GW7300 Series User Manual
Contents
1. root VA_router cd etc configl root VA_router etc configl Note if the specified directory is actually a link to a directory the real directory will be shown in the prompt To remove the contents of the current folder use root VA_router etc configl rm f Warning the above command makes irreversible changes To remove the contents of a specific folder regardless of the current folder use root VA_router wm E ece eomelgil To copy the contents of one folder into another for example config2 into configl use Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 25 of 258 6 1 8 6 1 9 6 1 10 6 File system root VA_router cp etc config2 etc configl Editing files The config can be edited using uci commands or via the web GUI Processes and jobs To view scheduled jobs enter root VA_router crontab 1 Note currently there are no scheduled jobs To view running processes enter root VA_router ps PID USER VSZ STAT COMMAND JL OO 1536 aLiqaLic 2 POOE 0 SW kthreadd S OOE 0 SW ksoftirqd 0 4 root 0 SW kworker 0 0 5 muele 0 SW kworker u 0 6 root 0 SW khelper 1796 root 1540 usr bin 1itfplugd i eth0 T 1 x lan 1879 root 7952 sbin dsl cpe control i n sbin dsl notify sh a tmp dsl scr 2017 root 1540 S usr bin atplugd i ethil TIT I x lan 21782. To copy the contents of one folder into another config2 into config1 enter root VA_router etc configl cp etc config2 etc configl I mage files The system allows for two firmware image files e imagel and e image2 Two firmware images are supported to enable the system to rollback to a previous firmware version if the upgrade of one fails The image names imagel image2 themselves are symbols that point to different partitions in the overall file system A special image name altimage exists which always points to the image that is not running The firmware upgrade system always downloads firmware to altimage Viewing files To view a text or configuration file in the system enter the cat command Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 24 of 258 6 1 7 6 File system root VA_router cat etc config dropbear config dropbear option PasswordAuth on option BannerFile etc banner option RootPasswordAuth yes option IdleTimeout 1800 opircilola lex ZZ To view files in the current folder enter 1s root VA_router ls bin etc Jade opt sbin usr bkrepos home Lime Drog sys var dev LALE mnt root tmp WWW Other common Linux commands are available such as top grep tail head more less Typical pipe and redirect operators are available gt gt gt Copying files To change current folder enter cd
3. aaa Nac O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 243 of 258 31 Diagnostics config forwarding option option option config rule option optio optio optio optio optio config rule n n n n n option option option option option option config rule optio optio optio optio optio n n n n eue lam dest wan interface Y family any name Allow DHCP Renew src wan interface jos eno ucla dest port 68 target ACCEPT camally ipy 4 name allow dns src wan_interface joe Egg ASS Or NE O target ACCEPT family ipv4 name Allow Ping src wan interface pueguo sen target ACCEPT family ipv4 list icmp type echo request config rule option option option option option option name SNMP trap src wan interface jesse wells cese ore Lo target ACCEPT family ipv4 O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 244 of 258 31 Diagnostics config rule option option option option option option option option option config rule option option option option option option config rule option option option option option option option name Allow DHCPv6 src wan interface sre ip uxegUss 109 sia pare 470 aora muela cest io aegUss i0 dest_por
4. Table 30 Event system link connection tester settings description 28 6 4 Supported targets There are four possible targets e Syslog target e Email target e SNMP target e Exec target 28 6 4 1 Syslog target When a syslog target receives an event it sends it to the configured syslog server config target option name syslogl option enabled yes option type syslog Qaoewem caveeic_ackle 192 1608 0 13514 4 option conn_tester tl The table below describes syslog target parameters Name Type Required Default Description Name of the target to be used in name String Yes None the forwarding section enabled Boolean Yes Yes Enable this target type String Yes Syslog Must be syslog for a syslog target IP IP Address and Port number to Y N nd th log m to If n target addr AddraescBon es one se d e syslog essage o o port is given 514 is assumed Name of the connection tester to ter trin N Non j conn_teste String 9 b use for this target Table 31 Event system syslog target settings description Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 208 of 258 28 Event system 28 6 4 2 Email target When an email target receives an event it sends address config target option option option option option option option option option option option option option option option option The table below describes email target parameter
5. atm bridge 0 atmdev 0 atm bridge 0 encaps llc atm bridge 0 payload bridged atm bridge 0 vci 35 atm bridge 0 vpi 0 Configuring an ADSL bridge connection via UCI The configuration file is stored at Network file etc config network To view the configuration file type the command uci export network config adsl device adsl option fwannex a option annex a option enabled yes Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 143 of 258 21 Configuring ADSL config atm bridge option option option option option option mie VO atmdev 0 payload bridged vol YS wer S9 encaps llc config interface Management option option option option option PROCTOR SEALEN ifname nas0 monitored 0 asgevewolohe 3805 9954 5 7 mewmmeek 255 255 255 192 to view uci commands type uci show network network network network network network network network network network network network network network network network network adsl fwannex a adsl annex a adsl enabled yes QGatm bridge 0 atm bridg atm bridge 0 unit 0 Qatm bridge Qatm bridge Qatm bridge Qatm bridge Qatm bridge anagem anagem anagem anagem anagem atmdev 0 payload bridged vpi 8 2wedz39 Y AE encaps llc nt interfac ent proto static ent ifname nas0 ent
6. Template description Report element Roll up scope Range Graphical scope Select data Select roll up scope Select range scope Is this data to be graphical Upper data value limit Lower data value limit Present data per site Present data as a percentage Upper limit Lower limit Per site Percentage Select a report Element Su YEAR X ve O Infinity Infinity Oo O Add data set Reset Save Figure 95 The add edit content template Enter a relevant name and description and then add values from the drop down menu or enter values for the parameters shown in the table below Parameter Description Default Options Select data Report element to display data on Average Latency Average Packet Loss Average Latency Average Availability Average Connection Strength Max Latency Max Packet Loss Max Latency Max Availability Max Connection Strength Select roll up scope Scope rollup period Year Month Week Day Hour Minute Second Select range scope Range of scope Year Month Week Day Hour Minute Second O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 218 of 258 29 Configuring SLA reporting on Monitor Is this data To display elements as graphs Tick or no tick to be graphical Upper data Infinity Integer value limit Lower data
7. Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 120 of 258 19 2 19 3 19 Configuring SNMP config agent option agentaddress UDP 161 tcp 161 9161 localhost system The options defined for this section are shown in the table below Name Type Required Description Specifies the address es and port s on which the agentaddress string yes agent should listen udp tcp port eaddress L Sets the system location system contact or system sysLocation string yes name for the agent This information is reported in the system group the mibll tree Ordinarily these objects sysLocation 0 sysContact 0 sysContact strin es g y and sysName 0 are read write However specifying the value for one of these objects by giving the appropriate token makes the sysName string yes corresponding object read only and attempts to set the value of the object will result in a notWritable error response A possible system configuration section is shown below config system option sysLocation Office 123 option sysContact Mr White option sysName Backup Access 4 com2sec This section is used to map SNMP community names into an arbitrary security name Mapping of community names into security names is done based on the community name and the source subnet The first source community combination that matches the incoming packet is used The options define
8. ls _ starcels Vine els sweessls mg timeout sec 10 from y example com to z example com subject template S severityName eventName body template eventName class subclass conn tester smtp server name snmp enabled yes type snmptrap community public tange cuelohe 192 188 100 2594 agemc_eacicle 192 168 100 10 conn_tester mon_server name logit enabled yes O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 213 of 258 28 Event system option type option cmd_template exec logger t eventer Sewell To view UCI commands enter uci show va_eventd root test va_eventd va_eventd va_eventd uci show va_eventd main va_eventd main enabled yes main event queue file tmp event buffer va eventd main event queue size 128K va_eventd forwarding 0 forwarding va_eventd forwarding 0 enabled yes va_eventd forwarding 0 className 12tp va eventd 8forwarding 0 eventName CannotFindTunnel va eventd 8forwarding 0 severity debug critical va eventd 8forwarding 0 target syslog va_eventd forwarding 1 forwarding va_eventd forwarding 1 enabled yes va_eventd forwarding 1 className mobile va eventd 8forwarding 1 severity notice critical va eventd 8forwarding 1 target snmp va eventd 8forwarding 2 forwarding va eventd forwarding 2 enabled yes va_eventd forwarding 2
9. Figure 55 The ATM bridges page Click Add The ATM Bridges page appears ATM Bridges ATM bridges expose encapsulated ethernet in AAL5 connections as virtual Linux network interfaces which can be used in conjunction with DHCP or PPP to dial into the provider network Delete zeneral Setup Advanced Settings ATM Virtual Channel Identifier VCI ATM Virtual Path Identifier VPI Encapsulation mode LLC z Add Figure 56 The ATM bridges general tab Select the General Setup tab In the Virtual Channel Identifier field type the VCI number In the ATM Virtual Path Identifier field type the VPI number In Encapsulation mode drop down menu select either LLC or VC Mux Select the Advanced Settings tab The ATM Bridges page appears ATM Bridges ATM bridges expose encapsulated ethernet in AAL5 connections as virtual Linux network interfaces which can be used in conjunction with DHCP or PPP to dial into the provider network Delete General Setup Advanced Setting ATM device number Bridge unit number Forwarding mode bridged z Add Save amp Apply Save Reset Figure 57 The ATM bridges advanced settings tab Leave the default ATM device number and the Bridge unit number set to O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 139 of 258 21 Configuring ADSL In the Forwarding mode drop down menu select bridged Click Save Click Add new interface the
10. Forwardings Rules that define what kind of events should be generated For example you might want an event to be created when an IPSec tunnel comes up or down Targets Define the targets to send the event to The event may be sent to a target via a syslog message a snmp trap or email Connection Define methods to test the target is reachable IP connectivity testers to a server and link state may be checked prior to sending events For example if you want to configure a snmp trap to be sent when an IPSec tunnel comes up you will need to e Define a forwarding rule for IPSec tunnel up events e Set an SNMP manager as the target e Optionally using a connection tester to ensure the SNMP manager is reachable Supported events Events have a class a name and a severity These three properties are used to fine tune which events to report Supported targets The table below describes the targets currently supported Target Description Syslog Event sent to syslog server Email Event sent via email Virtual Access 2015 GW7300 Series User Manua Issue 2 3 Page 204 of 258 28 4 28 5 28 6 28 6 1 28 Event system SNMP Event sent via SNMP trap Exec Command executed when event occurs Table 25 Event system supported targets The attributes of a target vary significantly depending on its type Supported connection testers The table below describes the m
11. Infinity Integer value limit Present Tick or no tick data per site Present Tick or no tick data asa percentage Table 35 Parameters for content template If you want the data to be displayed as graphical click the Is this data to be graphical checkbox Enter relevant parameters for upper and lower data limits The default is and infinity If you require click the Present data per site checkbox and the Present data as a percentage checkbox You must add the content template parameters for each report element The figure below details the settings required for Avg Latency data Add Edit Content Template Template name Fest Template description Test E nonan Graphical Upper limit Lower limit Per site Percentage element scope scope Select data Avg Latency Select roll up scope HOUR Select range scope DAY Is this data to be graphical Upper data value limit Infinity Lower data value limit Infinity Present data per site Ej Present data as a percentage C Add data set Figure 96 Example of Avg latency parameters When you have entered all the parameters you require click Add data set Repeat the process for Avg Connection strength Avg Packetloss and Avg Latency O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 219 of 258 29 3 29 Configuring SLA reporting on Monitor The tem
12. Select the Firewall Settings tab The Interfaces name of new interface page appears Common Configuration General Setup Advanced Settings Physical Settings Create Assign firewall zone cu femp E Choose the firewall zone you want to assign to this interface Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it Figure 60 The interfaces page firewall settings tab To add the ADSL interface into wan firewall zone select Create Assign Click Save amp Apply Configuring ADSL via UCI Configuring an ADSL PPPoA connection via UCI The configuration file is stored at Network file etc config network To view the configuration file type the command uci export network config adsl device adsl option fwannex a option annex a option Enabled yes config interface ADSL option proto pppoa option encaps vc option atmdev 0 Gp wea S3 ojicliam wos 0 option username test5 pppoa com option password test5 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 141 of 258 21 8 2 to view uci commands type uci show network network adsl fwannex a network adsl annex a network adsl Enabled yes network ADSL interface network ADSL proto pppoa network ADSL encaps vc network ADSL atmdev 0 network ADSL vpi 0 network ADSL username test5 pp
13. vacmd set next image imagel image2 altimage root VA_router reboot To retrieve new firmware from Activator enter root VA_router vacmd hdl img altimage root VA_router vacmd set next image altimage root VA_router reboot Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 36 of 258 8 Management configuration settings 8 Management configuration settings This section details the configuration sections and parameters which are required to manage and monitor the device using Activator and Monitor Activator is a Virtual Access proprietary provisioning system where specific router configurations and firmware can be stored Monitor is a Virtual Access proprietary tool based on SNMP protocol to monitor wide networks of deployed routers 8 1 Autoload boot up activation This section contains the settings that specify how the device should behave with respect to Activation when it boots up You can change the settings either directly in the configuration file or via appropriate uci set commands The autoload core section configures the basic functionality of the module which orchestrates the Activation process It contains these settings Name Type Required Default Description Enables autoload Set to yes to activate Enabled boolean es no y at system boot Defines how long to wait after the boot StartTimer integer es 10 E o 9 y up complet
14. ERAS a E e E Clock recovery statistics packetLossCount 0 clockChanges 90 cesop clear stats To reset the statistical counters enter cesop clear stats Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 239 of 258 31 6 31 Diagnostics root VA_router cesop clear stats cesopd stats cleared DMVPN diagnostics In the top menu click Status gt IPSec The IPSec Connections page appears IPsec Connections IKE SA Name Status Remote Established Encryption Integrity Status Policy Data In Out Rekey in dmvpn 213 233 148 2 ESTABLISHED 213 233 148 2 2 hours ago 3DES CBC HMAC MD5 96 INSTALLED dmvpn 89 101 154 151 ESTABLISHED 89 101 154 151 2 hours ago 3DES CBC HMAC MD5 96 INSTALLED Figure 120 The IPSec connections page In the Name column the syntax contains the IPSec Name defined in package dmvpn and the remote IP address of the hub or the spoke separated by an underscore for example dmvpn 213 233 148 2 To check the status of DMVPN in the top menu click Status gt DMVPN NBMA peers NBMA Address Interface Address Type 213 233 148 2 GRE 11 11 11 3 32 spoke 89 101 154 151 GRE 11 11 11 1 29 hub Powered by LuCl Trunk trunk svn8382 VIE 16 00 28 image1 config2 Figure 121 The NBMA peers page NBMA Address I nterface Address Type Public IP address of Interface name Tunnel IP address of Spoke is presented if it the peer remote node is re
15. Specifies BOOTP options in most cases just the file name dhcphostsfile file path no none Specifies an external file with per host DHCP options dhcpleasemax integer no 150 Specifies the maximum number of DHCP leases dnsforwardmax integer no 150 Specifies the maximum number of concurrent connections domain domain name no none Specifies the DNS domain handed out to DHCP clients domainneeded boolean no Tells dnsmasq to never forward queries for plain names without dots or domain parts to upstream nameservers If the name is not known from etc hosts or DHCP then a not found answer is returned Option leasefile stores the leases in a file so that they can be picked up again if dnsmasq is restarted Option resolvfile tells dnsmasq to use this file to find upstream name servers it is created by the WAN DHCP client or the PPP client names Name Type Required Default Description Specifies the largest EDNS O ednspacket max integer no 1280 UDP packet which is supported by the DNS forwarder enable tftp boolean no 0 Enables the built in TFTP server A the local domain part t expandhosts boolean no 0 dao P doma Depart to names found in etc hosts Does not forward requests that filterwin2k boolean no 0 cannot be answered by public name servers all Specifies a list of interfaces to list of interfa
16. Specifies which interface is going Dropdown Local Interface list Yes Blank to be linked with the GRE tunnel interface TTL Numeric Yes 128 Sets Time To Live value on the Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 150 of 258 23 2 23 GRE interfaces value interface Numeric Tunnel key Yes Blank Sets GRE tunnel key value x Configures MTU maximum Numeric ae MTU valde Yes 1472 transmission unit size of PDUs using this interface Table 16 Interfaces Tunnel page fields and their descriptions GRE UCI interface You can also configure GRE UCI through CLI using UCI command suite The configuration file is stored at etc config network To view the configuration file use the commands uci export network or uci show network uci export network config interface tunnell Opicio a TOO cms option sjoeecle 1725259425552 option mask_length 24 option local interface 3g wan Qerciom tel 128 option key 1234 apiclon meu 14720 uci show network network tunnell interfac network tunnell proto gre network tunnell ipaddr 172 255 255 2 network tunnell mask_length 24 network tunnell local interface 3g wan network tunnel1 tt1 128 network tunnell key 1234 network tunnell mtu 1472 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 151 of 258 23 GRE interfaces Name Type Req
17. You must configure three sections e Common settings e Connection settings e Secret settings Common settings control the overall behaviour of strongSwan Together the connection and secret sections define the required parameters for a two way IKEv1 tunnel 17 1 Common settings These settings control the overall behaviour of strongSwan This behaviour is common across all tunnels Name Type Required Default Description Enable StongSwan Boolean Yes No Enables or disables IPSec IPSec Defines if a fresh CRL must be strictcrlpolicy boolean yes no available for the peer authentication based on RSA signatures to succeed Shows Certificate Revocation Lists CRLs fetched via http or Idap will cachecrls boolean yes no be cached in etc ipsec d crls under a unique file name derived from the certification authority s public key Defines whether a particular participant ID should be kept unique with any new automatically keyed connection using an ID from a different IP address deemed to Uniqueids boolean yes yes replace all old ones using that ID Participant IDs normally are unique so a new automatically keyed connection using the same ID is almost invariably intended to replace an old one Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 99 of 258 17 2 17 Configuring IPSec An example of a typical set of common settings for strongSwan is shown below roo
18. Zones section A zone section groups one or more interfaces and serves as a source or destination for forwardings rules and redirects Masquerading NAT of outgoing traffic is controlled on a per zone basis The options below are defined within zone sections Name Type Required Default Description zone i name yes none Sets the unique zone name name network list no none Defines a list of interfaces attached to this Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 107 of 258 18 3 18 Configuring firewall zone if omitted the value of name is used by default Specifies whether outgoing zone traffic masq boolean no 0 should be masqueraded NATTED this is typically enabled on the wan zone Limits masquerading to the given source list of subnets Negation is possible by prefixing masq_sre subnets x eae the subnet with multiple subnets are allowed Limits masquerading to the given list of destination subnets Negation is possible maaa subnets us Doe by prefixing the subnet with multiple subnets are allowed lif masqueradin conntrack boolean no 3 g Forces connection tracking for this zone is used O otherwise mtu fix boolean h 0 Enables MSS clamping for outgoing zone E traffic input string T DROP Default policy ACCEPT REJECT DROP for incoming zone traffic fault poli ACCEPT REJ ECT DROP f forward str
19. nattraversal yes config connection option option option option option option option option option enabled yes name DMVPN type transport localproto gre remoteproto gre ike 3des md5 modp1024 esp aes128 shal Y Y waniface wan auto ignore ikelifetime 28800s option option option option option option option config secret option option option keylife 300s rekeymargin 30s keyingtries forever GliexleweaLcaa lage dpddelay 30s dpdtimeout 150s enabled yes secrettype psk secret secret Configuring DMVPN using CLI You can configure DMVPN through CLI using the UCI command suite Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 165 of 258 24 Dynamic Multipoint Virtual Private Network DMVPN Configuration files are stored at etc config dmvpn To view the configuration file use uci show dmvpn or uci export dmvpn commands uci export dmvpn package dmvpn config general settings common option enabled yes option ipsec template name DMVPN config interface option holding time 60 E option gre_interface GR CQMELCGim Gee elem ao Yili iil ETE S dL option gre endpoint mask length 29 Option mas apo 192 168 100 11 option cisco_auth test uci show dmvpn dmvpn common general settings dmvpn common enabled yes dmvpn common ipsec template name DMVPN dmvpn interfa
20. none The following example shows the public group being granted read access on the all view and the private group being granted read and write access on the all view config access public_access Optom Grova gue option context none option version any option level noauth Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 124 of 258 19 5 option prefix exact Gsm car MESS eine option write none option notify none config access private access option group private option context none Y Y option version any option level noauth option prefix exact option read all option write all oyente b tee Yeti SNMP traps The options defined for this section are outlined below for SNMPv1 or v2c trap receivers config trapreceiver OoE3Le imos ABAD DR GIO e option version vl v2c option community COMMUNITY STRING for SNMPv2c inform request receiver config informreceiver ojureloa lose JIIEADDIS SiO Y option community COMMUNITY STRING An additional option was added to the agent subsection option authtrapenabled 0 1 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 19 Configuring SNMP Page 125 of 258 20 Configuring HTTP server 20 Configuring HTTP server 20 1 The uhttpd configuration is used by the uhttpd web server package This file defines the behaviour of
21. option hostname VA_router option zonename Europe Dublin option timezone GMTOIST M3 5 0 1 M10 5 0 option cronloglevel 9 option k qu 005 0 5 05 0 V Oppidum duoer pou 3514 config timeserver ntp list server 0 openwrt pool ntp org list server l openwrt pool ntp org list server 2 openwrt pool ntp org list server 3 openwrt pool ntp org To show an alternate view of a configuration file enter uci show root VA_router uci show system system main system system main hostname VA_router system main zonename Europe Dublin system main timezone GMTOIST M3 5 0 1 M10 5 0 system main cronloglevel 9 system main log_ip 0 0 0 0 system main log_port 514 system ntp timeserver system ntp server 0 openwrt pool ntp org 1 openwrt pool ntp org 2 openwrt pool ntp org 3 openwrt pool ntp org O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 23 of 258 6 1 4 6 1 5 6 1 6 6 File system To display just the value of an option enter root VA_router uci get system main hostname VA_router Configuration copying and deleting Manage configurations using directory manipulation To remove the contents of the current folder enter root VA_router etc configl rm f To remove the contents of a specific folder regardless of the current folder config2 enter root VA_router im E ece comirigil
22. 30 Defines how protocol will operate 14 1 0 0 0 127 18 12 8 0 numbers Please refer to X 3 protocol each specification for more information 1 0 0 0 0 0 0 0 0 open USD separated The parameters supported in this bya product 2 3 4 6 8 9 14 16 17 colon 18 19 20 and 21 X 25 PVC LCN 0 1to 4095 Configures the PVC LCN to be used on the PAD port Tservd configuration details Tservd details are described in the Terminal Server section of this manual Note to use PAD you must configure the terminal server as a TCP client connecting to the padd module PAD operation Manually start the modules When the modules are enabled they automatically start at boot up In some circumstances you may need to manually start the modules Type in the following at the command prompt To start the XOT module type vald To start the PAD module type padd To start the Terminal Server module type tservd Check if the modules are running To check if a module is running type ps grep module name where module name is the name of the module you want to check it is running Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 200 of 258 If the module is running its name and PID will be shown For example type ps grep tservd If the tservd module is running you will see something similar to the following root VA_router ps grep tservd SIOZ woo OSOS tservd 4162 ro
23. Authby XAuth identity IKE algorithm ESP algorithm WAN Interface IKE life time Key life Rekey margin Keyring tries DPD Action DPD Delay DPD Timeout Virtual Access 2015 strongSwan IPsec VPN Configuration of the strongSwan IPsec VPN system Delete L4 no Y Defines if a fresh CRL must be available in order for the peer authentication based on RSA signatures to succeed IKEv2 additionally recognizes fun which reverts to yes if at least one CRL URI is defined and to no if no URI is known yes v Whether a particular participant ID should be kept unique with any new automatically keyed connection using an ID from a different IP address deemed to replace all old ones using that ID Participant IDs normally are unique so a new automatically keyed connection using the same ID is almost invariably intended to replace an old one The IKEv2 daemon also accepts the value replace which is identical to yes and the value keep to reject new IKE SA setups and keep the duplicate established earlier 4 Y CRLs fetched via HTTP or LDAP will be cached none hd Delete 4 B DMVPN ignore y Operation on startup add loads a connection without starting it route loads a connection and installs kemel traps If traffic is detected between locallan and remotelan a connection is established start loads a connection and brings it up immediately ignore do nothing transport v Could be IP address or FQDN or 9
24. Automatic operator selection Check the Interface Signal Sort checkbox so auto created interfaces are sorted in priority based on signal strength value From the Roaming SIM dropdown menu select the slot that the roaming SIM card should be inserted in to Click the Firewall zone radio button to select the zone that the auto created interface will belong to Type in the CHAP username and password Type in APN and PIN details From the Health Monitor Interval dropdown menu select the interval that will be used to monitor signal strength value From the Attempts Before WAN Failover dropdown menu select the number of fail attempts of Health Monitor checks that will cause the interface to be disconnected From the Minimum ifup Interval dropdown menu select the minimum interval between two successive interface start attempts From the Interface Start Timeout dropdown menu select the time for the interface to start up From the Choose Signal Threshold dropdown menu select the fail number point Name Type Required Default Description Interface Signal Boolean No 0 Sorts interfaces Sort by signal strength so those having better signal strength at the startup will be tried first Roaming SIM Dropdown menu 1 Specifies which slot roaming SIM card is inserted Firewall Zone Radio button No None Adds all menu generated interfaces to this zone Service Type Dropdown menu Yes U
25. Reboots the operating system of your device Reboot now Yi Reboot on 1970 Januan 4 00 00 Reboot Powered by LuCl Trunk trunk svn8382 15 00 32 image1 config2 Figure 38 The system reboot page Check the Reboot now check box and then click Reboot Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 96 of 258 16 Automatic operator selection 16 3 3 Roaming no PMP defined There is no primary interface that can be used for a connection The router uses the network that offers the best signal threshold Multi WAN operation 1 Connect to the first roaming operator interface 2 Check for signal strength every health interval If the signal goes down below signal threshold Disconnect from first roaming interface Connect to second roaming operator interface Check for signal strength every health interval Stays there until signal goes below signal threshold 6 Disconnect from second roaming interface Go to 1 From the top menu select Network gt Multi Wan The Multi WAN page appears Multi WAN Multi WAN allows for the use of multiple uplinks for failover Delete Enable V Preempt B Alternate Mode El It will use alternate interface after reboot WAN Interfaces Health Monitor detects and corrects network changes and failed connections Delete 3G_S1_VODA 4 Health Monitor Interval EJ Health Monitor ICMP Host s El Health Monitor ICMP Timeout El Att
26. String yes none device known to monitor Defines the IP address of Monitor It is monitor ip string yes none possible to specify multiple addresses to which SNMP heartbeat traps will be sent A sample Monitor configuration is shown below Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 41 of 258 8 Management configuration settings root VA_router uci show monitor monitor main keepalive monitor main enable yes monitor main interval_min 1 monitor main dev_reference mikesamazondev MOLES Masa WHEIMaLic se alid a 133 36 root VA_router uci export monitor package monitor config keepalive main option enable yes Opein agmeE wed mina Wil option dev reference mikesamazondev list momltoz ajo 10 1 683 30 8 3 System settings 8 3 1 The system section contains settings that apply to the most basic operation of the system such as the host name time zone logging details NTP server and language and web style This section details the configuration sections and parameters in various configuration files which are required to have the device perform basic routing activities on a network The system configuration contains basic settings for the whole router Larger subsystems such as the network configuration the DHCP and DNS server and similar have their own configuration file Configuring a router s host name The
27. VLANNR e g etho 1 Common Configuration General Setup Advanced Settings Physical Settings Firewall Settings Status T RX 0 00 B 0 Pkts pppoa ADSL TX 0 00 B 0 Pkts Protocol PPPoATM PPPoA Encapsulation VC Mux a ATM device number ATM Virtual Channel Identifier VCI ATM Virtual Path Identifier VPI PAP CHAP username test I2tp2 com a PAP CHAP password Back to Overview Save amp Apply Save Reset Figure 45 The interface page From the PPPoA Encapsulation drop down menu select VC Mux or LLC In the ATM device number field leave the default value as O In the Virtual Channel Identifier field type the VCI number Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 134 of 258 21 Configuring ADSL In the ATM Virtual Path Identifier field type the VPI number Select the Firewall Settings tab The ADSL Interfaces page appears Interfaces ADSL On this page you can configure the network interfaces You can bridge several interfaces by ticking the bridge interfaces field and enter the names of several network interfaces separated by spaces You can also use VLAN notation INTERFACE VLANNR e g eth0 1 Common Configuration Setup Advanced Settings Physical Settings Firewall Settings Create Assign I2tptun wan Fay want f firewall zone unspecified or create Choose the firewall zone you want to assign to this interface Select unspecified to
28. add lt config gt lt section type gt add_list lt config gt lt section gt lt option gt lt string gt show lt config gt lt section gt lt option gt get LLCO ELES o eee epp omo set lt config gt lt section gt lt option gt lt value gt delete lt config gt lt section lt option gt rename lt config gt lt section gt lt option gt lt name gt revert lt config gt lt section gt lt option gt concen lt config gt lt section gt lt position gt Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 21 of 258 6 File system Options c path set the search path for config files default lecce Comet ig Cl gui set the delimiter for list values in uci show f lt file gt use lt file gt as input instead of stdin i do not load any plugins m when importing merge data into an existing package i name unnamed sections on export default N don t name unnamed sections p lt path gt add a search path for config change files P path add a search path for config change files and use as default 6 quiet mode don t print error messages m force strict mode stop on parser errors default ES disable strict mode X do not use extended syntax on show Command Target Description export lt config gt Exports the configuration in a machine readable format It is used internally to evaluate configuration files as shell
29. configuration is changed and it is not desirable to reboot the router To stop Terminal Server enter one of the following usr bin tserv quit Kill PI D You can obtain the PID by running ps grep tser Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 185 of 258 26 PAD 26 1 26 2 26 3 This section describes how to configure a Virtual Access router for the Terminal Server PAD and XOT modules that constitute the PAD You can edit parameters locally using the web interface UCI or remotely using Virtual Access Activator Terminology When configuring the router from the terminal when a configuration parameter has the value of 1 or 0 1 means enabled and 0 means disabled Where a configuration parameter has the value NULL this means blank that is specify as PAD function implementation The Virtual Access router s PAD function is an X 25 packet assembler dissembler It accepts and terminates X 25 calls incoming from XOT IP network and forwards X 25 data payload to the serial asynchronous port RS232 Any data received from the serial port is forwarded to an X 25 VC The PAD function is based on 3 modules e The XOT module this module listens and emits calls on the XOT IP network e The Terminal Server module this module reads and writes data on the asynchronous port For more details please refer to section 6 Terminal Server e The PAD module this module listens for calls a
30. desired protocol and enter in the relevant TFTP Server Address and then enter the TFTP Server Port number to match Activator upload protocol TFTP v TFTP Server Address 0 0 0 0 TFTP Server Port Figure 103 The upload protocol parameters Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 224 of 258 30 Configuring SLA for a router 30 Configuring SLA for a router 30 1 SLA reporting works in two parts e The Virtual Access Monitor system server connects via SSH into the router and schedules the task of uploading statistics to Monitor e The Virtual Access router monitors UDP keepalive packets It creates and stores statistics in bins These statistics are uploaded every hour to the Monitor server Ud p gt keepalive Terminal Filter configured server To capture keepalive Terminal POS packets Lottery terminal pup o Monitor server Monitor accesses router to schedule upload task Report Manager Start time 17 10 2011 15 00 00 in 22 Bin 22 CI End time 17 10 2011 15 47 46 Pkts In 193 um E UM gt Bytes In 2316 Bytes Out 2364 Statistic bins Pkts OK 193 i Pkts Fail 4 Creation per hour for p Last Round Trip 32 ms or test Min Round Trip 29 ms Max Round Trip 47 ms Avg Round Trip 38 ms GSM signal quality 79 dBm Figure 104 The SLA function This section describes how to configure SLA on a router For information on how to con
31. etc config multiwan is provided as part of the multi WAN package The multi WAN package is linked to the network interfaces within etc config network Note multi WAN will not work if the WAN connections are on the same subnet and share the same default gateway To view the multi WAN package enter root VA_router uci export etc config multiwan package multiwan config multiwan config option enabled yes option preempt yes option alt mode no config interface ADSL option health interval 10 option icmp hosts dns option timeout 3 option health fail retries 3 option health recovery retries 5 Ouro jorlowicy LU option manage state yes option exclusive group 0 option ifup retry sec 300 option ifup timeout sec 40 config interface Ethernet option health interval 10 OVELON ales JaoeshEs has option timeout 3 option health fail retries 3 option health recovery retries 5 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 253 of 258 31 Diagnostics Option joriO wilicy 2 option manage state yes option exclusive group 0 option ifup retry sec 300 option ifup timeout sec 40 The following output shows the multi WAN standard stop start commands for troubleshooting root VA_router etc init d multiwan Syntax etc init d multiwan command Available commands Sueente Start t
32. password APN Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 88 of 258 16 Automatic operator selection Click Save amp Apply 16 3 1 2 Setting multi WAN options for primary predefined interface On the web interface go to Network gt Multi Wan The Multi WAN page appears Multi WAN Multi WAN allows for the use of multiple uplinks for failover Add WAN Interfaces Health Monitor detects and corrects network changes and failed connections This section contains no values yet Save amp Apply Save Reset Figure 30 The multi WAN page In the Multi WAN page click Add The Multi WAN page appears Multi WAN Multi WAN allows for the use of multiple uplinks for failover Enable Preempt Alternate Mode Y t will use alternate interface after reboot Figure 31 The multi wan page Check Enable Check Preempt Name Type Required Default Description Enable Boolean Yes 0 Enables Multi Wan Preempt Boolean No 0 Enables Preempt mode Alternate Mode Boolean No 0 Enables Alternate Mode In the WAN Interfaces section type in the name of the Multi WAN Interface Note this name should match the name specified in the previous section Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 89 of 258 16 Automatic operator selection Click Add The Multi WAN page appears Multi WAN Multi WAN allows for the use of mult
33. v v v v B Higher value is higher pnonty Y Only one interface in group could be up in th Y Minimum interval between two successive inte Y Time for interface to startup v Below v Below Y 9 Below je m fail ma IS a ranure ie a failure is a awure ie a failure iS a lawure Figure 25 Example interface showing failover traffic destination as the added multi WAN interface Name Type Required Default Description nfigures weight for Load Balancer co BS S is A Sab re Dropdown list No 10 balancing It is not applicable if Distribution you are using 2 SIM cards Health Monitor br pdowrclist No 10 Sets the period to check health Interval status of interface Health Monitor Dropdown Sends Health ICMPs to configured A No DNS Server s value DNS servers by default ICMP Host s list IP address q Configure to any address Health Monitor F ICMP Timeout Dropdown list No 3 secs Sets Ping timeout in seconds Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 81 of 258 15 Configuring Multi WAN Attempts Before Sets the amount of retries before WAN Failover POROA ISa Ee 3 interface is considered a failure ts th f healthy pin Attempts Before decree pumper H 159 e Aa Dropdown list Yes 5 before the interface is considered WAN Recovery healthy This field is not applicable unless ou have 2 WAN int
