manualshive.com logo in svg

virtual access GW6610, Руководство пользователя


Поделиться
Скачать
background image

26: Configuring IPSec 

_______________________________________________________________________________________________________ 

_____________________________________________________________________________________________________ 

© Virtual Access 2016 

GW6600 Series and GW6600V Series User Manual 

Issue: 1.5 

 

Page 257 of 384 

Web: ESP algorithm 
UCI: strongswan.@connection[X].esp 
Opt: esp 

Specifies the esp algorithm to use.  
The format is: encAlgo | authAlgo | DHGroup 
encAlgo:  
3des 
aes128 
aes256 
serpent 
twofish 
blowfish 
authAlgo:  
md5 
sha 
sha2 
DHGroup:  
modp1024 
modp1536 
modp2048 
modp3072 
modp4096 
modp6144 
modp8192 
For example, a valid encryption algorithm is:  

aes128-sha-modp1536. 
If no DH group is defined then PFS is disabled. 

Web: WAN Interface 
UCI: strongswan.@connection[X].waniface 
Opt: waniface 

This is a space separated list of the WAN interfaces the router 

will use to establish a tunnel with the secure gateway. 
On the web, a list of the interface names is automatically 

generated. If you want to specify more than one interface use 

the “custom” value. 
Example: If you have a 3G WAN interface called ‘wan and a 

WAN ADSL interface called ‘dsl’ and wanted to use one of 

these interfaces for this IPSec connection, you would use: 

‘wan adsl’. 

Web: IKE Life Time 
UCI: strongswan.@connection[X].ikelifetime 
Opt:ikelifetime 

Specifies how long the keyring channel of a connection 

(ISAKMP or IKE SA) should last before being renegotiated. 

3h 

 

Timespec  1d, 3h, 25m, 10s. 

 

Web: Key Life 
UCI: strongswan.@connection[X].keylife 
Opt: keylife 

Specifies how long a particular instance of a connection (a set 

of encryption/authentication keys for user packets) should 

last, from successful negotiation to expiry. 
Normally, the connection is renegotiated (via the keying 

channel) before it expires (see rekeymargin). 

1h 

 

Timespec  1d, 1h, 25m, 10s. 

 

Web: Rekey Margin 
UCI: 

strongswan.@connection[X].rekeymargin 
Opt: rekeymargin 

Specifies how long before connection expiry or keying-

channel expiry should attempt to negotiate a replacement 

begin. 
Relevant only locally, other end need not agree on it.  

9m 

 

Timespec  1d, 2h, 9m, 10s. 

 

Web: Keyring Tries 
UCI: strongswan.@connection[X].keyringtries 
Opt: keyringtries 

Specifies how many attempts (a positive integer or %forever) 

should be made to negotiate a connection, or a replacement 

for one, before giving up. The value %forever means 'never 

give up'. Relevant only locally, other end need not agree on 

it. 

Содержание GW6610

Страница 1: ...GW6600 Series and GW6600V Series User Manual Issue 1 5 Date 09 September 2016 ...

Страница 2: ...na 15 2 14 Connecting the WiFi antenna 15 2 15 Powering up 16 2 16 Reset button 16 3 GW6600 Series LED behaviour 17 3 1 Main LED behaviour 17 3 2 Ethernet port LED behaviour 19 4 Factory configuration extraction from SIM card 20 5 Accessing the router 21 5 1 Configuration packages used 21 5 2 Accessing the router over Ethernet using the web interface 21 5 3 Accessing the router over Ethernet using...

Страница 3: ... file structure 54 9 1 System information 54 9 2 Image files 55 9 3 Directory locations for UCI configuration files 55 9 4 Viewing and changing current configuration 56 9 5 Configuration file syntax 56 9 6 Managing configurations 57 9 7 Exporting a configuration file 57 9 8 Importing a configuration file 59 10 Using the Command Line Interface 61 10 1 Overview of some common commands 61 10 2 Using ...

Страница 4: ... an ADSL bridge connection with static IP 96 12 12 ADSL diagnostics 103 13 Configuring an Ethernet interface 106 13 1 Configuration packages used 106 13 2 Configuring an Ethernet interface using the web interface 106 13 3 Interface configuration using UCI 116 13 4 Configuring port maps 119 13 5 Port map packages 119 13 6 Interface diagnostics 121 14 Configuring SAToP and CESoPSN 123 14 1 What are ...

Страница 5: ... 18 5 Configuring VLAN using the UCI interface 171 19 Configuring static routes 172 19 1 Configuration package used 172 19 2 Configuring static routes using the web interface 172 19 3 Configuring IPv6 routes using the web interface 173 19 4 Configuring routes using command line 173 19 5 IPv4 routes using UCI 174 19 6 IPv4 routes using package options 175 19 7 IPv6 routes using UCI 175 19 8 IPv6 ro...

Страница 6: ... 1 Configuration package used 211 24 2 Configuring Multi WAN using the web interface 211 24 3 Multi WAN traffic rules 216 24 4 Configuring Multi WAN using UCI 216 24 5 Multi WAN diagnostics 217 25 Automatic operator selection 220 25 1 Configuration package used 220 25 2 Configuring automatic operator selection via the web interface 220 25 3 Configuring via UCI 240 25 4 Configuring no PMP roaming u...

Страница 7: ...rface via UCI interface 313 30 4 Configuring the modem as a dial in interface via UCI 314 31 Dynamic Multipoint Virtual Private Network DMVPN 317 31 1 Prerequisites for configuring DMVPN 317 31 2 Advantages of using DMVPN 317 31 3 DMVPN scenarios 318 31 4 Configuration packages used 320 31 5 Configuring DMVPN using the web interface 320 31 6 DMVPN diagnostics 322 32 Configuring Terminal Server 325...

Страница 8: ... event system 351 35 3 Supported events 351 35 4 Supported targets 352 35 5 Supported connection testers 352 35 6 Configuring the event system using the web interface 352 35 7 Configuring the event system using UCI 352 35 8 Event system diagnostics 362 36 Configuring SLA reporting on Monitor 369 36 1 Introduction 369 36 2 Configuring SLA reporting 369 36 3 Configuring router upload protocol 370 36...

Страница 9: ...hs and incorporate optional 802 11n WiFi connectivity 1 1 Document scope This document covers the following GW6600 Series models GW6600 Series Model ADSL2 ETH WiFi 3G HSPA 4G LTE CDMA 450 Dual SIM V 92 Modem Analog Leased Line ISDN BRI GW6610 1 4 Opt Opt Opt GW6611W 1 4 1 Opt Opt Opt GW6630 1 4 yes yes Opt Opt Opt GW6630W 1 4 1 yes yes Opt Opt Opt GW6640 1 4 yes yes yes Opt Opt Opt GW6640W 1 4 1 y...

Страница 10: ...mn The default value is shown in a grey cell Values for enabling and disabling a feature are varied throughout the web interface for example 1 0 Yes No True False check uncheck a radio button In the table descriptions we use 0 to denote Disable and 1 to denote Enable Some configuration sections can be defined more than once An example of this is the routing table where multiple routes can exist an...

Страница 11: ...SN in syslog The following levels are available 0 Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 Notice 6 Informational 7 Debug Web Agent Address UCI snmpd agent 0 agentaddress Opt agentaddress Specifies the address es and port s on which the agent should listen udp tcp port address Table 1 Example of an information table 1 2 2 Definitions Throughout the document we use the host name VA_router t...

Страница 12: ...W6612 1 4 opt opt yes GW6630 1 4 opt yes yes opt GW6631 1 4 opt yes yes yes opt GW6632 1 4 opt yes yes opt yes GW6640 1 4 opt yes yes opt GW6641 1 4 opt yes yes yes opt GW6642 1 4 opt yes yes opt yes GW6650 1 4 opt yes opt 2 1 2 GW6600V Series router model variants Model VDSL ADSL2 Eth WiFi 3G HSPA 4G LTE CDMA 450 Dual SIM V92 Modem ALL ISDN BRI GW6610V 1 4 opt opt yes GW6640V 1 4 opt opt yes yes ...

Страница 13: ... 4 Power supply The GW6600 Series and GW6600V Series router has three power supply options 100V 240V AC PSU standard 100V 240V AC PSU with extended temperature support 20 C to 70 C 10V 30V DC power lead 2 5 Dimensions Unit size 225W 158D 37H mm Unit weight 916g 2 6 Compliance The GW6600 Series and GW6600V Series routers are compliant and tested to the following standards Safety EN60950 1 2006 A12 ...

Страница 14: ...al web server that you use for configurations Before you can access the internal web server and start the configuration ensure the components are correctly connected and that your PC has the correct networking setup All GW6600 Series routers come with the following components as standard 1 x GW6600 Series router models vary 1 x Ethernet cable RJ45 to RJ45 yellow 1 x ADSL cable RJ11 to RJ11 purple ...

Страница 15: ...unit is powered off Hold the SIM 1 card with the chip side facing down and the cut corner front left Gently push the SIM card into the upper SIM slot 1 until it clicks in If using SIM 2 hold the SIM with the chip side facing down and the cut corner front left Gently push the SIM card into the lower SIM slot 2 until it clicks in 2 11 Connecting the SIM lock Connect the SIM lock using the Allen key ...

Страница 16: ...et button is used to request a system reset When you press the reset button all LEDs turn on simultaneously The length of time you hold the reset button will determine its behaviour Press Duration Behaviour Less than 2 seconds Normal reset Between 2 and 15 seconds The router resets to factory configuration Between 20 seconds and 30 seconds Recovery mode Over 30 seconds Normal reset 2 16 1 Recovery...

Страница 17: ...ower LED flashes Other LEDs display different diagnostic patterns during boot up Booting is complete when the power LED stops flashing and stays on steady Power LED On Power Off No power boot loader does not exist Config LED On Unit running a valid configuration file Flashing slowly Unit running in recovery mode 2 5 flashes per second Flashing quickly Unit running in factory configuration 5 flashe...

Страница 18: ...variations for dial modem ALL and ISDN Applies to GW6631 GW6641 and GW6640V models V 92 SYN LED Off Not connected On Connection established Flashing Modem training V 92 DAT LED Off No data transmit Flashing Transmit data Table 5 V 92 LED behaviour descriptions Applies to the GW6610 ALL model ALL SYN LED On CESoP enabled Off CESoP disabled ALL DAT LED On Receive data Off No data received Table 6 AL...

Страница 19: ...rt LED behaviour The Ethernet port has two LEDs a LINK LED green and an ACT LED amber When looking at the port the LED on the left hand side is the LINK LED and the ACT LED is on the right hand side Figure 3 Ethernet LED activity Link LED green Off No physical Ethernet link detected On Physical Ethernet link detected Flashing Data is being transmitted or received over the link Speed LED amber Off ...

Страница 20: ... of a router when installing the SIM 1 Make sure the SIM card you are inserting has the required configuration written on it 2 Ensure the router is powered off 3 Hold the SIM 1 card with the chip side facing down and the cut corner front left 4 Gently push the SIM card into SIM slot 1 until it clicks in 5 Power up the router Depending on the model the power LED and or the configuration LED flash a...

Страница 21: ...er over Ethernet using the web interface DHCP is disabled by default so if you do not receive an IP address via DHCP assign a static IP to the PC that will be connected to the router PC IP address 192 168 100 100 Network mask 255 255 255 0 Default gateway 192 168 100 1 Assuming that the PC is connected to Port A on the router in your internet browser type in the default local IP address 192 168 10...

Страница 22: ...t an SSH client and connect to the router s management IP address on port 22 192 168 100 1 24 On the first connection you may be asked to confirm that you trust the host Figure 5 Confirming trust of the routers public key over SSH Figure 6 SSH CLI logon screen In the SSH CLI logon screen enter the default username and password Username root Password admin 5 3 1 SCP Secure Copy Protocol As part of ...

Страница 23: ...ot VA_router reboot f To re enable SSH enter root VA_router etc init d dropbear enable root VA_router reboot f Note As SSH is enabled by default initial connection to the router to enable Telnet must be established over SSH 5 5 Configuring the password 5 5 1 Configuration packages used Package Sections system main 5 6 Configuring the password using the web interface To change your password in the ...

Страница 24: ...password 1 jRX x8A U5kLCMpi9dcahRhOl7eZV1 If changing the password via the UCI enter the new password in plain text using the password option root VA_router uci system main password newpassword root VA_router uci commit The new password will take effect after reboot and will now be displayed in encrypted format via the hashpassword option 5 8 Configuring the password using package options The root...

Страница 25: ...C config pam_auth option enabled yes option pamservice login option pammodule auth option pamcontrol sufficient option type radius option servers 192 168 0 1 3333 test 20 192 168 2 5 secret 10 config pam_auth option enabled yes option pamservice sshd option pammodule auth option pamcontrol sufficient it checks package management_users option type radius option servers 192 168 0 1 3333 test 20 192 ...

Страница 26: ...ser defined in package management_users Required If either authentication fails or RADIUS server is not reachable then user is not allowed to access the router success done new_authtok_reqd done authinfo_unavail ignore default die Local database is only checked if RADIUS server is not reachable UCI system pam_auth 0 pammodule auth Opt pammodule Enables user authentication UCI system pam_auth 0 typ...

Страница 27: ...option pamcontrol sufficient option type tacplus option servers 192 168 0 1 49 secret option args service ppp config pam_auth option enabled yes option pamservice sshd option pammodule session option pamcontrol sufficient option type tacplus option servers 192 168 0 1 49 secret option args service ppp config pam_auth option enabled yes option pamservice luci option pammodule auth option pamcontrol...

Страница 28: ...tion args service ppp config pam_auth option enabled yes option pamservice login option pammodule auth option pamcontrol sufficient option type tacplus option servers 192 168 0 1 49 secret config pam_auth option enabled yes option pamservice login option pammodule account option pamcontrol sufficient option type tacplus option servers 192 168 0 1 49 secret option args service ppp config pam_auth o...

Страница 29: ...uthtok_reqd done authinfo_unavail ignore default die Local database is only checked if TACACS server is not reachable UCI system pam_auth 0 pammodule auth Opt pammodule Selects which TACACS module this part of configuration relates to auth auth module provides the actual authentication and sets credentials account account module checks to make sure that access is allowed for the user session sessi...

Страница 30: ..._________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 30 of 384 5 11 1 Configuration packages used Package Sections dropbear dropbear 5 11 2 SSH access using the web interface In the top menu click System Administration The Administration page appears Scroll down to the SSH Access section Figure 8 The SSH access section ...

Страница 31: ...word UCI dropbear dropbear 0 RootPasswordAuth Opt RootPasswordAuth Allows the root user to login with password 0 Disabled 1 Enabled Web Gateway ports UCI dropbear dropbear 0 GatewayPorts Opt GatewayPorts Allows remote hosts to connect to local SSH forwarded ports 0 Disabled 1 Enabled Web Idle Session Timeout UCI dropbear dropbear 0 IdleTimeout Opt IdleTimeout Defines the idle period where remote s...

Страница 32: ...ain information about the key its owner s ID and the digital signature of an individual that has verified the content of the certificate In asymmetric cryptography public keys are announced to the public and a different private key is kept by the receiver The public key is used to encrypt the message and the private key is used to decrypt it To access certs and private keys in the top menu click S...

Страница 33: ... the behaviour of the server and default values for certificates generated for SSL operation uhttpd supports multiple instances that is multiple listen ports each with its own document root and other features as well as cgi and lua There are two sections defined Main this uHTTPd section contains general server settings Cert this section defines the default values for SSL certificates 5 14 1 Config...

Страница 34: ...quests 0 0 0 0 80 Bind at port 80 only on IPv4 interfaces 80 Bind at port 80 only on IPv6 interfaces Range IP address and or port Web Secure Listen Address and Port UCI uhttpd main listen_https Opt list listen_https Specifies the ports and address to listen on for encrypted HTTPS access The format is the same as listen_http 0 0 0 0 443 Bind at port 443 only 443 Range IP address and or port Web Hom...

Страница 35: ...it time for CGI or lua requests in seconds Requested executables are terminated if no output was generated 60 Range Web Network timeout UCI uhttpd main network_timeout Opt network_timeout Maximum wait time for network activity Requested executables are terminated and connection is shut down if no network activity occured for the specified number of seconds 30 Range Web N A UCI uhttpd main realm Op...

Страница 36: ... uhttpd may exist The init script will launch one webserver instance per section A standard uhttpd configuration is shown below root VA_router uci show uhttpd uhttpd main uhttpd uhttpd main listen_http 0 0 0 0 80 uhttpd main listen_https 0 0 0 0 443 uhttpd main home www uhttpd main rfc1918_filter 1 uhttpd main cert etc uhttpd crt uhttpd main key etc uhttpd key uhttpd main cgi_prefix cgi bin uhttpd...

Страница 37: ...s Web Field UCI Package Option Description Web Days UCI uhttpd px5g days Opt days Validity time of the generated certificates in days 730 Range Web Bits UCI uhttpd px5g bits Opt bits Size of the generated RSA key in bits 1024 Range Web Country UCI uhttpd px5g country Opt country ISO code of the certificate issuer Web State UCI uhttpd px5g state Opt state State of the certificate issuer Web Locatio...

Страница 38: ...n state Dublin option location Dublin option commonname 00E0C8000000 5 15 Basic authentication httpd conf For backward compatibility reasons uhttpd uses the file etc httpd conf to define authentication areas and the associated usernames and passwords This configuration file is not in UCI format Authentication realms are defined in the format prefix username password with one entry and a line break...

Страница 39: ...84 5 16 Securing uhttpd By default uhttpd binds to 0 0 0 0 which also includes the WAN port of your router To bind uhttpd to the LAN port only you have to change the listen_http and listen_https options to your LAN IP address To get your current LAN IP address enter uci get network lan ipaddr Then modify the configuration appropriately uci set uhttpd main listen_http 192 168 1 1 80 uci set uhttpd ...

Страница 40: ...and whenever the IP address changes the client notifies the DNS provider to update the corresponding domain name When the DNS provider responds to queries for the domain name it sets a low lifetime typically a minute or two at most on the response so that it is not cached Updates to the domain name are thus visible throughout the whole Internet with little delay Note most providers impose restrict...

Страница 41: ...ate URL UCI ddns name update_url Opt update_url Defines the customer DNS provider Displayed when the service is set to custom in the web UI Web Hostname UCI ddns name domain Opt domain Defines the fully qualified domain name associated with this entry This is the name to update with the new IP address as needed Web Username UCI ddns name username Opt username Defines the user name to use for authe...

Страница 42: ...ith check_unit 10 Range Web Check time unit UCI ddns name check_unit Opt check_unit Defines the time unit to use for check for an IP change Used in conjunction with check_interval minutes hours Web Force update every UCI ddns name force_interval Opt force_interval Defines how often to force an IP update to the provider Used in conjunction with force_unit 72 Disabled Range Enabled Web Force time un...

Страница 43: ...Page 43 of 384 ddns ddns1 check_unit minutes ddns ddns1 force_interval 72 ddns ddns1 force_unit hours ddns ddns1 interface dsl0 Package options for DDNS root VA_router uci export ddns package ddns config service ddns1 option enabled 1 option service_name dyndns org option domain fqdn_of_interface option username test option password test option ip_source network option ip_network dsl0 option check...

Страница 44: ...Telnet or SSH session Note this document shows no host name in screen grabs Throughout the document we use the host name VA_router The system configuration contains a logging section for the configuration of a Syslog client 7 1 Configuration package used Package Sections system main timeserver 7 2 Configuring system properties To set your system properties in the top menu click System There are fo...

Страница 45: ... Web Timezone UCI system main timezone Opt timezone Specifies the time zone that the date and time should be rendered in by default Web n a UCI system main timezone Opt time_save_interval_min Defines the interval in minutes to store the local time for use on next reboot 10m Table 13 Information table for general settings section 7 2 2 Logging Figure 16 The logging section in system properties Web ...

Страница 46: ...g May indicate that an error will occur if action is not taken 5 Error Error conditions 4 Critical Critical conditions 3 Alert Should be addressed immediately 2 Emergency System is unusable 1 Web Cron Log Level UCI system main cronloglevel Opt cronloglevel Sets the maximum log level for kernel messages to be logged to the console Only messages with a level lower or level equal to the configured le...

Страница 47: ...ilt in NTP Server UCI system ntp Opt config timeserver Enables NTP server Web NTP update interval UCI system ntp interval_hours Opt interval_hours Specifies interval of NTP requests in hours Default value set to auto auto Range auto 1 23 Web NTP server candidates UCI system ntp server Opt list server Defines the list of NTP servers to poll the time from If the list is empty the built in NTP daemon...

Страница 48: ...7 3 System settings using UCI root VA_router uci show system system main system system main hostname VA_router system main timezone UTC system main log_ip 1 1 1 1 system main log_port 514 system main conloglevel 8 system main cronloglevel 8 system ntp interval_hours auto system ntp server 0 VA_router pool ntp org 10 10 10 10 System settings using package options root VA_router uci export system pa...

Страница 49: ...he system log use root VA_router logread Shows the log root VA_router logread tail Shows end of the log root VA_router logread more Shows the log page by page root VA_router logread f Shows the log on an ongoing basis To stop this option press ctrl c root VA_router logread f Shows the log on an ongoing basis while in the background This allows you to run other commands while still tracing the even...

Страница 50: ...me UTC option timezone GMT0 option conloglevel 8 option cronloglevel 8 option time_save_interval_hour 10 option log_hostname serial option log_ip 1 1 1 1 option log_port 514 option log_file root syslog messages option log_size 400 option log_type file The above commands will take effect after a reboot root VA_router cat root syslog messages Shows all the system events stored in flash root VA_route...

Страница 51: ...age 51 of 384 8 Upgrading router firmware 8 1 Upgrading firmware using the web interface Copy the new firmware issued by Virtual Access to a PC connected to the router In the top menu select System tab Backup Flash Firmware The Flash operations page appears Figure 20 The flash operations page Under Flash new firmware image click Choose File or Browse Note the button will vary depending on the brow...

Страница 52: ...GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 52 of 384 Figure 21 The flash firmware verify page Click Proceed The System Flashing page appears Figure 22 The system flashing page When the waiting for router icon disappears the upgrade is complete and the login homepage appears To verify that the router has been upgraded successfully click Status in the top menu The Firmware Version s...

Страница 53: ...sername and password To change into the temp folder enter cd tmp To connect to your TFTP server enter atftp x x x x where x x x x is the IP of your PC Press Enter While in the TFTP application to get the image enter get GIG 15 00 38 image Note this is an example substitute the correct file name When the image has downloaded to leave TFPT and get back into the command line enter quit To write the i...

Страница 54: ...er using the router s web and command line CLI When showing examples of the command line interface we use the host name VA_router to indicate the system prompt For example the table below displays what the user should see when entering the command to show the current configuration in use on the router root VA_router va_config sh 9 1 System information General information about software and configu...

Страница 55: ... special image name altimage exists which always points to the image that is not running The firmware upgrade system always downloads firmware to altimage 9 3 Directory locations for UCI configuration files Router configurations files are stored in folders on etc factconf etc config1 and etc config2 Multiple configuration files exist in each folder Each configuration file contains configuration pa...

Страница 56: ...file package example config example test option string some value option boolean 1 list collection first item list collection second item The config example test statement defines the start of a section with the type example and the name test Command Target Description export config Exports the configuration in a machine readable format It is used internally to evaluate configuration files as shel...

Страница 57: ...e the contents of the current folder enter root VA_router etc config1 rm f Warning the above command makes irreversible changes To remove the contents of a specific folder regardless of the current folder config2 enter root VA_router rm f etc config1 Warning the above command makes irreversible changes To copy the contents of one folder into another config2 into config1 enter root VA_router etc co...

Страница 58: ... 5 Page 58 of 384 Figure 25 The flash operations page In the Backup Restore section select Generate Archive 9 7 2 Exporting a configuration file using UCI You can view any configuration file segment using UCI To export the running configuration file enter root VA_router uci export To export the factory configuration file enter root VA_router uci c etc factconf export To export config1 or config2 c...

Страница 59: ...iguration file using the web interface You can import a configuration file to the alternate configuration segment using the web interface This will automatically reboot the router into this configuration file In the top menu select System Backup Flash Firmware The Flash operations page appears Figure 26 The flash operations page Under Backup Restore choose Restore Backup Choose file Select the app...

Страница 60: ...___________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 60 of 384 9 8 2 Importing a configuration file using uci You can import a configuration file to any file segment using UCI To import to config1 enter root VA_router uci c etc config1 import paste in config file CTRL D Note it is very important that the config file is in the correct format otherwise it will ...

Страница 61: ...VA_router uci set system main password root VA_router uci commit system To reboot the system enter root VA_router reboot The system provides a Unix like command line Common Unix commands are available such as ls cd cat top grep tail head more and less Typical pipe and redirect operators are also available such as The system log can be viewed using any of the following commands root VA_router logre...

Страница 62: ...s in the current folder enter root VA_router ls bin etc lib opt sbin usr bkrepos home linuxrc proc sys var dev init mnt root tmp www For more details add the l argument root VA_router ls l drwxrwxr x 2 root root 642 Jul 16 2012 bin drwxr xr x 5 root root 1020 Jul 4 01 27 dev drwxrwxr x 1 root root 0 Jul 3 18 41 etc drwxr xr x 1 root root 0 Jul 9 2012 lib drwxr xr x 2 root root 3 Jul 16 2012 mnt dr...

Страница 63: ...n in the prompt To view scheduled jobs enter root VA_router crontab l 0 slaupload 00FF5FF92752 TFTP 1 172 16 250 100 69 To view currently running processes enter root VA_router ps PID Uid VmSize Stat Command 1 root 356 S init 2 root DW keventd 3 root RWN ksoftirqd_CPU0 4 root SW kswapd 5 root SW bdflush 6 root SW kupdated 8 root SW mtdblockd 89 root 344 S logger s p 6 t 92 root 356 S init 93 root ...

Страница 64: ...e UCI system UCI consists of a Command Line Utility CLI the files containing the actual configuration data and scripts that take the configuration data and apply it to the proper parts of the system such as the networking interfaces Entering the command uci on its own will display the list of valid arguments for the command and their format root VA_router lib config uci Usage uci options command a...

Страница 65: ...n files with a text editor but for scripts GUIs and other programs working directly with UCI files export config Exports the configuration in a UCI syntax and does validation import config Imports configuration files in UCI syntax changes config Lists staged changes to the given configuration file or if none given all configuration files add config section type Adds an anonymous section of type se...

Страница 66: ...started 10 2 2 Export a configuration Using the uci export command it is possible to view the entire configuration of the router or a specific package Using this method to view configurations does not show comments that are present in the configuration file root VA_router uci export httpd package httpd config httpd option port 80 option home www 10 2 3 Show a configuration tree The configuration t...

Страница 67: ...twork va_switch 0 eth1 D It is also possible to display a limited subset of a configuration root VA_router uci show network wan network wan interface network wan username foo network wan password bar network wan proto 3g network wan device dev ttyACM0 network wan service umts network wan auto 0 network wan apn hs vodafone ie 10 2 4 Display just the value of an option To display a specific value of...

Страница 68: ...td main va_eventd va_eventd main enabled yes va_eventd main event_queue_file tmp event_buffer va_eventd main event_queue_size 128K va_eventd conn_tester 0 conn_tester va_eventd conn_tester 0 name Pinger va_eventd conn_tester 0 enabled yes va_eventd conn_tester 0 type ping va_eventd conn_tester 0 ping_dest_addr 192 168 250 100 va_eventd conn_tester 0 ping_success_duration_sec 5 va_eventd target 0 t...

Страница 69: ...dresses and urls etc config monitor Monitor details Basic etc config dropbear SSH server options etc config dhcp Dnsmasq configuration and DHCP settings etc config firewall NAT packet filter port forwarding etc etc config network Switch interface L2TP and route configuration etc config system Misc system settings including syslog Other etc config snmpd SNMPd settings etc config uhttpd Web server o...

Страница 70: ...mple will be combined into a single list of values with the same order as in the configuration file The indentation of the option and list statements is a convention to improve the readability of the configuration file but it is not syntactically required Usually you do not need to enclose identifiers or values in quotes Quotes are only required if the enclosed value contains spaces or tabs Also i...

Страница 71: ...lly used for router installation The router will be installed with a factory config that will allow it to contact Activator The autoload feature controls the behaviour of the router in requesting firmware and configuration files this includes when to start the Activation process and the specific files requested The HTTP Client uhttpd contains information about the Activator server and the protocol...

Страница 72: ...s file signals the end of the autolaod sequence to Activator Activator identifies the device using the serial number of the router syntax is used to denote the serial number of the router when requesting a file The requested files are written to the alternate image or config segment You can change the settings either directly in the configuration file or via appropriate UCI set commands It is norm...

Страница 73: ... UCI autoload main StartTimer Opt StartTimer Defines how long to wait after the boot up completes before starting activation 10 Range 0 300 secs Web Retry Timer UCI autoload main RetryTimer Opt RetryTimer Defines how many seconds to wait between retries if a download of a particular autoload entry fails 30 Range 0 300 secs Web N A UCI autoload main NumberOfRetries Opt Numberofretries Defines how m...

Страница 74: ...tUsingImage Opt BootUsingImage Specifies which image to boot up with after the activation sequence completes successfully Altimage Alternative image Image 1 image 1 Image 2 image 2 Entries Web Configured UCI autoload entry x Configured Opt Configured Enables the autoload sequence to process this entry 1 Enabled 0 Disabled Web Segment Name UCI autoload entry x SegmentName Opt SegmentName Defines wh...

Страница 75: ...5 autoload main BootUsingConfig altconfig autoload main BootUsingImage altimage autoload entry 0 entry autoload entry 0 Configured yes autoload entry 0 SegmentName altconfig autoload entry 0 RemoteFilename ini autoload entry 1 entry autoload entry 1 Configured yes autoload entry 1 SegmentName altimage autoload entry 1 RemoteFilename img autoload entry 2 entry autoload entry 2 Configured yes autolo...

Страница 76: ...oteFilename img config entry option Configured yes option SegmentName config1 option RemoteFilename vas 11 7 HTTP Client configuring activation using the web interface This section contains the settings for the HTTP Client used during activation and active updates of the device The httpclient core section configures the basic functionality of the module used for retrieving files from Activator dur...

Страница 77: ... Activator that uses http port 80 This can be an IP address or FQDN The syntax should be x x x x 80 or FQDN 80 Multiple servers should be separated by a space using UCI Web Secure Server IP Address UCI httpclient default SecureFileServer Opt ListSecureFileServer Specifies the address of Secure Activator that uses port 443 This can be an IP address or FQDN The syntax should be x x x x 443 or FQDN 4...

Страница 78: ...fies the directory location of the certificate key etc httpclient key Range Web N A UCI ValidateServerCertificateFieldEnabled Opt ValidateServerCertificate Defines the field in the server certificate that the client should check 1 Enabled 0 Disabled Web N A UCI httpclient default ActivatorChunkyDownlo adPath Opt ActivatorChunkyDownloadPath Enables partial download activations and active updates Th...

Страница 79: ...2 Httpclient Activator configuration package options example root VA_router uci export httpclient package httpclient config core default option Enabled yes listFileServer 1 1 1 1 80 listFileServer 1 1 1 2 80 listSecureFileServer 1 1 1 1 443 listSecureFileServer 1 1 1 2 443 optionActivatorDownloadPath Activator Sessionless Httpserver asp optionSecureDownload no optionPresentCertificateEnabled no op...

Страница 80: ...user x webuser Opt webuser Specifies web access permissions for the user Note webuser will only work if linuxuser is set to Enabled 0 Disabled 1 Enabled Web n a UCI management_users user x chapuser Opt chapuser Specifies CHAP access permissions for the PPP connection Note chapuser will only work if linux user is set to Enabled 0 Disabled 1 Enabled Web n a UCI management_users user x papuser Opt pa...

Страница 81: ... management_users user 0 username newpassword root VA_router uci commit The new password will take effect after reboot and will now be displayed in encrypted format through the hashpassword option 11 11 Configuring management user password using package options The root password is displayed encrypted via CLI using the hashpassword option root VA_router uci export management_users package manageme...

Страница 82: ...t_users user 0 smsuser 0 User management using package options root VA_router uci export management_users package management_users config user option enabled 1 option username test option hashpassword 1 XVzDHHPQ SKK4geFonctihuffMjS4U0 option webuser 1 option linuxuser 1 option papuser 0 option chapuser 0 option srpuser 0 options smsuser 0 11 13 Configuring user access to specific web pages To spec...

Страница 83: ... speed switching technology where data is grouped into cells Connection between the user equipment and the BAS is then achieved using the Point to Point Protocol PPP running over the ATM connection path PPP is a defined industry standard used widely to allow two devices to communicate across a logical link It is extensively deployed by service providers as a means of connecting customers to Intern...

Страница 84: ... network adsl 12 4 Creating a new ADSL PPPoA connection To create a new ADSL PPPoA interface via the web interface in the top menu click Network Interfaces The Interfaces overview page appears There are three sections in the Interfaces page Section Description Interface Overview Shows existing interfaces and their status You can create new and edit existing interfaces here Port Map In this section...

Страница 85: ...ption Description Static Static configuration with fixed address and netmask DHCP Client Address and netmask are assigned by DHCP Unmanaged Unspecified IPv6 in IPv4 RFC4213 IPv4 tunnels that carry IPv6 IPv6 over IPv4 IPv6 over IPv4 tunnel GRE Generic Routing Encapsulation IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point Protocol PPPoE Point to Point Protocol over Ethernet PPPoATM Point to P...

Страница 86: ...rewall settings Assign a firewall zone to the connection 12 5 PPPoA general setup Figure 33 The PPPoA common configuration page Web Field UCI Package Option Description Web Status UCI N A ifconfig Opt N A Shows the current status of the interface Note run ifconfig command on SSH to check interface status Web Protocol UCI network x proto Opt proto Protocol type The PPPoA interface protocol is showi...

Страница 87: ...anced settings Figure 34 The PPPoA advanced settings page Web Field UCI Package Option Description Web Bring up on boot UCI network x auto Opt auto Enables the interface to connect automatically on boot up This option is enabled by default 0 Disabled 1 Enabled Web Monitor interface state UCI network x monitored Opt monitored Enabled if status of interface is presented on Monitoring platform 0 Disa...

Страница 88: ...pt dependants Lists interfaces that are dependant on this parent interface Dependant interfaces will go down when parent interface is down and will start or restart when parent interface starts Separate multiple interfaces by a space when using UCI Example option dependants PPPADSL MOBILE This replaces the following previous options in child interfaces gre option local_interface lt2p option src_ip...

Страница 89: ...k file etc config network To view the configuration file enter uci export network config adsl device adsl option fwannex a option annex a option Enabled yes config interface ADSL option proto pppoa option encaps vc option atmdev 0 option vci 35 option vpi 0 option username test5 pppoa com option password test5 To view uci commands enter uci show network network adsl fwannex a network adsl annex a ...

Страница 90: ...ces Overview page appears Scroll down to the bottom of the page until you see the ATM Bridges section Click Add 12 9 1 PPPoEoA general setup Figure 36 The ATM bridges general setup page Web Field UCI Package Option Description Web ATM Virtual Channel Identifier VCI UCI network atm bridge x vci Opt vci Type the VCI number Range 35 Web ATM Virtual Path Identifier VPI UCI network atm bridge x vpi Opt...

Страница 91: ... atmdev Leave the default ATM device number set to 0 Web Bridge unit number UCI network atm bridge x unit Opt unit Leave the default Bridge unit number set to 0 Web Forwarding mode UCI network atm bridge 0 payload Opt payload Select either Bridged or Routed as the forwarding mode Bridged Select Bridged to allow the router to receive Ethernet packets over the ADSL line and to be configured with an ...

Страница 92: ...twork x proto Opt proto Protocol type Select PPPoE Option Description Static Static configuration with fixed address and netmask DHCP Client Address and netmask are assigned by DHCP Unmanaged Unspecified IPv6 in IPv4 RFC4213 IPv4 tunnels that carry IPv6 IPv6 over IPv4 IPv6 over IPv4 tunnel GRE Generic Routing Encapsulation IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point Protocol PPPoE Poin...

Страница 93: ...n Description Web Protocol of the new interface UCI network x proto Opt proto Protocol type The protocol shows the one selected for this interface Web PAP CHAP username UCI network x username Opt username Type the PAP CHAP username Web PAP CHAP password UCI network x password Opt password Type the password Web Access Concentrator UCI network x acname Opt acname Leave this field empty to autodetect...

Страница 94: ...abled Web Enable IPv6 negotiation on the PPP link UCI network x ipv6 Opt ipv6 Enables IPv6 negotiation on the PPP 0 Disabled 1 Enabled Web Use default gateway UCI network x defaultroute Opt defaultroute If unchecked no default route is configured 0 Disabled 1 Enabled Web Use DNS servers advertised by peer UCI network x peerdns Opt peerdns If unchecked DNS from peer will not be accepted 0 Disabled ...

Страница 95: ...unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it Click Save Apply Figure 41 The interfaces page firewall settings tab 12 10 Configuring an ADSL PPPoEoA connection using UCI The configuration file is stored on Network file etc config network To view the configuration file enter uci export network config ads...

Страница 96: ...l Enabled yes network ADSL interface network ADSL proto pppoe network ADSL ifname nas0 network ADSL username test5 pppoe com network ADSL password test5 network ADSL ac test network ADSL service test network ADSL defaultroute 0 network atm bridge 0 atm bridge network atm bridge 0 unit 0 network atm bridge 0 atmdev 0 network atm bridge 0 encaps llc network atm bridge 0 payload bridged network atm b...

Страница 97: ...ion Description Web ATM Virtual Channel Identifier VCi UCI network atm bridge x vci Opt vci Type the VCI number Range 35 Web ATM Virtual Path Identifier VPi UCI network atm bridge x vpi Opt vpi Type the VPI number Range 8 Web Encapsulation mode UCI network atm bridge x encaps Opt encaps Select either LLC or VC Mux VC Mux Virtual Circuit Multiplexing LLC Logical Link Control Table 30 Information ta...

Страница 98: ...0 Web Bridge unit number UCI network atm bridge x unit Opt unit Leave the default Bridge unit number set to 0 Web Forwarding mode UCI network atm bridge 0 payload Opt payload Select Bridged as the forwarding mode Bridged Bridged allows the router to receive Ethernet packets over the ADSL line and to be configured with an IP address for management Routed Routed allows the router to run PPP over ATM...

Страница 99: ...P Client Address and netmask are assigned by DHCP Unmanaged Unspecified IPv6 in IPv4 RFC4213 IPv4 tunnels that carries IPv6 IPv6 over IPv4 IPv6 over IPv4 tunnel GRE Generic Routing Encapsulation IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point Protocol PPPoE Point to Point Protocol over Ethernet PPPoATM Point to Point Protocol over ATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using ...

Страница 100: ...teway address Web IPv4 broadcast UCI network x broadcast Opt broadcast Leave this field empty to autodetect or type broadcast IP address Web Use custom DNS servers UCI network x dns Opt dns Leave this field empty to autodetect or type DNS IP address Web Accept router advertisements UCI network x accept_ra Opt accept_ra Accept router advertisement for ipv6 addresses Leave this field empty if ipv6 i...

Страница 101: ... Enabled Web Monitor interface state UCI network x monitored Opt monitored This interface state will be reported to VA monitor via Keepalive 0 Disabled 1 Enabled Web Override MAC address UCI network x macaddr Opt macaddr Specify the mac address of the interface Leave this field blank if MAC address of Bridge interface should be copied from Ethernet interface Web Override MTU UCI network x mtu Opt ...

Страница 102: ...ring an ADSL bridge connection with static IP using UCI The configuration file is stored on Network file etc config network To view the configuration file enter uci export network config adsl device adsl option fwannex a option annex a option enabled yes config atm bridge option unit 0 option atmdev 0 option payload bridged option vpi 8 option vci 39 option encaps llc config interface Management o...

Страница 103: ... bridge 0 payload bridged network atm bridge 0 vpi 8 network atm bridge 0 vci 39 network atm bridge 0 encaps llc network Management interface network Management proto static network Management ifname nas0 network Management monitored 0 network Management ipaddr 10 33 4 7 network Management netmask 255 255 255 192 12 12 ADSL diagnostics 12 12 1 ADSL PPPoA connections To check the status of an ADSL ...

Страница 104: ...ections To check the status of an ADSL line in the top menu select Status ADSL Status The ADSL Status page appears To check an IP address transmit and received counter on an ADSL interface in the top menu select Network Interfaces The Interface Overview page appears Figure 50 The interfaces overview page 12 12 3 ADSL bridge connections To check the status of an ADSL line in the top menu select Sta...

Страница 105: ...etc init d dsl_control command Available commands start Start the service stop Stop the service restart Restart the service reload Reload configuration files or restart if that fails enable Enable service autostart disable Disable service autostart status Get DSL status information lucistat Get status information in lua friendly format To view the current status of the ADSL interface enter root VA...

Страница 106: ...ce This section describes how to configure an Ethernet interface including configuring the interface as a DHCP server adding the interface to a firewall zone mapping the physical switch ports and defining loopback interface 13 1 Configuration packages used Package Sections network interface route va_switch alias firewall zone dhcp dhcp 13 2 Configuring an Ethernet interface using the web interface...

Страница 107: ...rts to Ethernet interfaces Ports are marked with capital letters starting with A Type in space separated port character in the port map fields ATM Bridges ATM bridges expose encapsulated Ethernet in AAL5 connections as virtual Linux network interfaces which can be used in conjunction with DHCP or PPP to dial into the provider network 13 2 1 Interface overview editing an existing interface To edit ...

Страница 108: ...ple interfaces UCI network if name type Opt type If you select this option then the new logical interface created will act as a bridging interface between the chosen existing physical interfaces Empty Bridge Configures a bridge over multiple interfaces Web Cover the following interface UCI network if name ifname Opt ifname Physical interface name to assign to this logical interface If creating a b...

Страница 109: ...ipaddr The IPv4 address of the interface This is optional if an IPv6 address is provided Web IPv4 netmask UCI network if name netmask Opt netmask Subnet mask to be applied to the IP address of this interface Web IPv4 gateway UCI network if name gateway Opt gateway IPv4 default gateway to assign to this interface optional Web IPv4 broadcast UCI network if name broadcast Opt broadcast Broadcast addr...

Страница 110: ...he interface to connect automatically on boot up 0 Disabled 1 Enabled Web Monitor interface state UCI network if name monitored Opt monitored Enabled if status of interface is presented on Monitoring platform 0 Disabled 1 Enabled Web Override MAC address UCI network if name macaddr Opt macaddr Override the MAC address assigned to this interface Must be in the form hh hh hh hh hh hh where h is a he...

Страница 111: ...nd are defined in network if name ifname Empty Bridge Configures a bridge over multiple interfaces Web Enable STP UCI network if name stp Opt stp Enable Spanning Tree Protocol This option is only available when the Bridge Interfaces option is selected 0 Disabled 1 Enabled Web VLAN PCP to skb priority mapping UCI network if name vlan_qos_map_ingress Opt list vlan_qos_map_ingress VLAN priority code ...

Страница 112: ...e ifname eth2 eth 3 Table 38 Information table for physical settings page 13 2 3 4 Loopback interfaces Loopback interfaces are defined in exactly the same way as ethernet interfaces Please see section above Note There is no software limitation as to how many loopback interfaces can exist on the router 13 2 3 5 Common configuration firewall settings Use this section to select the firewall zone you ...

Страница 113: ...as section for this IP alias In this example the name ethalias1 is used Figure 57 The IP Aliases section Web Field UCI Package Option Description UCI network alias name ifname Opt config interface aliasname Assigns the alias name UCI network alias name interface Opt interface This maps the IP Alias to the interface UCI network alias name proto Opt proto This maps the interface protocol to the alia...

Страница 114: ...Pv4 Gateway UCI network alias name gateway Opt gateway Defines the gateway for the IP alias Table 40 Information table for IP alias general setup page 13 2 4 4 IP aliases advanced settings Figure 59 The IP Aliases advanced settings section Web Field UCI Package Option Description Web IPv4 Broadcast UCI network alias name bcast Opt bcast Defines the IP broadcast address for the IP alias Web DNS Ser...

Страница 115: ...section Web Field UCI Package Option Description Web Ignore interface UCI dhcp dhcp x ignore Opt ignore Defines whether the DHCP pool should be enabled for this interface If not specified for the DHCP pool then default is disabled i e dhcp pool enabled 0 Disabled 1 Enabled Web n a UCI dhcp dhcp x start Opt start Defines the offset from the network address for the start of the DHCP pool It may be g...

Страница 116: ...ed Web DHCP Options UCI dhcp dhcp x dhcp_option Opt list dhcp_option Defines additional options to be added for this dhcp pool For example with list dhcp_option 26 1470 or list dhcp_option mtu 1470 you can assign a specific MTU per DHCP pool Your client must accept the MTU option for this to work Options that contain multiple vales should be separated by a space Example list dhcp_option 6 192 168 ...

Страница 117: ...ace network ethalias1 ipaddr 10 10 10 1 network ethalias1 netmask 255 255 255 0 network ethalias1 gateway 10 10 10 10 network ethalias1 bcast 10 10 10 255 network ethalias1 dns 8 8 8 8 firewall zone 0 zone firewall zone 0 name lan firewall zone 0 input ACCEPT firewall zone 0 output ACCEPT firewall zone 0 forward ACCEPT firewall zone 0 network lan newinterface root VA_router uci show dhcp dhcp dhcp...

Страница 118: ...2 2 10 option broadcast 2 2 2 255 list vlan_qos_map_ingress 1 2 list vlan_qos_map_ingress 2 1 config alias ethalias1 option proto static option interface newinterface option ipaddr 10 10 10 1 option netmask 255 255 255 0 option gateway 10 10 10 10 option bcast 10 10 10 255 option dns 8 8 8 8 root VA_router uci export firewall package firewall config zone option name lan option input ACCEPT option ...

Страница 119: ...imitation as to how many loopback interfaces can exist on the router An example showing a partial uci export of a loopback interface configuration is shown below root VA_router uci export network config interface loopback option proto static option ifname lo option ipaddr 127 0 0 1 option netmask 255 0 0 0 13 4 Configuring port maps 13 5 Port map packages Package Sections Network va_switch 13 5 1 ...

Страница 120: ... switch port C Web eth2 UCI network va_switch 0 eth2 Opt eth2 Defines eth0 physical switch port mapping Must be entered in upper case A Eth2 assigned to switch port A B Eth2 assigned to switch port B C Eth2 assigned to switch port C D Eth2 assigned to switch port C Web eth3 UCI network va_switch 0 eth3 Opt eth3 Defines eth0 physical switch port mapping Must be entered in upper case A Eth3 assigned...

Страница 121: ... t P 178 72 0 237 Mask 255 255 255 255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU 1400 Metric 1 RX packets 6 errors 0 dropped 0 overruns 0 frame 0 TX packets 23 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 3 RX bytes 428 428 0 B TX bytes 2986 2 9 KiB eth0 Link encap Ethernet HWaddr 00 E0 C8 12 12 15 inet addr 192 168 100 1 Bcast 192 168 100 255 Mask 255 255 255 0 inet6 addr fe80...

Страница 122: ...55 Mask 255 255 255 0 inet6 addr fe80 2e0 c8ff fe12 1215 64 Scope Link UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 7710 errors 0 dropped 0 overruns 0 frame 0 TX packets 535 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 1000 RX bytes 647933 632 7 KiB TX bytes 80978 79 0 KiB 13 6 2 ARP table status To show the current ARP table of the router enter root GW7314 arp 10...

Страница 123: ...1 T1 interfaces It is used to carry an analogue leased line an X 21 interface an E1 timeslot or a group of E1 timeslots over a packet switched network Both SAToP and CESoPSN are pseudowire protocols 14 2 Clocking For the SAToP CESoPSN function to work satisfactory it is essential that you synchronize the clocks used for the TDM signals of the routers That is run at exactly the same frequency other...

Страница 124: ...itecture 14 3 Virtual Access proprietary SAToP CESoPSN protocol extension To compensate for packet loss in the network Virtual Access implemented a proprietary extension to SAToP CESoPSN When enabled a copy of the previous packet payload is added to the end of the packet With the help of this mechanism it is possible to overcome the loss of single packets However the loss of consecutive packets ca...

Страница 125: ...ssue 1 5 Page 125 of 384 14 5 Configuring SAToP CESoPSN To configure SAToP CESoPSN using the web interface in the top menu select Services CESoPSN The SAToP CESoPSN page appears 14 5 1 Configuring main settings using the web interface The web interface is divided into 3 sections Basic Blackbox and Advanced Note the Blackbox tab only appears if Blackbox is configured on your router Figure 66 SAToP ...

Страница 126: ...ader 0 Disabled 1 Enabled Web TOS Value UCI cesopd main tos_enabled Opt tos_value Note before changing this value consult with Virtual Access support 16 Decimal value of the TOS field in the IP header Range 0 255 Blackbox settings Web Blackbox Enable UCI cesopd main blackbox_enabled Opt blackbox_enabled Enables blackbox recordings See section cesop blackbox show for more information 0 Disabled 1 E...

Страница 127: ...d GW6600V Series User Manual Issue 1 5 Page 127 of 384 option tos_enabled 1 option tos_value 1 option blackbox_enabled 0 option blackbox_hours 10 option blackbox_samples 20 14 7 Configuring port settings using the web interface The web interface for port settings is divided into 5 sections Basic Advanced E1 Dual X 21 and ALL Note for E1 CESoPSN a port represents a timeslot or group of timeslots Fi...

Страница 128: ...__________________________________ _____________________________________________________________________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 128 of 384 Figure 71 CESoPSN E1 port settings Figure 72 CESoPSN dual X 21 port settings ...

Страница 129: ...ipaddr Opt udp_remote_ipaddr Specifies the remote IP address to send packets to 127 0 0 1 Specific remote interface IP address Range Packets are accepted from all sources and received source IP address will be used as the destination Web Remote Port UCI cesopd port udp_remote_port Opt udp_remote_port UDP port to send packets to The port can be 0 in which case the source port of the incoming packet...

Страница 130: ... E1 64000 The rate has to be a multiple of 64000 For the ALL interface only 64000 is supported Range 64000 2048000 Web External clock mode UCI cesopd port ext_clock Opt ext_clock Enables the use of an external clock N A for E1 and ALL 0 Disabled 1 Enabled Table 46 Information table for basic port settings Web Field UCI Package Option Description Web RTP Payload Type UCI cesopd port rtp _payload_ty...

Страница 131: ...ng Opt e1t1_framing Specifies the framing For SATOP this should be set for E1 unframed For CESoPSN this should be set for E1 double frame or E1 CRC 4 multiframe For CESoPSN this should be defined for first port only 0 E1 unframed 1 E1 double frame basic frame 2 E1 CRC 4 multi frame Web Impedance UCI cesopd port e1t1_line_code Opt e1t1_line_code Specifies the impedance For CESoPSN this should be de...

Страница 132: ...10 Table 48 Dual X 21 port settings Web Field UCI Package Option Description Web 4 Wire Mode UCI cesop port all_four_wire_mode Opt all_four_wire_mode Specifies the ALL interface mode 0 ALL interface operates in 2 wire mode 1 ALL interface operates in 4 wire mode Web PCM Encoding UCI cesop port all_pcm_encoding Opt all_pcm_encoding Selects the PCM companding algorithm For more information see ITU T...

Страница 133: ...terface The first timeslot or group of timeslots and subsequent ports configurations are the configuration for further timeslots or groups of timeslots All the ports have the same devname in this case The examples below show a port section labelled Port 1 config port Port1 option enable 1 option devname ttyLC0 option udp_local_ipaddr 0 0 0 0 option udp_remote_ipaddr 10 1 42 63 option udp_local_por...

Страница 134: ...our_wire_mode 0 option all_pcm_encoding alaw option all_tx_analogue_loss_enabled 1 option all_tx_digital_loss 6 option all_rx_analogue_gain_enabled 1 option all_rx_digital_gain 2 option all_rx_attenuator_enabled 1 14 8 3 Dual X 21 interface settings config port Port1 option fifo_irq_level 1 option bit_reverse 0 option x21_clk_invert 0 option x21_data_delay 0 option x21_use_vco 0 14 9 CESoPSN diagn...

Страница 135: ...tatistics cesop clear stats clear statistics cesop quit terminate cesopd process cesop show debug show diagnostical information cesop blackbox show blackbox information cesop upgrade usbcard upgrade usb card cesop show usbcard status show USB serial card status cesop show usbcard stats show USB serial card statistics cesop clear usbcard stats clear USB serial card statistics cesop show usbcard ver...

Страница 136: ...pe USB E1 T1 card enable 1 clock_recovery_enabled 1 clock_recovery_debug 0 remote_loopback 0 udp_local_ipaddr 1 1 1 1 udp_local_port 50151 udp_remote_ipaddr 1 1 1 2 udp_remote_port 50152 rtp_header_enabled 1 rtp_payload_type 100 packetization_latency 8 rx_jitter_buffer_enabled 0 rx_jitter_buffer_size_ms 16 app_bit_reverse 0 app_rx_shift 0 va_prop_payload_redundancy_enabled 0 devname ttyU0 local_lo...

Страница 137: ...enabled 0 all_rx_digital_gain 0 all_tx_digital_loss 0 e1t1_end 1 e1t1_line_code 1 e1t1_framing 2 e1t1_impedance 1 e1t1_timeslot 1 e1t1_protocol 0 14 9 2 cesop show status To show the current operating configuration enter root VA_router cesop show status Port 1 Clock Recovery Status Output Voltage 1 769998V Protocol Status UDP Session Open Remote IP Address 1 1 1 2 Remote UDP Port 50152 Protocol CE...

Страница 138: ...cal information enter root VA_router cesop show stats Port 1 Serial statistics Frames read 18359581 Frames written 18359581 Bytes read 1175013184 Bytes written 1468766480 UDP statistics Datagrams transmitted 18359581 Datagrams received 18359581 Bytes transmitted 1468766480 Bytes received 1468766480 Transmit failures 0 Receive failures 0 SAToP CESoP statistics Rx header errors 0 Rx packets lost 1 R...

Страница 139: ...he interpretation of the output produced by cesop show debug command is not explained here root VA_router cesop show debug Port 1 Clock Recovery Status Output Voltage 1 763998V Protocol Status UDP Session Open Remote IP Address 1 1 1 2 Remote UDP Port 50152 Protocol CESoP Rx RTP Payload Type 100 Rx RTP SSRC 87654321 Rx Payload Size 64 Rx CESoPSN Header L Bit 0 Rx CESoPSN Header R Bit 0 Rx CESoPSN ...

Страница 140: ...ytes transmitted 90880 Bytes received 90880 Transmit failures 0 Receive failures 0 Receive address errors 0 SAToP CESoP statistics Rx header errors 0 Rx packets lost 0 Rx lost packets recovered 0 Rx TDM payload length errors 0 Tx TDM payload length errors 0 14 9 5 cesop blackbox show If enabled the blackbox records instances of packet loss or the late transmission and reception of packets The info...

Страница 141: ...ive sample buffers 2016 01 29 09 51 18 2846 min mean max 366 17737 495308 Local Lost active 0 min mean max 7446 7987 8534 14 9 6 cesop upgrade usbcard The command cesop upgrade usbcard re programs the E1 card with the image in lib firmware va userial bin The command is used for software upgrade of the E1 card If an upgrade is necessary the image will be provided by Virtual Access The upgrade proce...

Страница 142: ...able Seconds 0 Flow 0 Bytes TX 1806272 RX 1806336 Frames TX 0 RX 0 rxCrcErrors 0 rxLengthErrors 0 txUnderrunErr 4 txFifoErr 0 rxOverrunErr 0 rxCrcErr 0 rxLengthErr 0 rxAborts 0 14 9 8 cesop clear usbcard stats To reset the E1 card statistical counters enter root VA_router cesop clear usbcard stats USB card stats cleared 14 9 9 cesop show usbcard version To see the E1 card s software enter root VA_...

Страница 143: ... interface and checked against the received data from the E1 interface If the E1 is configured as framed the first configured timeslot or group of timeslots is used To start the bit error rate test enter root VA_router cesop bert start To stop the bit error rate test enter root VA_router cesop bert stop 14 9 12 cesop show bert stats To view the bit error rate test status and statistical counters e...

Страница 144: ... able to make and receive calls to and from any number on the real network The router is equipped with an ADSL WAN interface and is the interface of choice for connecting the device to the core network Note success of the pseudowire relies on the network s ability to transfer the data without loss between the Virtual Access router and the provider IP packet loss will result in momentary corruption...

Страница 145: ... to allow the BRI interface to effectively run at the same clock rate as the provider 15 3 ISDN pseudowire in client role The most typical scenario for the GW6610 ISDN is for it to act in a client role whereby locally attached ISDN equipment can make and receive calls on a remote ISDN network over an IP network typically via the ADSL interface on the GW6610 ISDN router In the example below it is a...

Страница 146: ...nfig provider option host 10 1 23 15 option hostport 5060 option username usernameForUnit20 option secret secretForUnit20 UCI Package Option Description UCI config provider host Opt host Specifies the IP address of the provider to register with UCI config provider hostport Opt hostport Specifies the port to send registration requests to UCI config provider username Opt username Specifies the usern...

Страница 147: ...RI interface on the router Most ISDN user equipment supports two or more MSNs LCR configuration files are stored on etc config lcr root VA_router uci export lcr package lcr config lcr main option enable 1 list msn 384720 list msn 384721 UCI Package Option Description UCI config lcr main enable Opt enable Specifies whether or not LRC should run and allow asterisk access to the ISDN hardware 1 Enabl...

Страница 148: ...sociation for this username and an MSN hosted by this unit Calls to MSN s configured on this site will only be routed to this site if the provider is configured with the appropriate username password MSN triplet UCI config provider secret Opt secret Specifies the password to present to the provider to identify this site Table 50 Options for provider configurations UCI Package Option Description UC...

Страница 149: ...d by the other GW6610 ISDN unit As most ISDN equipment supports at least two MSN numbers there are typically two or more such sections Note on the other device there will also be an LCR configuration and an Asterisk configuration where the provider and client sections are swapped A typical example of an asterisk and LCR configuration for the other unit in a back to back configuration is shown belo...

Страница 150: ...Terminal Server or CESoPSN The ALL interface has the device name ttyLC0 16 1 Terminal Server V 23 modem emulation When used with the Terminal Server application the ALL interface enables a V 23 modem emulation The V 23 modem emulation passes the decoded modem call data to the terminal server application Note gain and attenuation cannot currently be controlled when operating in V 23 modem emulation...

Страница 151: ..._____________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 151 of 384 Figure 74 Gain and attenuation flow 16 4 ALL status To view the status of the ALL interface enter va5420_status dev ttyLCO The following output is shown root client_B root client_B va5420_status dev ttyLCO Mode Transparent Wire mode 2 wire PCM Encoding A Law ...

Страница 152: ...LC0 TRANSMIT STATS tx bytes 44661000 tx buffer full counts 0 tx underruns 289 tx discards bytes 16280 RECEIVE STATS rx bytes 44692864 rx overruns 33 rx discards bytes 0 V 23 MODE STATS rx bytes 0 tx bytes 0 rx samples 0 tx samples 0 rx carrier on 0 tx carrier on 0 Tx underruns or discards can indicate that recovery clock algorithm has not synchronized yet or there is no jitter buffer enabled in th...

Страница 153: ...e 153 of 384 config port Port1 option rx_jitter_buffer_enabled 1 option rx_ _buffer_size_ms 20 If the cesop application is running to check stats enter root VA_router cesop show config Main Config enable 1 nodaemon 0 log_severity 7 Port 1 config cardType Single AAL card enable 1 clock_recovery_enabled 1 clock_recovery_debug 1 rx_jitter_buffer_enabled 0 rx_jitter_buffer_size_ms 24 16 5 1 ALL statis...

Страница 154: ...___________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 154 of 384 16 6 ALL wiring 16 6 1 2 wire RJ11 RJ45 2 RED TIP 5 tx rx 3 GREEN RING 4 tx rx 16 6 2 4 wire RJ 11 RJ 45 1 YELLOW TIP1 5 TIP1 2 RED TIP 6 TIP 3 GREEN RING 3 RING 4 BLACK RING1 4 RING1 16 6 3 RJ45 1 not connected 2 not connected 3 RX 4 TX 5 TX 6 RX 7 not connected 8 not con...

Страница 155: ...different interfaces and different subnets You can manually configure lease time as well as setting static IP to host mappings Domain Name Server DNS is responsible for resolution of IP addresses to domain names on the internet Dnsmasq is the application which controls DHCP and DNS services Dnsmasq has two sections one to specify general DHCP and DNS settings and one or more DHCP pools to define D...

Страница 156: ...______________________________________________________________ _____________________________________________________________________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 156 of 384 Figure 75 The DHCP and DNS page ...

Страница 157: ...nsmasq 0 local Opt local Specifies the local domain Names matching this domain are never forwarded and are resolved from DHCP or host files only lan Range Web Local Domain UCI dhcp dnsmasq 0 domain Opt domain Specifies local domain suffix appended to DHCP names and hosts file entries lan Range Web Log Queries UCI dhcp dnsmasq 0 logqueries Opt logqueries Writes received DNS requests to syslog 0 Dis...

Страница 158: ...e file where given DHCP leases will be stored The DHCP lease file allows leases to be picked up again if dnsmasq is restarted tmp dhcp leas es Store DHCP leases in this file Range Web Ignore resolve file UCI dhcp dnsmasq 0 noresolv Opt noresolv Defines whether to use the local DNS file for resolving DNS 0 Use local DNS file 1 Ignore local DNS file Web Resolve file UCI dhcp dnsmasq 0 resolvfile Opt...

Страница 159: ...sq TFTP settings Figure 77 The TFTP settings section Web Field UCI Package Option Description Web Enable TFTP Server UCI dhcp dnsmasq 0 enable_tftp Opt enable_tftp Enables the TFTP server 0 Disabled 1 Enabled Web Enable TFTP Server UCI dhcp dnsmasq 0 tftp_root Opt tftp_root Defines root directory for file served by TFTP Web Enable TFTP Server UCI dhcp dnsmasq 0 dhcp_boot Opt dhcp_boot Defines the ...

Страница 160: ...ed settings Figure 78 The advanced settings page Web Field UCI Package Option Description Web Filter private UCI dhcp dnsmasq 0 Opt boguspriv Enables disallow option for forwarding reverse lookups for local networks This rejects reverse lookups to private IP ranges where no corresponding entry exists in etc hosts 1 Enabled 0 Disabled Web Filter useless UCI dhcp dnsmasq 0 filterwin2k Opt filterwin2...

Страница 161: ...rs in the order of the resolve file 1 Enabled 0 Disabled Web Bogus NX Domain override UCI dhcp dnsmasq 0 bogusnxdomain Opt list bogusnxdomain A list of hosts that supply bogus NX domain results When using UCI multiple servers should be entered with a space between them Empty list Range Web DNS server port UCI dhcp dnsmasq 0 port Opt port Listening port for inbound DNS queries 53 Set to 0 to disabl...

Страница 162: ...maining UCI n a Opt n a Displays the remaining lease time Table 56 Information table for active leases section 17 2 6 Static leases Use static leases to assign fixed IP addresses and symbolic hostnames to DHCP clients Static leases are also required for non dynamic interface configurations where only hosts with a corresponding lease are served Click Add to add a new lease entry Figure 80 The stati...

Страница 163: ...ing table lists all available options their default value as well as the corresponding dnsmasq command line option These are the default settings for the common options root VA_router uci show dhcp dhcp dnsmasq 0 dnsmasq dhcp dnsmasq 0 domainneeded 1 dhcp dnsmasq 0 boguspriv 1 dhcp dnsmasq 0 filterwin2k 0 dhcp dnsmasq 0 localise_queries 1 dhcp dnsmasq 0 logqueries 1 dhcp dnsmasq 0 rebind_protectio...

Страница 164: ...0 root VA_router uci show dhcp config dnsmasq option domainneeded 1 option rebind_protection 1 option rebind_localhost 1 option local lan option domain lan option authoritative 1 option readethers 1 option leasefile tmp dhcp leases list interface lan list server 1 2 3 4 list server 4 5 6 7 list rebind_domain test1 domain list rebind_domain tes2 domain option logqueries 1 option resolvfile tmp reso...

Страница 165: ...n of this type present in the etc config dhcp file to cover the LAN interface You can disable a lease pool for a specific interface by specifying the ignore option in the corresponding section A minimal example of a dhcp section is shown below root VA_router uci show dhcp lan dhcp lan dhcp dhcp lan interface lan dhcp lan start 100 dhcp lan limit 150 dhcp lan leasetime 12h dhcp lan ignore 0 root VA...

Страница 166: ...xample with list dhcp_option 26 1470 or list dhcp_option mtu 1470 you can assign a specific MTU per DHCP pool Your client must accept the MTU option for this to work No options defined Syntax Option_number option_value Web n a UCI dhcp pool_name dynamicdhcp Opt dynamicdhcp Defines whether to allocate DHCP leases 1 Dynamically allocate leases 0 Use etc ethers file for serving DHCP leases Web n a UC...

Страница 167: ...6600V Series User Manual Issue 1 5 Page 167 of 384 18Configuring VLAN 18 1 Maximum number of VLANs supported Virtual Access routers support up to 4095 VLANs 18 2 Configuration package used Package Sections Network 18 3 Configuring VLAN using the web interface 18 3 1 Create a VLAN interface To configure VLAN using the web interface in the top menu select Network Interfaces Click Add new interface T...

Страница 168: ...ed address and netmask DHCP Client Address and netmask are assigned by DHCP Unmanaged Unspecified IPv6 in IPv4 RFC4213 Used with tunnel brokers IPv6 over IPv4 Stateless IPv6 over IPv4 transport GRE Generic Routing Encapsulation protocol IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point Protocol PPPoE PPP over Ethernet PPPoATM PPP over ATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection usin...

Страница 169: ...ic Static configuration with fixed address and netmask DHCP Client Address and netmask are assigned by DHCP Unmanaged Unspecified IPv6 in IPv4 RFC4213 Used with tunnel brokers IPv6 over IPv4 Stateless IPv6 over IPv4 transport GRE Generic Routing Encapsulation protocol IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point Protocol PPPoE PPP over Ethernet PPPoATM PPP over ATM LTE UMTS GPRS EV DO C...

Страница 170: ...pt dns List of DNS server IP addresses optional Table 60 Information table for VLAN general settings 18 3 3 Firewall settings VLAN Use this section to select the firewall zone you want to assign to the VLAN interface Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it Figure 83 Firewall settings page W...

Страница 171: ...e You can configure VLANs through CLI The VLAN configuration file is stored on etc config network uci export network package network config interface vlan100 option proto static option ifname eth0 100 option monitored 0 option ipaddr 192 168 100 1 option netmask 255 255 255 0 option gateway 192 168 100 10 option broadcast 192 168 100 255 option dns 8 8 8 8 Modify these settings by running uci set ...

Страница 172: ...ng protocols are not used or they are not configured for such subnets They can be created based on outgoing interface or next hop IP address 19 1 Configuration package used Package Sections network route 19 2 Configuring static routes using the web interface In the top menu select Network Static Routes The Routes page appears Figure 85 The routes page In the IPv4 Routes section click Add Web Field...

Страница 173: ...eld UCI Package Option Description Web Interface UCI network route 1 interface Opt interface Specifies the logical interface name of the parent or master interface this route belongs to It must refer to one of the defined interface sections Web target UCI network route 1 target Opt target Specifies the route network IP address or subnet in CIDR notation Eample 2001 0DB8 100 F00 BA3 1 64 Web Gatewa...

Страница 174: ...esired For example a route named myroute will be network myroute To define a named route using UCI enter network name_your_route route network name_your_route interface lan To define a named route using package options enter config route name_your_route option interface lan 19 5 IPv4 routes using UCI The command line example routes in the subsections below do not have a configured name root VA_rou...

Страница 175: ...ig route option interface lan option target 2 2 2 2 option netmask 255 255 255 255 option gateway 192 168 100 1 option metric 1 option mtu 1500 19 7 IPv6 routes using UCI root VA_router uci show network network route 1 route network route 1 interface lan network route 1 target 2001 0DB8 100 F00 BA3 1 64 network route 1 gateway 2001 0DB8 99 1 network route 1 metric 1 network route 1 mtu 1500 19 8 I...

Страница 176: ...______________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 176 of 384 19 9 Static routes diagnostics 19 9 1 Route status To show the current routing status enter root VA_router route n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192 168 100 0 255 255 255 0 U 0 0 0 eth0 Note a route will only be displayed in the routing table wh...

Страница 177: ...ormation between gateway hosts each with its own router in a network of autonomous systems BGP is often the protocol used between gateway hosts on the internet The routing table contains a list of known routers the addresses they can reach and a cost metric associated with the path to each router so that the best available route is chosen 20 1 Configuration package used Package Sections bgpd routi...

Страница 178: ...em Number UCI bgpd bgpd asn Opt asn Defines the ASN for the local router Type in the ASN Blank Range 1 4294967295 Web Network UCI bgpd bgpd network Opt list network Sets the list of networks that will be advertised to neighbours in prefix format 0 0 0 0 0 Separate multiple networks by a space using UCI Ensure the network prefix matches the one shown in the routing table See Routes section below Ta...

Страница 179: ... AS Path Matches AS path Route Metric Matches route metric BGP Community Matches BGP community Web Match value UCI bgpd ROUTEMAP match Opt match Defines the value of the match type Format depends on the Match Type selected In the case of IP address and BGP Community values the match value is parsed as a list of items to match Web Set Option UCI bgpd ROUTEMAP set_type Opt set_type Defines the set o...

Страница 180: ...P address of the neighbour Web Autonomous System Number UCI bgpd peer 0 asn Opt asn Sets the ASN of the remote peer Blank Range 1 4294967295 Web Route Map UCI bgpd peer 0 route_map Opt route_map Sets route map name to use with this neighbour Web Route Map Direction UCI bgpd peer 0 route_map_in Opt route_map_in Defines the direction the route map should be applied 1 In 0 Out Table 65 Information ta...

Страница 181: ...atch 192 168 101 1 32 bgpd ROUTEMAP set_type ip next hop bgpd ROUTEMAP set 192 168 101 2 32 To change any of the above values use UCI set command 20 4 Configuring BGP using packages options root VA_router uci export bgpd package bgpd config routing bgpd option enabled yes option router_id 3 3 3 3 option asn 1 list network 11 11 11 0 29 list network 192 168 103 1 32 config peer option route_map_in ...

Страница 182: ...______________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 182 of 384 20 5 View routes statistics To view routes statistics in the top menu click Status Routes The routing table appears Figure 90 The routing table To view routes via the command line enter root support route n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10 1 0 0...

Страница 183: ...nfiguring a WiFi interface using the web interface To create a new WiFi interface via the web interface in the top menu click Network Wifi The Wireless overview page appears Figure 91 The wireless overview page Click Add to create a new WiFi interface The Wireless Network configuration page appears The Wireless Network configuration page consists of two sections Section Description Device Configur...

Страница 184: ...ngs Advanced Settings HT mode country code distance optimization fragmentation threshold and RTS CTS threshold 21 2 1 1 Device configuration general setup Figure 92 The device configuration general setup section Web Field UCI Package Option Description Web Wireless network UCI wireless radio0 disabled Opt disanabled Enable or disables a wireless 1 Disables Wifi interface 0 Enables Wifi interface W...

Страница 185: ...ocol to use 802 11g n Select the wireless protocol to use 802 11a n Select the wireless protocol to use Web HT mode UCI wireless radio0 htmode Opt country HT mode options 20MHz specifies the channel width in 802 11 40MHz 2nd channel below specifies the channel width in 802 11 40MHz 2nd channel above specifies the channel width in 802 11 Web Country Code UCI wireless radio0 country Opt country Sets...

Страница 186: ...ace configuration The interface configuration section is used to configure the network and security settings It has three sub sections Section Description General Setup Identification network and mode settings Wireless Security Encryption cipher and key security settings MAC Filter MAC address filter settings 21 2 2 1 Interface configuration general setup Use this section to configure the interfac...

Страница 187: ...t WDS ap wds Client WDS sta wds Web Mode UCI wireless wifi iface 0 bssid Opt bssid Defines the BSSID value Only displayed if using client ad hoc or client wds modes Web Network UCI wireless wifi iface 0 network Opt network The network the wireless interface is attached to If using an existing interface select the appropriate network Select unspecified to not attach to any network or fill out the c...

Страница 188: ...e 0 key1 Opt key1 Specifies the first wireless key authentication phrase Web Key 2 UCI wireless wifi iface 0 key2 Opt key2 Specifies the second wireless key authentication phrase Web Key 3 UCI wireless wifi iface 0 key3 Opt key3 Specifies the third wireless key authentication phrase Web Key 4 UCI wireless wifi iface 0 key4 Opt key4 Specifies the fourth wireless key authentication phrase Web Radius...

Страница 189: ...address listed in the text field allow Allow all except listed Allows everything but the MAC address listed in the text field deny Web MAC List UCI wireless wifi iface 0 maclist Opt list maclist Defines the MAC addresses to use Multiple MAC address should be separated by a space if using UCI MAC must be in the format hh hh hh hh hh hh Table 70 Information table for interface configuration MAC filt...

Страница 190: ...ew page appears In the Interface Overview page click Edit on the Ethernet interface that will be bridged into the router s WiFi AP The Common Configuration page appears It has four sections This configuration only uses the Physical Settings section Figure 97 The physical settings section in the common configuration page Web Field UCI Package Option Description Web Bridge Interfaces UCI network lan...

Страница 191: ... modem on a new Ethernet interface using package options root VA_router uci export network package network config interface newwifilan option proto static option ipaddr 192 168 111 1 option netmask 255 255 255 0 root VA_router uci export wireless package wireless config wifi device radio0 option type mac80211 option channel 11 option phy phy0 option hwmode 11ng option htmode HT20 list ht_capab SHO...

Страница 192: ... mac80211 wireless radio0 channel 11 wireless radio0 phy phy0 wireless radio0 hwmode 11ng wireless radio0 htmode HT20 wireless radio0 ht_capab SHORT GI 40 TX STBC RX STBC1 DSSS_CCK 40 wireless radio0 txpower 17 wireless radio0 country US wireless wifi iface 0 wifi iface wireless wifi iface 0 device radio0 wireless wifi iface 0 mode ap wireless wifi iface 0 disabled 1 wireless wifi iface 0 ssid Tes...

Страница 193: ...t ht_capab TX STBC list ht_capab RX STBC1 list ht_capab DSSS_CCK 40 option txpower 17 option country US config wifi iface option device radio0 option mode ap option disabled 1 option ssid Test_AP option network lan option encryption psk option key secretkey 21 4 4 AP mode on an existing Ethernet interface using UCI root VA_router uci show network network lan interface network lan ifname eth0 netwo...

Страница 194: ...iface 0 ssid Test_AP wireless wifi iface 0 network lan wireless wifi iface 0 encryption psk wireless wifi iface 0 key secretkey 21 5 Creating a WiFi in Client mode using the web interface A WiFi network in Client mode receives a wireless network from another WiFi AP Configure the Wifi network in Client mode as described in the above section Configuring a WiFi interface selecting a new interface fo...

Страница 195: ...sport GRE Generic Routing Encapsulation protocol IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point Protocol PPPoE PPP over Ethernet PPPoATM PPP over ATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT style 3G modem Table 72 Information table for interfaces WClient page When you have clicked Save and Apply the router will restart the network package It may take up to one minute ...

Страница 196: ...on encryption psk2 option key testtest 21 6 2 Client modem using UCI root VA_router uci show network network new interface network WCLIENT proto dhcp 21 6 2 1 uci show wireless root VA_router uci show wireless wireless radio0 wifi device wireless radio0 type mac80211 wireless radio0 channel 11 wireless radio0 phy phy0 wireless radio0 hwmode 11ng wireless radio0 htmode HT20 wireless radio0 ht_capab...

Страница 197: ...ions network 22 2 Configuring a mobile connection using the web interface Note If you are creating multiple mobile interfaces simply repeat this chapter for each interface Multiple interfaces are required for dual SIM or multiple radio module scenarios Configuring static routes and or Multi WAN can be used to manage these interfaces In the top menu select Network Interfaces The Interfaces Overview...

Страница 198: ...ged Unspecified IPv6 in IPv4 IPv6 over IPv4 GRE IOT L2TP Layer 2 Tunnelling Protocol PPP PPPoE PPPoATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT style 3G modem Web Create a bridge over multiple interfaces UCI network 3G type Opt type Enables bridge between two interfaces 0 Disabled 1 Enabled Web Cover the following interface UCI network 3G ifname Opt ifname Select interfaces for...

Страница 199: ...TS GPRS EV DO Option Description Static Static configuration with fixed address and netmask DHCP Client Address and netmask are assigned by DHCP Unmanaged Unspecified GRE IOT L2TP Layer 2 Tunnelling Protocol PPP PPPoE PPPoATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT style 3G modem Web Service Type UCI network 3G service Opt service Service type that will be used to connect to t...

Страница 200: ...k 3G password Opt password Password used to connect to APN Web N A UCI network 3G retry_interval_sec Opt retry_interval_sec Alllows to specify exact integer or range that will be used to calculate random number to delay PPP connection 0 PPP will connect immediately without any delay 1 infinite PPP will attempt to connect again after specified interval Range PPP will attempt to connect within speci...

Страница 201: ...fy DNS server Web LCP echo failure threshold UCI network 3G keepalive Opt keepalive Presume peer to be dead after given amount of LCP echo failures use 0 to ignore failures This command is used in conjunction with the LCP echo interval The syntax is as follows uci network 3G keepalive echo failure threshold echo interval Example Uci set network 3G keepalive 15 10 Web LCP echo internal UCI network ...

Страница 202: ...e 202 of 384 22 2 1 3 Mobile interface firewall settings Use this section to select the firewall zone you want to assign to the interface Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it Figure 102 Firewall settings page 22 3 Viewing mobile connectivity information To view mobile connectivity inform...

Страница 203: ...nformation and status of mobile interfaces such as 3G 4G or CDMA enter root VA_router cat var state mobile mobile 3g_1_1_1 status mobile 3g_1_1_1 auto_info etc 3g_1 1 1 auto mobile 3g_1_1_2 status mobile 3g_1_1_2 auto_info etc 3g_1 1 2 auto mobile 3g_1_1_1 sim_slot 1 mobile 3g_1_1_1 sim_in yes mobile 3g_1_1_1 imsi 240016005892879 mobile 3g_1_1_1 registered 1 Home network mobile 3g_1_1_1 reg_code 1...

Страница 204: ..._______________________________________________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 204 of 384 mobile 3g_1_1_2 cdma_srvmode_code 5 mobile 3g_1_1_2 cdma_total_drc 0 0 kbps mobile 3g_1_1_2 cdma_carr_cnt 2 mobile 3g_1_1_2 cdma_rx0 78 mobile 3g_1_1_2 sig_dbm nan mobile 3g_1_1_2 cdma_rx1 105 ...

Страница 205: ...le manager The Mobile Manager feature allows you to configure SIM settings Basic settings Enable SMS configure SIM pincode select roaming SIM collect ICCCIDs and set IMSI CDMA Configure Prefered Roaming List options Callers Configure callers that can use SMS Option available only for Telit CE910 SL module 23 1 Configuration package used Package Sections mobile Main Calllers Roaming template 23 2 C...

Страница 206: ...ng on the SIM card specifiy the pin code for SIM 1 Blank Range Depends on the SIM provider Web PIN code for SIM2 UCI mobile main sim2pin Opt sim2pin Depending on the SIM card specifiy the pin code for SIM 2 Blank Range Depends on the SIM provider Web HDR Auto User ID UCI mobile main hdr_userid Opt hdr_userid AN PPP user ID Supported on Cellient CDMA modem only Blank Range Depends on the CDMA provi...

Страница 207: ...gits up to 15 digits Web MOB_TERM_HOME registration flag UCI mobile main cdma_mob_term_home_registration_flag Opt cdma_mob_term_home_registration_flag The MOB_TERM_HOME registration flag 0 Disabled 1 Enabled Web MOB_TERM_FOR_SID registration flag UCI mobile main cdma_mob_term_for_sid_registration_flag Opt cdma_mob_term_for_sid_registration_flag The MOB_TERM_FOR_SID registration flag 0 Disabled 1 E...

Страница 208: ...o channel Default 0 0 Web SID NID pairs UCI mobile main cdma_sid_nid_pairs Opt cdma_sid_nid_pairs Allows specification of SID NID pairs this takes the form SID1 NID1 SID2 NID2 Format SID1 0 65535 NID 0 65535 Default 0 65535 Table 77 Information table for mobile manager CDMA settings When you have made your changes click Save Apply and then reboot 23 3 Configuring mobile manager using UCI The follo...

Страница 209: ...n init_get_iccids yes config caller option name vasupport option number 353871234567 option enabled yes option respond yes config caller option name vasupport1 option number 353872345678 option enabled yes option respond yes 23 4 Configuring a roaming interface template via the web interface For more information on Roaming Interface Template configuration read the chapter Automatic Operator Select...

Страница 210: ...ss Aug 10 16 29 11 user notice VirtualAccess mobile 1737 Queue sms to 353879876543 hello 23 6 Sending SMS from the router You can send an outgoing message via the command line using the following syntax sendsms 353879876543 hello root VirtualAccess Aug 10 16 29 1 user notice VirtualAccess mobile 1737 Queue sms to 353879876543 hello 23 7 Sending SMS to the router The router can accept UCI show and ...

Страница 211: ...g interface state pings to an ICMP target signal level checks using signal threshold RSCP threshold and ECIO threshold option values A fail for any of the above health checks results in a fail After a configurable number of health check failures Multi WAN will move to the next highest priority interface Multi WAN will optionally stop the failed interface and start the new interface if required In ...

Страница 212: ...rface depending on timer set by ifup_retry_sec 0 Disabled 1 Enabled Web Alternate Mode UCI multiwan config alt_mode Opt alt_mode Enables or disables alternate mode for Multi WAN If enabled the router will use an alternate interface after reboot 0 Disabled 1 Enabled Table 78 Information table for multi WAN page When you have enabled Multi WAN you can add the interfaces that will be managed by Multi...

Страница 213: ...___________________ _____________________________________________________________________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 213 of 384 Figure 107 Example interface showing failover traffic destination as the added multi WAN interface ...

Страница 214: ...P is detected then multiwan does not send a ping health check to the icmp_host otherwise a ping is sent as normal to the icmp_host By default the conntrack_hosts is checked if the health interval is greater than 5 minutes This time threshold currently cannot be manipulated Conntrack is generally used to limit the traffic sent on a GSM network Default Conntrack checks for traffic from icmp_host IP ...

Страница 215: ...pecifies the minimum signal strength in dBm before considering if the interface fails signal health check Uses the value stored for sig_dbm in mobile diagnostics 115 Disabled Range 46 to 115 dBm Web RSCP Threshold dBm UCI multiwan wan rscp_threshold Opt rscp_threshold Specifies the minimum RSCP signal strength in dBm before considering if the interface fails signal health check Uses the value stor...

Страница 216: ...ecific interfaces when using multiple WAN interfaces simultaneously Figure 108 The multi WAN traffic rules page 24 4 Configuring Multi WAN using UCI Multi WAN UCI configuration settings are stored on etc config multiwan Run UCI export or show commands to see multiwan UCI configuration settings A sample is shown below root VA_router uci export multiwan package multiwan config multiwan config option...

Страница 217: ... 3 multiwan wan health_recovery_retries 5 multiwan wan priority 2 multiwan wan manage_state yes multiwan wan exclusive_group 0 multiwan wan ifup_retry_sec 36000 multiwan wan icmp_hosts disable multiwan wan timeout 3 multiwan wan icmp_interval 1 multiwan wan timeout 3 multiwan wan icmp_count 1 multiwan wan conntrack_hosts disable multiwan wan signal_threshold 111 multiwan wan rscp_threshold 90 mult...

Страница 218: ...g interface ADSL option health_interval 10 option icmp_hosts dns option timeout 3 option health_fail_retries 3 option health_recovery_retries 5 option priority 1 option manage_state yes option exclusive_group 0 option ifup_retry_sec 300 option ifup_timeout_sec 40 config interface Ethernet option health_interval 10 option icmp_hosts dns option timeout 3 option health_fail_retries 3 option health_re...

Страница 219: ... files or restart if that fails enable Enable service autostart disable Disable service autostart When troubleshooting make sure that the routing table is correct using route n Ensure all parameters in the multi WAN package are correct The name used for multi WAN interfaces must be identical including upper and lowercases to the interface name defined in the network configuration To check the name...

Страница 220: ...nd the multiwan package is used to run failover between interfaces Typically these auto generated interfaces are sorted by signal strength Details for these interfaces are provided in the mobile package When you have created the interfaces Multi WAN manages the operation of primary predefined and failover auto created interfaces Multi WAN periodically does a health check on the active interface A ...

Страница 221: ...within the time set by multiwan option ifup_timeout continue to step 2 Otherwise go to step 4 2 A health check is periodically done on the PMP interface as determined by the multiwan option health_interval If the health check fails for the number of retries multiwan option health_fail_retries disconnect the PMP interface 3 Connect the first auto generated interface 4 If the interface connects with...

Страница 222: ...pears Figure 110 The create interface page Web Field UCI Package Option Description Web Name of the new interface UCI network 3g_s sim number _ short operator name Opt 3g_s sim number _ short operator name Type the name of the new interface Type the interface name in following format 3g_s sim number _ short operator name Where sim number is number of roaming SIM 1 or 2 and short operator name is f...

Страница 223: ... DHCP Unmanaged Unspecified IPv6 in IPv4 RFC4213 IPv4 tunnels that carry IPv6 IPv6 over IPv4 IPv6 over IPv4 tunnel GRE Generic Routing Encapsulation IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point Protocol PPPoE Point to Point Protocol over Ethernet PPPoATM Point to Point Protocol over ATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT style 3G modem Web Create a bridge over ...

Страница 224: ...oint Protocol over ATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT style 3G modem Web Service Type UCI network x service Opt service Service type that will be used to connect to the network gprs_only Allows GSM module to only connect to GPRS network lte_only Allows GSM module to only connect to LTE network cdma Allows GSM module to only connect to CDMA network auto GSM module will...

Страница 225: ...___________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 225 of 384 25 2 1 4 Set multi WAN options for primary predefined interface On the web interface go to Network Multi Wan The Multi WAN page appears Figure 112 The multi WAN page In the WAN Interfaces section type in the name of the Multi WAN interface Click Add The Multi WAN page appe...

Страница 226: ...abled Enables multiwan 0 Disabled 1 Enabled Web Preempt UCI multiwan config preempt Opt preempt Enables or disables pre emption for multiwan If enabled the router will keep trying to connect to a higher priority interface depending on timer set 0 Disabled 1 Enabled Web Alternate Mode UCI multiwan config alt Opt alt Enables or disables alternate mode for multiwan If enabled the router will use an a...

Страница 227: ...onntrack is generally used to limit the traffic sent on a GSM network Default Conntrack checks for traffic from icmp_host IP when health_interval is greater than 5 minutes Disable Conntrack disabled Custom Specifies an IP other than the icmp_host for conntrack to track Web Health Monitor ICMP Timeout UCI multiwan x timeout Opt timeout Sets ping timeout in seconds Choose the time in seconds that th...

Страница 228: ...5 Disabled Range 46 to 115 dBm Web RSCP Threshold dBm UCI multiwan x rscp_threshold Opt rscp_threshold Specifies the minimum RSCP signal strength in dBm before considering if the interface fails signal health check Uses the value stored for rscp_dbm in mobile diagnostics 115 Disabled Range 46 to 115 dBm Web ECIO Threshold dB UCI multiwan x ecio_threshold Opt ecio_threshold Specifies the minimum EC...

Страница 229: ... Web Field UCI Package Option Description Web SMS Enable UCI mobile main sms Opt sms Enables SMS no Disabled yes Enabled Web Collect ICCIDs UCI mobile main init_get_iccids Opt init_get_iccids Enables or disables integrated circuit card identifier ICCID s collection functionality If enabled then both SIM 1 and SIM 2 ICCIDs will be collected otherwise it will default to SIM 1 This will be display un...

Страница 230: ...Package Option Description Web Name UCI mobile caller 0 name Opt name Name assigned to the caller Web Number UCI mobile caller 0 number Opt number Number of the caller allowed to SMS the router Add in specific caller numbers or use the wildcard symbol Web Enable UCI mobile caller 0 enabled Opt enabled Enables or disables incoming caller ID 0 Disabled 1 Enabled Web Respond UCI mobile caller 0 respo...

Страница 231: ..._______________________________ _____________________________________________________________________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 231 of 384 25 2 3 Roaming interface template Figure 115 The roaming interface template page ...

Страница 232: ...twork umts_only Allows GSM module to only connect to 3G network gprs_only Allows GSM module to only connect to GPRS network cdma Allows GSM module to only connect to cdma network Web APN UCI mobile roaming_template 0 apn Opt apn APN name of Mobile Network Operator Web PIN UCI mobile roaming_template 0 pincode Opt pincode SIM card s PIN number Web PAP CHAP username UCI mobile roaming_template 0 use...

Страница 233: ...he one specified in the priority field for the PMP interface 0 Range Web Minimum ifup interval UCI multiwan wan ifup_retry_sec Opt ifup_retry_sec Not used for a roaming interface 300 Retry primary interface every 300 seconds Range Web Interface Start Timeout UCI mobile roaming_template 0 ifup_timeo ut_sec Opt ifup_timeout Specifies the time in seconds for interface to start up If it is not up afte...

Страница 234: ... multiwan health checks after expiration of the ifup_retry_sec timer Follow the instructions in the section above for creation of the PMP interface multi WAN and Mobile Manager roaming interfaces The only change in configuration compared to the PMP roaming pre empt enabled scenario is that you must disable the pre empt option in the multi WAN package 25 2 4 1 Set multi WAN options for pre empt dis...

Страница 235: ...h check failures Multi WAN will disconnect the failed interface and attempt to connect to the next best roaming interface 25 2 6 Set options for automatically created interfaces failover In the top menu on the web interface page select Services Mobile Manager The Mobile Manager page appears There are three sections Basic settings Configure SMS select roaming SIM and collect ICCCIDs Callers Configu...

Страница 236: ...for mobile manager basic settings 25 2 6 2 Caller settings Web Field UCI Package Option Description Web Name UCI mobile caller 0 name Opt name Name assigned to the caller blank range Web Number UCI mobile caller 0 number Opt number Number of the caller allowed to SMS the router Add in specific caller numbers or use the wildcard symbol blank range Web Enable UCI mobile caller 0 enabled Opt enabled ...

Страница 237: ...rface template page Web Field UCI Package Option Description Web Interface Signal Sort UCI mobile roaming_template 0 sort_sig_st rength Opt sort_sig_strength Sorts interfaces by signal strength priority so those that have a better signal strength will be tried first Web Roaming SIM UCI mobile main roaming_sim Opt roaming_sim Sets which slot to insert roaming SIM card 1 SIM slot 1 2 SIM slot 2 Web ...

Страница 238: ...terval UCI mobile roaming_template 0 health_int erval Opt health_interval Sets the period to check the health status of the interface The Health Monitor interval will be used for interface state checks ping interval signal strength checks Web Health Monitor ICMP Host s UCI mobile roaming_template 0 icmp_host s Opt icmp_hosts Specifies target IP address for ICMP packets Disable Disables the option ...

Страница 239: ...ies the minimum signal strength in dBm before considering if the interface fails signal health check Uses the value stored for sig_dbm in mobile diagnostics 115 dBm Disabled range 46 to 115 dBm Table 88 Information table for roaming interface template When you have configured your settings click Save Apply 25 2 7 1 Set multi WAN operation From the top menu select Network Multi Wan The Multi WAN pa...

Страница 240: ...rk To view the network configuration file enter root VA_router uci export network package network config interface loopback option ifname lo option proto static option ipaddr 127 0 0 1 option netmask 255 0 0 0 config interface lan option ifname eth0 option proto static option ipaddr 192 168 100 1 option netmask 255 255 255 0 config interface 3g_s1_voda option auto 0 option proto 3g option service ...

Страница 241: ... service umts network 3g_s1_voda apn test IE network 3g_s1_voda username test network 3g_s1_voda password test network 3g_s1_voda sim 1 network 3g_s1_voda operator vodafone IE 25 3 1 2 Roaming interface configuration The roaming interface configurations are stored in the mobile package etc config mobile To view the mobile configuration file enter root VA_router uci export mobile config mobile main...

Страница 242: ..._get_iccids no mobile caller 0 caller mobile caller 0 name Test mobile caller 0 number mobile caller 0 enabled yes mobile caller 0 respond yes mobile roaming_template 0 roaming_template mobile roaming_template 0 roaming_sim 1 mobile roaming_template 0 firewall_zone wan mobile roaming_template 0 apn test IE mobile roaming_template 0 username test mobile roaming_template 0 password test mobile roami...

Страница 243: ...ig interface 3g_s1_voda option health_fail_retries 3 option health_interval 3 option timeout 1 option icmp_hosts disable option priority 10 option exclusive_group 3g option signal_threshold 95 option ifup_retry_sec 350 option ifup_timeout_sec 180 option manage_state 1 To view the uci command of package multiwan enter root VA_router uci show multiwan multiwan config multiwan multiwan config enabled...

Страница 244: ...r uci set multiwan config preempt 0 uci commit Note available values are 0 Disabled 1 Enabled 25 4 Configuring no PMP roaming using UCI The roaming interface configuration file is stored in the mobile package etc config mobile To view the mobile package enter root VA_router uci export mobile package mobile config mobile main option sms yes option roaming_sim 1 option debug 1 config caller option n...

Страница 245: ... 1 mobile main debug 1 mobile caller 0 caller mobile caller 0 name Eval mobile caller 0 number mobile caller 0 enabled yes mobile caller 0 respond yes mobile roaming_template 0 roaming_template mobile roaming_template 0 roaming_sim 1 mobile roaming_template 0 firewall_zone wan mobile roaming_template 0 apn stream co uk mobile roaming_template 0 username default mobile roaming_template 0 password v...

Страница 246: ...iwan package multiwan config multiwan config option enabled yes option preempt no option alt_mode no To see multiwan package via uci enter root VA_router uci show multiwan multiwan config multiwan multiwan config enabled yes multiwan config preempt no multiwan config alt_mode no 25 5 Automatic operator selection diagnostics via the web interface 25 5 1 Checking the status of the Multi WAN package ...

Страница 247: ..._________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 247 of 384 Figure 121 The interface overview page To check the status of the interface you are currently using in the top menu click Status The Interface Status page appears Scroll down to the bottom of the page to view Multi WAN Stats Figure 122 The status page multi WAN status sectio...

Страница 248: ...________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 248 of 384 25 6 Automatic operator selection diagnostics via UCI To check interfaces created in the multi WAN package enter root VA_router cat var const_state multiwan Figure 123 Example of output from the command cat var const_stat multiwan To check interfaces created in the network package enter root VA_rout...

Страница 249: ...___________________________________ _____________________________________________________________________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 249 of 384 Figure 124 Example of output from the command cat var const_state network ...

Страница 250: ...__________________________________________________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 250 of 384 To check the status of the interface you are currently using enter root VA_router cat var const_state_ mobile Figure 125 Example of output from the command cat vat const_state_ mobile ...

Страница 251: ... DMVPN read the chapter Dynamic Multipoint Virtual Private Network DMVPN The number of IPSec tunnels supported by Virtual Access routers is not limited in any way by software the only hardware limitation is the amount of RAM installed on the device 26 1 Configuration package used Package Sections strongswan general connection secret 26 2 Configuring IPSec using the web interface To configure IPSec...

Страница 252: ...t unique with any new automatically keyed connection using an ID from a different IP address deemed to replace all old ones using that ID Participant IDs normally are unique so a new automatically keyed connection using the same ID is almost invariably intended to replace an old one 0 Disabled 1 Enabled replace Identical to Yes keep Rejects new IKE SA and keep the duplicate established earlier Web...

Страница 253: ... mode along with PSK authentication is less secure method than main mode and should be avoided 0 Disabled 1 Enabled Web Name UCI strongswan connection X name Opt name Specifies a name for the tunnel Web Autostart Action UCI strongswan connection X auto Opt auto Specifies when the tunnel is initiated start On start up route When traffic routes this way add Loads a connection without starting it ign...

Страница 254: ...Sets the public IP address of the remote peer Web Local ID UCI strongswan connection X localid Opt localid Defines the local peer identifier Web Remote ID UCI strongswan connection X remoteid Opt remoteid Defines the remote peer identifier Web Local LAN IP Address UCI strongswan connection X locallan Opt locallan Defines the local IP of LAN Web Local LAN IP Address Mask UCI strongswan connection X...

Страница 255: ...proto Opt remoteproto Restricts the connection to a single protocol on the remote side Web Remote Port UCI strongswan connection X remoteport Opt remoteport Restricts the connection to a single port on the remote side Web Authby UCI strongswan connection X authby Opt authby Defines how the two secure gateways should authenticate Note using aggressive mode along with PSK authentication is unsecure ...

Страница 256: ...ttings IPSec settings Figure 129 The IPSec connections settings Web Field UCI Package Option Description Web XAuth Identity UCI strongswan connection X xauth_identity Opt xauth_identity Defines Xauth ID Web IKE Algorithm UCI strongswan connection X ike Opt ike Specifies the IKE algorithm to use The format is encAlgo authAlgo DHGroup encAlgo 3des aes128 aes256 serpent twofish blowfish authAlgo md5 ...

Страница 257: ...alled wan and a WAN ADSL interface called dsl and wanted to use one of these interfaces for this IPSec connection you would use wan adsl Web IKE Life Time UCI strongswan connection X ikelifetime Opt ikelifetime Specifies how long the keyring channel of a connection ISAKMP or IKE SA should last before being renegotiated 3h Timespec 1d 3h 25m 10s Web Key Life UCI strongswan connection X keylife Opt ...

Страница 258: ...re only sent if no other traffic is received 30s Timespec 1d 2h 25m 10s Web DPD Timeout UCI strongswan connection X dpdtimeout Opt dpdtimeout Defines the timeout interval after which all connections to a peer are deleted in case of inactivity 150s Timespec 1d 2h 25m 10s Table 93 Information table for IPSec connections settings 26 2 5 Configure secrect settings Each tunnel requires settings to conf...

Страница 259: ...natures Rsasig RSA digital signatures Ecdsasig Elliptic Curve DSA signatures Xauth Extended authentication Web Secret UCI strongswan secret X secret Opt secret Defines the secret Table 94 Information table for IPSec secrets settings 26 3 Configuring IPSec using UCI 26 3 1 Common settings Commands touch etc config strongswan uci set strongswan general general uci set strongswan general enabled yes ...

Страница 260: ...ress 100 100 100 100 uci set strongswan connection 0 localid 192 168 209 1 uci set strongswan connection 0 remoteid 100 100 100 100 uci set strongswan connection 0 locallan 192 168 209 1 uci set strongswan connection 0 locallanmask 255 255 255 255 uci set strongswan connection 0 remotelan 172 19 101 3 uci set strongswan connection 0 remotelanmask 255 255 255 255 uci set strongswan connection 0 aut...

Страница 261: ...LAN network is 0 0 0 0 0 then all traffic generated on the local LAN will be sent via the IPSec tunnel This includes the traffic destined to the router s IP address To avoid this situation you must include an additional config connection section Commands touch etc config strongswan uci add strongswan connection uci set strongswan connection 1 name local uci set strongswan connection 1 enabled yes ...

Страница 262: ...tion section in Connection Settings is shown below Commands to add a secret for psk auth touch etc config strongswan uci add strongswan secret uci set strongswan secret 0 enabled yes uci set strongswan secret 0 localaddress 192 168 209 1 uci set strongswan secret 0 remoteaddress 100 100 100 100 uci set strongswan secret 0 secrettype psk uci set strongswan secret 0 secret secret uci commit This wil...

Страница 263: ... commit This will create the following output config secret option enabled yes option idtype userfqdn option userfqdn testxauth option remoteaddress 100 100 100 100 option secret xauth option secrettype XAUTH 26 4 Configuring an IPSec template for DMVPN via the web interface To configure IPSec using the web interface in the top menu select Services IPSec The strongSwan IPSec VPN page appears There...

Страница 264: ... normally are unique so a new automatically keyed connection using the same ID is almost invariably intended to replace an old one 0 Disabled 1 Enabled replace Identical to Yes keep Rejects new IKE SA and keep the duplicate established earlier Web Cache CRLs UCI strongswan general cachecrls Opt cachecrls Certificate Revocation Lists CRLs fetched via HTTP or LDAP will be cached in etc ipsec d crls ...

Страница 265: ...____________________________________________ _____________________________________________________________________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 265 of 384 Figure 132 The connections settings section ...

Страница 266: ...swan connection X type Opt type Defines the type of IPSec connection tunnel Connection uses tunnel mode transport Connection uses transport mode pass Connection does not perform any IPSec processing drop Connection drops all the packets Web Remote GW Address UCI strongswan connection X remoteaddress Opt remoteaddress Sets the public IP address of the remote peer Leave blank for DMVPN Web Local ID ...

Страница 267: ...uthby Opt authby Defines how the two secure gateways should authenticate Note using aggressive mode along with PSK authentication is unsecure and should be avoided Pubkey For public key signatures Rsasig For RSA digital signatures ecdsasig For Elliptic Curve DSA signatures Psk Using a preshared key xauthrsasig Enables eXtended Authentication XAuth with addition to RSA signatures xauthpsk Using ext...

Страница 268: ...alled wan and a WAN ADSL interface called dsl and wanted to use one of these interfaces for this IPSec connection you would use wan adsl Web IKE Life Time UCI strongswan connection X ikelifetime Opt ikelifetime Specifies how long the keyring channel of a connection ISAKMP or IKE SA should last before being renegotiated 3h Timespec 1d 3h 25m 10s Web Key Life UCI strongswan connection X keylife Opt ...

Страница 269: ...re only sent if no other traffic is received 30s Timespec 1d 2h 25m 10s Web DPD Timeout UCI strongswan connection X dpdtimeout Opt dpdtimeout Defines the timeout interval after which all connections to a peer are deleted in case of inactivity 150s Timespec 1d 2h 25m 10s Table 96 Information table for IPSec connections settings 26 4 3 Configure secrect settings Each tunnel requires settings to conf...

Страница 270: ...figuring an IPSec template to use with DMVPN The following example shows how to configure an IPSec connection template to use with DMVPN Commands touch etc config strongswan uci set strongswan general general uci set strongswan general enabled yes uci set strongswan general strictcrlpolicy no uci set strongswan general uniqueids yes uci set strongswan general cachecrls yes uci set strongswan gener...

Страница 271: ...gswan secret 0 secrettype psk uci set strongswan secret 0 secret secret This will create package strongswan config general general option enabled yes option strictcrlpolicy no option uniqueids yes option cachecrls yes option nattraversal yes config connection option enabled yes option name dmvpn option type transport option localproto gre option remoteproto gre option ike aes sha1 modp1024 option ...

Страница 272: ...ted by an underscore for example dmvpn_213 233 148 2 26 7 IPSec diagnostics using UCI 26 7 1 IPSec configuration To view IPSec configuration via UCI enter root VA_router uci export strongswan To restart strongSwan enter root VA_router etc init d strongswan restart 26 7 2 IPSec status 26 7 3 To view IPSec status enter root VA_router ipsec statusall Security Associations 1 up 0 connecting dmvpn_89_1...

Страница 273: ...etfilter system is a chained processing filter where packets pass through various rules The first rule that matches is executed often leading to another rule chain until a packet hits either ACCEPT or DROP REJECT Accepted packets pass through the firewall Dropped packets are prohibited from passing Rejected packets are also prohibited but an ICMP message is returned to the source host A minimal fi...

Страница 274: ...firewall defaults input Opt input Default policy for the INPUT chain Accept Accepted packets pass through the firewall Reject Rejected packets are blocked by the firewall and ICMP message is returned to the source host Drop Dropped packets are blocked by the firewall Web Output UCI firewall defaults output Opt output Default policy for the Output chain Accept Accepted packets pass through the fire...

Страница 275: ... in any way by software the only hardware limitation is the amount of RAM installed on the device 27 2 2 1 Firewall zone general settings Figure 136 The firewall zone general settings Web Field UCI Package Option Description Web name UCI firewall zone label name Opt name Sets the unique zone name Maximum of 11 characters allowed Note the zone label is obtained by using the uci show firewall comman...

Страница 276: ...ic Forward rules for a zone describe what happens to traffic passing between different interfaces within that zone Accept Accepted packets pass through the firewall Reject Rejected packets are blocked by the firewall and ICMP message is returned to the source host Drop Dropped packets are blocked by the firewall Web Masquerading UCI firewall zone label masq Opt masq Specifies whether outgoing zone...

Страница 277: ...s Negation is possible by prefixing the subnet with Multiple subnets are allowed Web Restrict Masquerading to given destination subnets UCI firewall zone label masq_dest Opt masq_dest Limits masquerading to the given destination subnets Negation is possible by prefixing the subnet with Multiple subnets are allowed Web Force connection tracking UCI firewall zone label conntrack Opt conntrack Forces...

Страница 278: ...section Web Field UCI Package Option Description Web Allow forward to destination zones UCI firewall forwarding label dest Opt dest Allows forward to other zones Enter the current zone as the source Enabling this option puts two entries into the firewall file destination and source UCI firewall forwarding label src Opt src Web Allow forward from source zones UCI firewall forwarding label dest Opt ...

Страница 279: ... integer starting from 0 Web Protocol UCI firewall redirect label proto Opt proto Defines layer 4 protocol to match incoming traffic tcp udp Match either TCP or UDP packets tcp Match TCP packets only udp Match UDP packets only Web Source UCI firewall redirect label src Opt src Specifies the traffic source zone It must refer to one of the defined zone names When using the web interface this is set ...

Страница 280: ...on tcp udp port for the redirect traffic Web Enable UCI firewall redirect label enabled Opt enabled Specifies if this redirect should be enabled or disabled 0 Disabled 1 Enabled Table 102 Information table for firewall port forward settings The defined redirects can be sorted into a specific order to be applied More specific rules should be placed first After the redirect is created and saved to m...

Страница 281: ...UCI firewall redirect label reflection Opt reflection Enable or disable NAT reflection for this redirect 0 reflection disabled 1 reflection enabled Web Extra arguments UCI firewall redirect label extra Opt extra Passes extra arguments to IP tables This is useful to specify additional match options like m policy dir in for IPSec The arguments are entered as text strings Table 103 Information table ...

Страница 282: ...I firewall rule label icmp_type Opt icmp_type Match specific icmp types This option is only valid when ICMP is selected as the protocol ICMP types can be listed as either type names or type numbers Note for a full list of valid ICMP type names see the ICMP Options table below Web Source zone UCI firewall rule label src Opt src Specifies the traffic source zone must refer to one of the defined zone...

Страница 283: ...ecified above is not reached up to this number Web n a UCI firewall rule label recent Opt recent Sets number of allowed connections within specified time This command takes two values e g recent 2 120 will allow 2 connections within 120 seconds Table 104 Information table for firewall traffic rules ICMP Options ICMP Options ICMP Options ICMP Options address mask reply host redirect pong time excee...

Страница 284: ...rotocols or a different one A protocol name from etc protocols is also allowed The number 0 is equivalent to all Dest Specifies the traffic destination zone must refer to one of the defined zone names If specified the rule applies to forwarded traffic else it is treated as input rule dest_ip Match incoming traffic directed to the specified destination IP address dest_port Match incoming traffic di...

Страница 285: ...s 0 forward ACCEPT Note this command is only required if there is no defaults section 27 3 2 Firewall zone settings To set up a firewall zone enter uci add firewall zone uci set firewall zone 1 name lan uci set firewall zone 1 input ACCEPT uci set firewall zone 1 output ACCEPT uci set firewall zone 1 forward ACCEPT uci set firewall zone 1 network lan1 wifi_client uci set firewall zone 1 family any...

Страница 286: ...0 100 uci set firewall redirect 1 dest_port 2005 uci set firewall redirect 1 enabled 1 27 3 5 Firewall traffic rules To set traffic rules enter uci add firewall rule uci set firewall rule 1 enabled 1 uci set firewall rule 1 name Allow_ICMP uci set firewall rule 1 family any uci set firewall rule 1 proto ICMP uci set firewall rule 1 icmp_type any uci set firewall rule 1 src wan uci set firewall rul...

Страница 287: ...p fdca f00 ba3 64 option target ACCEPT Similarly the following rule is automatically treated as IPv4 only config rule option src wan option dest_ip 88 77 66 55 option target REJECT Rules without IP addresses are automatically added to iptables and ip6tables unless overridden by the family option Redirect rules port forwards are always IPv4 since there is no IPv6 DNAT support at present 27 5 Implic...

Страница 288: ...6 Connection tracking By default the firewall will disable connection tracking for a zone if no masquerading is enabled This is achieved by generating NOTRACK firewall rules matching all traffic passing via interfaces referenced by the firewall zone The purpose of NOTRACK is to speed up routing and save memory by circumventing resource intensive connection tracking in cases where it is not needed ...

Страница 289: ... secure manner because it is not using default port 22 config redirect option name ssh option src wan option proto tcpudp option src_dport 5555 option dest_ip 192 168 1 100 option dest_port 22 option target DNAT option dest lan 27 7 3 Source NAT SNAT Source NAT changes an outgoing packet destined for the system so that is looks as though the system is the source of the packet Define source NAT for...

Страница 290: ...7 4 True destination port forwarding This usage is similar to SNAT but as the destination IP address is not changed machines on the destination network need to be aware that they ll receive and answer requests from a public IP address that is not necessarily theirs Port forwarding in this fashion is typically used for load balancing config redirect option src wan option src_dport 80 option dest la...

Страница 291: ...w creates a forward rule rejecting traffic from LAN to WAN on the ports 1000 1100 config rule option src lan option dest wan option dest_port 1000 1100 option proto tcpudp option target REJECT 27 7 9 Denial of service protection rule The example below shows a sample configuration of SSH DoS attack where if more than two SSH connections are attempted within 120 seconds every further connection will...

Страница 292: ... option ipaddr 10 1 28 122 option netmask 255 255 0 0 option ifname eth1 eth3 12 option ipv4_rp_filter 1 27 7 11 Simple DMZ rule The following rule redirects all WAN ports for all protocols to the internal host 192 168 1 2 config redirect option src wan option proto all option dest_ip 192 168 1 2 27 7 12 Transparent proxy rule external The following rule redirects all outgoing HTTP traffic from LA...

Страница 293: ...st The rule below redirects all outgoing HTTP traffic from LAN through a proxy server listening at port 3128 on the router itself config redirect option src lan option proto tcp option src_dport 80 option dest_port 3128 27 7 14 IPSec passthrough This example enables proper forwarding of IPSec traffic through the WAN AH protocol config rule option src wan option dest lan option proto ah option targ...

Страница 294: ...16 Firewall management After a configuration change to rebuild firewall rules enter root VA_router etc init d firewall restart Executing the following command will flush all rules and set the policies to ACCEPT on all standard chains root VA_router etc init d firewall stop To manually start the firewall enter root VA_router etc init d firewall start To permanently disable the firewall enter root V...

Страница 295: ...____________ _____________________________________________________________________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 295 of 384 To direct the output to a file for later inspection enter root VA_router FW_TRACE 1 fw reload 2 tmp iptables lo ...

Страница 296: ...oad monitor_memory monitor_process pass system trapreceiver usm_user view The SNMP application has several configuration sections System and Agent Configures the SNMP agent Com2Sec Maps SNMP community names into an arbitrary security name Group Assigns community names and SNMP protocols to groups View and Access Creates views and sub views of the whole available SNMP tree and grants specific acces...

Страница 297: ...es the address es and port s on which the agent should listen udp tcp port address Web Enable Authentication Traps UCI snmpd agent 0 authtrapenabled Opt authtrapenabled Enables or disables SNMP authentication trap 0 Disabled 1 Enabled Note this is the SNMP poll authentication trap to be set when there is a community mismatch Web Enable Link State Notification UCI snmpd agent 0 link_updown_notify O...

Страница 298: ...for no restrictions Web Community UCI snmpd com2sec x community Opt community Specifies the community string being presented in the request Table 108 Information table for Com2Sec settings 28 2 3 Group settings Group settings assign community names and SNMP protocols to groups Figure 145 The group settings section Web Field UCI Package Option Description Web Group UCI snmpd group x group Opt group...

Страница 299: ...Name UCI snmpd view x viewname Opt viewname Specifies an arbitrary view name Typically it describes what the view shows Web Type UCI snmpd view x type Opt type Specifies whether the view lists oids that are included in the view or lists oids to be excluded from the view in which case all other oids are visible apart from those ones listed included excluded Web OID UCI snmpd view x oid Opt oid OID ...

Страница 300: ...MP version number being used in the request any v1 v2c and usm are supported v1 SNMP v1 v2v SNMP v2 usm SNMP v3 any Any SNMP version Web Level UCI snmpd access x level Opt level Specifies the security level For SNMP v1 and SNMP v2c level must be noauth noauth auth priv Web Prefix UCI snmpd access x prefix Opt prefix Prefix specifies how context above should be matched against the context of the in...

Страница 301: ...munity to use in trap messages for this host Table 112 Information table for trap receiver settings 28 2 7 Inform receiver Inform receiver settings define a notification receiver that should be sent SNMPv2c INFORM notifications Figure 149 The inform receiver settings page Web Field UCI Package Option Description Web Host UCI snmpd informreceiver x host Opt host Host address Can be either an IP add...

Страница 302: ...option sysName Backup Access 4 config agent option agentaddress UDP 161 option authtrapenabled 1 option link_updown_notify 1 Another sample agent configuration shown below causes the agent to listen on UDP port 161 TCP port 161 and UDP port 9161 on only the interface associated with the localhost address config agent option agentaddress UDP 161 tcp 161 9161 localhost 28 3 3 com2sec settings The fo...

Страница 303: ... config com2sec public option secname ro option source default option community public config com2sec private option secname rw option source localhost option community private 28 3 4 Group settings The following example specifies that a request from the security name ro using snmp v1 v2c or USM User Based Security Model for SNM P v3 are all mapped to the public group Similarly requests from the s...

Страница 304: ...pd grp_1_access read all snmpd grp_1_access write none snmpd grp_1_access notify none snmpd grp_1_access group public snmpd grp_2_v1 group snmpd grp_2_v1 version v1 snmpd grp_2_v1 group public snmpd grp_2_v1 secname ro snmpd grp_2_v2c group snmpd grp_2_v2c version v2c snmpd grp_2_v2c group public snmpd grp_2_v2c secname ro snmpd grp_2_usm group snmpd grp_2_usm version usm snmpd grp_2_usm group pub...

Страница 305: ...2 Group settings using package options config group public_v1 option group public option version v1 option secname ro config group public_v2c option group public option version v2c option secname ro config group public_usm option group public option version usm option secname ro config group private_v1 option group private option version v1 option secname rw config group private_v2c option group p...

Страница 306: ...mib2 view snmpd mib2 viewname mib2 snmpd mib2 type included snmpd mib2 oid iso org dod Internet mgmt mib 2 28 3 5 2 View settings using package options config view all option viewname all option type included option oid 1 config view mib2 option viewname mib2 option type included option oid iso org dod Internet mgmt mib 2 28 3 6 Access settings The following example shows the public group being gr...

Страница 307: ...tion prefix exact option read all option write all option notify all 28 3 7 SNMP traps settings 28 3 7 1 SNMP trap using UCI snmpd trapreceiver 0 trapreceiver snmpd trapreceiver 0 host 1 1 1 1 161 snmpd trapreceiver 0 version v1 snmpd trapreceiver 0 community public SNMP trap using package options for SNMPv1 or v2c trap receivers config trapreceiver option host IPADDR PORT option version v1 v2c op...

Страница 308: ...ckup router should the Master become unavailable This process allows the virtual router IP address es on the LAN to be used as the default first hop router by end hosts The advantage gained from using VRRP is a higher availability default path without requiring configuration of dynamic routing or router discovery protocols on every end host Two or more routers forming the redundancy cluster are co...

Страница 309: ... in which the VRRP cluster is to operate For example lan The interface name is taken from the package network Web Track Interfaces UCI vrrp g1 track_iface Opt track_iface Sets one or more WAN interfaces that VRRP should monitor If a monitored interface goes down on the Master VRRP router it goes into Fault state and the Backup VRRP router becomes the Master Web IPSec connection UCI vrrp g1 ipsec_c...

Страница 310: ...ication method This field may be left blank if no authentication is required Web Virtual IP UCI vrrp g1 virtual_ipaddr Opt virtual_ipaddr Sets the virtual IP address and mask in prefix format For example 11 1 1 99 24 All co operating VRRP routers serving the same LAN must be configured with the same virtual IP address Web GARP UCI vrrp g1 garp_delay_sec Opt garp_delay_sec Sets the Gratuitous ARP m...

Страница 311: ...d GW6600V Series User Manual Issue 1 5 Page 311 of 384 Or enter uci show vrrp vrrp main vrrp vrrp main enabled yes vrrp g1 vrrp_group vrrp g1 enabled yes vrrp g1 interface lan1 vrrp g1 track_iface lan vrrp g1 init_state BACKUP vrrp g1 router_id 1 vrrp g1 priority 115 vrrp g1 advert_int_sec 2 vrrp g1 password secret vrrp g1 virtual_ipaddr 10 1 10 150 16 vrrp g1 garp_delay_sec 5 vrrp g1 ipsec_connec...

Страница 312: ...nd MNP2 4 error correction Table 115 Dial modem standards 30 1 V 90 modem scenarios You can use the V 90 modem in several scenarios The table below gives a brief description of these scenarios while the following sections describe how to set up and configure the modem Scenario Description As a normal WAN interface Use the V 90 modem in the same way as other WAN interfaces such as DSL and ISDN As a...

Страница 313: ...onfiguring the modem as a dial out interface via UCI interface To allow the router to use the PSTN modem to make outbound calls you must configure a dial out interface The dial out configuration files are stored on Network files etc econf network uci export network config interface dialout5 option proto ppp option auto 0 option device dev ttyCX0 option noipdefault 1 option peerdns 0 option nopersi...

Страница 314: ...low out of band management access to the router using the PSTN modem you must configure three settings Mgetty assigns the inbound call to the modem Dial in interface assigns and establishes a PPP connection Management user for control of a secure connection 30 4 1 Mgetty settings The configuration files are stored on Mgetty files etc config mgetty uci export mgetty config mgetty main option enable...

Страница 315: ...speed 19200 mgetty ttyCX0 debug 9 30 4 2 Dial in interface settings The configuration files are stored on Network files etc config network uci export network config interface dialin option proto ppp option auto 0 option peerdns 1 option remote_ipaddr 172 168 101 2 option local_ipaddr 172 168 101 1 option noipdefault 1 option defaultroute 0 option remote_auth_options require_eap To view the configu...

Страница 316: ...t user files etc config managerment_user uci export managment_users config user option enabled 1 option username test option password test option srpuser 1 option chapuser 0 option webuser 0 option smsuser 0 option linuxuser 0 To view the configuration files enter uci show managment_users managment_users user 0 user managment_users user 0 enabled 1 managment_users user 0 username test managment_us...

Страница 317: ... need of IPSec configuration to the physical interface This reduces the number of lines of configuration required for a VPN development For example for a 1000 site deployment DMVPN reduces the configuration effort at the hub from 3900 lines to 13 Adding new peers spokes to the VPN requires no changes at the hub Better scalability of the network Dynamic IP addresses can be used at the peers site Sp...

Страница 318: ... their WAN interface ADSL 3G and initiate main mode IPSec in transport mode to the hub After an IPSec tunnel is established spokes register their NHRP membership with the hub GRE tunnels come up Hub caches the GRE tunnel and real IP addresses of each spoke When spoke1 wants to talk to spoke2 it sends an NHRP resolution request to the hub The hub checks its cache table and forwards that request to ...

Страница 319: ... spoke with the source of the packet Hub sends an NHRP registration reply with a NAT extension to spoke1 The NAT extension informs spoke1 that it is behind the NAT ed device Spoke1 registers its pre and post NAT address When spoke1 wants to talk to spoke2 it sends an NHRP resolution request to the hub Hub checks its cache table and forwards that request to spoke2 Spoke2 caches spoke1 s GRE pre and...

Страница 320: ...the web interface The DMVPN section contains fields required to configure the parameters relative to the DMVPN Hub These are used for DMVPN tunnels such as GRE tunnels GRE tunnel remote IP DMVPN Hub IP and password 31 5 1 DMVPN general settings In the top menu select Network DMVPN The DMVPN page appears There are two sections General and DMVPN Hub Settings Figure 154 The DMVPN general section Web ...

Страница 321: ...he GRE interface on the hub For example if the mask is 255 255 0 0 the length will be 16 Web DMVPN Hub IP Address UCI dmvpn interface X nhs_ip Opt nhs_ip Configures the physical IP address for the DMVPN hub Web NHRP Authentication UCI dmvpn interface X cisco_auth Opt cisco_auth Enables authentication on NHRP The password will be applied in plaintext to the outgoing NHRP packets Maximum length is 8...

Страница 322: ...6 The IPSec connections page In the Name column the syntax contains the IPSec name defined in package dmvpn and the remote IP address of the hub or the spoke separated by an underscore for example dmvpn_213 233 148 2 To check the status of DMVPN in the top menu click Status DMVPN Figure 157 The NBMA peers page To check DMVPN status enter opennhrpctl show Status ok Interface gre GRE Type local Prot...

Страница 323: ...estination with local route local_addr Local destination IP or off NBMA subnet Protocol Address Tunnel IP address NBMA Address Pre NAT IP address if NBMA NAT OA Address is present or real address if NAT is not present NBMA NAT OA Address Post NAT IP address This field is present when Address is translated in the network Flags up Can send all packets registration ok unique Peer is unique used Peer ...

Страница 324: ...anual Issue 1 5 Page 324 of 384 You can check DMVPN status using UCI commands opennhrpctl show Status ok Interface gre GRE Type local Protocol Address 11 11 11 7 32 Alias Address 11 11 11 3 Flags up Interface gre GRE Type local Protocol Address 11 11 11 3 32 Flags up Interface gre GRE Type cached Protocol Address 11 11 11 2 32 NBMA Address 178 237 115 129 NBMA NAT OA Address 172 20 38 129 Flags us...

Страница 325: ...neously one for each serial port depending on the device Each Terminal Server session has an IP endpoint and an associated specific serial port You can configure the IP endpoint of each Terminal Server session to be a TCP server each session is listening on a unique port TCP client Terminal Server makes a TCP connection to external TCP server UDP endpoint Terminal Server forwards data between a UD...

Страница 326: ...bug_ev_enable Enables detailed debug logging 0 Disabled 1 Enabled Web Syslog severity UCI tservd main log_severity Opt log_severity Determines the syslog level Events up to this priority will be logged 0 Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 Notice 6 Informational 7 Debug Web Log RX TX UCI tservd main debug_rx_tx_enable Opt debug_rx_tx_enable Enables logging data transfers 0 Disabled 1 ...

Страница 327: ...al to network 256 256 bytes Range 0 2048 Web Network Forwarding Timeout ms UCI tservd port 0 fwd_timeout Opt fwd_timeout Forwarding timeout in milliseconds serial to network 30 30 ms Range 0 10000 Web Network Forwarding Timer Mode UCI tservd port 0 fwd_timer_mode Opt fwd_timer_mode Forwarding timer mode serial to network Idle Timer is re started on each received data Aging Timer started on the fir...

Страница 328: ...ow control When either side TCP socket closes the main terminal server client re connects to the normal IP destination and the server proxy returns to listening for another connection from the far end 0 Disabled 1 Enabled Web Disable Remote Client s Local Echo Telnet option UCI tservd port 0 disable_echo Opt disable_echo Set to 1 to send IAC WILL ECHO Telnet option to remote client forcing it to d...

Страница 329: ..._________________________________ _____________________________________________________________________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 329 of 384 Figure 160 The serial section fields portmode RS232 and usb serial disabled ...

Страница 330: ...CI tservd port 0 parity Opt parity Serial device parity 0 None 1 Even 2 Odd 3 Space Web Stop Bits UCI tservd port 0 stops Opt stops Serial device number of stop bits 1 Range 1 2 Web Flow Control UCI tservd port 0 fc_mode Opt fc_mode Serial flow control mode 0 None 1 RTS CTS 2 XON XOFF Web RS485 Termination UCI tservd port 0 rs485_line_termination Opt rs485_line_termination Enables or disable RS485...

Страница 331: ...m receive echo suppression timeout in milliseconds 20 Range Web n a UCI tservd port 0 v23_tx_rampdown Opt v23_tx_rampdown Defines the time in milliseconds it takes the V23 transmitter to rampdown carrier from peak to zero 30 Range Web n a UCI tservd port 0 v23_tx_maxfill Opt v23_tx_maxfill Defines the maximum transmit queue fill level in bytes 127 Range 0 255 Web Atmel USB serial card UCI tservd p...

Страница 332: ...alling edge Inverted clock data transmitted on rising edge Only displayed if Atmel USB serial card is enabled 0 Normal 1 Invert Web RX MSBF UCI tservd port 0 sync_rx_msbf Opt sync_rx_msbf Defines whether most significant bit is received first Only displayed if Atmel USB serial card is enabled 0 Receive least significant bit first 1 Receive most significant bit first Web TX MSBF UCI tservd port 0 s...

Страница 333: ...ync_tx_idle Defines the value of idle character decimal to transmit in case of tranmit underrun In HDLC mode this configures inter frame fill 0 Tranmit 0 in HDLC mode 126 Transmit flags in HDLC mode 255 Tranmit 1 in HDLC mode Range 0 255 Web n a UCI tservd port 0 v23_inband_carrier_sign alling Opt v23_inband_carrier_signalling Enables signalling of carrier by sending special characters 0 Disabled ...

Страница 334: ... mode enabled 951 Range 1 65535 Web Remote IP 1 UCI tservd port 0 remote_ip1 Opt remote_ip1 Destination peer IP 1 address 0 0 0 0 Range IPv4 address Web Remote IP 2 UCI tservd port 0 remote_ip2 Opt remote_ip2 Destination peer IP 2 address Only displayed if Transport Mode is TCP 0 0 0 0 Range IPv4 address Web Enable TCP Keepalives UCI tservd port 0 tcp_keepalives_enabl ed Opt tcp_keepalives_enabled...

Страница 335: ...me in milliseconds to start reconnecting after setting DTR low 5000 5 seconds Range 0 10000 Web UDP Keepalive Interval UCI tservd port 0 udpKaIntervalMs Opt udpKaIntervalMs Defines time in milliseconds to send UDP keepalives empty UDP packets when no data to send Only displayed if transport mode is UDP 0 Disabled Range 0 65535 Web UDP Keepalive Count UCI tservd port 0 udpKaCount Opt udpKaCount Def...

Страница 336: ...SC0 option remote_ip1 0 0 0 0 option remote_ip2 0 0 0 0 32 6 Terminal Server diagnostics The tservd process has to be running otherwise diagnostics options for terminal server will not be available 32 6 1 Checking Terminal Server process To check if Terminal Server is running enter root VA_router ps grep tservd 1264 root 1032 S tservd 1769 root 1496 S grep tservd If Terminal Server is running it w...

Страница 337: ...v Termserv disgnostics Command syntax tserv show stats show statistics tserv clear stats clear statistics tserv show serial show serial interface status tserv send serial0 data send data to serial port 0 tserv start capture N N port number 0 to 3 start capturing rx serial data tserv print capture N N port number 0 to 3 print captured rx serial data tserv show serial txlog hex Port length Port port...

Страница 338: ..._____________________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 338 of 384 tserv show userial version show USB serial card firmware version tserv show userial cpld status show USB serial card CPLD programming status tserv upgrade userial initiate upgrade of the USB serial card tserv quit terminate termserv process ...

Страница 339: ... using the web interface To create GRE interfaces through the web interface in the top menu select Network Interfaces There are three sections in the Interfaces page Section Description Interface Overview Shows existing interfaces and their status You can create new and edit existing interfaces here Port Map In this section you can map device ports to Ethernet interfaces Ports are marked with capi...

Страница 340: ...netmask DHCP Client Address and netmask are assigned by DHCP Unmanaged Unspecified IPv6 in IPv4 RFC4213 Used with tunnel brokers IPv6 over IPv4 Stateless IPv6 over IPv4 transport GRE Generic Routing Encapsulation protocol IOT L2TP Layer 2 Tunnelling Protocol PPP Point to Point protocol PPPoE PPP over Ethernet PPPoATM PPP over ATM LTE UMTS GPRS EV DO CDMA UMTS or GPRS connection using an AT style 3...

Страница 341: ...mmon configuration general setup Figure 163 The GRE common configuration page Web Field UCI Package Option Description Web Protocol of the new interface UCI network if name proto Opt proto Shows the protocol the interface will operate on GRE should be currently selected Web Tunnel IP Address UCI network if name ipaddr Opt ipaddr Configures local IP address of the GRE interface Web Mask Length UCI ...

Страница 342: ...is going to be linked with the GRE tunnel interface optional Web Remote IP address UCI network if name remote_ip Opt remote_ip For point to point tunnels specifies Remote IP address Web TTL UCI network if name ttl Opt ttl Sets Time To Live value on the interface 128 Range Web Tunnel key UCI network if name key Opt key Sets GRE tunnel ID key optional Usually an integer Web MTU UCI network if name m...

Страница 343: ...abled 1 Enabled Table 126 Information table for GRE advanced settings 33 2 3 GRE connection firewall settings Use this section to select the firewall zone you want to assign to this interface Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it Figure 165 GRE firewall settings Click Save and Apply This ...

Страница 344: ... UCI root VA_router uci show network network tunnel1 interface network tunnel1 proto gre network tunnel1 monitored 0 network tunnel1 ipaddr 172 255 255 2 network tunnel1 mask_length 24 network tunnel1 local_interface wan network tunnel1 remote_ip 172 255 255 100 network tunnel1 ttl 128 network tunnel1 key 1234 network tunnel1 mtu 1472 network tunnel1 auto 1 33 5 GRE configuration using package opt...

Страница 345: ...et addr 10 68 66 54 Bcast 10 68 66 55 Mask 255 255 255 252 inet6 addr fe80 21e 10ff fe1f 0 64 Scope Link UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 81 errors 0 dropped 0 overruns 0 frame 0 TX packets 127 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 1000 RX bytes 8308 8 1 KiB TX bytes 12693 12 3 KiB gre Tunnel1 Link encap UNSPEC HWaddr 0A 44 42 36 DB B0 00 48 00 ...

Страница 346: ...248 inet6 addr fe80 5efe a44 4236 64 Scope Link UP RUNNING MULTICAST MTU 1472 Metric 1 RX packets 7 errors 0 dropped 0 overruns 0 frame 0 TX packets 7 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 0 RX bytes 912 912 0 B TX bytes 8GRE route status To show the current GRE route status enter root VA_router route n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref ...

Страница 347: ... arbitrary group of receivers that expresses an interest in receiving a particular data stream The receivers the designated multicast group are interested in receiving a data stream from the source They indicate this by sending an Internet Group Management Protocol IGMP host report to their closest router in the network The routers are then responsible for delivering the data from the source to th...

Страница 348: ...on table for PIM global settings 34 3 2 Interfaces configuration Figure 167 The interfaces configuration section Web Field UCI Package Option Description Web Enabled UCI pimd interface x enabled Opt enabled Enables multicast management of the given interface by the PIM application 0 Disabled 1 Enabled Web Interface UCI pimd interface x interface Opt interface Selects the interface to apply PIM set...

Страница 349: ... on etc config pimd To view the configuration file enter uci export pimd root VA_router etc config1 uci export pimd package pimd config routing pimd option enabled yes config interface option enabled yes option interface lan option ssm yes option igmp yes config interface option enabled yes option interface wan option ssm yes option igmp no Alternatively enter uci show pimd root VA_router etc conf...

Страница 350: ..._________________________________ _____________________________________________________________________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 350 of 384 pimd interface 1 ssm yes pimd interface 1 igmp no To change any of the above values use uci set command ...

Страница 351: ... defines three types of object Forwardings Rules that define what kind of events should be generated For example you might want an event to be created when an IPSec tunnel comes up or down Targets Define the targets to send the event to The event may be sent to a target via a syslog message a snmp trap or email Connection testers Define methods to test the target is reachable IP connectivity to a ...

Страница 352: ... describes the methods to test a connection that are currently supported Type Description link Checks if the interface used to reach the target is up ping Pings the target And then assumes there is connectivity during a configurable amount of time Table 130 Event system supported connection tester methods 35 6 Configuring the event system using the web interface Configuring the event system using ...

Страница 353: ...ents will be stored before being processed Default file is tmp event_buffer tmp event_buffer Range UCI va_eventd main event_queue_size Opt event_queue_size Maximum size of the event queue in bytes Default value is 128k 128K 128 kilobytes Range Table 131 Information table for event settings main section 35 7 2 Va_eventd forwarding Forwardings are section rules that define what kind of events should...

Страница 354: ...arding option enabled 1 option className ethernet option eventName LinkUp option severity warning critical option target syslog1 35 7 5 Forwarding table options UCI Package Option Description UCI va_eventd forwarding label enabled Opt enabled Enables or disables event generation 0 Disabled 1 Enabled UCI va_eventd forwarding label className Opt className Only generate events with the given classNam...

Страница 355: ...nfig section Table 132 Information table for event system forwarding rules 35 7 6 Va_eventd connection testers There are two types of connection testers ping connection tester and link connection tester Multiple connection testers can be defined and each forwarding section can be given a label for identification For example To define a connection tester label of Tester1 using package options enter...

Страница 356: ...td conn_tester label enabled Opt enabled Enable this connection tester 0 Disabled 1 Enabled UCI va_eventd conn_tester label type Opt type Set to ping for a ping connection tester ping Ping connection tester link Link connection tester UCI va_eventd conn_tester label ping_dest_addr Opt ping_dest_addr IP Address to ping UCI va_eventd conn_tester label ping_source Opt ping_source Source IP Address of...

Страница 357: ...is connection tester 0 Disabled 1 Enabled UCI va_eventd conn_tester label type Opt type Set to link for a link connection tester ping Ping connection tester link Link connection tester UCI va_eventd conn_tester label link_iface Opt link_iface Interface name to check Table 134 Information table for link connection tester settings 35 7 7 Supported targets There are four possible targets Syslog targe...

Страница 358: ...n conn_tester pinger option snmp_version 3 35 7 7 4 Syslog target table options UCI Package Option Description UCI va_eventd target label name Opt name Name of the target This is to be used in the forwarding section UCI va_eventd target label enabled Opt enabled Enable this target 0 Disabled 1 Enabled UCI va_eventd target label type Opt type Must be syslog for a syslog target syslog Syslog target ...

Страница 359: ..._eventd target 0 smtp_password secret word va_eventd target 0 use_tls 0 va_eventd target 0 tls_starttls 0 va_eventd target 0 tls_forcessl3 0 va_eventd target 0 timeout_sec 10 va_eventd target 0 from x example com va_eventd target 0 to y example com va_eventd target 0 subject_template severityName eventName va_eventd target 0 body_template eventName class subclass happened va_eventd target 0 conn_t...

Страница 360: ...t UCI va_eventd target label smtp_user Opt smtp_user Username for smtp authentication UCI va_eventd target label smtp_password Opt smtp_password Password for smtp authentication UCI va_eventd target label use_tls Opt use_tis Enable TLS Transport Layer Security support 0 Disabled 1 Enabled UCI va_eventd target label tls_starttls Opt tis_starttis Enable StartTLS support 0 Disabled 1 Enabled UCI va_e...

Страница 361: ... target using package options config target option name snmp1 option enabled 1 option type snmptrap option community public option target_addr 192 168 0 1 option agent_addr 192 168 0 4 option conn_tester pinger 35 7 8 2 SNMP target table options UCI Package Option Description UCI va_eventd target label name Opt name Name of the target to be used in the forwarding section UCI va_eventd target label...

Страница 362: ...ec va_eventd target 0 cmd_template logger t eventer eventName 35 7 8 5 Exec target using package options config target option name logit option enabled 1 option type exec option cmd_template logger t eventer eventName 35 7 8 6 Exec target table options UCI Package Option Description UCI va_eventd target label name Opt name Name of the target to be used in the forwarding section UCI va_eventd targe...

Страница 363: ... p1 p2 p3 p4 p5 internal 5 EventdSystemWarn error p1 p2 p3 p4 p5 internal 6 EventdUpAndRunning informat internal 7 EventdStopped warning p1 mobile 1 SIMin notice SIM card p1 inserted mobile 2 SIMout notice SIM card p1 removed mobile 3 LinkUp notice 3g link p1 up using sim p2 mobile 4 LinkDown notice 3g link p1 down mobile 5 SMSByPassword notice Received SMS from p1 by pass mobile 6 SMSByCaller not...

Страница 364: ...in user p2 from p3 auth 10 LogoffSSH notice SSH logoff user p1 due to auth 11 LoginConsole notice Console login user p1 on p2 auth 12 LogoffConsole notice Console logoff on p1 auth 13 LoginTelnet notice Telnet login user p1 auth 14 LoginLuCI notice LuCI login user p1 auth 15 ConsoleCommand informat p1 p2 p3 auth 16 LuCIAction informat p1 p2 p3 p4 p5 ipsec 6 IPSecInitIKE informat IPSec IKE p1 estab...

Страница 365: ...ce WiFi station p2 failed to con ppp 1 LinkUp informat PPP for interface p2 protoco ppp 2 LinkDown informat PPP for interface p2 protoco ppp 3 ConnEstablished informat PPP connection for interface p adsl 1 LinkUp notice ADSL trained Starting interface adsl 2 LinkDown notice ADSL down Stopping interface adsl 3 Silent debug ADSL silent adsl 4 Training debug ADSL training adsl 5 TrainingSuccess notic...

Страница 366: ...with a severity between notice and critical to a SNMP trap manager Execute logger t eventer eventName when an Ethernet event occurs Forward all auth events via email Connection to the SNMP and syslog server is checked by sending pings Connection to the smtp server is verified by checking the state of eth0 Example of output event package configuration package va_eventd config va_eventd main option ...

Страница 367: ...ion enabled 1 option type ping option ping_dest_addr 192 168 100 254 option ping_source eth0 option ping_success_duration_sec 10 config conn_tester option name smtp_server option enabled 1 option type link option link_iface eth0 config target option name syslog option enabled yes option type syslog option target_addr 192 168 100 254 514 option conn_tester mon_server config target option name email...

Страница 368: ...Issue 1 5 Page 368 of 384 option to z example com option subject_template severityName eventName option body_template eventName class subclass happened option conn_tester smtp_server config target option name snmp option enabled yes option type snmptrap option community public option target_addr 192 168 100 254 option agent_addr 192 168 100 1 option conn_tester mon_server config target option name...

Страница 369: ...llowing Packets received transmitted and the difference between them Packet loss average max and min Signal strength average max and min Online time Temperature average max and min The SLA Report Manager can build reports from a list of selected routers presenting a range of statistics over extended periods of time Note as well as configuring Monitor for SLA you must configure each router To confi...

Страница 370: ...rom the following options TFTP HTTP HTTPS Enter in the relevant Server Address and the TFTP Server Port number to match Figure 169 The device settings fields 36 4 Viewing graphs When the router has started to send SLA statistics to the Monitoring platform default graphs are displayed on the SLA Reporting screen To view the graphs for one specific network interface select the relevant interface fro...

Страница 371: ..._____________________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 371 of 384 Figure 171 Graphs showing per hour data To view raw data click each graph to produce the following information Figure 172 Raw data information from each graph To change the range of the graph click zoom Figure 173 Altered range of graph information ...

Страница 372: ...end dates If the scroll bar represents less than a period of one day you can also specify the start and end times to display on the graphs When you have selected a range with the scroll bar click Go to get statistics for that period Figure 174 Graph showing specified start and end times The following graphs can be displayed Packets received transmitted and the difference between them Packet loss a...

Страница 373: ...6 The settings interface Click Statistics A drop down menu appears The menu has the following options Create Report Edit Report Remove Report Statistics Settings 36 5 1 Create a report Select Create Report Enter the relevant parameters Report name Frequency of report Assigned devices SLA Report Elements The selected frequency of report determines how often SLA reports will be generated by the Moni...

Страница 374: ...ual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 374 of 384 To assign devices to the report click Change Figure 177 Assign devices to a report After clicking Change the select devices page appears this allows you to select which devices are to be members of the report Figure 178 Sample from the select devices page Click Continue and then add SLA report elements Figure 17...

Страница 375: ... column Error Count Average Signal Strength Average Error Count Max Signal Strength Max Error Count Min Signal Strength Min Bytes Transmitted Bytes Received Bytes Transmitted over Received Online time Temperature Min Temperature Max Temperature Average Select a graph name and then select a relevant range from the following options Year Month Week Day Click Add and when you have selected all graphs...

Страница 376: ...own for every week and so on 36 5 2 2 Default SLA element settings The Default SLA Element settings control range and graphs Range Sets what the default range will be when a new user is created Graph Selects whteher each report element is displayed as a graph or in tabular data form The view of SLA data is customisable per user These default values set how graphs appear when you use SLA for the fi...

Страница 377: ...n 2c 3 SNMP version 3 Table 139 Information table for reporting device commands The table below shows options that are relevant only if you have selected SNMP version 3 Web Field UCI Package Option Description UCI monitor main snmp_uname Opt snmp_uname Specifies uname Blank Default value String UCI monitor main snmp_auth_pass Opt snmp_auth_pass snmpv3 authentication password UCI monitor main snmp_...

Страница 378: ...mp_version 2c monitor v3 keepalive monitor v3 enable yes monitor v3 interval_min 1 monitor v3 monitor_ip 172 16 250 100 monitor v3 dev_reference TEST monitor v3 snmp_version 3 monitor v3 snmp_uname TEST monitor v3 snmp_auth_pass vasecret monitor v3 snmp_auth_proto MD5 monitor v3 snmp_priv_pass vasecret monitor v3 snmp_priv_proto DES root VA_router uci export monitor package monitor config keepaliv...

Страница 379: ..._____________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 379 of 384 list monitor_ip 172 16 250 100 option dev_reference TEST option snmp_version 3 option snmp_uname TEST option snmp_auth_pass vasecret option snmp_auth_proto MD5 option snmp_priv_pass vasecret option snmp_priv_proto DES config interface_stats stats option enabled yes option bin_period 1m ...

Страница 380: ...les the task of uploading statistics to Monitor 2 The Virtual Access router monitors UDP keepalive packets It creates and stores statistics in bins These statistics are uploaded every hour to the Monitor server Figure 182 The SLA function This section describes how to configure SLA on a router For information on how to configure Monitor for SLA reporting read the previous section Configuring SLA o...

Страница 381: ...eb Interface UCI slad main interface Opt interface Specifies the interface on which traffic should be monitored Web Destination Host IP Address UCI slad main_destination_host_ip_address Opt destination_host_ip_address Specifies the destination IP address for the keepalive packets that are originated on the LAN Web Destination UDP port UCI slad main destination_udp_ip_address Opt destination_udp_ip...

Страница 382: ...e enter uci export slad or uci show slad uci export slad package slad config slad main option enable yes option roundtrip_timeout_msec 5000 option interface lan option destination_host_ip_address 10 1 1 2 option destination_udp_port 53 option bin_restart_period_msec 3600000 option max_bin_count 73 uci show slad slad main slad slad main enable yes slad main roundtrip_timeout_msec 5000 slad main int...

Страница 383: ...lid bins newest N Shows the newest valid bin range YYYYMMDDHH YYYYMMDDHH Shows all bins that match specified time range Type the command sla current To show current statistics enter root VA_router sla current Bin valid no Start time 01 01 1970 03 34 00 End time n a Pkts In 1 Pkts Out 1 Bytes In 15 Bytes Out 15 Pkts OK 1 Pkts Fail 0 Last Round Trip 1 ms Min Last Trip 1 ms Max Round Trip 1 ms Avg Ro...

Страница 384: ..._____________________________________________________________ Virtual Access 2016 GW6600 Series and GW6600V Series User Manual Issue 1 5 Page 384 of 384 Bytes Out 90 Pkts OK 6 Pkts Fail 0 Last Round Trip 0 ms Min Last Trip 1 ms Max Round Trip 1 ms Avg Round Trip 1 ms Min GSM signal quality 63 dBm Max GSM signal quality 63 dBm Avg GSM signal quality 63 dBm Availability 100 00 ...

Отзывы:

Нет отзывов

Похожие инструкции для GW6610

i-MO 540 Series Product Installation Manual preview
540 Series
Бренд: i-MO Страницы: 58
Paradyne 7610 Overview preview
7610
Бренд: Paradyne Страницы: 2
Salto Node Installation Manual preview
Node
Бренд: Salto Страницы: 2
H3C S5120V3-EI Series Manual preview
S5120V3-EI Series
Бренд: H3C Страницы: 54
H3C CR16000-M Installation Manual preview
CR16000-M
Бренд: H3C Страницы: 116
Oracle Talari E1000 Installation Manual preview
Talari E1000
Бренд: Oracle Страницы: 24
Moxa Technologies ICS-G7748A Series Quick Installation Manual preview
ICS-G7748A Series
Бренд: Moxa Technologies Страницы: 10
NETGEAR DG834GT - 108 Mbps Super G Wireless ADSL Router Specifications preview
DG834GT - 108 Mbps Super G Wireless ADSL Router
Бренд: NETGEAR Страницы: 2
B-G Instruments DataPlot CB1224 Manual preview
DataPlot CB1224
Бренд: B-G Instruments Страницы: 4
Z-Com ZCN-1523H-5-16 Quick Installation Manual preview
ZCN-1523H-5-16
Бренд: Z-Com Страницы: 18
i-MO OptiBond 210 C Series Hardware Installation Manual preview
OptiBond 210 C Series
Бренд: i-MO Страницы: 16
Top RAMS1000 User Manual preview
RAMS1000
Бренд: Top Страницы: 21
Rosco ND100 User Manual preview
ND100
Бренд: Rosco Страницы: 20
Variscite VAR-EXT-CB103 Manual preview
VAR-EXT-CB103
Бренд: Variscite Страницы: 17
R.V.R. Elettronica PTX30-UHT Installation, Technical And Maintenance Manual preview
PTX30-UHT
Бренд: R.V.R. Elettronica Страницы: 171
Axis M31-L SERIES Installation Manual preview
M31-L SERIES
Бренд: Axis Страницы: 30
Hameg HM6050-2K Manual preview
HM6050-2K
Бренд: Hameg Страницы: 46
RSupport RemoteView Configuration Manual preview
RemoteView
Бренд: RSupport Страницы: 5

Бренды по названию

Популярные бренды

Загрузить еще бренды