 9900 640016 where we have received total packe...

Страница 296: ...gate ipaddr mask strip maskbit set ip accounting aggregate from port to port into port For example with set ip accounting aggregate 192 168 1 0 16 strip 24 set ip accounting aggregate 1024 65535 into...

Страница 297: ...77 54442 22000 17 eth0 87 9 217 153 85 34 166 18 1 77 54442 22000 17 atm0 223 149 223 225 85 34 166 19 1 40 2048 23 6 atm0 54 229 186 149 85 34 166 17 2 104 53907 22 6 eth0 54 229 186 149 85 34 166 17...

Страница 298: ...accounting data to a NetFlow collector To specify the IP address and the collector port use set ip accounting netflow export destination collector ip collector port to specify the Netflow protocol ve...

Страница 299: ...er of lines with the following command set log max lines value It is also possible to specify the log level with the command set log level value Log levels from 1 to 4 allow to display system messages...

Страница 300: ...activated by using the following CLI commands set log remote IP Addr set log level 4 set log on It is possible to specify additional servers to which send the logs using Show log If logging is active...

Страница 301: ...nd Jan 1 00 01 06 localhost kernel 0x00000000 0x00100000 kernel Jan 1 00 01 06 localhost kernel 0x00100000 0x00400000 initrd Jan 1 00 01 06 localhost kernel 0x00400000 0x01000000 user Jan 1 00 01 06 l...

Страница 302: ...stomdns dyndns org default no ip com default zoneedit com To set the DNS name associated with host set ddns alias dns name To configure the update period of the DNS set ddns update period value In ord...

Страница 303: ...at no keep alive will be activated default setting Valid values are between 0 and 1200 In order to remove a keepalive setting and go back to the default value the following command is used set dlsw lo...

Страница 304: ...ach saps value value The SAPs must be specified in hexadecimal notation and must be separated by a space All the information about accessibility is sent by the local DLSw to the remote partner during...

Страница 305: ...erational modes of the physical connection In order to set an encoding value different from the default one nrz the following command is used set cdn encoding nrz nrzi fm mark fm space manchester the...

Страница 306: ...sdlc binder addr address log off DISPLAYING DSLW CONFIGURATION STATUS AND STATISTICS It is possible to display the DSLW configuration from the current router configuration by using the command show co...

Страница 307: ...50 255 1 Vendor Id 00C DLSW version 1 DLSW release 0 init pacing window 20 tcp connections 1 supported saps all MAC Address exclusivity 1 MAC Address list 400016702000 ffffffffffff version string Cisc...

Страница 308: ...edgment 0 1 XIDFRAME XID frame 0 1 CONTACT contact remote station 1 0 CONTACTED remote station contacted 0 1 INFOFRAME information I frame 3 3 CAP_EXCHANGE capabilities exchange 2 2 Last SSP Received...

Страница 309: ...the DLSw connection between the two peers and verify the performance set dlsw local peer ipaddr 10 10 0 1 set dlsw remote peer ipaddr 10 160 1 1 set dlsw remote peer target mac 00 0A 0B 0C 0D 0E set d...

Страница 310: ...DLsw Host In order to display the circuits established the following command is used show dlsw circuits In order to display the messages exchanged by the DLSw the following command is used show dlsw...

Страница 311: ...set ntp source loopback To specify the NTP frequency request to the server set ntp interval N Using the command set ntp listen on local ip it becomes a NTP server for the specified subnet and distribu...

Страница 312: ...tion the following trigger should be programmed set trigger adsl up set ntp on It is possible to configure the service in order that it gives the date to possible clients requiring it The command is s...

Страница 313: ...dayofweek dow It configures cron policy to execute every day at the time hour minutes predefined only in the configured month every day if day of the week is not defined otherwise only for the config...

Страница 314: ...22th of April run DelRoute Commands to be run by Cron Policy DelRoute ip route del 1 1 1 1 dev eth1 ip route del 1 1 1 2 dev eth1 Commands to be run by Cron Policy AddRoute ip route add 1 1 1 1 dev et...

Страница 315: ...g to NMEA specifications latitude ddmm nnnnnN S longitude dddmm nnnnnE W where dd degrees mm minutes and mmmmm a tenth of minute A maximum of 63 geographical areas can be configured called area0 area1...

Страница 316: ...xecuted set no cps disables the georeference services and removes all the specified policies set cps no area N removes only the specified area For example set cps nmea source multicast 239 1 1 1 port...

Страница 317: ...command between lines For example set cps area 1 command out comando 1 set cps area 1 command out sleep 3 set cps area 1 command out comando 2 between command 1 and command 2 the router wait three se...

Страница 318: ...correct set cps area 1 latitude 4380 00000N longitude 01125 00000E radius 100 while set cps area 1 latitude 4380 00000N longitude 1125 00000E radius 100 Error Longitude must be XXXYY nnnnnE is wrong...

Страница 319: ...cp server name end address ip address At every request from the client the router chooses and assigns one address between start address and end address The period of validity of the address assigned t...

Страница 320: ...dhcp server name routes ipaddr ipaddr 33 set dhcp server name staticroutes subnet prefix ipaddr 121 set dhcp server name msstaticroutes subnet prefix ipaddr 249 For example to distribute static route...

Страница 321: ...ns off the dhcp server service relative to the name process Some commands are available to remove the previous set options set dhcp server name no router set dhcp server name no subnet set dhcp server...

Страница 322: ...ters XX is significant only at the end of the sequence This function is particularly useful when on the same network there are devices that need to receive different configurations for example when yo...

Страница 323: ...nd to select the traffic based on the phone s MAC address For example the following commands configure the process to ignore requests from the MAC address 02 60 8C 01 02 01 and 02 60 8C 01 02 02 and a...

Страница 324: ...as a released source IP address and as source MAC address the one of the PC that got that address To disable the antispoofing functions you must use set dhcp server vlan30 no antispoofing REDUNDANT DH...

Страница 325: ...t dhcp relay name in interface interface with this command you specify the local interface i e the one from which the client request come You can specify a list of interfaces separated by a comma For...

Страница 326: ...2 GMT 8 UTC GMT 11 GMT 6 GMT 10 GMT 3 GMT 9 Universal The correct time zone for Italy is GMT 1 during DST Daylight Saving Time and GMT 2 during GMT Standard Time Otherwise MET or CET Middle or Central...

Страница 327: ...sent itself to the Registration Server typically it is the router s public IP address set siproxy static registrar ipaddress use this command to specify the URL towards which the router must register...

Страница 328: ...on that is alternative to set siproxy on You can set which server SIP port the SIP ALG must manage default is 5060 For example set nat sip alg port list 5060 5076 manages the SIP UDP and TCP packages...

Страница 329: ...d in the registration phase The timings involved in the registration phase are Registration Refresh Time default is 3600 sec validity time of the current registration Register Expires Refresh Percent...

Страница 330: ...opensips1 registrar 10 3 10 110 set voip trunk sip opensips1 authentication password 1234 set voip trunk sip opensips1 enable yes set voip call mng inbound opensips in source trunk opensips1 destinati...

Страница 331: ...FXO port also to prevent a possible incoming call on that port This functionality is implemented in a transparent way to the user No commands that enables it are necessary Basic calls via ISDN ports...

Страница 332: ...f extensions associated with the GNR trunk If there is a match the trunk is identified to place the outgoing call In this manner it is possible to connect an ISDN PBX to any CPE s ports and to exit on...

Страница 333: ...e routed cyclically to one of the terminals belonging to Line Group Hunting scan This parameter can take the value oneshot or circular The value oneshot means that it will run a single cycle on all te...

Страница 334: ...te goofy set voip user terminal group pluto hunting mode ordered set voip user terminal group pluto hunting scan circular set voip user terminal group pluto timerprionoreplay 10 set voip user terminal...

Страница 335: ...pluto enable yes set voip call mng inbound opensip2pluto source trunk opensip destination pluto incoming number all number Regarding the creation of outbound rules which have Line Group as source ter...

Страница 336: ...55 255 0 set vlan eth1 4 ipaddr 192 168 4 1 netmask 255 255 255 0 set vlan eth1 10 ipaddr 192 168 10 1 netmask 255 255 255 0 it states that on port 1 of the switch can pass Ethernet packets containing...

Страница 337: ...fter the activation of the voip cdr on functionality show voip history last NUMBER full using last you can specify the number of lines of the CDR to be put to video root imola pbx show voip history fu...

Страница 338: ...fresh State Reg Time 10 3 10 110 5060 N 082310010 1184 Registered Fri 07 Jan 2000 01 56 09 1 SIP registrations root imola pbx Information on registration channel terminal codec extent and direction of...

Страница 339: ...DOWN L2 state tei 0 RELEASED Number of B channels 2 B1 alloc FREE state BC_UNINITIALIZED use count 0 sock 1 activated 0 mode TXRX off BC0 ridx 1 dropped 0 B2 alloc FREE state BC_UNINITIALIZED use coun...

