Westermo DR-200 Скачать руководство пользователя страница 266 | Manualshive

Страница: 266 / 312

background image

266

6620-3201

13.7 Filtering on ICMP Codes

An

ip-object

can be followed by an optional

[icmp]

fi

eld. This allows the script to

fi

lter packets

based on ICMP codes. ICMP packets are normally used to debug and diagnose a network and can
be extremely useful. However they form part of a low-level protocol and are frequently exploited by
hackers for attacking networks. For this reason most network administrators will want to restrict the
use of ICMP packets.

The syntax for including ICMP

fi

ltering is:

icmp = “icmp-type” icmp-type [“code” decnum]

The

icmp-type

can be one of the pre-de

fi

ned strings listed in the following table or the equivalent

decimal numeric value:

ICMP Type

ICMP Value

Unreach 3
Echo 8
Echorep 0
Squench 4
Redir 5
Timex 11
Paramprob 12
Timest 13
Timestrep 14
Inforeq 15
Inforep 16
Maskreq 17
Maskrep 18
Routerad 9
Routersol 10

The following two rules are therefore equivalent:

pass in break end on ppp 0 proto icmp from any to 10.1.2.0/24 icmp-type 0pass in

break end on ppp 0 proto icmp from any to 10.1.2.0/24 icmp-type echorep

Both of these rules allow echo replies to come in from interface

ppp 0

if they are addressed to our

example local network address (10.1.2.*).

In addition to having a type, ICMP packets also include an ICMP code

fi

eld. The

fi

lter syntax allows for

the speci

fi

cation of an optional code

fi

eld after the ICMP type. When speci

fi

ed the code

fi

eld must also

match. The ICMP code

fi

eld is speci

fi

ed with a decimal number.

For example, suppose we wish to allow only echo replies and ICMP unreachable type ICMP packets
from interface PPP 0. Then the rules would look something like this:

pass in break end on ppp 0 proto icmp from any to 10.1.2.0/24 icmp-type echorep

code 0 pass in break end on ppp 0 proto icmp from any to 10.1.2.0/24 icmp-type

unreach code 0 block in break end on ppp 0 proto icmp

The

fi

rst two rules in this set allow in the ICMP packets that we are willing to permit and the third rule

denies all other ICMP packets in from this interface. Now if we ever expect to see echo replies in
on

ppp 0

we should allow echo requests out on that interface too. To do that we would have the rule:

pass out break end on ppp 0 proto icmp icmp-type echo

«
...
264
265
266
267
268
...
»

Содержание DR-200

Страница 1: ...Westermo Teleindustri AB 2006 DR 200 MR 200 ADSL Router GPRS Router www westermo com Web Interface and Command Line Reference Guide 6622 3201...

Страница 2: ...cular purpose are made in relation to the accuracy and reliability or contents of this document Westermo reserves the right to revise this document or withdraw it at any time without prior notice Unde...

Страница 3: ...range of communications capabilities our products provide a combination of powerful yet easy to use configuration management and diagnostic tools These include a protocol analyser a time stamped even...

Страница 4: ...have the TCP IP Dial up adapter installed in the Network Configuration for Windows Check this by selecting Settings Control Panel Network Configuration 2 2 1 Installing the Driver File You will need...

Страница 5: ...he Windows Start menu select All Programs Accessories Communications New Connection Wizard You will be presented with the New Connection Wizard introduction screen Click on Next to proceed to the Netw...

Страница 6: ...g You are now ready to initiate a connection 2 2 4 Initiating a DUN Connection In the main dialog you are asked to enter a username and password The default settings for your unit are username and pas...

Страница 7: ...st first connect it to a suitable asynchronous terminal You will first need to set the interface speed data format for your terminal to 115 200bps 8 data bits no parity and 1 stop bit these settings c...

Страница 8: ...ith a result code to indicate whether the command was successful If all commands entered on the line are valid the OK result code will be issued If any command on the line is invalid the ERROR result...

Страница 9: ...to match Note Speed locking is not necessary when you use the text commands via a Telnet session Westermo application commands referred to just as text commands throughout the remainder of this guide...

Страница 10: ...ATD command followed by the X 28 CALL command An outgoing TPAD Transaction PAD call may be made by using the TPAD a address command followed by the appropriate NUA this is normally only carried out u...

Страница 11: ...e displayed as a series of dots for security purposes Correct entry of the username and password will display the main operations page Clicking on the Click to load Applet graphics button will display...

Страница 12: ...dBm effectively no signal 1 111 dBm to 87 dBm weak signal 2 85 dBm to 71 dBm medium strength signal 3 69 dBm to 51 dBm strong signal The minimum recommended strength indication is 2 LED s If you have...

Страница 13: ...event the unit from answering any calls to numbers that do not end in 123 Sub address This parameter provides the filter for the ISDN sub address facility It is blank by default but when set to an app...

Страница 14: ...e LAPB Configuration The following parameters are only used if a V 120 connection is established in Multi frame mode N400 counter This is the standard LAPB LAPD retry counter The default value is 3 an...

Страница 15: ...3 4 V Mode 0 V120 mode 1 V110 mode 2 V110 V120 detect 3 X75 Transparent 4 X75 T 70 NL Dial Retries If an ISDN connection is established but rate adaption is not negotiated this parameter will allow t...

Страница 16: ...01 NS 00 NR 01 40 03 00 02 X25 RESTART CONFIRMATION from DTE to DCE LCG 0 LCN 0 PTI 10 00 FF Both B and D channel analysis can be enabled simultaneously if necessary and you can select which LAPB and...

Страница 17: ...PAK Size allows you to specify the maximum number of bytes from each X 25 Information Frame that will be included in the trace Frames that are larger than this value are truncated Bear in mind that th...

Страница 18: ...s are Parameter Values Equivalent Web Parameter anon off on Analyser asyon 1 15 ASY source ikeon off on IKE ipfilt number list IP filters l1on off on Protocol layers layer 1 l2on off on Protocol layer...

Страница 19: ...ON ON Ethernet IP or PPP sources These are a special case and cannot be configured from the command line using the ana command Instead these sources must be turned on or off from the command line by...

Страница 20: ...OFF OFF ON OFF ON 6 OFF OFF ON ON OFF 7 OFF OFF ON ON ON 8 OFF ON OFF OFF OFF 9 OFF ON OFF OFF ON 10 OFF ON OFF ON OFF 11 OFF ON OFF ON ON 12 OFF ON ON OFF OFF 13 OFF ON ON OFF ON 14 OFF ON ON ON OFF...

Страница 21: ...unit is powered up this is equivalent to AT C0 Selecting Off configures the unit so that the DCD signal is normally on but goes off for the length of time specified by S10 after a call is disconnecte...

Страница 22: ...to set the ASY port parity to Even Odd or None as required Disable Port This parameter will disable the ASY port from the software stack The ASY port will not be able to send data and any data receiv...

Страница 23: ...de Z Load profile C DCD control D DTR response K Flow control W Store profile Y Power up profile S0 Answer Ring count S1 Ring count S2 Escape character S12 Escape delay S15 Forwarding register S23 Par...

Страница 24: ...ameter is set to On the socket will not be cleared by the unit at the end of a transaction data call or data session depending on what the TransIP ASY port was bound to and protocol it was implementin...

Страница 25: ...de to IP Address Try Next In the case that a connection to the primary IP address has just failed this parameter determines whether a connection to the backup IP address should be attempted immediatel...

Страница 26: ...or the Microsoft SCEP server you browse to a web interface If the server requires a challenge password it will be displayed on the page along with the CA certificate fingerprint This challenge passwor...

Страница 27: ...instance parameter value where instance is 0 The parameters and values are Parameter Values Equivalent Web Parameter challenge_pwd text Challenge password commonname text Common name country text Cou...

Страница 28: ...nts the SCEP application on the server CA Identifier CA identifier Private Key filename The filename of the private key Certificate request filename The filename of the certificate request Certificate...

Страница 29: ...he parameters and values are Parameter Values Equivalent Web Parameter app text Application caencfile text CA encryption certificate filename cafile text CA certificate filename caident text CA Identi...

Страница 30: ...he page are used to generate the private key and the certificate request Generate Private Key Clicking this button will generate the private key Generate Certificate Request Clicking this button will...

Страница 31: ...tificate request enter the command creq new parameter value parameter value The parameters and values are Parameter Values Equivalent Web Parameter b number New Key Size k text Private key filename o...

Страница 32: ...n code specified The reason code is simply a numeric value that may be selected to suit your particular application If any one of the entries is set to Answer the unit will only answer incoming calls...

Страница 33: ...nd Line Response Manipulation which is available on the Westermo web site Using the Web Page s The Configure Command Filters page contains a table that allows you to enter a series of command filters...

Страница 34: ...configure or display the command mappings To display the current command mappings enter the following commands cmd n cmdmapo cmd n cmdmapi where n is the table entry number i e 0 to 3 The cmdmapi par...

Страница 35: ...dresses starting with the address set for the Minimum assigned IP address parameter DNS server address This parameter specifies the IP address of a DNS server to be used by clients on the LAN This wil...

Страница 36: ...nce 1 will run on Ethernet port 1 etc On models with a single Ethernet port only one DHCP instance is available To change the value of a parameter use the following command dhcp 0 parameter value The...

Страница 37: ...y enter the MAC addresses of the devices that you want to allocate a fixed IP addresses to in the left hand column and the required IP addresses in the right hand column It is important to ensure that...

Страница 38: ...the interval in seconds at which the unit will issue update messages to the DNS server Username This parameter is used to store the username that has been allocated to you by the Dynamic DNS service P...

Страница 39: ...where instance is 0 To change the value of a parameter use the command in the format dnsupd instance parameter value The parameters and values are Parameter Values Equivalent Web Parameter autotzone...

Страница 40: ...ode G lite Annex A only attempt to connect in ITU G 992 2 G lite mode AFE For units fitted with an Annex B ISDN interface this parameter is used to select the type of ADSL Analogue Front End AFE that...

Страница 41: ...516 VC multiplexed PPP over Ethernet PPPoE LLC RFC 2516 LLC encapsulated PPP over Ethernet Bridged Ethernet VC Mux RFC 2684 VC multiplexed bridged Ethernet Bridged Ethernet LLC RFC 2684 LLC encapsulat...

Страница 42: ...VPI Another text command pingatmmay be used to transmit an OAM F5 loop back requests over the specified APVC The format of the command is pingatm instance type count where instance is 0 3 type is end...

Страница 43: ...assword Specifies the password to use when updating hostnames Confirm password Enter the password again in this field to confirm it Interface Defines which interface PPP or Ethernet this DYNDNS instan...

Страница 44: ...r Values Equivalent Web Parameter epassword text None this is the password in encrypted format This parameter is not configurable hostname1 text Hostname 1 hostname2 text Hostname 2 hostname3 text Hos...

Страница 45: ...s ports is connected to another hub or switch on the same physical network otherwise an Ethernet loop can occur The default behaviour is HUB rather than Port Isolate Note VLAN tagging is not available...

Страница 46: ...not on the LAN to which the unit is connected will be forwarded to this gateway NAT mode This parameter is used to select whether IP Network Address Translation NAT or Network Address and Port Transl...

Страница 47: ...ame time for this Ethernet instance When set to Off the Ethernet instance will operate in half duplex mode Firewall This parameter is used to enable or disable firewall operation for this Ethernet ins...

Страница 48: ...prevent the unit from disconnecting the link even when there is no genuine traffic This effect can be prevented by using the appropriate commands and options within the firewall script However on Wes...

Страница 49: ...PING IP address and No PING response out of service delay this parameter can be used to configure the router to use a back up interface automatically should there be a problem with this interface PIN...

Страница 50: ...ce within the VRRP group from 0 to 255 255 is the highest priority and setting the priority to this value would designate this Ethernet port as the initial owner within the group The value selected fo...

Страница 51: ...0 No restrictions 1 Disable management 2 Disable return RST 3 Disable management and return RST oossecs number Out of service time s pingint number PING request interval s pingip IP address PING IP a...

Страница 52: ...parameter should be set to the maximum data rate that this PPP link is capable of sustaining It is used when calculating whether or not the data rate from a queue may exceed its Minimum Kbps setting...

Страница 53: ...q3prio 0 4 Queue 3 Priority q4prof 0 11 Queue 4 Profile q4prio 0 4 Queue 4 Priority q5prof 0 11 Queue 5 Profile q5prio 0 4 Queue 5 Priority q6prof 0 11 Queue 6 Profile q6prio 0 4 Queue 6 Priority q7pr...

Страница 54: ...this parameter specifies the interval in seconds between successive probe attempts when the interface is in VRRP master mode Probe failure limit This parameter specifies the number of probe failures...

Страница 55: ...th instance where instance is the number of the Ethernet interface To change the value of a parameter use the following command eth instance parameter value The parameters and values are Parameter Val...

Страница 56: ...ossible to allow a range of addresses by specifying only the significant portion of the MAC address in the table e g macfilt 0 mac 00042d to allow packets from Westermo units Using the Web Page s The...

Страница 57: ...e TCP header to identify the destination VLAN for the packet ETH Instance The Ethernet port that will tag the outgoing packets Only packets sent from this interface will have VLAN tagging applied IP A...

Страница 58: ...g command vlan instance where instance is the VLAN instance 0 9 To change the value of a parameter use the following command vlan instance parameter value The parameters and values are Parameter Value...

Страница 59: ...r will delay the sending of SNMP traps email requests and SMS messages for a period of time after the unit powers up This is useful in circumstances where the sending of those items would fail if sent...

Страница 60: ...the last 24 hour period Max SYSLOG messages day The value in this field is the maximum number of SYSLOG user informational messages that the unit can generate per day This is intended to prevent messa...

Страница 61: ...ter the command event instance where instance is 0 At present there is only one event log i e 0 but the instance parameter has been included to allow for future expansion To change the value of a para...

Страница 62: ...oose from Off the Analyser trace will continue as normal Freeze No more logging is performed until the email is sent or Delete The trace is deleted once the email is sent Attach Eventlog Selecting On...

Страница 63: ...ler page Priority is Conditional on Entity If this parameter is On the event is conditional on which entity triggered the event e g eth ppp etc Choose the entity from the Entity drop down list Entity...

Страница 64: ...PPP instances the priority for the reason will apply For example if you wish that only events on PPP0 and PPP3 have the priority set in the Priority parameter enter 5 1010 in decimal Log Level The pr...

Страница 65: ...re already one or more lines in the file there will be two Insert buttons one next to the line which inserts a new line above the current line and one on the line below which inserts a new line below...

Страница 66: ...echo on by entering ATE1 4 Type AT LS the unit should respond with OK 5 Type XMODEM FW TXT and press Enter and the unit will wait for the file transfer to start 6 Select the File transfer XMODEM Send...

Страница 67: ...d for a TCP socket to close once the first FIN packet has been received If the timer elapses before the socket has completed closing the associated stateful inspection rule is removed TCP closed s Thi...

Страница 68: ...To change the value of a parameter use the command in the format fwall 0 parameter value The parameters and values are Parameter Values Equivalent Web Parameter closed number TCP closed s closing numb...

Страница 69: ...options To display current settings enter the command ftpcli instance where instance is 0 At present there is only one FTP client instance i e 0 but the instance parameter has been included to allow...

Страница 70: ...eds to relay a file Server hostname This is the name of the FTP host to which files from the locally attached device are to be relayed Server username This is the username required for login to the sp...

Страница 71: ...e g longer than an 8 3 style file name such as autoexec bat Email template This field contains the name of the template file that will be used to form the basis of any email messages generated by the...

Страница 72: ...d text None this is the password in encrypted format This parameter is not configurable ftphost IP address Server hostname ftppwd text Server password ftpuser text Server username locuser text Local u...

Страница 73: ...ust be used For example to issue a command to ASY port 3 you would use cmd 3 autocmd command where command is the command to be issued to ASY 3 on power up System hostname This parameter can be used t...

Страница 74: ...connected to that port raises the DTR signal When set to GPRS Signal Strength the four LED s that normally indicate activity on the ASY ports GR2130 and GR2410 only function instead as a signal stren...

Страница 75: ...se number This parameter specifies the value of the Object Identifier component following enterprises to be used by SNMP managers when accessing the MIB on the unit Object Identifiers of objects in th...

Страница 76: ...cannot be activated i e the metric for the route is set to 16 This means the unit will subsequently attempt to route packets through other routes with matching net masks that are not out of service A...

Страница 77: ...eter is set to On the CLI is included with the Calling Party element when the unit makes a call Auto Configure Email Fields This section is used to set up parameters for use in communicating with a co...

Страница 78: ...To change the value of a parameter use the command in the format cmd instance parameter value The parameters and values are Parameter Values Equivalent Web Parameter anonftp off on Allow anonymous FT...

Страница 79: ...d layer 3 re triggering when all routes are out of service and a packet comes in postbanner filename Post login banner ppp_detect off on PPP detect prebanner filename Pre login banner rip number RIP i...

Страница 80: ...d To display current local port access level settings enter the command local instance where instance is 0 To change the value of a parameter use the command in the format local instance parameter val...

Страница 81: ...to acknowledge received data immediately therefore setting this parameter to too small a value is not recommended Some stacks delay sending TCP ACKs in order that they can be incorporated with data s...

Страница 82: ...ter Values Equivalent Web Parameter asymss number Asy port sockets MSS to advertise asyrxwin number ASY port sockets RX window to advertise xot_ipadd number Default XOT source IP address interface xot...

Страница 83: ...e PPP instance that is configured by default configured to connect to the GPRS network Once your GPRS unit is correctly configured you can check to see if it has obtained an IP address from the networ...

Страница 84: ...erating modes Each string is prefixed with the characters AT before being sent to the GPRS module and they are sent to the GPRS module in the order specified until an empty string is encountered For e...

Страница 85: ...dited and sent using the Configure SMS Edit page If no number is specified it is possible that the unit will operate using the default message centre for the GSM service to which you have subscribed S...

Страница 86: ...init_str1 text Initialisation string 2 init_str2 text Initialisation string 3 ipaddr IP address Static IP address link_retries number Link retries pin number PIN posthang_str text Post hang up string...

Страница 87: ...Server Ethernet Port n Fill in the six sections appropriately Next server address is optional then click OK not forgetting to save the configuration later In the above example the unit has an IP addr...

Страница 88: ...r is selected the Cell Monitor will retrieve GPRS specific cell information Monitoring interval s When this parameter is set to a non zero value this specifies the interval in seconds between informat...

Страница 89: ...ll Status GPRS Module GPRS Cell Info Using Text Commands From the command line the cellmon command can be used to configure the Cell Monitor To display the current settings for the Cell Monitor enter...

Страница 90: ...ix will be sent at the specified interval Position GLL When this parameter is enabled current position data will be sent at the specified interval Active satellites GSA When this parameter is enabled...

Страница 91: ...P UTC and local date time data ZDA message must be enabled on the receiver TCP UDP mode 1 This parameter specifies whether GPS data is sent over a TCP IP connection or as UDP packets IP address 2 The...

Страница 92: ...ites GSA enabled gsv_on off on Satellites in view GSV enabled rmc_on off on Position and time RMC enabled vtg_on off on Course over ground VTG enabled zda_on off on UTC and local date time data ZDA en...

Страница 93: ...interpreter instance that it is connected to a GPS receiver so that commands received by this instance are ignored rather that treated as invalid commands Secondly it is used by the at gps command see...

Страница 94: ...ate the dead route to other routers The unit will no longer use a metric advertised by a RIP update if the route has been set out of service locally Using Text Commands From the command line the rip c...

Страница 95: ...ved within that time RIP packets must have a source address that is included in the RIP access list Using the Web Page s IP address This is a list of IP addresses that RIP packets must come from if th...

Страница 96: ...d year parameters A value of 1 31 is the day of the month the key is valid from but this value must not exceed the number of days in the Key start month Key start month This parameter defines the mont...

Страница 97: ...ay the current settings for a RIP authentication key enter the following command ripauth instance where instance is the instance of the RIP authentication key To change the value of a parameter use th...

Страница 98: ...which match the IP address Mask or IP address Mask plus Source address Source Mask combination Either None PPP or Ethernet may be selected Interface sub config This parameter determines which PPP Sub...

Страница 99: ...at the specified interval If the interface does connect the unit will clear the out of service status for the route Deactivate interface after successful activation retry When set to On this parameter...

Страница 100: ...ivation failure retry interval s deact_add number Deactivate interface deact_ent 0 1 Deactivate interface 0 None 1 PPP dial_int 0 255 Redial delay s doinact2 off on Use 2nd inactivity timeout when thi...

Страница 101: ...oint requesting it To achieve this the two endpoints commonly identify themselves and verify the identity of the other party They must do this in a secure manner so that the process cannot be listened...

Страница 102: ...val on suspect link This parameter defines the interval at which DPD requests on a link that is deemed to be suspect Tunnel inactivity timer s This parameter defines the period of time for inactivity...

Страница 103: ...u are using X 509 certificates Aggressive mode was developed to allow the host to identify a remote unit initiator from an ID string rather than from its IP address This means that it can be used over...

Страница 104: ...that IKE will wait for a response from the remote system before retransmitting the negotiation frame Inactivity timeout s This parameter specifies the period of time in seconds after which when no re...

Страница 105: ...ation algorithm deblevel 0 1 2 3 Debug level debug off on Use debug port dpd off on Dead Peer Detection encalg des 3des Encryption algorithm ikegroup 1 2 5 IKE MODP group inactto 0 255 Inactivity time...

Страница 106: ...accept when acting as a responder This value may be decreased from the maximum value of 5 to ensure that negotiations times are not excessive Duration s This parameter determines how long in seconds t...

Страница 107: ...re or display IKE responder settings To display current settings for the IKE responder enter the command ike instance where instance is 0 To change the value of a parameter use the command in the form...

Страница 108: ...ciation will stay in force When it expires any attempt to send packets to the remote system will result in IKEv2 attempting to establish a new SA Enter a value between 1 and 28800 seconds 8 hours Re k...

Страница 109: ...mmand ike2 instance where instance is 0 or 1 To change the value of a parameter use the command in the format ike2 instance parameter value The parameters and values are Parameter Values Equivalent We...

Страница 110: ...the unit will allow remote peers to negotiate This can currently include MD5 SHA1 or both If the remote peer requests the use of an algorithm that is not included in this list the negotiation will fai...

Страница 111: ...IKEv2 Responder settings To display current settings for the IKEv2 responder enter the command ike2 instance where instance is 0 To change the value of a parameter use the command in the format ike2...

Страница 112: ...te system to identify the initiator When certificates are used this field should contain the Altname field in a valid certificate held on the unit RSA private key file This field is used to override t...

Страница 113: ...ent by the remote Windows client this is usually the computer name Local port Remote port These parameters are used to match packets with a particular Eroute For example if Local port is 0 and Remote...

Страница 114: ...when negotiating new IPSec SA s When used the IPSec SA keys cannot be predicted from any of the previous keys generated It can be set to No PFS 1 2 or 3 Larger values result in stronger keys but they...

Страница 115: ...table serves a dual purpose in that it may contain a series of entries for normal login access i e for dial in HTTP FTP or Telnet access and entries for IPSec look up In the screenshot below entries...

Страница 116: ...versal keep alive interval s This parameter may be used to set a timer in seconds such that the unit will send regular packets to a NAT device in order to prevent the NAT table from expiring Link Erou...

Страница 117: ...5 sha1 ESP authentication algorithm espenc off des 3des aes ESP encryption algorithm gre off on GRE idisfqdn no yes Send our ID as FQDN ifadd number Link eroute with interface ifent blank ppp eth Link...

Страница 118: ...stname privkey filename RSA private key file proto off tcp udp IP protocol refirstport 0 65535 First remote port IKEv2 only remip IP address Remote subnet IP address remlastport 0 65535 Last remote po...

Страница 119: ...me e g Host1 Then set the Peer ID parameter to Remote for example In addition an entry would be made in the user table with Remote for the Username and a suitable Password value e g mysecret Each of t...

Страница 120: ...devices behind the router If Pass Packet is selected then data that matches an Eroute definition will be decrypted and authenticated depending on the Eroute options selected but data that does not mat...

Страница 121: ...ect to the ISDN network This is the default value and should not be changed for normal operation across the ISDN network If your application involves using two units back to back one of the units shou...

Страница 122: ...er is used to set the X 25 window size The value range is from 1 to 7 with the default being 7 Restart when activate This parameter can be set to No or Immediate When set to Immediate the LAPB instanc...

Страница 123: ...meter ans off on Answering cli number CLI dtemode 0 1 DTE DCE mode 0 DTE 1 DCE keepact off on Keep Activated l1iface isdn port Layer 1 interface l1nb 0 1 Sync port msn number MSN n400 1 255 N400 count...

Страница 124: ...is set to Yes the unit will try to reactivate a D channel connection after disconnection by the network by transmitting SABME frames If it is unable to reactivate the connection after retrying the num...

Страница 125: ...n conjunction with the Tx Throughput parameter to limit the maximum data throughput on a LAPD link in bits per second If this parameter is set to 0 the unit will transmit data across the LADP link as...

Страница 126: ...eter Values Equivalent Web Parameter d64schan number First D64 B channel d64smode off on D64S mode dtemode off on DTE DCE mode off DCE mode on DTE mode enabled off on Enabled keepact off on Keep activ...

Страница 127: ...used to enable or disable L2TP answering MSN The MSN parameter provides the filter for the ISDN Multiple Subscriber Numbering facility It is blank by default but when set to an appropriate value with...

Страница 128: ...an L2TP server Secret This parameter is only used if the Authenticate parameter is set to ON in which case it is used as part of the authentication process and both the router and the remote host mus...

Страница 129: ...er Values Equivalent Web Parameter ans off on Answering aot off on Always on tunnel auth off on Authenticate debon 0 1 None Turn debugging mode on or off 0 OFF 1 ON l1iface isdn port Layer 1 interface...

Страница 130: ...outer only converts the PPP from one form to another the router can initiate it s own PPP sessions This is used for example when The router is configured as a router to connect an Ethernet network to...

Страница 131: ...is used Connections The parameters in this section are used to specify when the secondary ISDN B channel should be activated 1B 2B rate bytes s This is the transfer rate in bytes sec that will trigger...

Страница 132: ...mands From the command line use the mlppp command to set or display MLPPP parameter settings To display current settings for MLPPP enter the following command mlppp instance where instance is 0 To set...

Страница 133: ...mode This option allows you to configure a second GPRS PPP connection In this case the ASY port used would typically be a virtual port corresponding to a spare multiplex channel into the internal GPRS...

Страница 134: ...r has been included to allow for future expansion To change the value of a parameter use the following command modemcc 0 parameter value The parameters and values are Parameter Values Equivalent Web P...

Страница 135: ...e system and is usually only required for outgoing PPP calls Confirm password If altering the password the new password must also be entered here The unit will check that both fields are identical bef...

Страница 136: ...e PPP will only answer a call if the trailing digits of the calling number match what is specified by this parameter For example if Calling Number was set to 3 incoming calls from 1234563 would be ans...

Страница 137: ...stination unreachable responses The Disable management return RST option prevents users from managing the unit via the Telnet FTP and web interfaces and also disables the transmission of TCP RST packe...

Страница 138: ...his field should be used to enter the address of the DNS server that should be used to resolve IP addresses If this field is left blank PPP will attempt to negotiate this address during the network ne...

Страница 139: ...to V1 Compat the unit will transmit RIP version 2 packets to the subnet broadcast address This allows V1 capable routers to act upon these packets When RIP is enabled RIP packets are transmitted when...

Страница 140: ...and request the keysize specified else the PPP negotiations will fail Note With MPPE is that there is no pre shared keys to set up or keys to set up at all The encryption keys are determined by the P...

Страница 141: ...unit s IP network address This is only used when the network address is not remotely assigned Remote network mask This specifies the IP netmask for the Remote network address parameter see above This...

Страница 142: ...er enter the command in the format ppp instance parameter value For example ppp 0 ans 1 The parameters and values are Parameter Values Equivalent Web Parameter ans off on Answering aodi_dly number AOD...

Страница 143: ...k IP netmask Remote network mask maxneg number Maximum negotiation time s maxup number Maximum link up time s maxuptime number Max up time per day mins minup number Minimum link up time s mppe off on...

Страница 144: ...imeout number Rx packet Inactivity timeout s tband number Time band timeout number Inactivity timeout s timeout2 number Inactivity timeout 2 s uplogmins number Log event up time mins use_modem 0 1 2 3...

Страница 145: ...to request a call back when it dials into another unit Note that the answering PPP instance of the remote unit must also be configured with the phone number of the calling unit and a suitable username...

Страница 146: ...it to get the remote to request the use of VJ compression Request remote PFC Setting this parameter to Yes causes the unit to get the remote to request Protocol Field Compression LCP echo request inte...

Страница 147: ...nt to the PPP interface by TCP may be dropped by the network if they are sent too quickly after PPP negotiation has been completed This parameter may be used to delay the notification to TCP that PPP...

Страница 148: ...low IPSec source IP from interface See above Layer 1 interface This parameter can be set to Default Port or Eth and determines whether PPP frames are carried over ISDN X 25 call local DUN Default opti...

Страница 149: ...ng this option will allow a remote unit to authenticate with the unit using the CHAP MD 5 algorithm MS CHAP Algorithm Enabling this option will allow a remote unit to authenticate with the unit using...

Страница 150: ...equest local ACFC l_addr off on Request IPCP local address option l_bacp phone number Request BACP l_callb off on Request call back l_chap off on Request local CHAP authentication l_comp off on Reques...

Страница 151: ...t remote compression r_md5 0 1 Remote CHAP MD5 0 Disabled 1 Enabled r_mru hex number Desired remote MRU r_ms1 0 1 Remote MS CHAP Algorithm 0 Enabled 1 Disabled r_ms2 0 1 Remote MS CHAPv2 Algorithm 0 E...

Страница 152: ...st LCN that will be assigned for outgoing X 25 CALLs The default is 1027 LCN direction This parameter determines whether the LCN used for outgoing X 25 calls is incremented or decremented from the sta...

Страница 153: ...d or decremented from the starting value when multiple X 25 instances share one layer 2 LAPB or LAPD connection The default is Down and LCN s are decremented i e if the first call uses 1024 the next w...

Страница 154: ...d to it and send at a higher rate up to the Maximum Kbps setting Queue priorities Below this heading is a list of the queues from 0 to 9 alongside each of which are drop down selection lists for assig...

Страница 155: ...ity q7prof 0 11 Queue 7 Profile q7prio 0 4 Queue 7 Priority q8prof 0 11 Queue 8 Profile q8prio 0 4 Queue 8 Priority q9prof 0 11 Queue 9 Profile q9prio 0 4 Queue 9 Priority The queue priority values ar...

Страница 156: ...cted the appropriate values click the Add button Each time you do this the new binding will appear in the list at the top of the page along with a Remove button Clicking the Remove button will remove...

Страница 157: ...N modems is predetermined Using the Web Page s Refer to the Configure PPP External Modems External Modemn section for a description of the parameters used to set up an internal PSTN modem where this f...

Страница 158: ...an attempt to get the TCP socket generating the packets to back off it s transmit timers thus preventing the queue overflow which would result in all subsequent packets being dropped QOS is a complex...

Страница 159: ...DSCP codes that are set to Default will have their queue number changed Using Text Commands From the command line use the dscp command to configure or display the DSCP mappings To display a DSCP mapp...

Страница 160: ...received that would cause the maximum length to be exceeded are dropped WRED minimum threshold This parameter specifies the minimum queue length threshold for using the WRED algorithm to drop packets...

Страница 161: ...g factor used should therefore be selected carefully to suit the type of traffic using the queue Using Text Commands From the command line use the qprof command to configure or display the queue profi...

Страница 162: ...ssful and the server sends an IDLE TIMEOUT attribute 28 the idle time specified will be assigned to the remote session If no IDLE TIMEOUT attribute is sent the unit will apply the default idle timeout...

Страница 163: ...counting NAS and is used to identify the RADIUS client The appropriate value will be supplied by the Secondary accounting NAS administrator Secondary accounting server IP address This password is supp...

Страница 164: ...dary accounting NAS ID apassword text Primary accounting server password apassword2 text Secondary accounting server password aserver IP address Primary accounting server IP address aserver2 IP addres...

Страница 165: ...essage Cancel Click on the Cancel button to clear the message Using Text Commands The sendsms command can be used to send an SMS message from the command line The format of the command is as follows s...

Страница 166: ...face The Interface field is used to specify which instance of PPP to use for SMTP normally PPP1 Mail from address This parameter specifies the text to be inserted between the MAIL FROM braces command...

Страница 167: ...instance is 0 At present there can only be one instance of SMTP i e 0 but the instance parameter has been included to allow for future expansion To change the value of a parameter use the following co...

Страница 168: ...synchronous mode as selected by the Sync Port parameter below To configure ASY 0 or ASY 1 for synchronous operation refer to the Configure Sync Ports page Sync port This parameter is only relevant if...

Страница 169: ...t to On a TEST frame is not transmitted and the TEST response is not expected Instead the unit assumes the station exists and proceed with the protocol as if the DLSw has received the TEST response SN...

Страница 170: ...fault value is 1000 milliseconds 1 second and under normal circumstances it should not be necessary to change it T200 timer ms This is the standard LAPB re transmit timer The default value is 1000 mil...

Страница 171: ...parameter to either PPP or ETH Ethernet the source address used by SNAIP will match that of the Ethernet or PPP interface specified by the Source IP from interface parameter below Source IP address in...

Страница 172: ...d_null off on Send Null XID sock_inact number TCP socket inactivity timer s srcipadd number Source IP address interface srcipent PPP ETH Source IP address interface stations numbers Polling stations s...

Страница 173: ...unit is booted Offset from GMT hrs This parameter should be set to or the number of hours the unit s time should be ahead or behind Greenwich Mean Time Daylight Savings Parameters The following parame...

Страница 174: ...tp 0 parameter value The parameters and values are Parameter Values Equivalent Web Parameter dstmins 0 59 Daylight savings adjustment dstoffday 0 31 Daylight savings stop day dstoffhr 0 23 Daylight sa...

Страница 175: ...configure the number of SSH server sockets that listen for new SSH connections It is possible to configure which authentication methods are able to be used in an SSH session and the preferred selectio...

Страница 176: ...e significantly different V2 Options Actively start key exchange Some SSH clients wait for the server to initiate the key exchange process when a new SSH session is started unless they have data to se...

Страница 177: ...number Maximum login time logintries number Maximum login attempts mac_md5 number MAC MD5 preference mac_md596 number MAC MD5 96 preference mac_sha1 number MAC SHA1 preference mac_sha196 number MAC SH...

Страница 178: ...authentication Client private key filename The file that contains the private key that matches the public key stored in the certificate entered in the Client certificate filename parameter Using Text...

Страница 179: ...sk combination it will route that packet through the interface specified by the Interface and Interface parameters Interface Interface Are used to specify the interface and number through which to rou...

Страница 180: ...local IP addresses For example if you wanted to run a server on a local area network and make it externally accessible you would need to set up a static NAT mapping using the local IP address of the s...

Страница 181: ...ntry number This lists the port number and the mapped IP address To change the value of a parameter use the command in the format nat entry parameter value The parameters and values are Parameter Valu...

Страница 182: ...t be configured to use a synchronous port as its lower layer interface The parameters for a synchronous port are described below Clock source This specifies whether the direction of the clock signal I...

Страница 183: ...t i e 0 but the port parameter has been included to allow for future expansion To change the value of a parameter use the following command sy 0 parameter value The parameters and values are Parameter...

Страница 184: ...rnal jumpers that determine the clock mode By default these are set so that the unit acts as a clock sink For correct X 21 operation the jumper settings must match the setting of the Clock source para...

Страница 185: ...g UDP Currently this only involves sending Backup IP addresses If an IP address is configured in the System messages destination field the unit will send IP address available and IP address unavailabl...

Страница 186: ...tervals using the SNTP option Using the Web Page s This page allows you to set the date and time by filling in the appropriate dialog boxes Using Text Commands To set the time and date from the comman...

Страница 187: ...times Days of the week are entered in the format Mon Tue Wed Thu Fri Sat and Sun To specify multiple days separate them by a comma Alternatively the working days from Monday to Friday inclusive may be...

Страница 188: ...the days on which the transition occurs time specifies the time at which the transition occurs state specifies the type of transition on or off Valid days of the week are entered in the format Mon Tu...

Страница 189: ...in the Download section of the Westermo web site www Westermo co uk Using the Web Page s The Configure TPAD folder expands to list separate pages for each of the available TPAD instances Each page is...

Страница 190: ...when an outgoing TPAD call has been connected instead of the normal ENQ character For example this might be used to make a TPAD connection look like a PAD connection by specifying CON COM as the conn...

Страница 191: ...default X 25 packet size to be used for TPAD transactions Layer 2 interface This parameter is used to select whether the TPAD instance will use ISDN B channel X 25 Dchannel X 25 TCP VXN or SSL as the...

Страница 192: ...an Excessive Transaction Time event code 56 each time a TPAD transaction takes longer that the specified number of seconds This could be used in conjunction with an appropriate Event Handler configur...

Страница 193: ...rough without the parity being changed set this option to Off ACK data This parameter causes the unit to acknowledge TPAD data packets from the terminal This parameter should normally be set to the de...

Страница 194: ...ro for this parameter prevents the unit from replying Transaction delay ms Setting this parameter will cause the unit to pause for the specified number of milliseconds in between successfully connecti...

Страница 195: ...backup interface LCN direction This parameter determines whether the LCN used for the backup X 25 interface is incremented or decremented from the starting value when multiple X 25 instances share a...

Страница 196: ...sage numbering dorest off on Restarts dotermid off on Terminal ID translation dsync off on Direct sync eot_only off on EOT only fpar off on Force parity ASY ftime number Forward mode time s inclrc off...

Страница 197: ...s tidtime number TID timeout s tl2deact number Layer 2 deactivation timer s trandel 0 5000 Transaction delay ms tresp number Response timeout s trig_str text Data trigger tsla number SLA Tran Time ms...

Страница 198: ...ne echo interface When this parameter is set to No the interface used to send UDP echo packets will be specified in the Interface and Interface parameters below In this instance the interface must alr...

Страница 199: ...lue The parameters and values are Parameter Values Equivalent web parameter dstip IP address Destination IP address dstport number Destination port ifadd number Interface ifent PPP ETH Interface inter...

Страница 200: ...routers can dial into the local router static routes cannot always be used to ensure that packets which should be routed to the remote network are sent through the correct PPP interface This parameter...

Страница 201: ...change the value of a parameter use the command in the format user number parameter value The parameters and values are Parameter Values Equivalent Web Parameter access 0 4 User access code 0 Super 1...

Страница 202: ...currently set to OPNS Server OPNS service name The service to be used during OPNS negotiations which is different to the service used for transactions This parameter is supplied by Datawire and will u...

Страница 203: ...tically attempt to negotiate a PUK with the OPNS server Enable debug output When this parameter is set to Yes debug information about the VXN task is routed to the debug port Using Text Commands To co...

Страница 204: ...Reset XOT PVC if Responder When this parameter is set to On the unit is responsible for resetting the links on XOT PVC links when it is the responder The default for this parameter is Off Include len...

Страница 205: ...stead of an NUI to determine the destination of a call then the NUI Mappings table can be used to convert an NUI to an NUA If a TPAD call specifies a call in which the NUI matches an entry the call ac...

Страница 206: ...and in the right column enter the appropriate command string excluding the ATD which is inserted automatically Using Text Commands From the command line the macro command may be used to define CALL ma...

Страница 207: ...cted until the corresponding X 25 call is answered The incoming TCP socket will trigger the corresponding X 25 call and if this call is being switched out then the TCP socket will not be answered unti...

Страница 208: ...ollowing command ipx25 n parameter value The parameters and values are Parameter Values Equivalent Web Parameter cnf_mode off on Confirm Mode ip_port number IP Port iphdr off on IP length header nb_li...

Страница 209: ...e when an X 25 call is received with either the NUA having 1234 followed by any 2 digits or a call being received with call user data with any 4 characters followed by aa then the call is switched to...

Страница 210: ...PD 2 LAPB 0 3 LAPB 1 4 XOT 5 LAPD X actual instance determined by NUA 6 LAPB 0 PVC 7 LAPB 1 PVC 8 XOT PVC 9 TCP stream 10 UDP stream For example to set up table row 2 from the example you would enter...

Страница 211: ...f this feature is to allow non PAD terminals to use an X 25 PAD network connection X 25 call macros are set up in the Configure X25 Macros web page or by using the macro text command Default packet si...

Страница 212: ...these out of the X 25 call request This can be extremely useful in backup scenarios Consider the following example the unit is configured to do online authorisations via the ISDN Dchannel and to fall...

Страница 213: ...ture select the Off option Data trigger This parameter specifies a string which if it appears in the received data causes a Data Trigger 47 event to be generated and recorded in the event log Inactivi...

Страница 214: ...st off on Restarts inactevent number Inactivity Event Time s inacttim number Inactivity timeout s Ip_port Number IP Stream port ip_stream off on IP Stream mode iphdr off on IP length header l2iface la...

Страница 215: ...enter it twice The first instance returns you to the PAD prompt the second resumes the call and transmits the character to the remote system Option Description 0 Disabled 1 PAD recall character is CTR...

Страница 216: ...gnals enabled 4 PAD prompt enabled signals disabled 5 PAD prompt and signals enabled 4 91 7 7 Action on Break from DTE This parameter determines the action taken by the PAD on receipt of a break signa...

Страница 217: ...NUL ASCII 0 that are sent after each CR to create such a delay Option Description 0 No padding characters after CR 1 255 Number of padding characters NUL sent after CR 4 91 10 10 Line Folding Controls...

Страница 218: ...iting functions provided are character delete line delete and line re display The editing characters are defined by parameters 16 17 and 18 In addition parameter 19 determines which messages are issue...

Страница 219: ...ow many line feeds are sent to the terminal before output is halted on a page wait condition In other words it defines the page length for paged mode output A page wait condition is cleared when the P...

Страница 220: ...source IP address interface This parameter specifies the source if the IP address for XOT calls It can be set to Auto ETH or PPP XOT source IP address interface If the XOT source address interface is...

Страница 221: ...command in the form pvc instance where instance is 0 3 To change the value of a parameter use the command in the form pvc instance parameter value The parameters and values are Parameter Values Equiva...

Страница 222: ...d up from an XOT PVC connection TCP stream Data will be switched from backed up from a TCP socket The socket s IP address will be determined from the IP stream port setting UDP stream This is similar...

Страница 223: ...determined that the outgoing interface is not LAPD it checks if the outgoing interface is LAPB If it is it then checks to see if the Called NUA field in the call packet matches the LAPB 0 NUA paramet...

Страница 224: ...er may be used to specify an alternative interface to switch the X 25 call to Any of the other interfaces may be chosen or None If None is chosen then no backup call will be attempted Backup from LAPD...

Страница 225: ...D channel LCN direction This parameter determines whether the LCN used for outgoing X 25 calls on LAPD is incremented or decremented from the starting value LAPD Max VCs This parameter sets the maximu...

Страница 226: ...nnection is initiated automatically within the router and so does not originate from the local subnet LAN segment to which the unit is attached via the Ethernet interface However this means that if yo...

Страница 227: ...session is capable of answering and terminating the call in preference to the call being switched This means that the PAD s Answering NUA parameters should be left blank to ensure that the unit s PADs...

Страница 228: ...1 0 2 4 10 12 15 see below Backup from LAPB 1 to bufrlapb2 0 10 13 see below Backup from LAPB 2 to bufrlapd 0 2 10 12 15 see below Backup from LAPD to bufrxot 0 3 5 10 12 15 see below Backup from XOT...

Страница 229: ...C to swfrlapb1 0 2 4 10 12 15 see below Switch from LAPB 1 to swfrlapb1pvc 0 6 8 10 12 15 see below Switch from LAPB 1 PVC to swfrlapb2 0 10 13 15 see below Switch from LAPB 2 to swfrlapb2pvc 0 10 12...

Страница 230: ...ap instance parameter value The parameters and values are Parameter Values Equivalent web parameter cudfrom number CUD In cudto number CUD Out Interface 0 1 2 3 4 12 Interface 0 Any 1 LAPD 2 LAPB 0 3...

Страница 231: ...called CONFIG DA0 and CONFIG DA1 This allows two different sets of configuration information to be stored using the Save option in the directory tree at the left of the web interface or by using the...

Страница 232: ...otocol instance click on the appropriate symbol to expand the required branch and then select the specific instance you require For example to display the statistics for X 25 PAD 0 click on the symbol...

Страница 233: ...yser trace from the command line use the type command to list the ANA TXT pseudo file type ana txt 6 2 Status DHCP Server The Status DHCP Server page displays a table of IP addresses leased by the DHC...

Страница 234: ...on number for each module Using Text Commands From the command line the firmware versions can be listed using either ATI5 or id 6 6 Status GPRS Module The Status GPRS Module page displays information...

Страница 235: ...s includes Longitude The current longitude contained in the last GGA GLL or RMC message from the GPS receiver module Latitude The current latitude contained in the last GGA GLL or RMC message from the...

Страница 236: ...th an incorrect length Bad Checksum Number of IGMP packets received with an incorrect checksum RX Bad Queries Number of bad query packets received RX Bad Reports Number of bad report packets received...

Страница 237: ...UA The User is the PAD or TPAD instance that is using the session The Link identifies the layer 2 protocol either LAPB or LAPD The Mode identifies whether the call is outgoing OUT or incoming IN Using...

Страница 238: ...ommand described below is used to display a list of the currently stored files A typical file directory will include the following files Filename Description ana txt Pseudo file for Protocol Analyser...

Страница 239: ...ry may only be updated several seconds after a particular file operation has been carried out 7 2 4 MOVE Move File The move command is used to replace one file with another whilst retaining the origin...

Страница 240: ...MODEM file upload from the port at which the command is entered The format is xmodem filename where filename is the name under which the file will be saved when the upload is complete After entering t...

Страница 241: ...at etc should also be configured as necessary 8 2 Initiating a V 120 Call Once the initial configuration is complete V 120 calls may be initiated using the appropriate ATD command For example atd01234...

Страница 242: ...on other ASY ports This can be done by disabling answering for the other ports protocols or by using the MSN and or Sub address parameters to selectively answer calls to different telephone numbers u...

Страница 243: ...ub address parameters being set to their default values An Adapt instance is bound to an asynchronous serial port ASY and the answer ring count S0 for that serial port is set to 1 A LAPB instance has...

Страница 244: ...ce will answer when either of the numbers are called However if the ISDN number dialled is 123456 and 456 is entered into the MSN parameter of PPP then PPP will answer instead This will also have the...

Страница 245: ...nterface conforms to the X 3 X 28 and X 29 standards Up to six PAD instances from an available pool of 8 can be created and dynamically assigned to the asynchronous serial ports or the REM pseudo port...

Страница 246: ...es to be requested in the call separated by commas terminated with a dash address is the destination network address user data is any optional user data to be included with the call The facility codes...

Страница 247: ...nd a window size of 2 The user or system then has 15 seconds in which to pass up to 124 bytes of data to the PAD to be included in the clear indication packet that is sent in response to the call The...

Страница 248: ...y the network or by the remote host the unit returns a diagnostic message before the NO CARRIER result code Messages may be numeric or verbose depending on the setting of the ATV command The following...

Страница 249: ...ity has been cleared 88 Incompatible destination 90 Destination address missing or incomplete 91 Invalid transit network selection 95 Invalid message unspecified 96 Mandatory information element is mi...

Страница 250: ...cannot be routed as requested RNA 25 reverse charging not allowed ID 33 incompatible destination FNA 41 fast select not allowed SA 57 ship cannot be contacted If an unknown reason code is received the...

Страница 251: ...table Parameter Profile 50 51 90 91 1 1 0 1 0 2 0 0 1 0 3 0 0 126 0 4 5 5 0 20 5 0 3 1 0 6 5 5 1 0 7 0 8 2 2 8 0 0 0 0 9 0 0 0 0 10 0 0 0 0 11 15 15 15 15 12 0 3 1 0 13 0 0 0 0 14 0 0 0 0 15 0 0 0 0...

Страница 252: ...4 12 SET Set Local X 3 Parameters SET is used to set one or more of the local X 3 parameters for the duration of the current session The format of the command is SET par value par value par value 10 4...

Страница 253: ...s on the following pages Standard Page As a minimum requirement the Username and Password parameters should be initialised If necessary you may set the AODI Enabled parameter to Yes to configure the u...

Страница 254: ...aphic protection The combination of these techniques is designed to ensure the integrity and confidentiality of the data transmission Put simply IPSec is about ensuring that only authorised users can...

Страница 255: ...rdering generally use 128 bit encryption Note Data rates are the maximum that could be achieved but may be lower if other applications are running at the same time or small IP packet sizes are used 12...

Страница 256: ...ablished two way secure link you can use it to establish some rules for further communication Before this gets any more complicated we ll assume that Westermo are a competent authority to issue certif...

Страница 257: ...vided by the remote unit is used to find the correct certificate to use If the correct certificate is found the code then checks that it has been signed by one of the certificate authority certificate...

Страница 258: ...can also be used to generate SNMP traps 13 2 Firewall Script Syntax A firewall must be individually configured to match the needs of authorised users and their applications On Westermo routers the ru...

Страница 259: ...ersol The optional icmp code field can also be a decimal number representing the ICMP code of the return ICMP packet but if the icmp type is unreach then the code can also be one of the following pre...

Страница 260: ...he FWLOG TXT file each time it processes a packet that matches the rule This log will normally detail the rule that was matched along with a summary of the packet contents If the log option is followe...

Страница 261: ...Eroute 2 The oneroute option can be followed with the keyword any which will match if the packet is on any eroute routeto When the routeto option is specified and the firewall is processing a receive...

Страница 262: ...nd may be specified in one of several ways The basic syntax is ip range all from ip object to ip object flags icmp where ip object is an IP address specification Full details of the syntax with exampl...

Страница 263: ...n ip object is simply an IP address preceded by from or to For example to block all packets destined for address 10 1 2 98 the script rule would be block out from any to 10 1 2 98 An ip object can als...

Страница 264: ...the Telnet server port 23 on IP address 10 1 2 63 will match this rule and further checking is prevented by the break end option The above example illustrates the comparison Other comparison methods s...

Страница 265: ...onally followed by an exclamation mark and a second list of flags that the unit should check for being clear For example flags s a would test for the s flag being on and the a flag being off with all...

Страница 266: ...o icmp from any to 10 1 2 0 24 icmp type echorep Both of these rules allow echo replies to come in from interface ppp 0 if they are addressed to our example local network address 10 1 2 In addition to...

Страница 267: ...format inspect inspect state oos interface name logical name secs t secs c count d count r ping tcp secs secs rd x dt secs stat The field can be used on its own or with an optional oos Out Of Service...

Страница 268: ...potential for a security breach has now been virtually eliminated because even if a hacker could time his attack perfectly he would still have to forge a response packet using the correct source addr...

Страница 269: ...lowed in once an echo request has been sent out on that interface The moment that a valid echo reply comes back or there is a timeout echo replies will again be blocked Furthermore the full IP address...

Страница 270: ...re When a recovery procedure is specified then after the oos timeout has expired instead of bringing the interface back into service immediately the link is tested first It is tested by either sending...

Страница 271: ...the Stat Option The inspect state option can be used with the stat option The stat option will cause this firewall rule to record statistics associated with this firewall rule Transaction times counts...

Страница 272: ...ol field in the IP packet This will be expanded to text as well for the well known protocols Src Port The value of the source port field in the TCP UDP header Dst Port The value of the source port fie...

Страница 273: ...fied 2002 09 04 16 30 06User Info100 100 100 50Aug 15 16 31 59 arm 1140 IP Filter Filter Rule block return icmp unreach host unr in log syslog breakend on eth 0 proto tcp from any to 100 100 100 50 po...

Страница 274: ...ur To do this use the c count option For example pass out break end on PPP 2 proto TCP from 10 1 1 1 to 10 1 2 1 port telnet flags S A inspect state oos 60 t 10 c 5 PPP 2 will now only be set OOS afte...

Страница 275: ...l rule to include this option gives pass out break end on PPP 2 proto TCP from 10 1 1 1 to 10 1 2 1 port telnet flags S A inspect state oos 60 t 10 c 5 d 10 r tcp 120 10 rd 3 Now the interface will be...

Страница 276: ...e FWLOG TXT file created as the result of a debug rule may be identified by the short description FW_DEBUG at the top of the log entry An example rule set using a debug rule debug in on ppp 2 proto tc...

Страница 277: ...e connection launch the DUN If the remote unit is configured correctly with one of the PPP instances enabled for answering it will connect and the linked computers icon will appear in the Windows syst...

Страница 278: ...iles as if they were in a normal Windows directory If you are using a specific FTP client program these operations may be carried out using menu options or buttons 14 3 2 FTP under DOS To use FTP unde...

Страница 279: ...ed the message e g PPP 0 a reason code additional information such as an X 25 address or ISDN telephone number The specific events that generate a log entry are pre defined and cannot be altered These...

Страница 280: ...all ISDN call control Calling party num 39 Starting Backup X 25 call X 25 n a 40 Watchdog had occurred Bootloader n a 41 Command returned error Command Command 42 V120 Disconnect V120 n a 43 LAPB Inac...

Страница 281: ...blocks apply to all entries in the preceding EVENT block Each reason block starts with a line containing the text REASONS This is followed by a separate line for each reason code in the format reason...

Страница 282: ...lls A further option for the ATD command for X 25 applications is to combine the ISDN call and the subsequent X 25 CALL in the same command To do this follow the telephone number with the symbol and t...

Страница 283: ...c1 d2 k1 e1 q0 v1 S0 0 S2 43 S12 50 S31 3 S45 5 STORED PROFILE 1 c1 d2 k1 e1 q0 v1 S0 0 S2 43 S12 50 S31 3 S45 5 OK 16 7 W Write SREGS DAT The AT W command is used to save the current command and S re...

Страница 284: ...r associated with that port will be dialled when the DTR signal for that port changes from Off to On i e DTR dialling can only be used with the number associated with the port to which the terminal is...

Страница 285: ...terminals that generate large amounts of extraneous text If not ignored this text can cause many error messages to be generated by the router and may result in a communications failure To turn on thi...

Страница 286: ...ngs n a S2 Escape character ASCII 43 0 255 S12 Escape delay ms 50 0 255 S15 Data forwarding timer ms 2 0 255 S23 Parity 0 none 1 odd or 2 even 0 0 2 S31 ASY interface speed refer to full description n...

Страница 287: ...rwarding timer for the ASY port in multiples of 10ms The default data forwarding time is 20ms and in normal use this there should be no need to change this However setting S15 to 1 enables a special m...

Страница 288: ...to detect 6 19 200 1 Reserved 7 9 600 2 Reserved 8 4 800 3 115 200 9 2 400 4 57 600 10 1 200 5 38 400 11 300 ats31 5 then change the speed of your terminal to 38 400bps before entering any more AT com...

Страница 289: ...displays the specified configuration either 0 1 or c for the current configuration save saves the current settings as the specified configuration either 0 or 1 powerup sets the specified configuration...

Страница 290: ...eepalive_time l port s port ok t telnet_mode The parameters are detailed in the following table The command can also be made to execute automatically on power up by using the cmd n autocmd cmd macro c...

Страница 291: ...ied in the appropriate Eroute A similar effect can also be achieved by setting the parameter GP sockets use IP from interface Ethernet n in the Web interface on the Configure General page 19 2 TCPDIAL...

Страница 292: ...r Clock RxC 17 n a n a Data Terminal Ready DTR 20 4 2 External Transmitter Clock ETC 24 n a n a A range of suitable adapters and cables are available from Westermo 20 2 X 21 Serial Port Connectors On...

Страница 293: ...on the jumper settings must match the setting of the Clock source parameter configured on the Configure Sync ports page To change this you will need to open the unit by removing the four rubber feet a...

Страница 294: ...DTR 20 20 DTR GND 7 7 GND RxC 17 17 RxC ETC 24 24 ETC N B Frame Ground is optional RS232 V 24 Straight Through Cable 25 9 pin This is normally the cable to use to connect a V 24 asynchronous terminal...

Страница 295: ...outer to an external asynchronous modem Signal RJ45 Pin 9 way Pin Signal TxD 6 2 RxD RxD 3 3 TxD RTS 1 8 CTS DCD 7 4 DTR CTS 8 7 RTS DTR 2 1 DCD GND 5 5 GND X 21 Straight Through Cable 25 15 pin This...

Страница 296: ...o to an X 21 leased line Signal 25 Pin Westermo DCE 15 Pin DCE Signal Frame Ground Case 1 1 Frame Ground Case RxDA 2 2 TxDA RXDB 3 9 TxDB TxDA 4 4 RxDA TxDB 5 11 RXDB INDB 6 10 CTLB GND 7 8 GND CTLB 8...

Страница 297: ...EVENTS 83 FTP Client Req By e to c REASONS 1 Retry EVENTS 84 FTP Client Session Closed REASONS 1 Normal closure 2 Socket closed 3 No socket ID available 4 No connection to remote 5 No stored confirmat...

Страница 298: ...ckup X25 Call 41 0 CMD a Error Result c 42 0 V120 a Disconnect 43 0 LAPB a Inactivity Timer 44 0 Warning Req a bios buffers 45 0 IP Act_Rq to e a s c 46 0 DNS Query on c 47 0 e a Data Trigger c 48 0 A...

Страница 299: ...5 0 e a Orderly Shutdown 81 0 V110 User Rate c EVENTS 67 0 TPAD a TID change c REASONS 01 Login02 Ready 03 Abort 04 Conflict Removal EVENTS 05 0 e a down REASONS 01 Inactivity 02 Remote disconnect 03...

Страница 300: ...NULL template 03 Recd unexpected data 04 No Destination Address EVENTS 20 2 SMTP err REASONS 01 No connection 02 Socket err 03 Link err EVENTS 28 0 e a X25 call cleared REASONS 01 Busy 09 Out of order...

Страница 301: ...ceeded EVENTS 76 0 e a Resetting Modem REASONS 01 Requested by user 02 No response to commands 03 CTRL E heartbeat stopped 04 Modem enabled or disabled EVENTS 79 0 e a Open Failed REASONS 05 Incompati...

Страница 302: ...EVENTS 91 IKE Negotiation Failed REASONS 1 Retries Exceeded 2 Inactivity 3 Bad Packet 4 No SA Found 5 No Transform Selected 6 No Password Available c 7 Rx Key Exchange Failed 8 Rx Nonce Failed 9 Rx ID...

Страница 303: ...456 123 co uk abc def co uk From The From field is normally used to supply the email address of the sending unit but alternatively you may enter a simple string For example From IR2140 Subject The Sub...

Страница 304: ...vent that caused the email transmission Smtpid Inserts the unit ID for this device as configured by the unit identity field in the Configure General web page or the cmd 0 unitid text command pppip ins...

Страница 305: ...e Authority CHAP Challenge Handshake Authentication Protocol CLI Calling Line Identification or Command Line Interface CTS Clear To Send CUD Call User Data CUG Call User Group D DCE Data Communication...

Страница 306: ...ity Association and Key Management Protocol ISDN Integrated Services Digital Network L L2TP Layer 2 Tunnelling Protocol LAN Local Area Network LAPB Link Access Procedure Balanced LAPD Link Access Prot...

Страница 307: ...hone Network PUK Power Up Key PVC Permanent Virtual Circuit Q QOS Quality Of Service R RADIUS Remote Authentication Dial In User Service RIP Routing Information Protocol RTS Request To Send S SA Secur...

Страница 308: ...PAD Transaction Packet Assembler Disassembler U UDP User Datagram Protocol UMTS Universal Mobile Telecommunications System V VLAN Virtual Local Area Network VPN Virtual Private Network VRRP Virtual Ro...

Страница 309: ......

Страница 310: ......

Страница 311: ......

Страница 312: ...80 01 info westermo se Westermo OnTime AS Gladsvei 20 0489 Oslo Norway Phone 47 22 09 03 03 Fax 47 22 09 03 10 E mail contact ontimenet com Westermo Data Communications Ltd Talisman Business Centre D...

Отзывы:

Нет отзывов

Похожие инструкции для DR-200

Бренд: Linksys Страницы: 2

Бренд: IBM Страницы: 4

Бренд: Profile Страницы: 6

Бренд: Usr Страницы: 2

totalstorage 200

Бренд: IBM Страницы: 152

SABVISION NVR32

Бренд: SAB Страницы: 29

Elinx ESW200 Series

Бренд: B&B Electronics Страницы: 20

HiGain H2TU-R-402 List 7A

Бренд: ADC Страницы: 7

Бренд: Renesas Страницы: 28

Бренд: StarTech.com Страницы: 9

Бренд: AirTies Страницы: 28

2000 IDU Series

Бренд: EMS Страницы: 52

Бренд: Paradyne Страницы: 6

PowerBeam PBE-5AC-400-ISO

Бренд: Ubiquiti Страницы: 23

Бренд: ZyXEL Communications Страницы: 2

Бренд: AMX Страницы: 1

Бренд: Zhone Страницы: 2

Бренд: National Instruments Страницы: 26

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды