Efficient Networks Router family Command line interface Guía de usuario

SpeedStream ª Router Family Command Line Interface Guide

10Manual Boot Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269Identifyi

100 Chapter 4. Configuring Special FeaturesEncryptionNote: Encryption is a software option. The following section applies only for routers with this o

Chapter 4. Configuring Special Features 101Use this sample configuration with the additional encryption commands as a guideline to configure your own

102 Chapter 4. Configuring Special Featuresremote setEncryption DESE_1_KEY dh96.num SOHOsaverebootFile Format for the Diffie-Hellman Number FileThe fi

Chapter 4. Configuring Special Features 103IP FilteringIP Filtering is a type of firewall used to control network traffic. The process involves filter

104 Chapter 4. Configuring Special FeaturesIf NAT translation is enabled for the Input interface, NAT translation is performed. Forward Phase At this

Chapter 4. Configuring Special Features 105action is for packets coming from the local protected network; it passes the packet to IPSec so it can be e

106 Chapter 4. Configuring Special FeaturesL2TP Tunneling Ñ Virtual Dial-UpThis section has four parts:¥ The Introduction provides a general overview

Chapter 4. Configuring Special Features 107LNS, L2TP Client, LAC, and Dial User An L2TP tunnel is created between an L2TP client and LNS. The L2TP cli

108 Chapter 4. Configuring Special FeaturesFigure 1LNS and L2TP Client Relationship The LNS acts as the supervising system. The L2TP client acts both

Chapter 4. Configuring Special Features 109Sessions Sessions can be thought of as switched virtual circuit ÒcallsÓ carried within a tunnel and can onl

11IPX Routing Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309C

110 Chapter 4. Configuring Special Featuresa.ÒPingingÓ from the L2TP client or LNS to the opposite tunnel endpoint will succeed (this tests the tunne

Chapter 4. Configuring Special Features 111Miscellaneous commands:Commands used to delete a tunnel, close a tunnel, or set up advanced L2TP configurat

112 Chapter 4. Configuring Special Featuresremote add internet remote disauthen internet remote setoursysname name_isp_expects internet remote setourp

Chapter 4. Configuring Special Features 113PPP remote configurationPPP remote-specific questions: 1. What is the home routerÕs name for PPP authentica

114 Chapter 4. Configuring Special Featuresremote add ppp_work remote setlns Work_Router ppp_workremote setpasswd ppp_work_secret ppp_work remote seti

Chapter 4. Configuring Special Features 115Note 1: The CHAP secret is ÒclientPasswordÓ. Note 2: The CHAP secret is ÒtunnelSecretÓ. Note 3: No CHAP sec

116 Chapter 4. Configuring Special FeaturesSet up ISDN parameters:isdn set switch ni1 isdn set dn 5551000 5553000 isdn set spids 0555100001 0555300001

Chapter 4. Configuring Special Features 117dhcp add 172.16.0.0 255.255.255.0 dhcp del 192.168.254.0dhcp set addr 172.16.0.2 172.16.0.20Set up DSL para

118 Chapter 4. Configuring Special Features¥ Configuration commands for LNSserverNote: LNSserver is a DSL router. Define LNSserver:system name lnsserv

Chapter 4. Configuring Special Features 119IPSec (Internet Protocol Security)Note: IPSec security is a software option for your router. It can be pur

12

120 Chapter 4. Configuring Special Featuresfor L2TP over IPSec. The routers at either end of the L2TP tunnel do both the IPSec and L2TP encapsulations

Chapter 4. Configuring Special Features 121The following figure shows the transformed IP packet after the ESP or AH protocol has been applied in tunne

122 Chapter 4. Configuring Special FeaturesMain Mode and Aggressive ModeThe router supports two Phase 1 IKE modes: main mode and aggressive mode. Thes

Chapter 4. Configuring Special Features 123Security Associations (SAs)A Security Association (SA) is an instance of security policy and keying materia

124 Chapter 4. Configuring Special FeaturesIKE Peer CommandsThe IKE peer commands establish the identity of the local and remote peers.ike peers add &

Chapter 4. Configuring Special Features 125ike peers set peeridtype <IPADDR | DOMAINNAME | EMAIL> <PeerName>Sets the type of the peer ID (

126 Chapter 4. Configuring Special FeaturesNote: The following three commands determine the encapsulation method (AH or ESP) used and the authenticati

Chapter 4. Configuring Special Features 127Proposes the maximum number of kilobytes for the IPSec SA; 0 means unlimited. After the maximum data is tra

128 Chapter 4. Configuring Special FeaturesRequires a specific destination port for the data or allows any destination port (*). (Because port numbers

Chapter 4. Configuring Special Features 129ike peers set secret ThisIsASecret12345;) branch_peer#Describe the branch office IKE phase 1 connection# DE

Introduction This manual describes the Command Line Interface for your router. The Command Line Interface gives you access to all the capabilities of

130 Chapter 4. Configuring Special Features#Home router public address is 192.168.17.200#Branch router private network addresses are 192.168.19.X#Bran

Chapter 4. Configuring Special Features 131#Enable the IKE connectionike ipsec policies enable home_policy#Save the setup and rebootsaverebootAggressi

132 Chapter 4. Configuring Special Featuresike peers set address 192.168.17.200 home_peerike peers set secret ThisIsASecret12345;) home_peerike peers

Chapter 4. Configuring Special Features 133Specifies the authentication key (hexadecimal).ipsec set ident <ident> <SAname>Specifies the id

134 Chapter 4. Configuring Special Features

Chapter 5. Command Line Interface Reference 135Chapter 5. Command Line Interface ReferenceThis chapter lists the formats of the commands you can ente

136 Chapter 5. Command Line Interface ReferenceSample command responses are shown in this chapter. In many cases, only the command prompt # is returne

Chapter 5. Command Line Interface Reference 137ARP LISTLists Address Resolution Protocol (ARP) table entries in an IP routing environment. ARP is a

138 Chapter 5. Command Line Interface ReferenceExample:# bi listBRIDGE GROUP 0:00206F024C34: P US SD A 0180C2000000:

Chapter 5. Command Line Interface Reference 139IPIFSLists the IP interface.IPROUTESLists the current entries in the IP routing table.IPXROUTESLists t

14 Introduction

140 Chapter 5. Command Line Interface ReferenceIPXSAPSLists the current services in the IPX SAPs table.LOGOUTLogs out to reinstate administrative secu

Chapter 5. Command Line Interface Reference 141MLP SUMMARYLists the status of the protocols negotiated for an active remote connection. The following

142 Chapter 5. Command Line Interface Reference# ping -c 2 -i 7 -s 34 192.168.254.2ping: reply from 192.168.254.2: bytes=34 (data), time<5 msping:

Chapter 5. Command Line Interface Reference 143REBOOTThis command causes a reboot of the system. You must reboot to put your initial configuration o

144 Chapter 5. Command Line Interface Referencesave all Saves the configuration settings for the system, Ethernet LAN, DSL line, and remote router dat

Chapter 5. Command Line Interface Reference 145erase filter Erases the current bridging filtering database from FLASH memory.When you issue this comm

146 Chapter 5. Command Line Interface ReferenceFile System CommandsThe file system commands allow you to perform maintenance and recovery on the route

Chapter 5. Command Line Interface Reference 147DELETERemoves a file from the file system.filename Name of the file to be deleted. The filename is in

148 Chapter 5. Command Line Interface Referenceindicates the file system is corrupted, you may wish to reformat the disk, reboot the router, and recop

Chapter 5. Command Line Interface Reference 149RENAMERenames a file in the file system.SYNCCommits the changes made to the file system to FLASH memor

Chapter 1. Router Concepts 15 Chapter 1. Router Concepts This chapter provides background information applicable to the router on topics useful to ne

150 Chapter 5. Command Line Interface ReferenceFRAME LMITurns frame LMI either on or off.Example:# frame onLMI is onFRAME VOICEDisplays the voice DLCI

Chapter 5. Command Line Interface Reference 151 Data Packets Out... 0 Data Packets Out Queued... 0 Data Packets Out

152 Chapter 5. Command Line Interface ReferenceRouter ConÞguration CommandsConfiguration commands are used to set configuration information for each f

Chapter 5. Command Line Interface Reference 153Target Router System Configuration Commands (SYSTEM)The following commands set basic router configurat

154 Chapter 5. Command Line Interface ReferenceSYSTEM ADDHOSTMAPPINGThis command is used to remap a range of local-LAN IP addresses to a range of publ

Chapter 5. Command Line Interface Reference 155If the source address of a packet is not within the address ranges for any virtual routing table, the

156 Chapter 5. Command Line Interface ReferenceSYSTEM ADDSNMPFILTERThis command is used to validate SNMP clients by defining a range of IP addresses t

Chapter 5. Command Line Interface Reference 157SYSTEM ADDUDPRELAYThis command is used to create a UDP port range for packet forwarding. You can speci

158 Chapter 5. Command Line Interface ReferenceSYSTEM BLOCKNETBIOSThe router can block all netbios and netbui requests from being sent over the wan. T

Chapter 5. Command Line Interface Reference 159SYSTEM DELHTTPFILTERDeletes an IP address range created by the system addHTTPFilter command.SYSTEM DEL

16 Chapter 1. Router ConceptsNumerous network protocols have evolved, and within each protocol are associated protocols for routing, error handling,

160 Chapter 5. Command Line Interface ReferenceSYSTEM DELSERVERIs a Network Address Translation (NAT) command that can be used to delete an entry crea

Chapter 5. Command Line Interface Reference 161Note 1: This command does not require a reboot and is effective immediately.Note 2: To list the range

162 Chapter 5. Command Line Interface ReferenceSYSTEM LISTLists the target routerÕs system name, security authentication protocol, callerID and data-a

Chapter 5. Command Line Interface Reference 163SYSTEM MOVEIPROUTINGTABLEMoves a range of IP addresses to another virtual routing table. The command f

164 Chapter 5. Command Line Interface ReferenceSYSTEM ONEWANDIALUP This command is useful when security concerns dictate than the router have only one

Chapter 5. Command Line Interface Reference 165SYSTEM SNMPPORTManages SNMP port access including disabling SNMP, reestablishing SNMP services, or red

166 Chapter 5. Command Line Interface ReferenceSYSTEM TELNETPORT The router has a built-in Telnet server. This command is used to specify which router

Chapter 5. Command Line Interface Reference 167Target Router Ethernet LAN Bridging and Routing (ETH)The following commands allow you to configure the

168 Chapter 5. Command Line Interface ReferenceNote: This command requires a save and reboot before it takes effect. port# Ethernet interface (0 for a

Chapter 5. Command Line Interface Reference 169The following command sets the IP address and subnet mask for the default Ethernet interface (0:0).eth

Chapter 1. Router Concepts 17 How Routing and Bridging Work Together The router follows these rules when operating as both a router and

170 Chapter 5. Command Line Interface ReferenceNote: A route change in an IP virtual routing table takes effect immediately. However, the change is lo

Chapter 5. Command Line Interface Reference 171ETH IP DELROUTERemoves a route from the default routing table that was added using the eth ip addroute

172 Chapter 5. Command Line Interface ReferenceETH IP DISABLEDisables IP routing across the Ethernet LAN. This commands acts as a master switch allowi

Chapter 5. Command Line Interface Reference 173eth ip filter append [<line number>] <type> <action> [<parameters>] [<inter

174 Chapter 5. Command Line Interface ReferenceHowever, if the parameter -q (quiet) was specified for a filter, no message is printed when that filter

Chapter 5. Command Line Interface Reference 175specified, the packet must have that destination IP address. If no destination IP address is specified

176 Chapter 5. Command Line Interface ReferenceIf -v (verbose) is specified, a message is printed every time this filter matches a packet, regardless

Chapter 5. Command Line Interface Reference 177The management IP address is separate from the IP address used for IP address translation. The IP addr

178 Chapter 5. Command Line Interface ReferenceIf the router has two physical Ethernet interfaces (an Ethernet hub router), the port number (0 or 1) m

Chapter 5. Command Line Interface Reference 179ETH IP RIPMULTICASTChanges the multicast address for RIP-1 compatible and RIP-2 packets. The default a

18 Chapter 1. Router Concepts¥ Routing is performed to all remote routers entered into the remote router database. All routing can be enabled or disa

180 Chapter 5. Command Line Interface ReferenceETH IPX DISABLEDisables IPX routing across the Ethernet LAN. This acts as a master switch allowing you

Chapter 5. Command Line Interface Reference 181ETH LISTLists information about the Ethernet interfaces including the status of bridging and routing,

182 Chapter 5. Command Line Interface ReferenceRemote Router Access ConÞguration (REMOTE)The following commands allow you to add, delete, and modify r

Chapter 5. Command Line Interface Reference 183REMOTE ADDAdds a remote router entry into the remote router database.REMOTE ADDHOSTMAPPINGRemaps a ran

184 Chapter 5. Command Line Interface Referenceipaddr IP address of the remote network or station (4 decimals separated by periods). ipnetmask IP netw

Chapter 5. Command Line Interface Reference 185REMOTE ADDIPXSAPAdds an IPX SAP to the server information table for a service on the LAN network conne

186 Chapter 5. Command Line Interface ReferenceREMOTE BINDIPVIRTUALROUTEAdds a remote route to the named IP virtual routing table.To list the remote r

Chapter 5. Command Line Interface Reference 187REMOTE DELATMNASPThis command deletes the ATM snap setting.REMOTE DELENCRYPTIONDeletes encryption file

188 Chapter 5. Command Line Interface ReferenceREMOTE DELIPXROUTEDeletes an IPX address for a network on the LAN connected beyond the remote router. N

Chapter 5. Command Line Interface Reference 189REMOTE DELOURPASSWDRemoves the unique CHAP or PAP authentication password entries established by the c

Chapter 1. Router Concepts 19 Configuring Your Telephony Services Router models are available to support telephony services over both ATM and Frame

190 Chapter 5. Command Line Interface ReferenceREMOTE DISABLEDisables communications with the remote router. This command allows you to enter routers

Chapter 5. Command Line Interface Reference 191REMOTE ENABLEEnables communications with the remote router. This command allows you to activate the en

192 Chapter 5. Command Line Interface ReferenceIf no line number is specified, the filter is appended to the end of the list; otherwise, it is appende

Chapter 5. Command Line Interface Reference 193To see the messages, Telnet to the router and enter system log start. The watch does not continue afte

194 Chapter 5. Command Line Interface Reference-dm <dest ip mask>The filter uses the specified mask when comparing the <first dest ip addr>

Chapter 5. Command Line Interface Reference 195The remote name specifies the entry in the remote router database that the command applies to. The rem

196 Chapter 5. Command Line Interface Reference Receive IP RIP from this dest... no Receive IP default route by RIP... no Keep this IP dest

Chapter 5. Command Line Interface Reference 197 Receive IP RIP from this dest... rip-1 compatible Receive IP default route by RIP... no Ke

198 Chapter 5. Command Line Interface ReferenceREMOTE LISTPHONESLists the PVC numbers available for connecting to the remote router.Note: If the remot

Chapter 5. Command Line Interface Reference 199REMOTE SETBROPTIONSSets controls on the bridging process.Warning: Do not change this setting without a

2 January 2000 Copyright Efficient Networks provides this publication Òas isÓ without warranty of any kind, either expressed or implied, including,

20 Chapter 1. Router Concepts PAP/CHAP Security Authentication The router supports PAP (Password Authentication Protocol) and CHAP (Challenge Handsha

200 Chapter 5. Command Line Interface ReferenceREMOTE SETENCRYPTION (RFC 1969 Encryption)This command is used to specify a PPP DES (Data Encryption St

Chapter 5. Command Line Interface Reference 201REMOTE SETIPOPTIONSRIP is a protocol used for exchanging IP routing information among routers. The fol

202 Chapter 5. Command Line Interface ReferenceREMOTE SETIPSLAVEPPPIf SetIPSlaveModePPP is yes, the router will accept the IP address that the remote

Chapter 5. Command Line Interface Reference 203REMOTE SETMGMTIPADDRThis command assigns to the remote router entry an IP address which is to be used

204 Chapter 5. Command Line Interface ReferenceREMOTE SETOURSYSNAMESets a unique CHAP or PAP authentication system name for the local router that is u

Chapter 5. Command Line Interface Reference 205REMOTE SETIPSLAVEPPPIf SetIPSlaveModePPP is yes, the router will accept the IP address that the remote

206 Chapter 5. Command Line Interface ReferenceREMOTE SETSRCIPADDRSets the IP address for the target WAN connection to the remote router. You may set

Chapter 5. Command Line Interface Reference 207REMOTE STATSCLEARAllows the user to reset the statistics counter for a given remote router.REMOTE UNBI

208 Chapter 5. Command Line Interface ReferenceAsymmetric Digital Subscriber Line Commands (ADSL)The following ADSL commands are used to manage the AD

Chapter 5. Command Line Interface Reference 209ADSL STATSShows the current error status for the ADSL connection.adsl stats [clear]clear Option used t

Chapter 1. Router Concepts 21 Authentication Process The authentication process occurs regardless of whether a remote router connects to the local ro

210 Chapter 5. Command Line Interface ReferenceAsynchronous Transfer Mode Commands (ATM)The following ATM commands are used to manage the ATM link for

Chapter 5. Command Line Interface Reference 211ATM SPEEDSets the speed of the ATM link in kilobits per second. This command is similar to atm pcr (sp

212 Chapter 5. Command Line Interface ReferenceDMT CommandsThe command manages the ADSL DMT router. To see additional DMT debug commands, see ADSL DMT

Chapter 5. Command Line Interface Reference 213Dual-Ethernet Router Commands (ETH)The following Ethernet commands are used to manage the Ethernet int

214 Chapter 5. Command Line Interface ReferenceETH IP ADDHOSTMAPPINGRemaps a range of local LAN IP addresses to a range of public IP addresses on a pe

Chapter 5. Command Line Interface Reference 215ETH IP DELHOSTMAPPING Undoes an IP address/ host translation (remapping) range that was previously est

216 Chapter 5. Command Line Interface ReferenceETH IP TRANSLATEThis command is used to control Network Address Translation on a per-interface basis. I

Chapter 5. Command Line Interface Reference 217High-Speed Digital Subscriber Line Commands (HDSL)The following HDSL commands are used to manage the H

218 Chapter 5. Command Line Interface ReferenceHDSL SPEEDCO end: Sets the speed manually on the Central Office (CO) end only. CPE end: The router on

Chapter 5. Command Line Interface Reference 219hdsl terminal cpe defines the CPE end (default configuration)hdsl terminal co defines the CO end.hdsl

22 Chapter 1. Router Conceptsrouter. This allows you to set a unique CHAP or PAP authentication password for authentication of the local site by the r

220 Chapter 5. Command Line Interface ReferenceISDN Digital Subscriber Line (IDSL)General Information about IDSLttttData Link Connection Identifier (D

Chapter 5. Command Line Interface Reference 221ISDN SET SWITCHSpecifies link speeds of 64, 128, or 144 Kbps for the IDSL connection.REMOTE SETDLCIThi

222 Chapter 5. Command Line Interface ReferenceSDSL CommandsThe commands in this section can manage the Symmetric Digital Subscriber Line (SDSL) link

Chapter 5. Command Line Interface Reference 22303/09/1998-17:15:19:DOD: connecting to co @ 0*38 over ATM-VC/103/09/1998-17:15:35:DOD: link to co over

224 Chapter 5. Command Line Interface ReferenceSDSL commands:? help eocsave speed st

Chapter 5. Command Line Interface Reference 225¥ Manually set the speed (sdsl speed <speed>)¥ Override auto-speed detection (sdsl speed noauto)

226 Chapter 5. Command Line Interface Reference Remote Out-of-frame... 16 Remote HEC errors... 0 EOC disabledNote: For an SDSL statistics examp

Chapter 5. Command Line Interface Reference 227DHCP (Dynamic Host Configuration Protocol) CommandsThe following DHCP commands allow you to:¥ Enable a

228 Chapter 5. Command Line Interface ReferenceDHCP BOOTP ALLOW Allows a BootP request to be processed for a particular client or subnet.DHCP BOOTP DI

Chapter 5. Command Line Interface Reference 229DHCP BOOTP TFTPSERVER Specifies the TFTP server (boot server).DHCP CLEAR ADDRESSESClears the values fr

Chapter 1. Router Concepts 23Interoperability Between the Router and Other EquipmentThe router uses industry-wide standards to ensure compatibility wi

230 Chapter 5. Command Line Interface ReferenceNote: The client does not get updated; it will still have the old value.DHCP CLEAR VALUEOPTION Clears

Chapter 5. Command Line Interface Reference 231DHCP ENABLE Enables a subnetwork or a client lease.DHCP LISTLists global, subnetwork, and client lease

232 Chapter 5. Command Line Interface ReferenceDHCP LIST DEFINEDOPTIONSLists all available predefined and user-defined options.Note: For description o

Chapter 5. Command Line Interface Reference 233Response:code TIMEOFFSET (2), 1 occurrence, type LONGcode GATEWAY (3), 1 to 63 occurrences, type IPADD

234 Chapter 5. Command Line Interface ReferenceDHCP LIST LEASE Lists the lease time.DHCP RELAY Lets the router relay DHCP or BootP requests to a DHCP

Chapter 5. Command Line Interface Reference 235DHCP SET ADDRESSES Creates or changes a pool of IP addresses that are associated with a subnetwork.DHC

236 Chapter 5. Command Line Interface ReferenceDHCP SET OTHERSERVERThis command instructs the routerÕs DHCP server to either continue or stop sending

Chapter 5. Command Line Interface Reference 237DHCP SET MASKUsed to conveniently change the mask of a DHCP subnet without having to delete and recrea

238 Chapter 5. Command Line Interface ReferenceL2TP Ñ Virtual Dial-Up Configuration (L2TP)The following L2TP commands allow you to add, delete, and mo

Chapter 5. Command Line Interface Reference 239L2TP SET AUTHENEnables or disables authentication of the remote router during tunnel establishment usi

24 Chapter 1. Router Concepts¥ RFC 1877 Automatic IP / DNS¥ RFC 1962 PPP Compression Control Protocol (CCP)¥ RFC 1969 DES¥ RFC 1973 PPP in Frame Re

240 Chapter 5. Command Line Interface ReferenceL2TP CLOSECloses an L2TP tunnel and/or session.L2TP DELDeletes a tunnel entry.L2TP FORWARDThe router ca

Chapter 5. Command Line Interface Reference 241L2TP LISTProvides a complete display of the current conÞguration settings for tunnel(s), except for th

242 Chapter 5. Command Line Interface ReferenceL2TP SET HIDDENAVPConÞgures the router to protect some L2TP control information (such as names and pass

Chapter 5. Command Line Interface Reference 243Note: If this command is not used, then, if it has been speciÞed, the <name> from the l2tp set o

244 Chapter 5. Command Line Interface ReferenceL2TP SET WINDOWEnhances trafÞc performance in a tunneling environment. The commandÕs options affect the

Chapter 5. Command Line Interface Reference 245Note: The remote entry must also have appropriate information such as PPP authentication, IP routing,

246 Chapter 5. Command Line Interface ReferenceBridge Filtering Commands (FILTER BR) Bridge filtering allows you to control the packets transferred ac

Chapter 5. Command Line Interface Reference 247FILTER BR LISTLists the bridging filters in the filtering database. FILTER BR USESets the mode of filt

248 Chapter 5. Command Line Interface ReferenceInternet Key Exchange (IKE) CommandsThe IKE software option and the IKE commands are described in IPSec

Chapter 5. Command Line Interface Reference 249IKE IPSEC POLICIES ENABLEEnables an IPSec policy. An enable command is required for each new policy; t

Chapter 1. Router Concepts 250x0021 IP0x002d Van Jacobson compressed TCP/IP0x002f Van Jacobson uncompressed TCP/IP0x8031 Bridge NCP0x0031 Bridge Fram

250 Chapter 5. Command Line Interface ReferenceIKE IPSEC POLICIES SET DESTPORTDefines a destination port filtering parameter value for the policy. The

Chapter 5. Command Line Interface Reference 251IKE IPSEC POLICIES SET PROPOSALDefines a proposal filtering parameter value for the policy. The propos

252 Chapter 5. Command Line Interface ReferenceIKE IPSEC POLICIES SET SOURCEPORTDefines a source port filtering parameter value for the policy. The so

Chapter 5. Command Line Interface Reference 253# ike ipsec proposals listIKE IPSEC PROPOSALS:myproposal ESP encryption: 3DES ESP authentication: SH

254 Chapter 5. Command Line Interface ReferenceProposalName Name of the IPsec proposal to which the ESP authentication parameter is added. To see the

Chapter 5. Command Line Interface Reference 255For more information on proposal parameters, see IKE IPSec Proposal Commands, on page 125.ike ipsec pr

256 Chapter 5. Command Line Interface Referenceike peers listExample:# ike peers listIKE Peers:IKE Peers:my_aggressive_peer IP address = 0.0.0.0 pre

Chapter 5. Command Line Interface Reference 257PeerName Name of the IKE peer whose local ID is specified. To see the peer names, use the ike peers li

258 Chapter 5. Command Line Interface ReferenceAggressiveModeID IP address (4 decimals separated by periods), domain name, or e-mail address.PeerName

Chapter 5. Command Line Interface Reference 259IKE PROPOSALS DELETEDeletes an existing IKE proposal. See IKE Proposal Commands, on page 125.ike propo

26 Chapter 1. Router ConceptsMAC Encapsulated Routing: RFC 1483MER (ATM) or RFC 1490MER (Frame Relay)MER encapsulation allows IP packets to be carried

260 Chapter 5. Command Line Interface ReferenceIKE PROPOSALS SET ENCRYPTIONSets the IKE proposal parameter that requests ESP encryption and specifies

Chapter 5. Command Line Interface Reference 261IKE PROPOSALS SET SESSION_AUTHSets the IKE proposal parameter that specifies the session authenticatio

262 Chapter 5. Command Line Interface ReferenceExample: ipsec disable show_rxIPSEC ENABLEEnables a defined IPSec SA entry, indicating it is complete a

Chapter 5. Command Line Interface Reference 263 BOTH 3DES key=012345678901234567890123456789012345678901234567 SHA1 key=abcdefabcdefabcdefabcd

264 Chapter 5. Command Line Interface ReferenceIPSEC SET DIRECTIONDefines the direction of the IPSec SA.ipsec set direction <INBOUND | OUTBOUND>

Chapter 5. Command Line Interface Reference 265Example: ipsec set gateway 207.135.89.233 show_rxIPSEC SET IDENTSpecifies the identifier (SPID) for th

266 Chapter 5. Command Line Interface Reference

Chapter 6. Managing the Router 267Chapter 6. Managing the RouterThis chapter describes the options available for booting software, tells you how to up

268 Chapter 6. Managing the RouterTelnet Remote AccessThe router supports Telnet access. Telnet allows you to log in to the router as if you are direc

Chapter 6. Managing the Router 269BootP Server BootP is the Bootstrap Protocol server; it is installed on your PC with the DSL Tools software.The Boot

Chapter 1. Router Concepts 27L2TP Tunneling DatabaseATOM.DATSDSL.DATDMT.DATIPSEC.DATIKE.DATAUTOEXEC.BAT : Autoexec file of commands to run on next reb

270 Chapter 6. Managing the RouterTo return to automatic boot mode1. When you are ready to return to automatic boot mode, set switch 6 up. 2. Reboot b

Chapter 6. Managing the Router 271¥ the router software filename on the server The boot IP address is the router LAN IP address used during the boot p

272 Chapter 6. Managing the RouterIf the date is set to zero, the real-time clock is disabled for long-term storage.The time and date fields are overw

Chapter 6. Managing the Router 273Identifying Fatal Boot FailuresFatal boot failures can be identified by the LEDs light patterns displayed on the fro

274 Chapter 6. Managing the Routerthe network into the routerÕs FLASH memory. When it first connects to the router, the GUI backs up all the files to

Chapter 6. Managing the Router 275copy [email protected]:sfilename kernel.f2ksync where xxx.xxx.xxx.xxx is the TFTP server IP address, SFILENAME is

276 Chapter 6. Managing the RouterBackup and Restore ConÞguration FilesTo successfully save configuration files to the server, those files must alread

Chapter 6. Managing the Router 277FLASH Memory Recovery ProceduresRecovering Kernels for Routers with Configuration SwitchesIn the unlikely event that

278 Chapter 6. Managing the RouterRecovering Kernels for Routers with a Reset ButtonA router that fails to boot may be an indication that the kernel

Chapter 6. Managing the Router 27912. Select a kernel file and click OK.Wait until the file is copied, and click Yes to reboot the rooter.Recovering P

28 Chapter 1. Router Concepts

280 Chapter 6. Managing the Router¥ Select the Tools | Execute Script menu item and choose the script file you just prepared. When you click OK, the s

Chapter 7. Troubleshooting 281Chapter 7. Troubleshooting Software problems usually occur when the routerÕs software configuration contains incomplete

282 Chapter 7. TroubleshootingOnce the router is in Ready State, the other LEDs may indicate transmitting and receiving activity as follows:¥ The WAN

Chapter 7. Troubleshooting 283Accessing History Log through Configuration Manager1. Select Tools and Terminal Window (the console cable is required).2

284 Chapter 7. TroubleshootingInterpretation and Troubleshooting To isolate a problem with the TCP/IP protocol, perform the following three tests:1. T

Chapter 7. Troubleshooting 285Investigating Software ConÞguration ProblemsThis section suggests what to do if you cannot:¥ connect to the router.¥ log

286 Chapter 7. Troubleshooting5. Change your login password to a new password.6. Store the configuration and reboot the router.Note: If you do not res

Chapter 7. Troubleshooting 287¥ Check that you are using an Ethernet cable.¥ Check that IP routing is enabled at both ends.¥ The IP address must be wi

288 Chapter 7. Troubleshooting¥ Check the frame types using the eth list command (page 181) and ensure that they are the same on both routers.¥ Check

Chapter 7. Troubleshooting 289frame voice Displays the voice DLCI.frame voice <x> Changes the voice DLCI to the specified number x.frame stats S

Chapter 2. Planning for Router Configuration 29Chapter 2. Planning for Router ConÞgurationThis chapter describes the terminology and the information

290 Chapter 7. TroubleshootingSystem MessagesSystem messages are displayed on the terminal and sent to a log file (if you have opened one). The messag

Chapter 7. Troubleshooting 291Duplicate IPX SAP <SAP number> to <router/user>Explanation: There exist two IPX SAPs for the same IPX destin

292 Chapter 7. TroubleshootingRemote on <interface> refuses to authenticate with usExplanation: The remote destination refused to participate in

Chapter 7. Troubleshooting 293Debugging CommandsThe following commands may be available for debugging purposes. Please use them with caution because t

294 Chapter 7. TroubleshootingThe information dumped includes the history log and information about the version, memory, processes, the file system, g

Chapter 7. Troubleshooting 295factory.htm Resets all values to factory defaults.dump.htm Shows all values.SDSL Debug Commandssdsl *Displays all availa

296 Chapter 7. TroubleshootingSDSL State Trace [00000001]: states => s# sdsl states trace allSDSL State Trace [00000000]: offsdsl huhDumps various

Chapter 7. Troubleshooting 297ds cas 1ds cas 2ds ploop 1-2ADSL DMT Router Debug Commandsdmt *Displays the available DMT commands.dmt verDisplays the c

298 Chapter 7. TroubleshootingPrints the ATM statistics every n seconds. It shows good and bad cells and frames.IP Filtering Debug CommandsThe followi

Appendix A. Network Information Worksheets 299Appendix A. Network Information WorksheetsTo configure the target (local) router, you need to fill out o

3 WhatÕs New in Release 4? This version of the Command Line Interface (CLI) manual has been updated to document features available with Release 4 o

30 Chapter 2. Planning for Router ConfigurationEssential ConÞguration InformationThis section describes the configuration information associated with

300 Appendix A. Network Information WorksheetsConfiguring PPP with IP RoutingPPP with IP Routing Steps Commands Your settingsSystem SettingsSystem Nam

Appendix A. Network Information Worksheets 301Configuring PPP with IPX Routing PPP with IPX Routing Steps Commands Your SettingsSystem SettingsSystem

302 Appendix A. Network Information WorksheetsConfiguring PPP with BridgingPPP with Bridging Steps Commands Your SettingsSystem SettingsSystem Name sy

Appendix A. Network Information Worksheets 303Configuring RFC 1483 / RFC 1490 with IP RoutingRFC 1483 / RFC 1490 with IP Routing Steps Commands Your S

304 Appendix A. Network Information WorksheetsConfiguring RFC 1483 / RFC 1490 with IPX RoutingRFC 1483 / RFC 1490 with IPX Routing Steps Commands Your

Appendix A. Network Information Worksheets 305Configuring RFC 1483 / RFC 1490 with BridgingRFC 1483 / RFC 1490 with Bridging Steps Commands Your Setti

306 Appendix A. Network Information WorksheetsConfiguring RFC 1483MER / RFC 1490MER with IP Routing RFC 1483MER/RFC 1490MER with IP Routing Steps Comm

Appendix A. Network Information Worksheets 307Configuring FRF8 with IP RoutingRFC 1483FR with IP Routing Steps Commands Your SettingsSystem SettingsSy

308 Appendix A. Network Information WorksheetsConfiguring a Dual-Ethernet Router for IP RoutingThis table outlines commands used to configure a Dual-E

Appendix B. Configuring IPX Routing 309Appendix B. ConÞguring IPX RoutingIPX Routing ConceptsTo establish IPX Routing, you will need to enter all remo

Chapter 2. Planning for Router Configuration 31PPP Link Protocol (over ATM or Frame Relay)The PPP Link Protocol is an encapsulation method that can b

310 Appendix B. Configuring IPX RoutingStep 1: Collect Your Network Information for the Target (Local) RouterThe remote side of the WAN link has all o

Appendix B. Configuring IPX Routing 311Step 2: Review your SettingsCommands used to review your IPX configuration:Ð eth listÐ remote listÐ ipxsa

312 Appendix B. Configuring IPX Routing

Accessing the Command Line Interface 313Appendix C. Accessing the Command Line InterfaceThThis section provides step-by-step instructions on how to co

314 Accessing the Command Line InterfaceTo access the terminal window from within the Quick Start application, click Tools and Terminal Window from th

315IndexNumerics3DES encryption, 126, 254Aaccessing the Command Line Interface, 313address translation, 91ADPCM voice encoding, 18ADSL DMT router de

316 debugging, 293delete, 147dhcp ?, 227dhcp add, 227dhcp bootp allow, 228dhcp bootp disallow, 228dhcp bootp file, 228dhcp bootp tftpserver, 229dhcp

317ike ipsec proposals set lifedata, 254ike ipsec proposals set lifetime, 255ike peers add, 255ike peers delete, 255ike peers list, 255ike peers set

318 remote enable, 191remote enaBridge, 191remote ipfilter, 191remote list, 195remote listBridge, 196remote listIpRoute, 196remote listIpxroutes, 197

319Router, 152configuration examplesIKE aggressive mode, 131IKE main mode, 128PPP with IP and IPX, 59RFC 1483 with IP and Bridging, 67configuration

32 Chapter 2. Planning for Router Configuration¥ DNS Internet Account Information (optional)This information is obtained from your Network Service Pro

320 GG_DMT mode setting, 297G_LITE mode setting, 297Hhistory log, 282host mapping, 95IIAD, 18IKEcommand formats, 248IPSec policy commands, 127IPSec p

321test, 57IP routing table, 77defining, 154deleting, 159moving, 163IP subnets, 76IP virtual router support, 77IP virtual routing, 169, 179, 186, 20

322 passwords for sample configuration, 66PCM voice encoding, 18peer commands, IKE, 123ping command, 141, 283policy commands, IKE, 123port translatio

323IP routing, 286IPX routing, 287login password, 285normal LED sequence, 282PC connection, 285power light off, 281remote network access, 286termina

Chapter 2. Planning for Router Configuration 33IPX Routing Network Protocol¥ System Names and Authentication PasswordsFor the Target RouterThis infor

34 Chapter 2. Planning for Router ConfigurationInternal Network NumberIt is a logical network number that identifies an individual Novell server. It i

Chapter 2. Planning for Router Configuration 35Bridging Network Protocol ¥ System Names and Authentication PasswordsFor the Target RouterThis informa

36 Chapter 2. Planning for Router ConfigurationRFC 1483/RFC 1490 Link ProtocolsThe Link Protocol RFC 1483 is a multiprotocol encapsulation method over

Chapter 2. Planning for Router Configuration 37TCP/IP Ethernet RoutesYou normally do not need to define an Ethernet IP route. An Ethernet IP route co

38 Chapter 2. Planning for Router ConfigurationInternal Network NumberThis is a logical network number that identifies an individual Novell server. It

Chapter 2. Planning for Router Configuration 39¥ DNS Internet Account Information (optional)This information is obtained from the Network Service Pro

4 ¥ Clear command to reset filter counters.¥ Watch message control via -q (quiet) and -v (verbose) parameters. See page 99 to read about:Software Op

40 Chapter 2. Planning for Router Configuration¥ DNS second server address¥ DNS domain nameNote: If you intend to only connect to the Internet, enter

Chapter 2. Planning for Router Configuration 41FRF8 Link ProtocolThe FRF8 Link Protocol is an encapsulation method that allows an ATM router to inter

42 Chapter 2. Planning for Router ConfigurationFor the ATM WAN Interface This information is obtained from the Network Administrator or the Network Se

Chapter 2. Planning for Router Configuration 43Configuring the Dual-Ethernet Router for IP RoutingThe eth commands are used to configure the Dual-Eth

44 Chapter 3. Configuring Router SoftwareChapter 3. ConÞguring Router SoftwareThis chapter covers configuration tables and verifying the router config

Chapter 3. Configuring Router Software 45ConÞguration TablesThe following tables give you step-by-step instructions for standard configurations of th

46 Chapter 3. Configuring Router SoftwareConfiguring PPP with IP Routing This table outlines configuration commands for the PPP Link Protocol with the

Chapter 3. Configuring Router Software 47Configuring PPP with IPX Routing This table outlines configuration commands for the PPP Link Protocol with t

48 Chapter 3. Configuring Router SoftwareConfiguring PPP with Bridging This table outlines configuration commands for the PPP Link Protocol with the B

Chapter 3. Configuring Router Software 49Configuring PPP over Ethernet (PPPoE) This table outlines configuration commands for the PPP Link Protocol w

About This Guide The Command Line Interface guide contains information on the syntax and use of the Command Line Interface for the family of DSL ro

50 Chapter 3. Configuring Router SoftwareConfiguring RFC 1483 / RFC 1490 with IP Routing This table outlines configuration commands for the RFC 1483 a

Chapter 3. Configuring Router Software 51Configuring RFC 1483 / RFC 1490 with IPX Routing This table outlines configuration commands for the RFC 1483

52 Chapter 3. Configuring Router SoftwareConfiguring RFC 1483 / RFC 1490 with Bridging This table outlines configuration commands for the RFC 1483 and

Chapter 3. Configuring Router Software 53Configuring MAC Encapsulated Routing: RFC 1483MER / RFC 1490MER with IP Routing This table outlines configur

54 Chapter 3. Configuring Router SoftwareConfiguring FRF8 with IP Routing This table outlines configuration commands for the FRF8 Link Protocol with t

Chapter 3. Configuring Router Software 55Configuring Mixed Network Protocols Several network protocols can be configured concurrently in the same rou

56 Chapter 3. Configuring Router SoftwareConfiguring a Dual-Ethernet Router for IP RoutingThis table outlines commands used to configure a Dual-Ethern

Chapter 3. Configuring Router Software 57Verify the Router ConÞgurationTest IP RoutingTest IP Routing over the Local Ethernet LAN (from PC) ¥ Use the

58 Chapter 3. Configuring Router SoftwareTest IPX RoutingOne way to test IPX routing is to check for access to servers on the remote LAN. Under Window

Chapter 3. Configuring Router Software 59Sample ConÞgurationsSample Configuration 1: PPP with IP and IPX This configuration example comprises:¥ A sce

6 About This Guide References User Guide. Contains an overview of the routerÕs software and hardware features and details on hardware installation

60 Chapter 3. Configuring Router SoftwareSample Configuration 1: Diagram for Target Router (SOHO)Small Home Office SOHO (Target/Local Router)

Chapter 3. Configuring Router Software 61Sample Configuration 1: Tables for Target Router (SOHO) SOHO System SettingsConÞguration SectionItem Command

62 Chapter 3. Configuring Router SoftwareNote: Fill in one worksheet for each remote router in the remote router database.SOHO Remote Router DatabaseE

Chapter 3. Configuring Router Software 63SOHO Remote Router DatabaseEntry: ISPConÞguration SectionItem CommandsRemote RoutersNew Entry Remote RouterÕ

64 Chapter 3. Configuring Router SoftwareSample Configuration 1: Check the Configuration with the LIST CommandsType the following commands to obtain a

Chapter 3. Configuring Router Software 65 Total IPX remote routes... 0 Total IPX SAPs... 0 Bridging enabled...

66 Chapter 3. Configuring Router SoftwareInformation About Names and Passwords for Sample Configuration 1In this configuration example, the PPP Link P

Chapter 3. Configuring Router Software 67Sample Configuration 2: RFC 1483 with IP and Bridging This configuration example comprises:¥ A scenario desc

68 Chapter 3. Configuring Router SoftwareSample Configuration 2: Diagram for Target Router SOHOSmall Home Office SOHO (Target Router)

Chapter 3. Configuring Router Software 69Sample Configuration 2 : Tables for Target Router (SOHO) SOHO System SettingsConÞguration Section Item Comma

7 Table of Contents WhatÕs New in Release 4? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

70 Chapter 3. Configuring Router SoftwareSOHO Remote Router DatabaseEntry: ISPConÞguration SectionItem CommandsRemote RoutersNew Entry Remote RouterÕs

Chapter 3. Configuring Router Software 71Sample Configuration 2: Check the Configuration with the LIST Commandssystem listGENERAL INFORMATION FOR <

72 Chapter 3. Configuring Router Software Compression Negotiation... off Source IP address/subnet mask... 192.168.200.20/255.255.255

Chapter 3. Configuring Router Software 73Sample Configuration 3: Configuring a Dual-Ethernet Router for IP RoutingScenario:The following example prov

74 Chapter 3. Configuring Router Software

Chapter 4. Configuring Special Features 75Chapter 4. ConÞguring Special FeaturesThe features described in this chapter are advanced topics. They are p

76 Chapter 4. Configuring Special FeaturesMultiple IP SubnetsYou may configure the router to provide access to multiple IP subnets on the Ethernet net

Chapter 4. Configuring Special Features 77Virtual Routing TablesThe virtual routing feature allows you to define multiple routing tables. This is also

78 Chapter 4. Configuring Special FeaturesBridge Filtering and IP Firewall You can control the flow of packets across the router using bridge filterin

Chapter 4. Configuring Special Features 79Enable/Disable Internet Firewall FilteringThe router supports IP Internet Firewall Filtering to prevent unau

8Configuring RFC 1483 / RFC 1490 with IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Configuring RFC 1483 / RFC 149

80 Chapter 4. Configuring Special FeaturesIP (RIP) Protocol ControlsYou can configure the router to send and receive RIP packet information, respectiv

Chapter 4. Configuring Special Features 81DHCP (Dynamic Host ConÞguration Protocol)This section describes how to configure DHCP using the Command Line

82 Chapter 4. Configuring Special FeaturesDHCP Administration and ConfigurationThe DHCP administration and configuration process is divided into the f

Chapter 4. Configuring Special Features 83dhcp add <net> <mask>To remove a subnetwork, use:dhcp del <net> Note: All client leases as

84 Chapter 4. Configuring Special Features¥ Adding Explicit or Dynamic Client LeasesClient leases may either be created dynamically or explicitly. Usu

Chapter 4. Configuring Special Features 853. If the client and subnetwork lease options are both ÒdefaultÓ, then the server goes up one level (global)

86 Chapter 4. Configuring Special FeaturesConceptsThe server returns values for options explicitly requested in the client request. It selects the val

Chapter 4. Configuring Special Features 87Commands for Specific Option Values for a Client LeaseTo set the value for an option associated with a speci

88 Chapter 4. Configuring Special FeaturesEnable/Disable BootPTo allow BootP request processing for a particular client/subnet, use the command:dhcp b

Chapter 4. Configuring Special Features 89Usually users will not need to define their own option types. The list of predefined option types based on R

9Filter Actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .104IP

90 Chapter 4. Configuring Special FeaturesBootP/DHCP Relays are enabled and disabled using the command:system bootpserverDHCP Information FileDHCP inf

Chapter 4. Configuring Special Features 91Network Address Translation (NAT)The router supports classic NAT (one NAT IP address assigned to one PC IP a

92 Chapter 4. Configuring Special Features¥ Obtain an IP Address for NATThe IP address (the IP address ÒknownÓ by the remote ISP) used for this type o

Chapter 4. Configuring Special Features 93Example 1:Assume that the local LAN network is 192.168.1.0 255.255.255.0. The following commands are typed t

94 Chapter 4. Configuring Special FeaturesThe following two commands are used to globally enable/disable a local IP address (on your LAN) as the serve

Chapter 4. Configuring Special Features 956. RouterÕs IP address Ñ The local router selects itself (the local router) as the server.Classic NAT With c

96 Chapter 4. Configuring Special Features¥ Multiple-Host Remapping EntriesUsers may enter as many host remapping entries as they wish.Example:remote

Chapter 4. Configuring Special Features 97Controlling Remote Management With the following security control features, the user can control remote mana

98 Chapter 4. Configuring Special FeaturesTo delete client ranges previously defined, use these commands:system deltelnetfilter <first ip addr>

Chapter 4. Configuring Special Features 99Software Option KeysThis router has several optional software features that can be purchased as software opt