Страница 340: ...kup Timer tick GPRS tc DHCP client OpenVPN IPSec For example the ADSL interface can be activated any time after the start up of Imola if the user wants to activate the bgp service when this interface...

Страница 341: ...address is available again the router comes back from the backup status by executing programmed actions for example set trigger backup off set rip off set trigger backup off set gprs off For example i...

Страница 342: ...set gprs traffic control on set trigger gprs off set gprs traffic control off In the example above traffic control begins with activation of the GPRS session and is deactivated when the session ends 1...

Страница 343: ...0 commands are executed CPU USAGE CONTROL The command cpustate mon periodically verifies the CPU occupancy and defines two thresholds When these two thresholds are reached they generate an event which...

Страница 344: ...ured by using the commands set backup check retries N set backup check wait T1 set backup check interval T2 The sequence of ICMP packets is still transmitted on the specified interface and the primary...

Страница 345: ...on is available as soon as a reply is received By using the command set backup check tos N it is possible to specify the value of the Type of service TOS field of transmitted packets 3 Periodic transm...

Страница 346: ...r if rx idle 1 1 1 1 via icmp through interface atm0 rx threshold 500 activates the transmission of ping packets if less than 500 characters have been received during the specified time interval 5 Ver...

Страница 347: ...sh eight other conditions by using the command following command This option is available from the firmware version x 3 0 set extbackup N the syntax is the same of set backup options excepting for the...

Страница 348: ...iated with the ppp0 interface of Imola and 3 3 3 2 is the nexthop the network accessible through the atm0 interface is ADSL the network accessible through the ppp0 interface is GPRS two hosts with add...

Страница 349: ...source port any to any dest port 8899 out interface any in interface any set route net 0 0 0 0 netmask 0 0 0 0 dev atm0 set route net 0 0 0 0 netmask 0 0 0 0 dev ppp0 table 2 set policy based routing...

Страница 350: ...eth1 set vlan add vid 836 interface eth1 set vlan eth1 835 ipaddr 192 168 35 1 netmask 255 255 255 0 set vlan eth1 835 description VLAN Cliente1 set vlan eth1 836 ipaddr 192 168 36 1 netmask 255 255...

Страница 351: ...6 lookup table 2 If you want to use the BGP routing protocol on one or both PVCs to acquire the routes in dynamic mode you have to add to the BGP configuration the information that the acquired routes...

Страница 352: ...ed from an ICMP echo request packet towards the address dst addr and optionally with source address src addr set rtr type udpEcho dst addr value dst port value src addr value src addr value It defines...

Страница 353: ...they have been inserted The command set rtr start time immediately activates the probe immediately set rtr start time in N It activates the probe within an interval of time not lower than N seconds It...

Страница 354: ...nning RTR Responder is not running IP SLA RESPONDER It is possible to configure the router in order to replies to probes received using the commands rtr responder local address local port where local...

Страница 355: ...stablish personalized checkpoint by using the command set checkpoint name where name is an alphanumeric string which identifies the checkpoint In order to restore the saved configuration the command i...

Страница 356: ...ds can be used show config current tmp imola cli txt upload command file tmp imola cli txt to 192 168 1 1 the first command creates the file tmp imola cli txt containing the router configuration and t...

Страница 357: ...Feb 27 11 33 23 CET 2007 Software updates consists in loading a new version of one of the present packages For example supposing that it is available version 1 1 2 more recent than the version instal...

Страница 358: ...tails see chapters about triggers configuration and backup status handling The following examples clarify the use of this these programmed automatic executions For example supposing that a GRE Tunnel...

Страница 359: ...saved set route host 1 2 3 4 dev atm0 There are different ways to add static routes For example set adsl pvc atm0 default route in this way a default route is activated on the atm0 interface Or set a...

Страница 360: ...INS IP ADDRESS it is better to use set dhcp server DHCP POOL NAME directive option wins IPADDR1 IPADDR2 Configuring the service for more than one DHCP POOL NAME it is possible to activate the multiple...

Страница 361: ...paddr 192 168 50 1 netmask 255 255 255 0 ADSL NAT WITH AN IP LAN CUSTOMER WITH PUBLIC AND PRIVATE IP In this chapter it is described a base configuration of the ADSL RFC 1483 interface with a NAT on t...

Страница 362: ...s on the interface eth0 In order to enable data exchange with the outside a NAT rule is set for packets from the private LAN set eth0 ipaddr PUBLIC IP netmask NETMASK IP PUBLIC set eth0 on set eth1 ip...