34. va5420 status dev ttyLCO Mode Transparent Wire mode 2 wire PCM Encoding A Law Automatic operator selection diagnostics via the web interface Checking the status of the Multi WAN package When interfaces are auto created they are presented in the network and in the Multi WAN package To check interfaces created in the Multi WAN package from the top menu select Network gt Multi WAN To check interfaces that have been created in the network package from the top menu select Network gt Interfaces Interface Overview Network Status Actions E EON i RX 0 00 B 0 Pts Connect Stop Edit Delete TX 0 00 B 0 Pkts 39 3g s1 o2IR i DX3GUSQWODA Uptime 7h 31m 26s ee RX 62 00 B 8 Pkts TX 23 44 KB 329 Pits IPv4 10 140 1 23 32 Connect Stop Edit Delete ES 3g 3g s1 voda DEDENN MAC Address 00 00 00 00 00 00 enum m s RX 0 00 B 0 Pkts Client 0 TX 0 00 B 0 Pkts LAN Uptime 7h 35m 24s SS MAC Address 00 E0 C8 10 1A 82 RX 67 25 KB 502 Pkts eno TX 132 29 KB 157 Pkts IPv4 10 1 1 9 29 Connect Stop Edit Delete LOOPBACK Uptime 7h 35m 30s MAC Address 00 00 00 00 00 00 e RX 41 72 KB 516 Pkts Io TX 41 72 KB 516 Pkts IPv4 127 0 0 1 8 IPv6 0 0 0 0 0 0 0 1 128 Connect Stop Edit Delete Figure 116 The interface overview page To check the status of the interface you are currently using in the top menu click Status The Interf
35. 10 4 1 config port Name Type Required Default Description Specifies which physical port on port Text Yes Blank the front panel of the router will be assigned to which VLAN fi irunk Boolean No Blank Configures the port as a trunk port Specifies what VLANs will be N m rie assigned to a physical port on the vlans value text Yes Blank router You must use VLAN ID to specify which VLANs or all to configure a port as trunk interface 10 4 2 config vian Name Type Required Default Description Defines VLAN number The VLAN Numeric gt vlanid No Blank will be referred to using this value number vianprio Numeric No Blank Specifies 802 1p VLAN priority tag value on trunk links Defines whether to isolate hosts from each other within the same Isolat Bool N ian Pee 3 Pans VLAN Hosts will still be able to communicate with the router name Text Yes Blank Configures VLAN name IP Configures network mask address i r Y Blank A peed Address x en to be used on this VLAN IP Configures network mask address netmask Y Blank SENAR Address S a to be used on this VLAN 10 4 3 Config nat vian Name Type Required Default Description VLAN ID number Defines VLAN Numeric f Nat vlanid wali No Blank that will be sent across the trunk untag Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 65 of 258 11 Static routes
36. 2 3 Page 237 of 258 31 5 2 31 5 3 31 Diagnostics all_tx_analogue_loss_enabled 0 all sex digital cen 0 all xs chigiical loss 0 tdm_intvl_ms 2 cesop show status To show the current operating configuration enter root VA_router cesop show status Clock status clockRecHwPresent dacOutputVoltage lastFscCount Poe dL prorocal Sic remotelpAddress remotePort rxPayloadType rxSegmentSize PROSTE rxLBit rxRBit rxMBits rxTdmPayload txPayloadType txSegmentSize ESSLE txLBit txRBit txMBits txTdmPayload cesop show stats J 1661174 14195832 10 42563 5152 96 40 451d 0 0 0 DS DOS T ao o 96 40 SOAS SSM 0 0 0 DS y DS a o o To view statistical information about the CESOPSN service enter cesop show stats Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 238 of 258 31 5 4 31 Diagnostics root VA_router cesop show stats Powe 1 serial surearlisetlas reads readEmpties readFails writes writeFails writeShorts txByte rxByte S S 0 0 1 1 76840 76889 9075560 9075560 Poise i WDE sue sites txFrames 476889 txBytes 26705784 txFails 0 rxFrames 476889 rxBytes 26705784 rxFails 0 rxAddressErrs 0 Poe dL Bieoeoeol Seciclstios rxHeaderl Errs rxOutOfOrder rxTdm txTdm Sm en EAAS
37. 9 Specifies the lowest severity to be logged by X 25 XOT Figure 84 The main settings interface Name Default Range Description Syslog severity 5 0 to 7 Determines the syslog level Events up to this priority will be logged 0 Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 Notice 6 Informational 7 Debug From the drop down menu set the syslog severity O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 189 of 258 26 4 3 Port settings general configuration Port Settings PORTO General Advanced Local XOT TCP port Local XOT IP address Enable 9 Enables XOT port Local XOT TCP port number this XOT port is bound to Standard XOT port is 1998 9 Local XOT IP interface this XOT port is bound to Figure 85 The port settings interface Name Default Range Description Enable Local XOT TCP port 0 1998 Oorl Any TCP port Enables the corresponding XOT port Sets the TCP port number on which this XOT port is listening for incoming connections from remote XOT peer There are 5 XOT ports with the following default val_ port Port 0 1998 Port 1 2001 Port 2 2002 Port 3 2003 Port 4 2004 Local XOT IP address 0 0 0 0 Any IPv4 address Sets the IP address on which this XOT port is listening for incoming connections from remote XOT peer Virtual Access 20
38. Defi the R te Mask of LAN Address Mask String es one efines the Remote Mask o D Defines authentication method Authby ropdown Yes psk Menu Available options psk xauthpsk Defines the identity username the client uses to reply to an XAuth XAuth identity String No None request If not defined the IKEv1 identity will be used as XAuth identity Specifies the IKE algorithm to use The format is encAlgo authAlgo DHGroup aes128 encAlgo 3des aes serpent shal D twofish blowfish IKE algorithm ee Yes modp2048 3des sha1 2UthAlgo md5 sha sha2 modp1536 DHGroup modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 modp8192 aes128 wes i Dr wn Specifies the esp algorithm to use ESP algorithm ee Yes shal M PUR 3des sha1 The format is O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 159 of 258 24 Dynamic Multipoint Virtual Private Network DMVPN encAlgo authAlgo PFSGroup encAlgo 3des aes serpent twofish blowfish authAlgo md5 sha sha2 DHGroup modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 modp8192 For example aes128 shal modp1536 If no DH group is defined then PFS is disabled WAN interface Dropdown Menu Yes None Defines the WAN interface used by this tunnel IKE life time Integer Yes 3h Specifies how long the keying channel of a connection ISAKMP or IKE SA should last before being renegotiate
39. If traffic is rejected the router will respond with an icmp error message destination port unreachable causing the connection attempt to fail immediately This also means that for each connection attempt a certain amount of response traffic is generated This can actually harm if the firewall is attacked with many simultaneous connection attempts the resulting backfire of icmp responses can clog up all available upload and make the connection unusable DoS When connection attempts are dropped the client is not aware of the blocking and will continue to re transmit its packets until the connection eventually times out Depending on the way the client software is implemented this could result in frozen or hanging programs that need to wait until a timeout occurs before they re able to continue DROP e less information is exposed e less attack surface e client software may not cope well with it hangs until connection times out e may complicate network debugging where was traffic dropped and why REJ ECT e may expose information like the IP at which traffic was actually blocked e client software can recover faster from rejected connection attempts e network debugging easier routing and firewall issues clearly distinguishable Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 112 of 258 18 9 18 Configuring firewall Note on connection tracking By default the firewall will disable connection tracking
40. Manual Issue 2 3 Page 183 of 258 25 5 25 5 1 25 5 2 25 5 3 25 Terminal Server config tservd porti enables this port option enable 1 serial device name option devName dev ttySCl s Oulisi Otis iOILILOW 5 Terminal Server operation General The Terminal Server package consists of two binaries e tservd Terminal Server deamon full path at usr sbin tservd e tserv Terminal Server command line interface path at usr sbin tserv Starting Terminal Server By default if Terminal Server is enabled in etc config tservd it is started on boot up automatically To start Terminal Server manually enter usr sbin tservd Checking the status of Terminal Server To check if Terminal Server is running enter ps grep tservd If Terminal Server is running there it will be shown with its process ID in the following example the process ID PID is 1264 root OpenUrt ps 1264 root 103 1769 root root iOpenWrt f Figure 82 Output from the command line ps grep tservd Alternatively run usr bin tserv show stats If the Terminal Server is running this command will show the status of each session If the Terminal Server is not loaded it will return an error Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 184 of 258 25 Terminal Server 25 5 4 Stopping Terminal Server Sometimes it may be necessary to stop Terminal Server for example if the
41. PPPOA CONNeCtiON occoccccccnccnnnccnnnccnnnccnnnncnnnccnnnccnancss 133 21 6 Configuring an ADSL PPPOEOA connection ssssssssssemme 135 21 7 Configuring an ADSL bridge connection with static IP ssssseesssesse 138 21 8 Configuring ADSL via UCI sssssssssssssss mem mmm mnn rennen 141 21 8 1 Configuring an ADSL PPPoA connection via UCI ssesssseesessees 141 21 8 2 Configuring an ADSL PPPoEOA connection via UCI ssssessssses 142 22 Multicasting using PI M and IGMP interfaceS cocmococnorocnoracnncacnnracnnracnnracanes 145 22 1 Configuring PIM and IGMP via the web interface ssssssseeesees 145 22 2 PIM and IGMP UCI interface cece eee mme emen 147 23 GRE interfaces occcoococoococonnacancncnnrncnnrncnnnncnnnnrnnnncnnnnnnrnnnnrnnnnrananennanrananennaness 149 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 5 of 258 Table of Contents 23 1 GRE web interface ecce e Dl ce ee aed oe aN eee eee ceca Ree een 149 23 2 GRE UCI interface icon a oe gee E IR ox ive eve es te 151 24 Dynamic Multipoint Virtual Private Network DMVPN 153 24 1 The advantage of using DMVPN c cece cece e eee eee eee aetna teeta eaeneed 153 24 2 DMVPN SENOS erdt er e dapes ees 153 24 3 Configuring DMVPN via the web interface sssssssssss m 155 24 3 1 Configuring IPSec for DMVPN csssssssssIIIIH mme m
42. Static Leases 9 1 Common options section The configuration section type dnsmasq determines values and options relevant to the overall operation of dnsmasq and the DHCP options on all interfaces served The following table lists all available options their default value as well as the corresponding dnsmasq command line option These are the default settings for the common options root VA_router uci show dhcp dhcp dnsmasq 0 dnsmasq dhcp dnsmasq 0 domainneeded 1 dhcp dnsmasq 0 boguspriv 1 dhep dnsmasq 0 filterwin2k 0 dhcp dnsmasq 0 localise_queries 1 dhcp Gdnsmasq 0 rebind protection 1 dhcp 8dnsmasq 0 rebind localhost 1 dhcp dnsmasq 0 local lan dhcp dnsmasq 0 domain lan dhcp dnsmasq 0 expandhosts 1 dhcp dnsmasq 0 nonegcache 0 dhcp ftdnsmasq 0 authoritative 1 dhcp tdnsmasq 0 readethers 1 O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 54 of 258 9 DHCP server and DNS configuration dhcp dnsmasq 0 leasefile tmp dhcp leases dhep dnsmasq 0 resolvfile tmp resolv conf auto dhep dnsmasq 0 interface lan config dnsmasq option domainneeded 1 Option boguspriwv option filterwin2k 0 option localise_queries 1 option rebind_protection 1 option rebind_localhost 0 option local Idea option domain lan option expandhosts al option nonegcache 0 option authoritative 11 option readethers 1 option leasefile option resolvfile l
43. TCP port of terminal server to connect to if mode is transparent Listen Port 1000X Any TCP port Sets the TCP port number on which this padd port is listening for incoming connections from the terminal server There are 5 pad ports with the following default listen port Port 0 10000 Port 1 10001 Port 2 10002 Port 3 10003 Port 4 10004 VALD Link ID X 1to5 Assigns a XOT port to the padd port Values may be connect padd port to XOT port 0 connect padd port to XOT port 1 0 1 2 connect padd port to XOT port 2 3 connect padd port to XOT port 3 4 connect padd port to XOT port 4 NLPID 1 Local Echo 1 0 to 255 Oorl Sets the X 25 network layer protocol ID sent in call user data Note this must be 1 for PAD Enables echoing characters received from DTE asynchronous terminal when the PAD is not in DATA transfer Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 199 of 258 26 7 26 8 26 8 1 state in PAD command or PAD waiting state Parity Mode 0 0to4 Configures parity processing for characters transferred across DTE DCE asynchronous serial interface The meaning of this value is defined in ITU X 3 parameter 21 The parity_mode value refers to 0 X3_NoParity 1 X3 ParityChecking 2 X3 ParityGeneration 3 X3 ParityCheckingAndGeneration 4 X3 NoParity TranparentBit8 X 3 Parameters 0 0 2 3 1 0 0 0 0 0
44. Type the command sila current to show current statistics Figure 108 Output from the command line sla current Type the command sia newest to show the newest statistics Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 228 of 258 30 Configuring SLA for a router Figure 109 Output from the command line sla newest Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 229 of 258 31 Diagnostics 31 Diagnostics 31 1 ADSL diagnostics 31 1 1 ADSL PPPoA connections To check the status of an ADSL line in the top menu select Status gt ADSL Status The ADSL Status page appears ADSL Status Chipse Lantiq Danube 1 5 State JP 0x801 showtime tc sync Figure 110 The ADSL status page To check an IP address transmit and received counter on an ADSL interface in the top menu select Network gt Interfaces The Interface Overview page appears Interfaces Interface Overview TX 0 00 B 0 Pkts Network Status Actions ADSL Uptime 0h 8m 45s 3 RX 12 23 KB 149 Pkts Connect Stop Edit Delete m TX 8 80 KB 108 Pkts pS IPv4 172 22 100 6 32 LAN Uptime 0h 10m 40s pa MAC Address 00 E0 C8 10 11 65 Connect Stop Edit Delete E RX 0 00 B 0 Pkts eth IPv4 192 168 209 1 32 192 168 6 1 24 Figure 111 The interfaces overview page 31 1 2 ADSL PPPOEOA connections To check the status of an ADSL line in the top men
45. Uses a fixed port for outbound AESOP 9 DNS queries readethers PETS AD 0 Reads static lease entries from etc ethers re read on SIGHUP etc y ifi n alternative resolv Resolvfile file path no resolv d FAN A TE Ee conf Specifies list of DNS servers to forward requests to See the server list of strings no none dnsmasq man page for syntax details Obeys order of DNS servers in strictorder boolean no 0 y etc resolv conf tftp root directory path no none Specifies the TFTP root directory Enables DNS rebind attack rebind protection boolean no 1 protection by discarding upstream RFC1918 responses rebind localhost boolean no 0 Allows upstream 127 0 0 0 8 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 57 of 258 9 DHCP server and DNS configuration responses required for DNS based blacklist services only takes effect if rebind protection is enabled Specifies a list of domains to rebind domain list of domain TES allow RFC1918 responses for names only takes effect if rebind protection is enabled 9 2 DHCP pools Sections of the type dhcp specify per interface lease pools and settings for serving DHCP requests Typically there is at least one section of this type present in the etc config dhcp file to cover the LAN interface You can disable a lease pool for a specific interface by specifying the ignore option in the corresponding section A minim
46. address Defines route netmask If omitted netmask netmask no none 255 255 255 255 is assumed which makes the target a host address Network gateway If omitted the gateway Gateway ip address no none from the parent interface is taken If set to 0 0 0 0 no gateway will be specified for the Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 66 of 258 11 2 11 Static routes configuration route metric number no 0 Specifies the route metric to use interface A mtu number no MTU Defines a specific MTU for this route I Pv6 routes Pv6 routes can be specified as well by defining one or more route6 sections A minimal example is shown below network 8route6 0 route6 network firoute6 0 interface 1lan network ftroute6 0 target 2001 0DB8 100 F00 BA3 1 64 network route6 0 gateway 2001 0DB8 99 1 config route6 option interface ODE ojo ong SiN option gateway Vilca V U2ZOOL SOD e LOO e18 0 0 2187 3 2 amp 11 64 V 2001 ODIE 998 811 Y Lan is the logical interface name of the parent interface 2001 0D B8 100 F00 1 2001 0D BA3 1 64 is the routed IPv6 subnet in CIDR notation Legal options for IPv6 routes are B8 99 1 specifies the IPv6 gateway for this route Name Type Required Default Description Specifies the logical interface name of the interface
47. className ethernet va eventd 8forwarding 2 target logit va_eventd forwarding 3 forwarding va_eventd forwarding 3 enabled yes va_eventd forwarding 3 className auth va_eventd forwarding 3 target email va_eventd conn_tester ping dest addr 192 168 100 254 va eventd 8conn tester 0 conn tester va eventd 8conn tester 0 name mon server va_eventd conn_tester 0 nabled 1 va_eventd conn_tester 0 type ping 0 0 va_eventd conn_tester ping source eth0 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 214 of 258 28 Event system va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd happened va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd va_eventd Qconn tester 0 ping success duration sec 10 QGconn tester 1 2conn tester Qconn tester 1 name smtp server conn_tester 1 enabled 1 conn_tester 1 type link Qconn tester 1 link iface eth0 target 0J target target 0 name syslog target 0 nabled yes target 0 type syslog target 0 target_addr 192 168 100 254 514 target 0 co
48. comezol rssract 31 11 ISDN pseudowire diagnostics 31 11 1 Packages ISDN pseudowire uses two packages Asterisk and LCR To view configuration of the LCR package enter root VA_router package lcr Gomede lez mesa uci export lcr option enable 1 list msn list msn O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 384740 384741 Page 250 of 258 31 Diagnostics To view configuration of the asterisk package enter root VA_router uci export asterisk package asterisk config provider option host 10523 54935320 OVETONE looyenEjoxouei 00 option username usernam option secret secret config client option username usernam option secret secret option msn 384720 config client option username usernam option secret secret option 384721 31 11 2 Asterisk CLI diagnostics You can use Asterisk CLI to view diagnostics To enter asterisk CLI root VA_router asterisk r To view configured SIP peers when in asterisk CLI enter root VA_router sip show peers Name username Host Dam leseeexppxesee ACI Igi Status VA_username 10 1 232 15 N 5060 Unmonitored 1 sip peers Monitored 0 online 0 offline Unmonitored 1 online 0 OEA To view current call diagnostics when in asterisk CLI enter O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 251 of 258 31
49. creation If listen_https is defined in the server configuration and the certificate and private key is missing the web server init script will generate the appropriate certificate and key files when the server is started for the first time either by reboot or by manual restart The uhttpd configuration contains a section detailing the certificate and key files creation parameters Name Type Required Default Description days integer no 730 ieee time of the generated certificates bits integer no 1024 Size of the generated RSA key in bits country string no DE ISO country code of the certificate issuer state string No Berlin State of the certificate issuer Virtual Access 2015 GW7300 Series User Issue 2 3 Manual Page 128 of 258 20 3 20 Configuring HTTP server Location string no Berlin Location city of the certificate issuer Common name covered by the certificate For the purposes of secure Activation this MUST be set to the serial number ethO mac address of the device commonname string no none A standard uhttp certificate section is shown below root VA_router uci show uhttpd px5g uhttpd px5g cert uhttpd px5g days 3650 uhttpd px5g bits 1024 uhttpd px5g country IE uhttpd px5g state Dublin uhttpd px5g location Dublin uhttpd px5g commonname 00E0C8000000 comal Vei p Option Ydayes JGS Gotlom les
50. crt httpclient default CertificateFormat PEM httpclient default CertificateKey etc httpclient key root VA_router uci export httpclient Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 40 of 258 8 Management configuration settings package httpclient config core aurea lesezryeaz 10 1 83 309443 else option Enabled yes list PallesSeiayere 10 1 03 30880 list muleSeswex 10 1 03 3 880 List S list eureri legSeryver 10 1 853 537 9443 option ActivatorDownloadPath Activator Sessionless Httpserver asp optio optio optio optio optio optio n n n n n n SecureDownload no PresentCertificate Enabled ValidateServerCertificatel troo Enabled no CertificateFile etc httpclient crt CertificateFormat PEM CertificateKey etc httpclient key This sample contains the settings to enable the device to report its status to Monitor To allow Monitor to track the IP address and ongoing presence of the device a heartbeat SNMP trap is sent by default every minute Use the following settings to configure this feature Name Type Required Default Description Enable boolean yes no Enables Monitor to send heartbeats ifies the interval at which tr r interval_min boolean No 1 PEE mala AS E sent f Sets a unique identification for this dev_reference
51. directly with UCI files export lt config gt Exports the configuration in a machine readable format It is used internally to evaluate configuration files as shell scripts import lt config gt Imports configuration files in UCI syntax changes Add add_list lt config gt lt config gt lt section type gt lt config gt lt section gt lt option gt lt string gt Lists staged changes to the given configuration file or if none given all configuration files Adds an anonymous section of type section type to the given configuration Adds the given string to an existing list option show lt config gt lt section gt lt option gt Shows the given option section or configuration in compressed notation get lt config gt lt section gt lt option gt Gets the value of the given option or the type of the given section Set lt config gt lt section gt lt option gt lt value gt Sets the value of the given option or add a new section with the type set to the given value delete lt config gt lt section lt option gt Deletes the given section or option rename lt config gt lt section gt lt option gt lt name gt Renames the given option or section to the given name revert lt config gt lt section gt lt option gt Reverts the given option section or configuration file Vi
52. for a zone if no masquerading is enabled This is achieved by generating NOTRACK firewall rules matching all traffic passing via interfaces referenced by the firewall zone The purpose of NOTRACK is to speed up routing and save memory by circumventing resource intensive connection tracking in cases where it is not needed You can check if connection tracking is disabled by issuing iptables t raw vnL it will list all rules check for NOTRACK target NOTRACK will render certain iptables extensions unusable for example the MASQUERADE target or the state match will not work If connection tracking is required for example by custom rules in etc firewall user the conntrack option must be enabled in the corresponding zone to disable NOTRACK It should appear as option conntrack 1 in the right zone in etc config firewall 18 10 Firewall examples 18 10 1 Opening ports The default configuration accepts all LAN traffic but blocks all incoming WAN traffic on ports not currently used for connections or NAT To open a port for a service add a rule section config rule OpPELOM Sue wan option dest port 22 option target ACCEPI option proto ie Cio This example enables machines on the Internet to use SSH to access your router 18 10 2 Forwarding ports destination NAT DNAT This example forwards http but not HTTPS traffic to the web server running on 192 168 1 10 Virtual Access 2015 GW7300 Series User Manual Issue 2
53. height x depth Unit weight 800gr POWER O CONFIG ETHERNET 1 A B C D o o o o o o O E F G H SM1 O SIM2 O O ADSL SYNC O q O O ADSL DATA Figure 1 GW7300 top LEDs MAIN AUX AC INPUT 100 240 VAC C 0 25 0 5A ETHERNET 50 60Hz A B c D SERIAL 0 SERIAL 1 ADSL SIM 1 t SIM2 RESET E F G H Figure 2 GW7300 AC ports 2 7 Operating temperature range The operating temperature range is from 20 C to 70 C 2 8 Antenna The GW7300 Series router has two SMA connectors for connection of two antennas for antenna diversity Antenna diversity helps improve the quality of a wireless link by mitigating problems associated with multipath interference Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 13 of 258 2 GW7300 Series hardware 2 9 Components 2 10 2 11 2 12 To enable and configure connections on your GW7300 Series router it must be correctly installed The GW7300 Series router contains an internal web server that you use for configurations Before you can access the internal web server and start the configuration ensure the components are correctly connected and that your PC has the correct networking setup The GW7300 Series router comes with the following components as standard 1 x GW7300 router 9 e 1 x Ethernet cable RJ 45 connector at both ends mm 1 x power supply unit Es EU UK 1 x rubber right a
54. idle timer re started on timer mode list each received data aging timer started on first rx F Forwarding buffer size network to Serial Fowrarding Numeric f No 0 serial O use maximum possible Buffer Size value network rx buffer size Forwarding timeout in milliseconds Serial Forwarding Numeric No 20 network to serial O forward to Timeout ms value ne serial immediately Forwarding timer mode network to Serial forwarding Dropdown Yes idle serial idle timer re started on timer mode list each received data aging timer started on first rx Proxy mode Checkbox No Disabled Enable proxy mode 1 send IAC WILL ECHO Telnet Disable remote option to remote client forcing it to client s local echo Checkbox No Disbled E a disable local echo for server mode Telnet option only Telnet COM port 1 enable support for Telnet COM Checkbox No Disbled control RFC2217 port control RFC2217 Enable HDLC Enables HDLC Pseudowire over UDP Pseudowire over Checkbox No Disabled support based on RFC4618 if set UDP RFC4618 to 1 also set udpMode 1 Virtual Access 2015 GW7300 Series User Manua Issue 2 3 Page 169 of 258 25 Terminal Server Configures serial receive log size in Serial receive Numeric No Disabled bytes and enables receive data debug log size value logging O disabled nfigur rial transmit ize i Serial transmit Num
55. list Numeric Yes 35 strength before considering if the value interface fails signal health check Table 11 Multi WAN interface fields and their descriptions You can also set up traffic rules to forward specific traffic out of the right WAN interface based on source destination address protocol or port This is useful to force traffic on specific interfaces when using multiple WAN interfaces simultaneously Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 82 of 258 15 2 15 Configuring Multi WAN Multi WAN Traffic Rules Configure rules for directing outbound traffic through specified WAN Uplinks Source Address Destination Address Protocol Ports This section contains no values yet Add DefaultRoute Disa 2 WAN Uplink Figure 26 The multi WAN traffic rules page Multi WAN UCI interface etc config multiwan 4 uci export multiwan package multiwan conto maltiwan Ong option preempt yes option alt_mode no option enabled yes config interface wan option disabled 0 option health_interval 10 option timeout 3 option health fail retries 3 option health recovery retries 5 option priority ZU option manage_state yes option exclusive_group 3g option ifup_retry_sec 36000 option icmp_hosts disable option signal threshold 111 option rscp threshold 90 Multi WAN UCI configuration settings are
56. men mese esee 242 31 8 Firewall diagnostics icc nero eae er mee 243 3178 1 IPtableS7 axe iret RE RECEN ean pane sed tages Seng wee et tee eee tee 246 S138 25 DEDUG AN 246 31 9 GPS diagnostic commands ccc eee entered 247 31 10 Interfaces diaQnOStics cece cece een mense emnes nnn 247 31 10 1 Interfaces status cx ee eda ele ene ee eae dean vane e e 247 31 10 2 Route status etie E N dan da 248 31 10 3 Mobilevstatus craw ee ds 248 3140 4 ADSL Status Je iere ye ede ceed teen Eg ha eng UR wernt dead antes 249 31 11 ISDN pseudowire diaQnOStiCs cece eee eee mme 250 31 11 1 Packages A DURUM I D 250 31 11 2 Asterisk CLI diagnostics ssssssssssss mme 251 31 11 3 ISDN LED status iii c t i a Ren CER D IE ada ERR RR UR n 252 31 12 IPSec diagnostics ii oe ce bee betur ebbe berum tud ace 252 31 13 Multi WAN diagnostics cssssssssssssse Ims nennen 253 al I4 PAD diaghoSstics ode ep tx epe ex cadere 254 ILTA SNOWING LOG secre ER HER RR ERR ete nade XAR NI T eet crete ened 254 31 14 2 Debugging guidelines sess mmn 255 31 15 Terminal Server diagnostics oocccccccccnccnnncconnccnnnccnnnncnnncnnnnncnnncrnnnccnaners 256 31 16 VRRP diagnostics siiicar deer Ix dye IR ev e RAE dad ru 257 31 16 1 VRRP diagnostics web interface ooccococcccnccncnccnnnncnnnccnnnccnnnccnanccnnnnes 257 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 8 of 25
57. of dpdtimeout string lyes 150s inactivity Syntax timespec 1d 2h 25m 10s A typical tunnel configuration is shown below Strongswan Strongswan Strongswan Strongswan Strongswan connection 0 connection connection connection connection E er uy connection type tunnel namecscsi waniface wan Toca O Lolo Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 102 of 258 17 Configuring IPSec Strongswan Strongswan Strongswan Strongswan Strongswan Strongswan Strongswan Strongswan Strongswan Strongswan Strongswan Strongswan Strongswan Strongswan Strongswan Strongswan Strongswan config connection connection connection connection connection connection connection connection connection connection connection connection connection connection connection connection connection connection x Xe S Xe E e C Oo QQ E locallan 10 1 1 0 locallanmask 255 255 255 0 remoteid 10 2 2 2 remoteaddress 10 2 2 2 remotelan 10 2 2 2 remotelanmask 255 255 255 0 ike 3des md5 modp1024 esp 3des md5 alb SRE UE IE ikelifetime 8h keylife 1h rekeymargin 9m keyingtries 3 dpdaction hol dpddelay 30s dpdtimeout 120s enabled yes option enabled yes option type tunnel option name t
58. options to investigate the operation of the CESOPSN service The output provided by these commands will allow the Virtual Access support team to assist you cesop show all show all cesop show config show configuration cesop show status show status cesop show stats show statistics cesop clear stats clear statistics 31 5 1 cesop show config To show the currently running configuration enter root VA_router cesop show config Main Config enable sed nodaemon 3 0 debug_enabled 30 log_severity 4 33 schedule_mode 3 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 236 of 258 31 Diagnostics schedule priority Pore L eue cardType enable clock recovery enabled clock recovery debug remote loopback udp local ipaddr ue losal xot udp_remote_ipaddr udp_remote_port rtp_payload_type packetization_latency rx jitter buffer enabled rx jitter buffer size ms app bit reverse APPS Ici s devname bypass local loopback dce Cares ext_clock fifo irq level bit reverse Clee ii Liny ele 1d sias dce rclk inv x21 clk invert x21 data delay x21 use vco all four wire mode all pcm encoding all rx attenuator enabled all rx analogue gain enabled Single AAL card 1 al 0 0 0 0 0 0 5152 3L 1542 63 5152 96 o D O O Q O alaw Virtual Access 2015 GW7300 Series User Manual Issue
59. remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it Figure 46 The interfaces page firewall section Check the Create Assign firewall zone radio button to add the ADSL interface into wan firewall zone Click Save amp Apply 21 6 Configuring an ADSL PPPoEoA connection From the top menu select Network gt Interfaces The Interfaces Overview page appears LOOPBACK Uptime 16h 21m 30 MAC Address 00 00 00 00 00 0 RX 997 36 KB 8351 Pkt TX 99 IPv4 127 00 1 IPv6 0 0 NEWLAN MAC Address 00 0 0 onnect Stop Edit RX f TX 0 RX TX 0 008 Add new interface Figure 47 The interfaces overview page Scroll down to the bottom of the page until you see the ATM Bridges section Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 135 of 258 21 Configuring ADSL ATM Bridges ATM bridges expose encapsulated ethernet in AAL5 connections as virtual Linux network interfaces which can be used in conjunction with DHCP or PPP to into the provider network This section contains no values yet Add Figure 48 The ATM bridges page Click Add The ATM Bridges page appears ATM Bridges ATM bridges expose encapsulated ethernet in AALS connections as virtual Linux network interfaces which can be used in conjunction with DHCP or PPP to dial into the provider network Delete eneral Setup Advanced Settings A
60. reports access any router assigned to the report Select the relevant report A list of downloadable PDFs appears Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 223 of 258 29 6 29 Configuring SLA reporting on Monitor Generate SLA Report Report SLA Test Reporti Iz Date Generate View Saved SLA Reports Created Report Instance Name Action File Size kb 19 Jul 2012 15 45 Report_20120718010000_Version_8 pdf Download 21 19 Jul 2012 15 44 Report_20120717010000_Version_5 pdf Download 21 19 Jul 2012 03 18 Report_20120719010000_Version_4 pdf Download 11 19 Jul 2012 01 17 Report_20120719010000_Version_3 pdf Download 11 18 Jul 2012 23 16 Report_20120719010000_Version_2 pdf Download 11 18 Jul 2012 21 15 Report_20120719010000_Version_1 pdf Download 11 18 Jul 2012 17 14 Report_20120718010000_Version_7 pdf Download 21 18 Jul 2012 17 13 Report_20120717010000_Version_4 pdf Download 22 18 Jul 2012 11 13 Report_20120718010000_Version_6 pdf Download 21 18 Jul 2012 11 12 Report_20120717010000_Version_3 pdf Download 22 Page 0 Figure 102 Example of an automated report To view a report click Download in the report s row A PDF version of the report appears Configuring router upload protocol The protocol the router uses to upload the files is set for each device on Monitor Edit a device and from the Activator upload protocol drop down menu select the
61. root 1540 ust bin atplugd i eth2 rT 1 x lama 2297 eie DONEC va hdl lua usr bin lua usr sbin va hdl lua Soi Aj To kill a process enter the PID ROO IVAR OUR Vesti 229 System information General information about software and configuration used by the router is displayed just after login or is available if you enter the following commands O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 26 of 258 6 File system root VA__router VA_SERIAL VA_MODEL VA_AC VA_AC VA_IMAGE VAST VA_BLD AGI TIVEIMAGE MAS ONEA OS REV VA REGION VA WE BVE VA HWRI VA TO PV mV GV Hp ER vacmd show vars 00E0C8121215 GW6610 ALL image2 eon abel VIE 16 00 44 VIE 16 00 44 91a7f87ed61ca919e78 1c8e3cb840264 48877bb E U 00 00 00 a 16 00 44 Shows the general software and configuration details of the router Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 27 of 258 7 Command Line Interface 7 Command Line Interface 7 1 Basics The system has an SSH server typically running on port 22 The system provides a Unix command line Common Unix commands are available such as ls cd cat top grep tail head more Typical pipe and redirect operators are available gt gt gt lt For configuration the system uses the Unified Configuration In
62. routes Note after changing the network configuration to make your new configuration take effect you need to execute the following etc init d network restart There is no need to reboot the router Below is an overview of the section types that may be defined in the network configuration A minimal network configuration for a router usually consists of at least two interfaces LAN and WAN and routes Interfaces Sections of the type interface declare logical networks serving as container for IP address settings aliases routes physical interface names and firewall rules they play a central role within the overall configuration concept A minimal interface declaration consists of the following lines root VA_router uci show network wan network wan interface network wan proto dhcp network wan ifname eth0 1 config interface wan aopicloja aros lae option ifname eth0 1 Wan is a unique logical interface name O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 48 of 258 8 5 2 8 Management configuration settings DHCP specifies the interface protocol DHCP in this example eth0 1 is the physical interface associated with this section The interface protocol may be one of the following shown in the table below Protocol Description Program static Static configuration with fixed address and netmask ip ifconfig dhcp Address and netmask are ass
63. rules sss mmm 118 18 11 Firewall management ssssssssssssssse meme emen menn 118 18 12 Debug generated rule Set cece cece eee eee eee eee etna eee eee een eed 119 19 Configuring SN MP oocoonncoococoncnconnnconcncnnrncannncnnrnrnnrncnnrnnnrnnnnrnnancnnaneananennanenns 120 A ERR UP O A 120 19 2 System iie a a a a de ue 121 19 3 A uiui ba Valen od ea eda oy Kale ea CERA RUE SRM ER ERN RRA vee ARRA REM UU atthe 121 19 4 TACO A need A A AA 124 19 57 SN MPSS it P 125 20 Configuring HTTP SerVerF occcnncoconcoconcncannncnnnncnnnncnnnncnnrncnnancanananrnnanrananennaness 126 20 1 Server settings aec etie ie TERR AREA REIR RE EI RT INE a REY 126 20 2 HTTPS certificate settings and creation esses 128 20 3 Basic authentication httpd conf cccccccceee eee eee eee eeeeeeeeeeeeeeeeeaeeneeaeeaees 129 20 4 Securing uH TTPd kaniinia iiki ia e d Ek d ERR iE I RI da eee cee ERE YI 130 20 5 SSH server configuration ccce cece eee eee mme eme emnes nnn 130 21 Configuring ADS L occcnococoncncnnnaconnncnnrncnnnncnnnncnnancnnancnnnnnnrnnnnrananennanennanennaness 131 21 1 What is ADSL technology retinian men aaa A 131 21 2 ADSL connectlons unir ee ea pute it RE EC HEISE pP Edd Red e E S EE Er ipn 131 21 3 ADSL connection options on your router ssssssssss mmm 131 21 4 Configuring ADSL PPP connection via the web interface sssssusss 132 21 5 Configuring an ADSL
64. specified destination IP address OPEP Match incoming traffic directed at the given dest port tee E no none destination port or port range on this host if 9 tcp or udp is specified as protocol j Firewall action ACCEPT REJECT DROP for target string yes DROP matched traffic Protocol family ipv4 ipv6 or any to family string no any y ip P y generate iptables rules for Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 110 of 258 18 6 18 7 18 Configuring firewall Maximum average matching rate specified as a number with an optional second ME paring us inne minute hour or day suffix Example3 hour Maximum initial number of packets to match E thi t h limit burst integer no 5 is number gets recharged by one every time the limit specified above is not reached up to this number Extra arguments to pass to iptables this is extra string no none mainly useful to specify additional match options like m policy dir in for IPSec Includes It is possible to include custom firewall scripts by specifying one or more include sections in the firewall configuration There is only one possible parameter for includes Name Type Required Default Description Specifies a shell script to execute on boot th file nam tc firewall r f pa Ename IRE eto Mrewalnuse or firewall restarts Included scripts may contain arbit
65. stored in the following file Run UCI export or show commands to see Multi WAN UCI configuration settings A sample is shown below Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 83 of 258 15 Configuring Multi WAN option ecio threshold 15 option ifup timeout sec 120 4 uci show multiwan multiwa multiwa multiwa multiwa multiwa multiwa multiwa multiwa multiwa multiwa n n multiwan n n multiwan config multiwan config preempt yes config enabled yes wan interface wan disabled 0 config alt_mode no wan health interval 10 wan timeout 3 wan health fail retries 3 wan health recovery retries 5 wan priority 2 wan manage state yes multiwan wan exclusive group 3g multiwan wan ifup retry sec 36000 multiwan wan icmp hosts disable multiwan wan signal threshold 111 multiwan wan rscp threshold 90 multiwan wan ecio threshold 15 Config multiwan Name Required Default Description Enabled Yes No Enables or disables Multi WAN Enables or disables pre emption for Multi WAN If enabled the Preempt No No router will keep trying to connect to a higher priority interface depending on timer set Enables or disables alternate mode for Multi WAN If enabled alt mode No No y the router will use an alternate interface after reboot Config interface Name Required Defau
66. strin ES mone parent or master interface this route is 9 y belonging to must refer to one of the defined interface sections target ipv6 address yes none Sets the IPv6 network address atewa iove address 48 none Sets the IPv6 gateway If omitted the 9 y P gateway from the parent interface is taken metric number no 0 Specifies the route metric to use interf i mtu number no iu BEN Defines a specific MTU for this route Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 67 of 258 11 Static routes configuration Dropbear is the software module that implements ssh on the system The dropbear section contains these settings Name Type Required Default Description enable boolean no Enables dropbear Set to O to disable starting dropbear at system boot verbose boolean no Enables verbose Set to 1 to enable verbose output by the start script BannerFile string no none Specifies the name of a file to be printed before the user has authenticated successfully PasswordAuth boolean no Specifies password authentication Set to O to disable authenticating with passwords Port integer no 22 Specifies the port number to listen on RootPasswordAuth boolean no Enables root password authentication Set to O to disable authenticating as root with passwords RootLogin boolean no Enables
67. that the server listens on Local wPort Numeric Yes 0 Sets the local COSEM wrapper port value number Ranges eie Numeric Yes 0 Sets the remote COSEM wrapper value port number Serial Port Name Strin Yes dev ttySC1 acts he names the sertal pert 9 y used by the bridge Numeri Serial Baud Rate ae 5 Yes 9600 Sets the speed of the serial port ts th f th ial tt Serial Port Mode String Yes RS485 sets E MoAA oF the Sedet portto RS232 or RS485 Table 24 COSEM HDLC bridge page fields and their descriptions When you have made your configuration changes click Save and Apply Checking the status of COSEM HDLC Bridge To view COSEM statistics enter cosemdcmd show stats If COSEM HDLC Bridge is running this command will show the status of each session If the process is not loaded it will return an error To reset the statistic counters enter cosemdcmd clear stats Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 203 of 258 28 Event system 28 Event system 28 1 28 2 28 3 Virtual Access routers feature an event system The event system allows you to configure the router s information for efficient control and management of devices This section explains how the event system works and how to configure it using via UCI Implementation of the event system The event system is implemented by the va_eventd application The va_eventd application defines three types of object
68. via the web interface 86 16 3 1 PMP roaming pre empt enabled ocooccccccccccccccccncnccnnnccnnnnnnnnnnnnnnannnos 86 16 3 1 1 Creating primary predefined interface cccccccccccsssssssssseceeecesessscteaeeeeseesseseaeas 87 16 3 1 2 Setting multi WAN options for primary predefined interface 89 16 3 1 3 Setting options for automatically created interfaces ooooccccinnccccnononnncnnnannnnnanos 91 16 3 2 PMP roaming pre empt disabled ooooccocnccccccccnnccnnnccnnnnnccnnnccnnnccnnnnos 96 16 3 3 Roaming no PMP defined 0oococcccnccnccccncnccnnnncnnnccnnnccnnnccnnnccnnnccnnnninancrs 97 16 3 4 Disable roamitig ciere tir n 98 17 Configuring IPS C ocoonococnococnnrannncannnrannnrannnrnnnnrncnnrncnnnnrarnnrnrnnrncnnrncnnrncananeass 99 17 Gommon settings ioco dod e ou E eet ld eed uoce 99 17 2 Connection SettingS r aa eee eee enna eee a anaa a 100 17 3 Shunt connection evens exes exte xn x ccd eee ERU ER evs wiles evi elec ete 104 17 4 Secret settings airiran oe ek d ve ceed deve sees Svea RE dye eed avis cies Ei 104 18 Configuring firewall ooonccoonccnnnnconnncnncncnnnncnnrncnnrncnnrncnnrnnnranancnnanennancananenss 107 18 1 Defaults SECEON s irte ee oett etus eet td boiled ea eden bine 107 18 2 ZONES section ep ede EDENDI RE RUNI EPOR T EUG 107 18 3 Forwarding sections iecit ite ier Edge HEURE RR ERA INO UE Re donus 108 18 4 Redirects cu et
69. 0 512000 768000 1024000 2048000 O use external clock option sync speed 64000 Used for USB serial card Enables receive clock inversion 0 data sampled on clock falling edge l data sampled on clock rising edge option sync invert rxclk 0 Used for USB serial card Enables transmit clock inversion O data out on clock falling edge l data out on clock rising edge OPE UO feo sore Ee O Used for USB serial card l receive most significant bit first O receive least significant bit first GEO Sanc ic mD 0 i USEC ror USB serial carce l rreanemic most siomi r Cant ole italia sit y O transmit least significant bit first option sync_tx_msbf 0 Used for USB serial card Number of bit positions to delay sampling the data from detecting clock edge option sync_rxdata_dly 0 Used for USB serial card Number of bit positions to delay output of the data from detecting clock edge option sync_txdata_dly 0 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 179 of 258 25 Terminal Server Used for USB serial card Value of idle character decimal to transmit in iid Casa or IX uncer 0 wo 255 HDLC mode configures inter frame fill set to 0 to transmit Os 255 tO treemenle Is 126 Eo xeu flags Otelo S tx ache 126 Invert RTS in auto RTS mode if portmode is rs485 option rtsinvert 0 l s disable 1 optio l e optio end IA
70. 0 Enables creates the user username Text Yes None Defines username for the user password Text Yes None Defines password for the user ifies w rmission webuser Boolean No Yes Species WED Fiesse permissions for the user Specifies CHAP access permissions chapuser Boolean No No f P for the PPP connection Specifies PAP access permissions P r Boolean N N SES Mcr el 3 for the PPP connection Specifies SRP access permissions r r Boolean N N Rupee oiga i 2 for the PPP connection smsuser Boolean No No Specifies SMS access permissions Virtual Access 2015 GW7300 Series User Manua Issue 2 3 Page 45 of 258 8 Management configuration settings for the user Specifies if access permissions for linuxuser Boolean No Yes the user Note e webuser will only work if linuxuser is set to yes e chapuser will only work if linuxuser is set to no This first example shows a defined user called test The user has a defined password password They are also granted web access to the box root VA_router cat etc config management users config user option enabled 1 option username test option password password option webuser yes option linuxuser yes This second example shows a user called srptest The user has a defined password srptest CONTEC USEE option enabled 1 option username srptest option password srptest option srpuse
71. 15 GW7300 Series User Manual Issue 2 3 Page 190 of 258 26 4 4 Port settings advanced configuration Port Settings PORTO General TCP Keepalive timeout TCP Keepalive count Figure 86 The port settings interface Name Default Range Description Max X 25 VCs 1 for port 1 to 64 Defines the maximum number of X 25 VCs 0 to 3 supported by this XOT port and Note when a XOT port is used for the PAD 64 for function its max_vcs option must be set to 1 port 4 X 25 PVC LCN 0 1to4095 Configures the PVC LCN to be used on the XOT port VAL Enable 0 Oorl Enables the VAL protocol When disabled Cisco XOT will be used instead of the VAL protocol Note VAL Virtual Access Legacy or VALD Virtual Access Legacy Daemon VAL implements XOT protocol as defined in RFC1613 Enable TCP keepalives 1 Oorl Enables the sending of TCP keep alive probes TCP Keepalive interval 5 1 to 300 Sets the time interval between the sending of keep alive probes The time is in seconds TCP Keepalive timeout 2 1 to 10 Sets the time to wait for a TCP keep alive probe answer The time is in seconds TCP Keepalive count 1 1to0 Sets the maximum number of unanswered TCP keep alive probes before closing the TCP connection O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 191 of 258 26 4 5 XOT route table XOT Route Table ROUTEO Enable Remote X 25 NUA Remote IP addr
72. 2 3 Page 7 of 258 Table of Contents 30 1 Configuring SLA for a router via the web interface cccceceeeeeeeeseeeeneeas 225 30 2 Configuring SLA for a router via UCI interface sss 227 30 3 SLA SLALISEICS eet T 228 31 DiagnosticCS 230 31 1 jJADSE diaghostlcs in ep Sina ei du tee aie Pde aa pcd 230 31 1 1 ADSL PPPOA CONNECTIONS c cece eee eee eee eee emen emen nennen 230 31 1 2 ADSL PPPOEOA connections ccc cece eee eee eee eee mee 230 31 1 3 ADSL bridge connections 0 cece eee eee eee eee eee tenet nena ed 231 31 2 ALL diagnostics ee res ious ei os edd vets EET Ron dv ee Rr eed ceed deed SEE i 232 31 3 Automatic operator selection diagnostics via the web interface 233 31 3 1 Checking the status of the Multi WAN package occococccccccocncnncnccnnnncons 233 31 4 Automatic operator selection diagnostics via UCI ooococccccccccnccccnnnccnnnccnnnnos 234 31 57 CESOPSN diagnoSELICS i ierit ded er Ede HR Ue edite SEO EHE Eon te ipe 236 31 521 cesop SHOW CONTIG sins eso alae era Ret ote tete eR enlm x ens eme 236 31 5 2 cesop show StatuS ccc eee etree eene enn 238 31 5 3 cesop show stats scc exei mi xe tke ele dt Rem ee 238 31 5 4 cesop Clear Stats cece ene eee eee eee eee eee ented 239 31 6 DMVPN diaQnostics e iaaa ene E a rene nennen 240 31 7 File system diagnostics esses
73. 258 31 2 31 Diagnostics To check an IP address transmit and received counter on an ADSL interface in the top menu select Network gt Interfaces The Interface Overview page appears Interfaces Interface Overview Network Status Uptime 0h 23m 5s MAC Address 00 E0 C8 12 1F 25 RX 0 00 B 0 Pkts TX 72 78 KB 1394 Pkts IPv4 10 224 151 34 24 Uptime 0h 22m 52s MAC Address 00 E0 C8 92 1F 25 RX 0 00 B 0 Pkts TX 604 00 B 7 Pkts IPv4 10 33 4 7 26 Actions Connect Stop Edit Delete Connect Stop Edit Delete ALL diagnostics Figure 115 The interfaces overview page The va5420 stats dev ttyLCO command provides statistical information about the operation of the interface Here an example root VA_router va5420 stats dev ttyLCO TRANSMIT STATS EIVE tx bytes ix lowurideue cull counts tx underruns tx discards STATS rx bytes rx overruns CS e cach V 23 MODE STATS rx bytes tx bytes rx samples tx samples ix Carrier o Lx Catier o 566600 0 0 0 566988 o D o gt O O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 232 of 258 31 3 31 3 1 31 Diagnostics You can set the statistical information using va5420_stats_reset dev ttyLCO The example below shows the command va5420 status dev ttyLCO it displays status information about the device root VA_router
74. 3 Page 113 of 258 18 Configuring firewall config redirect Options ne wan Gode fme elo 0 option proto ep option dest_ip 192 168 110 The next example forwards one arbitrary port that you define to a box running ssh behind the firewall in a more secure manner because it is not using default port 22 config redirect option name ssh Opt sme usum option pego icu Option sre oportct 5555 qociom deste lia 192 166 21 Oppo Yelasic_joowe 22V Opp eee VIDA option dest lan 18 10 3 Source NAT SNAT Source NAT changes an outgoing packet destined for the system so that is looks as though the system is the source of the packet Define source NAT for UDP and TCP traffic directed to port 123 originating from the host with the IP address 10 55 34 85 The source address is rewritten to 63 240 161 99 config redirect Options ne lan option dest wan Options ela 35 0 5 55 Sur eS Opcion See ello 63 240 14 99 option dest_port 123 option target SNAT When used alone Source NAT is used to restrict a computer s access to the Internet but allows it to access a few services by manually forwarding what appear to be a few local services for example NTP to the Internet While DNAT Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 114 of 258 18 Configuring firewall hides the local network from the Internet SNAT hides the Internet from the local network Source NAT and d
75. 4 2 12 Connecting the antenna ccccece eect eee eee eee eee eden entes enne 14 2 13 Powering UD i e eer AW es Cee etr cut dei MEME EE 15 2 14 Reset bUttOn soie RE EN NERA Y Ea RR IR RR IN RA TIMER 15 3 GW7300 Series LED behavioUr ococcnococnococnnracnnrannnrannnrnnnnrannnrannnrananraracanencanes 16 4 Factory configuration extraction from SI M card eene 17 5 Accessing the rouUterF occcnococnorocnnracnncacnnracnnracnnracnnrncnnrnnnnrnrnrnnrarnnraranrncaneacanes 18 Bil Over Ethernet iere da 18 5 2 Over a 3G or 4G interface sirien a eee eene esee ennemi enini 18 6 File system ooonococnoracnncacnncncnnracnnrncnnrncnnrncnnrncnnrarnrnnrnrnnrnrnnrnrnnrnrnnrarnnracanencanes 19 o l Configurations ssi eiit iere IUe DEAS werd RET IE ada 19 6 1 1 High level configuration commands ococcccccnccnnnccnnnccnnnccnnnnnccnnnncnnnnananoss 19 6 1 2 Configuration file SyNtaX oocoocccccccccncnccnnnnonnnccnnnncnnnnnnnnnnnnnnannnnannnnannnss 20 6 1 3 Command line utility ssessssesssssee Immer 21 6 1 3 1 Command line utility examples ccconococoonnnnononononannnnnononananononnnnnononanonnnnnnnnncnnnnnnns 23 6 1 4 Configuration copying and deleting ssssesesesmmI 24 6 1 5 Image diles EE 24 6 1 6 Viewing files ecd XR ERA ERR SER NER sis 24 6 1 7 Copying files onl her hia ted alta baie a a E ute 25 6 1 8 Editibig THES 5 dad a to ati tun aera tr dun bsec beaten hte 26 6 1 9 Pro
76. 6any Leave blank to use default local interface IP address Leave blank to use default remote gateway IP address psk Y How the two security gateways should authenticate each other Defines the identity username the client uses to reply to an XAuth request If not defined the IKEv1 identity will be used as XAuth identity aes128 sha1 modp1024 v aes128 sha1 Y lan id 28800s How long the keying channel of a connection should last before being renegotiated 300s Synonym for lifetime How long a particular instance of a connection a set of encryption authentication keys for user packets should last from successful negotiation to expiry 30s Synonym for margintime How long before connection expiry or keying channel expiry should attempts to negotiate a replacement begin forever How many attempts a positive integer or forever should be made to negotiate a connection or a replacement for one before giving up default 3 The value forever means never give up clear Y Controls the use of the DPD protocol where R U THERE notification messages IKEv1 or empty INFORMATIONAL messages IKEv2 are periodically sent in order to check the liveliness of the IPsec peer If no activity is detected all connections with a dead peer are stopped and unrouted clear put in the hold state hold or restarted restart The default is none which disables the active sending of DPD messages 30s Defines the period time interval w
77. 8 Table of Contents 31 16 2 VRRP diagnostics using the command line interface 257 31 17 Diagnostics for WiFi AP mode cece eee e eee eee eee eee etna tenet ene ene ed 258 31 18 Diagnostics for WiFi client mode cece eee eee e teeta eee eee ed 258 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 9 of 258 1 Introduction 1 Introduction This user manual describes the features and how to configure a Virtual Access GW7300 Series router The GW7300 Series router is ruggedized and supports extended temperature high isolation and protection levels The router enclosure is not conductive It has 8 Ethernet ports 3G radio access modems with up to two SIM cards and serial console access There are DC and AC power versions It implements general purpose router features such as dynamic routing protocols OSPF and RIP VPN and DMVPN IPSec VLANS GRE tunnels DHCP server client and relay TFTP 3G access CLI and web access 1 1 Document scope This document covers the following models in the GW7300 Series GW7304 8 x Ethernet ports dual SIM 1 x RS232 1 x optional RS485 RS232 GW7304 3G 8 x Ethernet ports dual SIM 1 x RS232 3G 1 x optional RS485 RS232 GW7304 LTE 8 x Ethernet ports dual SIM 1 x RS232 4G 1 x optional RS485 RS232 GW7304 CDMA450 8 x Ethernet ports dual SIM 1 x RS232 CDMA450 1 x optional RS485 RS232 GW7314 3G 8 x Ethernet ports 1 x AD
78. C WILL ECHO Telnet option to remote client forcing it to ocal echo for server mode only n disable_echo 0 nable support for Telnet COM port control RFC2217 i exo joxoweiE Econt roO 1 half duplex mode O full duplex mode optio in and enabl optio in transmis optio whe n hd mode 0 RS232 half duplex mode time in milliseconds ing the transmitter n rts timeout 30 RS232 half duplex mode time in milliseconds sion finished and enabling the receiver a pose es Eume 20 n used with V 23 modem driver set portmode samples are multiplied by this value optio whe m veas ex gasm 2 n used with V 23 modem driver set portmode samples are divided by this value optio whe a WAS i loss LU n used with V 23 modem driver set portmode RTS to CTS delay in milliseconds optio m v23 es o cus Clay 20 between raising RTS between dropping RTS TAS AS as mas v23 received ESAS clc Tas Virtual Access 2015 GW7300 Series Issue 2 3 User Manual Page 180 of 258 25 Terminal Server when used with V 23 modem driver set portmode v23 LIM operation O 2wire 1 4wir pico WAS 18 dox wire 0 when used with V 23 modem driver set portmode v23 sets the receive echo suppression timeout in milliseconds option VAS ss timeout 20 when used with V 23 modem driver set portmode v23 time in milliseco
79. CE VLANNR e g ethO 1 Common Configuration wall Settings General Setup Advanced Settings Physical Settings Fire Create Assign 12tptun wan Sa want E firewall zone z lan lan g unspecified or create Choose the firewall zone you want to assign to this interface Select unspecified to remove the interface from the associated zone or fill out the create field to define a new zone and attach the interface to it Figure 53 The interfaces page firewall settings tab To add the ADSL interface into wan firewall zone select Create Assign Click Save amp Apply 21 7 Configuring an ADSL bridge connection with static IP From the top menu select Network gt Interfaces The Interfaces Overview page appears LOOPBACK Uptime 16h 21m 30 MAC Address 00 00 00 00 00 00 RX 937 36 KB 4 TX 997 IPv4 127 0 IPv6 00 00 NEWLAN MAC Address RX 0 B 0 Pkts nown OpenVvrt TX 0 WAN z RX E c 4 TX Add new interface Figure 54 The interfaces overview page Scroll down to the bottom of the page until you see the ATM Bridges section Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 138 of 258 21 Configuring ADSL ATM Bridges ATM bridges expose encapsulated ethernet in AAL5 connections as virtual Linux network interfaces which can be used in conjunction with DHCP or PPP to into the provider network This section contains no values yet Add
80. Create Interface page appears Create Interface Name of the new Management The allowed characters are B Z a z 0 9 and _ interface Protocol of the new Static address z interface Create a bridge over C multiple interfaces Cover the following j Ethernet Adapter eth0 lan0 e Ethernet Adapter eth1 lan2 2 Ethernet Adapter eth2 lan3 eth3 lan4 lo loopback Note If you choose an interface here which is part of another network it will be moved into this network Back to Overview Submit Figure 58 The create interface page In the Name of the new interface field type the name of the interface From Protocol of the new interface drop down menu select Static address From cover the following interface select Custom Interface and then type nasO Click Submit The Interfaces name of new interface page appears Protocol Static address yl IPv4 address 10 33 4 7 IPv4 netmask 255 255 255 192 M IPv4 gateway IPv4 broadcast Use custom DNS a servers Figure 59 Part of new interface configuration page In the IPv4 address field type the IP address Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 140 of 258 21 8 21 8 1 21 Configuring ADSL In the IPv4 netmask field type or choose netmask Optionally in IPv4 gateway field type the gateway address If necessary fill in other require fields
81. Diagnostics root VA_router sip show channels stats Peer Call 10 Duration Recv Pack Lost Jitter Send Pack Lost Jitter 10 1 23 15 4abaa449705 00 00 08 0000000426 0000000000 0 00 0 0000 0000000391 0000000000 0 00 0 0002 1 active SIP channel To exit asterisk CLI enter exit 31 11 3 ISDN LED status The ISDN port has two LEDs indicating the status of the audio channels in use On Audio channel is up dial tone or call in progress ISDN top LED as Off Audio channel is inactive ISDN bottom On Audio channel is up dial tone or call in progress LED Off Audio channel is inactive 31 12 IPSec diagnostics Virtual Access routers use the strongSwan package for IPSec To view IPSEC configuration on the router enter root VA_router uci export strongswan To restart strongSwan enter root VA_router tc init d strongswan restart To view IPSEC status enter root VA_router ipsec statusall To view a list of IPSEC commands enter root VA_router ipsec help Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 252 of 258 31 Diagnostics 31 13 Multi WAN diagnostics The multi WAN package is an agent script that makes multi WAN configuration simple easy to use and manageable It comes complete with load balancing failover and an easy to manage traffic ruleset The uci configuration file
82. Format depends on Match Type In Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 70 of 258 12 BGP Border Gateway Protocol case of IP address and BGP Community values is parsed as list of items to match Set Option Set Value Dropdown Menu No None Available options are None IP Next Hop Local Preference MED Route Weight BGP MED AS path to Prepend BGP Community Format depends on the Set Option chosen When you have made your changes click Save 12 3 Configure BGP neighbours In the BGP neighbours section click Add to configure BGP neighbours BGP neighbors IP Address Add Autonomous System Number Route Map Route Map Direction Y Delete Figure 13 The BGP neighbours section Click Save amp Apply 12 4 Routes statistics Name Type Required Default Description IP Address Integer Yes None Sets the IP address of the neighbour Autonomous Integer Yes None Sets the ASN of the remote peer System Number Route Map String No None Sets the route map name Route Map Dropdown No None Tells in which direction the route Direction Menu map should be applied Available options are in or out To view routes statistics in the top menu click Status gt Routes The routing table appears Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 71 of 258 12 BGP Bord
83. Gateway Protocol eres enses n nnn nnn nnn 69 12 1 Configuring the BGP web interface ccc eee cece eee eee eee ee eee eee e eee ed 69 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 3 of 258 Table of Contents 12 2 Optionally configure BGP route map cece eee eee mm 70 12 3 Configure BGP nNe iQhDOUrs 0 cece mm memes heme nemen 71 12 4 Routes Statistics o eret is 71 12 5 BGP UCl interface i cerni RR RR EIR DRIN RARI T MARII RARI RAE 72 13 Configuring a 3G 4G CONNectiON oomccocnococnnrannnracnnracnnracnnracanracanracanracanananeass 75 14 Configuring SMS oocccocnnconnncannncannnrannnrnnnnrnnnnrnnnnrncnnrncnrnnrnrnnrnrnnrnrnnrncanancananeass 78 14 1 Monitotimg SMS id oleae ll eo eos eee eue t t es e doa 79 14 2 Qutgoing messages idco el dde 79 15 Configuring Multi WAN cccoocococnococnncannoracnnrasnnracnnracnnrncnnracarnnrnranrnranancananeass 80 15 1 Multi WAN web iNterface ooocoocccccnccocnccnnnncnnncnonnncnnnnnnnnncnnnnrnnnnrnnnnnrnnnnrnaners 80 15 2 Multi WAN UCI interface ccc eee memes ee nnns 83 16 Automatic operator SelectiON oomcocnoconnoracnnracnnracnnracnnracnnracnnrncnnraracnnanennaneass 86 16 1 Introduction to automatic operator selection oooccoccccccccncnccnnnccnnncnnnnnnnnnnnnns 86 16 2 Configuring automatic operator selection ooooococccccccccnnnccnnnccnnnncnnnccnnnccnnnnns 86 16 3 Configuring automatic operator selection
84. MTS GPRS Specifies technology type APN String Yes None Sets APN settings PIN Number No None Sets SIM card PIN number PAP CHAP String No None Sets username username used to connect to APN PAP CHAP String No None Sets password password used to connect Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 94 of 258 16 Automatic operator selection to APN Health Monitor Dropdown menu Yes 10 sec Sets interval used Interval to monitor signal strength Health Monitor Dropdown menu No none Specifies target ICMP Host s IP address for ICMCP packets Health Monitor Dropdown menu Yes 3 sec Specifies CMP ICMP Timeout timeout Attempts Before Dropdown menu Yes 3 Specifies number WAN Failover of fail attempts of Health Monitor before interface is torn down Attempts Before N A N A N A N A WAN Recovery Priority Number Yes 0 Defines that the higher value is higher priority Minimum ifup Dropdown menu Yes 300 sec Specifies Interval minimum interval between two successive interface start attempts Interface Start Dropdown menu Yes 40 sec Sets time for Timeout interface to startup Signal Threshold Dropdown menu Yes 115 Specifies the dBm threshold where if the signal is lower than this then it is marked as fail When you have configured your settings click Save amp Apply In the top menu select System gt Reboot The System page appears Sy
85. Network Logot UNSAVED CHANGES 1 Mobile Manager Configuration of the Mobile Manager SMS handling and callers Basic Settings Basic settings for the Mobile Manager SMS Enable V Callers Configure caller numbers that may use the SMS senice This section contains no values yet Add Save amp Api Reset Figure 20 The mobile manager page In the Basic Settings section check the box beside SMS Enable In the Callers section click Add to add caller numbers Add in specific caller numbers or use the wildcard symbol as shown below Callers Configure caller numbers that may use the SMS serice Name Name of the caller Number 3538722 Number of the caller Use for wildcard matching Enable V Respond v Delete Name VA UK Te g Name ofthe caller Number 9 Number of the caller Use for wildcard matching Enable W Respond V Click Enable Select Respond if you want the router to reply Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 78 of 258 14 1 14 2 14 Configuring SMS Parameter Description Name Name assigned to caller Number Number of caller allowed to SMS the router Enable Enables or disables caller Respond If checked the router will return an SMS Table 9 Scripting commands and their descriptions When you have made your changes click Save amp Apply and then reboot Monitoring SMS You ca
86. RX 0 00 B 0 Pits Connect Stop Edit Delete 3 TX 0 00 B 0 Pkts 39 36 PPPOE RX 0 00 B 0 Pkts Connect Stop Edit Delete 1 se TX 0 00 B 0 Pts pppoe PPPoE Uptime 0h 2m 16s we EL Connect Stop Edit Delete MAC Address 92 A4 DE 8A 0F 53 RX 170 72 KB 1630 Pkts TX 11 27 KB 89 Pkts IPv4 10 1 9 6 16 Connect Stop Edit Delete MAC Address 00 E0 C8 10 10 A9 oF Gre RX 92 33 KB 567 Pits IU TX 102 80 KB 694 Pits IPv4 192 168 6 3 24 E Client VAWireless Figure 124 The interface overview page showing WClient stats Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 258 of 258
87. SL2 dual SIM 1 x RS232 3G 1 x optional RS485 RS232 GW7314 LTE 8 x Ethernet ports 1 x ADSL2 dual SIM 1 x RS232 4G 1 x optional RS485 RS232 GW7314 CDMA450 8 x Ethernet ports 1 x ADSL2 dual SIM 1 x RS232 CDMA450 1 x optional RS485 RS232 Throughout this document e We use the host name VA_router e We refer to the GW7300 Series for configuration and UCI instructions Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 10 of 258 2 GW7300 Series hardware 2 GW7300 Series hardware 2 1 Hardware specification 2 1 1 GW7300 Series model variants GW7304 GW7304 3G GW7304 LTE GW7304 CDMA450 GW7314 3G GW7314 LTE GW7314 CDMA450 8 x Ethernet ports dual SIM 1 x RS232 1 x optional RS485 RS232 8 x Ethernet ports dual SIM 1 x RS232 3G 1 x optional RS485 RS232 8 x Ethernet ports dual SIM 1 x RS232 4G 1 x optional RS485 RS232 8 x Ethernet ports dual SIM 1 x RS232 CDMA450 1 x optional RS485 RS232 8 x Ethernet ports 1 x ADSL2 dual SIM 1 x RS232 3G 1 x optional RS485 RS232 8 x Ethernet ports 1 x ADSL2 dual SIM 1 x RS232 4G 1 x optional RS485 RS232 8 x Ethernet ports 1 x ADSL2 dual SIM 1 x RS232 CDMA450 1 x optional RS485 RS232 2 2 Hardware features Dual SIM sockets Dual antenna SMA connectors Eight 10 100 Mbps Ethernet ports 1 RS232 RS485 DB9 female console port 1 RS232 console port 2 3 Serial ports 2 3 1 The GW7300 has two RJ 45 conne
88. Select a reseller Reseller amp devices available 00 v 00 v Select a device reseller Y Reseller amp devices included testTemplate Reset Save Figure 98 The add SLA report page Enter the relevant parameters Parameter Description Options Report Name Frequency of report Initial print time Name of report How often a report is generated Initial start time once off hourly daily or weekly Valid statistic time Window of time to report 0 24 hours Reseller amp devices available To select resellers and devices From Monitor database Reseller amp devices included Display added resellers or devices Content template Content template that report is based on Table 36 Parameters for adding an SLA report The figure below shows an example of a SLA report with two devices Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 221 of 258 29 Configuring SLA reporting on Monitor Add SLA Report Report name Test SLA Report Frequency of report daily Initial print time 07 17 2012 00 00 v Valid statistic time 8 00 18 00 macken street Y Reseller amp devices available Derek GW2021 Y MB SLA Test GW2021 Derek GW2021 Reseller amp devices included Content template testTemplate X Reset Figure 99 An example SLA report sh
89. Specify a destination IP address for the keepalive packets that are originated on the LAN Specify a destination UDP port for the keepalive packets that are originated on the LAN Scroll down to the Advanced Settings section In the Bin Restart Period field type in a bin collection time In the Max Bin count field type the maximum number of Bins stored on a router Name Type Required Default Description heck Enable ien Yes none Enables SLAD daemon Roundtrip teger Yes None Specifies the time in milliseconds that a Timeout ms 9 packet is not replied before this timeout Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 226 of 258 30 2 30 Configuring SLA for a router expires it is considered as lost Radio Specifies the interface on which traffic Interface button Yes None should be monitored menu Destination Host IPv4 Specifies the destination IP address for IP Address address Yes None the keepalive packets that are originated on the LAN Destination UDP T TE n anon Integer Yes None Specifies the destination UDP port Bin Restart ifies how long one bin i llectin Integer Yes None s oe WONG One DIS Ealice ay Period ms information Specifies how many bins are in the Max Bin Count Integer Yes None queue After all empty bins are used new information is put in the oldest bin When you have made all your configuration changes
90. T MTU 1400 Metric 1 RX packets 6 errors 0 dropped 0 overruns 0 frame 0 TX packets 23 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 3 ROS loytes 426 428 0 18 Ix oyrcess 2986 2 9 TNS eth0 Link encap Ethernet HWaddr 00 E0 C8 12 12 15 mete aceri 192 168 100 1 Bessus192 168 100 295 MASAS ASI O inec acers reg0 s2030 rela 1215 06 Scouse ikalimis UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 6645 errors 0 dropped 0 overruns 0 frame 0 TX packets 523 errors 0 dropped 0 overruns 0 carrier 0 O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 247 of 258 31 Diagnostics collisions 0 txqueuelen 1000 BUS lowuess569453 556 1 KiB TX lyeess77S06 75 4 IKB lo Link encap Local Loopback mee accegl27 0 0 1 Maske255 0 0 0 ime co sxoloheg 9391 1268 Socpesilosi UP LOOPBACK RUNNING MTU 16436 Metric 1 RX packets 385585 errors 0 dropped 0 overruns 0 frame 0 TX packets 385585 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 0 RX bytes 43205140 41 2 MiB TX bytes 43205140 41 2 MiB To display a specific interface enter ifconfig lt name gt root VA_router ifconfig eth0 etho Link encap Ethernet HWaddr 00 E0 C8 12 12 15 lase eogiesi92310985241 0041 Beoases192 168 100 255 MOIS 255 255 255 0 inerts acers sees ees BSI PII PIS G4 Sees Link UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 1 RX packets 7710 errors 0 dropped 0 overru
91. TM Virtual Channel Identifier VCI ATM Virtual Path Identifier VPI Encapsulation mode LLC ly Add Figure 49 The ATM bridges general tab Select the General Setup tab In the Virtual Channel Identifier field type the VCI number In the ATM Virtual Path Identifier field type the VPI number In Encapsulation mode drop down menu select either LLC or VC Mux Select the Advanced Settings tab The ATM Bridges page appears ATM Bridges ATM bridges expose encapsulated ethernet in AAL5 connections as virtual Linux network interfaces which can be used in conjunction with DHCP or PPP to dial into the provider network Delete General Setup Advanced Settings ATM device number Bridge unit number Forwarding mode bridged ia Add Save amp Apply Reset Figure 50 The ATM bridges advanced settings tab Leave the default ATM device number and the Bridge unit number set to O O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 136 of 258 21 Configuring ADSL In the Forwarding mode drop down menu select bridged or routed Click Save Click Add new interface the Create Interface page appears Create Interface Name of the new ADSL The allowed characters are B Z a z 0 9 and _ interface Protocol of the new PPPoE interface Cover the following of Ethernet Adapter eth0 lan Ethernet Adapter eth1 lan2 el Ethernet Adapter eth2 lan3 2 Ethe
92. Unique Router ID in format 4 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 69 of 258 12 BGP Border Gateway Protocol byte format 0 0 0 0 Autonomous Integer Yes None Defines ASN for local router System Number Sets network that will be advertised to neighbours in prefix format 0 0 0 0 0 Ensure network Network Integer Yes None bd xs prefix matches the one shown in routing table See Routes section below When you have made your changes click Save 12 2 Optionally configure BGP route map To configure the BGP route map on the Global Settings page scroll down to the BG Route Map section BGP Route Map Figure 11 The BGP route map section Type in a name for the BGP Route map Name and then click Add The ROUTEMAP configuration section appears ROUTEMAP Order Policy Type y Match Type Match Value 1 Format depends on Match Type In case of IP Address and BGP Community value is parsed as list of items to match Use prefix to deny match Set Option M Set Value Figure 12 The routemap section Name Type Required Default Description Order Integer Yes None Route Map sequence number Policy Type Dropdown Yes Permit Permits or denies matched values Menu Match Type Dropdown Yes IP address Available options are Menu IP Address IP Next Hop AS Path Route Metric BGP Community Match Value Yes None
93. Uses peer assigned DNS server s list of i i dns P no none Overrides peer assigned DNS server s addresses Enables I Pv6 on the PPP link ipv6 boolean no 0 Name Type Required Default Description src ipaddr IPv4 address yes none Defines the local IPv4 endpoint address server IPv4 address yes none or rero TEEME ENAR user string yes none Sets the PPP user name password string yes none Sets the PPP password Specifies Tunnel Authentication Mode none no authentication unless secret is auth_mode string yes none specified simple check peer hostname challenge require tunnel secret See string e ona Defines optional secret which is shared with tunnel peer persist boolean no no Recreates automatically if tunnel fails hastam String Ves none Sets name to advertise to peer when setting up the tunnel Aliases Use the Alias section to define further IPv4 and IPv6 addresses for interfaces Alias sections also allow combinations like DHCP on the main interface and a static IPv6 address in the alias for example to deploy IPv6 on WAN while Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 51 of 258 8 Management configuration settings keeping normal internet connectivity Each interface can have multiple aliases attached to it A minimal alias declaration consists of the following lines network alias alias network alias interf
94. Y VIRTUAL SMART NETWORK SOLUTIONS wv ACCESS GW7300 Series User Manual Issue 2 3 Date 07 May 2015 Table of Contents 1 Introduction ommcocnoconnncannncnnnncannncnnnnrnnnnrnnnnrnnnnrnrnrnnrnrnnrnrnnrnrnnrnrnnrnrananeananeass 10 1 1 Document scope ieia inre et og Mild oy Kalen a ERR Rea LEER ERR e FEN ERE Sled 10 2 GW7300 Series hardware mmmcmcnococnorocnnracnnrannnrannnrannnrnnnnrannnrnnnnnnraranracanencanes 11 2 1 Hardware specification sess nemen meses 11 2 1 1 GW7300 Series model variants ssssssssssssse mene 11 2 2 Hardware feature monica caida 11 2 3 Serna Ponsa li dia et ea e eso et e bn ono tof 11 2 3 1 RS232 PINOUE zc eie bald du ie dicU PM ie Mrd Pa cons 11 2 3 2 RS485 full duplex PiINOUt 0 eee eee eee tena eee mener 12 2 3 3 RS485 half duplex PinOUt cece eect eee eee eee ee ed 12 2 4 GSM technology a uo teo der eoe dou ee aolet itinere 12 2 55 POWer supply tote eir ERE ER EE et Ee Rte Pra EIER Erunt 13 2 6 DIMENSIONS seanna lada te ioca xt IEEE eode es HEURE opel at IU Urin 13 2 7 Operating temperature range sss mme essen 13 2 8 Antenna ose eR DUX verse ERR IRR cidaa edie ens RARE KU CERE vegan Dt 13 2 9 Components ene Reni x a RR dale xia DRM ce IX Va e EX DR UR Ren 14 2 10 Inserting the SIM cards cece ccc e cece eee eee enna eee eae e eens tate eaten eee ea ties 14 2 11 Connecting cables cese eee adage iain atlas ied 1
95. _U_THERE messages INFORMATI ONAL exchanges are sent to the peer DPD Delay Integer Yes None These are only sent if no other traffic is received Syntax timespec 1d 2h 25m 10s Defines the timeout interval after which all connections to a peer are DPD Timeout Integer Yes 150s deleted in case of inactivity Syntax timespec 1d 2h 25m 10s Table 19 Connections fields for strongSwan IPSec VPN From the Name field type the Connection Name From the Autostart Action drop down menu select Ignore From the Connection Type drop down menu select transport From the Authby dropdown menu select psk From the IKE algorithm dropdown menu select the encryption hash algorithm and DH group From the ESP algorithm dropdown menu select the encryption and hash algorithm From the WAN Interface dropdown menu select the interface that is used to transmit IPSec packets In the IKE life time field type the I ke life time value In the Key life field type the Key life value In the Keying tries field type a forever value From the DPD Action drop down menu select clear In the DPD Delay field type a DPD delay value In the DPD Timeout field type a relevant value At the bottom of the Secrets section click Add Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 161 of 258 24 Dynamic Multipoint Virtual Private Network DMVPN Secrets Enabled ID selector Secret Type Secret To ma
96. aFWNNqpAx7qPl1JCA4R5KeM iGdo7l1mKFyOTkvTIZbhXnWTRrQD5Q6nQv UX QrUmM4t3ztabT3gN dibG3kNpMWl DMLMBSghkXu7QosC 1uPbR5BbICQJFx root VA_router uci show management users management users Quser user management_users user nabled 1 management users Quser Sus enamecisesis OU VO e management_users user webuser yes management users user 0 linuxuser yes management users Quser 1 user management users user 1 enabled 1 management users Quser 1 username srptest Management users Guisen l srpuser 1 management_users user 1 chapuser 0 management_users user 1 webuser 0 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 47 of 258 8 Management configuration settings management_users user 1 smsuser 0 management_users user 1 linuxuser no management users 8user 1 srphash 0 2de6Dk6DA4tFo80Vfb2iuY6aRj2CAoPeo2DAdCRc ReBUc 9Px56rNmamtaBx7BiQIzNisYFJFVdhH6HO0Z Ys9RzUl1SJrMVpmQZkJwqlBltA F7O tfl VkGnXyiTLSCN68iJ SltDDqeOprmLo IW9Ub7 qop44M13g6S5QUxpu N5sLzpSvER kAFNPR D mK9D 3SQzTtEZNYypmkgP902ihw A4uDUNIFGMzd3dBs0OVdF1AaFWNNqpAx7qPl1JCAR5KeM iGd o7lmKFyOTkvTIZbhXnWTRrQD5Q6nQv UXQrUmMA4t3ztabT3gN dibG3kNpMWl DMLMBSghkXu7Q or elm ESTS FT Jas Modify these settings by running uci set parameter command 8 5 Interfaces configuration 8 5 1 This configuration is responsible for defining switch port groups interface configurations and network
97. ace Status page appears Scroll down to the bottom of the page to view Multi WAN Stats Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 233 of 258 31 Diagnostics There are no active leases Multi WAN Status fa3g s voda Up 3g_s1_O2IR Down standby backup Figure 117 The status page multi WAN status section page 31 4 Automatic operator selection diagnostics via UCI To check interfaces created in the multi WAN package enter cat var const_state multiwan Figure 118 Output from the command cat var const_stat multiwan To check interfaces created in the network package enter cat var const_state network Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 234 of 258 31 Diagnostics To check the status of the interface you are currently using enter cat var const_state_ mobile I m I n m m m m m m m m m n m Figure 119 Output from the command cat vat const_state_ mobile Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 235 of 258 31 Diagnostics 31 5 CESoPSN diagnostics CESOPSN uses one package cesopd To view the CESOPSN configuration root VA_router uci export cesopd package cesopd config cesopd main option log severity 5 option enable 1 Comrie pure Porgi option enable 1 option devname ttyLCO The cesop command provides several
98. ace lan network alias proto static aS e amp network alias s atpoxeve le le L0 s 0 10 31 network 8alias 0 netmask 255 255 255 0 comas option interface lan oprelom Yoroce siteaicala Option ipach 10 0 0 1 God xeu 255 255 255 0 Lan is the logical interface name of the parent interface Static is the alias interface protocol 10 0 0 1 specifies the alias IP address 255 255 255 0 specifies the alias netmask Only the static protocol type is allowed for aliases Defined options for alias sections are listed below Name Type Required Default Description Specifies the logical interface name of the interface Nm Bs none parent or master interface this alias is 9 y belonging to must refer to one of the defined interface sections Paks strin Be none Specifies the alias interface protocol must P 9 y be static yes if no ipaddr ip address ip6addr is none Defines IP address set yes if no netmask netmask ip6addr is none Defines Netmask set gateway ip address no none Specifies the default gateway Sets the broadcast address This is auto broadcast ip address no none f generated if not set yes if ip6addr ipv6 address noipaddr none IPv6 address CIDR notation is set ip6gw ipv6 address no none IPv6 default gateway dns list of ip no none DNS server s Virtual Access 2015 GW7300 Series User Man
99. achable Hub is known regardless of its reachability There are two hub statuses hub and dead hub Table 37 NBMA peers columns and their descriptions You can check IPSec status using uci commands Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 240 of 258 root GW202x ipsec status Security Associations 1 up 0 connecting 31 Diagnostics aps fe 9 0i 154 151 09 ESAS Sala 2 Mors Eco 10 698 254 155 11045 68 234 1 33 22829 101 1154 153 189 101 154 151 dmvpn 89 101 154 151 1 REKEYING TRANSPORT expires in 55 seconds ghe 9 10 154 53 1 8 10 68 234 133 32 gre 192 168 32 gre Clio 99 101_154 1511178 TINSIUNGINEID WRANSIPORIT lS iia WDE E eee Hos 7O_ al d874dc90_o cmvon 69 102 3524 i Sil i e ORGS 2 sAr 1393 32 eel OPINOR AMI 5H 2c e You can check DMVPN status using uci commands opennhrpctl show Status ok E locerracss Gee EIN Type local Esegieecol 2avoleheegmm s Wi ll i 7 32 Alias Address A 1 55 Pieces us e lares Gre CR Type local Protocol Address T1 T1 T1 3732 Flags up NS SS ERE Type cached Protocol lSAddres sI Si2 NBMA Address 178 237 115 129 NBMA NAT OA Address 172 20 38 129 Flags used up nome s lm8 0818 Lmuesrrecss guee GCiuE Type static Protocol Address 1151111 17219 Virtual Ac
100. ad logging enter root VA_router val trace on val trace enabled Logread as a f option that output the events as the log grows It is very useful when you want to live trace You may use it this way root VA_router logread f or root VA_router logread f 31 14 2 Debugging guidelines If you are having trouble configuring PAD use the list below to debug Is the router receiving calls To check the router is receiving calls look at the log and search for an event similar to the following Nov 28 13 05 40 VA router user debug vald 1 Incoming VC TCP accepted VC id 0 LCN 4095 Is data being received on the To check data is being received on the asynchronous serial asynchronous serial enter tserv show stats TERMINAL 4 Dev dev ttySC3 State CONNECTED Serial Bytes Rx 2036 Tx 26624 TxErrs 0 TCP Packets Rx 23 Tx 16 TxErrs 0 TCP Bytes Rx 26624 Tx 2036 UDP DatagramsRx 0 Tx 0 TxErrs 0 UDP Bytes Rx 0 Tx 0 DSR Up 0 Down 0 Uptime 0 hrs 0 mins 22 secs For more details refer to section 6 Terminal Server Are the vald padd and tservd To check if the modules are running follow the instructions modules running described in the PAD section For more details refer to the Terminal Server section in this manual Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 255 of 258 31 15 31 Diagnostics Is the Terminal S
101. al example of a dhcp section is shown below root VA_router uci show dhcp lan dhcp lan dhcp dhcp lan interface lan dhcp lan start 100 dhcp lan limit 150 dhcp lan leasetime 12h dhcp lan ignore 1 Coarte ome Lam option interface lan Options tomes MOON Oye Yale TAS OY option leasetime VAL Zio Lan specifies the VA_router interface that is served by this DHCP pool 100 is the offset from the network address in the default configuration 192 168 1 100 150 is the maximum number of addresses that may be leased in the default configuration 192 168 1 250 12h specifies the time to live for handed out leases twelve hours in the example below Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 58 of 258 9 DHCP server and DNS configuration Required Default Description dhcp_ option list of strings no none Enables additional options to be added for this network id For example with 26 1470 or option mtu 1470 you can assign an MTU per DHCP Your client must accept MTU by DHCP for this to work dynamicdhcp force boolean boolean no no Dynamically allocates client addresses if set to 0 only clients present in the ethers files are served Forces DHCP serving on the specified interface even if another DHCP server is detected on the same network segment ignore Interface boolean logical int
102. alive interval 5 1to 300 Sets the time interval between the sending of keep alive probes The time is in seconds tcp keep alive timeout 2 1to 10 Sets the time to wait for a TCP keep alive probe answer The time is in seconds tcp keep alive count 1 1to0 Sets the maximum number of unanswered TCP keep alive probes before closing the TCP connection val enabled 0 Oor1 Enables the VAL protocol When disabled Cisco XOT will be used instead of the VAL protocol Note VAL Virtual Access Legacy or VALD Virtual Access Legacy Daemon VAL implements XOT protocol as defined in RFC1613 pvc lcn 0 1 to 4095 Configures the PVC LCN to be used on the XOT port XOT configuration using the web interface To configure PAD application over web interface browse to Services gt X 25 XOT The X 25 XOT page appears Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 188 of 258 26 4 1 Main settings basic configuration X 25 XOT Configuration of X 25 XOT Main Settings Basic Advanced Enable Enable X 25 XOT Figure 83 The X 25 XOT interface Name Default Range Description Enable 0 Oorl Determines whether or not the XOT daemon is enabled or disabled Check the box beside Enable 26 4 2 Main settings advanced configuration Click the Advanced tab to show the advanced configuration options Main Settings Basic Advanced Syslog severity Notice y
103. an Yes No Enables or disables Multi WAN Enables or disables pre emption for Multi WAN If enables the Preempt Boolean No No router will keep trying to connect to a higher priority interface depending on timer set Enables or disables alternate mode for Multi WAN If enabled the Alternate Mode Boolean No No router will use an alternate interface after reboot Table 10 The multi WAN fields and their descriptions When you have enabled Multi WAN you can add the interfaces that will be managed by Multi WAN for example 3G interfaces Note the name used for multi WAN must be identical including upper and lowercases to the actual 3G interface name defined in your network configuration To check the names and settings are correct browse to Network interfaces or alternatively run cat etc config network through CLI Enter the name of the WAN interface to configure and then click Add The new section for configuring specific parameters will appear Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 80 of 258 15 Configuring Multi WAN M EC Health Monitor nterval Health Monitor ICMP Host s Health Monitor ICMP Timeout Attempts Before WAN Failover Attempts Before WAN Recovery mage Interface Y State Up Down Minimum ifup Interva Interface Start Timeout Signal Threshold dBm RSCP Threshold for 3G dBm IO Threshold for
104. ana 1 1 4 3 aopirloa Local lemmasile 25952595 2595255 option remotelan 10 1 1 0 option remotelanmask 255 255 255 0 option type pass option auto route Traffic originated on remotelan and destined to locallan address is excluded from VPN IPSec policy Secret settings Each tunnel also requires settings for how the local end point of the tunnel proves its identity to the remote end point O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 104 of 258 17 Configuring IPSec Name Type Required Default Description enabled string Yes No Defines whether this set of credentials is to be used or not Idtype String No ipaddress Defines whether IP address or userfqdn is used Userfqdn String No None FQDN or Xauth name This must match xauth_identity from the config connection section localaddress remoteaddress string string Yes None Yes None Sets the local ID address Sets the remote ID address secrettype string Yes psk Specifies different mechanisms to allow the two peers to authenticate one another psk pre shared secret pubkey public key signatures rsasig RSA digital signatures ecdsasig Elliptic Curve DSA signatures xauth extended authentication secret string Sets preshared key A sample secret section which could be used with the connection se
105. anager page appears Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 91 of 258 16 Automatic operator selection Mobile Manager Configuration of the Mobile Manager SMS handling and callers Basic Settings Basic settings for the Mobile Manager Add Callers Configure caller numbers that may use the SMS service This section contains no values yet Add Roaming Interface Template Common config values for interfaces created by Automatic Operator Selection This section contains no values yet Add Figure 33 The mobile manager page Under Basic Settings click Add The Basic settings for Mobile Manager page appears Mobile Manager Configuration of the Mobile Manager SMS handling and callers Basic Settings Basic settings for the Mobile Manager Delete SMS Enable V Roaming SIM none gt In which slot roaming sim card is insered Collect ICCIDs El Collect ICCIDs on startup Callers Configure caller numbers that may use the SMS service This section contains no values yet Add Roaming Interface Template Common config values for interfaces created by Automatic Operator Selection This section contains no values yet Add Figure 34 Basic settings field in the mobile manager page Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 92 of 258 16 Automatic operator selection Name Type Required Defaul
106. and or the configuration LED blink alternatively and very fast for 20 seconds Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 17 of 258 5 Accessing the router 5 Accessing the router Access the router using either Ethernet or the 3G 4G interface 5 1 Over Ethernet The CLI can also be accessed over Ethernet by default using Secure Shell SSH and optionally over Telnet To access CLI over Ethernet start an SSH client and connect to the router s management IP address on port 22 192 168 100 1 24 Then enter the default username and password Username Root Password Admin 10 5 1089 PuTTY loloj Figure 4 SSH CLI logon screen 5 2 Over a 3G or 4G interface You can also access the CLI over the router s 3G or 4G interface using Secure Shell SSH and optionally over Telnet To access CLI start an SSH client and connect to the router s 3G or 4G IP interface on port 22 192 168 100 1 24 Then enter the default username and password Username Root Password Admin Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 18 of 258 6 File system 6 File system 6 1 Configurations 6 1 1 Configurations are stored in folders at etc conf factconf etc conf config1 and etc conf config2 Multiple configuration files exist in each folder Each file contains configuration parameters for different areas of functionality in the system A
107. arget SNAT 18 10 11 Simple DMZ rule The following rule redirects all WAN ports for all protocols to the internal host 192 168 1 2 config redirect option src wan option proto all option dest ip 192 168 152 18 10 12 I PSec passthrough This example enables proper forwarding of IPSec traffic through the WAN AH protocol config rule option src wan option dest lan option proto ah option target AECE O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 117 of 258 18 Configuring firewall ESP protocol config rule option src wan option dest lan option proto esp option target ACCEPI For some configurations you also have to open port 500 UDP ISAKMP protocol config rule OPELON SEE wan option dest lan option proto udp Opos Cuno on 500 option dest_port 500 option target ACCEPT 18 10 13 Manual iptables rules 18 11 You can specify traditional iptables rules in the standard iptables unix command form in an external file and included in the firewall config file It is possible to use this process to include multiple files config include option path etc firewall user config include option path etc firewall vpn The syntax for the includes is Linux standard and therefore different from UCIs The syntax documentation can be found in netfilter Firewall management After a configuration change firewall rules are rebuilt by entering Ooi WA conter Jere mue el f
108. ashing SIM selected and in the process of registering on the network None PPP not connected or signal strength lt 113dBm B j 1 PPP connected and signal strength lt 89dBm igna 2 PPP connected and signal strength between 89dBm and 69dBm 3 PPP connected and signal strength gt 69dBm Note When PPP is not connected none of the signal LEDs will light regardless of signal strength Table 5 LED behaviour and descriptions Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 16 of 258 4 Factory configuration extraction from SIM card 4 Factory configuration extraction from SIM card Virtual Access routers have a feature to update the factory configuration from a SIM card This allows you to change the factory configuration of a router when installing the SIM 1 Make sure the SIM card you are inserting has the required configuration written on it 2 Ensure the router is powered off 3 Hold the SIM 1 card with the chip side facing down and the cut corner front left 4 Gently push the SIM card into SIM slot 1 until it clicks in 5 Power up the router Depending on the model the power LED and or the configuration LED flash as usual The SIM LED starts flashing This indicates the application responsible for 3G and configuration extraction management is running It also means the update of the configuration is happening When the update is finished depending on the model the power LED
109. ccess duration sec 60 The table below describes ping connection tester parameters Name Type Required Default Description String Yes None Name of the target to be used in the target section enabled Boolean Yes Yes Enable this connection tester Must be ping for a ping connection t trin Y Pin idis 3 9 ER 9 tester ping_dest_addr IP Address Yes None IP Address to ping IP Address Source IP Address of the pings ping source f No None or String It can also be an interface name Time in Time the target is considered up for ping success duration sec Yes None secs after a successful ping Table 29 Event system ping connection tester settings description 28 6 3 2 Link connection tester A link connection tester tests a connection by checking the status of the interface being used config conn tester option option option option name tl enabled 1 type link lle race Sic lad Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 207 of 258 28 Event system The table below describes link connection tester parameters Name Type Required Default Description Name of the target t in name String Yes None p B Get TE DE USED the target section enabled Boolean Yes Yes Enable this connection tester Must be link for a link connection type String Yes Link tester link iface String Yes None Interface name to check
110. ce listen on If unspecified interface no interfaces dnsmasq will listen to all interfaces except those listed in Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 56 of 258 9 DHCP server and DNS configuration not interface leasefile file path no none Stores DHCP leases in this file Looks up DNS entries for this domain from etc hosts This Local string no none follows the same syntax as server entries see the man page Chooses IP address to match the y incoming interface if multiple localise_ queries boolean no 0 addresses are assigned to a host name in etc hosts isaauienas poolest nc 0 Logs the results of DNS queries 3A dump cache on SIGUSR1 Does not daemonize the nodaemon boolean no 0 dnsmasq process Does not read DNS names from Nohosts boolean no 0 etc hosts Disables caching of negative no nonegcache boolean no 0 e such domain responses Does not read upstream servers noresolv boolean no 0 from etc resolv conf Interfaces dnsmasq should not list of interface listen on Note individual notinterface no none names interface sections will be appended if ignore is set there Only listens on configured nonwildcard boolean no 0 interfaces instead of on the wildcard address Defines listening port for DNS Port port number no 53 queries disables DNS server functionality if set to 0 Moor esger BE none
111. ce 0 interfac dmvpn interface 0 holding_time 60 dmvpn interface gre interface GRE dmvpn interface gre endpoint ip 11 11 11 1 dmvpn interface gre endpoint mask length 29 dmvpn interface nhs_ip 192 168 100 1 S Rep fe Tex dmvpn interface cisco auth test To change any of the above values use uci set command Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 166 of 258 25 Terminal Server 25 Terminal Server 25 1 25 2 25 3 25 3 1 Introduction Terminal Server is a background application a daemon whose main task is to forward data between TCP connections or UDP streams and asynchronous serial ports Terminal Server application serves up to 4 sessions simultaneously one for each async serial port depending on the device Each Terminal Server session has an IP endpoint and an associated specific serial port Terminal Server interfaces You can configure the IP endpoint of each Terminal Server session to be e TCP server each session is listening on a unique port e TCP client Terminal Server makes a TCP connection to external TCP server e UDP endpoint Terminal Server forwards data between a UDP stream and a serial port Configuring Terminal Server Configuring Terminal Server using the web interface To access the Terminal Server configuration web interface click Services gt Terminal Server The Terminal Server Configuration page appears Y
112. cess 2015 GW7300 Series User Manual Issue 2 3 Page 241 of 258 31 7 31 Diagnostics NEBMAS AGI e SIS IOTER S NISI Flags up The above command output is explained in the table below I nterface I nterface name taken from package network incomplete Resolution request sent negative Negative cached cached Received relayed resolution reply shortcut route Received relayed resolution for route Type dynamic NHC registration dynamic nhs Dynamic NHS from dns map static Static mapping from config file dynamic map Static dns map from config file local route Non local destination with local route local addr Local destination IP or off NBMA subnet Protocol Address Tunnel IP address Pre NAT IP address if NBMA NAT OA Address is present or real NBMA A i i ddress address if NAT is not present Post NAT IP address This field is present when Address is translated in NBMA NAT OA Address the Network up Can send all packets registration ok Flags unique Peer is unique used Peer is in kernel ARP table lower up opennhrp script executed successfully Expires In Expiration time File system diagnostics The standard Linux directories on such as bin etc usr are in a ramdisk Any changes you make to them will be lost on reboot Store anything that needs to survive reboot in flash There is a UBIFS flash file system mounted on etc Confi
113. cesses and JODS iecit ede cren 26 6 1 10 System information sssssssssssssssssm m mese esiste enne 26 7 Command Line Interface mcmococnorocnncacnncacnnracnnrannnrnnnnrnnnnrannnrncarnnrarnnraranencanes 28 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 2 of 258 Table of Contents EEUU 28 7 2 Unified Configuration Interface UCI sss meme 30 1 34 onfiguration files 2 oe core Dee aia 34 7 4 Configuration file syntax sssssssssssssssssee mm messes enn enses 34 ED EXAMPLE dE e e dede ute tu dU 35 7 5 1 Export an entire configuration esses mmm 36 7 5 2 Display just the value of an option cece eee cece eee ee eee este teeta es 36 8 Management configuration settings eese esee esee nnne nane 37 8 1 Autoload boot up activation csssssssssssssssss mmm 37 8 2 Httpclient Activator configuration ssssssssssssm mmn 39 8 3 Systemisettlrigs c eicere e raped dees Hox ee tob ineo Re UI Re gels 42 8 3 1 Configuring a router s host name sssssssssssssssme memes 42 8 4 User management ssssssssssssssssssssss esee me menie eee mense 45 8 4 1 Configuration file config USEM cece cece eee eee eee teen e me 45 8 4 2 UCI export and UCI show commMand cece eee eect eee teeta m 47 8 5 Interfaces configuration ssssssssssssssssssess mee ene esee enemies 48 8 5 1 Interfaces ci
114. className ethernet option eventName LinkUp option severity warning critical option target syslogl The table below describes event system forwarding parameters Name Type Required Default Description enabled Boolean Yes Yes Enable the event generation nl nerate events with th className String No None o ceni ca 5 given className Only generate events with the eventName String No None given className and the given eventName Only generate events with a severity String No None T n severity in the severity range target String Yes None Target to send the event to Table 28 Event system forwarding rules settings description Severity must be a range in the form severity1 severity2 Severityl and severity2 are a level among debug info notice warning error critical alert and emergency Connection testers There are two types of connection testers e ping connection tester and e link connection tester Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 206 of 258 28 Event system 28 6 3 1 Ping connection tester A ping connection tester tests that a connection can be established by sending pings If successful the event system assumed the connection is valid for a configurable amount of time config conn tester option option option option option option name pinger enabled yes type ping ping dest addr 192 168 0 1 ping source eth0 ping su
115. click Save amp Apply Configuring SLA for a router via UCI interface You can also configure SLA UCI through CLI using UCI command suite The configuration file is stored at etc config slad To view the configuration file enter uci export slad or uci show slad uci export slad package slad comiale Sllacl Vanesa option option option option enable yes roundtrip timeout msec 5000 interface lan destination host ip address 10 1 1 2 option destination udp port U 5S U option bin restart period msec option max bin count uci show slad slad main slad 3600000 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 227 of 258 30 3 slad main enable yes 30 Configuring SLA for a router slad main roundtrip_timeout_msec 5000 slad main interface lan slad main destination_host_ip_address 10 1 1 2 slad main destination_udp_port 53 slad main bin_restart_period_msec 3600000 slad main max_bin_count 73 SLA statistics Type the command line sia to show all available statistic options Figure 107 Output from the command line sla Option Description current Shows current sla bin all Shows all bin stored on the router oldest Shows the oldest sla bin stored newest Shows two newest valid bins newest N Shows the newest valid bin range YYYYMMDDHH YYYYMMDDHH Shows all bins that match specified time range
116. configuration 11 Static routes configuration 11 1 Static routes can be added to the routing table to forward traffic to specific subnets when dynamic routing protocols are not used or they are not configured for such subnets They can be created based on outgoing interface or next hop IP address I Pv4 routes It is possible to define arbitary IPv4 routes on specific interfaces using route sections As for aliases multiple sections can be attached to an interface These kind or routes are most commonly known as static routes A minimal example is shown below network name your route route network name your route interface lan network name your route target 172 16 123 0 network name your route netmask 255 255 255 0 network name your route gateway 172 16 123 100 config route name your route option interface lan Optil ugeugecr 172 16 123 0 Qeciom xem 299 239 29950 Option Yeeeeway 172 16 123 100 Lan is the logical interface name of the parent interface 172 16 123 0 is the network address of the route 255 255 255 0 specifies the route netmask Legal options for Pv4 routes are described in the table below Name Type Required Default Description Specifies the logical interface name of the parent or master interface this route is interface strin es none E I y belonging to must refer to one of the defined interface sections target ip address yes none Specifies the network
117. configuration files consist of sections that contain one or more config statements These optional statements define the actual values Below is an example of a simple configuration file package example config example test option sia e some value option boolean UID Li sie collscrioa First sheen Li st collection second item The config example test statement defines the start of a section with the type example and the name test There can also be so called anonymous sections with only a type but no name identifier The type is important so the processing programs can decide how to treat the enclosed options The option string some value and option boolean 1 lines define simple values within the section Note there are no syntactical differences between text and boolean options Boolean options may have one of the values 0 no off or false to specify a false value or 1 yes on or true to specify a true value In the lines starting with a list keyword an option with multiple values is defined All list statements that share the same name collection in this example will be combined into a single list of values with the same order as in the configuration file The indentation of the option and list statements is a convention to improve the readability of the configuration file but it is not syntactically required Usually you do not need to enclose identifiers or values in q
118. ction in Connection Settings is shown below Strongswan Strongswan Strongswan Strongswan Strongswan Strongswan Ncc com optio optio OO Eto optio optio secret 0 secret secret 0 nabled yes secret 0 localaddress 10 1 1 1 secret 0 remoteaddress 10 2 2 2 secret 0 secrettype psk secret 0 secret secret rer n enabled yes a localadecress 10 1 1 1 n remoteaddress 10 2 2 2 n secrettype psk CS SS ES E ca Sa O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 105 of 258 17 Configuring IPSec If xauth is defined as the authentication method then you must include an additional config secret section as shown in the example below strongswan secret 1 enabled yes strongswan 8secret 1 idtype userfqdn strongswan 8secret 1 userfqdn testxauth strongswan 8secret 1 remoteaddress 10 2 2 2 strongswan 8secret 1 secret xauth strongswan 8secret 1 secrettype XAUTH config secret option enabled yes option idtype userfqdn option userfqdn testxauth option remoteaddress 10 2 2 2 option secret xauth option secrettype XAUTH Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 106 of 258 18 Configuring firewall 18 Configuring firewall 18 1 18 2 The firewall itself is not required It is a set of scripts which configure netfilter If preferred you can use netfilter direct
119. ctors used to present an RS232 and an RS485 or second RS232 interface The names of the ports and pin out of the serial connector is shown in the table below RS232 pinout Pin Name Direction from GW7300 router 1 RTS Out 2 DTR Out 3 Tx data Out 4 GND 5 GND 6 Rx In 7 DSR In Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 11 of 258 2 3 2 2 3 3 2 GW7300 Series hardware Table 1 Pinouts for the RS2323 serial connector RS485 full duplex pinout Pin Name Direction from GW7300 router 1 Rx In 2 Rx In 3 TX Out 4 GND 5 GND 6 Tx Out 7 N A 8 N A Table 2 Full duplex pinout for the RS485 connector RS485 half duplex pinout Pin Name Direction from GW7300 router N A N A TXRXx In Out GND GND TxRx In Out COINIADIOIRIWIN eR N A N A Table 3 Half duplex pinout for the RS485 connector 2 4 GSM technology e HSPA e EDGE GPRS e Download up to 21 Mbps e Upload up to 5 76 Mbps e 2100 1900 900 850 MHz bands Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 12 of 258 2 GW7300 Series hardware 2 5 Power supply e The GW7300 has two power supply options with extended temperature support 20 C to 70 C e 100V 240V AC e 48V DC 2 6 Dimensions Unit size 200mm x 150mm x 75mm width x
120. d Syntax timespec 1d 2h 25m 10s Key life Integer Yes 1h Specifies how long a particular instance of a connection a set of encryption authentication keys for user packets should last from successful negotiation to expiry Normally the connection is renegotiated via the keying channel before it expires see rekeymargin Syntax timespec 1d 2h 25m 10s Rekey margin Keyring tries Integer String Yes Yes 9m Margintime Defines how long before a connection expiry or keying channel expiry should begin to attempt to negotiate a replacement Specifies how many attempts a positive integer or forever should be made to negotiate a connection or a replacement for one before giving up The value forever means never give up It is only relevant locally the other end does not need to agree on it DPD Action Dropdown Menu Yes None Valid values are none clear hold and restart None Disables dead peer detection Clear Clears down the tunnel if a peer does not respond Reconnects Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 160 of 258 24 Dynamic Multipoint Virtual Private Network DMVPN when traffic brings the tunnel up Hold Clears down the tunnel and bring up as soon as the peer is available Restart Restarts DPD when no activity is detected Defines the period time interval with which R
121. d for this section are outlined below Name Type Required Description secname string yes Specifies an arbitrary security name for the user Source string yee A hostname localhost or a subnet specified as a b c d mask or a b c d bits community string yes The community string being presented in the request The following sample specifies that a request from any source using public as the community string will be dealt with using the security name ro However Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 121 of 258 19 Configuring SNMP any request from the localhost itself using private as the community string will be dealt with using the security name rw Note the security names of ro and rw here are simply names the fact of a security name having read only or read write permissions is handled in the access section and dealt with at a group granularity comic comzsec pulls option secname ro option source default option community public config com2sec private option secname rw option source localhost option community private group The options defined for this section are outlined below Name Type Required Description group string yes Specifies an arbitrary group name E E Specifies the SNMP version number being used in the version string yes request v1 v2c and usm are supported i An already d
122. d system sections assignment of community names and which SNMP protocols are in use to groups com2sec and group sections creation of views and subviews access section of the whole available SNMP tree and finally granting specific access to those views on a group by group basis access section agent The options defined for this section are outlined below Name Type Required Description Specifies the address es and port s on which the agentaddress string yes agent should listen udp tcp port address yes enables SNMP authentication trap boolean no disables SNMP authentication trap authtrapenabled no yes no Note this is the SNMP poll authentication trap to be sent when there is a community mismatch link updown notify boolean when enabled the router sends a trap notifying link yes no up down A typical sample agent configuration is shown below It causes the agent to listen on udp port 161 with authentication traps and notify link up down enabled uci set snmpd agent 0 agentaddress UDP 161 uci set snmpd agent 0 authtrapenabled 1 uci set snmpd agent 0 link_updown_notify yes config agent option agentaddress UDP 161 option authtrapenabled 1 option link updown notify yes Another sample agent configuration shown below causes the agent to listen on udp port 161 tcp port 161 and udp port 9161 on only the interface associated with the localhost address
123. dafone cdma roaming Not Roaming mobile 3g 1 mobile 3g 1 cdma roaming code 0 cdma srvmode EVDO Rev B SY IS MTS T IRS mobile 3g 1 Ccdma srvmode code 5 mobile 3g 1 cdma total drc 0 0 kbps mobile 3g 1 cdma carr cnt 2 mobile 3g 1 cdma rx0 78 mobile 3g 1 SS TSS ISS A mobile 3g 1 Sig dbm nan cdma rx1 105 31 10 4 ADSL status The ADSL chipset has its own subset of commands root VA_router ee c azmabie Sil control Sie ec saut t d dsl control command Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 249 of 258 31 Diagnostics Available commands lig eue te Start the service stop Stop the service restart Restart the service reload Reload configuration files or restart if that fails enable Enable service autostart disable Disable service autostart Status Get DSL status information Iha sk Sie atte Get status information in lua friendly format To view the current status of the ADSL interface enter root VA_router exo ama oeil control starus Chipset Line State Denes lebe Line Attenuation Noise Margin Line Uptime Lantig Danube 1 5 UP 0x801 showtime tc sync 2A Mo s 291 wo s CS IE 3 35 91 10 35 Ochs PIG isin om 30s To restart the ADSL interface enter root VA_router ety sim te cele
124. ddress to listen on 0 0 0 0 listen on any interface qQociom local so 9 05050 TCP listen port for server mode option listen_port 999 UDP mode option udpMode 0 UDP local port UDP mode option udpLocalPort 0 UDP port for UDP mode option udpRemotePort 0 If set to non zero send empty UDP packets every this many milliseconds to remote peer option udpKaIntervalMs 0 Max number of consecutive remote UDP keepalive missed not received before UDP session considered broken option udpKaCount 3 Enable or disable TCP keep alives option tcp keepalive enabled 1 Interval in seconds between TCP keep alive probes option tcp keepalive interval 5 Time in seconds to wait for reponse to a TCP keep alive probe option tcp keepalive timeout 2 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 177 of 258 25 Terminal Server Number of TCP keep alive probes to send before connection closed option tcp_keepalive_count 1 Maximum time in milliseconds for TCP to wait for transmitted data to be acked before closing connection in established state Set to 0 to use kernel defaults about 15 20 minutes option tcp_user_timeout 20000 l disable TCP nagle algorithm O normal operation option tcp_nodelay 0 rs232 RS 232 mode rs485hdx rs485 2 wire half duplex mode in which transmitter drives RTS rs485fdx RS485 4 wire full duplex mode
125. e This reduces the number of lines of configuration required for a VPN development For example for a 1000 site deployment DMVPN reduces the configuration effort at the HUB from 3900 lines to 13 e Adding new peers spokes to the VPN requires no changes at the HUB e Better scalability of the network e Dynamic IP addresses can be used at the peers site e Spokes can be connected in private or public network e NHRP NAT extension allows spoke to spoke tunnels to be built even if one or more spokes is behind a Network Address Translation NAT device e New HUBs can be added to the network to improve the performances and reliability e Ability to carry multicast and main routing protocols traffic RIP OSPF BGP e DMVPN can be deployed using Activator the Virtual Access automated provisioning system e Simplifies branch communications by enabling direct branch to branch connectivity e Simplifies configuration on the spoke routers The same IPSec template configuration is used to create spoke to hub and spoke to spoke VPN IPSec tunnel e Improves business resiliency by preventing disruption of business critical applications and services by incorporating routing with standards based Psec technology DMVPN scenarios Scenario 1 Spokel Spoke2 and a hub are in the same public or private network Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 153 of 258 24 Dynamic Multipoint Virtual Private Netw
126. e for the email body Name of th nnection tester t conn tester String No None das c T NOS EDEN E use for this target 28 6 4 3 SNMP target Table 32 Event system email target settings description When a SNMP target receives an event it sends it in a trap to the configured SNMP manager config The table below describes SNMP target parameters carger option option option option option option option name snmp enabled yes type snmptrap community public Pang Stilo 192 168 011 agent_addr 192 168 0 4 conn_tester pinger Name Type Required Default Description f Name of the target to be used in name String Yes None the forwarding section enabled Boolean Yes Yes Enable this target Must be snmptrap for a snmp t trin Y nmptr ype String es snmptrap target it t t Community String Yes None COMMUN sto Use tQ Send the trap target addr IP Address Yes None IP Address of a the SNMP Manager IP Address to use as the tra agent addr IP Address No None P source IP address conn M String No None Name of the connection tester to B use for this target 28 6 4 4 Exec target Table 33 Event system snmp target settings description When an exec target receives an event it executes a shell command Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 210 of 258 28 Event system config target option name logit option enabled yes opt
127. e value replace which is identical to yes and the value keep to r h reverts to yes if at least one CRL URI is defined and to no if no URI is known ue with any new automatically keyed connection using an ID from a nique so a new automatically keyed connection usin Add Figure 70 strongSwan IPSec enabled Name Type Required Default Description Enea Boolean Yes Blank Enable Strongswan IPsec Strongswan Psec Dropdowh Defines if fresh certificate Strict CRL Policy P Yes No revocation list CRL must be menu available Dropdown Whether a particular participant ID Unique IDs P Yes Yes p P 2 menu should be kept unique RLs fetched via HTTP or LDAP will Cache CRLs Boolean No Blank CRESET Nen Wie A be cached Debug Dropdown No None Specifies if IPsec debug should be menu enabled Table 18 strongSwan IPSec VPN fields and their descriptions In the Unique IDs drop down menu select Yes The Connections settings fields appear Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 157 of 258 24 Dynamic Multipoint Virtual Private Network DMVPN Enable StrongSwan IPsec Strict CRL Policy Unique IDs Cache CRLs Debug Connections Enabled Aggressive Mode Name Autostart Action Connection Type Remote GW Address Local Id Remote Id Local LAN IP Address Local LAN IP Address Mask Remote LAN IP Address Remote LAN IP Address Mask
128. ecifies whether to send Interface status to Monitor Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 49 of 258 8 5 3 8 5 4 8 5 5 8 Management configuration settings Protocol static Name Type Required Default Description yes if no ipaddr ip address ip6addr is none Defines the IP address set yes if no netmask netmask ip6addr is none Specifies Netmask set gateway ip address no none Defines the default gateway A Defines broadcast address Will be auto broadcast ip address no none i generated if not set yes if no Ai f Assign given IPv6 address to this interface ip6addr ipv6 address ipaddr is none CIDR notation set IBS pve address b none Assign given IPv6 default gateway to this interface list of i dns iat Rd no none Defines DNS server s addresses metric integer no 0 Specifies the default route metric to use Protocol dhcp Name Type Required Default Description eae EU a nam Supresses DHCP assigned default P y A gateway if set to 0 0 0 0 Adenda Boolean nS 0 Enables the broadcast flag in DHCP requests required for certain ISPs hoethame rin Ho rame Specifies the hostname to include in 9 DHCP requests O system Overrides client identifier in DHCP clientid string no default requests system Overrides the vendor class in DHCP vendorclass string no default request
129. eer 156 24 4 DMVPN hub settings a aT ar aa a aa a aaa aaa e A iaaa aT 162 24 5 UCI interface sonion iakeat eve vids inp bs G3 RR Eg RIA AEN ia IXPR SEGA EPA SERA ee 163 24 5 1 IPSec configuration using CLl ssssssssssssmm 163 24 6 Configuring DMVPN using CLI sss meme 165 25 Terminal Server c cmoccconcoconcaconcncnnrncnnrncnnrncnnnnrnnnnrnnnncnrannnrnnnnrnnanrnnanrananennaness 167 25 L Introductiofi zu casar E ID HORE IRR Er Pl RE RIS VR eden 167 25 2 Terminal Server interfaces oooooccccccccnconcnnnncnnnncnnnncnnnncnnnnrnnnnrnnnnrrannrnaninnss 167 25 3 Configuring Terminal Server sssssssssssssssssssememe memes 167 25 3 1 Configuring Terminal Server using the web interface sssss 167 25 3 1 1 MENS iet eui Bit Mere deme 167 25 3 1 2 POTES ES sa meo deed oed etre te to A des a tt tei ade de ie et 168 25 3 1 3 Port settings general section sesenta 168 25 3 1 4 Port settings serial section ennemis nnn 170 25 3 1 5 Port Settings Network Section ccccsessscececeeessesssaecececesesseasaecececeseessasaeeeesens 172 25 4 Configuring Terminal Server using UCI sssssssssmm m 174 25 5 Terminal Server operation c cece eect eee mmm emen 184 25 5 I Generales OR TERR IUREIURANDO RI ee alae een 184 25 5 2 Starting Terminal Server cece cece cece e eee eee eee tenet netted 184 25 5 3 Checking the status of Terminal Server
130. efined security name that is being included in secname string yes this group The following example specifies that a request from the security name ro using snmp v1 v2c or USM User Based Security Model for SNM P v3 are all mapped to the public group Similarly requests from the security name rw in all protocols are mapped to the private group comerlo group priali wi Option Grov pulsed option version vl option secname ro Comrie gmeowp pulolie wg Option noo iuis Option Ven sion O option secname ro O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 122 of 258 comele Yoneouja xol mem QMELOM Creouio xol Y option version usm option secname ro Comrie neon prlivere svi option group private option version vl option secname rw Comrie ipeo rivera Wwe option group private OO lO Mma Rojo YZE option secname rw config group private usm option group private Y Y option version usm option secname rw 19 Configuring SNMP The options defined for this section are outlined below Name Type Required Description i Specifies an arbitrary view name Typically it describes viewname string yes what the view shows Specifies whether the view lists oids that are included in the view or lists oids to be excluded from the view in which type string yee case all
131. el Protocol of the Dropdown Specifies what protocol the interface will yes Static new interface list operate on For example GRE Table 15 The create interface field descriptions When you have made your configuration changes click Submit The GRE interface details page appears Use this page to configure tunnel source IP and mask the interface the tunnel will be attached to TLL tunnel key ID and MTU Interfaces TUNNEL1 On this page you can configure the network interfaces You can bridge several interfaces by ticking the bridge interfaces field and enter the names of several network interfaces separated by spaces You can also use VLAN notation INTERFACE VLANNR e g ethO 1 Common Configuration zeneral Set Advanced Settings Firewall Settings Status RX 0 00 B 0 Pkts gre tunnel1 TX 0 00 B 0 Pkts Protocol SRE X Tunnel IP Address Mask Length 24 Local Interface 3g wan TTL E Tunnel key MTU 1472 Save Apply Reset Figure 66 The interfaces tunnel page When you have made your configuration changes click Save and Apply Name Type Required Default Description Protocol Dropdown Yes Blank Configures a logical name to the list GRE tunnel Tunnel IP IP Yes Blank Configures local IP address of the Address address GRE interface Specifies what protocol the D Mask Length i aa Yes Static interface will support For example GRE
132. emote LAN Specifies the IKE algorithm to use The format is Ike string encAlgo authAlgo DHGroup encAlgo 3des aes serpent Yes aes128 sha1 twofish blowfish authAlgo md5 sha sha2 O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 100 of 258 17 Configuring IPSec shal modp1536 DHGroup modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 modp8192 For example aes128 sha modp1536 esp string Yes aes128 shal 3des shal Specifies the esp algorithm to use The format is encAlgo authAlgo PFSGroup encAlgo 3des aes serpent twofish blowfish authAlgo md5 sha sha2 DHGroup modp1024 modp1536 modp2048 modp3072 modp4096 modp6144 modp8192 For example aes128 shal modp1536 If no DH group is defined then PFS is disabled auto ikelifetime string string Yes yes ignore 3h Specifies how the tunnel is initiated start on startup route when traffic routes this way Add loads a connection without starting it ignore ignores the connection Specifies how long the keying channel of a connection ISAKMP or IKE SA should last before being renegotiated Syntax timespec 1d 2h 25m 10s keylife string yes 1h Specifies how long a particular instance of a connection a set of encryption authentication keys for user packets should last from successful negotiation to expiry Normally the connecti
133. empts Before WAN Failover Attempts Before WAN 3 Mi Recovery Priority 15 g Higher value is higher priority Figure 39 The multi WAN page Scroll to the WAN Interfaces section and click Delete to delete predefined Interface Click Save amp Apply Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 97 of 258 16 Automatic operator selection 16 3 4 Disable roaming There may be occasion where it is desirable to disable roaming Use UCI on the command line to set the operator option value cd etc config uci set network Wan2 operator foobar ssl Chou Note your changes will not take effect without the uci commit command To check the settings enter cat network config interface wan aprilom joo 3g option service umts option apn 3ireland ie option device dev ttyACMO apelan sam 1 Option mumeooe 9999 option username root option password admin option operator 3ireland config interface Wan2 pico IoxuouEO Se option device dev ttyACM1 option service umts Opp sam DU option apn foobar option username root option password admin option operator foobar root VA_router etc configl Apply the operator option to both interfaces where both SIMs are used Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 98 of 258 17 Configuring IPSec 17 Configuring I PSec IPSec tunnels are handled by strongSwan
134. eneration 3 X3 ParityCheckingAndGenerati on 4 X3 NoParity TranparentBit8 X 3 Parameters 0 0 2 3 1 0 0 0 0 0 30 Defines how protocol will 14 1 0 0 0 127 18 12 8 numbers operate Please refer to X 3 0 each protocol specification for more separate information The parameters 1 0 0 0 0 0 0 0 0 0 d bya supported in this product 2 3 colon 4 6 8 9 14 16 17 18 19 20 and 21 pad mode transp string x28 X 28 PAD transp transparent PAD remote ip 127 0 0 1 ip Il address of terminal server to address connect to if mode is transparent remote port 900 TCP port TCP port of terminal server to connect to if mode is transparent pvc lcn 0 1to PVC configuration O disabled 4095 1 4095 PVC logical channel number conn service signal s 0 Otol If set to zero length use tr standard format of X 28 Connected PAD service signal otherwise send this Ostring clear service signal s O 0to1 If set to zero length use tr standard format of X 28 Clear Indication PAD service signal invite clear signal str 0 Otol If set to non zero length send this string before sending Clear Indication PAD service signal Configuring PADD using the web interface To configure PAD application over web interface browse to Services gt X 25 PAD The X 25 PAD page appears Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 195 of 258 26 6 1 Main settings ba
135. er Gateway Protocol Routes The following rules are currently active on this system ARP IPv4 Address MAC Address Interface 192 168 210 100 50 b7 c3 0c 1e 4b br lan 10 1 1 124 d4 8e 52 cd 61 21 eth1 10 1 10 83 00 13 60 51 39 56 eth1 Active IPv4 Routes Network Target IPv4 Gateway Metric wan 0 0 0 0 0 10 64 64 64 0 wan 0 0 0 0 0 10 64 64 64 1 LAN2 10 1 0 0 16 0 0 0 0 0 wan 10 64 64 64 0 0 0 0 0 LAN2 192 168 101 1 10 1 10 83 0 lan 192 168 210 0 24 0 0 0 0 0 wan 217 67 129 143 10 64 64 64 0 Active IPv6 Routes Network Target IPv Gateway Metric loopback 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 FFFFFFFF loopback 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 FFFFFFFF loopback 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 00000000 LAN2 FF02 0 0 0 0 0 0 FB 0 0 0 0 0 0 0 0 0 00000000 base0 FF00 0 0 0 0 0 0 0 8 0 0 0 0 0 0 0 0 0 00000100 lan FF00 0 0 0 0 0 0 0 8 0 0 0 0 0 0 0 0 0 00000100 LAN2 FF00 0 0 0 0 0 0 0 8 0 0 0 0 0 0 0 0 0 00000100 loopback 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 FFFFFFFF Figure 14 The routing table 12 5 BGP UCI interface You can also configure BGP UCI through CLI using the UCI command suite The configuration file is stored at etc config bgpd To view the configuration file use the commands uci export bgpd or uci show bgpd Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 72 of 258 package bgpd COMIC rouca losa option enabled yes option igunEer ac odds Cocoa asin LV
136. erface name no yes none Specifies whether dnsmasq should ignore this pool if set to 1 Specifies the interface associated with this DHCP address pool must be one of the defined interfaces in etc config network Leasetime string yes 12h Specifies the lease time of addresses handed out to clients for example 12h or30m Limit networkid integer string yes no 150 value of interface Specifies the maximum allowable address that may be leased to clients It is calculated as network address start limit Assigns a network id to all clients that obtain an IP address from this pool integer Specifies the offset from the network Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 59 of 258 9 DHCP server and DNS configuration address of the underlying interface to calculate the minimum address that may be leased to clients It may be greater 255 to span subnets 9 3 Static leases You can assign fixed IP addresses to hosts on your network based on their MAC hardware address The configuration options in this section are used to construct a G option for dnsmasq root VA_router uci show dhcp mypc dhcp mypc host einem suspe agesd 92 368 s 3L 2 dhcp mypc mac 00 11 22 33 44 55 dhcp mypc name mypc CONG MOSE moc option ip 192 169 351 342 op
137. erfaces Failover Traffic Load Balancer y Destination Dropdown list Yes Compatibility connected simultaneously and P y want to forward traffic to a specific interface after the failover DNS Server s Dropdown list No Auto Specifies DNS for the interface Specifies the priority of the interface a higher value is better Priority Numeric value Yes 0 1 is better than 0 therefore the interface with priority of 1 will connect first Manage Interface Sets the interface start stop by Bool Y Y y State Up Down 99 ean ax F Multi WAN Defines the interface within the Exclusive Group Numeric value No 0 group only one interface can be active SIM 1 or SIM 2 Minimum ifu Dropdown Specifies the time for interface to P list Numeric Yes 300 secs start up If it is not up after this interval ME value period it will be considered a fail Dropdown Specifies the minimum interval Interface Start T s list Numeric Yes 40 secs between two successive interface Timeout value start attempts Dropdown Specifies the minimum dBm signal ignal Threshol q EPOR EE Paho list Numeric Yes 150 strength before considering if the value interface fails signal health check Specifies the minimum RSCP Dropdown SS RSCP Threshold list Numeric Yes 150 signal strength before considering dBm if the interface fails signal health value check ifies th ini ECIO signal ECIO Threshold Dropdown Specifies the minimum C o signa dBm
138. erial card firmware version Network IPv4 WAN Status Not connected IPv6 WAN Status conn d Active Connections 64 16384 0 VRRP Status 91 BACKUP since 2015 03 04 17 10 22 master is 10 1 10 83 Figure 122 The VRRP status settings 31 16 2 VRRP diagnostics using the command line interface To view VRRP using the CLI interface SSH into the router and enter Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 257 of 258 31 Diagnostics cat var state vrrp command VELO Gil state BACKUB vrrp gl masterip 10 1 10 83 vrrp gl timestamp 1425489022 31 17 Diagnostics for WiFi AP mode To check for any hosts associated with WiFi AP in the top menu select Network gt WiFi The Wireless Overview page appears radio0 Master Test LS Wireless Overview T Generic 802 11abgn Wireless Controller radio0 Scan Add SSID Test LS Mode Master 67 Wireless is disabled or not associated Enah Us Ramos Associated Stations SSID MAC Address Signal Noise RX Rate TX Rate 4 Test LS 08 ED B9 01 61 AD 192 168 6 109 63 dBm 95 dBm 65 0 Mbit s MCS 7 20MHz 26 0 Mbit s MCS 3 20MHz Figure 123 The wireless overview page showing associated hosts 31 18 Diagnostics for WiFi client mode To check for connectivity in the top menu select Network gt Interfaces The WCLI ENT interface will show receive and transmit packets and an IP address Interface Overview Network Status Actions E
139. erial tab fields part 2 Name Type Required Default Description dev ttyS CO Device String Yes Serial device name dev ttySC1 rs232 RS 232 mode rs485hdx rs485 2 wire half duplex mode in rada which transmitter drives RTS Portmode list P Yes rs232 rs485fdx RS485 4 wire full duplex mode v23 using V 23 leased line card driver x21 use USB serial card in sync mode Speed bps oe Yes 9600 Serial device speed in baud Dropdown i Word size list Yes 8 Serial device word size 5 6 7 8 Dropdown Serial device parity O none Parity list No 0 1 even 2 odd Stop bits Dropdown vee 1 Serial device number of stop bits 1 list or 2 Dropdown Serial flow control mode O none NA list to 1 RTS CTS 2 XONXOFF Enables or disables RS485 line RS485 termination Checkbox No 0 termination applies only if portmode is rs485 Auto RTS Invert Checkbox No 0 b PIS inet RTS ODE it portmode is rs485 Keep serial port Checkbox No 0 Keep serial port always open if always open option not present default is 0 RS232 Half Duplex Checkbox No 0 1 half duplex mode O full duplex Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 171 of 258 25 Terminal Server mode Numeric In RS232 half duplex mode time in RTS timeout No 30 milliseconds between raising RTS value a and enabling the tra
140. eric A la ells Ini iae i No Disabled bytes and enables transmit data debug log size value logging O disabled Table 22 The General fields descriptions 25 3 1 4 Port settings serial section Port Settings CFG03614A General Serial Network Device dev ttySC1 serial device name Portmode rs232 serial interface mode Speed bps 9600 B asynchronous baud rate Word size 8 y serial device word size in bits Parity none g serial device parity in bits Stop bits 1 B serial device number of stop bits Flow Control RTS CTS 7 serial device flow control type RS485 termination enable RS485 line termination Auto RTS Invert invert RTS in auto RTS mode Keep serial port J keep serial port always activated always open Figure 78 The Serial tab fields part 1 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 170 of 258 25 Terminal Server RS232 Half Duplex RTS timeout POST RTS timeout Atmel USB serial card Dual X 21 card bit reverse Dual X 21 card DTE TT Invert Dual X 21 card DCE TCLK Invert Dual X 21 card DCE RCLK Invert Dual X 21 card CLK Invert Dual X 21 card RX data delay enable RS232 half duplex mode for interfacing to external V 23 modem 9 RS232 half duplex mode RTS timeout in milliseconds RS232 half duplex mode Post RTS timeout in milliseconds A Y enable support for Atmel USB serial card Figure 79 The S
141. erver To check if the Terminal Server is connected to padd look at connected to padd the log and check the Terminal Server status For more details refer to the Terminal Server section in this manual Is the Terminal Server To check if the Terminal Server is detecting the serial cable detecting the serial cable enter tserv show serial For more details refer to the Terminal Server section in this manual Is the padd port connected to Check in the configuration that the padd port to be used is the good vald connected to the good vald port The connection is created by the link_id parameter of the padd configuration file Is the vald port used correctly Check the configuration of the port in the vald configuration file configured Check that the IP address and TCP port match the ones used by the VAL peer Terminal Server diagnostics You can check Terminal server application diagnostics by using the commands described below root VA_router tserv Termserv disgnostics Command syntax tserv show stats show statistics tserv clear stats clear statistics tserv show serial show serial interface status tserv send serial0 data send data to serial port 0 tserv start capture N N port number 0 to 3 start capturing rx serial data tserv print capture N N port number 0 to 3 print captured rx serial data tserv show serial txlog hex Port length Por
142. es before starting activation Defines how many seconds to wait between retries if a download of a particular autoload entry see next table fails RetryTimer integer yes 30 Defines how many retries to attempt before failing the overall activation sequence backing off and trying the whole activation sequence again NumberOfRetries integer yes 5 Defines how many minutes to back off for if a download and all retries fail After the backoff period the entire autoload sequence will start again BackoffTimer integer yes 15 Specifies which configuration to boot up BootUsingConfig string yes altconfig with after the activation sequence completes successfully Specifies which image to boot up with BootUsinglmage string yes altimage after the activation sequence completes successfully The Autoload entry sections specify which files and in which order they are downloaded when the autoload sequence executes Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 37 of 258 8 Management configuration settings Name Type Required Default Description Configured boolean yes no Set to yes to make the autoload sequence process this entry SegmentName string yes none Where the downloaded file should be stored config1 config2 altconfig imagel image2 altimage Typically only altconfig and altimage are used ini request conf
143. es the interface name defined in the multi WAN package 16 3 1 1 Creating primary predefined interface On the web interface go to Network gt Interfaces The Interfaces page appears LAN Interfaces Interface Overview Network Status Actions rmx AN Uptime 6h 37m 34s LES aa f MAC Address 00 E0 C8 10 0E E6 Connect plop Edit Delete e RX 431 31 MB 4672877 Pkts eth TX 1 68 MB 21023 Pkts IPv4 10 1 10 93 16 LOOPBACK Uptime 6h 37m 38s MAC Address 00 00 00 00 00 00 Connect Stop Edit Delete e RX 9 99 MB 109997 Pkts E TX 9 99 MB 109997 Pkts IPv4 127 0 0 1 8 IPv6 0 0 0 0 0 0 0 1 128 Add new interface Figure 27 The interface overview page Click Add new interface The Create Interface page appears Create Interface Name of the new The allowed characters are 2 Z a z 0 9 and _ interface EJ Protocol of the new Static address interface Create a bridge over E multiple interfaces Cover the following gf Ethernet Adapter eth0 lan interface 3 i Ethernet Adapter gre0 e Ethernet Adapter lo loopback Custom Interface Note If you choose an interface here which is part of another network it will be moved into this network Figure 28 The create interface page Type in the name of the interface in Name of the new interface field Type the Interface Name in following format 3g s sim number lt short operator name gt Where
144. ess Remote TCP port Enables XOT route entry Destination XOT peer X 25 DTE Address Destination XOT peer IP address Destination XOT peer TCP port Figure 87 The XOT route table interface Name Default Range Description Enable 0 Oorl Enables the corresponding route Remote X 25 NUA 12345X 15 digits Sets the route destination X 25 NUA NUA There are 5 default routes with the following NUA Route 0 123451 Route 1 123452 Route 2 123453 Route 3 123454 Route 4 123455 Remote IP address 0 0 0 0 Any IPv4 Sets the destination IP address address Remote TCP port 0 Any TCP Sets the destination TCP port port 26 5 PADD configuration details The padd configuration is stored in etc config padd It is composed of two sections e The module section contains miscellaneous parameters to manage the behaviour of the entire module e The PAD ports section the Virtual Access router supports up to four PAD ports Every PAD port can be assigned to a unique asynchronous serial port Name Default Range Description Module specific parameters enable 0 Oor1 Determines whether or not the padd daemon is enabled or disabled Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 192 of 258 debug ev enabled Determines whether or debug statements are logged Note enabling this may have an impact on the router performance and shou
145. ess of no Secure Activator that uses port 443 ActivatorDownloadPath string yes Specifies the url on Activator to which the client should send requests none SecureDownload boolean no Enables Secure Download e port 443 PresentCertificate Enabled boolean no Specifies if the client no presents its certificate to the server to identify itself ValidateServer Certificate FieldEnabled boolean no Specifies if the client validates the server no certificate as per ServerCertificateField and FieldValueCertificateFormat ServerCertificate FieldValueCertificateFormat ServerCertificate Field string no string no Defines the field in the CN server certificate that the client should check Specifies the value the client expects to see in the specified field in the server certificate PEM A sample httpclient configuration is shown below root VA_router uci show httpclient 10 1 89 57 8890 leise sume emen PNE Oo MEOS 10 1 83 578 443 lt ActivatorDownloadPath Activator Sessionless Httpserver Enabled no httpclient default cor httpclient default Enabled yes httpclient default FileServer 10 1 83 36 80 httpclient defaul httpclient defaul asp httpclient default SecureDownload no httpclient default PresentCertificateEnabled no httpclient default ValidateServerCertificatel httpclient default CertificateFile etc httpclient
146. esses 184 25 5 4 Stopping Terminal Server 0 cece cece cece eee eee eee meme 185 26 d N D eee Eee EEC CET ECE TEC EPEPCCEEECERT ET CETTE CCTEEETERT CCCP TTT ETETLESTTCECEECURTEEEETETCE EET TEET 186 26 1 Tefminology eee ti Ro dE Id ete eee RARI ee 186 26 2 PAD function implementation ssssssssssssss mmm emere 186 26 3 XOT configuratiOL ore bute ice taieecels ts lali 186 26 4 XOT configuration using the web interface ssssssssssse 188 26 4 1 Main settings basic configuration cece eee cette teeta eee eae 189 26 4 2 Main settings advanced configuration cccceec cece e cece eee ee eee teens 189 26 4 3 Port settings general configuration cccce cece e cece eee e eee e teeta eee need 190 26 4 4 Port settings advanced configuration ccceceeeee eee ee eect teeta eee ee ed 191 26 4 5 XOT Toute table eee de ee ped Rene 192 26 5 PADD configuration detallS ooococcccccccccccccncnncnnnncnnnnnnnnncnnnncnannnnnnnnnanannes 192 26 6 Configuring PADD using the web interface sss 195 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 6 of 258 Table of Contents 26 6 1 Main settings basic configuration cece eee eee teeta eee e eee eae te ed 196 26 6 2 Main settings advanced configuration cceceecee eect ee eee ee eae ee ea enes 196 26 6 3 Port settings general configuration sess 197 26 6 4 Por
147. est Operon wmemitace wan opcion Yilo allicl 10 1 1 14 Operom locallam 10 1 1 1 aprliom locallemmasis 255 239 299 0 0 operoni remote ra 10 2 2 2 option remoteaddress 10 2 2 2 Option Knemoceleam V10 252 2 option remotelanmask 255 255 255 0 option ike 3des md5 modp1024 option esp 3des md5 Option Uco gms ajyrliom Ueelirterims Ela option key life r ih option rekeymargin 9m option keyingtries 3 OD ELON EN dp dact lon anole Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 103 of 258 17 3 17 4 17 Configuring IPSec option dpddelay 30s option dpdtimeout 120s Shunt connection If the remote LAN network is 0 0 0 0 0 then all traffic generated on the local LAN will be sent via the IPSec tunnel This includes the traffic destined to the router s IP address To avoid this situation you must include an additional config connection section strongswan connection 1 connection strongswan connection 1 name local strongswan connection 1 enabled yes strongswan connection 1 locallan 10 1 1 1 strongswan connection 1 locallanmask 255 255 255 255 strongswan connection 1 remotelan 10 1 1 0 strongswan connection 1 remotelanmask 255 255 255 0 strongswan connection 1 type pass strongswan connection 1 auto route config connection option name local option enabled yes opeiom locali
148. estination NAT are combined and used dynamically in IP masquerading to make computers with private 192 168 x x etc IP addresses appear on the Internet with the system s public WAN IP address 18 10 4 True destination port forwarding This usage is similar to SNAT but as the destination IP address is not changed machines on the destination network need to be aware that they ll receive and answer requests from a public IP address that is not necessarily theirs Port forwarding in this fashion is typically used for load balancing config redirect option src wan Options CMC oO Oras 80 option dest lan option dest_port 80 option proto TED 18 10 5 Block access to a specific host The following rule blocks all connection attempts to the specified host address config rule oponi ne lan option dest wan option dest_ip 123 415 67 4 99 option target REJECT 18 10 6 Block access to the internet using MAC The following rule blocks all connection attempts from the client to the internet config rule Options ne lan option dest wan option src_mac 00 00 00 0000 00 option target REJECT 18 10 7 Block access to the internet for specific P on certain times The following rule blocks all connection attempts to the internet from 192 168 1 27 on weekdays between 21 00pm and 09 00am O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 115 of 258 18 Configuring firewall config rule Opt
149. ethods to test a connection that are currently supported Type Description link Checks if the interface used to reach the target is up Pings the target in pM It then assumes there is connectivity during a configurable amount of time Table 26 Event system supported connection tester methods Configuring the event system via the web interface Configuring the event system via the web interface is not currently supported Configuring the event system via UCI The event system configuration files are stored on etc config va eventd The configuration is composed of a main section and as many forwardings targets and connection testers as required Main section config va eventd main option enabled yes option event queue file tmp event buffer option event queue size 128K Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 205 of 258 28 6 2 28 6 3 28 Event system The table below describes main event system parameters Name Type Required Default Description enabled Boolean Yes Yes Enable the event system File where the events will event queue file Filename Yes tmp event buffer ME ids BE i stored before being processed i Maximum size of the event event_queue_size String Yes 128K E a A EE EE queue Table 27 Event system global settings description Forwardings config forwarding option enabled no option
150. export or uci show The global configuration section contains two parameters The meaning of the parameters is explained in the embedded comments config tservd main set to 1 to enable Terminal Server option enable 1 enables detailed debug logging state transitions data transfer etc option debug ev enable 1 Following the global section there are four port specific sections Below is an example configuration with the embedded comments explaining each parameter Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 174 of 258 25 Terminal Server config tservd main set to 1 to enable terminal server option enable 0 enables detailed debug logging state transisions data transfer etc option debug_ev_enable 0 sets syslog level 0 to 7 default is 6 option log_severity 6 comele port porgi enables this port option enable 0 serial device name option devName dev ttySCO destination peer port IP number two number for failover opio ajo porel 951 Optim aja porta 951 destination peer ip address two addresses for failover option remote ipl 0 0 0 0 eje see maz 0 0 0 0 f keep TCP session always connected option tcp always on 1 close TCP session on detection of DSR signal low option close_tcp_on_dsr 0 keep serial port always open if option not present default is 0 option tty_always_open 0 Forwarding timeout in milli
151. fied Configuration Interface UCI for central configuration management All the most common and useful configuration settings can be accessed and configured using the uci system UCI consists of a command line utility uci the files containing the actual configuration data and scripts that take the configuration data and apply it to the proper parts of the system such as the networking interfaces or the web server The uci command is the preferred way of managing the configuration Currently you can directly access files but this is not guaranteed for the future A simple example of using the uci utility is shown below Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 30 of 258 7 Command Line Interface root VA_router uci show network network loopback interface network loopback ifname lo network loopback proto static network loopback ipaddr 127 0 0 1 network loopback netmask 255 0 0 0 network lan network lan network lan network wan network wan network wan network wan network wan network wan network wan network wan network va_ network va_ network va_ interface ifname eth0 proto dhcp interface username foo password bar proto 3g device dev ttyACMO service umts auto 0 apn arkessa com switch 0 va_switch switch 0 ethO A B C switch 0 eth1 D root VA_router uci set network wan apn hs vodafone ie root VA_
152. figure Monitor for SLA reporting read the previous section Configuring SLA on Monitor Configuring SLA for a router via the web interface Login to the web interface using your login credentials In the top menu select Services gt SLA Daemon The SLA Daemon page appears Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 225 of 258 30 Configuring SLA for a router SLA Daemon Configuration of the VA SLA Daemon Basic Settings Basic settings should be set according to network setup Add Save amp Apply Reset Figure 105 The SLA daemon page In the Basic Settings section click Add The basic settings section for SLA Daemon appears SLA Daemon Configuration of the VA SLA Daemon Basic Settings Basic settings should be set according to network setup Delete Enable Roundtrip Timeout f packet is not replied for before this timeout it is considered lost ms Interface amp Ethernet Adapter eth0 lan oopback Destination Host IP Remote side of communication Address Destination UDP Port Remote side port Advanced Settings Bin Restart How long one bin is collecting information Period ms Max Bin Count How many bins in the queue After all empty bins are used new information is put in the oldest bin Figure 106 The SLA daemon page Check Enable In the Timeout for Roundtrip Timeout field type in a time Select an interface on which traffic should be monitored
153. fix strin Ao Heal bin relative to the document root CGI gp g g support is disabled if this option is missing Defines the prefix for dispatching lua prefix string no none requests to the embedded Lua interpreter relative to the Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 126 of 258 20 Configuring HTTP server document root Lua support is disabled if this option is missing lua_handler file path yes if lua_ prefix is given else no none Specifies Lua handler script used to initialize the Lua runtime on server start script_timeout integer no 60 Sets maximum wait time for CGI or Lua requests in seconds Requested executables are terminated if no output was generated until the timeout expired network_timeout integer no 30 Sets maximum wait time for network activity Requested executables are terminated and connection is shut down if no network activity occurred for the specified number of seconds realm string no local hostname Defines basic authentication realm when prompting the client for credentials HTTP 400 config file path no etc httpd conf Config file in Busybox httpd format for additional settings currently only used to specify Basic Auth areas index_page file name no index html index htm default html default htm Index file to use for directories e g add index php
154. guration files keys and certificates are stored there so that they survive reboot Normally it is not necessary to store any other files in flash One exception for example is a banner file for logins Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 242 of 258 31 8 31 Diagnostics Firewall diagnostics The routers OS relies on netfilter for packet filtering NAT and mangling The UCI Firewall provides a configuration interface that abstracts from the iptables system to provide a simplified configuration model that is fit for most regular purposes while enabling the user to supply needed iptables rules on his own when needed The firewall section is its own package located within etc config firewall Below is an example of a firewall section root VA_router uci export etc config firewall package firewall config defaults option syn_flood option abeo ACC B s ERES Option Ro pu ae OE pr opio Fomweuco TACCHI config zone option name lan option network lan oprilomn aliajowie ACC EPT OE gu EOLA TACCHI Option ome ACC TY option family any option conntrack config zone Y ENCORE option option option option option option option option option name wan interface network mas LU Mae forward wan interface Bp v HAS CEA output ACCEPT family any Y conn track 10
155. he service stop Stop the service restart Restart the service reload Reload configuration files or restart if that fails enable Enable service autostart disable Disable service autostart When troubleshooting make sure that the routing table is correct using route n Ensure all parameters in the multi WAN package are correct The name used for multi WAN must be identical including upper and lowercases to the actual ADSL interface name defined in your network configuration To check the names and settings are correct browse to Network gt interfaces or alternatively run cat etc config network through CLI Enter the name of the WAN interface to configure and then click Add The new section for configuring specific parameters will appear 31 14 PAD diagnostics 31 14 1 Showing Log The modules will write events to the log if they are configured to do so To see the event that are already logged type the following at the command prompt logread Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 254 of 258 31 Diagnostics The log contains the events of many modules To filter a specific module type logread grep module name for example if you want to see the vald events enter logread f grep vald Note the vald module has a command that enables the logging of the payload When enabled vald will additionally log the payload of all received and sent packets To enable paylo
156. he syslog level Events up to this priority will be logged Emergency 0 Alert 1 Critical 2 Error 3 Warning 4 Notice 5 Info 6 Debug 7 Enables the corresponding route nua ipaddr 12345X 0 0 0 0 15 digits NUA Any IPv4 address Sets the route destination X 25 NUA There are 5 default routes with the following NUA Route 0 123451 Route 1 123452 Route 2 123453 Route 3 123454 Route 4 123455 Sets the destination IP address ipport Any TCP port Sets the destination TCP port enable XOT port configuration parameters Enables the corresponding XOT port Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 187 of 258 26 4 val_port 200X Any TCP Sets the TCP port number on which this XOT port port is listening for incoming connections from remote XOT peer There are 5 XOT ports with the following default val_ port Port 0 2000 Port 1 2001 Port 2 2002 Port 3 2003 Port 4 2004 val ipaddress 0 0 0 0 Any IPv4 Sets the IP address on which this XOT port is address listening for incoming connections from remote XOT peer max vcs 1for port 1to 64 Defines the maximum number of X 25 VCs 0 to 3 supported by this XOT port and Note when a XOT port is used for the PAD 64 for function its max vcs option must be set to 1 port 4 tcp keep alive enabled 1 Oor1 Enables the sending of TCP keep alive probes tcp keep
157. host name appears in the top left hand of the menu of the interface It also appears when you open a Telnet or SSH session Note this document uses the hostname VA_ router throughout You can set your system setting options in the system section To configure the router s hostname in the top menu select System gt system The System page appears Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 42 of 258 8 Management configuration settings System System Properties Seneral Settings Logging Language and Style Local Time Thu Jan 1 18 29 49 1970 Sync with browser Hostname VA Route Timezone Europe Dublir y Here you can configure the basic aspects of your device like its hostname or the timezone Figure 5 The system page In the Hostname field type a relevant host name In the Timezone dropdown menu select the relevant time Click Save zone Name Type Required Default Description hostname string no none Enables the hostname for this system buffersize integer no kernel specific Specifies the size of the kernel message buffer conloglevel integer no Sets the maximum log level for kernel messages to be logged to the console Only messages with a level lower than this will be printed to the console cronloglevel integer no Specifies the minimum level for cron messages to be logged to syslog O prints all debug messages 8 wil
158. igned by DHCP udhcpc CDMA UMTS or GPRS connection using an AT style 3G 3g comgt modem L2tp Layer 2 Tunneling Protocol xl2tpd none Unspecified protocol Depending on the interface protocol used several other options may be required for a complete interface declaration The corresponding options for each protocol are listed below Options marked as yes in the Required column must be defined in the interface section if the corresponding protocol is used options marked as no may be defined but can be omitted as well Options valid for all protocol types Name Type Required Default Description ifname interface yes none Defines physical interface name to assign name s to this section list of interfaces if type bridge is set type string no none If set to bridge a bridge containing the given ifnames is created stp boolean no 0 Only valid for type bridge enables the Spanning Tree Protocol macaddr mac address no none Overrides MAC address of this interface mtu number no none Overrides the default MTU on this interface auto boolean no O for proto Specifies whether to bring up interface on none else boot 1 accept ra boolean no 1 for Specifies whether to accept IPv6 Router protocol Advertisements on this interface dhcp else 1 send rs boolean no 1 for Specifies whether to send Router protocol Solicitations on this interface static else 0 monitored Boolean No 0 Sp
159. iguration RemoteFilename string yes none img request firmware vas notify activator sequence is complete vas should always be requested last A sample autoload configuration is show below Note as some values are exceptional like they need to be appropriately escaped using uci set and show commands This removes the need to know the correct escape sequences root VA_router au au au au au au au au au au au au au au au au au au au au to to TO to TO to iO 1EX9 to to NEO EO to Ho to to to to to BO load load load load load load load load load Loael load ike cie load load load load load load load load entry entry entry entry entry entry entry entry entry entry entry entry main core 0 0 0 0 uci show autoload main Enabled yes main StartTimer 10 main RetryTimer 30 main NumberOfRetries 5 main BackoffTimer 15 main BootUsingConfig altconfig main BootUsingImage altimage SS Configured yes SegmentName altconfig RemoteFilename ini SS Configured yes SegmentName altimage RemoteFilename img SII y Configured yes SegmentName configl RemoteFilename vas Virtual Access 2015 GW7300 Series User Manual Is
160. ing no DROP PATa E policy Ce LES OPI tor forwarded zone traffic Default poli ACCEPT REJECT DROP f output string no DROP i Po s JES RR outgoing zone traffic Defines protocol family ipv4 ipv6 or any family ng Ls any to generate iptables rules for tes les for rejected and dropped log boolean no 0 aea F a A REL PP traffic in this zone ae Limits the amount of log messages per log_limit string no 10 minute 9 ISa P interval Forwarding sections The forwarding sections control the traffic flow between zones and can enable MSS clamping for specific directions Only one direction is covered by a forwarding rule To allow bidirectional traffic flows between two zones you need two forwardings with src and dest reversed in each The table below shows allowed options within forwarding sections Name Type Required Default Description zone Specifies the traffic source zone must refer to src yes none name one of the defined zone names zone Specifies the traffic destination zone must dest yes none name refer to one of the defined zone names Defines protocol family ipv4 ipv6 or any to family string no any pi yip P y generate iptables rules for Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 108 of 258 18 4 18 Configuring firewall The iptables rules generated for this section rely on the state match which needs connecti
161. ion type exec option cmd template logger t eventer eventName The table below describes exec target parameters Name Type Required Default Description Name of the target to be used in name String Yes None the forwarding section enabled Boolean Yes Yes Enable this target type String Yes exec Must be exec for a exec target Template of th mmand t cmd template String Yes None iced as aridity execute Table 34 Event system exec target settings description 28 6 5 Example and export As an example the event system is configured to e Forward the I2tp event CannotFindTunnel with a severity between debug and critical to a syslog server e Forward all mobile events with a severity between notice and critical to a SNMP trap manager e Execute logger t eventer eventName when an Ethernet event occurs e Forward all auth events via email e Connection to the SNMP and syslog server is checked by sending pings e Connection to the smtp server is verified by checking the state of ethO To view the configuration file enter uci export va eventd root test uci export va eventd package va eventd config va eventd main option enabled yes option event queue file tmp event buffer option event queue size 128K Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 211 of 258 config forwarding option enab
162. ions ne lan option dest wan Options emi 192 188 427 option extra m calm weekdays Mon Tue Wed Thu Fri timestart 21 00 timestop 09 00 option target REJECT 18 10 8 Restricted forwarding rule The example below creates a forward rule rejecting traffic from LAN to WAN on the ports 1000 1100 config rule option src lan option dest wan option dest_port 1000 1100 option proto tcpudp option target REJECT 18 10 9 Transparent proxy rule same host The rule below redirects all outgoing HTTP traffic from LAN through a proxy server listening at port 3128 on the router itself config redirect Options ne lan option proto Pep option src_dport 80 option dest_port 3128 18 10 10 Transparent proxy rule external The following rule redirects all outgoing HTTP traffic from LAN through an external proxy at 192 168 1 100 listening on port 3128 It assumes the router LAN address to be 192 168 1 1 this is needed to masquerade redirected traffic towards the proxy O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 116 of 258 18 Configuring firewall config redirect Options ne lan OSLO TOXSONEO TED Options cmo 192 168 1 100 Options acta p ona 80 option dest_ip 192 188 i 100 option dest_port 3128 option target DNAT config redirect option dest lan option proto LEO QOELGM Su che 192 168 dL 5 il option dest_ip 192 168 1 100 option dest_port SIZ option t
163. iple uplinks for failover Delete Enable V Preempt V Alternate Mode It will use altemate interface after reboot WAN Interfaces Health Monitor detects and corrects network changes and failed connections Delete 3G S1 VODA Health Monitor Interval Health Monitor ICMP DNS Server s Host s Health Monitor ICMP 3 sec y Timeout Attempts Before WAN 3 zu Failover Attempts Before WAN 5 A Recovery Priority 0 Higher value is higher priority Manage Interface V State Up Down Exclusive Group 0 Only one interface in group could be up in the same time Minimum ifup Interval 300 sec Minimum interval between two successive interface start attempts Interface Start 40 sec g Time for interface to startup Timeout m Signal Threshold 115 z Below is a failure dBm Add Save amp Apply Save Reset Figure 32 The multi WAN page From the Health Monitor Interval dropdown menu choose the interval that will be used to monitor signal strength value From the Attempts Before WAN Failover dropdown menu select the number of fail attempts of Health Monitor checks that will cause the interface to be disconnected In the Priority field type in the priority number The Multi Wan interface priority must be higher than one specified in package mobile Setting options for Automatically Created interfaces section below Ensure you have selected the Manage Interface State Up D
164. irewall rastart Executing the following command will flush all rules and set the policies to ACCEPT on all standard chains root VA_router etc init d firewall stop To manually start the firewall enter Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 118 of 258 18 12 18 Configuring firewall root VA_router etc init d firewall start The firewall can be permanently disabled by enter root VA_router etc init d firewall disable Note disable does not flush the rules so you might be required to issue a stop before To enable the firewall again enter root VA_router etc init d firewall enable Debug generated rule set It is possible to observe the iptables commands generated by the firewall programme This is useful to track down iptables errors during firewall restarts or to verify the outcome of certain UCI rules To see the rules as they are executed run the fw command with the FW_TRACE environment variable set to 1 one root VA_router FW_TRACE 1 fw reload To direct the output to a file for later inspection enter root VA_router FW TRACE 1 fw reload 2 gt tmp iptables lo Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 119 of 258 19 Configuring SNMP 19 Configuring SNMP 19 1 The SNMP daemon has several configuration sections that configure the agent itself agent an
165. ist inmeezrrace laum tmp dhcp leases tmp resolv conf auto Options local and domain enable dnsmasq to serve entries in etc hosts as well as the DHCP client s names as if they were entered into the lan DNS domain Options domainneeded boguspriv localise queries and expandhosts make sure that requests for these local host names and the reverse lookup never get forwarded to the upstream DNS servers Option authoritative makes the router the only DHCP server on this network This allows clients to get their IP lease a lot faster Name Type Required Default Description addnhosts list of file paths no none Specifies additional host files to read for serving DNS responses authoritative boolean no Forces dnsmasq into authoritative mode this speeds up DHCP leasing Used if this is the only server in the network Boguspriv boolean no Rejects reverse lookups to private IP ranges where no corresponding entry exists in Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 55 of 258 9 DHCP server and DNS configuration etc hosts Cachelocal boolean no When set to 0 uses each network interface s dns address in the local etc resolv conf Normally only the loopback address is used and all queries go through dnsmasq cachesize dhcp boot integer string no no 150 none Sets the size of dnsmasq query cache
166. ith which R U THERE messages INFORMATIONAL exchanges are sent to the peer 150s Defines the timeout interval after which all connections to a peer are deleted in case of inactivity Delete Figure 71 The strongSwan IPSec VPN page GW7300 Series User Manual Issue 2 3 Page 158 of 258 24 Dynamic Multipoint Virtual Private Network DMVPN Name Type Required Default Description loball les IP Enabled Checkbox yes Unchecked SI nop trace on tie router loball les A i Aggressive mode Checkbox yes Unchecked vigo enablse Aggressive mode on a router Name String Yes Blank Specifies a name for the tunnel Specifies how the tunnel is initiated Start On startup Route When traffic routes this Dropdown Autostart Action Yes Ignore way Menu Add Loads a connection without starting it Ignore Ignores the connection Dropdown Defines whether the connection is in Connection Type Yes tunnel Menu tunnel or transport mode Remote GW IP Sets the public IP address of a Yes None address address remote peer Local Id string Yes None Defines the local peer identifier Remote Id String Yes None Sets the remote peer identifier Local LAN IP pad String Yes None Defines the local IP of LAN Address Local LAN IP Address Mask String Yes None Defines the local Mask of LAN R te LAN IP wees String Yes None Defines the Remote IP of LAN Address Remote LAN IP trin Y N
167. its behaviour Press Duration Behaviour Less than 3 seconds Normal reset Between 3 and 5 seconds The router resets to factory configuration Between 20 seconds and 25 seconds Recovery mode Over 25 seconds Normal reset Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 15 of 258 3 GW7300 Series LED behaviour 3 GW7300 Series LED behaviour The GW7300 Series router has a single colour LED When the router is powered on the LED is solid green POWER O O CONFIG ETHERNET B C o 0 o F G gt SIM 1 D O O H O sim2 O ADSL SYNC O 000 mO ADSL DATA Figure 3 GW7300 LEDs The possible LED states are Off Flashing slowing Flashing quickly e On The following table describes the possible LED behaviours and meanings The GW7300 takes approximately 2 minutes to boot up During this time the power LED flashes Booting a Other LEDs display different diagnostic patterns during boot up Booting is complete when the power LED stops flashing and stays on steady On Power Power Off No power or boot loader does not exist On Unit running a valid configuration file Flashing Unit running in recovery mode 5 Hz Config slowly Flashing Unit running in factory configuration 2 5 Hz quickly On SIM selected and already registered on the network SIM Off Not selected or SIM not inserted Fl
168. jou ig wlams 2 esr VC trunk yes vlems el nat vlan mete vlamme VIY Virtual Access 2015 GW7300 Series User Man Issue 2 3 ual Page 63 of 258 10 VLAN configuration root VA_router portvl an v portvl an Qv 1 an portvl portvl v Qv portvl Qv portvl Qv portvl Qv Qv portvl portvl y portvl Qv Qv portvl portvl an v portvl an Qv 1 porty portvl portvl portvl portvl portvl portvl portvl IL portvl Joa Modify these settings by running uci set lt parameter gt command The following tables describe the UCI parameters for each section an an an an an an an an an Glin JL anpa port port port port port port port port port o Mene Sr nat v 2 uci show portvlan vlan vlanid 1 name vlanl mpaddr 92 168 1 i gt MOEMASK 255 2559 2595 0 isolate no l vlan vlanid 2 name vlan2 s atgreieigleed 92 108 201 mermask 2 95 o 2 55 5 20515 O vlanprio 5 isolate yes DOI POLEA Milans o DOE POBE B vlans 2 ponstce trunk yes vlans all lan nat vlan lan nat vlanid 1 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 64 of 258 10 VLAN configuration
169. l log command executions and 9 or higher will only log error messages Klogconloglevel integer no Specifies the maximum log level for kernel messages to be logged to the console Only messages with a level lower than this will be printed to the console Identical to Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 43 of 258 8 Management configuration settings conloglevel and will override it log_file Defines which file to write tri string no var log messages log messages to type file log_ip Specifies IP address of a syslog server to which the no none log messages should be sent in addition to the local destination IP address Specifies port number of log port integer no 514 the remote syslog server specified with log ip log size Sets size of the file or integer no 16 circular memory buffer in KiB log type string no circular Specifies either a circular or file log type Specifies the time zone timezone string no UTC that date and time should be rendered in by default Stores local time every N time save interval min integer no 10 minutes so it will be used on the next boot The table below describes the fields in the Time Synchronization section Name Type Required Default Description Enable builtin Boolean No 0 Enables NTP server NTP server EE Dro
170. ld only be used for debug purposes x25 wsize 1to 7 Sets the size of the X 25 window x25_pktsize 128 128 to 1024 Sets the X 25 packet size used The packet size is in bytes log_level 0 to 7 Determines the syslog level Events up to this priority will be logged 0 Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 Notice 6 Informational 7 Debug x25_t22 8 1 to 180 Configures X 25 timer T22 PAD port configuration parameters enable local_nua listen_port link_id 0 1234567X 1000X 0 or 1 15 digits NUA Any TCP port 1to5 Enables the corresponding padd port Sets the destination local X 25 NUA assigned to the padd port There are 5 pad ports with the following default NUA Port 0 12345670 Port 1 12345671 Port 2 12345672 Port 3 12345673 Port 4 12345674 Sets the TCP port number on which this padd port is listening for incoming connections from the terminal server There are 5 pad ports with the following default listen_port Port 0 10000 Port 1 10001 Port 2 10002 Port 3 10003 Port 4 10004 Assigns a XOT port to the padd port O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 193 of 258 Values may be 0 connect padd port to XOT port O 1 connect padd port to XOT port 1 2 connect padd port to XOT port 2 3 connect padd port to XOT port 3 4 con
171. lect the Advanced Settings tab Select Bring up on boot Click Save amp Apply To check for connectivity return to the top menu and under Network gt Interfaces the WAN interface will show receive and transmit packets and an IP address Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 76 of 258 13 Configuring a 3G 4G connection Interfaces Interface Overview Network Status Actions Uptime 0h 7m 59 AE esate Connect Stop Edit Delete MAC Address 00 E0 C8 10 03 E7 e RX 300 73 KB 2574 Pkts TX 372 19 KB 1121 Pkts IPv4 192 168 100 1 24 IIA Uptime oh om 0s St Edit Delet RX 149 39 KB 411 Pkts m TX 78 49 KB 616 Pkts 3g wan IPv4 78 152 227 151 32 Add new interface Figure 18 The interfaces overview page To view 3G 4G connectivity information browse to Status gt 3G Stats 3G Information The 3G module is reporting the following information Parameter Value Modem Type UMTS Operator vodafone IE Network Status registered home network 3G Network Status registered home network Signal Quality 69 dBm Figure 19 The 3G information page Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 77 of 258 14 Configuring SMS 14 Configuring SMS Browse to the router s IP address and login Select Service tab gt Mobile Manager The Mobile Manager page appears VA_GW2021 Status System Semices
172. led yes config interface option enabled yes uci export pimd option interface lan option ssm yes option igmp yes config interface option enabled yes option interface wan option ssm yes option igmp no root VA_router etc configl uci show pimd pimd pimd routing pimd pimd enabled yes pimd interface 0 interfac pim pimd interface 0 ssm yes pimd interface 0 igmp yes pimd interface 1 interfac Virtual Access 2015 GW7300 Series User Manual Issue 2 3 d d d pimd interface 0 interface lan d d d interface 0 enabled yes Page 147 of 258 22 Multicasting using PIM and IGMP interfaces pimd interface 1 pimd interface 1 pimd interface 1 pimd interface 1 enabled yes interface wan ssm yes igmp no Name Type Required Default Description enabled Booledn Yes No Enable PIM and IGMP operation globally enabled Boolean Yes No Enable PIM and IGMP on interface ify which interf t interface Interface Yes Blank ADE 4 id de the settings on ssm Boolean Yes No Enable PIM SSM on interface igmp Boolean Yes No Enable IGMP on interface To change any of the above values use uci set command O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 148 of 258 23 GRE interfaces 23 GRE interfaces 23 1 General Routing Encapsulation GRE is a tunnelling prot
173. led yes option className 12tp option eventName CannotFindTunnel option severity debug critical option target syslog config forwarding option enabled yes option className mobile option severity notice critical option target snmp config forwarding option enabled yes option className ethernet GEI carget loge config forwarding option enabled yes option className auth option target email config conn tester option name mon server option enabled 1 option type ping Opium josling _cesic_aciche 192 168 100 254 option ping source eth0 option ping success duration sec 10 config conn tester option name smtp server option enabled 1 option type link option link iface ethO0 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 28 Event system Page 212 of 258 Event system config target option option option option option config target option option option option option option option option option option option option option option happened option config target option option option option option option option config target option option Y name syslog enabled yes Y type syslog Eancgetmaddia V LI SO oda conn_tester mon_server name email enabled yes type email Srnispaacic M OSA IRA eR UE smtp user x example com SED ToeuSsWuOsp Vw Y use tls yes
174. list mecwowrlk 11 11 115 0 29 lise network 192 169 103 1 932 config peer option route_map_in yes aprilom ajoaciche TJ 235341 31 V Open asin VJLV option route map ROUTEMAP config routemap ROUTEMAP option rs clc LO option permit yes option match type ip address pticom macen 192 1695103 1 929 option set type ip next hop option set 150 root VA_router uci show bgpd bgpd bgpd routing bgpd bgpd enabled yes ING jOCl J lexegoxel c ieoone ese abo E39 s 3 Ss 3 bgpd bgpd asn 1 bgpd bgpd network 11 11 11 0 29 192 168 103 1 32 bgpd peer 0 peer bgpd peer 0 route_map_in yes bgpd peer 0 ipaddr 11 11 11 1 bgpd peer 0 asn 1 bgpd peer 0 route_map ROUTEMAP bgpd ROUTEMAP routemap bgpd ROUTEMAP order 10 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 BGP Border Gateway Protocol Page 73 of 258 12 BGP Border Gateway Protocol bgpd ROUTEMAP bgpd ROUTEMAP bgpd ROUTEMAP bgpd ROUTEMAP bgpd ROUTEMAP permit yes match type ip address mareh KORRES 3 0 1 32 set type ip next hop set 150 To change any of the above values use uci set command Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 74 of 258 13 Configuring a 3G 4G connection 13 Configuring a 3G 4G connection In the top menu select Network gt Interfaces Status System Route
175. ll then be delivered only to the network segments that are in the path between the source and the receivers To summarize PIM is used between routers while IGMP is used between a receiver and its router only As a result PIM must be enabled on all the interfaces on the route from the multicast source to the multicast client while IGMP must be enabled on the interface to the multicast client only Configuring PI M and I GMP via the web interface To configure PIM through the web interface in the top menu select Network gt PI M The PIM page appears PIM Global Settings Add Interfaces Configuration Enabled Interface Enable IGMP Enable SSM Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 145 of 258 22 Multicasting using PIM and IGMP interfaces In the PIM page click Add The Global Settings section appears PIM Global Settings Delete PIM Enabled SSM Ping Enabled Figure 62 The global settings interface Enable PIM by checking PI M Enabled Name Type Required Default Description PIM Enabled Checkbox yes Unchecked Globally enable PIM on the router SSM Ping Enabled Checkbox yes Unchecked Enable answers to SSM pings Table 13 The PIM global settings description Scroll down to the Interfaces Configuration section and click Add Interfaces Configuration Enabled Interface Enable IGMP Enable SSM Y grel v Y Delete v i l
176. lt Description Disabled No 0 Disables the Multi WAN interface Configures weight for load balancing Not N 1 MISION B E relevant when two SIM cards are being used ts the period to check health status of Health interval No 10 3 gt P interface Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 84 of 258 15 Configuring Multi WAN Icmp hosts No 3 secs Sets Ping timeout timeout No 3 secs Sets Ping timeout ifies th t of retri fore th Health fail retries Yes 3 ones An J TAAN oe p parore Tie interface is considered a failure Health recovery Yes 5 Specifies the number of healthy pings before retries the interface is considered healthy This field is not applicable unless you have two Load Balancer WAN interfaces connected simultaneously and failover to Yes er ete Compatibility want to forward traffic to a specific interface after the failover dns No Auto Defines DNS for the interface Specifies the priority of the interface a higher mm value is better priority Yes 0 1 is better than 0 therefore the interface with priority of 1 will connect first manage state Yes Yes Specifies interface start stop by Multi WAN Specifies which interface within the group is exclusive group No 0 active Only one interface can be active SIM 1 or SIM 2 Specifies the time for interface to start up If it ifup retry sec Yes 300 secs is not up after thi
177. lt sim number gt is number of roaming SIM 1 or 2 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 87 of 258 16 Automatic operator selection and lt short operator name gt is first four alphanumeric characters of operator name as reported by AT COPS command Type the short operator name in lower case for example Operator name First four alphanumeric numbers Vodafone UK voda O2 UK o2uk Orange oran Table 12 Examples of operator names From the Protocol dropdown menu select UMTS GPRS EV DO Click Submit The Common Configuration page appears Common Configuration Setup Advanced Settings Physical Settings Firewall Settings Status RX 0 00 B 0 Pkts 39 3g s2 voda TX 0 00 B 0 Pkts Protocol MTS GPRS EV D M Service Type MTS GPRS z SIM M APN nternet PIN PAP CHAP username PAP CHAP password a Back to Overview Save amp Apply Reset Figure 29 The common configuration page Name Type Required Default Description Protocol Dropdown menu Yes UMTS GPRS EV Protocol type DO Service Type Dropdown menu Yes None Service type that will be used to connect to the network SIM Dropdown menu Yes None APN name of Mobile Network Operator PIN Numeric value No None SIM Card s PIN number PAP CHAP String No None Username used to connect to username APN PAP CHAP String No None Password used to connect to
178. ly to achieve the desired firewall behaviour Note the UCI firewall exists to simplify the configuration of netfilter for many scenarios without requiring the knowledge to deal with the complexity of netfilter The firewall configuration consists of several zones covering one or more interfaces Allowed traffic flow between the zones is controlled by forwardings Each zone can include multiple rules and redirects Below is an overview of the section types that may be defined in the firewall configuration A minimal firewall configuration for a router usually consists of one defaults section at least two zones LAN and WAN and one forwarding to allow traffic from LAN to WAN Other sections that exist are redirects rules and includes Defaults section The defaults section declares global firewall settings which do not belong to any specific zones The following options are defined within this section Name Type Required Default Description syn_flood boolean no 1 Enables SYN flood protection drop invalid boolean i 1 Drops packets not matching any active connection disable ipv6 boolean no 0 Disables IPv6 firewall rules if set to 1 Default policy ACCEPT REJ ECT DROP for input string no DROP the INPUT chain Default policy ACCEPT REJECT DROP for forward string no DROP the FORWARD chain Default policy ACCEPT REJ ECT DROP for tput t DROP DU 2M 23 e the FORWARD chain
179. mall amount of interactive control information is returned ADSL circuits can support data rates of up to 8 Mbps downstream from the network service to the user and 1 Mbps upstream from the user to the network service ADSL connections ADSL access services typically use the Asynchronous Transfer Mode ATM protocol to provide a low level communications path between the user s access equipment and the service provider head end The head end may be a Broadband Access Server BAS that sits logically behind the ADSL central office Digital Subscriber Line Access Multiplexer DSLAM and is connected using an ATM backbone ATM is a high speed switching technology where data is grouped into cells Connection between the user equipment and the BAS is then achieved using the Point to Point Protocol PPP running over the ATM connection path PPP is a defined industry standard used widely to allow two devices to communicate across a logical link It is extensively deployed by service providers as a means of connecting customers to Internet Protocol IP based services such as the Internet The method of running PPP between the user equipment and the BAS may be either directly over the ATM layer PPPoA or over an intermediate Ethernet layer PPPoE ADSL connection options on your router You can configure two main types of ADSL service on your router e ADSL routed PPP connection e ADSL bridged connection If you select the Routed PPP service
180. monitored 0 ent ipaddr 10 33 4 7 Mic Sua Si DD 255 42155 dL 97 anagem Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 144 of 258 22 Multicasting using PIM and IGMP interfaces 22 Multicasting using PI M and I GMP interfaces 22 1 IP multicast is a bandwidth conserving technology that reduces traffic by simultaneously delivering a single stream of information to potentially thousands of corporate recipients Applications that take advantage of multicast include video conferencing and corporate communications IP multicast delivers application source traffic to multiple receivers without burdening the source or the receivers while using a minimum of network bandwidth PIM Protocol Independent Multicast and I GMP Internet Group Management Protocol are protocols used to create multicasting networks within a regular IP network A multicast group is an arbitrary group of receivers that expresses an interest in receiving a particular data stream The receivers the designated multicast group are interested in receiving a data stream from the source They indicate this by sending an Internet Group Management Protocol I GMP host report to their closest router in the network The routers are then responsible for delivering the data from the source to the receivers The routers use Protocol Independent Multicast PIM between themselves to dynamically create a multicast distribution tree The data stream wi
181. n strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan generali general cenceroaimMenabled yes general strictcrlpolicy no general uniqueids yes general cacheeris ves Generel nainesa ers Set Vics connection 0 connection connection 0 enabled yes connection 0 name DMVPN connection 0 type transport connection localis ozgme connection o HEMMOE STOIC OSCE connection 0 ike 3des md5 modp1024 QGconnection 0 esp aes128 shal connection 0 waniface wan connection 0 auto ignore connection 0 ikelifetime 28800s connection 0 keylife 300s connection 0 rekeymargin 30s connection 0 keyingtries forever connection 0 dpdaction hold connection 0 dpddelay 30s connection 0 dpdtimeout 150s secret 0 secret secret 0 nabled yes secret 0 secrettype psk secret 0 secret secret Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 164 of 258 24 6 24 Dynamic Multipoint Virtual Private Network DMVPN uci export strongswan package strongswan config general option option option option option general enabled yes stricter lboliley Vine Y Y uniqueids yes cachecrls yes
182. n eR ERE ae ae ee ale eR X RR ex cr VA ETE SIR aS 109 18 5 Rules i DEDI iin ve idR eg a e EXON IH IR S Re id 110 18 6 Includes i o e eme ixi ue Eee Y VR EDAM IEEE Ie Ix Me ue oe Re TED 111 18 7 PVO notes A nete AR EA AA RINES 111 18 8 Implications of DROP vs REJECT issssssssss mmm heme emere 112 18 9 Note on connection tracking ecient mm mmn meme 113 18 10 X Firewall examples ecrire depu RR Lege 113 18 I0 Opening DOLts 2 nisse erroe ai 113 18 10 2 Forwarding ports destination NAT DNAT cesse 113 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 4 of 258 Table of Contents 18 10 3 Source NAT SNAT ie state a en t a Aa 114 18 10 4 True destination port forwardinQ oooocccccccncnccnnnccnnncnnnnnnnnncnnnnnnnnnns 115 18 10 5 Block access to a specific NOSt 0 cece eee eee eee eee me 115 18 10 6 Block access to the internet using MAC 0 ccceeeee cece nett eee e eee eee 115 18 10 7 Block access to the internet for specific IP on certain times 115 18 10 8 Restricted forwarding rule ssssssssssssme mme 116 18 10 9 Transparent proxy rule same host sssssesssssseene 116 18 10 10 Transparent proxy rule external sssesssesem 116 18 10 11 Simple DMZ rule csssssssssssssmIm memes enne rene 117 18 10 12 IPSec passthrough cccece cee eee eee ant emen nennen 117 18 10 13 Manual iptables
183. n monitor inbound SMS messages using the router s web browser or via an SSH session To monitor via SSH login and enter 1ogread f amp An outgoing SMS message appears 22 06 GMT 2013 mips GNU Linux Figure 21 Output from the command logread f amp To monitor via the web browser login and select Status gt system log Scroll to the bottom of the log to view the SMS message Figure 22 Output from system log Outgoing messages You can send an outgoing message via the command line using the following syntax sendsms 353872243909 hello Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 79 of 258 15 Configuring Multi WAN 15 Configuring Multi WAN 15 1 Multi WAN is used for managing WAN interfaces on the router for example 3G interfaces to ensure high availability You can customise Multi WAN to various needs but its main use is to ensure WAN connectivity and provide a failover system in the event of failure or poor coverage Multi WAN web interface You can configure Multi WAN through the web interface In the navigation menu browse to Network gt Multi Wan The Multi WAN page appears Multi WAN Multi WAN allows for the use of multiple uplinks for load balancing and failover Enable Y Preempt Alternate Mode It will use alternate interface after reboot Figure 24 The multi WAN page Name Type Required Default Description Enable Boole
184. nd operates as a bridge between the tservd module and the XOT module XOT configuration The XOT configuration is stored in etc config vald It is composed of three sections The module section The module section contains miscellaneous parameters to manage the behaviour of the entire module The XOT routing table The XOT section contains the XOT routes XOT routes configure the mapping between destination X 25 NUAs and the destination endpoint IP address and TCP Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 186 of 258 port number These routes are used for protocol conversion of X 25 outgoing Calls The XOT routing table has up to 64 routes You can configure each route differently The XOT ports The Virtual Access router supports up to five XOT contexts Only one XOT is associated with the synchronous Serial port Up to four XOT ports can be assigned to the X 25 PAD ports Every X 25 PAD port is assigned to a unique serial asynchronous p ort Name Module specific paramete Default rs Range Description enable 0 Oorl Determines whether or not the XOT daemon is enabled or disabled debug ev enabled Oorl Determines whether or debug statements are logged Note enabling this may have an impact on the router performance and should only be used for debug purposes loglevel enable Route configuration parameters 0 0 to 7 Oorl Determines t
185. nds it takes V 23 transmitter to rampdown carrier from peak to Zero Goton v23 mera don ni V30 when used with V 23 modem driver set portmode v23 sets the maximum transmit fifo fill level in bytes Option v23 ex marril V 34327 when used with V 23 modem driver set portmode v23 enables Signalling of carrier by sending special characters option v23 inband carrier signalling 0 when used with V 23 modem driver set portmode v23 this character decimal value signalls remote carrier on AiO Yes abalerehoYo le er ueneakewe e ejstereloksue VAS enables HDLC Pseudowire over UDP support based on RFC4618 if set to 1 also set udpMode 1 option hdlc pw enabled 0 Configures serial transmit log size in bytes and enables transmit data logging O disabled option serialTxLogSize 0 Configures serial receive log size in bytes and enables receive data logging O disabled option serialRxLogSize 0 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 181 of 258 25 Terminal Server w lose reversas O inommale i wewersS option bit_reverse 0 v24 dte tt clock invert O normal l invert pico Chess ce inw O v24 dce tx clock invert O normal l invert Option Cee celk inw O v24 dce rx clock invert O normal l invert opetom Cee reli D oO x21 clock invert O normal l invert Gees 21 elle inver 0 a xL darca Celays 0 7 delay la local els
186. ne enia eR RE of Meda cx Uu lx Kex e ox DR E e ed DER ee MR 48 8 5 2 Options valid for all protocol types ce cece cece eee tenet eee eae ee eats 49 8 5 3 Protocol statiC tios eed creer dant acinus pueda Ete poete UN qu e dane 50 8 5 4 Protocol dhcp s com dede e e ee EE dep ete 50 8 5 5 Protocol 3g PPP over EV DO CDMA UMTS or GRPS sees 50 8 5 6 Protocol I2tp layer 2 tunneling protocol ooooocccccccncnccncnccnnnccnnnccnanons 51 8 5 7 Alia 51 9 DHCP server and DNS configuration oomccoonoconnnconnncancncanancanrncnnrncanrncanancanass 54 9 1 Common options section ssssssssssssss mese ess ene enne 54 9 2 DEACERO cio e bete bo eite testudo iot uten a 58 3 State leases teehee eee o ee at 60 10 VLAN configuratiON omocoonoconnnrannncannncannnrnnnnrannnrncnnracnnrnrnrnnrnrnnrncanrncananeananeass 61 10 1 VLAN web interface cece eect een eee emnes nemen eene 61 10 2 VEAN definitions acces E ds 61 10 3 Port description essenin anoe li li eiie ee eee oe eee 62 10 4 VLANs UCI interface ccc esee esee mesee esee teens 63 10 4 1 CONTIG POM rumore heroas etum a dala eee eee 65 10 4 2 config VaN raei eee three ob thua dere aote etsi qu oiu 65 10 4 3 Gonflg niat vla ci oe AA UEM Rr eee 65 11 Static routes configuration coonococnoronnncannnrannnracanracnnracnnracnnrncananrncananeananeass 66 ILI PVATOUtes e o e e a e a e a ans 66 11 2 PVG POQUER 67 12 BGP Border
187. nect padd port to XOT port 4 nlpid 0 to 255 Sets the X 25 network layer protocol ID sent in call user data Note this must be 1 for PAD fwd timeout 50 1275 Sets the forwarding timeout in milliseconds Data received from DTE asynchronous terminal is buffered The data is forwarded to a X 25 VC if the buffer is full or the forwarding timer fired The forwarding timeout is re started on reception of new data from serial DTE terminal The forwarding timeout is in milliseconds fwd blksize 128 1024 Sets the size of the forwarding buffer Data received from DTE asynchronous terminal is buffered The data is forwarded to a X 25 VC if the buffer is full or the forwarding timer fired The Forwarding buffer size is in bytes x25 blksize local echo 1024 1024 Oor1 Sets the maximum X 25 data packet size The packet size is in bytes Enables echoing characters received from DTE asynchronous terminal when the PAD is not in DATA transfer state in PAD command or PAD waiting state parity mode 0to4 Configures parity processing for characters transferred across DTE DCE asynchronous serial interface The meaning of this value is defined in ITU X 3 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 194 of 258 26 6 parameter 21 The parity_mode value refers to 0 X3 NoParity 1 X3 ParityChecking 2 X3 ParityG
188. ngle antenna Table 4 GW7300 standard components Inserting the SI M cards Ensure the unit is powered off Hold the SIM 1 card with the chip side facing down and the cut corner front left Gently push the SIM card into SIM slot 1 until it clicks in If using SIM 2 then hold the SIM with the cut corner front right Gently push the SIM card into SIM slot 2 until it clicks in Po uu mg Connecting cables Connect one end of the Ethernet cable into port A and the other end to your PC or switch Connecting the antenna If only connecting one antenna screw the antenna into the MAIN SMA connector Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 14 of 258 2 13 2 14 2 GW7300 Series hardware If using two antennas screw the main antenna into the MAIN SMA connector and the secondary antenna into the AUX SMA connector Powering up Plug the power cable into an electrical socket suitable for the power supply The GW7300 takes approximately 2 minutes to boot up During this time the power LED flashes Other LEDs display different diagnostic patterns during boot up Booting is complete when the power LED stops flashing and stays on steady Reset button Use a paperclip or similar sized piece of metal to press in the reset button when you need to reset the system When you press the reset button all LEDs turn on simultaneously The length of time you hold the reset button will determine
189. nn_tester mon_server target target target name email target nabled yes target type email target smtp addr 89 101 154 148 465 target smtp_user x example com target smtp_password x target use tls yes target tls starttls no target tls forcessl3 no target timeout sec 10 target from y example com target to z example com target subject_template severityName eventName target body_template s eventName class subclass target CONN IKSSiCSicSSimejo_SSieweic target 2 target target 2 name snmp target 2 nabled yes target 2 type snmptrap target 2 community public target 2 target_addr 192 168 100 254 target 2 agent_addr 192 168 100 1 target 2 conn_tester mon_server Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 215 of 258 28 Event system va_eventd target va_eventd target va eventd target Stan gel name logit va eventd target va eventd target US 69 eS 59 69 nabled yes wey pe exec _ Ciel _icemolece loggec Eveater S eventName Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 216 of 258 29 Configuring SLA reporting on Monitor 29 Configuring SLA reporting on Monitor 29 1 29 2 29 2 1 Introduction This section describes how to configure and view SLA reporting on Monitor the Virtual Access monitoring system It also explain
190. ns 0 frame 0 TX packets 535 errors 0 dropped 0 overruns 0 carrier 0 collisions 0 txqueuelen 1000 BUS lowiesso647953 5525 7 KiB TX lwussesSU97S 79 0 ios 31 10 2 Route status root VA_router rout n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use ieee 192 168 100 0 fa 255 255 2585 U 0 0 0 etho A route will only be displayed in the routing table when the interface is up 31 10 3 Mobile status To display information and status of mobile interfaces like 4G or CDMA enter Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 248 of 258 31 Diagnostics root VA_router cat var state mobile mobile 3g 1 Moole sc 1 1 1 1_1 status auto info etc 3g 1 1 1 auto mobile 3g 1 MMOD ILS Se d 1 25 1 2 status auto info etc 3g 1 1 2 auto mobile 3g 1 mobile 3g 1 mobile 3g 1 molar Je So 1 mobile 3g_1 molan le Se 1 mobile 3g_1 sim_slot 1 sim_in yes reg_code 1 imst 240 0160053892879 registered 1 Home network registered pkt 1 Home network l reg code pkt 1 mobile 3g 1 mobile 3g 1 mobile 3g 1 mobile 3g 1 mobile 3g 1 mobile 3g 1 area FFFE so eds S95 QA tech 7 technology E UTRAN l operator 0 0 Vodafone 7 simlstecid 8 946002712091 2066226 mobile 3g 1 1 2 moodle Se 1 1 275 N mobile 3g_1 mobile 3g_1 sim_slot 1 sim_in yes Operator Vo
191. nsmitter In RS232 half duplex mode time in POST RTS timeout Numeric No 20 milliseconds between dropping RTS value transmission finished and enabling the receiver Atmel USB serial This configures the use of tservd card CHECKBOX Ne with the Atmel USB serial card Dual X 21 card bit Enables bit reversal of all bits in 8 Checkbox No 0 i wae reverse byte word during transmission Dual X 21 card DTE Checkbox No 0 Enables X 21 TT clock signal TT Invert inversion Dual X 21 DCE E les X 21 DCE TCLK si l ua card DC Checkbox No 0 l nab es CE TCLK signa TCLK Invert inversion Dual X 21 DCE E les X 21 DCE RCLK si l ua card DC Checkbox No 0 l nab es CE RCLK signa RCLK Invert inversion Dual X 21 card CLK Enables X 21 DCE CLK signal e cara Checkbox No 0 ab SIEHE Invert inversion Dual X 21 card RX Numeric Sets X 21 card RX data delay in No 0 i data delay value number of bit positions Table 22 The General fields descriptions 25 3 1 5 Port Settings Network Section Port Settings CFG03614A General Serial Transport mode Local IP TCP mode TCP listen port Remote IP 1 Remote IP 2 Remote TCP Port 1 Remote TCP Port 2 Enable TCP keepalives Virtual Access 2015 GW7300 Series User Manual Issue 2 3 TCP p Network transport protocol 0 0 0 0 Local IP interface to use g TCP mode 2000 TCP listening port remote peer IP address primary 0 0 0 0 remote peer IP address failover 10001 rem
192. ocol used for encapsulation of other communication protocols inside point to point links over IP GRE web interface To create GRE interfaces through the web interface in the top menu select Network gt Interfaces gt Add new interface Interfaces Interface Overview Network Status Actions GRE1 Uptime 0h 0m 0s RX 183 28 KB 2189 Pkts Connect Stop Edit Delete TX 188 05 KB 1277 Pkts gegel IPv4 172 255 255 3 24 imus LAN Uptime 4h 6m 50s MAC Address 00 E0 C8 10 00 05 Connect sop ZO Delste 2 RX 37 23 MB 408967 Pkts gno TX 931 86 KB 3327 Pkts IPv4 10 5 10 89 16 Uptime 4h 6m 26s Connect Stop Edit Delete RX 393 44 KB 3109 Pkts TX 254 93 KB 1900 Pkts IPv4 178 167 191 86 32 3g wan Add new interface Figure 64 The interfaces page Click Add new interface Create Interface Name of the new tunnel1 interface The allowed characters are A Z a z 0 9 and a m Protocol ofthe new GR interface Back to Overview Submit Figure 65 The create interface page Type in the name of the new interface then in the Protocol of the new interface drop down list select GRE O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 149 of 258 23 GRE interfaces Name Type Required Default Description N f th Assi logical to the GRE ame of the new ext yas Blank ssigns a logical name to the G interface tunn
193. olicy dir in for IPSec Rules Sections of the type rule can be used to define basic accept or reject rules to allow or restrict access to specific ports or hosts Like redirects the rules are tied to the given source zone and match incoming traffic occurring there Valid options for this section are Name Type Required Default Description zone Specifies the traffic source zone must refer src yes none name to one of the defined zone names s ip Match incoming traffic from the specified src_ip no none address source IP address mac Match incoming traffic from the specified mac src mac no none address address Sitor Match incoming traffic originating from the src_port P no none given source port or port range on the client 3 range j F e host if tcp or udp is specified as protocol Match incoming traffic using the given protocol Can be one of tcp udp tcpudp protocol udplite icmp esp ah sctp or all or it can be proto name or no tcpudp a numeric value representing one of these number protocols or a different one A protocol name from etc protocols is also allowed The number 0 is equivalent to all Specifies the traffic destination zone must zone refer to one of the defined zone names If Dest no none m 3 name specified the rule applies to forwarded traffic else it is treated as input rule dest i ip n6 on Match incoming traffic directed to the P address
194. on is renegotiated via the keying channel before it expires see rekeymargin Syntax timespec 1d 2h 25m 10s rekeymargin string Specifies how long before connection expiry or keying channel expiry should attempt to Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 101 of 258 17 Configuring IPSec negotiate a replacement begin yes om Relevant only locally other end need not agree on it Syntax timespec 1d 2h 25m 10s Specifies how many attempts a positive integer or 96forever should be made to negotiate a keyinatries teder connection or a replacement for ying 9 yes 3 one before giving up The value forever means never give up Relevant only locally other end need not agree on it Valid values are none hold and clear string none None Disables dead peer detection Clear Clear down the tunnel if peer does not respond dpdaction string Reconnect when traffic brings the tunnel up Hold Clear down the tunnel and bring up as soon as the peer is available Restart restarts DPD when no activity is detected Defines the period time interval with which R_U_THERE messages INFORMATI ONAL TEN 35 exchanges are sent to the peer ela strin es S P y 9 y These are only sent if no other traffic is received Syntax timespec 1d 2h 25m 10s Defines the timeout interval after which all connections to a peer are deleted in case
195. on tracking to work At least one of the src or dest zones needs to have connection tracking enabled through either the masq or the conntrack option Redirects Port forwardings DNAT are defined by redirect sections All incoming traffic on the specified source zone which matches the given rules will be directed to the specified internal host The options described in the table below are valid for redirects Name Type Required Default Description one yes for Specifies the traffic source zone must refer src name DNAT none to one of the defined zone names For typical target port forwards this is usually wan ei ip o mansi Matches incoming traffic from the specified P address source IP address ves dot For DNAT matches incoming traffic directed i t the given tination i ress For SNAT src dip p SNAT mone a e given destination ip address Fo S address rewrites the source address to the given target address mac Matches incoming traffic from the specified src_mac no none address mac address ee Matches incoming traffic originating from the src_port E A no none given source port or port range on the client 9 host For DNAT matches incoming traffic directed port or at the given destination port or port range on src_dport no non 2P range mone this host For SNAT rewrites the source ports to the given value rotocol p Matches incoming traffic using the given pro
196. or WC clock eyales option x21_data_delay 0 destination peer ip address two addresses for failover Cecilem emote iol VIO TL s T0 S2 1E 1I v option remote ip2 0 0 0 0 keep TCP session always connected option tcp always on 0 close TCP session on detection of DSR signal low option close tcp on dsr 1 Forwarding timeout in milliseconds serial to network option fwd timeout 30 Forwarding buffer size serial to network option fwd buffer size 256 Receive control characters that cause buffer to be forwarded apelan iaa muExabmg UU serial device speed in baud Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 182 of 258 option speed 115200 Ww serial device wore size 5 6 7 0 option wsize 8 serial device parity 0 none l even 2 odd option parity 0 serial device number of stop bits 1 or 2 opeilom stops 1 serial from control mode 0 none 1 RTS CTS option fc_mode 1 2 XONXOFF 25 Terminal Server time in milliseconds to start re connecting after setting DTR low option disc_time_ms 5000 TCP server mode option server_mode 1 TCP listen port for server mode option listen_port 999 UDP mode option udpMode 0 UDP port for UDP mode option udpPort 0 Each Terminal Server port must be associated with a specific serial port device For example you can configure port 1 as Virtual Access 2015 GW7300 Series User
197. ork DMVPN Internet or Private Network S Ss 3 E Spoke 2 GW2020 We X CU Figure 67 Network diagram for DMVPN spoke to spoke e Spokel and Spoke2 connect on their WAN interface ADSL 3G and initiate main mode IPSec in transport mode to the hub e After an IPSec tunnel is established spokes register their NHRP membership with the hub e GRE tunnels come up e Hub cache the GRE tunnel and real IP addresses of each spoke e When Spokel wants to talk to Spoke2 it sends an NHRP Resolution Request to the hub e The hub checks its cache table and forwards that request to Spoke2 e Spoke2 caches Spokel s GRE and real IP address and sends an NHRP Resolution Reply via the hub e Spokel receives an NHRP resolution reply and updates its NHRP table with Spoke2 information Then it initiates VPN IPsec connection to Spoke2 e When an IPsec tunnel is established Spokel and Spoke2 can send traffic directly to each other Scenario 2 Spokel is in a private NAT ed network Spoke2 and hub are in public network Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 154 of 258 24 3 24 Dynamic Multipoint Virtual Private Network DMVPN Internet or Private Network Figure 68 Network diagram for DMVPN spoke behind NAT e Spokel sends an NHRP registration request to the Hub e Hub receives this request and compares the source tunnel address of the Spoke with the
198. ot 1496 S grep tservd 26 8 2 Stop the modules You should never need to manually stop the modules If necessary you may do so by typing in the following at the command prompt e Get the module PID ps grep module name where module name is the name of the module you want to check it is running e Stop the module kill PID where PID is the PID of the module you got above If the command did not return anything but you are offered a new prompt it means the module was killed For example if you want to kill the Terminal Server type ps grep tservd If the tservd module is running you will see something similar to the following root VA_router ps grep tservd 3802 root 1036 S ES wel 4162 root 1496 S grep tservd root VA_router kill 3802 rootQVA router Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 201 of 258 27 Configuring a COSEM HDLC Bridge 27 Configuring a COSEM HDLC Bridge 27 1 COSEM is the COmpanion Specification for Energy Metering as defined in IEC publication 62056 The protocol is used for the electronic control and monitoring of electricity meters The electricity meters are often connected to the communication equipment by a serial port usually RS485 The COSEM HDLC Bridge is a software function within the Virtual Access equipment that bridges HDLC frames between a TCP connection and a serial port The bridge supports a TCP server that li
199. ote peer TCP port primary 0 remote peer TCP port failover Y enable TCP keepalives Figure 80 The Network tab fields part 1 Page 172 of 258 25 Terminal Server TCP Keepalive interval TCP Keepalive timeout TCP Keepalive count TCP User timeout TCP nodelay TCP always on Close TCP on DSR Reconnect time ms disable TCP Nagle algorithm Y keep TCP always connected close TCP session on detection of DSR signal low 5000 TCP Keepalive send interval seconds TCP Keepalive timeout seconds TCP Keepalive maximum probe count TCP close maximum wait ack time milliseconds time in milliseconds to start re connecting after setting DTR low Figure 811 The Network tab fields part 2 Name Type Required Default Description Dropdown Transport mode list P Yes TCP Select between TCP UDP IP Local IP address to listen on Local IP Yes 0 0 0 0 address 0 0 0 0 listen on any interface D lect bet lient TCP mode dropdown Yes cener Select between server and clien list modes of TOP TCP listen port cs Yes 999 TCP listen port for server mode IP m Remote IP 1 Yes 0 0 0 0 Destination peer IP laddress address IP Destinati IP2 f Remote IP 2 Yes 0 0 0 0 rq cd address ier address failover N i Remote TCP Port 1 bodie Yes 951 Destination peer port IP 1 number Numeri Destination r port IP 2 Remote TCP Por
200. other oids are visible apart from those ones listed Values included excluded An oid 1 is everything oid string yes iso org dod I nternet mgmt mib 2 mib2 Any other valid oid The following example defines two views one for the entire system and another for only mib2 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 123 of 258 19 4 19 Configuring SNMP Comrie wie aLL option viewname all option type included Opio noi Comrie e A ZN option viewname mib2 option type included COELOM Gul Y ASO OEG ClOCl Jae eee suspe slo 2 V access The options defined for this section are outlined below Name Type Required Description group string yes Specifies the group to which access is being granted context string yes For SNMP v1 and SNMP v2c context must be none Specifies the SNMP version number being used in the version string yes request any v1 v2c and usm are supported level strin es The security level noauth auth or priv For SNMP v1 and 9 y SNMP v2c level must be noauth Prefix specifies how context above should be matched Prefix string yes against the context of the incoming pdu either exact or prefix A valid Read view or yes Specifies the view to be used for read access none A valid Write view or yes Specifies the view to be used for write access none A valid Notify view or yes Specifies the view to be used for notify access
201. ou must configure two main sections Main Settings and Port Settings 25 3 1 1 Main settings Terminal Server Configuration of the VA Terminal Server Main Settings Enable 9 enable terminal server Debug Enable enables detailed debug logging state transitions data transfer etc Syslog severity nformational g Log RX TX enable logging data transfers Figure 75 The terminal server main settings page In the Main Settings section click the Enable check box to enable the Terminal Server Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 167 of 258 25 Terminal Server Name Type Required Default Description Enable Checkbox Yes Disabled Enables the Terminal Server application Debug Enable Checkbox No Disabled Enables detailed debug logging Syslog severity Dropdown list Yes Notice Determines the syslog level Events up to this priority will be logged Emergency 0 Alert 1 Critical 2 Error 3 Warning 4 Notice 5 Info 6 Debug 7 Log Rx Tx Checkbox No Disabled Enable logging data transfers 25 3 1 2 Port settings Table 21 The main settings and their descriptions The Port Settings section is divided into 3 sub sections e General e Serial e Network 25 3 1 3 Port settings general section Port Settings CFG03614A General Serial Enable Network Fowrarding Buffer Si
202. owing two devices Note for this report two routers have been added When you have configured the SLA Report Monitor will periodically access the router every hour and initiate a create scheduled task on a router This task tells a router to upload SLA statistics to Monitor If Monitor is unable to schedule a task a due to an outage it will attempt to connect again to a router when the connection is back up 29 4 Viewing an SLA report To view an SLA report access any router on Monitor that has been added to the SLA report Click SLA Reporting Select the relevant report in the drop down menu and select a date Generate SLA Report Report SLA_Test_Reporti Date 07 18 2012 Figure 100 The generate SLA report page Click Generate and the report will open Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 222 of 258 29 5 29 Configuring SLA reporting on Monitor Report SLA_Test_Reportl Date 18 7 2012 Hours of operation 08 00 19 00 Average Latency ms per period Hourly Average Latency ms Average Signal Strength dBm per period Hourly Average Signal Strength dBm Average Packet Loss per period Hourly Average Packet Loss Figure 101 Example of SLA report output Viewing automated SLA reports An automated version of this report is stored in the database and you can access it through any router assigned to the report To view these
203. own option Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 90 of 258 16 Automatic operator selection In the Exclusive Group field type in 3g From the dropdown menu select the Choose Minimum ifup Interval option From dropdown menu select the Interface Start Timeout option From dropdown menu select the Signal Threshold option All available WAN interface options are described in the table below Name Type Required Default Description Health Monitor Dropdown menu Yes 10 sec Interval used to Interval monitor Signal strength Health Monitor Dropdown menu No none Target IP address ICMP Host s for ICMCP packets Health Monitor Dropdown menu Yes 3 sec ICMP timeout ICMP Timeout Attempts Before Dropdown menu Yes 3 Number of fail WAN Failover attempts of Health Monitor before interface is torn down Attempts Before N A N A N A N A WAN Recovery Priority Number Yes 0 Higher value is higher priority Minimum ifup Dropdown menu Yes 300 sec Minimum interval Interval between two successive interface start attempts Interface Start Dropdown menu Yes 40 sec Time for interface Timeout to startup Signal Threshold Dropdown menu Yes 115 if signal is lower dBm than this then is marked as fail 16 3 1 3 Setting options for automatically created interfaces From the top menu on the web interface page select Services gt Mobile Manager The Mobile M
204. password Username root Password sence Login Reset Figure 42 The login page In the username field type root In the Password field type admin Click Login Configuring an ADSL PPPoA connection From the top menu select Network gt Interfaces The Interface Overview page appears LOOPBACK NEWLAN Add new int Uptime 16h 21 0 MAC Address 00 00 00 00 00 00 RX 937 36 KB 8351 Pkts TX 997 36 KB t IPv4 127 0 0 1 8 IPv6 0 0 MAC Address RX TX RX TX erface Click Add new interface The Create Interface page appears Figure 43 The interfaces overview page Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 133 of 258 21 Configuring ADSL Create Interface Name of the new ADSL The allowed characters are B Z a z 0 9 and _ interface Protocol of the new PPPoATM M interface Back to Overview Submit Figure 44 Create Interface page In the Name of the new interface field type the name of the PPPOA interface In the Protocol of the new interface from the drop down menu select PPPoATM Click Submit The ADSL Interfaces page appears Interfaces ADSL On this page you can configure the network interfaces You can bridge several interfaces by ticking the bridge interfaces field and enter the names of several network interfaces separated by spaces You can also use VLAN notation INTERFACE
205. pdown update ns No 2 Specifies interval of NTP requests interval list of Defines the pool of NTP servers to poll the server no none time from If the list is empty the built in hostnames NTP daemon is not started A sample system configuration is shown below root VA_router uci show system SMS Ceme SIVISIC Th SySctem VISIT main system main hostname VA router main timezone UTC main log ip 10 1 83 36 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 44 of 258 8 Management configuration settings system main log_port 514 system main password admin system main time_save_interval_min 10system ntp timeserver system ntp interval_hours 2 system ntp server 0 openwrt pool ntp org package system config system main option hostname VA_router option timezone UTC aprilom Vlog sp 10 1 83 36 Operom loc pore o AS option password admin option time save interval min 10 config timeserver ntp option interval hours 2 list server 0 VA_router pool ntp org 8 4 User management 8 4 1 Configuration file config user You can create different users on the system by defining them in the user management configuration file etc config management_users The following table describes the user s management configuration options Name Type Required Default Description enabled Boolean Yes
206. plate will build as shown in the figure below The example graphs average latency connection strength and packet loss with a roll up period set per hour and a range scope set per day Add Edit Content Template Template name Template description testTemplate a test template Report element Rollup Range Graphical Upper Ssi Per Percentage Delete scope scope limit limit site Avg Latency HOUR DAY True Infinity Infinity False False r Avg E ConnectionStrength HOUR DAY True Infinity Infinity False False r Avg PacketLoss HOUR DAY True Infinity Infinity False False O Select data Select a report Element Select roll up scope YEAR 2 Select range scope YEAR 7 Is this data to be graphical O Upper data value limit Infinity Lower data value limit infinity Present data per site O Present data as a percentage E Add data set Figure 97 Example content template Adding an SLA report When you have configured a content template you can add an SLA report In the top menu click SLA Reporting gt REPORTS Then click Create The Add SLA Report page appears Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 220 of 258 29 Configuring SLA reporting on Monitor Report name Frequency of report Initial print time Valid statistic time Content template Add SLA Report once off
207. poa com A A A A network ADSL vci 35 A A A network ADSL password test5 Configuring an ADSL PPPoEoA connection via UCI The configuration file is stored at Network file etc config network To view the configuration file enter uci export network config adsl device adsl option fwannex a option annex a option Enabled yes config interface ADSL option proto pppoe option ifname nas0 option username test5 pppoe com option password test5 option ac test option service test option defaultroute 0 config atm bridge Gortiom wake VOY option atmdev 0 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 21 Configuring ADSL Page 142 of 258 21 Configuring ADSL option encaps llc option payload bridged apio wea Ya opcion was 0 To view uci commands enter uci show network network adsl adsl device network network network network network network network network network network network network network network network network network network ads ads ads gt PP op p SF o p p A l fwannex a l annex a Enabled yes DS DS DS DS DS DS DS L interface OO OOO OOS L ifname nas0 L username test5 pppoe com L password test5 Li ACHESSIE L service test DS L defaultroute 0 QGatm bridge 0 atm bridg atm bridge 0 unit 0
208. r TOD OVA colar ajoreloles 1 QOIS C Glog 9 6 32 so lemo J DROP To disable the rule enter root VA_router iptables D OUTPUT 1 Debug It is possible to view the iptables commands generated by the firewall program This is useful if you want to track down iptables errors during firewall restarts or to verify the outcome of certain UCI rules To see the rules as they are executed run the fw command with the FW TRACE environment variable set to 1 root VA_router FW TRACE 1 fw reload To direct the output to a file for later inspection enter Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 246 of 258 31 Diagnostics root VA_router FW_TRACE 1 fw reload 2 gt tmp iptables log 31 9 GPS diagnostic commands You can use the utility GPS to run diagnostic commands against the GPSD application When you run GPS at the command prompt without parameters it prints the menu listing all available commands For example to view the last known router position enter gpspeek root Demo gpspeek Pass 3D 1423135951 7 33 342348 8 241331 23 J 800000 223 700000 0 OOOO aca 31 10 Interfaces diagnostics 31 10 1 Interfaces status To show the current running interfaces enter root VA_router ifconfig 3g CDMA Link encap Point to Point Protocol inst ewlebeg10 535 1525 100 P ir P9s179 725 0 237 Masks255 255 255 255 UP POINTOPOINT RUNNING NOARP MULTICAS
209. r 1 option chapuser 0 option webuser 0 option smsuser 0 option linuxuser no When the new user is defined you must reboot the system for the changes to take effect After the reboot the password option is replaced by a hash of the password The hash password is now defined by the hashpassword option For srpuser password will be defined by the srphash option Note when a new user is created on the system and given web access they will no longer be able to login to the router web interface with the default root user details The user must use the new login details Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 46 of 258 8 Management configuration settings 8 4 2 UCI export and UCI show commands Run UCI export or show commands to see management user UCI configuration settings root VA_router uci export management_users package management_users config user option enabled 1 option username test option webuser yes option linuxuser yes config user option enabled 1 option username srptest option srpuser 1 option chapuser 0 option webuser 0 option smsuser 0 option linuxuser no option srphash 0 2de6Dk6DA4tFo80Vfb2iuY6aRj2CAoPeo2DAdCRCReBUC 9Pxb56rNmamtaBx BiQIzNisYFJF VdhH6H0Z Ys9RzU1SJrMVpmQZkJwqlBltA F70 tflVkGnXyiTLSCN68iJ SltDDqeOprmLo IW 9Ub7 qop44M13g6S5QJxpu N5sLzpSvER kAFNPR DmK9D 3SQzTtEZNYypmkgP 902ihw 4uDU NIFGMzd3dBsOVdFl1A
210. r Name Router Mode Firmware Version Current Image Config Kernel Version Local Time Uptime 1h 51m 46s Load Average 246 228 20 Figure 15 The interfaces menu on a VA router The Interfaces Overview page appears AL AN LANA NAYI AN2 AN WANT Interfaces Interface Overview Netwoeb Status Achons K wm RX Gt TX sor MAC Address 00 E t RX TX IPyd 152 1 LAN Uptime 1h 57m 1 MAC Address RX 4 1 IPyd 10 1 10 5271 LAN Uptime 1h 57 MAC Address RX 672 00 B Pit TX IPyd 1 Figure 16 The interfaces overview page Click Edit on WAN or LAN to make your changes For WAN connectivity the Common Configuration page appears Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 75 of 258 13 Configuring a 3G 4G connection Common Configuration Status Protocol UMTS Modem device SIM APN PIN PAP CHAP username vodafone PAP CHAP password eeeesse eneral Setup Advanced Settings 3PRS EV DO Service Type UMTS GPR Back to Overview Firewall Settings 3g wan Ta RX 0 00 B 0 Pkts TX 0 00 B 0 Pkts Save amp Apply Reset Figure 17 The common connectivity page Ensure the General Setup tab is selected For single SIM implementation in the SIM drop down menu select SIM 1 Enter the APN information and the PAP CHAP username and password Click Save amp Apply To enable 3G 4G connection to connect on boot up se
211. rary commands for example advanced iptables rules or tc commands required for traffic shaping When writing custom iptables rules use 1 insert instead of A append to ensure that the created rules appear before the generic ones I Pv6 notes As described above the option family is used for distinguishing between IPv4 IPv6 and both protocols However the family is inferred automatically if IPv6 addresses are used for example is automatically treated as IPv6 only rule config rule option src wan Option sre io rocas 00 33 2 04 option target ACCEPT Similarly such a rule is automatically treated as IPv4 only Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 111 of 258 18 8 18 Configuring firewall config rule option src wan sei omgeelc Sto ONC ONE O OTOL option target REJECT Rules without IP addresses are automatically added to iptables and ip6tables unless overridden by the family option Redirect rules port forwards are always Pv4 since there is no IPv6 DNAT support at present Implications of DROP vs REJ ECT The decision whether to drop or to reject traffic should be done on a case by case basis Many people see dropping traffic as a security advantage over rejecting it because it exposes less information to a hypothetical attacker While dropping slightly increases security it can also complicate the debugging of network issues or cause unwanted side effects on client programs
212. rnet eth3 lan4 of Ethernet Adapter Io loopback 9 Custom Interface as0 Note If you choose an interface here which is part of another network it will be moved into this network Back to Overview Submit Figure 51 The create interface page In the Name of the new interface field type the name of the interface From Protocol of the new interface drop down menu select PPPoE From cover the following interface select Custom I nterface and then type nasO Click Submit The Interfaces name of new interface page appears Protocol PPPoE PAP CHAP username va5 mpl2tp2 com PAP CHAP password eg Access Concentrator Leave empty to autodetect Service Name Leave empty to autodetect Figure 52 The new interface page In the PAP CHAP username field type the CHAP username In the PAP CHAP password field type the password Optionally in Access Concentrator field type the AC name OVitualAccess2015 GW7300 Series User Manual Issue 2 3 Page 137 of 258 21 Configuring ADSL Optionally in Service Name field type the SA name Select the Firewall Settings tab The Interfaces name of new interface page appears Interfaces ADSL On this page you can configure the network interfaces You can bridge several interfaces by ticking the bridge interfaces field and enter the names of several network interfaces separated by spaces You can also use VLAN notation INTERFA
213. root logins Set to O to disable SSH logins as root GatewayPorts boolean no none Enables gateway ports Set to 1 to allow remote hosts to connect to forwarded ports Interface string no none Tells dropbear to listen only on the specified interface Identity string no SSH 2 0 dropbear 2013 60 Sets alternative name that appears for dropbear version Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 68 of 258 12 BGP Border Gateway Protocol 12 BGP Border Gateway Protocol 12 1 Configuring the BGP web interface In the top menu select Network gt BGP BGP configuration page appears DeskIPSec Status BGP Global Settings Add BGP neighbors IP Address Autonomous System Number Route Map Route Map Direction This section contains no values yet Add BGP Route Map This section contains no values yet Add Im Reset Powered by LuCI Trunk trunk svn8382 GIG 15 00 38 00E0C81011A8 image config2 Figure 9 BGP page To configure global BGP settings click Add BGP Global Settings BGP Enabled Y Router ID 192 168 210 1 Autonomous System 1 Number Network 10 1 0 0 pd These networks will be announced to neighbors Figure 10 BGP global settings page Name Type Required Default Description Check BGP Enabled Bos Yes Unchecked Enables BGP protocol Router ID Integer Yes None Sets
214. router uci commit root VA_router uci show network wan network wan network wan network wan network wan network wan network wan network wan network wan TOOT WA eeu Ge g interface username foo password bar proto 3g device dev ttyACMO service umts auto 0 apn hs vodafone ie Below is a guide for the UCI command line and some further examples of how to use this powerful utility When there are multiple rules next to each other UCI uses array like references for them If there are 8 NTP servers UCI will let you reference their sections as Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 31 of 258 7 Command Line Interface timeserver timeserver 0 for the first or timeserver timeserver 7 for the last one You can also use negative indexes such as timeserver timeserver 1 1 means the last one and 2 means the second to last one This is useful when appending new rules to the end of a list See examples below root VA_router lib config uci Usage uci lt options gt lt command gt lt arguments gt Commands export lt config gt import lt config gt changes lt config gt commit lt config gt add config lt section type gt add_list lt config gt lt section gt lt option gt lt string gt show lt config gt lt section gt lt option gt get lt config gt lt section gt lt op
215. rtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 33 of 258 7 Command Line Interface 7 3 Configuration files File Management Description etc config autoload Boot up Activation behaviour typically used in factconf etc config httpclient Activator addresses and urls etc config monitor Monitor details etc config firewall Basic etc config dropbear SSH server options etc config dhcp Dnsmasq configuration and DHCP settings NAT packet filter port forwarding etc etc config network Switch interface L2TP and route configuration etc config system Misc system settings including syslog Other etc config snmpd SNMPd settings etc config uhttpd Web server options uHTTPd etc config strongswan IPSec settings 7 4 Configuration file syntax The configuration files usually consist of one or more config statements so called sections with one or more option statements defining the actual values Below is an example of a simple configuration file package example config example test option Sia some value option boolean st List Conect a a first item list V OLILSCE LOM second item The config example test statement defines the start of a section with the type example and the name test There can also be so called anonymous sections with only a type but no name identifier The type is importan
216. rwarding Saser can cece sete EE adi 206 28 6 3 Connection testers padaras iapa ener eee eee eee neta ened 206 28 6 3 1 Ping connection tester ioter inel Ree eoe bare eene tee ec ru eue e dne e E den 207 28 6 3 2 Link connection tester 5 rore repete rete tne e ERE ien epe ra reae ATEREA 207 28 6 4 Supported targets cccccc cece eee eee een esee emen en 208 28 6 4 1 Syslog targets eoe re i IM 208 28 6 4 2 Erriall tat Bel irte s tra Ga den a e PH EE IS 209 28 6 4 3 SNMP targeta ette estet te ee e peer et ue teer aae 210 28 6 4 4 Exe target oss dd ttu 210 28 6 5 Example and export csssssssssssssssssesseese meses enemies 211 29 Configuring SLA reporting on MONitOF ccoococoonoconcnconnncannncannncanancananeananennas 217 29 1 Introductio ssn e eritis eig ER Ete tr ekg ota Pace d RE Vete Igne Sep dieto den 217 29 2 Configuring SLA reporting sssssssssssss mmm memes memes 217 29 2 1 Configuring a content template csse 217 29 3 Adding an SLA report sua c en eee a UI RARE bla RE ala SEDE eR eO 220 29 4 Viewing an SLA report sssssssssssssssseem eese esee emen esee nennen en 222 29 5 Viewing automated SLA reports cece cece ensem nennen 223 29 6 Configuring router upload protocol ssssssssssm mm 224 30 Configuring SLA for a router occmococoncoconnaconnncannncanancannncnnancanancanancarananennaness 225 Virtual Access 2015 GW7300 Series User Manual Issue
217. s name email enabled yes type email conn_tester pinger smtp_addr smtp site com 587 Sms NU SS smtp password use tls yes tils suertes ives tls forcessl13 yes timeout sec from xGexampl to y example uq CEs COT com subject templ Lat body_templat S eventName conn_tester smtp_server jJohn_smith site com secret word S severityName it to the configured email S eventName S class subclass happened Name Type Required Default Description mam String Vek sane Name of the target to be used in the forwarding section enabled Boolean Yes Yes Enable this target type String Yes Email Must be email for a syslog target paa dr ds Port Ven Nong Hoa puis smtp user String No None Username for smtp authentication smtp password String No None Password for smtp authentication use tls Boolean No No Enable tls support tls starttls Boolean No No Enable starttls support tls forcessi3 Boolean No No Force SSLv3 for TLS timeout sec Time in secs No No Email send timeout from M Yes No Source email address to a Yes No Destination email address O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 209 of 258 28 Event system Template to use for the email subject template String No None E subject body_template String No None Template to us
218. s list of i dns DP no none Overrides DHCP assigned DNS server s addresses metric integer no 0 Specifies the default route metric to use Specifies a list of additional DHCP reqopts list of strings no none f options to request Protocol 3g PPP over EV DO CDMA UMTS or GRPS Name Type Required Default Description Specifies the modem device node device file path yes none dev ttyACMO service string yes umts Specifies the 3G service type Virtual Access 2015 I1 2 c2 E GW7300 Series User Manual Issue 2 3 Page 50 of 258 8 5 6 8 5 7 8 Management configuration settings cdma evdo umts gprs Protocol I2tp layer 2 tunneling protocol apn string yes none Sets the APN to use pincode number no none Sets the PIN code to unlock SIM card Specifies the number of seconds to wait maxwait number no 20 for modem to become ready Sets the username for PAP CHAP username string no none ies authentication deren strin no inre Sets the password for PAP CHAP P 9 i authentication Specifies the number of connection keepalive number no none failures before reconnect Specifies the number of seconds to wait demand number no none before closing the connection due to inactivity Jefatitro te l boolesn 1 Replaces the existing default route on a PPP connect peerdns boolean no 1
219. s are unbalanced option example some value with space note the missing quotes around the value It is important to know that identifiers and config file names may only contain the characters a z 0 9 and _ Option values may contain any character as long they are properly quoted 7 5 Examples No need to reboot After changing the port uhttpd listens on from 80 to 8080 in the file etc config uhttpd save it Then enter root VA_router uci commit uhttpd then enter root VA_router etc init d uhttpd restart Done No reboot needed Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 35 of 258 7 5 1 7 5 2 Export an entire configuration root VA_router uci export httpd package httpd Comrie Ime Option OS ON option home www root VA_router To show the configuration tree for a given config enter root VA_router uci show httpd httpd httpd 0 httpd httpd httpd 0 port 80 httpd httpd 0 home www root VA_router Display just the value of an option root VA_router uci get httpd httpd 0 port 80 root VA_router High level image commands 7 Command Line Interface The image running at present can be shown using the command root VA_router vacmd show current image The image to run on next reboot can be set using the command root VA_router
220. s how to configure scheduler task that is placed on the router to upload SLA statistics The Virtual Access Monitor system provides e centralised access to router connectivity status e access to advanced router diagnostic tools and e access to SLA Report Management The SLA Report Manager can build reports from a list of selected routers presenting a range of statistics over extended periods of time including e Availability e Latency e Packet loss e 3G signal strength Configuring SLA reporting To configure SLA reporting on Monitor you must first add a content template and then build an SLA report based on it A content template allows you to enable and configure report elements that you can then add to an SLA report When you have added a content template you can then add an SLA report Configuring a content template Click Settings on the Monitor home page The settings page appears F VIRTUAL Y 3 A c c E S S ___HIERARCHICAL LINEAR SUMMARY SERVICE LOG SETTINGS LOGOUT Resellers Devices v Users v Email SLA Reporting Services v Linear View w Maintenance Figure 94 The settings page on Monitor In the top menu select SLA Reporting Content Templates Then click Create The Add Edit Content Template page appears Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 217 of 258 29 Configuring SLA reporting on Monitor Add Edit Content Template Template name
221. s period it will be considered a fail Specifies the minimum interval between two ifup timeout sec Yes 40 secs EM successive interface start attempts Specifies the minimum dBm signal strength signal threshold Yes 150 p aoe A 9 x before considering the interface as fail RSCP Threshold Yes 150 Specifies the minimum RSCP signal strength for 3G dBm before considering the interface as fail ECIO Threshold Yes 35 Specifies the minimum ECIO signal strength for 3G dBm before considering the interface as fail Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 85 of 258 16 Automatic operator selection 16 Automatic operator selection 16 1 16 2 16 3 16 3 1 Introduction to automatic operator selection This section describes how to configure and operate the Automatic Operator Selection feature of a Virtual Access router When the roaming SIM is connected the 3G module has the ability to scan available 3G networks The router using mobile and multi WAN packages finds available networks to create and sort interfaces according to their signal strength These interfaces are used for failover purposes Configuring automatic operator selection While the router boots up it checks for 3G networks Based on available networks the router creates network and multi WAN package failover interfaces Details for these interfaces are provided in the mobile package When you have created
222. s v Y vs Delete Figure 63 The interfaces configuration section In the interface drop down list choose the interface you wish to enable PIM on Check Enabled to allow the interface to be managed by the PIM application Check either Enable SSM and or Enable I GMP depending on your requirements Note you must enable PIM SSM on all the interfaces on the route from the multicast source to the multicast client IGMP must be enabled on the interface to the multicast client only Name Type Required Default Description Enable management of the given Enabled G sdkboXA aes Hnnehiecked interface by the PIM application interface Drop l Blank Select the interface to apply the down list settings to Enable IGMP Checkbox yes Unchecked Enable IGMP on given interface Enable SSM Checkbox yes Unchecked Enable SSM on given interface Table 14 The PIM global settings description Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 146 of 258 22 2 22 Multicasting using PIM and IGMP interfaces To save your configuration updates click Save amp Apply PIM and IGMP UCI interface You can configure PIM and IGMP through CLI using UCI The configuration file is stored at etc config pimd To view the configuration file use commands uci export pimd or uci show pimd root VA_router etc configl package pimd GOMmELC eo wieswiacg Isl option enab
223. scripts import lt config gt Imports configuration files in UCI syntax add lt config gt lt section type gt Adds an anonymous section of type section type to the given configuration add_list lt config gt lt section gt lt option gt lt string Adds the given string to an existing list gt option show lt config gt lt section gt lt option gt Shows the given option section or configuration in compressed notation get lt config gt lt section gt lt option gt Gets the value of the given option or the type of the given section Set lt config gt lt section gt lt option gt lt valu Sets the value of the given option or e gt adds a new section with the type set to the given value delete lt config gt lt section lt option gt Deletes the given section or option Table 1 Commands target and their descriptions Note all operations do not act directly on the configuration files A commit command is required after you have finished your configuration Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 22 of 258 6 File system root VA_router uci commit 6 1 3 1 Command line utility examples To export an entire configuration enter root VA_router uci export To export the configuration for a single package enter uci export lt package gt root VA_router uci export system package system config system main
224. seconds serial to network option fwd_timeout 30 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 175 of 258 25 Terminal Server Forwarding timer mode serial to network idle timer re started on each received data aging timer started on first rx option fwd timer mode idle Forwarding buffer size serial to network option fwd buffer size 256 Forwarding buffer size network to serial O use maximum possible network rx buffer size option sfwd buffer size 0 Forwarding timeout in milliseconds network to serial O forward to serial immediately option sfwd timeout 20 Forwarding timer mode network to serial idle timer re started on each received data aging timer started on first rx option sfwd timer mode idle serial device speed in baud option speed 115200 w Serial devices wore eize 5 6 7 0 option wsize 8 serial device parity 0 none l even 2 odd ODE folem or bah boh AMO serial device number of stop bits 1 or 2 option stops 1 serial flow control mode 0 none 1 RTS CTS 2 XONXOFF option fc mode 0 time in milliseconds to start re connecting after setting DTR low option disc time ms 5000 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 176 of 258 25 Terminal Server TCP server mode option server_mode 1 Proxy mode off by default option proxy_mode 0 Local IP a
225. sic configuration X 25 PAD Main Settings Basic Advanced Enable X 25 Window Size X 25 Packet Size Configuration of X 25 PAD Y Y Enable X 25 PAD 9 X 25 Window Size X 25 Packet Size Figure 88 The X 25 PAD interface Name Default Range Description Enable 0 Oorl Determines whether or not the padd daemon is enabled or disabled X 25 Window Size 2 1to7 Sets the size of the X 25 window X 25 Packet Size 128 128 to Sets the X 25 packet size used 1024 The packet size is in bytes 26 6 2 Main settings advanced configuration Main Settings Basic Advanced Syslog severity Enable debug Informational 9 Specifies the lowest severity to be logged by X 25 PAD Enables detailed debug logging state transisions data transfer etc Figure 89 The main settings interface Name Default Range Description Syslog severity 6 0 to 7 Determines the syslog level Events up to this priority will be logged O Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 Notice 6 Informational 7 Debug Enable debug 0 0 or 1 Determines whether or debug statements are O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 196 of 258 logged Note enabling this may have an impact on the router performance and should only be used for debug purposes 26 6 3 Port settings general configuration Select
226. som CUENTE SKIES iL root root 0 gui 3 22853 woo drwXrWXr Xx 2 GOO root 612 doll 16 2012 Soim diwr xe 5x iil oo root O0 Jan 1 1970 sys drwxrwxrwt MORRO root S00 dul 4 01327 emp drws ra nE L coot root O Jul 3 Llay wee lrwxrwxrwx l root root A Jul 16 2012 var gt tmp drwxr xr x 4 root root 67 Jul 16 2012 www To change current folder enter root VA_router cd etc ppp root VA_router etc ppp To view scheduled jobs root VA_router Virtual Access 2015 GW7300 Series User Manual Issue 2 3 crontab Page 29 of 258 7 Command Line Interface To view currently running processes root VA_router ps ED el WOO TOOR root TOOL OO root root We wer x5 GH dex G kh I co ROO o N root 93 TOO 94 root 424 root 549 root 563 OQ GLZ woot 6824 root 7296 root 374 root SIS LOOR 384 root SIS CooL VmSize Stat Command 356 EIETIEINIS DW keventd RWN ksoftirqd CPUO0 SW kswapd SW bdflush SW kupdated SW mtdblockd 344 S Logs S 9 356 malie 348 S eyeslege 16 300 klogd 320 S wifi up 364 httpd p 80 h www r VA router 396 crond c etc crontabs 392 S usr sbin dropbear 588 S usr sbin dropbear 444 ash 344 R ps ax 400 S bin sh sbin hotplug button 396 W bin sh sbin hotplug button RW keventd 7 2 Unified Configuration Interface UCI The system uses Uni
227. source of the packet e Hub sends an NHRP registration reply with a NAT extension to Spokel e The NAT extension informs Spokel that it is behind the NAT ed device e Spokel registers its pre and post NAT address e When Spokel wants to talk to Spoke2 it sends an NHRP Resolution Request to the hub e Hub checks its cache table and forwards that request to Spoke2 e Spoke2 caches Spokel s GRE pre and post NAT IP address and sends an NHRP Resolution Reply via the hub e Spokel receives the NHRP resolution reply and updates its NHRP table with Spoke2 information It initiates a VPN IPSec connection to Spoke2 e When the IPSec tunnel is established Spokel and Spoke2 can send traffic directly to each other e Note If an IPSec tunnel fails to be established between the Spokes then packets between the Spokes are sent via the hub Configuring DMVPN via the web interface Before configuring DMVPN you must first configure a GRE interface Read the previous section GRE interfaces Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 155 of 258 24 Dynamic Multipoint Virtual Private Network DMVPN 24 3 1 Configuring I PSec for DMVPN This section explains how to configure VPN IPSec specifically for DMVPN For more information on general VPN IPSec configuration read Configuring IPSec in the GW6600 User Manual Access the router s web Interface by typing 192 168 100 1 into your browser Type in the username roo
228. stem Reboot Reboots the operating system of your device Reboot now Yi Reboot on 1970 Januan g 00 00 Reboot Powered by LuCl Trunk trunk svn8382 15 00 32 image1 config2 Figure 36 The reboot page Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 95 of 258 16 3 2 16 Automatic operator selection Check the Reboot now check box and then click Reboot PMP roaming pre empt disabled As in the previous section multi WAN connects the primary predefined interface and uses auto created interfaces However in this scenario the auto created interface will not be disconnected as soon as the primary interface is available The primary interface will be reconnected when auto created interface is down and when the ifup_retry_sec timeout expires The only change in configuration compared to the PMP roaming pre empt enabled example above is that the pre empt option in the multi WAN package must be disabled To disable PMP roaming pre empt in the top menu select Network gt Multi Wan In the Multi WAN page ensure Preempt is not selected Multi WAN Multi WAN allows for the use of multiple uplinks for failover Enable vi Preempt Alternate Mode t will use alternate interface after reboot Figure 37 The multi wan page pre empt not selected Click Save amp Apply In the top menu select System gt Reboot The System Reboot page appears System Reboot
229. stens for incoming connections from remote meter management applications When a TCP connection is made the bridge relays HDLC frames between the TCP connection and the serial port COSEM HDLC web interface To access the COSEM HDLC Bridge configuration web interface click System gt Applications gt COSEM HDLC The COSEM HDLC Bridge Configuration page appears COSEM HDLC Bridge Configuration of the COSEM HDLC Bridge Main Settings Enable Z enable COSEM HDLC Log level Port Settings Enable 4 enable port Name Local IP Address Local TCP Port Local TCP Port ort Local wPort OR ort Ni 1 0 Port Name Id Rate fF se Rat Serial Port Mode 485 B serial Port h O Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 202 of 258 27 2 27 Configuring a COSEM HDLC Bridge Name Type Required Default Description Enable Check Yes Disabled Enables COSEM HDLC bridge box application Sets the logging event level Value i 0 7 Log Level Numeric Yes 3 value 0 lowest severity 7 highest severity Name String Yes Sets the name of the bridge port heck Enable Port SH Yes Disabled Enables the bridge port Sets the IP address that the server Local IP Address Numeric Yes 0 0 0 0 listens on Use 0 0 0 0 to listen on value any configured IP interface including eth 0 and eth 1 Local TCP Port Numeric Yes 0 Sets the local TCP port number value
230. sue 2 3 Page 38 of 258 8 Management configuration settings root VA_router uci package autoload xport autoload config core main option Enabled yes operoni S Con Ee Ww option RetryTimer 30 option NumberOfRetries 5 aprlom Baclkoriewangeie 15 CQOELGMm VBC Usina cont SOM option BootUsingImage altimage config entry option Configured yes option SegmentName altconfig option RemoteFilename ini config entry option Configured yes option SegmentName altimage option RemoteFilename img config entry option Configured yes option SegmentName configl option RemoteFilename vas 8 2 Httpclient Activator configuration This section contains the settings for the http client used during activation and active updates of the device The httpclient core section configures the basic functionality of the module used for retrieving files from Activator during the Activation process It contains the following settings Name Type Required Default Description Enabled boolean yes yes Enables the http client Specifies the IP address of list FileServer integer yes none Activator that uses http port 80 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 39 of 258 8 Management configuration settings list SecureFileServer integer no Specifies the IP addr
231. symbolic link exists at etc conf config which always points to one of factconf config1 or config2 Files that appear to be in etc conf config are actually in etc conf factconf config1 config2 depending on which configuration is active If etc conf is missing on start up for example on first boot the links and directories are created with configuration files copied from overlay etc config At any given time only one of the configurations is the active configuration To show the active configuration file enter root VA_router vacmd show current config To set the boot configuration to run on next reboot enter root VA_router vacmd set next config factconf configl config2 High level configuration commands To show the configuration currently running enter root VA_router vacmd show current config To show the configuration to run after the next reboot enter root VA_router vacmd show next config To set the configuration to run after the next reboot enter Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 19 of 258 6 1 2 6 File system root VA_router vacmd set next config factconf configl config2 Image files The system allows for two firmware image files named imagel and image2 One is the current image that is running and the other is the alternate image Configuration file syntax The
232. t Description SMS Enable Boolean No 1 Enables SMS Roaming SIM Dropdown list Yes none In which slot roaming sim card is inserted Collect ICCIDs Boolean No Collect I CCI Ds on startup from one when 0 or from two SIMs 1 Under Roaming Template Interface click Add The Roaming Interface Template page appears Roaming Interface Template Common config values for interfaces created by Automatic Operator Selection Interface Signal Sot M Sort interfaces by signal strength so those having better signal strength at the startup would be tried first Roaming SIM Firewall Zone Append all the generated interfai Service Type MTS GPR APN n amylan co u PIN PAP CHAP username ampen1 PAP CHAP password Health Monitor Interval Disable Health Monitor ICMP Host s Health Monitor ICMP Timeout Attempts Before WAN Failover Attempts Before WAN Recovery Priority Minimum ifup Interval 120 sec Interface Start 18 Timeout Signal Threshold 105 dBm Add El g In which slot roaming sim card is insered ces to this zone e Higher value is higher priority B Minimum interval between two successive interface start attempts Time for interface to startup 9 Below is a failure UNSAVED CHANGES 12 Delete Reset Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 93 of 258 16
233. t 546 target ACCEPT family ipv6 name Allow ICMPv6 Input src wan interface pego ilem target ACCEPT cemlly oye limit 1000 se6 list icmp type echo request list icmp type echo reply list icmp type destination unreachable list icmp type packet too big list icmp type time exceeded list icmp type bad header list icmp type unknown header type SICA AO So UE Sis ORIS Ste SEL Ome list icmp_type neighbour solicitation name Allow ICMPv6 Forward src wan interface os ors omo dest Vert target ACCEPT A MENS limit 1000 see list icmp_type echo request Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 245 of 258 31 8 1 31 8 2 31 Diagnostics list icmp type echo reply list icmp type destination unreachable list icmp type packet too big list icmp type tim xceeded list icmp type bad header list icmp type unknown header type To view the available firewall commands enter root VA_router etc init d firewall Syntax etc init d firewall command Available commands lie eue te Start the service stop Stop the service restart Restart the service reload Reload configuration files or restart if that fails enable Enable service autostart disable Disable service autostart IP tables To add a quick firewall rule for dropping packets to a specific IP ente
234. t Type in the password admin The Status page appears In the top menu click Services gt I PSec The strongSwan IPSec VPN page appears Logou UNSAVED CHANGES 2 strongSwan IPsec VPN Configuration of the strongSwan IPsec VPN system Add Connections This section contains no values yet Add Secrets Enabled ID selector Secret Type Secret To match local remote ip enter local ip followed by space followed by remote ip This section contains no values yet Add Reset Figure 69 The strongSwan IPSec VPN page Click the first Add button The strongSwan status now shows an Enabled field that is checked Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 156 of 258 24 Dynamic Multipoint Virtual Private Network DMVPN Enable StrongSwan IPsec Strict CRL Policy Unique IDs Debug Connections additionally recognizes fu strongSwan IPsec VPN Configuration of the strongSwan IPsec VPN system y intended to n This section contains no values yet whic d keep the duplicate established earlier Delete v Defines if a fresh CRL must be available in order for the peer authentication based on RSA signatures to succeed IKEv2 iv Whether a particular participant ID should be kept replace an old o Cache CRLs M Y CRLs fetched via HTTP or LDAP will be cached hat ID Participant IDs normally are u Ev2 daemon also accepts th
235. t 2 mee Yes 951 O pe pa value number for failover Enable TCP ap E Checkbox No Enabled Enable or disable TCP keep alives keepalives TCP Keepalive Numeric No 5 Interval in seconds between TCP interval value keep alive probes TCP Keepalive Numeric Time in seconds to wait for reponse No 2 timeout value to a TCP keep alive probe TCP Keepalive Numeric No 1 Number of TCP keep alive probes to count value send before connection closed Maximum time in milliseconds for TCP to wait for transmitted data to Numeric be acked before closing connection TCP User timeout No 0 value in established state Set to 0 to use kernel defaults about 15 20 minutes TCP nodelay Checkbox No Disabled 1 disable TCP nagle algorithm Virtual Access 20018 I TS GW7300 Series User Manua Issue 2 3 Page 173 of 258 25 4 25 Terminal Server O normal operation TCP always on Checkbox No Disabled Keep TCP session always connected Close TCP session on detection of Close TCP on DSR Checkbox No Disabled DSR signal low Reconnect time Numeric No 5000 Time in milliseconds to start re ms value connecting after setting DTR low Table 23 The Network fields descriptions Configuring Terminal Server using UCI You can also configure Terminal Server through CLI using UCI command suite The configuration file is stored at etc config tservd To view the configuration file use commands uci
236. t Ser ula mein laSsicein lesa 182 os 1 1300 Wes ser ula mesa la siceia les 192 103 i 1224430 comi malm HTTP listen addresses multiple allowed list listen_http 1 92 11669 s 3L 5 31 2 0 list listen http e 8 1 80 HTTPS listen addresses multiple allowed list listen https 5o 5 UGS dl 5 Ig Bats list listen_https es 2443 SSH server configuration A sample SSH Server configuration is shown below root VA_router uci show dropbear dropbear dropbear 0 dropbear dropbear dropbear 0 PasswordAuth on dropbear dropbear 0 RootPasswordAuth on dropbear dropbear 0 Port 22 root VA_router uci export dropbear package dropbear config dropbear option PasswordAuth on option RootPasswordAuth on OPIO Porc V22 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 130 of 258 21 Configuring ADSL 21 Configuring ADSL 21 1 21 2 21 3 What is ADSL technology Asymmetric Digital Subscriber Line ADSL is a technology for transmitting digital information at high speed on existing telephone lines to homes and businesses Unlike a regular dial up telephone service ADSL provides a continuously available always on connection ADSL was specifically designed to exploit the asynchronous nature of most multimedia communication in which the user can obtain large amounts of information and only a s
237. t VA_router Strongswan general Strongswan general Strongswan general Strongswan general Strongswan genera l config general option option option general cachecrls uniqueids l cachecrls no l uniqueids yes general ecieat ene cse Mola cy ano Y yes Connection settings uci show Strongswan general o Seicabreng cac Mroxol aL 5799 l ikevlenabled yes Wine U Use this section to define the parameters for an IPSec tunnel modp2048 3des Name Type Required Default Description A yes tunnel Defines whether the connection is type string tunnel or transport mode name string yes none Specifies a name for the tunnel F yes none Defines the wan interface used waniface string by this tunnel xauth identity string No none Defines Xauth ID N i icati E authby String O psk Defines authentication method Available options psk xauthpsk Aggressive String No No Enables aggressive mode localid string Yes None Defines the local peer identifier locallan string Yes None Defines the local IP of LAN locallanmask string Yes None Defines the subnet of local LAN remoteid string Yes None Sets the remote peer identifier F Yes None Sets the public IP address of remoteaddress string remote peer Yes None Sets the IP address of LAN remotelan string serviced by remote peer remotelanmask string Yes None Sets the Subnet of r
238. t for the processing programs to decide how to treat the enclosed options The option string some value and option boolean 1 lines define simple values within the section Note that there are no syntactical differences between text and boolean options Per convention boolean options may have one of the values 0 no off or false to specify a false value or 1 yes on or true to specify a true value In the lines starting with a list keyword an option with multiple values is defined All list statements that share the same name collection in our example Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 34 of 258 7 Command Line Interface will be combined into a single list of values with the same order as in the configuration file The indentation of the option and list statements is a convention to improve the readability of the configuration file but it is not syntactically required Usually you do not need to enclose identifiers or values in quotes Quotes are only required if the enclosed value contains spaces or tabs Also it s legal to use double instead of single quotes when typing configuration options All of the examples below are valid syntax option example valu option example value option example value option example value option example value In contrast the following examples are not valid syntax option example value quote
239. t port cfg index 0 to 3 length length to show tserv show serial rxlog hex Port length Port port cfg index 0 to 3 length length to show tserv show serial txlog asc Port length Port port cfg index 0 to 3 length length to show tserv show serial rxlog asc Port length Port port cfg index 0 to 3 length length to show tserv show debug show debug info Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 256 of 258 31 16 31 Diagnostics tserv show userial stats show USB serial card statistics tserv clear userial stats clear USB serial card statistics csci y siete serial ilog lt 20rr gt gract USS serial carci ix loc log tserv show userial cpld status Port show USB serial card CPLD programming status tserv upgrade userial initiate upgrade of the USB serial card tserv quit terminate termserv process Note tservd process has to be running otherwise diagnostics options for terminal server will not be available VRRP diagnostics Two available diagnostic options exist via web interface and command line 31 16 1 VRRP diagnostics web interface To see VRRP through the web interface in the top menu select Status gt Status The VRRP status settings appear tserv show userial rxlog Port offs length show USB serial card rx tserv show userial version Port show USB s
240. t settings forwarding configuration ooooccoccccccnccnnnccnnnccnnnccnnnccnnnnos 197 26 6 5 Port settings advanced configuration ssssssssses 198 26 7 Tservd configuration details ssssssssssssssssn mmm 200 26 8 PAD operationis dios oi io E tul s Ie o e n tute o 200 26 8 1 Manually start the modules ooooccocccccccccncnccnnnccnnnnnccnnnccnnnncnnnccnnnccnnnnss 200 26 8 2 Stop the modules sssssssssssssssssssssee esee seems nemen ne esee 201 27 Configuring a COSEM HDLC BridQ cccoococoococoncncnnnncancncnnnncannncannncannncanananess 202 27 1 COSEM HDLC web interface ssssssssssssssssssm mme emen nnn 202 27 2 Checking the status of COSEM HDLC Bridge sesesesee 203 28 Event system cccoconconconconcnncnncnncnn cnn cnncnn cnn nn RRRGRRSRRSRRZRRSRRSRRSRRSRRERRSRRSRARSRRSRRSAN 204 28 1 Implementation of the event system ooocccccccccccnnnncnnnncnnnnconnnnncnnncrnnnccnnnnes 204 28 2 Supported events a a an aan reenn a Ea EEEE EAEE nemen EAA EE nri En aaRS 204 28 3 Supported targets enisi ia ie aoi oe ie ded Ix e ie re nee dees 204 28 4 Supported connection testers ccc eee eee eee eee eee eee eee 205 28 5 Configuring the event system via the web interface cecceceeeeeseeneeaees 205 28 6 Configuring the event system via UCI ooooccccccccnccnnnccnnnncnnnccnnnncnnnccnnnccnnnnos 205 28 6 I a M in sections iore mo apt ote dep qe dux e n dep es 205 28 6 2 Fo
241. tch local remote ip enter local ip followed by space followed by remote ip Y psk Y test Delete Add Save amp Apply Save Reset Figure 72 The secrets section Select Enabled From the dropdown menu under Secret Type select psk In the field beneath Secret type the psk password Click Save 24 4 DMVPN hub settings In the top menu select Network gt DMVPN The DMVPN page appears Status gt System v UNSAVED CHANGES 18 DMVPN General Add DMVPN Hub Settings GRE GRE Remote GRE Remote NHRP Use as Default LED state Interface Endpoint IP Address Endpoint Mask Holding Time Default Route Route Metric indication Length This section contains no values yet Add DMVPN Reset Figure 73 The DMVPN page Under DMVPN General click Add The following page appears Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 162 of 258 24 5 24 5 1 24 Dynamic Multipoint Virtual Private Network DMVPN DMVPN General Delete Enable DMVPN IPsec template 2 connection DMVPN Hub Settings GRE GRE Remote GRE Remote DMVPN Hub IP NHRP NHRP Use as Default LED state Interface Endpoint IP Address Endpoint Mask Address Authentication Holding Time Default Route Route Metric indication Length Figure 74 The DMVPN general section Check Enable DMVPN From the IPSec template connection drop down menu provide the name of the I Psec connection In the DMVPN Hub Se
242. ted list of VLAN IDs or all m 1 Delete B v 2 Delete Y a Delete Figure 8 The port description section Name Type Required Default Description Specifies which physical port on Switch Port Text Yes Blank the front panel of the router will be assigned to which VLAN Configures the port as a trunk Is Trunk Port Boolean NO Blank port Specifies what VLANs will be assigned to a physical port on the Numeric 9 pny p VLAN IDs value fext Yes Blank router You must use VLAN ID to specify which VLANs or all to configure a port as trunk interface Table 8 The port description fields and their descriptions Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 62 of 258 10 4 10 VLAN configuration VLANs UCI interface You can configure VLANs through CLI The VLAN configuration file is stored at etc config portvlan 4 uci export p package portvla config vlan option option option option option config vlan option option option option option option conil pole option option conil Porr option option compone option option option config nat_vlan option ortvlan in wilamale il name vlanl ie 192 168251 1 mewwess 255 255 255 isoleare Vine wilainslel 120 name vlan2 ajemwelese 192 108 201 memes 25592552255 vlemprelo 5 isolate yes port A vlams 1
243. terface UCI See the next section for more detail The factconf default password for the root user is admin To change the factconf default password enter root VA_router passwd ChiecSince PaASSiwvoiwcls wees INGIY IPaESSwwOIeCls wees estes Confirm New Password To reboot the system enter root VA_router reboot The system log can be viewed as follows root VA_router logread root VA_router logread tail root VA_router logread more root VA_router logread f These commands will show the full log end of the log paged log and continuously Use Ctrl C to stop the continuous output To view a text or configuration file in the system enter Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 28 of 258 root VA_router logfile dev null MOCIAeSeic Ss Loek debug refuse chap kdebug 7 7 Command Line Interface cat etc ppp options record tmp ppp log To view files in the current folder enter root VA_router ls 1 drwxrwxr x 2 eO root 642 Jul 16 2012 bin Gr we SIE 5 5 LOO coor 1020 Jul 4 030927 cay drwxrwxr x JL BOGE root Q Jul 5 19241 Sue bao ao a 1 root root 0 gui 9 2012 alo drue e 2 POOL root 3 Jul 16 2012 mae dewin REOR 7 LOO root 0 Jan 1 1970 overlay CUERO XE 56 TOOT root 0 Jam 1 1970 zoe drwxr Xxr x 16 roor root 223 Jul WG 2012
244. terminal is buffered The data is forwarded to a X 25 VC if the buffer is full or the forwarding timer fired The forwarding timeout is re started on reception of new data from serial DTE terminal The forwarding timeout is in milliseconds Sets the size of the forwarding buffer Data received from DTE asynchronous terminal is buffered The data is forwarded to a X 25 VC if the buffer is full or the forwarding timer fired The Forwarding buffer size is in bytes X 25 block size 26 6 5 Port settings advanced configuration 1024 Select the Advanced tab 1024 Sets the maximum X 25 data packet size The packet size is in bytes Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 198 of 258 Port Settings PORTO General Forwarding Remote IP Remote Port Listen Port VALD Link ID NLPID Parity Mode X 3 Parameters X 25 PVC LCN Specifies VAL link number this PAD port connects with X 25 network layer protocol ID sent in call user data must be 1 for PAL Local Echo Sets local echo on or off echo characters recerved from async terminal PAD Parity handling mode See X 3 and X 28 x 3 parameter 21 Figure 92 The port settings advanced configuration interface Name Default Range Description Remote IP 127 0 0 1 ip address IP address of terminal server to connect to if mode is transparent Remote Port 900 TCP port
245. the General tab Port Settings PORTO Genera Forwarding Advanced Enable Enables PAD port Local X 25 NUA 12345678 This PAD port s local X 25 address PAD Mode X 28 PAD g Sets X 25 PAD operation mode Figure 90 The port settings interface Name Default Range Description Enable 0 Oorl Enables the corresponding padd port Local X 25 NUA 1234567X 15 digits Sets the destination local X 25 NUA assigned NUA to the padd port There are 5 pad ports with the following default NUA Port 0 12345670 Port 1 12345671 Port 2 12345672 Port 3 12345673 Port 4 12345674 PAD Mode transp string x28 X 28 PAD transp transparent PAD 26 6 4 Port settings forwarding configuration Select the Forwarding tab Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 197 of 258 Port Settings PORTO General Forwarding Forwarding timeout X 25 block size Forwarding block size 128 Advanced Buffer Forwarding timeout in milliseconds for Async terminal to X 25 network direction Forwarding buffer size in bytes for Async terminal to X 25 network direction Forwarding buffer size in bytes for X 25 network to Async terminal direction Figure 91 The port settings interface Name Forwarding timeout Forwarding block size Default 50 128 Range 1275 1024 Description Sets the forwarding timeout in milliseconds Data received from DTE asynchronous
246. the interfaces multi WAN manages the operation of primary predefined and failover auto created interfaces There are four PMP Primary Mobile Provider scenarios e PMP roaming pre empt enabled e PMP roaming pre empt disabled e No PMP roaming e Disable roaming Configuring automatic operator selection via the web interface PMP roaming pre empt enabled In this scenario the primary interface is used whenever possible Software operations 1 Connect the PMP interface 2 Wait until the signal level on the PMP interface goes under sig_dbm option value 3 Disconnect the PMP interface 4 Connect the first auto generated interface 5 Wait until the signal level on the first auto generated interface goes under the sig dbm option in the mobile package or until the primary interface is available to connect after it was disconnected in step 3 ifup_retry_sec option value of primary interface in multi WAN package 6 Disconnect auto generated interface If the interface was disconnected due to low signal level then connect the next auto generated interface and repeat step 5 If the Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 86 of 258 16 Automatic operator selection interface was disconnected because ifup retry sec of Primary interface timed out then go back to step 1 and repeat the process The primary predefined interface is defined in the network package Ensure the interface name match
247. the server and default values for certificates generated for SSL operation uhttpd supports multiple instances that is multiple listen ports each with its own document root and other features as well as cgi and lua There are two sections defined the section of type uhttpd contains general server settings while the cert section defines the default values for SSL certificates Server settings The options defined for this section are outlined below Name Type Required Default Description Specifies the ports and addresses to listen on for plain HTTP access list of port If only a port number is given the listen htt numbers or de nore server will attempt to serve both Atp address port y IPv4 and IPv6 requests Use pairs 0 0 0 0 80 to bind at port 80 only on IPv4 interfaces or 80 to serve only IPv6 Specifies the ports and addresses list of port to listen on for encrypted HTTPS numbers or listen https address port Hb none access The format is the same as i for listen http Read below for pairs E extra details irect Home a PY yes WWW Defines the server document root yes if listen m Ca SESS z etc ASN 1 DER certificate used to 2 PEEPS m uhttpd crt serve HTTPS connections given else no yes if listen be file path m etc ASN 1 DER private key used to j utes fe uhttpd key serve HTTPS connections given else no Defines the prefix for CGI scripts cai pre
248. tion 802 1Q VLAN ID VLAN Priority Isolate VLAN Name IP Address Netmask Default Gateway From Trunk Delete y 2 2 168 55 255 255 Delete Figure 7 The VLAN definition section Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 61 of 258 10 VLAN configuration Name Type Required Default Description Numeric Defines VLAN number The VLAN 802 1Q VLAN ID alue No Blank will be referred to using this number 5 Numeri Specifies 802 1p VLAN priority ta VLAN Priority rons No Blank 7 d P a value on trunk links Defines whether to isolate hosts Isolate From BBslssn No Blank from each other within the same Trunk VLAN Hosts will still be able to communicate with the router VLAN Name Text Yes Blank Configures VLAN name IP Configures network mask address IP Addr Yes Blank Hess Address n to be used on this VLAN IP Configures network mask address Y Blank Nebrasie Address d En to be used on this VLAN IP Configures default gateway N Blank Default Gateway Address an address to be used on this VLAN Table 7 VLAN definition fields and their descriptions 10 3 Port description The port description section is used to segment the switch accordingly to your VLAN requirements You can specify what physical ports you want to assign to which VLANs or whether you want to configure a trunk port instead Port Description Switch Port Is Trunk Port VLAN IDs Space separa
249. tion gt set lt config gt lt section gt lt option gt lt value gt delete lt config gt lt section lt option gt rename lt config gt lt section gt lt option gt lt name gt revert lt config gt lt section gt lt option gt Options c path set the search path for config files default etc config E gie ser ie celimicer to list values lla weil Slay f lt file gt use lt file gt as input instead of stdin m when importing merge data into an existing package A name unnamed sections on export default NI don t name unnamed sections p lt path gt add a search path for config change files P path add a search path for config change files and use as ele anule 0 quiet mode don t print error messages B force strict mode stop on parser errors default Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 32 of 258 7 Command Line Interface Command disable strict mode do not use extended syntax on Target show Description commit lt config gt Writes changes of the given configuration file or if none is given all configuration files to the filesystem All uci set uci add uci rename and uci delete commands are staged into a temporary location and written to flash at once with uci commit This is not needed after editing configuration files with a text editor but for scripts GUIs and other programs working
250. tion mac OO ARETES SE oo UE option name mypc thats adds cne riec T vaddresiss 1925 163 1 a ce machine with the Ethernet hardware address 00 11 nane imyioe row el 22899544258 Type Required Default Description F Specifies the IP address to be used for this ip string yes none host mac string yes none Specifies the hardware address of this host name string no none Sets the optional hostname to assign Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 60 of 258 10 VLAN configuration 10 VLAN configuration 10 1 VLAN web interface You can configure VLANs through three sections e Native VLAN e VLAN Definition e Port Description e Native VLAN Native VLAN Delete 802 10 VLAN ID Figure 6 The native VLAN section The Native VLAN section specifies the native VLAN to be used This VLAN will be sent untagged across the trunk link Note you must create the VLAN before setting it as native Name Type Required Default Description VLAN ID number defines VLAN Numeric that will be sent across the trunk 802 1Q VLAN ID value No Blank untagged NO 802 1Q tag will be applied to the packets on that VLAN Table 6 Native VLAN field name and description 10 2 VLAN definition Use the VLAN definition section to define VLANs and assign them with VLAN ID name and required network configurations VLAN defini
251. to name or yes tcpudp protocol number es for CR 1 Vires zone y Specifies the traffic destination zone must dest SNAT none f name refer to one of the defined zone names target i yes for For DNAT redirects matched incoming traffic dest_ip a DNAT none to the specified internal host For SNAT target matches traffic directed at the given address For DNAT redirects matched incoming traffic ance wore port or M none to the given port on the internal host For P range SNAT matches traffic directed at the given ports NAT t t target string c DNAT arge DNAT or SNAT to use when generating the rule Protocol family ipv4 ipv6 or any to famil strin no an Y g y generate iptables rules for Disables NAT reflection for this redirect if set reflection boolean no 1 to 0 applicable to DNAT targets Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 109 of 258 18 5 18 Configuring firewall limit string no none Sets maximum average matching rate specified as a number with an optional second minute hour or day suffix Example 3 hour limit_burst extra integer string no no none Sets maximum initial number of packets to match This number gets recharged by one every time the limit specified above is not reached up to this number Extra arguments to pass to iptables this is useful to specify additional match options like m p
252. ttings section click Add The fields required to configure the parameters relative to the DMVPN Hub appear These are used for the DMVPN tunnels such as GRE tunnels GRE tunnel remote IP DMVPN Hub IP and password Name Type Required Default Description Dropdown Specifies which GRE interface will GRE Interface list P Yes Blank be used with this DMVPN configuration RE R t 2 sue IP Configures the GRE IP address of Endpoint IP Yes Blank address the hub Address DMVPN Hub IP IP Yes Blank Configures the physical IP address Address address for the DMVPN hub Enables authentication on NHRP NHRP Numeric The password will be applied in Hots Yes Blank plaintext to the outgoing NHRP Authentication value packets Maximum length is 8 characters NARE Holding Integer Yes Blank Timeout for cached NHRP Time requests Table 20 DMVPN hub fields and their descriptions UCI interface I PSec configuration using CLI You can configure IPSec strongSwan package through CLI using the UCI command suite Configuration files are stored at Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 163 of 258 24 Dynamic Multipoint Virtual Private Network DMVPN etc config strongswan To view the configuration file use uci show strongswan Or uci export strongswan commands root GWxxxx uci show strongswan strongswan strongswan strongswan strongswan strongswan strongswa
253. u select Status gt ADSL Status The ADSL Status page appears Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 230 of 258 31 Diagnostics ADSL Status Chipset Lantiq Danube 1 5 Line State UP 0x801 show Data Rate 13 995 Mb s 1 273 Mb s Line Attenuation 0 0dB 0 0dB Noise Margin 21 1dB 6 9dB Line Uptime 1m 33s Figure 112 The ADSL status page To check an IP address transmit and received counter on an ADSL interface in the top menu select Network gt Interfaces The Interface Overview page appears Interfaces Interface Overview Network Status Actions Uptime 0h 0m 48s RX 522 00 B 11 Pkts Connect R8 12 TX 64 00 B 4 Pkts SS IPv4 172 22 100 6 32 LAN Uptime 0h 2m 35s x MAC Address 00 E0 C8 10 11 65 Connect e RX 0 00 B 0 Pkts etho TX 0 00 B 0 Pkts IPv4 192 168 209 1 32 192 168 6 1 24 Stop Edit Delete Stop Edit Delete Figure 113 The interfaces overview page 31 1 3 ADSL bridge connections To check the status of an ADSL line in the top menu select Status gt ADSL Status The ADSL Status page appears ADSL Status chipset Lantig Danube 1 5 Line State UP 0x801 showtime t Data Rate 27 638 Mb s 1 251 Mb s Line Attenuation 0 0dB 0 0dB loise Margin 9 1dB 7 0dB Line Uptime 12m 40s Figure 114 The ADSL status page Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 231 of
254. ual Issue 2 3 Page 52 of 258 8 Management configuration settings addresses Selects the interface to attach to for stacked protocols tun over bridge over eth ppp over eth or similar 3 attach to layer 3 interface tun ppp if parent is layer 3 else fallback to 2 layer integer no 2 attach to layer 2 interface br if parent is bridge else fallback to layer 1 1 attach to layer 1 interface eth wlan any interface number i e 1 2 Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 53 of 258 9 DHCP server and DNS configuration 9 DHCP server and DNS configuration Dynamic Host Configuration Protocol DHCP server is responsible for giving out P addresses to hosts IPs can be given out on different interfaces and different subnets You can manually configure lease time as well as setting static IP to host mappings Domain Name Server DNS is responsible for resolution of IP addresses to domain names on the internet The dnsmasq program provides DHCP and DNS services In the default configuration it contains one common section to specify DNS and daemon related options and one or more DHCP pools to define DHCP serving on network interfaces Possible section types of the DHCP configuration file are defined below Not all types may appear in the file and most of them are only needed for special configurations Common configurations are Common Options DHCP Pools and
255. uired Default Description prot interface Il Yes Blank Configures a logical name to the GRE tunnel IP Configures local IP address of the Y Blank A pad address 22 on GRE interface Specifies what protocol the IP mask length Yes Blank interface will support For address example GRE Specifies which interface is going local_inerface Interface Yes Blank to be linked with the GRE tunnel interface ttl Numeric Yes 128 sets Time To Live value on the value interface N key p Yes Blank Sets GRE tunnel key value Numeri Configures MTU maximum mtu Yes 1472 transmission unit size of PDUs value ND using this interface Table 17 Config interface fields and their descriptions To change any of the above values use uci set command Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 152 of 258 24 Dynamic Multipoint Virtual Private Network DMVPN 24 Dynamic Multipoint Virtual Private Network DMVPN 24 1 24 2 Dynamic Multipoint Virtual Private Network DMVPN is a scalable method of creating VPN IPSec Networks DMVPN is a suite of three protocols NHRP mGRE and IPSec used to dynamically create VPN tunnels between different endpoints in the network without having to pre configure each device with VPN details of the rest of endpoints in the network The advantage of using DMVPN e Using DMVPN eliminates the need of IPSec configuration to the physical interfac
256. uotes Quotes are only required if the enclosed value contains spaces or tabs Also it is legal to use double instead of single quotes when typing configuration options All of the examples below are valid syntax option example value option example value Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 20 of 258 6 1 3 6 File system option example value option example value option example value In contrast the following examples are not valid syntax option example value Missing quotes around the value option example value Quotes are unbalanced It is important to know that identifiers and config file names may only contain the characters a z 0 9 and _ Option values may contain any character as long they are properly quoted Command line utility For configuration the system emulates a subset of the Unified Configuration Interface UCI This section describes the usage guide for the UCI command line When there are multiple rules next to each other UCI uses array like references for them If there are 8 NTP servers UCI will let you reference their sections as timeserver timeserver 0 for the first rule or timeserver Otimeserver 7 for the last one root VA_router uci Usage uci lt options gt command lt arguments gt Commands batch List export lt config gt import lt config gt changes lt config gt commit lt config gt
257. us 0247 GjoE3Lom coumezy dm option state Dublin Option cito ni OE option commonname 00E0C8000000 Basic authentication httpd conf For backward compatibility reasons uhttpd uses the file etc httpd conf to define authentication areas and the associated usernames and passwords This configuration file is not in UCI format Authentication realms are defined in the format prefix username password with one entry and a line break Prefix is the URL part covered by the realm for example cgi bin to request basic auth for any CGI program Username specifies the username a client has to login with Password defines the secret password required to authenticate The password can be either in plain text format MD5 encoded or in the form p user where the user refers to an account in etc shadow or etc passwd Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 129 of 258 20 4 20 5 20 Configuring HTTP server If the p format is used uhttpd will compare the client provided password against the one stored in the shadow or passwd database Securing uHTTPd By default uHTTPd binds to 0 0 0 0 which also includes the WAN port of your router To bind uHTTPd to the LAN port only you have to change the listen http and listen https options to your LAN IP address To get your current LAN IP address enter uci get network lan ipaddr then modify the configuration appropriately We
258. v23 using V 23 leased line card driver x21 use USB serial card in sync mode option portmode rs232 On newer GW202x boards the serial mode RS232 RS485 for the second physical port is set with GPIOs while on older boards it is set with the dip switches 1 0n this port the serial mode is set using GPIO 0O Default serial mode is set with dip switches option serial mode gpio control 0 Driver DTR and RTS line control modes auto set ON when the port is open OFF when the port is closed on always on off always off Vappueecontismolitedaelbvesehcomappikieat nime onis DICO de a Ro ON during frame TX option dtr control mode auto GEN omes SE GOTT limo cl NS OT OM enables or disables RS485 line termination applies only if portmode is rs485 option rs485 line termination 0 f l use USB serial card if portmode is x 21 it is used in synchronous mode if portmode is rs232 it is used in asynchronous mode Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 178 of 258 25 Terminal Server option is_usb_serial 0 Used for USB serial card hdlc synchronous HDLC framed mode transp transparent mode option sync mode hdlc Used for USB serial card 1 in HDLC mode use CRC32 0 use CRC16 GypEJg Sjyaae Gees 400 Used for USB serial card Synchronous speed If not 0 use internal clock example speeds 9600 19200 64000 128000 256000 38400
259. when using php error_page string no none Virtual URL of file or CGI script to handle 404 request Must begin with no_symlinks boolean no Do not follow symbolic links if enabled no_dirlists boolean no Do not generate directory listings if enabled Multiple sections of the type uhttpd may exist the init script will launch one webserver instance per section A standard uhttpd configuration is shown below Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 127 of 258 20 2 20 Configuring HTTP server root VA_rout uhttpd main uhttpd main uhttpd main uhttpd main uhttpd main uhttpd main uhttpd main ri uci show uhttpd main uhttpd home www xxl 918 cilrer i listen http 20 0 0 0 80 listen https 0 0 0 0 443 cert etc uhttpd crt key etc uhttpd key uhttpd main uhttpd main uhttpd main COs wlan Liste 1 cgi_prefix cgi bin script_timeout 60 network_timeout 30 joel masia lige 1 option option option option option option option home isten http isten https www excede ale cert key egt prats 7 0 5 0 4 0 5 0 8 0 0 0 0 08445 ug Y i ece ulmeicjacl cite etc uhttpd key script timeout network timeout cgi bin V 50 V SON HTTPS certificate settings and
260. you can run the PPP over ATM PPPoA or over Ethernet PPPOE The following diagrams illustrate the topology of these connections Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 131 of 258 21 4 21 Configuring ADSL Office Network RI gt L VA router DSLAM E _ 1 7 71 ATM z 4 msi t4 ATM L 2 P A ppp pPPoA IP ETHERNET IP Figure 40 A routed ADSL connection over PPPoA Office Network i VA router DSLAM E gy DN i I i W 1 ATM 4 ADSL 4 AIM pa i lt pPP PPPoE 4 IP ETHERNET gt 4 IP Figure 41 A routed ADSL connection over PPPoE Less commonly you may need to configure a bridged connection over ADSL In this type of configuration the router will be receiving Ethernet packets over the ADSL line and can be configured with an IP address for management Configuring ADSL PPP connection via the web interface In your Internet browser type in the local IP address of a router for example the default IP address 192 168 100 1 and press enter The Authorization page appears Virtual Access 2015 GW7300 Series User Manual Issue 2 3 Page 132 of 258 21 5 21 Configuring ADSL Authorization Required Please enter your username and
261. ze Network Forwarding Timeout ms Network forwarding timer mode Serial Fowrarding Buffer Size Serial Forwarding Timeout ms Network Y enable port idle Forwarding buffer size serial to network 9 Forwarding timeout in milliseconds serial to network y 9 Forwarding timer mode serial to network 9 Forwarding buffer size network to serial 9 Forwarding timeout in milliseconds network to serial Virtual Access 2015 Figure 76 GW7300 Series User Manual Issue 2 3 The General tab fields part 1 Page 168 of 258 25 Terminal Server Serial forwarding timer mode Proxy mode Disable remote client s local echo Telnet option Telnet COM port control RFC2217 Enable HDLC Pseudowire over UDP RFC4618 Serial receive debug log size Serial transmit debug log size Forwarding timer mode network to serial enable proxy mode bytes 0 disable bytes 0 disable Figure 77 The General tab fields part 2 Name Type Required Default Description Enable Checkbox Yes Disabled Enabled port Network Numeri Forwarding buffer size serial to Fowrarding Buffer mele Yes 256 9 value network Size Network Numeric Forwarding timeout in milliseconds Yes 30 Forwarding Timeout value serial to network Forwarding timer mode serial to Network forwarding Dropdown Yes idle network
Download Pdf Manuals
Related Search