OfficeConnectTM Remote 812 ADSL Router CLI User's Guide
Contents
1. mac_routing Determines if MAC Encapsulated Routing is enabled management_ip_ address Secondary IP address on the VC for Management purposes only If the Management IP address is configured the local_IP_address must be configured as numbered Address is configured with the following format XX XX XX Xx NN where nn is the number of bits in the netmask or netmask class i e A B or C MTU Maximum Transfer Unit largest data packet size allowed NAT_option Enable disable Network Address Translation set vc lt vc_name gt atm CLI Commands B 35 a NAT_default_ address Default workstation address that incoming IP traffic will get forwarded to if the demuxing of the network address translation is unresolved Network_service Type of network service Default is PPP output _filter Name of filter file in FLASH memory to be applied to output data stream Password The password is an alphanumeric string of maximum size 15 characters remote_IP_address For a client IP connection address assigned to the client Rip Selects either RIPV1 or RIPV2 for IP RIP rip_authentication Text string used for RIPv2 authentication rip_policies _update Allows VC to enable or disable RIP policies See text on the preceding page for description of keywords A keyword with a NO_ in front is used to disable the policy Default is indicated by D SEND_DEFAULT N2. Do you want IPX routing RIP to run over the WAN yes The IPX configuration for VC name is now complete Question Default Your System Is IPX traffic going to be routed over VC name no Is the IPX WAN interface U nnumbered or N umbered N Enter the IPX network number for the WAN Do you want IPX Routing RIP to run over the WAN yes The IPX configuration for VC name is now complete Question Default Your System Do you want to Bridge any traffic over VC name no The OfficeConnect Remote 812 can be configured to send and receive the routed IP and IPX packets using bridged encapsulation i e Bridged 1483 or BRCP or PP where the MAC header is included in each packet The routing rules for IP and IPX will be applied to each packet Question Default Your System Do you want to enable M AC encapsulated routing no Question Default Your System Would you like to review your answers before executing yes them This section contains a sample of possible settings Encapsulation type PPP ATM information VPI VCI 0 33 Sample Output Display as Quick Setup Executes CLI QuickVC Setup Script 5 5 Category of Service UBR Peak Cell Rate 0 IP Enabled Local WAN IP Address Learned Remote WAN IP Address Learned WAN Interface Type Numbered Address Translati
3. Determine how the OfficeConnect Remote 812 will be used as an IP IPX Router and or Bridge and gather information about your remote site connection using the Configuration Planning Forms provided with the unit Set up a remote site profile for each remote location including Network Service PPP PPPoE RFC 1483 and WAN configuration a Set up network IP IPX and or Bridge information a Configure the network s over the LAN a Add the network information to the remote site profile s a Turn RIP IP and IPX and SAP IPX on or off as needed for your configuration a Add static and framed routes IP and IPX or services IPX if needed Optionally set up DHCP and DNS information 4 Optionally perform system administration tasks such as setting the date and time providing a system name and contact adding or changing Web browser or TELNET login access and providing TFTP access Save the configuration The rest of this chapter provides an overview of the OfficeConnect Remote 812 basic operations and configuration The chapter is broken into the following sections a Remote Site Management a P Routing a Address Translation m DHCP a DNS a PX Routing a Bridging a System Administration 6 2 CHAPTER 6 MANUAL SETUP sgh Remote Site Management id Managing a Remote Site Each remote site that you want to connect to is accessed through a single ATM Virtual Channel connection To set up connections over the
4. What should the the mask be set to C You need to specify the framing for the IP network It should be either ethernet_ii or snap Question Default Your System What is the framing for the IP network ethernet_ii You can use the Routing Information Protocol RIP to exchange routing information with other routers on the network Question Default Your System Do you want to run RIP yes Choose the version of RIP to run v2 The OfficeConnect Remote 812 can act as a DHCP server providing IP addresses to other stations on the local lan Question Default Your System Do you want the OfficeConnect Remote 812 to act yes as a DHCP server Enter the start address for the DHCP IP address pool Enter the end address for the DHCP IP address pool It is possible to restrict access to the TFTP server to a specific system or a list of systems Quick Setup will allow you to enter one system that is allowed or allow access to all systems Question Default Your System Do you want to allow all systems to access the TFTP yes server IP setup is completed Quick Setup IPX information The network name is used by the OfficeConnect Remote 812 to identify your IPX network CLI Quick Setup Script 4 5 Question Default Your System Enter the name of your network ipx The network number
5. yes Do you want to enable IP Network Address Translation NAT yes Is the remote IP address S pecified or L earned L a the IP address of the router across the WAN specified only Enter the IP mask for the router across the WAN specified C only IP Configuration Network Service RFC1483 id CLI QuickVC Setup Script 5 3 Is the local IP address S pecified or L earned L Enter the local ip address for the WAN connection specified only Do you want to use name s remote router as the default no gateway Do you want to run RIP no Enter the version of RIP to run if applicable v2 The IP configuration for VC name is now complete Network Address Translation NAT allows a single WAN side IP address to be shared by multiple LAN side devices If you choose to run NAT the WAN interface must be Numbered i e there must be a local WAN side IP address specified that must be on a different IP network than the LAN side IP address See Appendix B of the OfficeConnect Remote 812 ADSL Router User s Guide for a discussion of Numbered and Unnumbered interfaces Local and remote IP adresses can be configured in two different ways a Specified the IP adress is always a specific address a Learned the IP address can be learned using DHCP One active VC profile can have its remote router installed as the default router i
6. Ancillary Data Description Parameters auth On indicates that login password authentication should be performed on incoming connections Default on Format auth on off login_prompt ASCII string specifying the login prompt to be sent during authentication It must be quoted Default login Format login_prompt string login_banner ASCII string sent to a client when the connection is made It must be quoted Default none Format login_banner string Add network service example To configure a TELNET service to offer CLI access on port 23 doing authentication upon connect add network_service CLI_access server_type TELNETD socket 23 add snmp community lt community_name gt add snmp trap_community lt name gt add syslog lt ip_name_or_addr gt loglevel loglevel add tftp client lt ip_name_or_addr gt add user name password passw ord CLI Commands B 9 address IP_address access RO RW Adds to the list of SNM P authorized users The community name and IP address of SNMP requests from managers on the network must match the list which you can see using list snmp communities Parameters Description lt community_ name gt Group name that authorizes SNMP requests address IP address of the SNMP manager in the form nnn nnn nnn nnn access Determines what type of access to SNMP MIBs the added user will have Options Read Only RO and Read Write RW addr
7. IP address for this entry a Phys Address MAC address that the IP address maps to list ip interface_block list ip networks list ip routes list ipx networks list ipx routes CLI Commands B 19 Type interface type Ethernet or Token Ring a If Name eth 1 DA 1 or loopback Displays the IP addresses associated with each system interface If the interface has a point to point connection then the neighbor field contains the address of the remote system This command lists Address IP address of the interface a Neighbor IP address of the remote system a Status status of the connection ENABLED or DISABLED a Interface eth 1 DA 1 or loopback Displays all the IP networks you previously defined using the add ip network command It also lists Name network designation Prot always the IP protocol a Int name of the interface this network runs on State state of the network ENABLED or DISABLED Type STATIC or DYNAMIC network a Network Address address of the IP network Displays all the statically defined IP routes that you previously defined using the add ip route commana It lists Destination IP address that the route resolves to Prot LOCAL or RIP NextHop address of the gateway used to reach this route a Metric number of router hops away this route is from the system a If interface that the route uses Displays the IPX networks that you previously defined using the ad
8. LISTEN RESPOND_ONLY SEND To configure SAP for a LAN network use the command set ipx network lt network name gt sap BOTH DISABLE LISTEN RESPOND_ONLY SEND Other permutations of the set ipx network command can be used to configure advanced RIP features and policies IPX RIP and SAP can be enabled or disabled for each remote site connection You cannot individually enable or disable RIP or SAP they are enabled or disabled together for each remote site connection You can configure whether the OfficeConnect Remote 812 should advertise local routes and services only listen for routes and services from the remote site or both To configure IPX RIP and SAP for the remote site connection use the command set vc lt vc name gt ipx_routing ALL LISTEN NONE RESPOND SEND Bridging A bridge connects two or more physical networks together to function as one big network The OfficeConnect Remote 812 can be configured to be a learning bridge A learning bridge does more than just link networks it separates network traffic and forwards only the packets that need to be forwarded Bridges separate traffic by examining the M edia Access Control MAC addresses contained in data packets MAC addresses uniquely identify each machine 6 20 CHAPTER 6 MANUAL SETUP sgh id Configuring Bridging for the LAN attached to a network segment A data packet is not forwarded to another segment if its destination M A
9. The OfficeConnect Remote 812 Quick Setup allows you to setup a simple configuration for IP IPX and bridging Please answer the following questions with yes or no to indicate which portions of the system you want to configure When Quick Setup displays a question it will display a default answer in square brackets like yes If you simply press enter this is the answer that will be used for you Passw ord Protection Question Default Your System Do you want the CLI to be password no protected What is the console login password no more than 8 characters Which portions of the network do you want to configure Question Default Your System Network management yes IP yes IPX no Bridging no Quick Setup Identification information Question Default Your System Enter the name of your system Who is the system contact person Where is this system located Quick Setup Management Information Question Default Your System Do you want to be able to manage the system via yes SNM P An SNMP community names a group of systems that can manage your system via SNMP It is a rudimentary form of security Question Default Your System What SNMP community will manage this system public CLI Quick Setup Script 4 3 aa Along with a community name you ca
10. set interface lt interface_ name gt B 26 set ip network lt name gt B 27 set ip routing B 28 set ipx network lt network_name gt B 29 set ipx system B 30 set network service lt admin_name gt B 30 set ppp receive_authentication NONE PAP CHAP EITHER B 31 set ppp echo_retries lt number gt B 31 set samp community lt community_ name gt B 31 set system B 31 set syslog lt IP_address gt loglevel level B 32 set time lt time gt B 32 set user lt user name gt B 32 set vc lt vc_name gt B 32 set vc lt vc_name gt atm B 35 SHOW B 36 show access B 36 show atm status B 36 show adsl statistics B 36 show adsl performance B 36 show adsl transceiver_status B 37 show adsl version B 37 show bridge network lt name gt B 37 show bridge settings B 37 show call_log B 38 show command B 38 show configuration B 38 show critical_event settings B 38 show date B 39 show dhcp client lt vc name gt status B 39 show dhcp relay B 39 show dhcp server counters B 40 show dhcp server settings B 40 show dns counters B 40 show dns settings B 41 show filter lt filter name gt B 41 show icmp counters B 41 show interface lt interface_name gt counters B 42 show interface lt interface_name gt settings B 43 show ip counters B 43 show ip settings B 44 show ip network lt network_name gt settings B 44 show ipx counters B 44 show ipx network lt network_name gt counters B 45 show ipx network lt network_name gt
11. 1 REJECT src net 00 03 42 BF IPX Source and Destination Host Filtering Using CLI Host addresses must consist of the 8 digit network number followed by the four digit node number in hexadecimal format The following rule example accepts IPX packets with a destination address of 04 0B 43 AA IPX 1 ACCEPT dest host 04 0B 43 AA 999 DENY IPX Source and Destination Socket Number Filtering Using CLI Sockets numbers represent communications interfaces that let an application access a network protocol by opening a socket and declaring a destination Sockets are useful because they provide a simple way to direct an application onto the network 6 34 arpa CHAPTER 6 M ANUAL SETUP You can compare the source or destination IPX socket number contained in the packet to the socket number defined in the filter rules You must specify the type of the comparison For example the following rule example accepts IPX packets with the IPX source socket number 0x001 IPX 1 ACCEPT src socket 0x001 999 DENY IPX RIP Packet Filtering Using CLI Routing Information Protocol RIP packets are used to identify all attached networks as well as the number of router hops required to reach them The responses are used to update a router s routing table You define IPX RIP packet filtering rules in the IPX RIP protocol section of the filter file You can filter IPX RIP packets by network only The following rule example filters the rou
12. Delivered Locally sum of IPX packets delivered locally including packets from local applications No Route to Destination number of times no route to a destination was found Too Many Hops sum of incoming packets discarded for exceeding the hop count Filtered Out sum of incoming packets filtered out Decompression Errors sum of incoming packets discarded due to compression errors OUTPUT COUNTERS Total Packets Transmitted sum of IPX packets transmitted Forwarded Packets sum of IPX packets forwarded Local Transmits sum of IPX packets transmitted to local hosts Local Malformed Transmits Discarded sum of outgoing packets discarded Filtered Out sum of packets filtered out before transmission Compression Errors sum of outgoing packets discarded due to compression errors Socket Open Failures sum of outgoing packets discarded because a socket was not available show ipx network Displays statistics for the specified IPX network lt netw ork_name gt counters n RIP Out Packets sum of RIP packets transmitted RIP In Packets sum of RIP packets received SAP Out Packets sum of SAP packets transmitted SAP In Packets sum of SAP packets received show ipx network Displays parameter settings for the specified IPX network You can modify most of lt network_name gt these values using the set ipx network command settings Interface interface this IPX network uses Network Address network address of
13. IP Protocol Filtering Using CLI Filtering can be done on protocol as well The protocols that can be filtered are UDP TCP and ICMP The following rule example rejects TCP packets Creating Filters Using Command Line Interface 6 33 IP 1 REJECT protocol TCP IP RIP Packet Filtering Using CLI Routing Information Protocol RIP packets are used to identify all attached networks as well as the number of router hops required to reach them The responses are used to update a router s routing table If the router is listening for or broadcasting RIP messages you should allow them to pass in the appropriate direction s You define IP RIP filtering rules in the IP RIP protocol section of the filter file For example if you want to filter all routes except the one specified by the IP network address 195 12 254 45 you would create this rule IP RIP 1 ACCEPT network 195 12 254 45 999 DENY This filter only allows the route 195 12 254 45 into the route table All other routes are rejected Spurious RIP messages can disrupt your routing tables If you are listening for RIP messages on a given interface you may wish to consider filtering out RIP updates from untrusted networks IPX Source and Destination Network Filtering Using CLI IPX network numbers must be specified as an network number no greater than 8 digits in hexadecimal format The following rule example rejects IPX packets with a source address 00 03 42 BF IPX
14. Using command completion and positional help aids in jogging your memory of the commands and their parameters while you are typing in a command string Command retrieval retrieves commands from the history of previous commands entered You can display the current command history using the history command You can change the number of commands kept in the command history buffer using the set command history command p recall the previous command in the history list n recall the next command in the history list Positional help displays the list of possible parameters when you type after any command or parameter It then redisplays the line you typed without the so you can enter the parameter you wish to use This helps you find the parameter you need and add it to your command without having to retype the entire command string Be sure to leave a space between the keyword and the question mark to use positional help The escape key provides command completion If you press the escape key before you finish typing a command or parameter the rest of the command or parameter will be displayed completed and you can continue entering the command If the command or parameter is ambiguous the bell will ding and the display will not change The output will pause when there is more than 24 lines of output Type more or press CR to continue or quit to stop To discontinue the current command action and flush any commands wh
15. a MTU number NAT _option disable enable a NAT _default_address ip addr network service ppp PPPLLC RFC_1483 output_filter filter_name password password remote_ip_address ip addr a rip ripv1 ripv2 rip authentication string frip_policies update rip_policies send _name send_password text string a type ONDEMAND CONTINUOUS MANUAL Specifies parameters for VCs Parameters Description lt vc_name gt VC profile name address _ Determines how the IP address will be assigned for remote IP network selection connections NEGOTIATE learn the remote IP address SPECIFIED uses IP address set in remote_IP_address value bridging Enables disables bridging across this link B 34 APPENDIX B CLI COM M AND DESCRIPTION default_route_ option When enabled a default route is automatically created by negotiation with the remote router s IP address Destination _ For an SVC this is the destination E 164 address to which a connection address will be established End_time This field is the end time for the virtual circuit The expected format is HH M M SS The Seconds field is optional Header_ This determines whether you will have no compression on cell headers or compression if you will use TCP IP compression on the cell headers transmitted across this vc idle_timeout Interval to wait before timing out an inactive conne
16. see Enabling IP Routing IPX routing is enabled if an IPX network is present over the Ethernet interface see Configuring IPX for the LAN Bridging is enabled by adding a bridge network over the Ethernet interface see Configuring Bridging for the LAN Routing and bridging are enabled for each destination in its remote site profile When configured for simultaneous bridging and routing packets received from the LAN are first passed through the router for any configured protocols If the packet can not be routed it is passed to the bridge depending on the setting of the Bridge Firewall function System Administration 6 23 The Bridge Firewall has three modes Discard Routed Protocols This is the default mode If a protocol is configured for routing and a packet for that protocol type is received from the LAN that is not addressed to the MAC address of the OfficeConnect Remote 812 it is discarded Additionally broadcasts including ARPs for the protocol are not passed to the bridge To configure the Bridge Firewall for this mode use the command set bridge firewall discard_routed_protocols Forward Unicast Packets Only If a protocol is configured for routing and a packet for that protocol type is received from the LAN that is not addressed to the MAC address of the OfficeConnect Remote 812 it is bridged Additionally ARP broadcasts for IP addresses other than that of the OfficeConnect Remote 812 are also bridged Other broadcast
17. utilize when resolving names WINS 1 IP address of the primary WINS server that the DHCP server will utilize WINS 2 IP address of the secondary WINS server that the DHCP server will utilize show dns counters Displays various counters for DNS Total Queries Received sum of DNS queries received CLI Commands B 41 Responses from Local Processing number of DNS responses from local Total Response Sent sum of DNS responses sent Responses from Remote Processing number of DNS responses from remote Success Responses successful responses to DNS requests Error Responses sum of failures to DNS requests specifics shown below SPECIFIC ERROR COUNTERS Format Errors server said invalid request format Problems with Name Server internal server error NonExistent Name number of times requested name could not be resolved Server refused the request server was able to accept a request Server does not implement request server was able to accept a request Corrupted Responses response did not decrypt Timeouts number of time outs waiting for the server to respond Response could not be sent the requester had terminated show dns settings Displays settings for all DNS servers You can modify using set DNS Administration Status This controls whether the DNS server has administration status Options are Enabled or Disabled Number Retries per Server number of times the resolve name request will be sent
18. 0 0 if the option is disabled or a valid workstation IP address on the local LAN if it is enabled The static port definitions are appended to the display only when configured ma When the remote site is active current port mappings are displayed with the following commana list nat vc lt vc name gt port DHCP id Configuring the DHCP Mode Configuring the DHCP Server Dynamic Host Configuration Protocol DHCP is designed to provide a centralized approach for configuration of IP addresses and parameters When a workstation is configured for automatic assignment of IP addresses it broadcasts a request out on the LAN The DHCP Server responds with an IP address for the workstation the domain name and the IP addresses of the default router two DNS Servers and two WINS Servers The assignment of an IP address to the workstation is for a specified period of time referred to as the lease period Before the lease is set to expire the workstation will send a request to the server to extend the lease period The server maintains a list of assigned IP addresses and the duration period of the leases When a lease expires the IP address can be reassigned to another workstation The OfficeConnect Remote 812 can be configured to support up to 40 workstations on the local LAN In addition the OfficeConnect Remote 812 can be configured to be a DHCP Relay When enabled the Relay will process the broadcast request from the local works
19. 2 3 aa a Most commands are not case sensitive As a rule only lt name gt and password values require typing the correct case Configuration changes occur immediately but are lost on reboot unless you save them The save all command places configuration changes in FLASH ROM permanent memory The changes are lost if not saved to FLASH ROM or if power is lost before you can save them Commands to delete a network user interface route TCP connection community name network service and others cannot take place unless the process or function has first been disabled a Wherever an IP address value is required you can enter a host name provided you have configured a DNS server or put the name and address into the DNS Local Host table The CLI command language creates manages displays and removes system entities These entities describe system and network connections and processes M ost of the managed entities in the system are slotted in tables Some common examples are Network defines local and remote networks network connections hosts and routers a VC A table of parameters that describes connection parameters associated with a remote site These parameters are used when establishing a network connection over the WAN a User A table of parameters that describes connection parameters associated with Telnet users that wish to attach and remotely manage the unit a Filter can be applied to interfaces connec
20. 22 Simultaneous Bridging and Routing 22 System Administration 23 Setting Date and Time 24 Setting System Identification 24 Configuring Web Browser and TELNET Login Access 24 Providing TFTP Access 25 Setting Password Protection 25 Introduction 26 Filtering Overview 26 OfficeConnect Remote 812 Filtering Capabilities 27 Filter Classes 27 Filter Types 27 Data Filters 27 Advertisement Filters 28 Generic Filters 28 Creating Filters Overview 28 Creating Filters Using Command Line Interface 29 Filter File Components in CLI 29 Protocol Sections 29 Protocol Rules 30 Generic Filter Rule 31 Applying the Rules Using CLI 32 IP Source and Destination Network Filtering Using CLI 32 IP Source and Destination Port Filtering Using CLI 32 IP Protocol Filtering Using CLI 32 IP RIP Packet Filtering Using CLI 33 IPX Source and Destination Network Filtering Using CLI 33 IPX Source and Destination Host Filtering Using CLI 33 IPX Source and Destination Socket Number Filtering Using CLI 33 IPX RIP Packet Filtering Using CLI 34 IPX SAP Packet Filtering Using CLI 34 Bridge Generic Filtering Using CLI 34 Step by Step Guide to Creating Filter Files Using CLI 35 Assigning Filters 36 Interface Filters 36 Input Filter 36 Output Filters 36 Input Filters vs Output Filters 36 VC Remote Site Filters 37 Applying Filters Using CLI 37 Applying a Filter to an Interface Using CLI 37 Configuring a Filter for a VC Remote Site Using CLI 37 Setting Filter Access Using CLI
21. 32 characters long For example set system name OCRI1 location Rack4 contact SysAdmin 555 1212 Setting up a login user allows you to provide controlled access to the OfficeConnect Remote 812 from a Web browser or through TELNET Connecting with a Web browser allows you to configure and monitor your unit using the OfficeConnect Remote 812 Manager Connecting using TELNET on a workstation allows you to remotely manage the unit using CLI A default user name of root and password root are provided by DHCP Smart M ode and the IP Wizard during the initial installation For secure access you should add a private login name and password and delete the default name m To view the current login users use the command list users m To add a login user use the command add user lt name gt password lt password gt Providing TFTP Access Setting Passw ord Protection System Administration 6 25 The name can be up to 32 characters long and the password can be up to 15 characters long To delete a login user use the command delete user lt name gt m To change the password use the command set user lt name gt password lt new password gt m To enable the use of CLI for TELNET users issue the additional commana enable security_option remote_user administration Trivial File Transfer Protocol TFTP provides a simple way to transfer files from one machine to another The OfficeConnect Remote 812 has a TFTP server that allows you to co
22. 38 Managing Filters Using CLI 38 Displaying the Managed Filter List Using CLI 38 Adding Filters to the Managed List Using CLI 38 Removing a Filter from an Interface Using CLI 39 Removing a Filter from a VC Remote Site Profile Using CLI 39 Deleting a Packet Filter Using CLI 39 Verifying Filter File Syntax Using CLI 39 Showing Filter File Contents Using CLI 39 A OFFICECONNECT REMOTE 812 SAMPLE CONFIGURATION Global Configuration A 2 LAN IP Network Configuration A 2 DHCP and DNS Configuration A 2 LAN IPX Network Configuration A 3 Bridge Configuration A 3 Remote Site Internet A 3 Remote Site Corporate Access A 4 B CLI COMMAND DESCRIPTION CLI Commands B 1 ADD B 1 add access B 1 add auto_filter eth_blk_dst B 1 add auto_filter vc_blk_netbios B 1 add bridge network lt network_name gt B 1 add dns host lt host_name gt address lt IP_address gt B 2 add dns server lt domain_name gt B 2 add filter lt filter_name gt B 2 add framed_route vc lt name gt B 3 add ip defaultroute gateway lt IP_address gt B 3 add ip network lt network_name gt B 3 add ip route lt ip_net_address gt B 3 add ipx network lt network_name gt B 4 add ipx route lt ipx_net_address gt B 4 add ipx service service name B 5 add ipx_route vc lt name gt B 6 add ipx_service vc lt name gt B 6 add nat tcp vc lt user_ name gt B 7 add nat udp vc lt vc_name gt B 7 add network service lt service_name gt Status B 8 add snmp community
23. FAR 2 101 a and as such is provided with only such rights as are provided in 3Com s standard commercial license for the Software Technical data is provided with limited rights only as provided in DFAR 252 227 7015 Nov 1995 or FAR 52 227 14 June 1987 whichever is applicable You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in or delivered to you in conjunction with this User s Guide Unless otherwise indicated 3Com registered trademarks are registered in the United States and may or may not be registered in other countries 3Com the 3Com logo and OfficeConnect are registered trademarks of 3Com Corporation OfficeConnect Remote 812 is a trademark of 3Com Corporation 3ComFacts is a service mark of 3Com Corporation Artisoft and LANtastic are registered trademarks of Artisoft Inc Banyan and VINES are registered trademarks of Banyan Systems Incorporated CompuServe is a registered trademark of CompuServe Inc DEC and PATHWORKS are registered trademarks of Digital Equipment Corporation Intel and Pentium are registered trademarks of Intel Corporation AIX AT IBM NetView and OS 2 are registered trademarks and Warp is a trademark of International Business Machines Corporation Microsoft MS DOS Windows and Windows NT are registered trademarks of Microsoft Corporation Novell and NetWare are registered trademarks of Novell Inc PictureTel is a registered trademark of Pic
24. Internet local_ip address 255 255 255 255 set vc Internet nat enable set vc Internet ip_routing listen set vc Internet default_route_option enable enable vc Internet In this section the Remote Site to the Corporate office is defined with the identifying name of corp net IP and IPX are both routed over this remote site and all other protocols are bridged The configured network service is RFC 1483 and the remote router address is specified 192 168 1 254 The WAN IPX interface is Unnumbered Network Address Translation is disabled on this Remote Site Profile The ATM virtual channel is VPI 0 and VCI 33 and the Peak Cell Rate is set to the default access rate This remote site is configured with the following commands add vc corp net set vc corp net ip enable ipx enable bridging enable set vc corp net network_service rfc_1483 set vc corp net atm vpi 0 vci 33 category_of_service unspecified per 0 set vc corp net remote_ip_address 192 168 1 254 set vc corp net local_ip_address 0 0 0 0 set vc corp net nat_option disable set vc corp net ip_routing both set vc corp net ipx_address 0 ipx_routing all enable vc corp net CLI COMMAND DESCRIPTION CLI Commands ADD add access lt ip subnet address gt add auto _filter eth_blk_dst add auto _filter vc_blk_netbios add bridge network lt netw ork_name gt Use the ADD command to define a networks you will connect to a hosts you need to access SNMP
25. Site Management 2 RIP enable ip rip B 14 show ipx RIP settings B 44 Route filtering 26 Routing Information Protocol RIP packets 32 S Sample Configuration A 1 Scripts Cu do run CLI script B 13 Security CLI Access disable security_option remote_user administration B 13 enable security_option remote_user administration B 14 Dial in disable user B 13 enable user B 15 TELNET disable telnet escape B 13 enable telnet escape B 14 Virtual Channel disable VC B 13 enable VC B 15 Set command 2 1 4 7 Setting Filter Access Using CLI 37 SNMP 2 3 add snmp community B 8 lix add snmp trap_community B 9 delete snmp community B 11 delete snmp trap_community B 11 disable link_traps interface B 12 disable security option snmp user_access B 13 disable snmp authentication traps B 13 enable link_traps interface B 14 enable security_option snmp user_access B 14 enable snmp authentication traps B 14 list samp communities B 20 System Administration Overview 23 System Commands delete configuration B 10 delete file B 10 delete framed route vc B 10 delete syslog B 11 do run a script file B 13 help B 15 history B 15 kill B 15 list facilities B 17 list files B 17 list processes B 19 quickvc B 21 reboot B 21 rename file B 21 show configuration B 37 System ID 23 T TELNET access 24 TFTP access 24 Time 23 U Users delete user B 11 show user settings B 51 show vc settings B 51 Vv VC delete vc B 11 set vc B 3
26. You can view the current DNS settings with the command show dns settings a You can alter the current DNS settings with the commana set dns cache_size lt size gt number_retries lt number gt timeout lt seconds gt m To adda DNS Host entry to the DNS Static Host table use the command add dns host lt host name gt address lt ip address gt To view the contents of the Static Host table use the command list dns hosts m To delete a specific Host entry use the command delete dns host lt host name gt When resolving a DNS name the OfficeConnect Remote 812 first searches for a match in the Static Host table If a match is not found it will perform a proxy function The DNS Server table contains a list of DNS Servers for specific domains Each domain listed in the table can have up to two DNS Server addresses associated with it The default domain has the name Using PPP it is possible to learn DNS server addresses when the PPP session is established In addition to specifying server addresses in the DNS Server table you can specify a VC profile name that should be used to learn the addresses m To create a DNS Server entry when specific addresses are known use the command Access Lists IPX Routing 6 15 add dns server lt domain name gt primary_address lt ip address gt secondary_address lt ip address gt To create an entry that will learn addresses using PPP use the command add dns server lt dom
27. address gt delete bridge network lt network_name gt delete configuration Adds a Telnet user to the local user table The list users command displays these parameters for all users Parameters Description Name Name of the user to be added up to 32 ASCII characters Password User s password up to 15 ASCII characters Enabled This indicates whether the user is enabled Enter YES or NO Creates a virtual channel VC profile Each profile represents a connection to a remote site The list vc command displays a list of all configured VCs and their status Use the set vc command to modify VC parameters When a VC profile is created all of the different configurable parameters associated with the profile assume default values The default values are specified in the VC profile named default You can display the current default values with the command show vc default Parameters Description name Name of the user to be added up to 32 ASCII characters output outputfile_name Prints the IP address and M edia Access Control Address M AC if on a locally connected network of a network node to a file or the CLI default If a node is not in the ARP cache an ARP request will be sent out Parameters Description lt ip_name_or_addr gt IP address or node name for the IP and MAC address you seek Delete commands remove anything you previously added The access list defines which Remote IP Subnets a
28. channel identifier for the ILMI a filter_access ON OFF a input_filter lt filter_name gt a output filter lt filter_name gt Sets filter parameters for the specified protocol on the specified interface You can see the available filter files using list filters view the contents of a filter file using show filter and add filter files to FLASH memory using TFTP Parameters Description set ip network lt name gt CLI Commands B 27 lt interface_ name gt Designation of interface you are setting parameters for Limit of 32 characters filter_access ON causes filters specified for an interface with a set interface command to override filters specified with a set user command when the filters are of the same type input_filter Name of filter file you wish to be applied to the input stream coming in on the specified interface Limit 20 characters output_filter Name of the filter file you wish to be applied to the output stream leaving the specified interface Limit 20 characters broadcast_algorithm number reassembly_maximum_ size number a rip authentication string Trip policies update lt rip_policies gt routing protocol NONE RIPV1 RIPV2 Sets the broadcast algorithm the maximum size used for reassembling fragmenting packets the RIP authentication string RIP policies and the routing protocol for the specified interface The only required parameter for this command is lt n
29. default_gateway ipx_host_add a initial_pool_address ipx_addr pool_members number Sets parameters for dynamic IPX networks Parameters Description priority Priority for the dynamic IPX network default_gateway Default router for the dynamic IPX network initial pool_address Initial IPX address used to dynamically assign IPX network pool_members Number of addresses to reserve in the pool of IPX addresses used when dynamically assigning IPX networks server_type server_type socket socket_number a data string close_active_connections TRUE FALSE Sets parameters for configured network services You can list the configured network services using list network services The service must be disabled for this command to work Parameters Description lt admin_name gt Designation you assigned to network service with the add network service command Limit of 32 characters set ppp receive_authentication NONE PAP CHAP EITHER set ppp echo _retries lt number gt set snmp community lt community_name gt set system CLI Commands B 31 au server_type Type of network service you wish to assign to this administration name Currently available services are TELNETD TELNET server HTML for gathering statistics SNM PD SNMP agent TFTPD server for file transfers socket Indicates which socket the server listens on For TFTP and T
30. event e g a routing update message DEBUG for debugging only Sets the system time and leaves the date unchanged Use show date to see what the current settings are The format is hh mm ss The seconds field is optional message message password password session_timeout seconds tcp_port tcp port a terminal_type M odifies user parameters Parameters Description lt user_name gt Name of user previously defined using add user Limit of 32 characters message Message presented to a dial in user password User s password up to 15 ASCII characters Value is required session_timeout Interval before timing out a session tcp_port TCP Port number for the Telnet session Terminal_type The type of terminal This is an alphanumeric string of up to 64 characters address selection negotiate assign specified CLI Commands B 33 bridging enable disable default_route_option enable disable destination_address ip address end_time HH MM SS header_compression none TCPIP idle timeout seconds input_filter filter_name ip enable disable a ip_routing listen send both none ip source validation enable disable ipx enable disable ipx_address ipx_addr ipx_routing all listen respond send none ipx_wan enabled disabled a local_IP_address ip_net_address mac_routing enable disable
31. for a packet are not required Conversely packets that are bridged over a Wide Area Connection include M AC layer information Address resolution procedures are required MAC Encapsulated Routing uses network level addresses for forwarding decisions but transmits MAC layer addresses over the Wide Area Connection Additionally address resolution procedures are used To the remote site the packets appear as if they had been bridged This feature allows the routing features of the OfficeConnect Remote 812 i e address translation DHCP Server DNS Proxy etc to be employed in a bridged environment MAC Encapsulated Routing is specified on a per VC basis When MAC Encapsulated Routing is enabled in a VC profile packets for the routed protocols configured by the profile i e IP and or IPX will be sent using the appropriate bridged encapsulation If the configured network service is RFC 1483 then the packets will be encapsulated in a bridged 1483 format If the configured service is PPP the packets will be encapsulated in BRCP m To enable MAC Encapsulated Routing in a VC profile use the command set vc lt vc_name gt mac_routing enable m To disable the MAC Encapsulated Routing in a VC profile use the commana set vc lt vc_name gt mac_routing disable Simultaneous Bridging and Routing The OfficeConnect Remote 812 can be configured for simultaneous bridging and routing IP routing is configured if IP forwarding is enabled
32. gt B 17 LIST B 17 list access B 17 list active interfaces B 17 list bridge forwarding B 17 list call events B 17 list call log B 17 list critical events B 18 list dns hosts B 18 list dns servers B 18 list facilities B 18 list filters B 18 list files B 18 list interfaces B 18 list ip addresses B 18 list ip arp B 18 list ip interface_block B 19 list ip networks B 19 list ip routes B 19 list ipx networks B 19 list ipx routes B 19 list ipx services B 20 list lan interfaces B 20 list networks B 20 list processes B 20 list ppp B 20 list services B 21 list samp communities or list snmp trap_communities B 21 list syslog B 21 list tcp connections B 21 list tftp clients B 21 list udp listeners B 21 list users B 22 list vc B 22 login_required B 22 password B 22 PAUSED COMMANDS B 22 PING B 22 ping lt ip_name_or_addr gt B 22 QUICKVC B 22 REBOOT B 23 RENAME B 23 rename file lt input_file gt lt output_file gt B 23 RESOLVE B 23 resolve name lt IP_host_name gt B 23 SAVE B 23 save all B 23 SET B 23 set adsl reset B 23 set adsl wire pair B 23 set bridge B 23 set bridge firewall firewall mode B 24 set command B 24 set date lt date gt B 24 set dhcp mode lt mode gt B 24 set dhcp relay serverl B 24 set dhcp relay server2 B 25 set dhcp server B 25 set dns B 26 set facility lt facility_name gt loglevel level B 26 set ilmi vpi lt number gt vci lt number gt B 26
33. ip network lt network name gt address lt ip address mask gt frame ETHERNET II SNAP You can obtain a list of all configured networks using the command list networks To only list IP networks use list ip networks By default the network is enabled when it is created You can disable the network using the following command disable ip network lt network name gt a You can delete a disabled network using the command delete ip network lt network name gt The reconfigure ip network command can be used to modify an existing IP network s address or frame type IP RIP is configurable on each LAN IP network The OfficeConnect Remote 812 supports two versions of RIP V1 or V2 You can also disable RIP completely m To set enable disable RIP or set the version to use for a particular LAN IP network use the command set ip network lt network name gt routing_protocol NONE RIPV1 RIPV2 Other permutations of the set ip network command can be used to configure advanced RIP features and policies In order to enable IP to be routed to a remote site you must configure the following items in the VC profile associated with the remote site connection You must enable IP routing in the profile You must enter the remote IP address information You must enter the local IP address information m To enable or disable IP routing in a VC profile use the command IP Routing 6 7 a set vc lt vc name gt ip DISABLE
34. kill lt process name gt LIST list access list active interfaces list bridge forwarding list call events list call log CLI Commands B 17 Kills an active process Use list processes to see which processes are currently active You can only kill a process that you started An example would be a ping that you started that you now wish to kill Displays all IP Subnet addresses in the access list Displays the index name operational status and administration status of all active interfaces The output is the same as the list interfaces command except non active interfaces are not displayed Inactive interfaces are interfaces with no current connections Displays the forwarding and filtering information a MAC address A unicast MAC address for which the bridge has forwarding and or filtering data a Status One of a other not one of the following a invalid aged out learned learned and in use a self statically defined and in use mgmt unknown but filtering information exists RxPkt Number of packets received from this MAC station a RxOctets No of bytes octets received from this MAC station a Fitr Number of packets received from this MAC station that were filtered out discarded Fwd Number of packets received from this MAC station that were forwarded a TxPkt Number of packets forwarded to this MAC station a TxOctets Number of bytes forwarded to this MAC station Display
35. lt community_ name gt B 9 add snmp trap_community lt name gt B 9 add syslog lt ip_name_or_addr gt loglevel loglevel B 9 add tftp client lt ip_name_or_addr gt B 9 add user name password password B 9 add vc name B 10 ARP B 10 arp lt ip_name_or_addr gt B 10 DELETE B 10 delete access B 10 delete bridge network lt network_name gt B 10 delete configuration B 10 delete dns host lt host_name gt B 11 delete dns server lt domain_name gt B 11 delete filter lt filter_name gt B 11 delete file lt filename gt B 11 delete framed route vc B 11 delete ip network lt network_name gt B 11 delete ip route lt IP_address gt B 11 delete ipx network lt name gt B 11 delete ipx route lt ipx_net_address gt B 11 delete ipx service lt service_name gt B 11 delete nat tcp vc lt vc_name gt B 11 delete nat udp vc lt vc_name gt B 11 delete network service lt service_name gt B 12 delete snmp community lt name gt B 12 delete snmp trap_community lt name gt B 12 delete syslog lt ip_name_or_address gt B 12 delete tftp client lt ip_name_or_address gt B 12 delete user lt name gt B 12 delete vc lt name gt B 12 DIAL B 12 dial lt vc_name gt B 12 DISABLE B 12 disable access B 12 disable bridge network lt name gt B 12 disable bridge spanning_tree B 12 disable icmp B 13 disable interface lt interface_name gt B 13 disable ip forwarding B 13 disable ip network lt network_name gt B 13 disab
36. name gt public_port lt port gt private_address lt ip address gt private_port lt port gt add nat udp vc lt vc name gt public_port lt port gt private_address lt ip address gt private_port lt port gt Note Typically the private and public port numbers are configured for the same value i e 21 for an FTP Server However you can map multiple public port numbers to the same private port number For example if you want to support a Web Server on the LAN and be able to manage your OfficeConnect Remote 812 with the Web Browser you would define 2 static ports for the Web Server TCP port 80 Configure your LAN Server with public port 80 private port 80 and the private address of the LAN Server Configure yourocr812 manager with public port 8080 private port 80 and the private address equal to the ethernet port IP address To access the ocr812 from a Web Browser type in public Address 8080 The value 8080 was chosen for example purposes only you can use any value within the port number range i e 81 id Monitoring NAT DHCP 6 11 Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory The NAT configuration is displayed when viewing the remote site configuration using the show vc command The Network Address Translation field should indicate enabled The NAT Default Address field will contain 0 0
37. of the internetwork s routers In general it performs better when used with split horizon a Flash Update enabled by default It is also known as triggered update meaning broken routes will be advertised immediately instead of waiting for the next scheduled broadcast B 23 APPENDIX B CLI COM MAND DESCRIPTION Hnt The following flags are for backward compatibility with RIP version 1 when RIP version 2 is selected as the routing protocol a Send Compatibility Controls the selection of destination MAC and IP addresses It is enabled by default When enabled broadcast address is used when disabled multicast address is used a RIP V1 Receive Controls the receipt of RIP version 1 updates When RIP version 1 is the selected routing protocol this policy is enabled by default which means RIP version 1 packets are received When RIP version 2 is chosen this policy is enabled by default meaning RIP version 1 packets are received a RIP V2 Receive Controls the receipt of RIP version 2 updates When RIP version 1 is the selected routing protocol this policy is enabled by default which allows RIPV1 packets to be received When RIP version 2 is selected this policy is enabled by default allowing RIPV2 packets to be received a Silent This flag tells RIPv2 not to send updates It is disabled by default Parameters Description lt network_name gt Designation of the IP network for which you want to set paramet
38. range of the pool must be 40 addresses or less and must be entered on the same command line a The following set of commands configure the address pool and the network subnet IP address mask set dhcp server start_address lt ip address gt end_address lt ip address gt set dhcp server mask lt ip address gt The final set of DHCP Server commands configure the Lease period and IP addresses of the Default gateway WINS Servers and DNS Servers There can be up to two WINS and DNS Servers specified If this functionality is to be disabled an IP address of 0 0 0 0 is entered If the OfficeConnect Remote 812 is functioning as the DNS Proxy the OfficeConnect Remote 812 s LAN IP address should be configured as the first primary DNS address set dhcp server lease lt seconds gt set dhcp server router lt ip address gt set dhcp server wins1 lt ip address gt wins2 lt ip address gt set dhcp server dns1 lt ip address gt dns2 lt ip address gt There are monitoring commands which display the DHCP protocol counters and current lease information The DHCP protocol counters indicate the requests received responses transmitted and error indicators The lease information indicates which IP addresses have been assigned the corresponding workstation MAC addresses and remaining time before the lease expires Configuring the DHCP Monitoring the DHCP Relay Relay DNS 6 13 show dhcp server counters list dhcp server leases
39. remote PPP entity Peer to Local ACC Map ACC Map used by the remote PPP entity when transmitting packets to the local PPP entity Local To Remote Protocol Compression Indicates whether the local PPP entity will use Protocol Compression when sending packets to the remote PPP entity Default ENABLED Remote To Local Protocol Compression Indicates whether the remote PPP entity will use Protocol Compression when transmitting packets to the local PPP entity Default ENABLED Local To Remote ACC Compression Indicates whether the local PPP entity will use Address and Control Compression when sending packets to the remote PPP entity Default ENABLED Remote To Local ACC Compression Indicates whether the remote PPP entity will use Address and Control Compression when sending packets to the local PPP entity Default ENABLED SETTINGS for PPP LINK 1 5 AUTHENTICATION Operational Status not opened or opened Local To Remote Compression Protocol authentication protocol used by the local PPP entity when it authenticated the itself to the remote PPP entity PAP is the default B 50 APPENDIX B CLI COM M AND DESCRIPTION Hirit show ppp settings show security_option settings show snmp counters Remote To Local Compression Protocol authentication protocol used by the remote PPP entity when it authenticated the itself to the local PPP entity PAP is the default Displays global settings for PPP You can modify inboun
40. route over the LAN use the command add ip route lt ip network address gt gateway lt ip address gt metric lt metric gt id Address Translation 6 9 a The route will appear in the IP routing table You can display all IP routes with the list ip routes command To delete an IP Static route use the command delete ip route lt ip network address gt a To add a Framed route that will be installed in the IP routing table when a connection is established use the command add framed_route vc lt vc name gt ip_route lt ip network address gt metric lt metric gt where gateway is the address of the remote router The route will be removed from the routing table when the VC profile is disabled To delete a Framed route so that it no longer will be installed in the routing table when the connection is established use the command delete framed_route vc lt vc name gt ip_route lt ip network address gt Remember to disable and then re enable the VC profile for the change to take effect The OfficeConnect Remote 812 CLI provides a standard set of IP utility programs including Ping TELNET and RLOGIN IP Tools Address Translation Netw ork Address Translation NAT Public IP addresses are registered and can be used within a public network e g the Internet Due to the limitation of IP version 4 address space and the growth of the Internet public addresses are becoming more scarce One solution to this
41. routing ripv2 OCR DSL gt enable ip network test OCR DSL gt enable ip forwarding OCR DSL gt add ipx network ipx address 12345661 interface eth 1 frame ethernet_ii OCR DSL gt disable bridge spanning_tree OCR DSL gt add bridge network bridge OCR DSL gt save all Saving SAVE ALL SAVE ALL Complete OCR DSL gt Spawned Process CFP 282002 QuickSetup commands Completed Successfully Quick Setup CLI is designed only for initial set up of the OfficeConnect Remote 812 When setup is complete this one time program will alter your configuration files which the program cannot edit If you make an error and need to restart use the delete configuration command to reboot and return to factory set default 4 8 CHAPTER 4 QUICK SETUP sgh Quick VC SETUP This chapter will describe in detail the operations of the OfficeConnect Remote 812 VC Setup Wizard program It will identify the required information steps involved and sample output scripts from the execution of this program CLI QuickVC Setup Script Introduction Instructions Starting QuickVC Setup ATM Parameters The CLI QuickVC Setup program allows you to quickly configure remote site profiles virtual channel connections for your OfficeConnect Remote 812 Instead of using cryptic commands you will simply respond to a series of questions regarding different aspects of your configuration The program will convert your responses into the appropr
42. specify upstream transmission rates for the particular Category of Service m PCR the Peak Cell Rate is the maximum number of cells second transmitted over this connection The Peak Cell Rate is optional for UBR and required for CBR To configure the profile for UBR use set vc lt vc name gt atm category_of_service unspecifed pcr lt cell rate gt To configure the profile for CBR set vc lt vc name gt atm category_of_service constant pcr lt cell rate gt where the per parameter is used for the constant bit rate that is desired instead of as the peak cell rate PCR value of 0 The OfficeConnect Remote 812 will attempt to use all of the i If no traffic shaping parameters have been provided you should choose UBR with a upstream bandwidth when transmitting data to the remote site IP Routing The OfficeConnect Remote 812 can be configured as an IP Router to forward packets between the local LAN interface and one or more Remote Sites A forwarding table is maintained which specifies which interface to route an IP packet based on the destination IP address Entries in the forwarding table are both static and dynamic Static entries are based on the LAN s and remote site s subnet addresses and user configured static routes Dynamic entries are added when RIP is enabled and routes are learned from neighboring routers id Enabling IP Routing Configuring an IP Netw ork over the LAN IP Routing 6 5 au To config
43. that controls access to the network for that location This filter is only applied for the duration of the remote network connection As with interface filters a remote site filter can be configured to apply to input or output data traffic Applying Filters Using CLI id Applying a Filter to an Interface Using CLI id id Configuring a Filter for a VC Remote Site Using CLI You can apply filters to interfaces and or users using the CLI If you modify a file you need to re assign it to make the changes take effect immediately Otherwise the changes will not take effect until the protocol network IP IPX or bridge that the filter affects goes down and comes back up This occurs when a network is disabled the WAN connection goes down then up or when the OfficeConnect Remote 812 is rebooted Do not apply a filter to more than one interface or VC remote site profile Also do not apply an input and an output filter to more than one Ethernet interface To configure an input or output filter on an interface use the following CLI commands set interface lt interface name gt input _filter lt filter name gt set interface lt interface name gt output _filter lt filter name gt Interface name is eth 1 for the Ethernet interface and atm 1 for the ATM interface For example to apply an input filter to the ethernet interface set interface eth 1 input_filter filter fil When assigning the filter to the Ethernet interface
44. the server Responses Received with Error number of responses received that were in error B 40 APPENDIX B CLI COM MAND DESCRIPTION Hirit show dhcp server Displays various counters for the DHCP Server counters Lease Requests Received Lease Accepts Received Lease Renewals Received Lease Refusals Received Lease Releases Received Unrecognized Packets Received Lease Offers Transmitted Lease Confirmations Transmitted Renewal Refusals Transmitted Lease Confirmations Transmitted Requested Address Out of Range Requested Address In Use No Free Addresses show dhcp server Displays the current settings for the DHCP Server settings Status Whether DHCP Server is active Start IP Address First IP address in the pool of IP addresses that will be handed out through DHCP End IP Address Last IP address in the pool of IP addresses that will be handed out through DHCP IP Mask IP network mask that applies to the pool of IP addresses being administered IP Router IP address that the workstations should use as their default gateway Lease The number of seconds that an IP address will be allocated to a workstation without having to be renewed Host Name DNS host name of this unit Domain Name Name of the DNS domain we exist in DNS 1 IP address of the primary DNS server that the DHCP server will utilize when resolving names DNS 2 IP address of the secondary DNS server that the DHCP server will
45. this IPX network B 46 hey APPENDIX B CLI COM MAND DESCRIPTION show ipx rip show ipx sap a Frame Type frame type used by the interface ETHERNET II SNAP or LOOPBACK Maximum Packet Size maximum allowable packet size for this IPX network Default is 1500 Status operational state of the network a Network Delay ticks time in number of ticks it takes to reach this IPX network Network Learning Retries number of times this network will resend packets to discover its directly connected neighbors a Diagnostics sending of diagnostic packets ENABLED or DISABLED NetBIOS support ENABLED or DISABLED a NetBIOS Name Caching support ENABLED or DISABLED NetBIOS Cache Timer sec interval a NetBIOS system will be kept in the cache NetBIOS Maximum Hops most hops this network will make to locate a NetBIOS system a RIP RIP status a RIP Update sec number of seconds to wait before aging out RIP entries a RIP Age Multiplier number to multiply the rip_ update interval by to obtain the value for aging out the entries in the RIP database a RIP Max Packet Size largest allowable size of a RIP packet SAP SAP state SAP Update sec number of seconds to wait before aging out SAP entries SAP Age Multiplier number to multiply the sap_update_interval by to obtain the value for the aging out entries in the SAP database SAP Packet Size greatest allowable size of a SAP pack
46. to the table below Below is a partial list of the IPX services available Type Description 04 file server 05 job server 07 print server 09 archive server CLI Commands B 7 0A job queue 21 NAS SNA gateway 2E dynamic SAP 47 advertising print server 4B Btrieve VAP 5 0 4C SQL VAP 7A TES NetWare VMS 98 NetWare access server 9A Named Pipes server 9E PortableNetW are UNIX 107 NetWare 386 111 Test server 166 NetWare management 26A NetWare management 26B Time synchronization 278 NetWare Directory server add nat tcp vc private_address ip_address lt user_name gt private_port number public_port number Parameters Description lt vc_name gt VC profile name private_address IP address of the server on the LAN private_port Port number associated with the service public_port Public port number Configuring Network Address Translation in Chapter 6 for an example in which i Note Typically the private and public port numbers are set to the same value See they differ add nat udp vc private_address ip_address lt vc_name gt private_port number public_port number Parameters Description lt vc_name gt VC profile name private_address IP address of the server on the LAN private_port Port number associated with the service public_port Public port number Configuri
47. to each Name Server if the server fails to respond to a request before the timeout period Timeout Period in Seconds number of seconds to wait before deciding a request to a Name Server has timed out show filter protocols BR ETH BR ETH CALL IP IP CALL IP RIP lt filter_name gt Displays the filter rules based on the protocol options specified The filter name MUST be a filter file as listed using list filters BR ETH Ethernet bridge data filter rules BR ETH CALL Ethernet bridge call filter rules IP IP data filter rules IP CALL IP call filter rules IP RIP IP RIP advertisement filter rules show icmp counters Shows the Input and Output Counters for ICMP Two types of ICMP messages error and query messages are sent to syslog hosts ICMP COUNTERS INPUT COUNTERS B 42 heey APPENDIX B CLI COMMAND DESCRIPTION Messages ICMP packets received Errors ICMP packets received with errors Destination Unreachable sum of ICM P messages received when a router cannot forward a packet to its specified destination Time Exceeded sum of ICMP messages generated by a router when time has exceeded or a timeout has occurred while waiting for a packet segment Parameter Problems sum of ICMP messages generated by a router when it encounters an error Source Quench sum of ICMP messages informing a host it should slow data transmission to ease congestion Redirects sum of ICMP messages concerning a rou
48. 2 VC Remote Site Filters 36 Virtual Channel VC 3 1 Virtual Channels set vc ppp atm B 34 W WAN PPP show ppp on interface counters B 46 show ppp on interface settings B 46 show ppp on vc counters B 45 show ppp on vc settings B 45 show ppp settings B 48 Web Browser access 24 3Com Corporation LimireD WARRANTY HARDWARE 3Com warrants its hardware products to be free from defects in workmanship and materials under normal use and service for the following lengths of time from the date of purchase from 3Com or its Authorized Reseller Network interface cards Lifetime Other hardware products unless otherwise specified in the warranty statement above 1 year Spare parts and spares kits 90 days If a product does not operate as warranted above during the applicable warranty period 3Com shall at its option and expense repair the defective product or part deliver to Customer an equivalent product or part to replace the defective item or refund to Customer the purchase price paid for the defective product All products that are replaced will become the property of 3Com Replacement products may be new or reconditioned Any replaced or repaired product or part has a ninety 90 day warranty or the remainder of the initial warranty period whichever is longer 3Com shall not be responsible for any software firmware information or memory data of Customer contained in stored on or integrated with any products returned to 3C
49. 8 9 999 DENY Continue to define protocol rules for each protocol section you want to filter 6 Inspect the file to ensure that it meets all filtering rules 10 This step is important since you cannot edit the filter file from within the CLI To edit the file you must modify the it using a text editor TFTP the modified file into the FLASH replacing the original file and verify the filter using the verify filter command Save the filter file using a 12 3 FLT extension The filter file extension will allow you to differentiate the filter file from other files stored in the router FLASH memory You can use the list files command to ensure the filter file was successfully stored in the router FLASH memory Configure a PC as a Trivial File Transfer Protocol TFTP client of the router by entering add TFTP client lt hostname or IP address gt To use CLI see the CLI User s Guide for instructions for connecting the console cable and communicating with the OfficeConnect Remote 812 using a terminal emulator like M icrosoft s HyperTerminal 6 36 CHAPTER 6 MANUAL SETUP Mk 11 12 13 14 From a machine that has access to the same network as the router use a TFTP command to transfer the filter file to the router FLASH memory For example from the workstation command line enter tftp lt OfficeConnect Remote 812 IP address gt put lt filter filename gt The router does not recognize a filter file stored in its FLASH m
50. C address resides on the same segment as its source To efficiently separate traffic the bridge maintains a Bridge Forwarding Table The table contains a list of M AC addresses and their associated network segments The table is built dynamically from the source MAC addresses of data packets passing through the bridge The OfficeConnect Remote 812 bridge supports the Spanning Tree Protocol STP This feature is used when two networks are joined by two bridges forming a looped network STP prevents the data packets from circling the two networks The OfficeConnect Remote 812 provides a Bridge Firewall function which allows flexible configuration of simultaneous bridging and routing For more information on the Bridge Firewall see the Bridging and Routing section To set up bridging on the OfficeConnect Remote 812 you must Configure bridging for the LAN a Configure bridging for the remote site connection You may also want to a Set up to bridge IP traffic a Modify advanced bridging options Details are provided in the following sections Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory To configure a protocol over the LAN you need to assign a protocol network to the LAN port by providing aname After adding a network you can modify advanced parameters a To add abridge network over the Ethernet inter
51. Description lt name gt The name of the user for the IPX route Ipx_net IPX address of the route in IPX xxxxxxxx form Metric An integer representing how far away the route is in hops through other routers Values are 1 15 ticks Estimated interval in ticks it takes to deliver a packet to the remote network There are approximately 18 ticks per second add ipx_service vc ipx_net ipx_address Samer hops number name name node internal_node_number socket socket_number a type service_type Adds a static IPX service for the WAN to the IPX services table You must supply the name internal ipx network number node number socket and type of service for this service The user must also supply gateway information to indicate the next router hop Parameters Description lt name gt The name of the user for the IPX route Petitioned IPX address of the route in IPX xxxxxxxx form Hops An integer representing how far away the route is in hops through other routers Values are 1 15 name Estimated interval in ticks it takes to deliver a packet to the remote network There are approximately 18 ticks per second node The internal MAC address of the server on which the service resides This is typically 00 00 00 00 00 01 socket Indicates which socket the server listens on type Type of service hex number referring to file server print server etc Refer
52. ELNET it is the TCP or UDP port number data TELNET Ancillary Data This field contains server specific configuration data See table which lists the configurable ancillary data parameters close_active_connections Indicates whether or not to close any active connections when a service is disabled by the disable network_service command Sets the type of inbound authentication to be used when establishing PPP connections See RFC 1334 for details about CHAP and PAP Options Parameters Description NONE Don t check PAP Use Password Authentication Protocol CHAP Use Challenge Handshake Authorization Protocol EITHER Use whichever type of authentication is requested Sets the number of PPP echo request retries that will be attempted before declaring a PPP link down When set to a non zero value PPP echo requests will periodically be sent on all active PPP links If a lt number gt consecutive PPP echo responses are not received the PPP link will be declared down The maximum lt number gt of PPP echo retries is 10 When set to 0 the default no PPP echo requests will be sent the feature is disabled address IP_address access RO RW Modifies parameters for an SNMP authorized user The community name and IP address of SNMP requests from managers on the network must match the list which you can see using list samp communities Parameters Description lt community_ name gt Group designatio
53. ENABLE The remote IP address information consists of the IP address of the router at the other end of the VC connection This address can be either specified by you or if you are using PPP as the Network Service for the connection it can be learned when the PPP session is established To Specify the remote IP address use the command set vc lt vc name gt remote_ip_address lt ip address mask gt To specify that the remote IP address should be learned you can enter 255 255 255 255 H for the lt ip address mask gt parameter or you can use the command set vc lt vc name gt address selection negotiate The IP address associated with the local side of the WAN connection can be specified by you learned from the remote site if you are using PPP as the Network Service for the connection or the interface can be Unnumbered a To Specify the local IP address use the command set vc lt vc name gt local_ip_address lt ip address gt To specify that the local IP address should be learned you must enter 255 255 255 255 for the lt ip address gt parameter To specify that the interface is Unnumbered you must enter 0 0 0 0 for the lt ip address gt parameter See Appendix B of the OfficeConnect Remote 812 ADSL Router User s Guide for a discussion of Unnumbered interfaces Optionally you can specify that the remote site should be used as the default gateway a To designate the remote site as the default gateway use the co
54. LE or DISABLE forwarding of IP packets show ip network Displays parameter settings for the specified IP network See the set ip network lt network_name gt command on page 29 for additional details settings Interface interface this IP network runs on Network Address network address of this IP network Frame Type frame type used by the interface Status ENABLED ACTIVE INACTIVE DISABLED Reconfigure Needed This is TRUE or FALSE Mask subnet mask used by this IP network Station station address of this IP network Broadcast Algorithm broadcast algorithm used for this network Max Reassembly Size maximum packet size allowed to be reassembled from fragments IP Routing Protocol routing protocol used IP RIP Routing Policies routing policies used by RIP IP RIP Authentication Key text string used for RIPv2 authentication show ipx counters Displays counters for all IPX network activity CLI Commands B 45 INPUT COUNTERS Total Packets Received sum of IPX packets received Header Errors sum of incoming packets discarded due to errors in their headers including any IPX packet sized less than a minimum of 30 bytes Unknown Sockets sum of incoming packets discarded because the destination socket was not open Discarded sum of incoming packets discarded due to reasons other than those accounted for by Header Errors and Unknown Sockets Checksum Errors sum of IPX packets received with wrong checksums
55. N state from the SYN RCVD state Resets of times TCP connections made a direct transition to CLOSED state from either ESTABLISHED or CLOSE WAIT states a Currently Established number of TCP connections for which the current state is either ESTABLISHED or CLOSE W AIT Input Segments sum of segments received Output Segments sum of segments sent including those on current connections but excluding those containing only retransmitted octets Retransmitted Segments sum of segments retransmitted Displays system wide TCP settings TCP SETTINGS a Retransmission Algorithm for example Van Jacobson a Minimum Timeout minimum retransmission timeout interval Maximum Timeout maximum retransmission timeout interval Maximum Connections sum of TCP connections allowed If maximum number of connections is dynamic the value is 1 Displays statistics for UDP datagrams INPUT COUNTERS Total Input Datagrams sum of UDP datagrams received Input but No Port sum of received UDP datagrams for which there was no application at the destination port Input with other Errors sum of received UDP datagrams that could not be delivered for reasons other than the lack of an application at the destination port OUTPUT COUNTERS a Total Output Datagrams sum of UDP datagrams sent Displays the parameters defined for the specified TELNET user You can use list users to see which users are defined Displays the param
56. O ASSUME FOR IT ANY OTHER LIABILITY IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE OR USE OF ITS PRODUCTS 3COM SHALL NOT BE LIABLE UNDER THIS WARRANTY IF ITS TESTING AND EXAMINATION DISCLOSE THAT THE ALLEGED DEFECT IN THE PRODUCT DOES NOT EXIST OR WAS CAUSED BY CUSTOMER S OR ANY THIRD PERSON S MISUSE NEGLECT IM PROPER INSTALLATION OR TESTING UNAUTHORIZED ATTEMPTS TO REPAIR OR MODIFY OR ANY OTHER CAUSE BEYOND THE RANGE OF THE INTENDED USE OR BY ACCIDENT FIRE LIGHTNING OR OTHER HAZARD LIMITATION OF LIABILITY TO THE FULL EXTENT ALLOWED BY LAW 3COM ALSO EXCLUDES FOR ITSELF AND ITS SUPPLIERS ANY LIABILITY WHETHER BASED IN CONTRACT OR TORT INCLUDING NEGLIGENCE FOR INCIDENTAL CONSEQUENTIAL INDIRECT SPECIAL OR PUNITIVE DAMAGES OF ANY KIND OR FOR LOSS OF REVENUE OR PROFITS LOSS OF BUSINESS LOSS OF INFORMATION OR DATA OR OTHER FINANCIAL LOSS ARISING OUT OF OR IN CONNECTION WITH THE SALE INSTALLATION MAINTENANCE USE PERFORM ANCE FAILURE OR INTERRUPTION OF ITS PRODUCTS EVEN IF 3COM ORITS AUTHORIZED RESELLER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND LIMITS ITS LIABILITY TO REPAIR REPLACEM ENT OR REFUND OF THE PURCHASE PRICE PAID AT THE OPTION OF 3COM THIS DISCLAIM ER OF LIABILITY FOR DAMAGES WILL NOT BE AFFECTED IF ANY REMEDY PROVIDED HEREIN SHALL FAIL OF ITS ESSENTIAL PURPOSE GOVERNING LAW This Limited Warranty shall be governed by the laws of the State of California U S A Some countries sta
57. O_SEND_DEFAULT D SEND_ROUTES D NO_SEND_ROUTES SEND_SUBNETS NO_SEND_SUBNETS D ACCEPT_DEFAULT NO_ACCEPT_ DEFAULT D SPLIT HORIZON D NO_SPLIT HORIZON POISON_REVERSE D NO_POISON_ REVERSE FLASH_UPDATE D NO_FLASH_UPDATE SEND_COMPAT D NO_SEND_COMPAT RIPV1_RECEIVE D NO_RIPV1_ RECEIVE RIPV2_RECEIVE D NO_RIPV2_RECEIVE SILENT default is disabled send_name An identification name sent to the remote network send_password Password sent to the remote network Limit 15 characters Type Describes type of connection Options ONDEMAND makes connection when the system needs a session with the remote network CONTINUOUS keeps connection up all the time MANUAL manually starts connection using the CLI a bt number category_of_service Unspecified UBR Variable VBR pcr number scr number a type PVC SVC a vci number vpi number Sets ATM parameters for VCs Parameters Description lt vc_name gt VC profile name Bt Burst Tolerance VBR only Category_of_service Select either Unspecified UBR or Variable VBR Pcr Peak Cell Rate both UBR and VBR B 36 APPENDIX B CLI COM M AND DESCRIPTION Hirit SHOW show access show atm status show adsl statistics show adsl performance Scr Sustained Cell Rate VBR only Type This designated a virtual circuit as either a Switched Virtual Circuit SVC or a Permanent Virtual Circu
58. OfficeConnect Remote 812 ADSL Router CLI User s Guide Release 1 1 http w ww 3com com 3Com Corporation 5400 Bayfront Plaza Santa Clara California 95052 8145 Copyright 2000 3Com Corporation All rights reserved No part of this documentation may be reproduced in any form or by any means or used to make any derivative work such as translation transformation or adaptation without written permission from 3Com Corporation 3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change 3Com Corporation provides this documentation without warranty of any kind either implied or expressed including but not limited to the implied warranties of merchantability and fitness for a particular purpose 3Com may make improvements or changes in the product s and or the program s described in this documentation at any time UNITED STATES GOVERNMENT LEGENDS If you are a United States government agency then this documentation and the software described herein are provided to you subject to the following United States Government Legend All technical data and computer software is commercial in nature and developed solely at private expense Software is delivered as Commercial Computer Software as defined in DFARS 252 227 7014 June 1995 or as a commercial item as defined in
59. P 3 1 3 4 Configuration add ip network B 3 add user B 9 delete ip network B 10 disable ip network B 12 disable network service B 13 enable ip network B 14 list ip networks B 18 show ip network settings B 42 Diagnostics ARP command B 10 list ip ARP B 17 Routing add ip defaultroute gateway B 2 add ip route B 3 delete ip route B 10 disable ip forwarding B 12 disable ip rip B 12 disable ip routing B 12 disable ip static_remote_routes B 12 enable ip forwarding B 14 enable ip rip B 14 enable ip routing B 14 Enabling 5 LAN 6 list ip routes B 18 Overview 4 Remote Site 7 RIP 6 8 Services add network service B 7 delete network service B 11 enable network service B 14 list services B 19 set network service B 29 Statistics list ip interface_blocks B 17 list networks B 19 list tcp connections B 20 list udp listeners B 20 show ip settings B 42 show tcp counters B 50 show tcp settings B 50 TFTP add tftp client B 9 delete tftp client B 11 list tftp clients B 20 IP Protocol Filtering Using CLI 32 IP RIP Packet Filtering Using CLI 32 IP Routing Framed Routes 8 IP Routing Static Routes 8 IP Source and Destination Network Filtering Using CU 31 Ivii IP Source and Destination Port Filtering Using CLI 32 IPX Configuration add ipx network B 4 delete ipx network B 10 disable ipx network B 12 enable ipx network B 14 set ipx network B 28 show ipx network settings B 44 show ipx settings B 45 ROUTING show ipx RIP settings B 44 Routin
60. S AND TERMINOLOGY ohhh Abbreviation and Command Completion Control Characters Help may bea list of options you must choose from When choosing an option type the text of the option exactly Names or Strings a Double quotation marks set off user defined strings If you want white space or special characters in a string it must be enclosed by double quotation marks Network Address Formats M any commands require a network address to define a link to a remote host workstation or network Network addresses are shown in this document using the syntax described in the following table Address Type Format Range IP_address a b c d 0 0 0 0 to 255 255 255 255 decimal ip_net_address a b c d mask 255 255 255 255 A B C H mac_address XX XX XX XX XX XX hexadecimal digit pairs a Commands can be abbreviated if arguments you write are unique For example you can type se vc jay pa bird short for set vc jay passw ord bird is acceptable but se vc jay i 222 111 111 111 isn t unique because i can stand for ip ip_routing or ip_source_validation a Asa convention some commands illustrated in this manual are abbreviated and annotated as such abbr for brevity Also some parameters are omitted in examples because they default to standard values and do not require entry or are unnecessary for common configuration See the CLI Reference section for more details Command completion finis
61. Step by Step Guide to 34 Creating Filters 28 Creating Filters Using Command Line Interface 28 Creating Filters Using the OfficeConnect Remote 811 Manager 39 D data filtering Input and output 26 Data Filters 27 Date 23 Defaults 7 DHCP Configuration set DHCP mode B 23 set DHCP relay serverl B 23 set DHCP relay server2 B 24 set DHCP server B 24 Overview 11 Relay 13 Server 11 Statistics show dhcp server counters B 38 show dhcp server settings B 38 DHCP Relay Statistics show dhcp relay B 37 Diagnostics PING B 21 DNS Configuration add DNS host B 1 add DNS server B 2 delete DNS host B 10 delete DNS server B 10 list DNS hosts B 16 list DNS servers B 16 set DNS B 25 show dns settings B 39 Configuring 14 Diagnostics resolve name B 22 Host Entry 14 Overview 13 Proxy 14 Statistics show dns counters B 39 Domain Name Service DNS 3 E Embedded bypass filters 27 Established session filtering 26 F Filter Classes 26 Filter File Components in CLI 28 Filter Types 27 Filtering Capabilities 26 Filters add filter B 2 delete filter B 10 list filters B 17 FLASH ROM 3 G Generic Filter Rule Using CU 31 Generic Filters 28 Generic filters 27 Ivi l Input data filters 27 Interface 1 3 Interface Filters 36 Interfaces disable interface B 12 disable link_traps interface B 12 enable interface B 14 list active interfaces B 16 list interfaces B 17 list lan interfaces B 19 Internet viewing Web resources 1 I
62. The DHCP Server configuration is displayed with the show dhcp server settings command The OfficeConnect Remote 812 can relay DHCP requests to up to two Remote Servers The OfficeConnect Remote 812 DHCP relay can be configured with two Remote Server entries Each entry consists of a server IP address a specified maximum number of hops a request can take before being discarded and enable flag a The following commands are used to configure the entries set dhcp mode relay set dhcp relay serverl lt ip address gt max_hops lt count gt enabled YES NO set dhcp relay server2 lt ip address gt max_hops lt count gt enabled YES NO The DHCP relay has one command which displays the configuration and related counters Counters include the number of requests transmitted and responses received from the remote servers To show the configuration use the command show dhcp relay DNS A Domain Name Server DNS provides an IP address for a host computer for a given Domain Name A DNS Proxy receives requests and attempts to find an entry in its local tables and if one is not found forwards the request to a remote server The remote DNS Server can be learned dynamically through PPP or can be statically assigned The OfficeConnect Remote 812 s DNS Proxy enables you to configure remote DNS Servers for specific Domains For instance assume you have two remote sites configured one to the Internet and the other to a corporate sit
63. WAN a VC remote site profile must be created and edited With this profile you specify ATM Virtual Channel information protocols and addresses that determine the method of connection and communication to that remote site You create VC profiles using the add vc command e g add vc Internet will create a profile called Internet and then you modify the profile using set vc commands to setup the WAN connection and network information The following list summarizes the necessary information WAN Network Service PPP RFC 1483 information ATM VC information IP IP addresses address translation tables static routes RIP usage IPX IPX network address information static routes and services RIP usage Bridging Enable or disable bridging to the remote site If you need to connect to multiple remote sites i e the Internet and a remote office you should set up a remote site profile for each location Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory a You can obtain a list of all currently configured VC profiles using the command list vcs a You can view the contents of a particular profile using the command show vc lt vc name gt The OfficeConnect Remote 812 always has a default profile Any value that is not set in a profile that you create will assume the values that are present in the def
64. YES is the default add ip route gateway gateway_addr lt ip_net_address gt metric hop_count B 4 APPENDIX B CLI COM MAND DESCRIPTION sgh Adds an entry to the IP routing table IP packets destined for networks that match this network will be routed to this address The command list ip routes displays your currently defined routes Parameters Description lt net_address gt IP address of the remote network in the format nnn nnn nnn nnn with or without a mask specifier The Mask Specifier can be A B C or H ora numeric value from 8 to 30 that describes the number of one bits in the mask If you do not specify a mask the system will generate it from the network address gateway IP address of gateway used to reach this remote network metric An integer representing how far away the route is in hops through other routers Values are 1 15 add ipx network address ipx_address lt network_name gt a interface eth 1 a enabled yes m frame ETHERNET_ll SNAP DSAP NOVELL 8023 Adds an IPX network to the list of IPX networks available over the specified interface Parameters Description lt network_name gt Name of IPX network A unique ASCII string of up to 32 characters space must be surrounded by double quotes address Address of the IPX network interface Name of the interface with which this IPX network is to be associated The de
65. abling IPX Routing Configuring IPX for the LAN Configuring IPX for Remote Site Connections To configure IPX routing IPX must be defined on both the LAN interface and one or more remote sites On the LAN an IPX network must exist with a specified IPX network number On the remote sites IPX forwarding needs to be enabled and the WAN interface address need to be configured The WAN interface can be Unnumbered set to 0 Numbered or dynamically learned if PPP is used Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory Unlike IP there is no setting on the OfficeConnect Remote 812 that enables or disables IPX routing functionality on a global basis To configure IPX over the LAN you need to assign an IPX network to the LAN port with the add ipx network command Each network has a name You will use the name when entering commands related to the network add ipx network lt network name gt address lt ipx network address gt frame DSAP ETHERNET _II NOVELL SNAP You can obtain a list of all configured networks using the command list networks To only list IPX networks use list ipx netw orks m By default the network is enabled when it is created You can disable the network using the following command disable ipx network lt network name gt a You can delete a disabled network using the command
66. ach cell to the remote site Two VC profiles with the same VPI and VCI can not be enabled simultaneously You may encounter this situation if you want to login to the same remote site with different PPP authentication parameters You should disable all profiles using the same VPI VCI and then enable the one that should be active 6 4 CHAPTER 6 MANUAL SETUP sgh For SVCs there is not a fixed VPI VCI Instead a destination address is used to set up a path through the ATM backbone network when the connection is to be established i Currently the SVC capability is disabled in the OfficeConnect Remote 812 ATM Category of Service parameters specify characteristics sometimes called traffic shaping parameters for data transmitted from the OfficeConnect Remote 812 to the remote site They have no effect on data transmitted from the remote site to the OfficeConnect Remote 812 The ATM VC information and Category of Service parameters are entered into the profile using the set vc lt vc name gt atm command For PVCs you must enter VPI and VCI information for each profile set vc name lt vc name gt atm vei lt vci value gt vpi lt vpi value gt You should have been provided with Category Of Service parameters m UBR Unspecified Bit Rate No limit has been specified for the upstream data flow CBR Constant Bit Rate A constant rate has been specified for the upstream data flow a Thecell rate transmission parameters are used to
67. ain name gt ve lt vc name gt To display the contents of the DNS Server table use the command list dns servers m To delete a domain entry use the command delete dns server lt domain name gt Access Lists enable you to restrict which Remote Subnets are allowed to access the Management services of the OCR812 To add a remote subnet to the access list use the following command add access lt ip subnet address gt m To remove a subnet from the access list del access lt ip subnet address gt m To display the access list list access In addition to adding subnets to the list you can enable access to all hosts on the local LAN m To enable LAN access enable lan access m To enable the Access List functionality enable access To show the status of the Access List functionality show access IPX Routing The OfficeConnect Remote 812 can be configured as an IPX router to forward IPX packets between the local LAN interface and one or more remote sites A forwarding table is maintained which specifies which interface to route an IPX packet based on the destination IPX network number Entries into the forwarding table are both static and dynamic Static entries are based on the LAN s network number the remote site WAN interface number and user configured static routes Dynamic entries are added when RIP is enabled and routes are learned from neighboring routers 6 16 CHAPTER 6 MANUAL SETUP sgh id En
68. ame gt All other parameters are optional You can set all of them at once or one at atime This command can only be used on IP networks that have already been defined using add ip network You can list the currently defined IP networks using list ip networks You must also disable the network before setting these parameters using disable ip network RIP Policies The following RIP policies are supported by the IP route Send Default disabled by default causes router to advertise itself as the default router Send Routes enabled by default Tells RIP to advertise broadcast its routes on the network every 30 seconds is standard for a gateway router Send Subnets disabled by default If this flag is on only routes having the same network mask and are subnets of the same network are sent out the interface Accept Default disabled by default Determines whether router accepts default route advertisements a Split Horizon enabled by default Records the interface over which it received a particular route and does not propagate its information about that route back over the same interface This prevents route broadcasts from looping between routers Poison Reverse enabled by default Routes that were excluded due to the use of split horizon are instead included with infinite cost 16 The system continues to broadcast the route but with an infinite cost This policy speeds the news that a link is down to the rest
69. ast packet information IP RIP IPX RIP and IPX SAP Generic filters based on packet structure Data filters control network access based on the protocol source destination address and port designation e g TCP and UDP port designations of the packet The following table describes the data filters supported Table 6 1 Data Filters Filter Action 6 28 CHAPTER 6 MANUAL SETUP Hirit Advertisement Filters Generic Filters id IP Controls network access based on the protocol and source destination address IP filter rules allow filtering based on the source address destination address protocol type source port and port designation of the IP packet IPX Controls network access based on the protocol and source destination network IPX filter rules allow filtering based on the source network destination network protocol type source socket destination socket source node and node designation of the IPX packet Bridge Controls network access based on the source and destination MAC addresses Advertisement filters operate on network protocol packets that contain varying information such as SAP or RIP Filtering of these packets is performed by the specific protocol process The following table describes the advertisement filters supported Table 0 1 Advertisement Filters Filter Action IP RIP Controls the content of IP Routing Information Protocol RIP packets that are sent out or recei
70. ault profile The default profile can not be created or deleted but it can be modified using the set vc command a You can view the default profile using the commana show vc default VC profiles can be enabled or disabled When a profile is enabled using the enable vc command the OfficeConnect Remote 812 reads the connection parameters for the remote site from the profile and continuously attempts to establish a connection to the remote site When a profile is disabled using the disable vc command the connection will be terminated and no other data will be directed to the remote site Configuration changes to a remote site profile do not take effect until the next time the profile is enabled Thus if you want to make changes to the profile you should disable the profile make your changes and then re enable the profile For example if you want to change the PPP authentication password to testpassword for a profile called Internet you would do the following Configuring Network Service Information Configuring ATM Information Remote Site Management 6 3 an disable vc Internet set vc Internet send_password testpassw ord enable vc Internet A Network Service defines the data encapsulation and protocol characteristics for the connection between the OfficeConnect Remote 812 and the remote site The OfficeConnect Remote 812 supports two types of Network Services PPP and RFC 1483 The OfficeConnect Remote 812 and the remote sit
71. ble to TELNET users They are accessed by pressing control Closes the active TELNET connection Lists the available commands Transmits a TELNET control character Be sure the parameters are uppercase The choices are Parameters Description AYT Are you there IP Interrupt process BRK Break AO abort output EC erase character EL erase line GA go ahead NOP no operation EOR end of record SYNC synch set_escape lt string gt Allows changing the TELNET escape character from to something else Control characters are specified using the carat character followed by another character B 54 APPENDIX B CLI COM MAND DESCRIPTION Hint For example to set the TELNET escape character to control X type set_escape X status Displays the IP address of the remote host and the value of the TELNET escape character CLI Exit These commands are available to TELNET users so they can disconnect from the Commands CLI Bye Exit Leave Quit Logout Leave the CLI but keep this connection open This command returns you to the TELNET commands Leave the CLI and close this connection This ends the TELNET session Command Features Command Retrieval Positional Help Command Completion Output Pause Command Kill The command language has several built in features that make it easier to use When abbreviating commands it is sometimes hard to remember the commands and their syntax
72. ceConnect Remote 812 Manager The more flexible way of setting filters is through the Command Line Interface CLI Both data and advertisement filters can be set using CLI For more information on accessing CLI refer to the OfficeConnect Remote 812 ADSL Router CLI User s Guide Data Filters can be set using the HTML M anager the OfficeConnect Remote 812 M anager Data filters are used to remove packets from the normal flow of data traffic They can be applied to IP IPX and or Bridge traffic Advertisement filters are used to restrict information in outgoing or incoming advertisement packets i e IP RIP IPX RIP and IPX SAP packets Creating Filters Using Command Line Interface 6 29 Creating Filters Using Command Line Interface Filter File Components in CLI id Protocol Sections Before creating a filter file you should carefully identify the information you want to filter Decide if you want a filter that discards packets such as reject all IP packets whose IP source address is 192 168 200 50 or accept only a subset of packets such as accept only bridged packets if the destination MAC address is 002069000001 or 002069000002 Also determine where you want to place the filter For example figure out if you want to apply the filter to packets coming into the Ethernet port to packets going out the WAN ATM port or to packets coming from a specific VC remote site The first step in creating a filter on the OfficeCo
73. ces command except only LAN interfaces are displayed Displays all defined networks running any protocol The command lists Name designation of the network that you defined with add network Prot protocol of the network IP or Bridging a Int interface the network is running on State ENABLED or DISABLED network Type STATIC or DYNAMIC network Network Address address of the network Displays all processes running on the system a Index a reference number in the process table Name designation of the process e g Domain Name System Type SYSTEM APPLICATION FORWARDER or DRIVER a Status ACTIVE PENDING or INACTIVE Displays PPP bundles and links When multiple physical links are combined to run multilink PPP RFC1717 the group of physical links is called a bundle With the OfficeConnect Remote 812 only a single link is supported This command displays a Bundle Index index number of the physical interface in the bundle a Link Index index number in the list of links a Oper Status current operational status of the link a Interface Name designation of interface belonging to this bundle list services list samp communities or list snmp trap_communities list syslog list tcp connections list tftp clients list udp listeners CLI Commands B 21 Displays all network services you defined using the add network service command Name name of service Server Type type of service F
74. ces you to the capabilities and conventions associated with management of your OfficeConnect Remote 812 Establishing Communications with the OfficeConnect Remote 812 Local Connection If you want to attach locally to the OfficeConnect Remote 812 via the console serial port you will need to connect the supplied serial cable to the Console Port located on the unit and the Serial Port on your computer In addition you will also need a terminal emulation program appropriate for your computer See the following subsections for various emulation options No matter which emulator you use configure your settings to 9600 baud 8 data bits no parity a 1 stop bit a direct connect IBM PC Compatible Computers Windows Terminal included with Microsoft Windows and ProCcomm Plus are popular communications packages which support VT100 terminal emulation for IBM PC compatible computers HyperTerm bundled with Windows 95 also provides terminal emulation Macintosh Computers ProComm MicroPhone White Knight Kermit Red Ryder VersaTerm and ZTerm a shareware application available on the Internet and many online services are popular communications programs which carry vt100 terminal emulation service for Macintosh computers If you don t have a communications package or your program doesn t support vt100 emulation ZTerm will function just as well 1 2 CHAPTER 1 ACCESSING THE CONFIGURATION INTERFACE Hprit Re
75. command prompt returns If the syntax is not valid error messages are generated detailing the source of the errors To verify a filter file use the CLI command verify filter lt filter_name gt To view the contents of an entire filter file that has been added to the managed list of filters use this command show filter lt filter_name gt To display the contents of the filter file by protocol use the CLI command show filter lt filter_name gt protocol BR ETH IP IP RIP IPX IPX RIP IPX SAP 6 40 CHAPTER 6 MANUAL SETUP sgh OFFICECONNECT REMOTE 812 SAMPLE CONFIGURATION This section describes a sample configuration which illustrates the following OfficeConnect Remote 812 ADSL Router features Address Translation m Internal DHCP Server and DNS Proxy a Multiple Remote Sites with different routing and bridging configurations Our sample SOHO network shown below has the OfficeConnect Remote 812 connected to a LAN that is using private IP addresses The OfficeConnect Remote 812 is configured as the DHCP Server dynamically assigning IP addresses and configuration information to each locally connected workstation Two Remote Sites are defined one to an ISP for Internet access and another to the main Corporate office IP routing is enabled for the Internet site and both IP and IPX routing as well as bridging is enabled for the Corporate site OfficeConnect Remote ADSL Router r i DHCP Server _ DNS Prox
76. communities a users who will dial out dial in access the network or use the CLI Note that some parameters have default values The access list defines which Remote IP Subnets are allowed access to the Management services of the OCR812 Use this command to add an entry to the list Parameters Description ip subnet address IP address in the xx xx xx xx mask format Automatically adds and enables a blocking destination subnet address on the Ethernet interface a Address IP address of the subnet to be blocked a Mask IP netmask of the subnet to be blocked Automatically adds and enables an input filter on the specified VC The filter DP ports 137 and 138 and TCP ports 139 and 143 a VC Specificed VC profile name enabled yes Defines a bridge network connection so your LAN users can bridge to other LANs across the WAN bridging is supported over the WAN Note that routing takes precedence over bridging so that bridging will not occur unless you disable routing for the protocols you wish to bridge The protocols to bridge and other important parameters are specified in the user you use to establish this connection You must use add user to create a network type user for this B 2 APPENDIX B CLI COMMAND DESCRIPTION ohhh add dns host lt host_name gt address lt IP_address gt id add dns server lt domain_name gt add filter lt filter_name gt command and set user to specify the protocol a
77. ction Default 300 seconds input_filter Designation of the filter file in FLASH memory to be applied to the input data stream ip Sets interface to enable disable protocol Default is enable ip_routing Sets routing type RIP packets accepted on this connection Options LISTEN detects packets destined for system s nets SEND routes packets destined for the remote network BOTH both of the above NONE ignores all routing packets ip_source_ When enabled any packet who s source IP address falls within the LANs validation IP network will be dropped ipx This controls whether to enable or disable IPX for the virtual circuit The choices are ENABLE DISABLE ipx_address This sets the IPX address for the virtual circuit ipx_routing This sets the routing type RIP packets accepted on this connection Options are ALL listens sends and responds RIP packets LISTEN detects packets destined for the system s network NONE ignores all routing packets RESPOND responds by sending out packets SEND routes packets destined for the remote network ipx_wan This determines if IPX is enabled or disabled for the WAN Options are ENABLED DISABLED local_IP_address IP address of the VC making an IP connection over the WAN interface There are two special values which may be assigned to the local_IP_address The local_IP_address should be learned via PPP negotiation 255 255 255 255 The interface is Unnumbered 0 0 0 0
78. d authentication using the set ppp receive_authentication command Inbound Connections Authenticate PAP or CHAP Choices are CHAP PAP EITHER or NONE PAP is the default Displays status for SNMP User Access and Administration by Remote Users You can modify the SNMP User Access using the enable or disable security_option snmp commands You can modify Administration by Remote User using the enable or disable security_option remote_user commands SNMP User Access ENABLED default or DISABLED a Administration by Remote User ON or OFF Displays many SNMP statistics INPUT COUNTERS a Packets number of SNMP packets received Bad Versions SNMP messages for an unsupported SNMP version Bad Community Names SNMP messages which used an unknown SNMP community name Bad Community Uses SNMP messages which represented an SNM P operation not allowed by the SNMP community named in the message ASN 1 Parse Errors sum of ASN 1 or BER errors Too Big Errors SNMP PDUs for which the value of the error status field is tooBig No Such Name Errors SNMP PDUs where error status field is noSuchName a Bad Value Errors SNMP PDUs where error status field is badValue a Read Only Errors SNMP PDUs where the error status field is readOnly a General Errors SNMP PDUs where the error status field is genErr a Total Request MIB Objects sum of MIB objects retrieved successfully as the result of receiv
79. d deletes the file stored in FLASH memory Use list filters to see what filter files are in FLASH memory Deletes a file from the FLASH file system Use list files to see which files are currently stored Deletes a framed route from the virtual channel profile Deletes an IP network from the interface that you specified when adding the network Use list ip networks to see which networks are associated with which interfaces Always use disable ip network before deleting it Deletes an IP address from the IP routing table that you previously added with add ip route Deleting this route will cause IP packets destined for this network to use the default route which you can see using list ip routes See add defaultroute gateway to find out how to add a default route Deletes an IPX network on the interface you specified with the add ipx network command You can list ipx networks to see which are available and the network s status Be sure to use the disable ipx network command before deleting the network Deletes an IPX route on the interface you specified with the add ipx route command The list ipx routes command displays the current IPX routes type service_type Deletes a static IPX service from the IPX services table This command will work only if a complete match on all parameters is found Refer to add ipx service command for more information Parameters Description service name Designation of IPX service type Type of se
80. d ipx network command It lists Name designation you assigned this network a Prot protocol always IPX a Int interface each IPX network runs on a State ENABLED or DISABLED Type STATIC or DYNAMIC a Network Address network address of this IPX network Displays the IPX routes that you previously defined using the add ipx route command plus the defined IPX nodes It lists a Network Addr network address of this route a Prot protocol used to find this route LOCAL RIP STATIC NLSP OTHER B 20 Shay APPENDIX B CLI COMMAND DESCRIPTION list ipx services list lan interfaces list networks list processes list ppp a NextHopNlC network address of the next router the next hop to the destination or the MAC address for the local IPX nodes on the LAN a Gateway address of the gateway to this network a Metric Ticks number of hops through routers this network is distant from Displays IPX services It lists Name name of the IPX service NetNum network number that the service is on Node name of the IPX node running the service Socket Type socket number of the service a Prot protocol used to find this service SAP LOCAL NLSP STATIC or OTHER a Metric number of hops through routers to reach this service Displays the operational and administrative status UP or DOWN interface index number and name eth 1 of all LAN interfaces The output is the same as the list interfa
81. ddresses Deletes a user you previously added to the local user table Use list users to see the currently defined user and show user to see the attributes you assigned to that user using the add user or set user command Deletes a virtual channel profile Use list vc to see the currently defined VCs and show vc to see the attributes of a specific VC A VC must be disabled before it can be deleted Generates an outgoing connection to the location specified by the vc name You can use list vcs to list the defined vc profiles and their current status Disables the Access List feature When disabled all hosts are permitted to access the Router s management services Disables the bridge network you previously defined using the add bridge network command You can see which bridge networks are currently running using list bridge forwarding Disables use of the spanning tree algorithm on bridge networks The spanning tree algorithm is required if there is more than one bridge between the same two LAN segments You can use list bridge forwarding to see which bridges are defined and show bridge network settings to see which options are enabled ona particular bridge network disable command passw ord disable icmp disable interface lt interface_name gt disable ip forwarding disable ip network lt netw ork_name gt disable ip rip disable ip routing disable ip static_remote_routes disable ipx network lt netw ork_name
82. delete ipx network lt network name gt In order to enable IPX to be routed to a remote site you must configure the following items in the VC profile associated with the remote site connection You must enable IPX routing in the profile You must enter the WAN IPX network information m To enable or disable IPX routing in a VC profile use the command set vc lt vc name gt ipx DISABLE ENABLE The WAN IPX network information consists of the IPX network address for the wide area connection The IPX network address associated with the WAN connection can be specified by you learned from the remote site if you are using PPP as the Network Service for the connection or the interface can be Unnumbered m To specify the WAN IPX address using up to 8 hexadecimal characters use the command Configuring IPX Static and Framed Routes IPX Routing 6 17 an set vc lt vc name gt ipx_address lt ipx network address gt To specify that the WAN IPX network address should be learned via PPP you can enter FFFFFFFF for the lt ipx network address gt parameter set vc lt vc name gt ipx_address FFFFFFFF To specify that the interface is Unnumbered you must enter 00000000 for the lt ipx network address gt parameter set vc lt vc name gt ipx_address 00000000 A Static route is a configured route that will remain in the routing table until deleted Static routes differ from Dynamic routes in that Dynamic routes are lea
83. dress is xxx or the destination address is yyy the Generic Filter Rule following rules are used IP 1 ACCEPT src addr xxx 2 ACCEPT dst addr yyy 999 DENY Creating Filters Using Command Line Interface 6 31 aa This will only accept packets from the specified address es all other packets will be rejected The following table describes the keywords for each protocol section and their legal operators used in the rule syntax Value ranges are also given where ddd is a decimal between 1 and 255 mask is a decimal between 1 and 32 and xx is a hex number Table 6 4 Protocol Keywords Protocol Section Keyword Operators Description and Value Range IP src addr Source IP Address ddd ddd ddd ddd mask dst addr Destination IP Address ddd ddd ddd ddd mask tcp src port all TCP source port 1 65535 tcp dst port Jall TCP destination port 1 65535 udp src port all UDP source port 1 65535 udp dst port all UDP destination port 1 65535 protocol l IP protocol UDP TCP ICMP generic Generic filter IP RIP network IP network number ddd ddd ddd ddd mask IPX src net l Source IPX network XX XX XX XX dst net l Destination IPX network XX XX XX XX src host Source IPX host node address XXx XX XX XX XX XX dst host Destination IPX host node address XX XX XX XX XX XX src socket all Source IPX socket 0x1 OxFFFF dst socket all Destination IPX
84. e cache size lt number gt number_retries lt number gt a timeout lt seconds gt Sets the global parameters for DNS both the local DNS hosts list DNS host and the remote DNS servers list DNS servers Parameters Description cache size Enter the size of the cache The valid range is from 20 500 number_retries Number of times the resolve name request will be sent to each Name Server if the server fails to respond to a request before the timeout period Default is 1 valid range is 1 5 timeout Number of seconds to wait before deciding a request to a Name Server has timed out Minimum interval and default is 5 seconds maximum interval is 120 seconds Sets the severity reporting level for a facility The hosts that will receive the error log entries are defined using add syslog loglevel Use list facilities to see what the current loglevel is for each facility The levels m CRITICAL a serious system error which may effect system integrity a UNUSUAL an abnormal event which the system should recover from a COMMON a regularly occurring event that is not frequent a VERBOSE a regular periodic event e g a routing update message DEBUG for debugging purposes only This allows modification of the Virtual Path or Channel ID that will be used for exchanging ILM Integrated Local Management Interface messages Parameters Description vpi The virtual path identifier for the ILMI vci The virtual
85. e name ip and uses Ethernet II framing TFTP access is allowed for all clients The following commands are executed add ip network ip address 192 168 200 254 C frame ethernet_ii enable yes add tftp client 0 0 0 0 enable ip forwarding The OfficeConnect Remote 812 s DHCP and DNS functionality is enabled to simplify configuration of the workstation on the LAN A DHCP Server is defined with an address pool and the default router and the DNS Server addresses are set to the OfficeConnect Remote 812 s LAN address The DNS proxy is enabled and a Host statement is added for the OfficeConnect Remote 812 to simplify access from the Web Browser Finally a Remote Server is defined for the Corporate remote site and a default Remote Server is setup to be dynamically learned over the Internet remote site The following commands are executed set dhcp mode server set dhcp server start 192 168 200 1 end 192 168 200 40 mask 255 255 255 0 set dhcp server router 192 168 200 254 set dhcp server dns1 192 168 200 254 dns2 0 0 0 0 set dhcp server wins1 0 0 0 0 wins2 0 0 0 0 add dns host ocrdsl 3com com addr 192 168 200 254 add dns server M yCorp com primary 192 168 1 253 add dns server vc Internet enable dns LAN IPX Network Configuration Bridge Configuration Remote Site Internet A 3 When a DNS request is received from a locally attached workstation the OfficeConnect Remote 812 will search the local static table to find an entry If
86. e LAN With our example IP and IPX are routed over the Corporate Remote Site and all other protocols e g AppleTalk will be bridged The Bridge network is added with the following commands disable bridge spanning _tree add bridge network bridge In our example we have two defined Remote Sites In this section the Remote Site to the ISP is defined with the identifying name of Internet The configured network service is PPP our local WAN address and the remote router address will be dynamically learned when the connection is established In addition we will dynamically learn the addresses for two remote DNS Servers The login name for this account is internet user and the password is 1a2b3c Network Address Translation will be enabled allowing all the workstations on our local LAN to share one public IP address This Remote Site will be used as our default gateway The ATM virtual channel is VPI 0 and VCI 32 and the Peak Cell Rate is set to the default access rate This remote site is configured with the following commanas add vc Internet A 4 APPENDIX A OFFICECONNECT REM OTE 812 SAM PLE CONFIGURATION ohhh Remote Site Corporate Access set vc Internet ip enable ipx disable bridging disable set vc Internet network_service ppp set vc Internet send_name internet user send_password 1a2b3c set vc Internet atm vpi 0 vci 32 category_of_service unspecified per 0 set vc Internet address selection negotiate set vc
87. e first destination fails default is file old log file local show date Displays the system date time and uptime For example System Date 09 FEB 2107 15 06 10 System UpTime 2d 08 37 54 show dhcp client Displays the current DHCP Client status for the specified VC If multiple VCs are lt vc name gt status configured with DHCP enabled each VC will have a unique DHCP Client status States Discovering The DHCP Client is broadcasting Discover messages waiting for an Offer response from the Server Requesting The DHCP Client is requesting an IP address and waiting for an ACK response from the Server Established The DHCP Client has successfully been assigned an IP configuration from the Server IP configuration learned assigned by the DHCP Server IP Address IP Mask Gateway Address Primary DNS Address Secondary DNS Address Lease Time Statistics Number of Discovers transmitted Number of Requests transmitted Number of Declines transmitted Number of Offers received Number of ACKs received Number of NACKs received Number of errors detected show dhcp relay Displays the current configuration and counters for both the primary and secondary DHCP relay server IP Address IP address of the DHCP Server Max Hops maximum hops to get to this server Status enabled or disabled Request Sent to Server number of requests sent to server Responses Received from Server number of responses received from
88. e first match that occurs If there is no match by default the packet is accepted For this reason you should order your protocol rules so that the rules you expect to be most frequently matched are in the beginning of the section This reduces the amount of parsing time that occurs during filtering The following table describes each field used in the rule syntax Table 6 3 Protocol Rules Field Description line Each rule must have a unique line number from 1 10 plus 999 for the DENY verb You must arrange rules in increasing order Verb This field can be one of the following ACCEPT Allow the packet access if the condition is met use with DENY verb to indicate reject all other packets REJECT Do not allow the packet access if the condition is met AND Logically use the AND condition with condition of the next rule to determine if the packet is accepted or rejected Both defined conditions must be met Keyword The keywords for all protocol descriptions corresponding operators and values Operator Describes the relationship between the keyword and its value The operator field must be one of the following Equal Not equal gt Greater than lt Less than gt Greater or Equal lt Less or Equal gt Generic value Contains a entity that is appropriate for the keyword The OR operation can be implemented by successive rules For example to accept a packet if the source ad
89. e log level using the set facility loglevel command Displays all the filter names in the filter table which you previously defined using the add filter command You can remove filters using delete filter The command lists the filter file name the status of the filter and the protocols the file applies to For example Filter Name Status Protocols easyfilter fil NORMAL IP IP RIP Displays the files currently stored in the FLASH file system You can remove files using delete file but you can add them using TFTP only Displays the installed interfaces along with their operational status administration status and interface index If an interface is down you can use enable interface to try to bring it up The command lists a Index number used to identify the interfaces position in the table Name interface name eth 1 DA 1 or loopback Oper Status current operating status of interface UP or DOWN a Admin Status administrative status you designated interface to be up or down If it doesn t match Oper Status a problem exists with the interface Displays the IP address for each interface It lists Address IP address of the interface Bcast Algo broadcast algorithm used a Reassembly Max Size maximum allowable size of packet that can be reassembled from a fragmented packet a Interface interface this IP address uses to connect to the system Displays the contents of the ARP cache It lists a IP Address
90. e must both use the same Network Service in order for a connection to established and maintained For PPP the authentication name and password must be provided to allow the connection to be established The OfficeConnect Remote 812 supports both PAP and CHAP authentication To set up a profile for PPP use the following commands set vc lt vc name gt network_service ppp set vc lt vc name gt send_name lt authentication name gt set vc lt vc name gt send_password lt authentication password gt a RFC 1483 does not support any type of authentication Therefore to set up a profile for RFC 1483 you simply configure the Network Service using the command set vc lt vc name gt network_service rfc_1483 ma When the Network Service is set to RFC1483 the profile s IP WAN addresses can be dynamically learned with the DHCP protocol To enable DHCP on the Remote Site profile use the following command set vc lt vc name gt dynamic_ip_addressing dhcp _ client The ATM parameters are supplied by your service provider These parameters consist of a ATM VC information ATM Category of Service parameters ATM allows for permanent connections PVCs and switched connections SVCs For a PVC the required VC information parameters consist of the Virtual Path Identifier VPI and Virtual Channel Identifier VCI The VPI VCI uniquely specify the path to the remote site and are placed in the ATM cell header that is used to route e
91. e or disable snmp authentication traps commands Authentication Traps ENABLED default or DISABLED show system Displays system information System Descriptor for example 3Com OfficeConnect Remote 812 V1 0 0 Built on Oct 31 1998 at 11 33 05 Object ID identifies this system to SNM P managers System UpTime time the system has been running since last boot System Contact modify using set system System Name modify using set system System Location modify using set system System Services for example Internet End To End Applications System Version loaded version of the system software show telnet Displays the status of the TELNET escape feature ENABLED or DISABLED It is set using the disable and enable TELNET escape commanas show tcp counters Displays system wide TCP statistics B 52 APPENDIX B CLI COM MAND DESCRIPTION Hirit show tcp settings show udp show user lt name gt settings show vc lt vc_name gt settings TCP COUNTERS Active Opens number of times TCP connections have made a direct transition to the SYN SENT state from the CLOSED state a Passive Opens number of times TCP connections have made a direct transition to the SYN RCVD state from the LISTEN state Attempt Fails of times TCP connections have made a direct transition to the CLOSED state from either the SYN SENT state or the SYN RCVD state amp the of times TCP connections made a direct transition to the LISTE
92. e which has a domain name of 3com com Two DNS remote servers can be configured one which uses the corporate site for 3com com and the other to use the Internet as the default The OfficeConnect Remote 812 s DNS Proxy also enables you to configure Static Host entries The static table is checked first before the DNS request is forwarded on to the remote server If the OfficeConnect Remote 812 was first booted in DHCP Smart Mode an entry ocrdsl 3com com was automatically added to the table which maps to the OfficeConnect Remote 812 s local LAN IP address This entry was added to simplify access to the OfficeConnect Remote 812 Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory 6 14 hey CHAPTER 6 MANUAL SETUP Configuring DNS DNS Host Entries Managing the DNS Proxy m To enable DNS functionality on the OfficeConnect Remote 812 use the command enable dns a To disable DNS functionality use the command disable dns You can configure three global DNS parameters that control the operation of the DNS proxy Number of Retries the number of retry attempts when accessing a primary or secondary DNS server The default is 1 retry Timeout the amount of time to wait for request to be serviced The default is 5 seconds m Cache size the number resolved names to cache The default is 100 entries a
93. eceived MultiCast Multicast packets received BroadCast broadcast packets received Discards Number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol One possible reason for discarding such a packet could be to free up buffer space Errors For packet oriented interfaces the number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol For character oriented or fixed length interfaces the number of inbound transmission units that contained errors preventing them from being deliverable to a number of inbound transmission units that contained higher layer protocol Unknown Prot unknown protocol in packet OUTPUT COUNTERS Octets bytes transmitted Ucast unicast packets transmitted MultiCast multicast packets transmitted Discards Number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being transmitted One possible reason for discarding such a packet could be to free up buffer space Errors For packet oriented interfaces the number of outbound packets that could not be transmitted because of errors For character oriented or fixed length interfaces the number of outbound transmission units that could not be transmitted because of errors Out QLen length of the output packet queue in packets Disp
94. eceived with a bad or inactive VPI and or VCI number RX Bad HEC Number of ATM cells received with a bad ATM header RX Queue Full Number of times a packet was dropped because the RX queue was full Ststaistics for both near end and far end ADSL ATM link Counters include corrected frames CRC errors and HEC errors for the Fast and Interleaved path Fields Number of link down events CLI Commands B 37 au Total time since system reboot hours minutes seconds Total time since last linkdow n Errored seconds since last link down Total errored seconds in 15 minutes Total errored seconds in previous 15 minutes show adsl Displays the current status of the ADSL ATM link transceiver_status Fields Operational Mode either loss of signal or operational Attenuation Upstream Attenuation Downstream Noise Margin Upstream Noise Margin Downstream Transmit Power ATUR Transmit Power ATUC Actual Negotiated Downstream Baud Rate Actual Negotiated Upstream Baud Rate show adsl version Fields show bridge network lt name gt ADSL hardware release version 0x3530 ADSL Alcatel chipset firmware release version 141 counters Received Frames Transmit Frames Discarded settings Interface Network Address Frame Type Status User Name Spanning Tree Enabled Parameters Description counters Displays information about the specified bridge network It lists Received Frames packet f
95. efined for the applications they are running For example TCP port 80 for a Web Server and TCP port 21 for an FTP server can be statically assigned The NAT default address can be used with or instead of static port assignments and is set to the private address of a workstation on the local LAN If an incoming IP data packet is received on a WAN port and there is no existing dynamic or static port mapping the packet will be translated using the NAT default address Typically NAT only needs to be enabled or disabled for a remote site connection a Use the following command to configure NAT in a VC profile set vc lt vc name gt nat enable As stated in the above overview it is sometime necessary to configure the Workstation default address This field should be set to the private address of a workstation on the local LAN If a data packet is received on the WAN port and a port mapping does not exist the frame will be translated using the Workstation default address a Use the following command to set this field set vc lt vc name gt nat_default_address lt ip address gt Static port configurations map a public port to a private IP address port Both TCP and UDP static ports can be defined Remote sites can have multiple static ports defined If static ports and the Workstation Default Address are defined the static ports take precedence m Static ports are defined for TCP and UDP ports with the following commands add nat tcp vc lt vc
96. emory until you add it to the managed filter table To notify the unit about the filter file for the first time you must issue the CLI command add filter lt name gt to add the filter to the managed filter table When the filter is added the unit automatically verifies the filter file syntax If you modified a file that had already been added use the delete filter lt name gt command to remove the old file before TFTPing the new file Then use the add filter lt name gt command again If the syntax is valid no message is generated and the command prompt returns If the syntax is not valid error messages are generated detailing the source of the errors Apply the filter to the appropriate interface or VC remote site profile After replacing a file you need to re apply the filter for it the new filter file to take effect For more details refer to the next two sections Assigning Filters discusses how to decide where to apply a filter and Applying Filters explains the appropriate CLI commands to use Assigning Filters Interface Filters Input Filter Output Filters Input Filters vs Output Filters Once a filter has been added to router s list of managed filters you can assign it to the unit s a Interfaces a VC Remote Site Profile You can configure interface filters for any interface Interface filters control access to all networks available for both modem and non modem interfaces You can specify whether a f
97. erformance Packet filters control inter network data transmission by accepting or rejecting the passage of specific packets through network interfaces based on packet header information When data packets are received by a network interface such as an Ethernet LAN or WAN port a packet filter analyzes the packet information using a set of rules you define A filter then lets the packet pass through or discards it This chapter contains information on the filtering capabilities for your OfficeConnect Remote 812 It is divided into the following sections a Filtering Overview a OfficeConnect Remote 812 Filtering Capabilities a Creating Filters a Assigning Filters a Applying Filters a Managing Filters Filtering Overview Filters can provide added security by accepting packets only from specific addresses or they can be added to reduce network traffic and improve overall performance Filters can also be used to approximate spoofing when routers with different or incompatible spoofing methods are linked over the WAN Spoofing is the use of a forged IP source address to circumvent a firewall OfficeConnect Remote 812 Filtering Capabilities 6 27 Packet filters control inter network data transmission by accepting or rejecting the passage of specific packets through network interfaces based on packet header information When data packets are received by a network interface such as an Ethernet LAN or WAN port a packet filter analy
98. ers broadcast_algorithm Algorithm determines which address is used in broadcasts to represent the entire network Choices are 1 the IETF standard nnn nnn nnn 255 default 0 the BSD standard nnn nnn nnn 000 reassembly maximum_size Maximum size IP datagram that the system will try to reassemble when the datagram has been fragmented to fit in the network packet size The default is 3468 rip_ authentication Text string used for RIPv2 authentication rip_policies update Allows user to enable or disable RIP policies See text on the preceding page for description of keywords A keyword with a NO_ in front is used to disable the policy The default is indicated by D SEND_DEFAULT NO_SEND_DEFAULT D SEND_ROUTES D NO_SEND_ ROUTES SEND_SUBNETS NO_SEND_SUBNETS D ACCEPT_DEFAULT NO_ACCEPT_ DEFAULT D SPLIT_HORIZON D NO_SPLIT_ HORIZON POISON_REVERSE D NO_POISON_ REVERSE FLASH_UPDATE D NO_FLASH_UPDATE SEND_COMPAT D NO_SEND_COMPAT RIPV1_RECEIVE D NO_RIPV1_RECEIVE RIPV2_RECEIVE D NO_RIPV2_RECEIVE SILENT default is disabled routing_protocol Sets routing protocol to be used on IP network Choices are no routing protocol RIP version 1 or RIP version 2 set ip routing autonomous system_number number a table_maximum size number metric_maximum_entries number set ipx network lt netw ork_name gt CLI Commands B 29 a rip_flags METRICS SEND_REQUEST router_id router_
99. es a virtual channel to establish data sessions over the WAN You must have previously added the VC using the add vc command where disabled is the default The list vc command displays a summary of all configured VC profiles If CLI password protection is enabled this command forces an immediate logout from the CLI The CLI password must be entered in order to access the CLI again Causes the connection on the specified interface to hangup drop Causes the connection for the specified VC to drop You can see which VCs have active connections using list vcs Also see disable vc which causes a VC s session to drop and prevents new sessions which use that VC from being established Provides information about possible commands and their formats Typing help alone lists the possible commands Typing help lt command name gt lists the possible parameters for that command Typing part of a keyword command or parameter and pressing Esc completes the keyword If you have not yet entered enough of the keyword to be unique pressing Esc causes the bell to ring Typing after a command string displays the possible keywords and values for that command Displays your previous CLI commands You can recall commands from the history using P C P to recall commands up the list and N C N to recall commands working down the list The default depth is 10 commands You can modify the history depth using the set command history command KILL
100. ess IP Mask IP Frame Type IP RIP DHCP Server DHCP Pool Start IP Address DHCP Pool End IP Address TFTP Server Information TFTP Access IPX Information IPX Network Name IPX Network Number IPX Frame Type Bridge Information Bridge Network Name Spanning Tree yes password public 0 0 0 0 yes root Iroot Ip 192 168 200 254 C ethernet_ii v2 Enabled 192 168 200 1 192 168 200 40 Any system ipx 12345661 ethernet_ii bridge no Do you want to change any answers no Do you want to actually execute these commands yes CLI Quick Setup Script 4 7 Sample Output Display as Quick Setup Executes OCR DSL gt set system name name OCR DSL gt set system location vienna OCR DSL gt set system contact jc OCR DSL gt enable command password password OCR DSL gt add snmp community public address 0 0 0 0 access RW OCR DSL gt enable security option remote_user administration OCR DSL gt add user root password root OCR DSL gt add ip network test interface eth 1 address 192 168 200 254 C frame ethernet_ii enable no OCR DSL gt set dhcp mode server OCR DSL gt set dhcp server start 192 168 200 1 end 192 168 200 40 router 192 168 200 254 dnsl 192 168 200 254 dns2 0 0 0 0 winsl 0 0 0 wins2 0 0 0 0 mask 255 255 255 0 OCR DSL gt add dns host ocrdsl 3com com addr 192 168 200 254 OCR DSL gt enable dns OCR DSL gt add tftp client 0 0 0 0 OCR DSL gt set ip network test
101. ess lt IP_address gt Adds to the list of community name IP address pairs that are allowed to receive SNMP traps You can see the list of authorized users with the list snmp communities command Parameters Description lt name gt Group name defining who can receive SNMP traps address IP address of the SNM P manager in the form nnn nnn nnn nnn Adds an IP host to the list of IP hosts that will receive syslog entries You can see the current log levels for the system using list facilities and modify the current log level for each facility using set facility loglevel Parameters Description lt ip_name_or_address gt Host name or IP address of the Unix host that will receive syslog information loglevel There are five levels of logging CRITICAL a serious system error which may effect system integrity UNUSUAL an abnormal event which the system should be able to recover from COMMON a regularly occurring event that is not frequent VERBOSE a regular periodic event e g a routing update message DEBUG for debugging only Adds the tftp client to the authorization table for tftp access Parameters Description lt ip_name_or_addr gt Host name or IP address of a host to be added An address of 0 0 0 0 allows all clients TFTP access enabled yes B 10 APPENDIX B CLI COM MAND DESCRIPTION Hirit add vc name ARP arp lt ip_name_or_addr gt DELETE delete access lt ip subnet
102. ess of the DNS server secondary_address The secondary IP address of the DNS server vc_name The VC profile to use for obtaining the DNS addresses Adds a filter file name to the filter table The filter table is a managed list of filter names used by SNMP A filter file is a text file stored in the FLASH file system that you load using TFIP Add filter also verifies the syntax of the filter file If syntax verification fails you ll receive an error message and the filter will still be added to the table but is not usable You must correct the filter file in a text editor use TFTP to export the updated file to the system s FLASH file system and use the verify filter command to check the filter s syntax Parameters Description lt filter_name gt Designation of a filter file up to twenty ASCII characters CLI Commands B 3 add framed_route vc ip_route ip_address lt name gt metric number Adds a framed static network to the VC profile for WAN connections This method of creating a static route does not run RIP to learn routes so you must specify IP route and gateway addresses See add ip route Parameters Description lt VC profile name gt VC profile name specified for the framed network This is limited to 32 characters ip_route IP address of the remote network metric Integer representing how far away the route is in hops from other routers Values are 1 through 15 add ip default
103. et SAP Nearest Server Reply SAP seeks nearest neighbors YES or NO a settings counters Displays information about RIP for IPX Parameters Description settings Displays the state of the IPX routing This is ON or OFF counters Displays the Incorrect RIP Packets for the IPX routing The incorrect RIP packets are the number of RIP packets that do not make sense settings counters show ipx settings show memory show network lt name gt settings show network lt name gt counters show ppp on vc lt vc_name gt counters show ppp on vc lt vc_name gt settings show ppp on interface lt name gt counters CLI Commands B 47 Displays information about SAP for IPX Parameters Description settings Displays the state of the IPX routing This is ON or OFF counters Displays the Incorrect SAP Packets for the IPX routing The incorrect SAP packets are the number of SAP packets that do not make sense Displays settings for dynamic IPX networks You can modify these values using the set ipx system command Default Gateway default IPX router address Max Open Sockets maximum allowed number of open sockets to remote IPX networks Max Hops maximum allowed hops to remote IPX networks a Priority preferred ranking of dynamic IPX networks Dynamic Address Pool Begin starting IPX address Dynamic Address Pool Size number of addresses to reserve for dynamic IPX addre
104. eters defined for the specified VC You can use list vc to see which virtual channels are defined TELNET telnet lt ip_name_or_addr gt telnet lt ip_name_or_addr gt TCP_port lt number gt VERIFY verify filter lt filter_name gt TELNET Commands B 53 TELNET commands are available to users who dial in and whose type is network type parameter in add user whose host_type is prompt host_type parameter in set login user and whose login_service is TELNET login_service parameter in set login user Establishes a TELNET client session with the specified IP host name or address In order for the system to resolve the host name you must either add the host name and address to the DNS local host table or define a DNS server Establishes a TELNET client session with the specified IP host name or address using the specified TCP port number It works just like the TELNET command except you also specify the TCP port number to be used The default TCP port number is 23 Verifies the syntax of a filter file which has been previously added to the table If you update a filter file and TFTP it to the FLASH file system and the file already exists in the filter table then you use this command to verify the files syntax You can use list filters to see which files are currently in the filter file table and what the status of each is TELNET Commands close help send lt string gt The following commands are availa
105. face use the command add bridge network lt network name gt You can obtain a list of all configured networks using the command list networks To only list bridge networks use list bridge networks By default the network is enabled when it is created You can disable the network using the following command disable bridge network lt network name gt a You can delete a disabled network using the command delete bridge network lt network name gt Configuring Bridging for the Remote Site Connections Bridging IP Traffic id Advanced Bridging Options id Bridging 6 21 To configure bridging to a remote site you must enable bridging in the VC profile using the command set vc lt vc name gt bridge DISABLE ENABLE By default the OfficeConnect Remote 812 is set up to route IP traffic To bridge IP traffic you must turn off IP Forwarding IP Forwarding refers to the routing of IP packets from one interface to another It does not affect communicating to the OfficeConnect Remote 812 itself Even when IP Forwarding is disabled you can perform non routing functions such as use a Web browser to manage the unit and use PING m To see the current IP Forwarding status use the command show ip settings a To disable IP Forwarding use the command disable ip forwarding The advanced bridging configuration options include Aging Time Forward Delay Spanning Tree and Spanning Tree Priority To see the current se
106. fault is the first LAN interface eth 1 enabled Optional parameter indicates whether the network is enabled YES or disabled NO by this command YES is the default frame Frame encapsulation chosen for this IPX network add ipx route gateway ipx_host_address lt ipx_net_address gt metric metric_number m ticks tick_number Adds an IPX static route for the LAN to the system s IPX Route table which defines static routes to remote IPX networks The command list ipx routes displays currently defined static routes Parameters Description lt ipx_net_address gt IPX network address requiring a route gateway IPX address of the host which will act as a gateway The format is NNNN XX XX XX XX XX XX net_addr mac_address metric Number of hops through different routers needed to reach the remote IPX network ticks Estimated interval in ticks it takes to deliver a packet to the remote network There are approximately 18 ticks per second CLI Commands B 5 add ipx service address internal network number service_name gateway network_number mac_address metric metric node internal_node_number socket socket_number a type service_type Adds a static IPX service for the LAN to the IPX services table You must supply the name internal ipx network number node number socket and type of service for this service The user must also supply gateway information to indicate t
107. g add ipx route B 4 add ipx_route B 5 delete ipx route B 11 list ipx routes B 18 SAP list ipx services B 18 Service add ipx_service B 6 Statistics list ipx networks B 18 show ipx counters B 43 show ipx network counters B 43 IPX RIP Packet Filtering 33 IPX Routing Framed Routes 16 Framed Services 17 LAN 15 Overview 15 Remote Site 16 RIP 18 SAP 18 Static Routes 16 Static Services 17 IPX SAP Packet Filtering Using CLI 34 IPX Source and Destination Host Filtering Using CLI 33 IPX Source and Destination Network Filtering Using CLI 33 IPX Source and Destination Socket Number Filtering 33 L List command 2 4 M Manage user 2 3 Managing Filters Using CLI 38 Manual setup instructions 2 Messages add syslog B 9 list call events B 16 list critical events B 16 list syslog B 20 Modems Managing dial B 12 hangup interface B 15 hangup user B 15 N Network Service configuring 3 Network user 2 3 4 5 Iviii o Output data filters 27 P Package what s included 1 Packet filters 26 Password 2 3 password B 21 Password Protection 25 password protection 2 Passwords add user B 9 set ppp receive_authentication B 30 PC 1 port filtering 26 PPP Dial in set ppp receive_authentication B 30 show ppp settings B 48 AN list ppp B 19 show ppp settings B 48 Protocol filtering 26 Protocol Rules Using CLI 29 Protocol Sections 29 Q Quick Setup 1 2 3 4 5 Quick Setup script instructions 1 7 R Remote
108. gt disable lan access disable link_traps interface lt interface_name gt disable network service lt service_name gt disable security_option snmp user_access CLI Commands B 13 Disables the console password feature Disables the Internet Control M essage Protocol Disables the specified interface A disabled interface remains in the interface table but will not transmit or receive any data Use list interfaces to see the currently defined interfaces and their status Causes the system to stop forwarding any packets over IP networks Disables the specified IP network Make sure there is no activity on this network before disabling it Disables the RIP routing algorithm on all IP networks You can use show ip routing to see the current status of IP routing This saves system space by preventing a large RIP database which is useful for networks connecting over the WAN interface Disables all routing protocols on all IP networks Currently the only routing protocol is RIP which means that disable ip rip performs the same function Use show ip routing to see the current status of IP routing Disables all statically defined remote routes on all IP networks that you previously defined using add ip route You can list the current IP routes using list ip routes Disables the specified IPX network Use list ipx networks to see which IPX networks are defined and their current status When the access list is enabled t
109. gth 2 mask 0xFFFF value 0x0800 Allow ARP traffic 2 ACCEPT generic gt origin FRAME offset 12 Aength 2 mask 0xF FFF value 0x0806 Allow IPX traffic 3 ACCEPT generic gt origin FRA ME offset 12 Aength 2 mask 0xFFFF value 0x8136 4 ACCEPT generic gt origin FRA ME offset 12 Aength 2 mask 0xFFFF value 0x8137 999 DENY You can create filter files using any text editor Once the file is created use the Trivial File Transfer Protocol TFTP to place the filter file in the router FLASH memory To create a filter file using CLI 1 Open anew text file Enter the file descriptor on the first line filter 2 Enter a file section header followed by a colon for the protocol rules you want to define For example if you want to define IP filtering rules enter the following section header IP You can comment a section header out by placing a sign before the section header This is useful if you want to insert a placeholder for a protocol section you will define in the future Enter the protocol rules for the protocol section you are defining Observe the following guidelines Begin each rule with a unique line number ranging from 1 10 a Arrange rules in increasing line number order within each protocol section m Arrange rules so that the rules you expect to be matched most frequently are toward the top of the list a Delimit each rule with a semi colon Example IP 1 ACCEPT src addr 128 100 33 1 2 ACCEPT dst addr 200 135 3
110. guration can be done from the console port and remote users You can use disable security_option remote_user administration to restrict CLI access to the console port only and enable security_option remote_user administration to re open full TELNET access Enables SNMP access to the user table This allows remote users to use SNMP to update the user table and gain unauthorized access to the CLI Use show security_options to see the current security values This command tells SNMP to send traps for both local and remote authentication You can use show snmp to see the current setting B 16 APPENDIX B CLI COM MAND DESCRIPTION Hirit enable telnet escape enable user lt user name gt enable vc lt vc name gt exit CLI HANGUP hangup interface lt interface_name gt hangup vc lt vc_name gt HELP help lt command gt HISTORY history If the TELNET escape character was disabled by the disable TELNET escape command this command re enables it When enabled TELNET client users who press the TELNET escape key during their session will get a TELNET command line By default the escape character is control A TELNET user can change it using set escape in the TELNET program Enables a user to establish TELNET sessions for remote management You must have previously added the user using the add user command where enabled is the default The list users command displays a summary of all configured user profiles Enabl
111. he next router hop To remove this service use the delete ipx service command Parameters Description service name Designation of IPX service address Internal network number for the IPX service on which this service resides Gateway Address of the router you defined as the gateway metric An integer representing how far away the default router is in hops through other routers Values 1 15 node The internal MAC address of the server on which the service resides This is typically 00 00 00 00 00 01 type Type of service hex number referring to file server print server etc Refer to the table below socket Socket number that the service uses Below is a partial list of the IPX services available Type Description 04 file server 05 job server 07 print server 09 archive server 0A job queue 21 NAS SNA gateway 2E dynamic SAP 47 advertising print server 4B Btrieve VAP 5 0 4C SQL VAP 7A TES NetWare VMS 98 NetWare access server 9A Named Pipes server 9E PortableNetW are UNIX 107 NetWare 386 111 Test server 166 NetWare management 26A NetWare management 26B Time synchronization B 6 APPENDIX B CLI COMMAND DESCRIPTION Hint 278 NetWare Directory server add ipx_routevc ipx_net ipx_address lt name gt metric hop_count m ticks tick_number Adds an IPX route for the a user over the WAN Parameters
112. hes spelling a unique abbreviated parameter for you just by pressing the key It s handy when you re in a hurry or uncertain about a command For example if you type add ip n ESC it will spell out the keyword network without losing your place in the command syntax a Commands can be retrieved by typing lt ctrl gt p p for previous and lt ctri gt n n for next Command retrieval consults the history of previous fully entered commands defaulting at the last ten commands If an error occurs while a command is processing any partial command up to and including the field in error is added to the history list a The current command can be killed by pressing lt ctrl gt c c a A partially completed command line can be reprinted a useful function if due to interrupted output you re unsure what OfficeConnect Remote 812 has seen up to now by pressing lt ctrl gt l for last a Help is general or positional Type help lt any command gt to get a cursory list of associated commands and its syntax Type lt any command gt to get more extensive positional help for a particular field Help is most useful during configuration query the list of possible parameters by typing and when you find the value you need type it without losing your place in the argument Just be sure to leave a space between the keyword and the question mark Conventions Conventions Command Language Terminology Command Structure
113. his command disables access to Hosts on the local LAN interface When disabled all frames received on the LAN interface are subject to the access list check If the corresponding LAN subnet is not in the access list the frame is silently discarded Prevents SNMP from sending linkup and linkdown traps for the specified interface You can see if the interface is currently enabled for traps by using the show interface settings command Disables a network service such as TELNET or TFTP If close_active_connection was specified as TRUE in the add network_service command then all active connections will be closed when the server is disabled Turns off SNMP access to the CLI This prevents remote users from using SNM P and possibly damage the configuration You can use enable security_option snmp user_access to re enable full SNM P access NOTE This function is not supported in the current release B 14 sgh disable security_option remote_user administration disable snmp authentication traps disable telnet escape disable user lt user_name gt disable vc lt user_name gt DO do lt command_inputfile gt output outputfile ENABLE enable access enable bridge network lt netw ork_name gt enable bridge spanning_tree enable command passw ord lt password gt APPENDIX B CLI COM MAND DESCRIPTION Disables CLI access to remote TELNET users All CLI configuration must be done from the console port You can
114. iate CLI commands and execute them The OfficeConnect Remote 812 can be configured as an ATM device Depending on the present configuration the QuickVc script will prompt you for the appropriate parameters This section contains the CLI QuickVC Setup script for all possible OfficeConnect Remote 812 Virtual Channel VC configurations You will be required to enter information concerning network configurations Questions in the CLI QuickVC Setup script are presented here in tables Write the appropriate information for your desired configuration in the following tables OCR DSL gt quickve Welcome to the OfficeConnect Remote 812 VC Setup Wizard The VC Setup Wizard allows you to add and configure a VC profile on your OfficeConnect Remote 812 Each profile must have a unique name Question Default Your System What is the name to be added The characteristics of the ATM Virtual Circuit must be configured Question Default Your System Enter the Virtual Path Identifier 0 Enter the Virtual Channel Identifier 0 Is the Category of Service U br or C br U 5 2 CHAPTER 5 QUICK VC SETUP ohhh id Netw ork Service PPP Parameters IP Configuration Netw ork Service PPP Enter the Peak Cell Rate 0 The Category of Service and cell rate parameters only affect data transmitted from the OfficeConnect Remote 812 to the remote site upstream direction The defa
115. ic and Framed Services a 10 delete a Framed route so that it no longer will be installed in the routing table when the connection is established use the command delete ipx_route vc lt vc name gt ipx_route lt ipx network address Remember to disable and then re enable the VC profile for the change to take effect The Service table contains IPX server names the services they provide their network and node addresses and their relative distances Examples of Services include file servers and printers Once created a Static Service entry remains in the Service table until deleted Static Services differ from Dynamic Services in that Dynamic Services are learned real time via SAP packet exchange between routers A Static Service entry is a manually configured Service accessible from the LAN A Framed Service is a manually configured Service accessible from the WAN A Framed Service is active only when the connection to the associated remote site is active Use Static and Framed Services for servers not learned using SAP m To add a Static IPX Service over the LAN use the command add ipx service lt service name gt gateway lt network node address gt ipx_net lt server network address gt metric lt number gt node lt server node address gt socket lt hex number gt type lt hex number gt The service will appear in the IPX Services table For example add ipx service Serv411 gateway 98 0 0 0 0 0 0 ipx_net 31ab17c9 metric 1
116. ich have been typed ahead use C control C Command Features B 55 Nothing following the semicolon will be processed This is useful when you are writing CLI script files The do command runs a CLI script Comments B 56 APPENDIX B CLI COM MAND DESCRIPTION Hint A Add command 2 address filtering source and destination 26 Address Translation Overview 9 PAT 10 ADSL reset B 22 Advertisement Filters 27 Advertisement filters 27 Applying a Filter to an Interface Using CLI 37 Applying Filters Using CLI 36 Applying the Rules Using CLI 31 Assigning Filters 36 ATM show status B 35 ATM Information configuring 3 Bridge Generic Filtering 34 Bridge Networks Configuration enable bridge spanning_tree B 13 set bridge B 22 Statistics list bridge forwarding B 16 bridge Networks Configuration add bridge network B 1 delete bridge network B 10 disable bridge spanning_tree B 12 show bridge settings B 36 Managing disable bridge network B 12 enable bridge network B 13 Statistics show bridge network counters B 36 Bridging 1 Advanced 20 IP 20 LAN 20 Overview 19 Remote Site 20 bridging 5 C Call filtering 26 CLI Conventions and Terminology 1 A 1 B 1 CLihelp 2 CLI abbreviation 2 CLI control characters 2 CLI names strings 2 Command Line Interface CLI 2 1 7 Configuration 1 3 Configuration Overview 1 Configuring a Filter for a VC Remote Site Using CLI 37 Console 1 Creating Filter Files Using CLI
117. id Sets parameters for IP routing to the specified IP router address which is the gateway to an Autonomous System Parameters Description autonomous _system_number Autonomous system number table_maximum_size Maximum number of IP routes system can hold in its table Default 1000 metric_maximum_entries Most next hop entries the system table can maintain rip_flags Flags indicate at which level a RIP instance is disabled or configured Choices are METRICS Specifies how to increment metrics using RFC1058 SEND_REQUEST Sends a RIP request for routing information when an interface first comes up Router_id The IP station address of the ip router delay_ticks number diagnostics DISABLE ENABLE maximum_learning_retries number netbios ENABLE DISABLE netbios name_cache DISABLE ENABLE netbios cache_timer seconds netbios_ max_hops number packet_maximum_ size number rip BOTH DISABLE LISTEN RESPOND_ONLY SEND rip_age_multiplier number rip_ packet_size number rip_update_interval number sap BOTH DISABLE LISTEN RESPOND_ONLY SEND sap_age_multiplier number sap_packet_size number sap_nearest_replies ON OFF sap_update_interval number Sets parameters for the specified IPX network Parameters Description lt network_name gt Designation of the IPX network Maximum size is 32 characters delay_ticks Interval in number of ticks it takes
118. ilter applies to packets entering the interface input filter or leaving the interface output filter The router examines the filtering rules to determine whether the interface accepts or rejects the packet If an input filter is configured on an interface all received packets are checked against the filtering rules before being forwarded to another interface If an output filter is configured on an interface all outbound packets are checked against the filtering rules before exiting the router When possible use the input filter to filter an incoming packet rather than waiting to catch a packet as it attempts to exit the router This is recommended because a A packet is prevented from entering the router keeping potential intruders from attacking the unit itself a The routing engine does not waste time processing a packet that is going to be discarded anyway VC Remote Site Filters Applying Filters Using CLI 6 37 Most importantly the router does not know which interface an outgoing packet came in through If a potential intruder forges a packet with a false source address in order to appear as a trusted host or network there is no way for an output filter to tell if that packet came in through the wrong interface An input filter on the other hand can filter out packets purporting to be from networks that are actually connected to a different interface You can configure filters for a specific VC remote site profile
119. in each remote site s VC profile To globally enable IP RIP use the command enable ip RIP a To globally disable IP RIP use the command disable ip RIP To see the current IP Forwarding and RIP status use the following commands show ip settings show ip routing settings To configure IP over the LAN you need to assign an IP network to the LAN port with the add ip network command Each network has a network name You will use the network name when entering commands related to the network The CIDR supported network address includes a local station address and subnet mask using the format nnn nnn nnn nnn A B C or 8 30 The first 4 octets describe the IP address followed by the subnet mask contiguous designator 6 6 CHAPTER 6 MANUAL SETUP sgh Configuring IP RIP on the LAN Configuring IP for the Remote Site Connection You can specify the subnet in one of two ways a class or numerical designation If you specify a Class C subnet mask for instance this command will generate a 255 255 255 0 subnet value for you If you specify the number of bits to be set to 1 the acceptable range is 8 30 The network address is invalid if the portion of the station address not covered by the mask is 0 Defining a numerical subnet is useful when your value falls in between classes You can also omit the mask altogether it will automatically be calculated from the address To add an IP network over the LAN use the commana add
120. ing fast To ensure that you have all the information you need on hand before you engage Quick Setup we have supplied a script to jot down system management and LAN configuration information We recommend that you fill out either script completely to get the full benefit of the program Used in combination with the QuickVC Setup program Quick Setup allows virtually complete console based configuration of your OfficeConnect Remote 812 without requiring any knowledge of CLI command syntax The questions beginning in the next chapter represent nearly the full text of what Quick Setup would query if you were to use every service available as configured on the CLI If you are using partial service just IP configuration for example Quick Setup will skip the Bridging section Default values are enclosed in brackets If at any time you decide to quit Quick Setup you can type lt ctrl gt c c throughout the program QuickVC Setup Instructions The QuickVC Setup program for the CLI is designed to get virtual circuits for your OfficeConnect Remote 812 configured quickly To ensure that you have all the information you need on hand before you engage QuickVC Setup we have supplied a script to jot down information for VC connections We recommend that you fill out either script completely to get the full benefit of the program Used in combination with the Quick Setup program QuickVC Setup allows virtually complete console based configu
121. ing is enabled for that protocol Enables the spanning tree algorithm for the bridge connection The spanning tree algorithm is required if there is more than one bridge between the same two LAN segments You can use list bridge forwarding to see which bridges are defined and show bridge network lt network_name gt settings to see which options are enabled on a particular bridge network Enables the console password feature When enabled the user must login with the specified password before using the console port This password is not the same password specified for Remote Login access Once enabled the unit must be sent back to the factory if the password is forgotten enable interface lt interface_name gt enable ip forwarding enable ip network lt netw ork_name gt enable ip rip enable ip routing enable ipx network lt netw ork_name gt enable lan access enable link_traps interface lt interface_name gt enable network service lt service name gt enable security_option remote_user administration enable security_option snmp user_access enable snmp authentication traps CLI Commands B 15 Enables the specified interface Enabling an interface enables it to transmit and receive data You can use list interfaces to see which interfaces are defined and whether they are currently disabled Enables all IP networks to forward route packets You should only need to use this command if you previously u
122. ing valid SNM P Get Request and Get Next PDUs a Total Set MIB Objects sum of MIB objects altered successfully as the result of receiving valid SNM P Set Request PDUs Get Request PDUs sum of SNMP Get Request PDUs accepted and processed Get Next Request PDUs sum of SNMP Get Next PDUs accepted and processed a Set Request PDUs sum of SNMP Get Next PDUs accepted and processed CLI Commands B 51 Get Response PDUs sum of SNMP Get Response PDUs accepted and processed Trap PDUs sum of SNMP Trap PDUs accepted and processed OUTPUT COUNTERS Packets sum of SNMP packets transmitted Too Big Errors sum of SNMP PDUs generated by SNMP and for which the value of the error status field is tooBig No Such Name Errors sum of SNMP PDUs generated by SNMP and for which the value of the error status field is noSuchName Bad Value Errors sum of SNMP PDUs generated by SNMP and for which the value of the error status field is badValue General Errors sum of SNMP PDUs generated by SNMP and for which the value of the error status field is genErr Get Request PDUs sum of SNMP Get Request PDUs sent from SNMP Get Next Request PDUs sum of SNMP Get Next PDUs sent from SNM P Set Request PDUs sum of SNMP Set Request PDUs sent from SNM P Get Response PDUs sum of SNMP Get Response PDUs from SNMP Trap PDUs sum of SNMP Trap PDUs sent from SNMP show snmp settings Displays SNMP settings which you can modify using enabl
123. is a non zero hexadecimal number of up to 8 digits Question Default System Enter the ipx network number You need to specify the framing for the IPX network It should be one of the following ethernet_ii snap dsap novell 8023 Question Default System What is the framing for the IPX network ethernet_ii Quick Setup Bridge Information The network name is used by the OfficeConnect Remote 812 to identify your bridging setup Question Default Your System Enter the network name bridge The spanning tree algorithm is used to eliminate loops in a network that is linked together with bridges You should run the spanning tree algorithm in the OfficeConnect Remote 812 if you have multiple 812s linking your network to another network or if you think that there might be loops in your network Question Default System Do you want to run the spanning tree algorithm no Would you like to review your current settings before executing yes Sample Identification Information This section contains a sample of possible settings 4 6 nee CHAPTER 4 QUICK SETUP Management Information Console Login Required Console Login Password SNMP Management SNM P Community SNMP IP Address SNMP Read amp Write TELNET Management TELNET User TELNET Password IP Information IP Network Name IP Network Addr
124. is unit Currently available services are DISABLED disables all DHCP services RELAY enables the DHCP Relay service SERVER enables the DHCP Server within the unit address lt IP_address gt enabled YES NO max_hops lt number gt Defines the address and characteristics of the primary DHCP Server over the WAN that should receive our relayed DHCP requests Parameters Description address IP address of the primary DHCP server over the WAN port where DHCP resolution requests should be forwarded set dhcp relay server2 set dhcp server CLI Commands B 25 au enabled Whether or not this server is active for relay max_hops maximum number of hops the redirected requests are allowed to accrue without the request being dropped address lt IP_address gt enabled YES NO max_hops lt number gt Defines the address and characteristics of the secondary DHCP Server over the WAN that should receive our relayed DHCP requests Parameters Description address IP address of the secondary DHCP server over the WAN port where DHCP resolution requests should be forwarded enabled Whether or not this server is active for relay max_hops maximum number of hops the redirected requests are allowed to accrue without the request being dropped a DNS1 lt IP_address gt DNS2 lt IP_address gt a domain lt string gt end_address lt IP_address gt a hostname lt string gt m
125. it PVC Vci Virtual Channel Identifier Vpi Virtual Path Identifier Show commands display details about system entities Displays the current status of the access list feature Administration Status Indicates status of the access list feature Options are Enabled or Disabled LAN Access Indicates whether all frames received on the LAN interface are subject to access list checking Number of Frames Blocked Number of frames silently discarded because the Remote Host s subnet was not on the access list Displays current statistics for the ATM protocol running over the ADSL WAN interface It lists Cell Delineation Whether or not cell delineation is currently achieved ILMI VPI ILMI Path Identifier used for obtaining dynamic VC s Not supported OfficeConnect Remote 812 1 0 ILMI VCI ILM Channel Identifier used for obtaining dynamic VC s Not supported OfficeConnect Remote 812 1 0 TX Cells Number of ATM data cells sent over the WAN TX Idle Cells Number of ATM idle cells sent over the WAN RX Good Cells Number of well formed and correctly addressed ATM data cells received from the WAN RX Idle Cells Number of well formed and correctly addressed ATM idle cells received from the WAN RX No Pkt Avail Number of times a packet was reassembled but could not be delivered over the LAN because of lack of packet memory within the OfficeConnect Remote 812 RX Bad VPI or VCI Number of ATM cells r
126. it will also be resolved otherwise you must specify it as part of the name This command requires either a DNS local host entry use add DNS host or a DNS server use add DNS server to resolve the host name It is the reverse of the ARP command SAVE save all Saves all changes you have made during your session with the CLI It isa good idea to save your changes frequently just as you should with any type of editor SET set adsl reset Resets the ADSL interface set adsl wire pair Overrides the auto direction of inner and outer pair wiring on the RJ 11 connector inner inner pair outer outer pair set bridge aging_time lt seconds gt forward delay lt seconds gt spanning tree_priority lt seconds gt Sets parameters for all bridge networks Parameters Description aging_time Interval to wait before aging out MAC addresses that were learned from other LAN segments The default is 300 forward_delay Interval bridge waits before bridging packets This time is useful for the bridge to listen to packets look at the MAC addresses and build its known MAC address table Default is 15 seconds spanning tree_ Priority number determines who will be seen as the root bridge in a bridge priority network The default is 32768 B 24 APPENDIX B CLI COM MAND DESCRIPTION Hirit set bridge firewall firewall_mode set command set date lt date gt set dhcp mode lt mode gt set dhcp relay ser
127. lays settings for the specified interface The settings displayed depend on the interface you specify and so will not be shown here Displays system wide IP network statistics INPUT COUNTERS Total Input Datagrams sum of IP datagrams received Bad Headers number of datagrams with bad headers Bad Addresses number of datagrams with bad addresses Forwarded Packets number of packets forwarded Bad Protocol number of packets received with bad protocol Discarded number of packets discarded B 44 APPENDIX B CLI COM MAND DESCRIPTION Hirit Successfully Delivered number of packets successfully received OUTPUT COUNTERS Total Output Datagrams sum of datagrams transmitted Discarded number of datagrams discarded Bad Routes number of datagrams with a bad route Fragments Needing Reassembly of fragmented datagrams Datagrams Successfully Reassembled of broken datagrams successfully reassembled Reassembly Failures of broken datagrams unsuccessfully reassembled Datagrams Successfully Fragmented datagrams successfully broken before transmission Fragmentation Failures failed datagram fragmentations before transmission Total Fragments sum of fragments transmitted show ip settings Displays system wide IP information IP Dynamic Address Pool Begin start of IP address range IP Dynamic Address Pool Size size of IP address range IP System Host Address IP address of the system IP Forwarding ENAB
128. le ip rip B 13 disable ip routing B 13 disable ip static_remote_routes B 13 disable ipx network lt network_name gt B 13 disable lan access B 13 disable link_traps interface lt interface_name gt B 13 disable network service lt service_name gt B 13 disable security_option snmp user_access B 13 disable security_option remote_user administration B 14 disable snmp authentication traps B 14 disable telnet escape B 14 disable user lt user_name gt B 14 disable vc lt user_name gt B 14 DO B 14 do lt command_inputfile gt output outputfile B 14 ENABLE B 14 enable access B 14 enable bridge network lt network_name gt B 14 enable bridge spanning_tree B 14 enable interface lt interface_name gt B 15 enable ip forwarding B 15 enable ip network lt network_name gt B 15 enable ip rip B 15 enable ip routing B 15 enable ipx network lt network_name gt B 15 enable lan access B 15 enable link_traps interface lt interface_name gt B 15 enable network service lt service_name gt B 15 enable security_option remote_user administration B 15 enable security option snmp user_access B 15 enable snmp authentication traps B 15 enable telnet escape B 16 enable user lt user name gt B 16 enable vc lt vc name gt B 16 exit CLI B 16 HANGUP B 16 hangup interface lt interface_name gt B 16 hangup vc lt vc_name gt B 16 HELP B 16 help lt command gt B 16 HISTORY B 16 history B 16 KILL B 17 kill lt process name
129. lease lt seconds gt mask lt IP_address gt router lt IP_address gt sStart_address lt IP_address gt WINS1 lt IP_address gt a WINS2 lt IP_address gt Defines the characteristics of the DHCP Server and defines the pool of addresses that this facility should administer Parameters Description DNS1 IP address of the primary DNS server that the DHCP server will utilize when resolving names DNS2 IP address of the secondary DNS server that the DHCP server will utilize when resolving names domain Name of the DNS domain we exist in end_address Last IP address in the pool of IP addresses that will be handed out through DHCP hostname DNS hostname of this unit lease The number of seconds that an IP address will be allocated to a workstation without having to be renewed B 26 APPENDIX B CLI COM MAND DESCRIPTION Hirit set dns set facility lt facility_name gt loglevel level set ilmi vpi lt number gt vci lt number gt set interface lt interface_name gt mask IP network mask that applies to the pool of IP addresses being administered router IP address that the workstations should use as their default gateway start_address First IP address in the pool of IP addresses that will be handed out through DHCP WINS1 IP address of the primary WINS server that the DHCP server will utilize WINS2 IP address of the secondary WINS server that the DHCP server will utiliz
130. mmand set vc lt vc name gt default_route_option DISABLE ENABLE The default_route_option can only be enabled in one VC profile Also you can configure IP Source Validation for the connection When IP Source Validation is enabled the source address of all IP frames received from the remote site will be validated A packet s source address is valid if the OfficeConnect Remote 812 will route an IP frame destined to the source address on the same VC it came in on m To enable IP Source Validation in a profile use the command set vc lt vc name gt ip_source_validation DISABLE ENABLE 6 8 CHAPTER 6 MANUAL SETUP sgh Configuring IP RIP fora Remote Site Configuring Static and Framed IP Routes a To create a filter to block NetBios file and printer sharing over the Remote Site connection use the following command add auto _filter vc_blk_netbios vc lt user name gt Where lt user name gt is the VC Remote Site profile name This command creates a filter which rejects incoming frames with destination UDP ports 137 and 138 and destination TCP ports 139 and 143 The filter is automatically added to the filter manager and attached as the Remote Site s profile input filter IP RIP can be enabled or disabled for each remote site connection The OfficeConnect Remote 812 supports two versions of RIP V1 or V2 Additionally you can configure whether the OfficeConnect Remote 812 should advertise local routes only listen f
131. mote Connection id UNIX Based Computers Kermit minicom and tip are typical terminal emulation programs for UNIX based computers Depending on the platform you re using you may need to modify a configuration file for vt100 settings If you want to attach to the OfficeConnect Remote 812 via the LAN or WAN interface of the unit you will need to establish a Telnet connection to the unit The OfficeConnect Remote 812 must have an IP address and an administrative login profile username and password in order to connect to it with Telnet The IP address and administrative login profile are automatically created when the unit is initially configured using the IP Wizard or in DHCP Smart Mode The default username is root and the default password is root Refer to the OfficeConnect Remote 812 ADSL Router Install Guide for information on the IP Wizard or DHCP Smart M ode initialization Alternatively the IP address and administrative login profile can be created with CLI using the QuickSetup program or using individual commands From Windows 95 you can go to the DOS Window and run telnet lt ip_address gt This will bring up the login prompt for the unit Once you have successfully logged in the Command Line Interface presentation is the same as if you were locally attached When you want to terminate your Telnet session type quit at the CLI prompt CLI COMMAND CONVENTIONS AND TERMINOLOGY This chapter describes the command sy
132. n the OfficeConnect Remote 812 s IP route table You can use Routing Information Protocol RIP to exchange routing information with other routers on the network The IP mask can be specified either as a class A B or C the number of one bits in the mask or as an address in the format 255 x x x Question Default Your System Is IP traffic going to be routed over VC name yes Do you want to enable IP Network Address Translation NAT yes Are the IP addresses S pecified or L earned L Enter the IP address of the router across the WAN Enter the IP mask for the router across the WAN C Is the WAN interface U nnumbered or N umbered N Enter the local ip address for the WAN connection numbered only Do you want to use name s remote router as the default no gateway Do you want to run RIP no Enter the version of RIP to run v2 The IP configuration for VC name is now complete 5 4 CHAPTER 5 QUICK VC SETUP ohhh IPX Routing Network Service PPP IPX Routing Network Service RFC 1483 Bridging Review Sample Identification Information Question Default Your System Is IPX traffic going to be routed over VC name no Is the IPX WAN interface S pecified or L earned L Is the IPX WAN interface U nnumbered or N umbered N Enter the IPX network number for the WAN
133. n authorizing SNMP requests address IP address of the SNMP manager in the form nnn nnn nnn nnn access Determines what type of access to SNMP M IBs the added user will have Options are Read Only RO and Read Write RW name name a location location a contact contact info B 32 APPENDIX B CLI COM M AND DESCRIPTION Hirit set syslog lt IP_address gt loglevel level set time lt time gt set user lt user_name gt set vc lt vc_name gt a transmit_authentication_name name Specifies system contact information which is displayed using show system The user name is the remote account name Location name and contact names are limited to 64 characters from managers on the network must match the list which you can see using list snmp communities Parameters Description name A name identifying the user to the system location The location of the user contact The information contact for the user transmit Deprecated authentication_name Sets the error reporting level for syslog entries that will be sent to the specified IP address You must have previously defined this syslog IP address using add syslog There are five levels of logging a CRITICAL a serious system error which may effect system integrity a UNUSUAL an abnormal event which the system should recover from a COMMON a regularly occurring event that is not frequent a VERBOSE a regular periodic
134. n limit access to a specific management station 0 0 0 0 means any station Question Default YourS ystem What is the IP address of the station for this community 0 0 0 0 You also need to specify if this community can only read information or read and write information Question Default YourS ystem Can this community change management information yes This completes the section on SNMP management configuration TELNET information Question Default Your System Do you want to allow command line management via TELNET yes For TELNET management of the system you need to create a user name and password to control access Question Default Your System What user name will be allowed to manage this system root What password will be used for this user Quick Setup IP information The OfficeConnect Remote 812 uses a network name to identify the network for future managment commands Question Default Your System Enter the network name of your IP network lip Enter the IP address for the OfficeConnect Remote 192 168 200 25 4 The IP mask can be specified either as a class A B or C the number of one bits in the mask or as an address in the format 255 x x x 4 4 hay CHAPTER 4 QUICK SETUP Question Default Your System
135. nd other parameters related to bridging Parameters Description lt network_name gt Designation you wish to give to this bridge network enabled Default is to enable the bridge network Adds the named host to the Local Host Table When the system needs to resolve an address for an IP host name the Local Host table is checked first before a request is sent to the remote DNS Name Server The add login_host command may also add to this table See that command s description for details Parameters Description lt host_name gt Designation of the local host lt IP_address gt IP Address of a named host in nnn nnn nnn nnn format primary_address ip_address secondary_address ip address vc_name vc_name Adds the IP Address of a remote DNS Server for the specified Domain Name to the Domain Name Server Table The first specified server is sent the IP Host Name to be resolved first without and then with the default domain name see set dns for more information about the default domain name If that server cannot resolve the name it is sent to the next specified server If PPP is being used for a wide area connection the vc_name parameter to specify a remote connection from which the primary and secondary addresses will be learned Parameters Description lt domain_name gt Domain name Use for all domains Status The status concerning the DNS server primary_address The primary IP addr
136. ng Network Address Translation in Chapter 6 for an example in which i Note Typically the private and public port numbers are set to the same value See they differ B 8 APPENDIX B CLI COMMAND DESCRIPTION Aah add network service lt service_name gt Status server_type server_type socket socket_number enabled YES a data string close_active_connections TRUE FALSE This configures a network listener process that provides a certain type of service To see the available server types use list services Parameters Description lt service_name gt Name of this type of service Limit of 32 character ASCII string server_type Designates the type of server HTTP SNMPD SNMP agent TFTPD server for file transfers TELNETD TELNET server to the CLI socket Indicates which socket the server listens on For TFTP and TELNET it is the TCP or UDP port enabled This indicates whether the network service is enabled Enter YES or NO data Ancillary Data This field contains server specific configuration data See the table on the next page for settable ancillary data parameters for TELNET close_active_ Indicates whether or not to close any active connections when a service is connections disabled by the disable network_service command Default FALSE The table below shows configurable parameters for TELNET services which are specified with the data parameter
137. ng Web Browser and TELNET Login Access Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory You can obtain the current date time and system uptime using the command show date The date and time information is provided in the following format System Date 02 MAR 1998 05 17 00 System UpTime 2d 08 37 54 You can set the date using the command set date which sets the system date and leaves the time unchanged The format is dd mmm yyyy The month should be the first three characters of the month name The year can be either 2 or 4 digits 97 or 1997 Example set date 01 JAN 1998 To set the time use the command set time which sets the system time and leaves the date unchanged The format is hh mm ss The seconds ss field is optional Military time is used For example to set the time to 4 10 am enter the command set time 04 10 and to set the time to 4 10 pm enter the command set time 16 10 The system name location and contact information is useful when monitoring the OfficeConnect Remote 812 remotely You should choose a name location and contact that is appropriate for the unit a You can view the settings using the commana show system m To set these parameters use the command set system name lt name gt location lt location gt contact lt contact gt a The name location and contact can be up to
138. nications Commission helpful The Interference Handbook This booklet is available from the U S Government Printing Office Washington D C 20402 Stock No 004 000 00345 4 NOTE In order to maintain compliance with the limits of a Class B digital device 3Com requires that you use quality interface cables when connecting to this device Changes or modifications not expressly approved by 3Com could void the user s authority to operate this equipment Refer to the manual for specifications on cabling types FCC DECLARATION OF CONFORMITY We declare under our sole responsibility that the Model Description 3Com OfficeConnect Remote 812 ADSL Router to which this declaration relates is in conformity with the following standards or other normative documents m ANSI C63 4 1992 Methods of Measurement Federal Communications Commission 47 CFR Part 15 subpart B 3Com Corporation 5400 Bayfront Plaza P O Box 58145 Santa Clara CA 95052 8145
139. nnect Remote 812 is to create a file using a text editor on a workstation The file will contain filters defined in the OfficeConnect Remote 812 filter syntax described below File names should be short and descriptive such as IPFLT The next step is to use TFTP Trivial File Transfer Protocol to copy the filter file from the workstation to the OfficeConnect Remote 812 You then use CLI commands to add the filter file to the list of filters and apply the filter to the appropriate interface or VC remote site profile You define the filtering rules used by the router within filter files Filter files are text files that are stored in the unit s FLASH memory You can create and modify filter files using an off line text editor then TFTPing the finished file on to the unit To be valid a filter file must always have the following file descriptor on the first line filter Be sure that no blank space precedes the descriptor or an error will occur The remainder of the filter file is partitioned into protocol sections Each protocol section has a descriptive header and contains the filter rules for that protocol A single filter file can contain all valid protocol sections in any order but the sections cannot be repeated The following conditions will generate errors or prevent normal filter operation a f you do not specify a protocol section in the filter file no filtering will occur and packets of that protocol type will be accep
140. node 0 0 0 0 0 1 socket 451 type 4 You can display all IPX Services with the list ipx services command m To delete an Static IPX Service use the command delete ipx service lt name gt type lt hex number gt To add a Framed Service that will be installed in the IPX Services table when a connection is established use the command add ipx_service vc lt vc name gt hops lt number gt ipx_net lt server network address gt name lt Service name gt node lt server node address gt socket lt hex number gt type lt hex number gt id Configuring IPX RIP and SAP Bridging 6 19 The route will be removed from the IPX routing table when the VC profile is disabled To delete a Framed route so that it no longer will be installed in the routing table when the connection is established use the command delete ipx_service vc lt vc name gt name lt service name gt type lt type gt Remember to disable and then re enable the VC profile for the change to take effect IPX RIP is used to exchange IPX routing information with other IPX routers SAP is a protocol used by IPX servers and routers to exchange information about the location of servers For IPX networks over the LAN you can separately enable or disable RIP and SAP When enabled you can also specify whether RIPs or SAPs are sent received or both To configure RIP for a LAN network use the command set ipx network lt network name gt rip BOTH DISABLE
141. ntax conventions and terminology used within the Command Line Interface Reviewing and understanding this chapter is essential for you to understand subsequent chapters Command Structure Format Commands can be followed by values and or parameters and values For example add ip network lt network_name gt address ip_addr interface eth 1 a add ip network is the command m lt network_name gt is the required value for the command a address is a required parameter a ip addr is the value for the IP address parameter which you must provide a interface is only required if you want to override the default value which is eth 1 Parameters m are order independent a parameters enclosed by curly braces are required and are provided with default values You do not need to specify these parameters unless you wish to override the default Values a lt gt required values for a command or parameter are enclosed by arrows a range of values following parameters are enclosed in brackets Inside the brackets if you see a vertical bar you may select only one of the displayed choices FIRST SECOND THIRD comma you can select one or more of the displayed choices FIRST SECOND THIRD a The type of value you enter must match the type requested Numbers are either decimal or hexadecimal Text can be either a string that you create or it 2 2 CHAPTER 2 CLI COMMAND CONVENTION
142. nty service for hardware products may be obtained by delivering the defective product accompanied by a copy of the dated proof of purchase to the 3Com Corporate Service Center or to an Authorized 3Com Service Center during the applicable warranty period Standard warranty service for software products may be obtained by telephoning the 3Com Corporate Service Center or an Authorized 3Com Service Center within the warranty period Products returned to the 3Com Corporate Service Center must be preauthorized by 3Com with a Return Material Authorization RMA number marked on the outside of the package and sent prepaid insured and packaged appropriately for safe shipment The repaired or replaced item will be shipped to Customer at the expense of 3Com not later than thirty 30 days after receipt of the defective product by 3Com WARRANTIES EXCLUSIVE IF A 3COM PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE CUSTOMER S SOLE REM EDY FOR BREACH OF THAT WARRANTY SHALL BE REPAIR REPLACEM ENT OR REFUND OF THE PURCHASE PRICE PAID AT THE OPTION OF 3COM TO THE FULL EXTENT ALLOWED BY LAW THE FOREGOING WARRANTIES AND REM EDIES ARE EXCLUSIVE AND ARE IN LIEU OF ALL OTHER WARRANTIES TERM S OR CONDITIONS EXPRESS OR IM PLIED EITHER IN FACT OR BY OPERATION OF LAW STATUTORY OR OTHERWISE INCLUDING WARRANTIES TERMS OR CONDITIONS OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND SATISFACTORY QUALITY 3COM NEITHER ASSUM ES NOR AUTHORIZES ANY OTHER PERSON T
143. om for repair whether under warranty or not SOFTWARE 3Com warrants that the software programs licensed from it will perform in substantial conformance to the program specifications therefor for a period of ninety 90 days from the date of purchase from 3Com or its Authorized Reseller 3Com warrants the media containing software against failure during the warranty period No updates are provided The sole obligation of 3Com with respect to this express warranty shall be at the discretion of 3Com to refund the purchase price paid by Customer for any defective software products or to replace any defective media with software which substantially conforms to applicable 3Com published specifications Customer assumes responsibility for the selection of the appropriate applications program and associated reference materials 3Com makes no warranty or representation that its software products will work in combination with any hardware or applications software products provided by third parties that the operation of the software products will be uninterrupted or error free or that all defects in the software products will be corrected For any third party products listed in the 3Com software product documentation or specifications as being compatible 3Com will make reasonable efforts to provide compatibility except where the noncompatibility is caused by a bug or defect in the third party s product STANDARD WARRANTY SERVICE Standard warra
144. ommand Removing a Filter from a VC Remote Site Profile Using CLI Deleting a Packet Filter Using CLI Verifying Filter File Syntax Using CLI Showing Filter File Contents Using CLI Managing Filters Using CLI 6 39 wee set interface lt interface name gt input_filter set interface lt interface name gt output_filter m The value represents a null value and removes the defined filter from the interface For example to remove an output filter from an interface named eth 1 you would use the following command m set interface eth 1 output_filter To remove a filter that is assigned to a remote site profile use the following command wee wee set ve lt VC or remote site name gt input_filter output_filter The value represents a null value and removes the defined filter from the user profile For example to remove an input filter from a VC remote site profile named corpoffice you would use the CLI command wee set ve corpoffice input_filter To delete a specific packet filter removing the filter file permanently from the FLASH memory use the CLI command delete filter lt filter_name gt The verify filter command must be used if you make changes to a filter file that has already been added to the managed list and re TFTP it back to the router s FLASH memory using the same filename The verify filter file will check the filter syntax If the syntax is valid no message is generated and the
145. on NAT Enabled RIP no Remote is Default Gateway yes IPX Enabled IPX WAN Network Number Learned IPX WAN RIP Yes Bridging Enabled Question Default Your System Do you want to change any answers no Do you want to actually execute these commands yes OCR DSL gt add vc name OCR DSL gt set vc name OCR DSL gt set vc name OCR DSL gt set vc name OCR DSL gt set vc name OCR DSL gt set vc name OCR DSL gt set vc name OCR DSL gt set vc name OCR DSL gt set vc name OCR DSL gt set vc name OCR DSL gt set vc name OCR DSL gt set vc name OCR DSL gt ip disable ipx disable bridging disable network_service ppp atm vpi 0 vci 0 category_of_service unspecified pcr 0 ip enable remote_ip address 0 0 0 0 C local_ip_address 0 0 0 0 ip_routing listen rip ripv2 nat_option enable ipx enable ipx_enable ipx_address 00000000 ipx_routing all bridging enable OCR DSL gt enable vc name OCR DSL gt _save users SAVE USERS Complete oc R DSL gt Spawned Process CFP 272016 QuickSetup commands Completed Successfully OCR DSL gt 5 6 CHAPTER 5 QUICK VC SETUP sgh M ANUAL SETUP This chapter describes how to manually setup the OfficeConnect Remote 812 for Routing or Bridging Configuration Overview The following steps provide an outline to follow when configuring the OfficeConnect Remote 812 to route or bridge to remote networks
146. on is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must accept any interference received including interference that may cause undesired operation WARNING This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules and the Canadian Department of Communications Equipment Standards entitled Digital Apparatus ICES 003 These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures m Reorient or relocate the receiving antenna m Increase the separation between the equipment and receiver m Connect the equipment into an outlet on a circuit different from the one which the receiver is connected to m Consult the dealer or an experienced radio TV technician for help The user may find the following booklet prepared by the Federal Commu
147. one is not found the request will be forwarded to a Remote DNS Server The DNS Server is selected by comparing the domain name within the Request If the Request was for www M yCorp com events local the domain M yCorp com would match given our configuration and the request would be forwarded to the DNS Server at 192 168 1 253 If a request was for www 3com com a match would not be found in the Remote server table and therefore the request would be forwarded to the default Remote DNS Server In this case the Remote DNS Server is dynamically learned when the connection to the remote site Internet is first established After a workstation is rebooted and is configured automatically by the OfficeConnect Remote 812 s DHCP Server the 812 s browser based manager can attach to the OfficeConnect Remote 812 by typing in ocrdsl 3com com in the Browser s location field If the OfficeConnect Remote 812 s DNS functionality is disabled the manager can still be accessed by using the OfficeConnect Remote 812 s LAN address i e 192 168 200 254 for this configuration The local IPX Network is defined with a Network Number of 10 and an identifying name of ipx Routes and Services will be dynamically learned using RIP and SAP once the Remote Site to MyCorp is established The following commands are executed add ipx network ipx address 10 frame ethernet_ii enable yes set ipx net ipx rip both sap both A Bridge network is configured for th
148. or example tftp a Socket TCP port number used by the service a Close reveals whether all connections close when you disable this service TRUE or FALSE See add network service command for details Admin Status the status you have requested for this service ENABLED or DISABLED See the add network service command for details These commands display the defined SNM P communities which you previously defined using the add snmp community command SNMP trap_communities does not list access Community Name community designation for the IP address IP address IP address of a member of the community Access Read Write type of access a member has to MIBs Displays IP addresses which get syslog entries from the system See add syslog for more information and delete syslog command to remove entries This command shows a Syslog IP address to which syslog entries will be sent Log Level reporting level of entries to send Msg Count current number of messages sent since system bootup Also see list facilities and set facilities commands which let you view and change log reporting levels for each system facility Displays information about all TCP connections Connection status is defined in RFC 793 Local Address IP address of the local host for this connection Local Port TCP port number used by the local connection Remote Address IP address of the remote host for this connection Remote Por
149. or routes from the remote site or both To configure RIP for a remote site connection set vc lt vc name gt ip_routing BOTH LISTEN NONE SEND If you are using address translation for a remote site connection NAT you must set ip_routing to LISTEN or NONE This is because you have set up a private LAN network and therefore do not want to be broadcasting information to other routers The OfficeConnect Remote 812 will not allow a profile using address translation to be enabled if ip_routing is set to BOTH or SEND To configure the RIP version for the remote site connection use set vc lt vc name gt rip RIPV1 RIPV2 A Static route is a configured route that will remain in the routing table until deleted Static routes differ from Dynamic routes in that Dynamic routes are learned real time via RIP A Framed route is much like a Static route in that you manually configure the route The difference is that a Static route is defined for the LAN while a Framed route is associated with a remote site connection Also while a Static route is active when the LAN is connected a Framed route is active only when the connection to the associated remote site is active If you wish to set up a route to a network on the other side of a remote site use a Framed route If you wish to set up a route to a network through the LAN use a Static route Only use Static and Framed routes for networks not learned using RIP To add a Static
150. ose parameters were used in creating links Local MMRU MRU the remote entity uses when sending packets to local PPP entity Default 1514 Remote MMRU MRU the local entity uses when sending packets to remote PPP entity Default 1514 Local Endpoint Class type of address used as the identifier CLI Commands B 49 Local Endpoint Length maximum length of the local Endpoint Discriminator Address default is 6 Local Endpoint ID value of the local Endpoint Discriminator Address Remote Endpoint Class value of the remote Endpoint Discriminator Class which indicates the type of address being used as the identifier Remote Endpoint Length maximum length of the remote Endpoint Discriminator Address Remote Endpoint ID value of the remote Endpoint Discriminator Address SETTINGS for PPP BUNDLE 1 COMPRESSION Operational Status Opened or Not Opened Compression Protocol authentication protocol used by the local PPP entity when it authenticated the local PPP entity to the remote PPP entity PAP CHAP or NONE SETTINGS for PPP LINK 1 5 Operational Status opened or not opened Interface Index index number of the interface used Local MRU MRU the remote entity uses when sending packets to local PPP entity Default 1514 Remote MRU MRU the local entity uses when sending packets to remote PPP entity default is 1514 Local to Peer ACC Map value of the ACC Map used for sending packets from the local PPP entity to the
151. problem is to use private addresses on small LANs and to use Address Translation when accessing devices on the public network Address Translation changes an IP frame s private address to a public address at the gateway of a public network i e the OfficeConnect Remote 812 router The router maintains a table of active port numbers in order to support simultaneous connections from different workstations on the LAN with one public IP address The public address is the WAN interface address of the Remote Site profile which can be statically configured or dyanmically learned PPP NAT is used when several privately addressed workstations share a single public address NAT uses the TCP and UDP port numbers to map multiple private addresses to the single public address For normal applications such as Web browsing and FTP transfers NAT can be configured by just enabling the feature When accesses are originated from the private addressed LAN a mapping is established between the source port number and the source private address When the response is received on the public addressed WAN port the destination port is mapped back to the private address 6 10 hy CHAPTER 6 MANUAL SETUP Configuring NAT Static NAT port mappings or the NAT default address need to be configured when an application will initiate a TCP or UDP connection from the public network Ifa public accessible Server resides on a privately addressed LAN static ports can be d
152. py files to or from the unit All you have to do is set up TFTP access on the OfficeConnect Remote 812 and run a TFTP client program on a workstation You can configure the OfficeConnect Remote 812 to provide access to all TFTP clients or you can specify the IP addresses of the TFTP clients for restricted access a To view the current TFTP client access list use the command list tftp clients To add a TMP client to the list use the command add tftp client lt host name or IP address or 0 0 0 0 gt Provide either the host name or the IP address of the workstation running the TFTP client An address of 0 0 0 0 allows all TFTP clients unrestricted access To remove a TFTP client from the list use the command delete tftp client lt host name or IP address or 0 0 0 0 gt The OfficeConnect Remote 812 provides the capability to password protect access to the CLI When the password protection feature is enabled a user connecting to the CLI via the serial console port will be prompted for the CLI password After the correct password is entered all CLI commands are accessible by the user The user can exit from the CLI to disable further access or can configure an idle timeout period If no commands are executed by the CLI for a period longer than the idle timeout period the user will automatically be logged out of the console The password will have to be re entered in order to access the CLI again CLI password protection is disabled b
153. rames which have been received Transmit Frames packet frames which have been sent Discarded packet frames which have been thrown away settings Displays information about the specified bridge network You use add bridge network to define bridge networks Interface the interface this bridge is using Network Address index number for this bridge network Frame Type BRIDGE is the default Status ENABLED or DISABLED are options User Name user to supply parameters for this bridge Spanning Tree Enabled ENABLED or DISABLED show bridge settings Displays the settings for all bridge networks Use set bridge to modify these values Base Aging Time time to age out a known MAC address default 300 B 38 APPENDIX B CLI COM MAND DESCRIPTION Hirit show call_log show command show configuration show critical_event settings Spanning Tree Forward Delay delay after coming up before learning default is 15 a Spanning Tree Priority this bridge s bid to be root bridge default is 32768 a Access MACs Only This can be enabled or disabled Spanning Tree Mode sets spanning tree algorithm on Default is DISABLED Base MAC Address address of the bridge Number of Networks number of networks in this bridge Type type of bridge TRANSPARENT ONLY is the default Displays the current call status of a specified VC Fields Call State current call state of the call i e Disconnected Connec
154. ration of your OfficeConnect Remote 812 without requiring any knowledge of CLI command syntax The questions beginning in Chapter 5 represent nearly the full text of what QuickVC Setup would query if you were to use every service available as configured on the CLI If you are using partial service QuickVC Setup will skip some sections Default values are enclosed in brackets 3 2 CHAPTER 3 CONFIGURATION M ETHODS Hirit Manual Setup Instructions Once you become familiar with the CLI interface you might find it more efficient to manage the OfficeConnect Remote 812 manually M anual configuration is most versatile in that you only enter commands that need to effectively change from the current configuration Also many of the advanced features can only be accessed through manual configuration such as filtering QUICK SETUP This chapter will describe in detail the operations of the Quick Setup program It will identify the required information steps involved and sample output scripts from the execution of this program CLI Quick Setup Script Introduction p gt Instructions Setup Script The CLI Quick Setup program allows you to quickly configure LAN side global and management settings for your OfficeConnect Remote 812 Instead of using cryptic commands you will simply respond to a series of questions regarding different aspects of your configuration The program will convert your responses into the approp
155. re allowed to access the Management services of the OCR812 Use this command to remove an entry in the list Parameters Description lt ip subnet address gt IP address in the format xx Xxx xX xx Deletes the previously added bridge network Make sure you have disabled the bridge network using the disable bridge network command before trying to delete it Use list bridge forwarding to see if there is any activity over the bridge connection Deletes all your configuration files reboots the system and restores system configuration to default values delete dns host lt host_name gt delete dns server lt domain_name gt delete filter lt filter_name gt delete file lt file_ name gt delete framed route vc delete ip network lt netw ork_name gt delete ip route lt IP_address gt delete ipx network lt name gt delete ipx route lt ipx_net_address gt delete ipx service lt service_name gt delete nat tcp vc lt vc_name gt delete nat udp vc lt vc_name gt CLI Commands B 11 Deletes the specified host from the DNS Local Host Table Use list DNS hosts to view the DNS Local Host table After deletion requests for that host will be processed through a DNS server instead of locally Use list DNS servers to see which servers are defined Removes the name server addresses associated with the specified domain from the Domain Name Server Table Removes the named filter from the filter table an
156. riate CLI commands and execute them The CLI Quick Setup program automatically executes when the OfficeConnect Remote 812 is powered on with no configuration and all DIP switches in the back of the unit are in the OFF position This boot mode is called Unconfigured M ode An OfficeConnect Remote 812 unit can be restored to an unconfigured state by ensuring that all DIP switches are in the OFF position and by deleting the configuration by performing one of the following 1 Press the Configuration reset button on the back of the unit while powering on 2 Issue the delete configuration command from the CLI 3 Use the browser based OfficeConnect Remote 812 M anager to delete the configuration For more information on the OfficeConnect Remote 812 boot modes see Chapter 2 Getting Started in the OfficeConnectRemote 812 ADSL Router Install Guide The following sections contain the CLI Quick Setup script You will be required to enter information concerning your network configuration Questions in the script are presented here in tables Write the appropriate information for your desired configuration in the following tables The OfficeConnect Remote 812 Quick Setup will let you set up LAN side and global configuration for your system To configure wide area profiles you should run the OfficeConnect Remote 812 VC Wizard using the QUICKVC command Do you want to continue with OfficeConnect Remote 812 Quick Setup 4 2 nies CHAPTER 4 QUICK SETUP
157. rned real time via RIP or when new connections are established A Framed route is much like a Static route in that you manually configure the route The difference is that a Static route is defined for the LAN while a Framed route is associated with a remote site connection Also while a Static route is active when the LAN is connected a Framed route is active only when the connection to the associated remote site is active If you wish to set up a route to a network on the other side of a remote site use a Framed route If you wish to set up a route to a network through the LAN use a Static route Only use Static and Framed routes for networks not learned using RIP To add a Static IPX route over the LAN use the command add ipx route lt ipx network address gt gateway lt ipx network address gt metric lt number gt ticks lt number gt The route will appear in the IPX routing table You can display all IPX routes with the list ipx routes command a To delete an IPX Static route use the command delete ipx route lt ipx network address gt m To add a Framed route that will be installed in the IPX routing table when a connection is established use the command add ipx_route vc lt vc name gt ipx_net lt ipx network address gt metric lt number gt ticks lt number gt The route will be removed from the IPX routing table when the VC profile is disabled 6 18 CHAPTER 6 MANUAL SETUP sgh id Configuring IPX Stat
158. route metric 1 gateway lt IP_address gt Defines a default gateway IP router which acts as the default route for IP packets destined for remote hosts Parameters Description lt IP_address gt IP Address of the gateway router metric Integer representing how far away the default router is in hops through other routers Values 1 15 add ip network address ip_net_address lt network_ name gt frame ETHERNET II SNAP LOOPBACK interface eth 1 enabled yes Adds an IP network to the list of IP networks available over the specified interface Parameters Description lt network_name gt Name of IP network consisting of up to 32 unique ASCII characters space must be surrounded by double quotes address IP address of the network in the format nnn nnn nnn nnn with or without a mask specifier The M ask Specifier can be A B C or H ora numeric value from 8 to 30 that describes the number of one bits in the mask If you do not specify a mask the system will generate it for you from the network address frame Frame encapsulation to be used on this IP network The options are ETHERNET_II LOOPBACK for diagnostics or SNAP interface Name of the interface which this IP network will communicate over The default is the first LAN interface eth 1 enabled This optional parameter indicates whether the network is enabled YES or disabled NO
159. rvice file server print etc public_port number public_port number B 12 sgh delete network service lt service_name gt delete snmp community lt name gt delete snmp trap_community lt name gt delete syslog lt ip_name_or_address gt delete tftp client lt ip_name_or_address gt delete user lt name gt delete vc lt name gt DIAL dial lt vc_name gt DISABLE disable access disable bridge network lt name gt disable bridge spanning _tree APPENDIX B CLI COM MAND DESCRIPTION Deletes the specified network service from the list of available services You must use disable network service before deleting the service You can see which services are available and active using list available services and list services Deletes an SNMP community that was previously added with the add snmp community command You can use list snmp communities to see the current entries Deletes an SNMP trap community name from the list of names and IP addresses that are allowed to receive SNMP trap commands You can use list snmp communities to see the current entries Deletes the specified IP host name or IP address from the list of addresses which are authorized to receive syslog information Use list syslog to see the currently allowed addresses Deletes the specified IP host name or IP address from the list of addresses which are authorized to TFTP Use list tftp clients to see the currently allowed a
160. s for the configured protocol are not bridged To configure the Bridge Firewall for this mode use the command set bridge firewall fwd_unicast_only Forward Broadcast Unicast Packets Unicast packets for a configured protocol received from the LAN that are not addressed to the MAC address of the OfficeConnect Remote 812 are bridged Received broadcasts e g DHCP are bridged To configure the Bridge Firewall for this mode use the commana set bridge firewall fwd_bc_and_unicast Packets received from the WAN do not pass through the Bridge Firewall Instead packets received from the WAN are delivered to the router or bridging function based on their encapsulation and on the state of the MAC Encapsulated Routing parameter in the remote site profile In general a packet received in a routed encapsulation i e IPCP or Routed RFC 1483 is delivered to the router A packet received in a bridged encapsulation is passed on to the bridge If MAC Encapsulated Routing is enabled the received bridge encapsulated packets are delivered to the router System Administration This section provides details and examples for performing the following system administration tasks a Setting Date and Time a Setting System Identification Configuring Web Browser and TELNET Login Access a Providing TFTP Access a Setting Password Protection 6 24 CHAPTER 6 MANUAL SETUP sgh Setting Date and Time Setting System Identification Configuri
161. s the last twenty call events This is useful when trying to determine why a call over the WAN is not being established The table displays the system the up time and the event Displays the current call status for all VCs for which a call has been attemped Each entry will include the VC name the current call state Disconnected Connecting or Connected and the reason why the last call was cleared Reasons for clearing include line down PPP timeout Authentication error Network configuration error and termination initiated from either the local or remote side B 18 Shape APPENDIX B CLI COMMAND DESCRIPTION list critical events list dns hosts list dns servers list facilities list filters list files list interfaces list ip addresses list ip arp Displays the last ten critical status events and the system time when each occurred You can change which events are logged as critical using the set facility command The table displays the system the up time and the event Displays the DNS Local Host name and its IP address which you configured using the add dns host Displays DNS Name Servers which you configured using the add dns server command The domain name and the server address are listed for each DNS server Displays the system facilities processes currently running plus the default log level The log level is the severity of error that facility will produce syslog entries for You can change th
162. sed disable ip forwarding Enables the specified IP network which you previously defined using add ip network You can use list ip networks to see the currently defined IP networks as well as their current status Enables the RIP protocol for all IP networks RIP protocol is set to NONE by default You can check the RIP version using show ip network settings and modify it using set ip network RIP is enabled by default Enables all routing protocols for all IP networks Currently the only IP routing protocol this command enables is RIP so it is functionally the same as enable ip rip Enables the specified IPX network which you previously defined using the add ipx network command You can list currently defined IPX networks using list ipx networks When the access list feature is enabled this command enables access to all hosts on the local LAN interface When enabled all frames received on the LAN interface bypass the access list check This command tells SNMP to send linkup and linkdown traps for the specified interface You can see if the interface is currently enabled for traps using the show interface settings command Enables the network service that you previously defined with the add network service command You can see which services are currently defined and their state using list network services Enables CLI access to remote TELNET and dial in users This prevents remote users from modifying the configuration CLI confi
163. settings B 45 show ipxrip B 46 show ipxsap B 46 show ipx settings B 47 show memory B 47 show network lt name gt settings B 47 show network lt name gt counters B 47 show ppp on vc lt vc_name gt counters B 47 show ppp on vc lt vc_name gt settings B 47 show ppp on interface lt name gt counters B 47 show ppp on interface lt name gt settings B 48 show ppp settings B 50 show security_option settings B 50 show snmp counters B 50 show snmp settings B 51 show system B 51 show telnet B 51 show tcp counters B 51 show tcp settings B 52 show udp B 52 show user lt name gt settings B 52 show vc lt vc_name gt settings B 52 TELNET B 53 telnet lt ip_name_or_addr gt B 53 telnet lt ip_name_or_addr gt TCP_port lt number gt B 53 VERIFY B 53 verify filter lt filter_name gt B 53 TELNET Commands B 53 close B 53 help B 53 send lt string gt B 53 set_escape lt string gt B 53 status B 54 CLI Exit Commands B 54 Bye Exit Leave Quit B 54 Logout B 54 Command Features B 54 Command Retrieval B 54 Positional Help B 54 Command Completion B 54 Output Pause B 54 Command Kill B 54 Comments B 55 3COM CORPORATION LIMITED WARRANTY FCC CLass A VERIFICATION STATEMENT FCC CLass B STATEMENT FCC DECLARATION OF CONFORMITY ACCESSING THE CONFIGURATION INTERFACE This chapter explains how to attach to the configuration interface locally via the console port or remotely via a Telnet session This chapter also introdu
164. socket 0x1 OxFFFF generic Generic Filter IPX RIP network 5 l IPX network XX XX XX XX IPX SAP network IPX network XX XX XX XX node sls IPX node XX XX XX XX XX XX server l Server name character string to 32 characters service type l Service type 0x0 OXFFFF socket all Socket 0x1 OxFFFF BR ETH src addr Source MAC address xx Xx XX XX XX XX dst addr Destination MAC address xx Xx XX XX XX XX generic Generic filter The syntax for generic filters is slightly different than that for other filters lt line gt lt verb gt GENERIC gt ORIGIN lt FRAME gt DATA gt OFFSET lt of bytes gt LENGTH lt of bytes gt MASK lt 0x Mask gt VALUE lt 0x value gt ORIGIN The location in the packet to start the offset count This location can be at byte 0 FRAME or at the start of the protocol data DATA ma OFFSET The number of bytes from the origin to skip before comparing the value to the packet contents a LENGTH The number of bytes in the packet to compare to the value MASK The mask to logically and with the packet contents before comparing with the value hex 6 32 hpa CHAPTER 6 M ANUAL SETUP Applying the Rules Using CLI a VALUE The value hex to compare to the packet contents For example a generic bridge filter to prevent all IP packets from being bridged is BR ETH 1 reject generic gt origin frame offset 12 length 2 mask 0xFFFF
165. ss assignments Displays System DRAM Memory usage Total System Memory Resources total amount of memory in system a Free Memory amount of memory not in use Code Size amount of memory used by code a Initialized Data Size Uninitialized Data Size Stack Size static data areas Displays the configured settings for the specified network The display varies depending on the type of network specified Some of the settings displayed are Interfaces Network Address Frame Type Status User Name and Spawning Tree Enabled Displays the statistical counters for the specified network The display varies depending on the type of network specified Some of the counters are Received Frames Transmitted Frames and Discarded Frames This shows counters for the Point to Point Protocol on the Virtual Circuit This shows the settings for the Point to Point Protocol on the Virtual Circuit Displays statistics for PPP running on the specified interface COUNTERS for PPP BUNDLE 1 Operational Status not opened or opened B 48 APPENDIX B CLI COM MAND DESCRIPTION Hirit Number Active Links sum of active links using this PPP bundle Transmit Packets sum of packets transmitted over this bundle Bytes from Upper Layer sum of bytes received from an upper layer application for transmission over this bundle This counter represents all data handed down to the PPP application BEFORE compression occurs Bytes to Low er Layer sum of by
166. t TCP port number used by the remote connection a Status status of the connection E g Listen Displays IP addresses of all users who allowed to use the Trivial File Transfer Protocol TFTP to connect to the system You must have used add network service to add TFTP support to the system and used add tftp client to authorize users to connect Displays User Datagram Protocol UDP ports being used by the system These ports correspond to processes which are receiving UDP data for example SNMP User Management TFTP service Local IP addresses and port numbers are listed for each UDP port B 22 APPENDIX B CLI COM MAND DESCRIPTION Hint list users Lists all users showing a User Name user designation you specified using add user a Login Service The service used to login to the network i e TELNET a Status link status ACTIVE INACTIVE or DISABLED listvc Lists all virtual channel profiles showing a Name user designation you specified using add vc a Network Service type of network service RFC1483 PPP PPPLLC a VPI Virtual Path Identifier a VCI Virtual Channel Identifier a Status link status ACTIVE INACTIVE or DISABLED login_required enables or disables CLI password protection password The CLI password It must consist of 1 to 8 alphanumeric printable characters inclusive PAUSED COMMANDS More or CR Continue printing Quit Cancel rest of output PING More or CR Continue printing ping output o
167. tation and send it to one or two remote DHCP servers The response from the remote DHCP servers is processed and forwarded to the local workstation Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory The OfficeConnect Remote 812 has three DHCP modes Server Relay and Disable To configure the mode use the following command set dhcp mode SERVER RELAY DISABLE The OfficeConnect Remote 812 s DHCP Server has the following fields that will need to be configured a Hostname a Domain Name 6 12 CHAPTER 6 MANUAL SETUP sgh Monitoring the DHCP Server a P Address Pool Start and End address a P Subnet address mask m Lease period a WINS Server addresses m DNS Server addresses The Hostname is the base name assigned to the workstation A numeric suffix is appended to the base name and incremented after each assignment For example if the Hostname unit is configured the first workstation will be assigned the Hostname unit01 the second workstation will be assigned unit02 and so forth a Use the following commands to configure the DHCP Mode base Hostname and the network s Domain Name set dhcp mode server set dhcp server hostname lt host name gt set dhcp server domain lt domain name gt The DHCP address pool is configured by specifying the starting and ending addresses of the pool The
168. te specified by the IPX network address 00 03 55 BF IPX RIP 1 REJECT network 00 03 55 BF IPX SAP Packet Filtering Using CLI SAP packets are used to identify the services and addresses of servers attached to the network The responses are used to update a table in the router known as the Server Information Table You define IPX SAP packet filtering rules in the IPX SAP protocol section of the filter file You can filter SAP packets by network node server service type and socket The following rule example accepts SAP services from the server name sales 1 with a socket number is less than 32 IPX SAP 1 AND server sales_1 2 ACCEPT socket lt 32 999 DENY Bridge Generic Filtering Using CLI The rules in this filter file section are setup to allow bridging of only IP and IPX packets assuming that all traffic is being bridged and that the IPX protocol is using Ethernet_Il framing To stop traffic in both directions you can apply the filter as an input_filter on both the Ethernet and the WAN or User Profile interfaces However to improve efficiency over the WAN interface it would be better to have the same type of filter applied on the equipment at the other side of the WAN to keep non IP and IPX traffic off the WAN completely BR ETH Allow IP traffic Step by Step Guide to Creating Filter Files Using CLI Creating Filters Using Command Line Interface 6 35 1 ACCEPT generic gt origin FRAME offset 12 Aen
169. ted m f you specify a protocol section but do not define any rules an error will occur The following table describes the valid protocol sections that you can define in the filter file To comment out a protocol section you must place a pound sign before the section header and before all rules defined in the section Table 6 2 Protocol Sections Protocol Sections Descriptions IP IP protocol data filter section IP RIP IP RIP advertising filter section IPX IPX protocol data filter section IPX RIP IPX RIP advertising filter section 6 30 CHAPTER 6 MANUAL SETUP gk IPX SAP IPX SAP advertising filter section BR ETH Bridge protocol data filter Protocol Rules You can define protocol rules within each protocol section in the filter file Protocol rules determine which packets may and may not access the network The rule syntax is lt line gt lt verb gt lt keyword gt lt operator gt lt value gt The line range is 1 10 This means you can combine up to 10 rules to create a filter for a specific protocol Additionally line number 999 is used for the DENY verb The combination of keyword operator and value forms the condition which when combined with the verb determines whether a packet is accepted or rejected When a packet is filtered the router parses each rule defined in the protocol section sequentially according to the line number Filtering is performed based on th
170. ter access parameter to OFF for a specific interface use the CLI command set interface lt interface_name gt filter_access OFF Managing Filters Using CLI Displaying the Managed Filter List Using CLI Adding Filters to the Managed List Using CLI This section provides information about how to perform filter management tasks To display the list of managed filters use the following command list filters lt filter_name gt The resulting display might look like this Filter Name Status Protocols ip fil NORMAL IP IP RIP The add filter command verifies filter syntax prior to adding the filter to the managed list If the syntax is valid no message is generated and the command prompt returns If syntax errors exist error messages are generated detailing the cause of the errors If the syntax is invalid the filter is still added to the managed list with a status of verify failed To correct filter file errors you must make the changes to the original filter file using a text editor and re TFTP the file to the router s FLASH memory Then use the verify filter command to check the filter file syntax To add a filter file to the list of managed filters use the CLI command add filter lt filter name gt It may be helpful to use the list files command to see files successfully stored in the FLASH memory Removing a Filter from an Interface Using CLI To remove a filter that is assigned to an interface use the following c
171. ter advertising a host of a better next hop Echos sum of ICMP request messages received signifying transport system success Echo Replies sum of ICMP reply messages received indicating transport system success Timestamps sum of ICMP request messages received seeking time from another machine for clock synchronization and estimated transit time purposes Timestamp Replies sum of ICMP timestamp reply messages Address Masks sum of ICMP Address M ask Reply messages Address Mask Replies sum of ICMP request messages concerning a host s ability to gather network information OUTPUT COUNTERS Messages total of ICMP messages transmitted Errors ICMP packets transmitted with errors Destination Unreachable sum of these messages sent Time Exceeded sum of these messages sent Parameter Problems sum of these messages sent Source Quench sum of these messages sent Redirects sum of these messages sent Echos sum of ICMP Echo request messages sent Echo Replies sum of these messages sent Timestamps sum of these messages sent Timestamp Replies sum of these messages sent Address Masks sum of these messages sent Address Mask Replies sum of these messages sent show interface Displays counters for the specified interface lt interface_name gt counters show interface lt interface_name gt settings show ip counters CLI Commands B 43 INPUT COUNTERS Octets bytes received Ucast Unicast packets r
172. tes or provinces do not allow the exclusion or limitation of implied warranties or the limitation of incidental or consequential damages for certain products supplied to consumers or the limitation of liability for personal injury so the above limitations and exclusions may be limited in their application to you This warranty gives you specific legal rights which may vary depending on local law 3Com Corporation 5400 Bayfront Plaza Santa Clara CA 95052 8145 408 764 5000 FCC CLass A VERIFICATION STATEMENT WARNING This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules and the Canadian Department of Communications Equipment Standards entitled Digital Apparatus ICES 003 These limits are designed to provide reasonable protection against harmful interference in a commercial installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at the user s own expense Changes or modifications not expressly approved by 3Com could void the user s authority to operate this equipment FCC Ciass B STATEMENT This device complies with Part 15 of the FCC Rules Operati
173. tes sent to a lower layer application for transmission over this bundle This counter represents all data to be handed down to the lower layer application AFTER compression occurs Received Packets sum of packets received from a lower layer application over this bundle Bytes to Upper Layer sum of bytes to be handed up to an upper layer application over this bundle Bytes from Low er Layer sum of bytes received from a lower layer application over this bundle Total Bad Headers sum of packets with incorrect PPP Header Address Control PID Field COUNTERS for PPP LINK 1 5 Operational Status not opened or opened Received Packets too long Transmit Frames sum of frames received from the PPP application for transmission over this link Bytes from Upper Layer sum of bytes handed down from an upper layer application for this link Bytes to Lower Layer sum of bytes received from a lower layer application for this link Received Frames sum of frames received on this link Bytes to Upper Layer sum of bytes handed up to an upper layer application over this link Bytes from Low er Layer sum of bytes received from a lower layer application over this link show ppp on interface Displays the settings for PPP on the specified WAN interface lt name gt settings SETTINGS for PPP BUNDLE 1 Operational Status opened or not opened Number Active Links number of links active on this PPP bundle User Profile user wh
174. ting Connected a Last Clearing reason indicates why the call was cleared Reasons for clearing include line down PPP timeout Authentication error Network configuration error and termination initiated from the local and remote side IP IPX and Bridge status current status of each network layer Configured protocol is configured for this VC and the call is being initiated a Not configured The protocol is disabled on this VC a Established Protocol was negoitated successfully and is currently active on this VC a Failure Protocol was configured but there was a failure in the PPP negotiation while attempting to initiate the network layer Displays the settings for Command History Depth and the Current Prompt You can modify the history depth using set command history and alter the prompt using set command prompt Prompts can hold a maximum of 64 characters For example History Depth 10 Current Prompt OCR DSL gt Local Prompt OCR DSL gt Displays a variety of system information including System Identification Authentication Remote Remote Accounting Interfaces IP forwarding IPX Default Gateway Bridge Spanning Tree and DNS Domain Displays where the log files for critical event messages are stored in the FLASH file system CLI Commands B 39 Critical Event Sink where critical events are logged default is file log file local Critical Event Backup where critical events are logged if th
175. tions and users to control access through the system a Interface describes physical devices for example ports a Syslog Host receives system messages a DNS Server translates IP addresses to and from host names Route describes a path through the network to another system or network Table entries are created with an add command and removed with a delete command The add command specifies the most important parameters of the entry Additional parameters are usually specified with the set command which is also used to change configured parameters The list command displays table entries For example list users displays all defined administrative login profiles The show command displays detailed information about a specific table entry For example show user root displays detailed information for the administrative login profile root 2 4 CHAPTER 2 CLI COMMAND CONVENTIONS AND TERMINOLOGY sgh CONFIGURATION METHODS OfficeConnect Remote 812 CLI offers three setup choices all of which are described in this section the automated Quick Setup method the QuickVC Setup method and the manual method Review the capabilities of each below and decide which configuration method best suits your needs then proceed to the appropriate chapter for detailed configuration guidelines for each method Quick Setup Instructions id The Quick Setup program for the CLI is designed to get your OfficeConnect Remote 812 up and runn
176. to reach this IPX network diagnostics Whether or not to send diagnostic packets to this IPX network maximum_learning_ Number of times this network will resend packets to learn its directly retries connected neighbors B 30 APPENDIX B CLI COM MAND DESCRIPTION Hirit set ipx system set netw ork service lt admin_name gt netbios Whether to support NetBIOS on dial out IPX networks netbios_name_cache Whether or not to cache a list of the other NetBIOS systems on this IPX network netbios_cache_timer How long a NetBIOS system will be kept in the cache netbios_max_hops Maximum number of hops this network will make to locate a NetBIOS system packet_maximum_size Maximum size packet that this IPX network will support rip Sets the RIP mode rip_age_multiplier Number to multiply the rip_update_interval by to obtain the value for the aging out the entries in the RIP database rip_packet_size Size of RIP packets rip_update_interval How often RIP should send periodic updates sap Sets the SAP mode sap_age_multiplier Number to multiply the sap_update_interval by to obtain the value for aging out entries in the SAP database sap_packet_size Size of SAP packets sap_nearest_replies Whether or not SAP will look its nearest neighbors sap_update_ interval How often RIP should send periodic updates a priority priority level
177. ttings for these options use the command show bridge settings Except for enabling Spanning Tree most users do not need to change the advanced parameters from their default settings The Aging Time is the time in seconds for aging out forwarding table information m To change the Aging Time use the command set bridge aging time lt seconds gt The Forward Delay is the time in seconds to wait while learning forwarding information before starting to bridge packets a To change the Forwarding Delay use the command set bridge forward_delay lt seconds gt Spanning Tree refers to the Spanning Tree Protocol which is used to eliminate network loops between bridges m To disable or enable Spanning Tree use the commands disable bridge spanning _tree enable bridge spanning tree 6 22 CHAPTER 6 MANUAL SETUP sgh The Spanning Tree Priority is the priority assigned to a bridge that is running the Spanning Tree Protocol It is used for prioritizing the bridges when Spanning Tree is enabled m To change the Spanning Tree Priority use the command set bridge spanning _tree_priority lt priority value gt MAC Encapsulated Routing Configuring MAC Encapsulated Routing Because routers base their forwarding decision on network level addresses packets that are routed over a WAN are transmitted without MAC layer addresses Additionally address resolution procedures that can be used to determine the destination MAC address
178. tureTel Corporation UNIX is a registered trademark of X Open Company Ltd in the United States and other countries Other brand and product names may be registered trademarks or trademarks of their respective holders CONTENTS ACCESSING THE CONFIGURATION INTERFACE Establishing Communications with the OfficeConnect Remote 812 1 Local Connection 1 IBM PC Compatible Computers 1 Macintosh Computers 1 UNIX Based Computers 2 Remote Connection 2 CLI COMMAND CONVENTIONS AND TERMINOLOGY Command Structure 1 Format 1 Parameters 1 Values 1 Names or Strings 2 Network Address Formats 2 Abbreviation and Command Completion 2 Control Characters 2 Help 2 Conventions 3 Conventions 3 Command Language Terminology 3 CONFIGURATION METHODS Quick Setup Instructions 1 QuickVC Setup Instructions 1 Manual Setup Instructions 2 Quick SETUP CLI Quick Setup Script 1 Introduction 1 Instructions 1 Setup Script 1 Password Protection 2 Which portions of the network do you want to configure 2 Quick Setup Identification information 2 Quick Setup Management Information 2 TELNET information 3 Quick Setup IP information 3 Quick Setup IPX information 4 Quick Setup Bridge Information 5 Sample Identification Information 5 5 Quick VC SETUP CLI QuickVC Setup Script 1 Introduction 1 Instructions 1 Starting QuickVC Setup 1 ATM Parameters 1 Network Service 2 PPP Parameters 2 IP Configuration Network Service PPP 2 IP Configuration Ne
179. twork Service RFC1483 3 IPX Routing Network Service PPP 4 IPX Routing Network Service RFC 1483 4 Bridging 4 Review 4 Sample Identification Information 4 Sample Output Display as Quick Setup Executes 5 6 MANUAL SETUP Configuration Overview 1 Remote Site Management 2 Managing a Remote Site 2 Configuring Network Service Information 3 Configuring ATM Information 3 IPRouting 4 Enabling IP Routing 5 show ip settings 6 show ip routing settings 6 Configuring an IP Network over the LAN 6 Configuring IP RIP on the LAN 6 Configuring IP for the Remote Site Connection 7 Configuring IP RIP for a Remote Site 8 Configuring Static and Framed IP Routes 8 IP Tools 9 Address Translation 9 Network Address Translation NAT 9 Configuring NAT 10 Monitoring NAT 11 DHCP 11 Configuring the DHCP Mode 11 Configuring the DHCP Server 11 Monitoring the DHCP Server 12 Configuring the DHCP Relay 13 Monitoring the DHCP Relay 13 DNS 13 Configuring DNS 14 DNS Host Entries 14 Managing the DNS Proxy 14 IPX Routing 15 Enabling IPX Routing 16 Configuring IPX forthe LAN 16 Configuring IPX for Remote Site Connections 16 Configuring IPX Static and Framed Routes 17 Configuring IPX Static and Framed Services 18 Configuring IPX RIP and SAP 19 Bridging 19 Configuring Bridging forthe LAN 20 Configuring Bridging for the Remote Site Connections 21 Bridging IP Traffic 21 Advanced Bridging Options 21 MAC Encapsulated Routing 22 Configuring MAC Encapsulated Routing
180. ult value of UBR with a Peak Cell Rate of 0 will attempt to use all available upstream bandwidth when transmitting to the remote site The ATM Configuration for VC name is now complete The OfficeConnect Remote 812 suppports either PPP PPPoE or RFC 1483 encapsulation Question Default Your System Select the encapsulation type ppp Only applicable if PPP or PPPoE is chosen as the network service You must configure a name and password that will be used during the PPP authentication process Question Default Your System What is the authentication name name What is the authentication password The authentication name for VC name is now complete Only applicable if PPP is chosen as the network service Network Address Translation NAT allows a single WAN side IP address to be shared by multiple LAN side devices Local and remote IP adresses can be configured in two different ways m Specified the IP adress is always a specific address a Learned the IP address is learned when the PPP connection is established One active VC profile can have its remote router installed as the default router in the OfficeConnect Remote 812 s IP route table You can use Routing Information Protocol RIP to exchange routing information with other routers on the network Question Default Your System Is IP traffic going to be routed over VC name
181. ure IP routing IP must be defined on both the LAN interface and one or more VC profiles On the LAN an IP network must exist with a specified IP address and subnet mask In the VC profile IP routing needs to be enabled and the remote router address a remote subnet mask and local WAN interface address need to be configured The remote site address configuration can be learned dynamically when the connection is established if the Network Service is PPP otherwise it has to be specified Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory When the OfficeConnect Remote 812 is to be used for IP Routing IP forwarding must be enabled This is a global setting for the entire router m To enable IP routing use the command enable ip forwarding a To disable IP routing use the command disable ip forwarding IP Forwarding refers to the routing of IP packets from one interface to another It does not affect communicating to the OfficeConnect Remote 812 itself Even when IP Forwarding is disabled you can perform non routing functions such as use a Web browser to manage the unit and use PING In addition to IP forwarding there is a global RIP setting If RIP is globally disabled it is disabled for all LAN and WAN networks If RIP is globally enabled it can then be specifically enabled or disabled on the LAN IP networks and
182. use enable security_option remote_user administration to re enable remote CLI access Instructs SNMP to stop recording trap information for user either local or remote authentication Disables the TELNET escape character for all TELNET clients When disabled TELNET clients who press the escape character during their session will not get a local TELNET command line Disables the specified user from being used It also causes all active sessions established using that particular user to terminate and does not allow any new sessions to occur using that user name Disabling a user is useful when prohibiting a user s access temporarily Disables the specified virtual channel from being used It also causes any active session established using that particular VC to terminate and does not allow any new sessions to occur using that VC Disabling a VC is useful when prohibiting a VC s access temporarily Runs a script file that is stored in FLASH memory which contains a series of CLI commands Enables the Access List feature When enables onlly Remote Hosts in the access list are permitted access to the Router s management services Enables bridging over the specified network You must have previously run add bridge network to add bridging over this network bridge networking is enabled by default so you will only need to use this command if you have previously disabled this bridge Note that bridging will not occur for a protocol if rout
183. utput_filename lt ip_name_or_addr gt count count a interval interval timeout timeout_value Sends an ICMP echo request to a remote IP host A reply from the pinged address indicates success Parameters Description lt ip_name_or_address gt IP address in dotted notation or host name of remote system output A file name to direct output to count Number of ICMP echo requests to send interval Number of seconds to wait between sending each request timeout Number of seconds to wait for an echo response to return QUICKVC Runs the QuickVC Setup program to easily configure a virtual channel connection remote site profile See Chapter 5 for a complete description of the QuickVC Setup program CLI Commands B 23 REBOOT Reboot the system If you have made any configuration changes be sure to save all before rebooting Also see the delete configuration command RENAME rename file Renames files within the FLASH file system The FLASH file system is a flat file lt input_file gt system no subdirectories Use the list files command to see what files currently lt output file gt exist Parameters Description lt input_file gt Name of the original file lt output_file gt New name for the file RESOLVE resolve name Returns an IP Address for the specified host name by sending it to DNS for lt IP_host_name gt resolution If the Domain Name has been specified using the set DNS command
184. value 0x0800 The following sections provide detailed information and examples for creating specific filters based on protocol IP Source and Destination Netw ork Filtering Using CLI Source and destination address filtering is generally used to limit permitted access to trusted hosts and networks only to explicitly deny access to hosts and networks that are not trusted or to limit external access to a given host for example a web server or a firewall Note that only the part of the IP address specified by the mask field is used in the comparison If a match is found the packet is forwarded rules containing accept or discarded rules containing reject The following rule example allows forwarding of only IP packets with source addresses that match the first 16 bits of the given IP address addresses beginning with 192 77 IP 1 ACCEPT src addr 192 77 200 203 16 999 DENY The following rule example rejects IP packets with a source address 144 133 20 1 IP 1 REJECT src addr 144 133 20 1 The following rule example allows forwarding of only IP packets with source address 192 77 100 32 and destination address 201 128 11 34 IP 1 AND src addr 192 77 100 32 2 ACCEPT dst addr 201 128 11 34 999 DENY IP Source and Destination Port Filtering Using CLI You can also filter against UDP and TCP ports The following rule example rejects IP packets with a TCP port number of 80 IP 1 REJECT tcp_dst_port 80
185. ved on specific ports The IP RIP filtering process filters addresses from the RIP packet upon transmission and does not enter routes into the routing table upon receipt IPX SAP Controls the content of Service Advertising Protocol SAP packets that are sent out or received on specific ports The IPX SAP filter rules allow filtering on service type server name network address node address and socket number fields of the service entry The forwarding process uses the filter information to prevent the service information from being included in the SAP packet IPX RIP Controls the content IPX RIP packets that are sent out or received on specific ports The IPX RIP filtering process filters addresses from the RIP packet upon transmission and does not enter routes into the routing table upon receipt Generic filters are protocol independent and are specified by byte and offset values in a packet Packets are filtered by comparing each packet s offset value and byte information with the values that you define in the filter The router will accept or reject the packet based on the result Creating generic filters can be a complex task Only experienced users should employ generic filters and strictly in cases where data and advertising filters cannot provide the filtering capabilities that you require Creating Filters Overview Filters can be set one of two ways in the OfficeConnect Remote 812 Using CLI or using the Offi
186. ver1 Sets the mode of the Bridge Firewall function The three modes are completely described in Chapter 6 a discard_routed_protocols packets for routed protocols are not bridged m fwd_unicast_packets_only unicast packets for routed protocols may also be bridged Broadcast and multicast packets are not bridged a fwd_bc_and_unicast broadcast multicast and unicast packets for routed protocols may also be bridged a history lt numerical range gt a idle timout lt minutes gt local_prompt lt string gt prompt lt string gt Sets console parameters for CLI commands Parameters Description history Sets the depth of the buffer holding the command history Use the history command to see the current depth and a list of your last CLI lt numerical range gt commands The default is 10 commands The range is 1 500 prompt lt string gt Sets the global command prompt for the CLI Use show command to see the currently defined prompt Limit 64 characters local_prompt lt string gt Sets a separate prompt for a command file process Limit 64 characters Sets the system date and leaves the time unchanged Use show date to see what the current settings are The format is dd mmm yyyy The month should be the first three characters of the month name The year can be either 2 or 4 digits 97 or 1997 Sets the DHCP mode for the unit Parameters Description mode DHCP functionality you wish to enable for th
187. y arm Remote Office Address Translation _ Reuter IP Routing PC 1 raii ee f _ ADSL PC 40 ATM OfficeConnect Remote ADSL ia Rewter Ta Internet LAN outer IP Routi Private IP Addressing _ IP assignment from DHCP Our sample network is configured in 6 steps a Global Configuration a IP LAN Network m DHCP and DNS a PX LAN Network a Bridge LAN Network Remote Sites Remember to save your configuration using the save all command before rebooting your OfficeConnect Remote 812 so that your changes will be written to permanent FLASH memory A 2 APPENDIX A OFFICECONNECT REM OTE 812 SAM PLE CONFIGURATION yk Global Configuration LAN IP Network Configuration DHCP and DNS Configuration Global configuration includes some optional system commands to identify the OfficeConnect Remote 812 s name location and support contact Next the Remote access security option is enabled to allow remote CLI access using TELNET Finally a Remote Login User is defined to provide access for Web Browser based management and TELNET The following commands are executed set system name OfficeConnect_1 set system location Vienna set system contact John_Doe enable security_option remote_user administration add user root password root A IP network is defined over the interface with the private address 192 168 200 254 with a class C subnet mask The IP network is identified by th
188. y default Password protection can be configured by the QuickSetup program or by using CLI commands The Console password is independent of the Login Access passwords described on 6 25 Only the Console password can be used to gain access to the Console port m To enable or disable CLI password protection use the commands 6 26 CHAPTER 6 MANUAL SETUP Hint enable command password lt passw ord gt or disable command passw ord where lt passw ord gt is an alphanumeric string of 1 to 8 characters The default password is password Be sure to save your configuration after entering a new password a After logging in to the CLI you can exit the CLI with the commana exit cli a To set the idle timeout period use the command set command idle_timeout lt timeout gt where lt timeout gt specifies the idle timeout period in minutes By default there is no idle timeout period This capability is useful for system administrators or users who wish to restrict access to the OfficeConnect Remote 812 Care should be taken to remember the configured password If the password is forgotten the unit must be sent back to 3Com support to have the feature disabled Introduction The OfficeConnect Remote 812 provides an extensive set of data filtering capabilities For instance filters can accept packets only from specific addresses to provide added security or filters can be added to reduce network traffic and improve overall p
189. you must turn off filter access by entering the CLI command set interface eth 1 filter_access off For more information about the filter access refer to the Setting Filter Access section below Do not apply a filter to more than one interface or VC remote site profile Also do not apply an input and an output filter to more than one Ethernet interface Do not apply a filter to more than one interface or VC remote site profile To configure an input or output filter for a specific user use the CLI commands set ve lt ve or remote site name gt input_filter lt filter_name gt set vc lt ve or remote site name gt output_filter lt filter_name gt For example to apply an output filter to a user set vc corpoffice input_filter filter fil 6 38 CHAPTER 6 MANUAL SETUP sgh Setting Filter Access Using CLI id When filters are assigned to both the WAN interface and a VC remote site profile you need to tell the router which one to use using the filter access parameter If filter access is ON the VC remote site filters will override interface filters If filter access is OFF then the interface filters are used Always turn filter access OFF for the Ethernet interface since there are no profiles associated with it If you do not turn if off the filter will not be applied To set the filter access parameter to ON for a specific interface use the CLI command set interface lt interface_name gt filter_access ON To set the fil
190. zes packet header information against a set of rules you define A filter then lets the packet pass through or discards it OfficeConnect Remote 812 Filtering Capabilities Filter Classes Filter Types Data Filters The OfficeConnect Remote 812 provides an extensive set of data and call filtering capabilities The OfficeConnect Remote 812 supports the following filtering capabilities a Input and output data filtering m Source and destination address filtering a Protocol filtering m Source and destination port filtering A packet filter can control what services local or remote users can access a Call filtering can control whether a packet can initiate an outgoing call Route filtering can filter source and destination addresses in packets that exchange routing table information a Established session filtering A packet filter can permit users to connect with a remote network without letting remote users have access to the local network or vice versa The OfficeConnect Remote 812 supports three filter classes a Input data filter packets as they enter Output data filter packets as they exit a Embedded bypass for periodic router protocol packets IP RIP IPX RIP and IPX SAP Each filter class can be identified further by the following types Filters can be classified by the following types a Data filters based on protocol specific packet information a Advertisement filters based on broadc
Download Pdf Manuals
Related Search