Страница 363: ...the eth0 interface To permit the data exchange with to outside a NAT rule is set for those packets coming from the private LAN set eth0 ipaddr PUBLIC IP netmask NETMASK IP PUBLIC set eth0 on set eth1...

Страница 364: ...TERNET NAVIGATION It is described here a base configuration of the GPRS interface with a public internet connection profile with the management IP on the eth0 interface and a private IP on the eth1 LA...

Страница 365: ...nagement IP address on the eth0 and a private IP on the eth1 LAN The private internal LAN connection with the Master in its center is being realized with a GRE tunnel keepAlive with a default route To...

Страница 366: ...namic mode and in CHAP or PAP mode If the RADIUS does not support only the PAP authentication and not the CHAP one then you need to add the following commands set gprs sgauth 1 set gprs directive refu...

Страница 367: ...et eth1 ipaddr PRIVATE IP netmask NETMASK IP set eth1 on set isdn dialer ippp1 eaz 999999 set isdn dialer ippp1 out number NUMBER TO DIAL set isdn dialer ippp1 login ISDN USER password ISDN PASSWORD s...

Страница 368: ...link a primary public ADSL with GPRS backup It is configured a private address on eth1 LAN and an IP address of the public addresses pool on the eth0 interface To allow the data exchange with the outs...

Страница 369: ...0 0 0 0 netmask 0 0 0 0 dev atm0 distance 10 set route net 0 0 0 0 netmask 0 0 0 0 dev ppp0 distance 5 set iptables t nat A POSTROUTING s PRIVATE LAN N o atm0 j SNAT to PUBLC IP set autocmd set backup...

Страница 370: ...0 0 0 0 netmask 0 0 0 0 dev ppp0 distance 5 set iptables t nat A POSTROUTING s 192 168 1 0 24 o atm0 j SNAT to 2 21 172 162 set autocmd set backup on set autocmd set gprs off ADSL WITH GPRS BACKUP WIT...

Страница 371: ...t backup check interval 30 set backup check retries 3 set backup check wait 5 set backup deactivate delay 30 set backup on set trigger backup up send sms d TEL NUMBER ADSL DOWN BACKUP ON set trigger b...

Страница 372: ...et adsl encap rfc1483 llc set adsl pvc number 1 set adsl pvc atm0 vpi 8 vci 35 set adsl pvc atm0 service UBR set adsl pvc atm0 pcr 0 set adsl pvc atm0 default route set adsl pvc atm0 no masquerade set...

Страница 373: ...ed to BE class to which is assigned the 100 of the remaining band set no qos ext set qos ext policy voip set qos ext policy voip interface atm0 set qos ext class RT set qos ext class RT policy voip se...

Страница 374: ...oip set qos ext class BE default set qos ext class BE bandwidth percent 100 set autocmd set qos ext on LOOPBACK CONFIGURATION set loopback 0 ipaddr ip address set loopback on SNMP CONFIGURATION set sn...

Страница 375: ...e a different port from the default ones using set radius authhost 192 168 1 1 1645 192 168 1 2 1645 set radius accthost 192 168 1 1 1646 192 168 1 2 1646 BANNER CONFIGURATION To set a system banner o...

Страница 376: ...t limitation in handling keyboard input concerning characters classified as special such as and these are prohibited To work around this restriction you can use these characters equally preparing its...

Отзывы:

Нет отзывов

Похожие инструкции для Imola 0220

Бренд: 3Com Страницы: 20

Бренд: Dahua Страницы: 6

Бренд: Lanner Страницы: 109

Sinus 154 data II

Бренд: T-COM Страницы: 12

Бренд: Thecus Страницы: 120

Бренд: Handicare Страницы: 60

Бренд: Zalip Страницы: 76

Бренд: Beckhoff Страницы: 84

Бренд: Wieland Страницы: 2

ForeFront 2616RC

Бренд: Patton electronics Страницы: 80

Бренд: MasterForce Страницы: 12

Бренд: Gigabyte Страницы: 10

PCNA EP OCe14102

Бренд: Fujitsu Страницы: 20

Бренд: Fujitsu Страницы: 34

BS2000 SE Series

Бренд: Fujitsu Страницы: 43

BS2000 SE Series

Бренд: Fujitsu Страницы: 93

Бренд: Fujitsu Страницы: 98

Eternus DX80 S2

Бренд: Fujitsu Страницы: 186

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды