Technicolor - Thomson SpeedTouchTM620 Network Router User Manual
Contents
1. 2000s 00eseeeessneeeneenes 46 SpeedTouch System Services ccccccecseeeeeeeees 49 SpeedTouch Dynamic DNS 20 cceeeeee ence eee e ee nenneeeneeeeeneneeees 50 The SpeedTouch SNTP Client 00 000 cceceee ene eeeee eee eeeneeeneeeneeees 56 pit Filt ering en eee 60 The Website Filtering Configuration Pages cccccssseecseseeeeeeeeeeeaseeesaeseesaeseetaaeeesees 62 How to Verify the Filtering CONFIQUIatiON ccccceescceeeseeeseseeesaeeeeeeaeeessaeeessaeeessaeeess 63 How to Activate a Web Filtering License cccccceeeceeeeeeeeeeeeeeeeeeeeeeeeeesaeeesaeeeseeeenaeees 65 Configuring the Actions for Uncategorised Sites cccssccceseecseeeeeseesaseetaeeesaeeesaeess 66 How to Create an Address Based Filter c ccsccccsecesseeceseecceeeecseceeseeeegeeseseseegeseeaesees 67 How to Create a Content Based Filter cccccseccsseeccseeeceeeeceeeecseeecsseceeesegeeeeseeseseeess 68 How to Create a Content Level siiceccdiinddeccstacelansoneudedovmedunwo ened neusseunne per adiundusendeinteanisads 69 Intrusion Detection and Protection 0000000000205505021222 71 Remote Assistance 0000000000200222222222222 22 2 72 The SpeedTouch File System ccccsceeeeeeeeees 75 S D e d tO U C n E DOC CTC 20051017 0155 v1 0 E DOC CTC 20051017 0155 v1 0 3 1 3 2 3 3 3 4 8 5 3 6 3 7 3 32. This scenario is a good alternative for when the DSL line is down or for when the SpeedTouch doesn t have a fixed IP address Take into account the following configuration factors gt Log in with an account that is able to change the SpeedTouch configuration using a WAN interface gt Add the ISDN modem to the required service you want to use Dealing in via the SpeedTouch to surf to the corporate network Take into account the following configuration factors gt The router configuration of the SpeedTouch is correct gt The correct firewall rule is added to allow traffic from the ISDN modem towards to corporate network speedtouch 115 Chapter 9 The Integrated SoeedTouch ISDN Modem 9 2 How to Configure the ISDN Modem General configuration Proceed as follows to configure the ISDN modem procedure Add a new ISDN interface with name ISP1 gt isdn ifadd intf ISP1 Configure the new ISDN interface with the dial in number of the ISP gt isdn ifconfig intf ISP1 number 090934100 mlppp disabled mode dialout The PPP Multilink protocol mlppp can be enabled or disabled gt disabled dialup 64 Kbps gt enabled dialup 128 Kbps MLPPP is by default disabled Choose mode dialin to configure the ISDN modem as a responder Attach the ISDN interface gt isdn ifattach intf ISP1 ISDN group Proceed as follows to configure a group of allowed numbers configuration Create
3. 9 1 9 2 9 3 9 3 1 9 3 2 9 4 9 4 1 9 4 2 9 5 SpeedTouch Remote ACCESS ccccssssesseeeeeeees 79 Remote Web Interface ACCESS 120cseeeneeeneeeeeeeeeene eee eeeeeeeeeenees 81 Secure Remote Web Interface ACCESS 2 0esseeeneeeeeeeeeeeeeeees 84 Remote Telnet AGCCOSS saiicciisiccticcsessectescenceecensieauscnsewederiedscdetenececeien 838 R mot SSH ACCOSS sic sesidsiccceswectedctnasecscnetetcaueeeetsssesecetewescecescscxs 91 R mote e FIP ACCESS upririosinien asirini aaan aeeai 97 R m t SFIP ACCOSS ivcjsicecccesiec cee sicecececcesctusi uE ERRES 100 LAN Based Auto Configuration LAC Support TR 064 106 CPE WAN Management Protocol CWMP Support TR 069 108 The Integrated SpeedTouch ISDN Modem 113 About the ISDN Modem cccscceesneeeneeeneeeeeeeeeeeeeeeeneneenenenens 114 How to Configure the ISDN Modenm 0 ceeeseeeeseneeeseneees 116 ISDN Backup ives ceccevananschossncnevanaesumossncneuiecnansienntavernsvanwnenadesesute 117 How to Configure the ISDN Dial In CONNECTION ccceeeceeeeeeeeeeseeeteeeesaeeeesaeeeeses 118 How to Configure the PPP Connection ccccccsscceceeseeceeseeesaseeseaeeesaneeessaeeeesaeeeseas 121 ISDN Callback 20ccesnesesneenennenneneeensenenesneneeneneennenenneeenenennenees 124 How to Configure the ISDN Dial In CONNECTION ccceeeceseeeeeeeeseeeteeeesaaeeeesaeeeenes 125 Ho
4. Administrator snmp gt get objectid lt string gt With objectid the object identity to getNext from Example To get the iP address table use Administrator snmp getnext objectid 1 3 6 1 2 1 4 20 1 1 VB_ipAdr 1 3 6 1 2 1 4 20 1 1 127 0 0 1 127 0 0 1 Administrator snmp getnext VB_ipAdr 1 3 6 1 2 1 4 20 1 1 192 168 1 254 192 168 1 254 gt The object ID is only required the first time The second time a getnext is executed the SpeedTouch will start looking from the previous object ID speedtouch Chapter 10 SpeedTouch Monitoring SNMP walk Use the following CLI command to skim through a MIB object Administrator snmp gt walk objectid lt string gt Example For example objectid 1 3 6 1 2 1 1 identifies the SoeedTouch MIB system group The example below skims through this MIB object Administrator snmp gt walk ObjectId 1 3 6 1 2 1 1 VB_octetStr 1 3 6 1 2 1 1 1 0 SpeedTouch 620 VE OD lO 1 3 6 1 2 1 1 2 0 1 3 6 1 4 1 637 61 2 VB_timeTicks 1 3 6 1 2 1 1 3 0 9962843 VB_octetStr 1 3 6 1 Service Provider VB_octetStr 1 3 6 1 SpeedTouch 620 VB_octetSstr 1 3 0 1 Customer Premises VB_integer 1 3 6 1 2 1 1 7 0 72 S D e d tO U C n E DOC CTC 20051017 0155 v1 0 10 2 9 About Remote SNMP Command Receiving Traps E DOC CTC 20051017 0155 v1 0 Chapter 10 SpeedTouch Monitoring How to Allow Remote SNMP It is possible to allo
5. Configure Allows you to configure website filtering Help Provides online help on Website filtering D ce d to UC he E DOC CTC 20051017 0155 v1 0 Chapter 6 SpeedlTouch System Services 6 3 2 How to Verify the Filtering Configuration Procedure E DOC CTC 20051017 0155 v1 0 Proceed as follows to verify the website filtering configuration to Go to the SpeedTouch configuration home page 2 In the Toolbox section click Web Site filtering Result you are taken to the website filtering overview page Web Site Filtering This page summarizes the configuration of your SpeedTouch regarding web site filtering If web site filtering is disabled all web sites are allowed Address Based Filtering Use Address Based Filter os The table below shows the current web site filtering configuration If none of the configured rules matches the decision of content based filtering applies Web Site Action Redirect WMA xE xcontent oom Block waw google com Redirect wew bo ehel coun Content Based Filtering License Type 30 Days Trial License Expiration Unknown server not yet contacted Use Content Based Filter Tes Allow Uncategorized web 2 Alo cites Content Level Block il Details Block all categorized websites Pick a task Activate Web filtering License Speedtouch 63 Chapter 6 SpeedTouch System Services The Website Filtering This page has two sections Web page
6. EL In a preliminary step it is assumed that the SpeedTouch is already 1 correctly configured for your Internet subscription and connected to the Internet and that you have obtained a valid dynamic DNS account and DNS host name at a dynamic DNS service provider in this example DynDNS S D e d tO U C n E DOC CTC 20051017 0155 v1 0 The SpeedTouch CLI dyndns commands E DOC CTC 20051017 0155 v1 0 Chapter 6 SpeedTouch System Services The SpeedTouch allows configuration of its dynamic DNS client functionality via the dyndns CLI command group gt dyndns help Following commands are available add Add a Dynamic DNS client modify Modify a Dynamic DNS client delete Delete a Dynamic DNS client flush Delete all Dynamic DNS clients list List all Dynamic DNS clients Following command groups are available host service In this command group all commands are available for adding deleting and configuring a dynamic DNS client It contains also two sub command groups gt dyndns host gt dyndns host help Following commands are available add Add a fully qualified host name delete Delete a host name flush Delete all host names list List all host names This allows to specify one or more host name s corresponding to a dynamic DNS client gt dyndns service dyndns gt dyndns service help Following commands are available modify Modify specific DynDNS s
7. Filtering Information This section provides information on the active filtering configuration Address based filtering information a list of all specified websites and the actions to be taken Content based filtering information license information and information about the active content level Note to view more detailed information on the content level click Details Pick a task List of possible tasks In this case any Activate Web filtering license is available Note after activating the license a new task Create a new content level becomes available Refer to 6 3 3 How to Activate a Web Filtering License on page 65 for more information S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Chapter 6 SpeedlTouch System Services 6 3 3 How to Activate a Web Filtering License Prerequisite Before you can activate the web site filtering license you need a valid license key Procedure Proceed as follows to activate a web filtering license Step Action Go to the SpeedTouch configuration home page In the Toolbox section click Web Site filtering Result you are taken to the website filtering overview page In the Pick a task section click Activate Web filtering license Result the Web filtering activation page appears Web Filtering Activation J a You are currently ruming Web Filbering with an evaluation hcense four license will expire Unknown F server nnt yet contacted Ple
8. The second command sets the IP address as primary address of the loopback interface instead of the default 127 0 0 0 Use the following command to view the loopback configuration gt ip iflist expand enabled Interface Group MTU RX TX iX Drop Status HW address O loop local 65535 31438 33137 0 UP 00 0e 50 5a dd Of BRHW address ff ff ff ff ff ff RX unicastpkts 335 brcastpkts 0 TX unicastpkts 502 brcastpkts 0 droppkts 0 Oper state UP Admin State UP gt PRIMARY LOOP INTERNAL Flags E DOC CTC 20051017 0155 v1 0 Speedtouch Chapter 10 SpeedTouch Monitoring 10 2 7 How to Configure the SNMP Target About the SNMP Target The SNMP target is the destination for the SNMP traps e g an SNMP Manager You can add up to nine different SNMP manager destination addresses using the snmp target Command Use the following add command command to add an SNMP target add name lt string gt addr lt ip address gt port lt number 0 65535 gt mask lt ip mask dotted or cidr gt timeout lt number 0 2147483647 gt retries lt number 0 255 gt maxpertime lt number 0 255 gt windowtime lt number 0 3600 gt taglist lt quoted string gt params lt V1lParams gt storage lt other volatile nonVolatile permanent readOnly gt mms lt number 484 65535 gt Parameters The command has the following parameters Parameter name addr
9. Use the following CLI command to take a look at the Telnet service configuration you will see that the wan group is added to the Interface Access List gt service system list name TELNET expand enabled Idx Name Protocol SrcPort DstPort Group 1 TELNET Description Virtual Terminal Properties server Attributes state port aclip aclif aclifgroup map log User Managed Attributes state port aclip aclif aclifgroup map log Attribute Values enabled Ip Access List Interface Access List Interface Group Access List lan wan disabled S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Refinement of the Service E DOC CTC 20051017 0155 v1 0 Chapter 8 SpeedTouch Remote Access If needed the service can be fine tuned to restrict the allowed traffic to gt A single IP address gt A subnet gt A range of IP addresses Use the following CLI command to restrict the allowed traffic to 1 IP address gt service system ipadd name TELNET ip 192 6 11 5 gt Use the following CLI command to restrict the allowed traffic to a subnet gt service system ipadd name TELNET ip 192 6 11 0 24 gt Use the following CLI command to restrict the allowed traffic to a range of IP addresses gt service system ipadd name TELNET ip 192 6 2 55 2 55 gt Speedtouch Chapter 8 SpeedTouch Remote Access Hyper NAT Refinements The SpeedTouch features a powerful Hyper NAT engine allowi
10. You can check whether a user ini configuration file or other configuration files are stored in the dl subdirectory by making a listing of the subdirectory s contents ftp gt dir 200 Connected to 192 168 1 254 150 Opening data connection for bin 1s rwxrwxXrwx 1 0 20 Jun 29 1971 start emd 2952448 Jun 29 1971 ZZUIAA5 314 9 Jun 29 1971 seed dat 729 Jun 29 1971 sslcert pem 908 Jun 29 1971 sslkey pem 692 Jun 29 1971 sshdsa pem 66920 Jun 29 1971 user ini 4056 Jun 29 1971 user tpl 34633 Jun 29 1971 security cfg 226 Options 1 9 matches total ftp 600 bytes received in 0 00Seconds 600000 00Kbytes sec ftp 400 bytes received in 0 01Seconds 40 00Kbytes sec Fwxrwxrwx o Caneel Commi 7 foe me ee ee eS LFwxXrwxrwx rw Lrw rw Oo OOOO OO O PRrPrPrPP Pe RP Y r rw rw r gt gt In case the configuration file you intend to upload has the same name as one of the configuration file s on the SpeedTouch file system for example user ini you must either gt Rename the file name of the configuration file stored on your local disk Delete the file from the SpeedTouch file system Optionally you can clean up the SpeedTouch s file system via the software cleanup CLI command ftp gt quote site software cleanup 200 200 CLI command software cleanup executed S D e d tO U C N E DOC CTC 20051017 0155 v1 0 E DOC CTC 20051017 0155 v1 0 Chapter 4 SpeedTouch Confi
11. descr srcaddr 0 0 0 0 intf lanl bypassrt disabled dsfield Sla ping modify test internet size 200 count 15 datafill test fregquency 2 trapprobefilter 2 traptestfilter 12 intf lanl gt The SLA Ping process has been configured now You now need to start the process to do so use the following command gt sla ping start test internet gt Now that the SLA ping process has been started you can view the SLA ping results Use the following command gt sla ping list internet owner modem dest 11 0 0 138 size 200 timeout s 3 count 15 datafill test frequency s 2 maxrows 50 trapflag probefailfilter 2 testfailfilter 12 type IcmpEcho storagetype nonVolatile descr srcaddr 0 0 0 0 intf wanl bypassrt no dsfield 0 result Info status in progress minrtt us 1104 maxrtt us 8910 avgrtt us 5006 rttsumofsqr ms 130 responses 4 sentprobes 4 lastgoodresponse 02 01 70 04 33 00 306942 speedtouch Chapter 12 SLA Monitoring Following results will be displayed sentprobes Sent Probes number of probes sent SLA Ping History A complete list of the SLA pings send can be view as well To do so use the following CLI command gt sla ping hist test internet owner modem Index Rttl us Status RC Timestamp 2968 1106 resp received O 02 01 70 05 00 45 840097 2969 1120 resp received O 02 01 70 05 00 46 850092 2970 1081 resp recei
12. Chapter 8 SpeedTouch Remote Access Refinement of the Service If needed the service can be fine tuned to restrict the allowed traffic to gt A single IP address gt A subnet gt A range of IP addresses Use the following CLI command to restrict the allowed traffic to 1 IP address gt service system ipadd name FTP ip 192 6 11 5 Use the following CLI command to restrict the allowed traffic to a subnet gt service system ipadd name FTP ip 192 6 11 0 24 Use the following CLI command to restrict the allowed traffic to a range of IP addresses gt service system ipadd name FTP ip 192 6 2 55 2 55 S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Hyper NAT Refinements E DOC CTC 20051017 0155 v1 0 The SpeedTouch features a powerful Hyper NAT engine allowing the local hosts to share a single remotely negotiated public IP address In case Hyper NAT is enabled on the WAN interface that will be used for remote management and a static mapping has been made to allow remote hosts to address regular FIP services on a host residing on your local network you must make sure that accessing the SpeedTouch FTP server is still possible 4 For more information on Hyper NAT see the SoeedTouch Hyper NAT Configuration Guide The default port for the FTP server is set to 21 This can be changed by executing the following command The command above will change the FTP server port of
13. Speedtouch speed Touch 620 Wireless Business DSL Routers JUS Operator s Guide A 93 THOMSON BRAND lt opeed I ouch 620 Operator s Guide Speedtouch Copyright Copyright 1999 2006 THOMSON All rights reserved Distribution and copying of this document use and communication of its contents is not permitted without written authorization from THOMSON The content of this document is furnished for informational use only may be subject to change without notice and should not be construed as a commitment by THOMSON THOMSON assumes no responsibility or liability for any errors or inaccuracies that may appear in this document Thomson Telecom Belgium Prins Boudewijnlaan 47 B 2650 Edegem Belgium www speedtouch com Trademarks The following trademarks are used in this document gt SpeedTouch is a trademark of THOMSON gt Bluetooth word mark and logos are owned by the Bluetooth SIG Inc gt Ethernet is a trademark of Xerox Corporation gt Wi Fi and the Wi Fi logo are registered trademarks of the Wi Fi Alliance Wi Fi CERTIFIED Wi Fi ZONE Wi Fi Alli ance their respective logos and Wi Fi Protected Access are trademarks of the Wi Fi Alliance gt UPnP is a certification mark of the UPnP Implementers Corporation gt Microsoft MS DOS Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corpo ration in the United St
14. lt quoted string gt System Location traps enable or disable Enable or disable the sending of traps speedtouch Chapter 10 SpeedTouch Monitoring 10 2 6 About Loopback How to Assign an IP Address to the Local Loop Interface How to Make the Local Loop Address the Primary Address How the View the Loopback Configuration How to Force the Source IP Address The SpeedTouch offers the possibility to send SNMP traps to an SNMP manager This facilitates the monitoring of the network It is important that the source IP address of the SNMP traps remains the same at all times so the Network Control Centre knows who is sending the traps Making the loopback interface the primary interface of the SpeedTouch ensures that all messages leaving the SpeedTouch have the loopback interface s IP address as source address This facilitates monitoring of the device by the Control Centre This address remains the same even when the SpeedTouch has slipped in ISDN fallback WAN connectivity Use the following command to assign an IP address to the local loop interface gt 1ip ipadd intf loop addr 50 60 70 80 addroute enabled Use the folllowing commands to make this IP address the primary IP address of the SpeedTouch gt 1ip ifconfig intf loop primary enabled gt 1ip ipconfig addr 50 60 70 80 primary enabled The first command sets the loopback interface as primary interface of the SpeedTouch
15. 1 3 6 1 2 1 81 TRACEROUTE This group has full CLI access Administrator Full access rights to all subtrees TechAdmin Has the same default rights as Administrator Has the same default rights as Administrator Case As an example we will create the following gt Anew user group called Grayskull gt A new user called Musclor gt A new view called View_All The user has full rights read write and notification to all MIBs E DOC CTC 20051017 0155 v1 0 S D e e d tO U C h 153 Chapter 10 SpeedTouch Monitoring Procedure The general flow of user configuration is as follows you create a view which is basically a set of MIB access rights after that you create a user group with access to that view Then you create a user and add it to the group Thus the user will have the groups MIB access and have tha access rights you defined in the view Proceed as follows Use the following command to create a new view snmp view add viewname View_All viewtree iso type include Use the following command to create a new group with read write and notification access to that view snmp group add groupname Grayskull securitymodel usm securitylevel noAuthNoPriv readview View_all writeview View_all notifyview View_all Use the following command to create a new user snmp user add securityname Musclor snmpenginelID localSnmpID authprot usmNoAuthProtocol privprot usmNoPrivProtocol Use the following co
16. The Devices page provides information on the devices present on the LAN Local Network Devices Detected Device s The table below contains the list of devices the SpeedTouch detected on your local network Click on a device name to get more information on a device Name IP Address Interface W speedtouch 192 168 1254 T 192 168 1 60 E ethporti A k EET 192 168 1 80 Jo whan Linknown O0 30 f1 db ed 3e 192 168 1 90 E unknown To see more details of a specific device click on the corresponding device name e g a00098 in the above example a00048 Information Status Active Type Generic Device Connected To WLAN Wireless Allowed on WLAN Yes e Addressing Physical Address O0 0d 90 68 62 6a IP Address Assignment Static IP Address 192 168 1 60 Connection Sharing There is no game or service assigned to this device 4 From these pages you can also perform the following tasks gt Assign a game or application to a device gt Assign the public IP address of a connection to a device To do this click on the corresponding task in the Pick a task area speedtouch 173 Chapter 11 SpeedTouch Advanced Diagnostics Chapter 11 SpeedTouch Advanced Diagnostics The Interfaces Page The Devices page provides information on the devices present on the LAN Interfaces ethporti f100Mbps ethpoarte gt L00Mbps ethports f100Mbps ethport4 100Mbps nye WLAN S
17. UdpChecks disabled IcmpChecks disabled LogDefault disabled LogThreshold enabled Modules enabled Firewall Administration Module sink forward source host_service enabled Firewall Host Service Module forward level enabled Firewall Level Module forward system_service enabled Firewall System Service Module sink gt S D eC d tO U C n E DOC CTC 20051017 0155 v1 0 Executing Commands from the Command Group Executing Commands from Anywhere Using Partial Command statements E DOC CTC 20051017 0155 v1 0 Chapter 2 SpeedlTouch Command Line Interface You can also enter the commands from the command group itself using the reduced form of the command for example list at the firewall command group selection gt firewall firewall gt list Config State disabled Keep disabled TcepChecks none TcpWindow 65536 UdpChecks disabled IcmpChecks disabled LogDefault disabled LogThreshold enabled Modules Module State Text Hooks fire enabled Firewall Administration Module sink for ward source host_service enabled Firewall Host Service Module forward level enabled Firewall Level Module forward system_service enabled Firewall System Service Module sink in a command means NOT for example the parameter in the firewall rule create command srcintf lt string gt parameter It is possible to enter a command from anywhere within the CLI provided the command is preceded by
18. Web Interface Go to Home gt SpeedTouch gt Configuration Click Save or Restore Configuration Backup amp Restore This page enables you to save and restore the configuration of your SpeedTouch Follow instructions below Backup current configuration In order tu store the current configuration of your SpeedTouch click on the Backup Contiguration Now button You will be prompted by your web browser to store the configuration file locally on your hard disk Choose a location and store the file on your computer Backup Configuration Now Restore saved configuration You can restore 4 configuration file you have previously stored on your computer Click on Browse choose the configuration file you want to restore on your SpeedTouch and click on Restore Configuration Now to restore the configuration Configuration File Browse Restore Contiguration Now To back up the SpeedTouch configuration click Backup Configuration Now Click Save and select a location on your local disk to store the user ini file S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Restoring configurations via the basic Web Interface E DOC CTC 20051017 0155 v1 0 Chapter 4 SpeedTouch Configuration Management Proceed as follows Open a web browser and go to the SpeedTouch Web Interface Go to Home gt SpeedTouch gt Configuration Click on Browse and choose the configuration file residing on
19. at the firewall command group selection followed by pressing TAB results in the full command being completed Entering firewall 1 from top level and pressing TAB gives the same result the command is completed to firewall list You can move the cursor to the beginning of the command line by pressing CTRL A to move the cursor to the end of the Command Line press CTRL E You can break off acommand by pressing CTRL G This can be useful in a situation where a user wants to abort the command This can be useful to break off commands for which the user does not know the value of a required command parameter S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Chapter 2 SpeedlTouch Command Line Interface History of Commands The CLI allows you to re use commands you have used before during a CLI session To scroll through the previously used CLI commands use UP ARROW and DOWN ARROW To execute a re used command press ENTER E DOC CTC 20051017 0155 v1 0 S D e e d to U C h Chapter 2 SpeedTouch Command Line Interface 2 4 Command Line Interface Commands Executing Commands All CLI commands are commands that operate on or configure the SpeedTouch from the Top Level settings You can use these commands from top level preceded by the name of the command group from which the command should be executed for example firewall list gt firewall list disabled disabled TepCnecks none TcpWindow 65536
20. d tO U C n E DOC CTC 20051017 0155 v1 0 10 4 Information Exchange How to Enable Disable the Information Exchange Advantages of speedlouch Identification E DOC CTC 20051017 0155 v1 0 Chapter 10 SpeedTouch Monitoring speedTouch Identification on AWS The SpeedTouch exchanges some variables after the DSL synchronisation with the DSLAM Digital Subscriber Line Access Multiplexer These variables are hard coded into the SpeedTouch The following variables are exchanged gt Chipset vendor ID For example the SpeedTouch 620 chipset vendor ID will be BCM gt Software version number The software version number is retrieved from the ENV variables PRODNUMBER __BUILD For example the Speed Touch 620 software version number will be 620 5 3 2 gt Serial number The Serial number is retrieved from the ENV variables BOARDSERIAL_NBR _PRL For example the Speed Touch 620 Serial number can be CP0452JT02D DSLBB620AA gt Self test result The self test result will be retrieved from an ENV variable It is possible to disable and re enable the sending of the SpeedTouch information using the adsl config CLI command Administrator adsl gt config opermode lt multimode multi_ads1l2 multi_reads1l2 multi_adsl2plus gt trace lt disabled enabled gt Set the trace variable to disabled to disable the sending or to enabled to re enable it The
21. disabled enabled callback disabled group empty isdn ifconfig intf buisdn mlppp disabled callback disabled isdn gt isdn ifconfig intf buisdn mlppp disabled callback enabled isdn gt saveall isdn gt ppp ppp gt ifattach intf bu_isdn S D eC d tO U C n E DOC CTC 20051017 0155 v1 0 CLI Parameters E DOC CTC 20051017 0155 v1 0 Chapter 9 The Integrated SoeedTouch ISDN Modem The table below provides a description of the relevant parameters mlppp enabled or disabled Enable or disable multilink ppp This means that the ppp can be established over 1 or 2 ISDN B links 64 kbps thus creating a bandwidth of either 64 or 128 kbps BODStart Numerical in kbps If multilink ppp is enabled and the Default 40 required bandwidth exceeds this value a second ISDN B link is used for the ppp connection BODEnd Numerical in kbps If multilink ppp is enabled and the Default 38 required for it drops below this value the second ISDN B link in the ppp connection is dropped mode dialout SpeedTouch is set for dialout This value is mandatory callback enabled or disabled Enable or disable callback Note that the called party must also be set to support callback Speedtouch 127 Chapter 9 The Integrated SoeedTouch ISDN Modem 9 4 2 How to Configure the PPP Connection Via the Web Interface How to Configure the PPP Connection Via CLI How to Configure the PPP Connection
22. gt Preparing for FIP file transfers Following access action rights apply to the directories and Its contents system p root Directory gt Access is allowed gt No Read access gt No Write access active Subdirectory gt Access is allowed gt Listing of files dir gt FIP m get of multiple files dl Subdirectory Access is allowed Listing of files dir FTP m get of multiple files FTP m put of multiple files FTP m delete of multiple files v v v WT WW To allow correct file transfers the transfer mode must be set to binary You can turn on the hashing option This allows you to see the file transfer in progress by printing a mark for each 2048 bytes that have been transferred ftp gt bin 200 TYPE is now 8 bit binary ftp gt hash Hash mark printing On ftp ftp gt speedtouch 2048 bytes hash mark E DOC CTC 20051017 0155 v1 0 Files stored on the file system E DOC CTC 20051017 0155 v1 0 Chapter 7 The SpeedTouch File System The following is an example output of the SpeedTouch dl and active subdirectory content C Documents and Settings john_doe gt ftp 192 168 1 254 Connected to 192 168 1 254 220 Inactivity timer 120 seconds Use site idle lt secs gt to change User 192 168 1 254 none Administrator 331 SpeedTouch 00 OE 50 OF FE 2A Password required Password 230 OK ftp gt ed dl 250 Changed to dl ftp gt
23. s contents ftp gt dir 200 Connected to 192 168 1260 port 1312 150 Opening data connection for bin 1s rwxXrwxXrwx 1 0 0 3601488 Jun 29 1971 ZZUIAA5 40A Ywxrwxrwx 0 20 Jun 29 1971 start cmd a gt 7 O 9 Jun 29 1971 seed dat S ieee Saale Goal O 790 Jun 29 1971 sslcert pem r 0 963 Jun 29 1971 sslkey pem 0 692 Jun 29 1971 sshdsa pem rwxrwxXrwx 0 93013 Jun 29 1971 user ini 226 Options l1 7 matches total ftp 466 bytes received in 0 00Seconds 466000 00Kbytes sec mE e Cia Get the system software file fip gt get ZZUIAAS 40A 200 Connected to 192 168 1 60 port 1315 150 Opening data connection for ZZUIAA5 40A 3601488 226 File transfer complete ftp 3601488 bytes received in 5 92Seconds 608 46Kbytes sec ftp gt As a result the system software file will be stored on the location from where you started the FTP session S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Ler Upgrade Restore procedure E DOC CTC 20051017 0155 v1 0 Chapter 3 SpeedTouch System Software Upgrade or Restore System Software via FIP The procedure to upgrade or restore the SpeedTouch system software consists of three main steps a Transfer system software to the SpeedTouch Mark system software file as Passive Software Version Activate the upgrade restored system software speedtouch Chapter 3 SpeedTouch System Software Transfer system To transfer a system software file st
24. 192 168 1 254 port 2187 150 Opening data connection for bin 1s rwxrwxrwx rwxrwxrwx ES fee pole le ed rS ee SS CAE r rwWxrwxrwXx rw rw rw rw rw r rw rw r r rWXrWXrWX rw rw rw rw rw r rw rw r 226 Options 0 PRP PPP RPP RPP PPP Pp ooo oo oo oo So So oS 0 OO COO O OOOO OO O 0 11 matches total 20 2952448 9 129 908 692 66920 4056 34633 44721 66920 4056 34633 44721 Jun Jun Jun Jun Jun Jun Jun Jun Jun Jun Jun Jun Jun Jun 29 29 29 29 29 29 29 29 29 29 29 29 29 29 1971 1971 1971 1971 1971 1971 1971 1971 1971 1971 1971 1971 1971 1971 ftp 803 bytes received in 0 10Seconds 8 03Kbytes sec ftp gt quote site config load filename config3 ini 200 200 CLI command config load filename config3 ini executed ftp gt speedtouch start cmd ZZUIAA5 314 seed dat sslcert pem sslkey pem sshdsa pem user ini user tpl security cfg config ini configl ini config2 tpl config3 cfg test ini Chapter 4 SpeedTouch Configuration Management 4 4 Speedlouch Service Templates Introduction Template files are ASCII text files consisting of a set of SoeedTouch embedded Easy Setup wizard specific commands and CLI commands Used by the SpeedTouch embedded Easy Setup wizard template files allow users to complete the configuration of the device in a convenient and comprehensive way without the need of manual configur
25. Access You can restrict SNMP Access so that it is accepted from specific IP addresses only To do this add the IP address or an IP Address range to the access list for the service SNMPV3_Agent Note that this also covers SNMPv1 You can also restrict access to specific interface groups such as WAN LAN DMZ Use the following command service system ipadd name SNMPV3_AGENT ip lt ip range gt with lt ip range gt either the IP address or the range of IP addresses from which SNMP access should be allowed Use the following command service system ifadd name SNMPV3_AGENT group lt wan local lan tunnel dmz guest or number gt The lt group gt parameter determines which interface group has access to the SNMP service Use the following command to view the configuration service system list name SNMPV3_AGENT expand enabled This results in the following output Idx Name Protocol SrcPort DstPort Group 1 SNMPV3_AGENT udp 161 Description 2 42444 244463444 Rx snmp GET SET and GETNEXT PDUs PO eS oy ee eo seseo server Pee OU Seaga a Bai hs ded eed state port aclip aclif aclifgroup map log User Managed Attributes state aclip aclif aclifgroup map log Attribute Values BUEUSs a4 6b ek SA eRESLSASSESERS administratively disabled POCU See ss AES RRA Ee RS 161 To Access Lists ss aew ee se eee any Interface Access List any Interface Group Access List any Map Dee tei ee eeeatacedeeean 161 LOGGING k se sng ee
26. Also select the link type Click Apply Click Routing Result the Routing page appears Routing Routing parameters Destination 0 0 0 0 0 Label ev aoa coment J bem If Cancer La If necessary fill in the destination and a label Click Apply E DOC CTC 20051017 0155 v1 0 S D e e d to U C h 125 Chapter 9 The Integrated SpeedTouch ISDN Modem Chapter 9 The Integrated SoeedTouch ISDN Modem Click Other Result the Other page appears Other parameters Mode On Demand Idle time limit 180 Authentication Auto Local IP Remote IP Primary DNS Secondary ONS 9 Select the Mode On Demand or Always On Fill in the idle time limit If the connection is On Demand and the connection is idle for this amount of time i e no traffic the connection shuts down The other values are automatically retrieved when the PPP connection is established 4 You cannot enable Callback via the Web interface For this you must use J CLI If you do not enable it the SpeedTouch will establish the ISDN connection over which the PPP connection is made Via CLI Use the following command sequence to configure the ISDN dial in connection via CLI isdn gt ifconfig intf number mlppp BODstart BODend mode callback group isdn gt ifconfig intf buisdn number 025292222 mlppp disabled enabled mlppp disabled BODstart 40 BODend 38 mode dialout callback
27. CTC 20051017 0155 v1 0 Chapter 6 SpeedTouch System Services Now the dynamic DNS client must be configured according your dynamic DNS subscription According the Example dynamic DNS subscription information following configuration must be done gt dyndns modify name MyDynDNS intf PPPoE_1 user JohnDoe MyISP com password First time typing the password Please retype password for verification password Second time typing the password for verification group MyDynDNSHost mx Left empty backmx disabled wildcard enabled offline disabled service dyndns status disabled dyndns modify name MyDynDNS intf DIALUP_PPPOE user JohnDoe MyISP com password _DEV_2AF11E9F944667D4 group MyDynDNSHost The intf parameter requires you to select the SoeedTouch interface used for your Internet connectivity Speedtouch 53 Chapter 6 SpeedTouch System Services Refining the dynamic DNS service settings gt dyndns service list dyndns server port request update interval retry interval max retry statdns server port request update interval retry interval max retry custom server port request update interval retry interval max retry No IP server port request update interval retry interval max retry DtDNS server port request update interval retry interval max retry gnudip server port request update interval retry
28. CWMP disabled periodic inform periodicinfint Set the interval between two periodicInform messages in seconds session Timeout Set the HTTP session timeout in seconds nolp Timeout Set the time in seconds the IP may be 0 after uploading a new config file maxEnvelopes Set the maximum number of SOAP envelopes sent within one http message connectionRequest enabled or Enable or disable CWMP disabled connection request connectionRegPath text string Set the path where the cwmp daemon can be reached connectionReqUserName text string Set the username the ACS must use to log in connectionReqPsswd text string Set the password the ACS must use to log in connectionReqAuth none basic or Set the authentication type of digest modem CWMP server for asynchronous connects qos class number Set the quality of service class for outgoing CWMP data bootdelayrange number Set the delay on boot before inform is sent S D e d tO U C n E DOC CTC 20051017 0155 v1 0 How to Configure the CW MIP Server syntax How to Configure the CWMP Server Parameter Description E DOC CTC 20051017 0155 v1 0 Chapter 8 SpeedTouch Remote Access From the cwmp server prompt use the following commands to configure the CWMP Server parameters config url lt string gt username lt string gt password lt string gt The CLI command uses the following parameters Parameter Description text string URL used to contac
29. Ethernet like MIB The Ethernet MIB contains management information on the Ethernet interface s It contains statistics on for example alignment errors collisions and MAC transition errors RFC2668 MAU MIB The Medium Access Unit MAU MIB contains management information about medium access units On SpeedTouch devices equipped with the four port Ethernet switch four MAU ports are present The MAU MIB will give details about the type status and provide statistics of each MAU It also gives details of the auto negotiation that has taken place on each ethernet port S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Standard MIBs Continued gt gt Chapter 10 SpeedTouch Monitoring Continued from previous page RFC1213 MIB II RFC 2790 Host Resources MIB This MIB shows hot resource information such as software builds CPE date and time of day the total and free amount of Flash Memory and RAM and processor load RFC 2836 Interface MIB RFC2851 INET ADDRESS MIB This MIB module defines textual conventions for representing Internet addresses An Internet address can be an IPv4 address an IPv6 address or a DNS domain name IPSec flow monitor MIB This is a MIB Module for monitoring the structure and status of IPSec based networks The MIB has been designed to be adopted as an IETF standard Hence vendor specific features of the IPSec protocol are excluded from this MIB RFC1215 traps MIB RFC2925 PING an
30. Public Keys E DOC CTC 20051017 0155 v1 0 Chapter 8 SpeedTouch Remote Access The SpeedTouch supports management of SSH public keys To each public key installed on the SpeedTouch a role is assigned This role defines the privileges a user accessing the SpeedTouch can have To view the public keys installed on the SpeedTouch use the following CLI command gt ssh publickey list Name JohnD b8 6d 15 AnnC Role Size Fingerprint Administrator 432 db 82 3 69 b7 9b qd0 3f 75 84 a2 User 435 ssh dss 0a ba qd8 ef bb b4 41 qd0 dd 42 b0 6f 6b 50 Total keys present 2 To install a new public key on the SpeedTouch use the following command gt ssh publickey add name Super role SuperUser Paste your public key here End with ctril d AAAAB3NzaC1lkc3MAAACAeF oV14XEhVWB64 jVt YRHCOoGYuPWSkV7 9Xv4GkBxGIKpr MUPO4DrkCPJrUb130Z2ssBb4KB1KTCregdveu jJREB1O6e0qOMONsSVRUm1380b kx d8STt 2Bp2a41W D jw8 zUMb1xA6DWDYvm BLi3EyCxKNOJkQ8QUO1HLDMvvDW8A AAAVAJM1IB8 K Lkmd2T8C4Kg cK GGxAAAAgCNZ5eKMTZR qiwo68UgSNsxyEyV WdC3B2byNImMp8V9X06CHWqswSry0Av70OwalIMO2sSYfoAixTYZZKxszqxx787Gt kVFYRxTJp7t3axlhovniPLRYFmyqOpxEQzGyEhpf1jHvOfUZW8130t5BAObIyJtu GUakj99kg7kqKtx7AAAAgCiVThLbqlq8ZCT8u20laegrVE0ip4GaMK0aLRSk3cEM MkPVw7 C AMJyVXUMShdK3TXkppO alcauCSK42JzPbpfPLHpKHZBMHdAJIT yUJI 3NVixT 6ZCk5e YiFDcdXml1 jMoy1mjkB KjRR5Wafd1VzKol1P1 t24Wf9Bst YMgo Read 576 bytes from stdin This command has ad
31. Site Filtering IDS DSD to name just a few The SpeedTouch is able to support additional functionality on top of its basic feature set These additional software modules however are not enabled by default and must be activated by means of a software activation key The table below describes the possible Software Modules Software Modules ST620 ST608 WL ST605 Tesee wenase s2 Softwarekey a eee ey SIP PBX SIP256 Software key By activating the ISDN Software Module full throughput capability on the ISDN interface will be enabled Speedtouch Chapter 5 SpeedTouch Software Modules 5 1 The SpeedTouch Software Modules web page How to Access the Software Modules Page Software Activation Key Management Via the SpeedTouch web interface you can easily overview the SpeedTouch available software activation keys and their current status Administrator Save All CLI Help Home gt SpeedTouch gt Add On Name Description ile Status YPN256 32 IPSEC based VPN capability None No Key VPN16 4 link not available None No Key VPN16 1 link not available None No Key ISDN ISON Backup capability None No Key SIP256 Session Initiation Protocol capability None No Key Paste the Software Activation Code you received into this box and click Add Acd The Software Module Status Display shows the available software modules that can be activated via a software activation key
32. SpeedTouch identification can be used to gt View the evolution of the network to an open CPE market gt Streamline customer support operation and so it is mandatory to see which CPE is attached to a certain port on the DSLAM Speedtouch SpeedTouch Monitoring speedlouch The ADSL Work Station AWS is the graphical management tool to control and configure DSL lines on a DSLAM Identification over AWS 170 The figure below is an example of a screenshot of an AWS 454M1 7 Show ADSL User Port Port Name ADSL Port R1 51 L7T2 6 Customer Id Optional Gregory Jacobs Configuration ATM Interface ATU C ATU R states Availability state Available Alarm State Show ADSL Far End Line Relative Capacity Occupation Out Down Noise Margin Out Down Output Power InfUp Attenuation Out Down CPE Remote Inventory Vendor Name 0F00544040420000 seral Humber CP0452JT02H35723730 Version Humber 2160000036323069010022010153000080 Modem Yendor Hame 0F00544040420000 Herif Yas fagui C cose Refresh Th e CPE Remote Inventory displays the values in a HEX notation S D e d tO U C n E DOC CTC 20051017 0155 v1 0 11 About the Advanced Diagnostics Overview E DOC CTC 20051017 0155 v1 0 Chapter 11 SpeedTouch Advanced Diagnostics opeedTouch Advanced Diagnostics The SpeedTouch features advanced diagnostics to allow for extended
33. To access this page go to Basic mode gt Toolbox gt Dynamic DNS This page shows the Dynamic DNS settings Dynamic DNS Service Dynamic ONS can be used to point a fixed host name e g host a domain com to the public for WAN IP address assigned by your Internet Service Provider typically a dynamic IP address This allows servers located on your Local Network configured using Game amp Application Sharing to be accessible using this alias rather than the IP address assigned by your Internet Service Provider e Configuration Use DynDNS Yes Internet Service wand Username Isaac Asimov Password ga IP address 192 168 1 24 Dynamic DNS service dyndns Hostname Slams dyndns uuu To change the settings and enable disable Dynamic dns click configure This page allows you to perform the following tasks gt Use dynamic DNS on multiple interfaces configure an additional interface gt Use multiple hosts configure an additional host speedtouch 55 Chapter 6 SpeedTouch System Services 6 2 Introduction Daylight Saving Time The RIC The SNTP web page The SpeedTouch SNIP Client The SpeedTouch Simple Network Time Protocol SNTP client allows you to configure the SpeedTouch internal real time clock RTC used for time critical operations for example for online certificates enrolment IPSec VPN client This section shortly describes the configuration and use of the SpeedTouch SNTP cl
34. Touch Setup CD It is advised to load the copies provided on the SpeedTouch Setup CD to your SNMP manager instead of using the standard MIBs included with your SNMP manager gt RFC1213 MIB II MIB II is defined by IETF Full Standards RFC1213 RFC 2011 RFC 2012 and RFC 2013 and is the fundamental MIB for TCP IP based Internet describing objects available from devices which run the Internet suite of protocols The MIB is fundamental to SNMP and is referenced by many other MIB modules It contains management information and statistics on the IP ICMP TCP and UDP protocols RFC2863 IF MIB The IF MIB is an extension and replacement of the interface table in MIB II It contains statistics on the number of bytes and packets transported across the represented interfaces including errors System MIB Enterprise specific branch MIB This required MIB is for administrative use by the other MIBs only It provides the object IDs OID from the SpeedTouch specific MIBs and defines the Enterprise specific object identifier RFC1493 Bridge MIB The Bridge MIB contains management information on the Bridge port s It contains statistics on for example alignment errors collisions and MAC transition errors IANAifType MIB This required MIB module is for administrative use only by the other MIBs It defines the IANAifType Textual Convention and thus the enumerated values of the ifType object defined in MIB lII s ifTable RFC2665
35. a widely spread method for managing networks Based on a client server concept the SNMP server the SNMP manager gets or sets the values of objects defined in a Management Information Base MIB kept by the SNMP client the SNMP agent In addition the SNMP agent is also able to autonomously initiate an action by sending a trap to the SNMP manager This section describes the SpeedTouch SNMP implementation and how to use it SNMP has become the de facto standard for network management Especially the monitoring aspect has become important network administrators want to be notified when things go wrong in their network In addition to prevent problems they also want to be able to do network load and trend analysis SNMP allows the user to access data about the SpeedTouch as defined in several MIBs This way the SpeedTouch can perfectly fit in a managed network monitored by SNMP Depending on the type the SpeedTouch supports SNMP V1or SNMP V1 V2 and V3 simultanseously This section covers the following topics MIBs Explained S D e d tO U C n E DOC CTC 20051017 0155 v1 0 10 1 1 Management Information Base Basic Commands Traps Community Names simultaneous SNMP Version Support E DOC CTC 20051017 0155 v1 0 Basic Concepts The Management Information Base or MIB is a tree like structure containing SNMP objects instances of these objects and their corresponding values Parts of this tree
36. and paste it into the provided window on the Software modules page Click Add Enter the user name and password you received and click Request Software Key You will receive the software key The user name and password remain active If for some reason your software keys are lost proceed as described above to reactivate them Normally you do not need to backup the software keys However should you want to do so use ftp to transfer the software key files swk to a backup location Under normal conditions once a software module has been activated there is no reason to disable this software module again However via an FIP session to the SpeedTouch file system you are able to create a backup of software activation keys files with an extension swk stored on the SpeedTouch dl subdirectory delete keys and or restore them Be aware that due to a previous system software update software keys may be residing in the SpeedTouch active directory If so and you want to remove these software keys in order to prevent them to re activate a software module in a future system software upgrade follow the instructions below 1 Make sure to save your current Speed Touch configuration via the Ssaveall CLI command 2 Make sure that both the active and passive system software are the same This can be done via the software duplicate CLI command 3 Switch active and passive system software versions via the s
37. browser must support Java Script To access the CLI via an IP Telnet session you need gt A TCP IP connection between the computer and the SpeedTouch gt A Telnet application on the computer 4 All popular recent Operating Systems feature a built in telnet application To access the CLI via the serial Console port you need gt Acable gt Aterminal application that you can use to connect to other devices Example Hilgraeve s Hyperterminal application delivered with MS Windows OSs gt The following application s Port settings gt 9600 bits per second gt 8 data bits gt No parity gt One stop bit gt No Flow control gt ANSI terminal emulation speedtouch 5 Chapter 2 SpeedTouch Command Line Interface Chapter 2 pe Access via a Telnet session or serial console SpeedlTouch Command Line Interface CLI Access via Telnet or Serial Console As soon a session to the CLI is opened a banner pops up followed by the CLI prompt SpeedTouch 620 IX S2420 lt 10 Copyright c 1999 2005 THOMSON NF a If the SpeedTouch is protected by a system password authentication will be required before access is granted to the CLI Speedtouch E DOC CTC 20051017 0155 v1 0 2 9 Command group navigation E DOC CTC 20051017 0155 v1 0 Chapter 2 SpeedTouch Command Line Interface Basic Navigation From the top level
38. configuration via the CLI for a syslog host on the local network with fixed IP address 192 168 1 10 to send all generated syslog mes sages all facilities with severity debug and higher to gt syslog ruleadd fac all sev debug dest 192 168 1 10 gt saveall gt speedtouch 167 Chapter 10 SpeedTouch Monitoring Chapter 10 SpeedTouch Monitoring syslog host ona The default SYSLOG SpeedTouch service is configured to allow traffic from the remote network SpeedTouch syslog daemon towards the WAN gt service system list name SYSLOG expand enabled Protocol SrcPort DstPort Group 1 SYSLOG bled Description System Logging Events Properties client Managed parameters state srcip Source Ip Selection Interface Access List Ip Access List Therefore no additional configuration is needed in case you want to configure a syslog host on a remote network The example below shows the syslog rule to add for a syslog host with IP address 192 6 11 1 The local syslog host 192 168 1 10 configured before See Syslog host on the local network will receive all generated syslog messages the remote syslog host only receives syslog messages from all facilities with severity warning error critical alert or emergency all facilities with severity warning and higher gt syslog ruleadd fac all sev debug dest 192 6 11 1 gt syslog list 1 all debug 192 6 11 1 2 all debug 192 168 1 10 gt S D e
39. dir 200 Connected to 192 168 1 1 port 2055 150 Opening data connection for bin ls r rWXTWXrWX 1 0 0 20 Jun 29 1971 start cmd rYwxrwxXrwx 2889484 Jun 29 1971 ZZUITAA5 321 SS O 9 Jun 29 1971 seed dat 729 Jun 29 1971 sslcert pem 908 Jun 29 1971 sslkey pem rwxrwxrwx 54952 Jun 29 1971 user ini r Sia aca 0 692 Jun 29 1971 sshdsa pem 226 Options l 7 matches total ftp 466 bytes received in 0 02Seconds 29 13Kbytes sec ftp gt ed 250 Changed to ftp gt ed active 250 Changed to active ftp gt dir 200 Connected to 192 168 1 1 port 2056 150 Opening data connection for bin ls YwxrwxXrwx 1 0 0 20 Jun 29 1971 start cmd r rWXTCWXrWX 1 0 0 2889484 Jun 29 1971 ZZUIAA5 321 226 Options 1 2 matches total ftp 134 bytes received in 0 00Seconds 134000 00Kbytes sec ftp gt speedtouch 77 Chapter 7 The SpeedTouch File System File types Following file types can be found gt System software files e g ZZUIAA5 321 The SpeedTouch system software file The one in the active directory is currently used by the SpeedTouch the one in the dl directory is dormant Software activation keys e g VPN256 32 swk Software key files allowing the SpeedTouch to enable the corresponding software module at startup Per enabled software module a software key must be present in the dl directory Configuration files e g user ini The most recent saved configuration of th
40. dqd0 Test User 435 Oa ba d8 ef bb b4 41 d0 dd 42 Super SuperUser 432 1c 68 dc 1e 37 3d ab dc 60 7 Total keys present 3 3f 75 84 a2 13 59 ssh dss 1024 HOOF 6p 508197 31 ssh dss 1023 97 62 03 22 8987 83 speedtouch E DOC CTC 20051017 0155 v1 0 Default SSH service configuration E DOC CTC 20051017 0155 v1 0 Chapter 8 SpeedTouch Remote Access Use the following CLI command to see the default SSH service configuration gt service system list name SSH expand enabled Idx Name Protocol SrcPort DstPort Group Description SSH server Properties server Attributes state port aclip aclif aclifgroup map log User Managed Attributes state aclip aclif aclifgroup map log Attribute Values enabled 22 Ip Access List any Interface Access List Interface Group Access List lan disabled speedtouch Chapter 8 SpeedTouch Remote Access Configuration via CLI commands To have SSH access via WAN additional configuration of the SSH service is needed Use the following CLI command to allow SSH access from the WAN to the SpeedTouch gt service system ifadd name SSH group wan If you take a look at the SSH service configuration you will see that the wan group is added to the Interface Access List gt service system list name SSH expand enabled Idx Name Protocol SrcPort DstPort Group 1 SSH tcp 22 DesCriptiOie sasaa a eee ee ee a SSH server Pe Oe es is ara eee ere sok
41. format dd mm yyyy Set a time manually format HH mm ss Select a geographical timezone from GMT 12 00 to GMT 12 00 Enable or disable summertime o The Manual TAB if selected disables the SpeedTouch SNTP client speedtouch 57 Chapter 6 SpeedTouch System Services The SNTP tab To enable the SpeedTouch SNTP client select the SNTP TAB Administrator Save All CLI Help Home gt SpeedTouch gt SNTP SNTP Manual Name IP Address Wersion Status gt 10 50 2 20 3 synchronized Click Apply to commit changes SMTP properties Version As long no NTP servers are configured time will not be controlled by SNTP Proceed as follows to add an NTP server tone 2 Enrol aos of ONS hooms ofan Peano 3 Seely oN veson Click Apply This enables the SNTP client which contacts the NTP server in order to synchronize the SpeedTouch internal clock with the NTP server If needed you can correct the synchronized time by selecting your geographical timezone optionally by enabling or disabling summertime From now on your SpeedTouch s internal clock will be synchronized every 5 minutes default setting with the NTP server If needed you can enter additional redundant NTP servers to ensure that the clock always is synchronized with at least one of the provided NTP servers S D e d tO U C n E DOC CTC 20051017 0155 v1 0 setting the time via CLI Chapter 6 SpeedTouch S
42. log User Managed Attributes state port aclip aclif aclifgroup map log Attribute Values DUALS ARETE ceea eenas Eere enabled aea ER N E N A E E 82 Ip Access Dist ec cud eee eke any Interface Access List any Interface Group Access List lan Map DISC se a a a ee 82 LOGO LAG ae cee ug Steere dee ara See ares disabled o NAT refinements for SpeedTouch services should never be made in the NAT configuration menu but always in System Services speedtouch Chapter 8 SpeedTouch Remote Access 3 2 HTTPs service Introduction The remote management certificate Default HT TPs service configuration Secure Remote Web Interface Access The SpeedTouch supports secure HTTP or HTTPS The Transport Layer Security prior SSL implemented by Netscape provides communications privacy over the Internet The protocol allows client server applications to communicate in a way that is designed to prevent eavesdropping tampering or message forgery The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications When booting the SpeedTouch verifies if a certificate exists for remote management If no certificate is found the SpoeedTouch generates its own certificate When the SpeedTouch receives an HT TPs request on port 443 it transmits this certificate to the client The client can either accept of refuse the server identity Depending on client implementa
43. number Also select the link type Click Apply Click Routing Result the Routing page appears Paramerers outin former Routing parameters Destination 0 0 0 0 0 Label sv Apply connect Jf Deere If cance zo If necessary fill in the destination and a label Click Apply D ce d to UC he E DOC CTC 20051017 0155 v1 0 Chapter 9 The Integrated SpoeedTouch ISDN Modem Click Other Result the Other page appears tc 7 i Other parameters Made On Demand Idie tirme lirit 180 Authentication Auta Local IP Renate IP Primary DNS Secondary DNS 9 Select the Mode On Demand or Always On Fill in the idle time limit If the connection is On Demand and the connection is idle for this amount of time i e no traffic the connection shuts down The other values are automatically retrieved when the PPP connection is established 4 You cannot enable Callback via the Web interface For this you must use q CLI If you do not enable it the SoeedTouch will establish the ISDN connection over which the PPP connection is made Via CLI Use the following command sequence to configure the ISDN dial in connection via CLI isdn gt ifconfig intf number BODstart BODend callback group isdn gt ifconfig intf buisdn number 025292222 mlppp disabled enabled mlppp disabled BODstart 40 BODend 38 mode dialout callback disabled ena
44. of attempts to determine a path to a target that have succeeded The value of this object MUST be reported as 0 when no attempts have succeeded SLA Traceroute History A history of the SLA traceroute can be view as well To do so use the following CLI command gt sla traceroute hist test route owner modem Index Ttl Count Addr Rtt us Status RC Timestamp 1 1 1 11 0 0 138 1266 resp received 3 02 01 70 06 02 19 215236 2 1 2 11 0 0 138 1267 resp received 3 02 01 70 06 02 20 224824 3 1 3 11 0 0 138 1295 resp received 3 02 01 70 06 02 21 234845 aono Speedtouch Chapter 12 SLA Monitoring D ce d to UC he E DOC CTC 20051017 0155 v1 0 13 Introduction Normal reboot Reset to factory defaults E DOC CTC 20051017 0155 v1 0 Chapter 13 Resetting the SpeedTouch Resetting the Speed ouch If needed you can reset the SpeedTouch to factory defaults or just reboot To reboot the SpeedTouch without erasing the current configuration use the following command gt saveall This command will save the current configuration to the user ini file Now enter the following command gt system reboot This command will reboot the SpeedTouch and will load the user ini file upon reboot so the previous saved configuration will be restored To reset the SpeedTouch to factory defaults usethe following command gt system reset factory yes proceed yes This command will delete th
45. offers various access methods to allow configuration and monitoring of the device gt v v v wv SpeedTouch HTTP SpeedTouch HTTPs access SpeedTouch Telnet access SpeedTouch FIP access SpeedTouch SSH access However for obvious security reasons in the default configuration all these methods are denied from the WAN side Explicit configuration is required in order to allow remote management from the WAN Two important factors determine if you are allowed access via a specific method gt The SpeedTouch multi level access policy It determines access rights for users 4 For more information on the multi level SoeedTouch access policy please refer to the SpeedTouch Multi Level Access Policy Configuration Guide The SpeedTouch system services The SpeedTouch access methods are linked to different SpeedTouch Services A Service is an application running on the SpeedTouch By activating a service the SpeedTouch adds the appropriate NAT entries and firewall rules for example to disable access to the SpeedTouch web host In the table below the access methods and their services are listed HTTP access HTTP HTTPs access HTTPs To allow remote access from the WAN side for a certain service add the WAN interface group to the interface access list of the service See Configuration via CLI commands on page 81 It is possible to remotely access the SpeedTouch Web I
46. port mask timeout retries maxpertime windowtime E DOC CTC 20051017 0155 v1 0 lt number 0 65535 gt Target port number Default 162 lt ip mask dotted or cidr gt IP bitfield mask This is only applicable in case of source address checking lt number 0 2147483647 gt SNMP expected maximum round trip time in hundredths seconds for communicating with the target address lt number 0 255 gt Number of times the snmp entity will attempt to retransmit an inform when no response is received lt number 0 255 gt Maximum number of notifications that can be sent within a limited time base defined as window time lt number 0 3600 gt Time base in seconds that limits the number of notifications A window time of 0 deactivates the trap rate limitation mechanism Speedtouch 147 Chapter 10 SpeedTouch Monitoring taglist lt quoted string gt String containing one or more tags A tag corresponds to a tag In the usmUser Table the snmpCommunity Table or the snmpNotify Table params lt V1Params gt String used to select a set of entries in the snmp largetParams Table storage other volatile nonVolatile Storage type permanent or readOnly lt number 484 65535 gt Maximum message size that can be retransmitted without risk of fragmentation Use of defaults If you do not specify a parameter default values are used The key parameters are name and addr How to Delete a To de
47. probe quoted string packet The number of seconds to wait number 0 65535 before repeating a ping test The max number of entries in number 0 50 the history table The storage type of this entry volatile or nonVolatile The value determines when flag flag and if to generate a probeFailure notification testFailure testCompletion The number of successive number 0 15 probe failures before initiating a pingProbeFailed notification The number of ping failures number 0 15 within one test before initiating a ping TestFailed notification The implementation methodto IcmpEcho or be used for the ping test UdpEcho The descriptive name of the quoted string ping test lp source address to be used ip address Interface name nonellooplipsecOlln ternetilan1lwan1ld mzilguest1 Bypass the normal routing disabled or enabled tables The value to store in the number 0 255 Differentiated Service Field in the IP packet S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Starting the SLA Ping SLA Ping Result E DOC CTC 20051017 0155 v1 0 Chapter 12 SLA Monitoring Use the following command to modify the SLA ping parameters gt sla ping modify test internet addr 11 0 0 138 size 200 timeout 3 count 15 datafill test frequency 2 maxrow 50 storagetype nonVolatile trap trapprobefilter 2 traptestfilter 12 type IcmpEcho
48. tO U C n E DOC CTC 20051017 0155 v1 0 10 3 1 What is Syslog The SpeedTouch syslog daemon syslog priority severities E DOC CTC 20051017 0155 v1 0 The SpeedTouch Syslog Daemon Syslog is a message generating tool that can be implemented in any network device The intention of the tool is to send messages over the network indicating status actions possible problems etc from the device Although the syslog protocol is widely spread and evolved to a de facto standard only recently some first Internet drafts and informational Request For Comments RFC became available to describe the existing protocol and some proposal for enhancements For the SpeedTouch the syslog daemon conforms to the proposed standards as much as possible Syslog messages consist of a message header called Priority and a message body containing the message itself Via the Priority identification it is possible to determine the severity and facility of a message hence it allows to diversify the messages according to their importance Each severity and each facility can be identified by a numerical value The sum of the numerical values of the severity and the facility indicates the numerical value of the priority In the following all severities and facilities are listed with respective notation and numerical values Following priority severities are possible for a syslog message generated by the SpeedTouch The severities are lis
49. the config save and config backup CLI commands may be found Get the configuration file in the example the saved configuration file user ini is backed up ftp gt get user ini 200 Connected to 192 168 1 254 port 1693 150 Opening data connection for user ini 12016 HEE HH 226 File transfer complete ftp 12016 bytes received in 0 02Seconds 600 80Kbytes sec As a result the configuration file containing a saved SpeedTouch configuration will be stored on the location from where you started the FTP session S D e d tO U C n E DOC CTC 20051017 0155 v1 0 4 3 2 Introduction Restore change procedure E DOC CTC 20051017 0155 v1 0 otore Configurations via FTP Via the procedure described below you can gt Restore a configuration file you previously backed up via the procedure described in 4 3 1 Back up Configurations via FTP on page 33 gt Apply a new configuration to the SpeedTouch by storing a new or changed configuration file gt Store multiple SoeedTouch configuration and template files on the file system for immediate use A configuration file has no limitations regarding the file name to be valid However the SpeedTouch file system will truncate the full name including the extension to maximum 13 characters For example when transferring a file abcdefghijklmnopgrstuvwxyz ini to the SpoeedTouch file system it will be stored as abcdefghijklm For your convenien
50. the HTTPs service is needed Use the following CLI command to allow HT TPs access from the WAN to the SpeedTouch gt service system ifadd name HTTPs group wan gt If you take a look at the HT TPs service configuration you will see that the wan group is added to the Interface Access List gt service system list name HTTPs expand enabled Idx Name Protocol SrcPort DstPort Group Description HTTP web server over ssl Properties server Attributes state port aclip aclif aclifgroup map log User Managed Attributes state port aclip aclif aclifgroup map log Attribute Values enabled Ip Access List Interface Access List Interface Group Access List lan wan disabled speedtouch Chapter 8 SpeedTouch Remote Access Refinement of the If needed the service can be fine tuned to restrict the allowed traffic to service gt A single IP address gt A subnet gt A range of IP addresses Use the following CLI command to restrict the allowed traffic to 1 IP address gt service system ipadd name HTTPs ip 192 6 11 5 gt Use the following CLI command to restrict the allowed traffic to a subnet gt service system ipadd name HTTPs ip 192 6 11 0 24 gt Use the following CLI command to restrict the allowed traffic to a range of IP addresses gt service system ipadd name HTTPs ip 192 6 2 55 2 55 gt 4 D aa d to UC he E DOC CTC 20051017 0155 v1 0 Hyper NAT Refinements
51. the SSH service configuration you will see that the wan group is added to the Interface Access List gt service system list name SSH expand enabled Idx Name Protocol SrcPort DstPort Group 1 SSH tcp 22 DesCriptiOie sasaa a eee ee ee a SSH server Pe Oe es is ara eee ere sok re eee wren ove server ACCriD TCES ee ee a ee ee state port aclip aclif aclifgroup map log User Managed Attributes state aclip aclif aclifgroup map log Attribute Values DLAs 64 5 hed Bee RE E enabled POC s 6 4 9 4 e ward a eee oe eae eae 22 Ip Access Lisl ta bela tes wan any Interface Access List any Interface Group Access List lan wan Map Mime Gt yaihis ct oa ae oe ae 22 LOJI LAG ciaee iee e i eE a E E disabled speedtouch Chapter 8 SpeedTouch Remote Access Refinement of the Service If needed the service can be fine tuned to restrict the allowed traffic to gt A single IP address gt A subnet gt A range of IP addresses Use the following CLI command to restrict the allowed traffic to 1 IP address gt service system ipadd name SSH ip 192 6 11 5 Use the following CLI command to restrict the allowed traffic to a subnet gt service system ipadd name SSH ip 192 6 11 0 24 Use the following CLI command to restrict the allowed traffic to a range of IP addresses gt service system ipadd name SSH ip 192 6 2 55 2 55 S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Hyper NAT Refinements E D
52. the name of the configuration file to load in case it is different from user ini If not specified the SpeedTouch will assume the file name to be user ini It is also possible to load a script file sts with the config load command A When loading a config file the file is loaded to memory However to 1 make the configuration persistent you need to click saveall to save the configuration 32 S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Chapter 4 SpeedlTouch Configuration Management 4 3 1 Back up Configurations via FTP Introduction For backup reasons you can transfer configuration files from both the SpeedTouch active and dl subdirectories to your local disk 4 Remind that a user ini file in the system s active subdirectory may contain an old saved configuration created before your latest software switch over Backup procedure To backup the current SpeedTouch configuration to your local disk as backup user ini file proceed as follows Open an FIP session to the SpeedTouch At the user name prompt enter a user name and at the password prompt the password see The SpeedlTouch Multi Level Access Policy Configuration Guide for more information C gt f tp lt SpeedTouch IP address gt Connected to lt SpeedTouch IP address gt 220 Inactivity timer 120 seconds Use site idle lt secs gt to change User 192 168 1 254 none root 331 SpeedTouch Pa
53. to this other node and all intermediate nodes Interim and final results can be consulted on web CLI and via SNMP RFC 2925 Ping and traceroute are two very useful functions for managing networks Ping is typically used to determine if a path exists between two hosts while traceroute shows an actual path Ping is implemented using the Internet Control Message Protocol ICMP ECHO facility The SoeedTouch supports the DISMAN PING MIB as in RFC 2925 and up to four concurrent ping tests The SLA ping process can be configured by executing the following CLI command The following parameters are mandatory gt test this is just a name to identify the ping test gt addr this is the peer IP address to which the ICMP echo requests will be send Speedtouch Chapter 12 SLA Monitoring Now that we defined an SLA ping test we need to configure the test The following parameters can be configured Parameter test addr size timeout count datafill frequency maxrow storagetype trap trapprobefilter traptestfilter type descr srcaddr intf bypassrt dsfield The name of the ping test to string configure The destination IP address string The size of the data portion to number 0 20000 be transmitted in a ping probe The timeout value in seconds number 1 60 for a ping operation The number of times to senda number 1 15 ping probe The data fill pattern of a
54. two modes gt Always on the backup connection is always on gt Dital on demand the backup connection is established when necessary i e when the ADSL line fails In order to configure callback you need to do the following Action Configure the ISDN Dial In Connection Configure the PPP connection S D e d tO U C n E DOC CTC 20051017 0155 v1 0 9 4 1 How to Configure the ISDN Dial In Connection Via the Web Interface Proceed as follows to configure the ISDN dial in connection via the Web interface to Go to Expert mode Em Click Connections Click Routed PPol Result on the page that appears you see a predefined connection called ISDN backup slInterface sd Destination Mode _ _ Link _ _ __ State gt ISDN_backup ISDN On Demand not connected down lick New to create a new entry No ISDN softwarc kcy found Only limited support of the ISDN intcrfacc For full ISDN functionality you will nccd to acquire the ISDN software key Ask your Service Provider for more information Click on the arrow to open the configuration pages for this connection Result the Parameters page appears Link parameters Interface ISP profile ISDN User parameters Username testiser Password KELI ISDN parameters Dial number 00329528995 Link type Dialup 64 Kbps er ee eee Fill in the username and password for the connection as well as the dial in number
55. view snmp group add groupname test_groupname_write Allow external access to the SNMP agent service system modify name SNMPV3_AGENT state enabled Speedtouch Chapter 10 SpeedTouch Monitoring Chapter 10 SpeedTouch Monitoring How to Configure the SNMPv1 Traps Proceed as follows Create a new target snmp target add name Test_trap_pce addr 10 0 0 110 taglist Trap_tag params Trap_params Create a notify filter snmp notify add name trap_notify_test tag Trap_tag securitylevel noAuthNoPriv Enable traps snmp config traps enabled Allow the traps to be sent to the target service system modify name SNMPV3_TRAPS state enabled Configure the target parameters snmp targetparams add paramname Trap_params mpmodel vl securitymodel snmpvl securityname RWCommunity S D e d tO U C n E DOC CTC 20051017 0155 v1 0 10 2 9 Command Parameters E DOC CTC 20051017 0155 v1 0 Chapter 10 SpeedTouch Monitoring How to Configure the System contact Name and Location You can set the System contact System Name and the System Location in the MIB II RFC1213 Use the following CLI command to do so config sysContact lt quoted string sysName lt quoted string sysLocation lt quoted string traps lt disabled enabled gt This command has the following parameters Parameter Description sysContact lt quoted string gt System Contact lt quoted string gt System Name
56. you can change to a command group by executing the name of the desired command group for example type the name of the command group and press ENTER To obtain a list of all available command groups use the he lp command from the top level gt help Following commands are available help Displays this help information menu Displays menu Displays this help information exit Exits this shell Exits group selection saveall Saves current configuration ping Send ICMP ECHO_ REQUEST packets traceroute Send ICMP UDP packets to trace the ip path telnet Open a telnet connection to a server Following command groups are available firewall service autopvc connection dhcp dns dsd dyndns expr ids igmp ip adsl atm capi config env hostmgr interface ipqos language mbus memm mlp ppp pptp rcapi router sla snmp sntp software syslog system tunnel upnp wireless The exact list of available command groups depends on the type of y SpeedTouch the number and kind of activated software modules and on the current version of the SpeedTouch System software To return to top level or to go up one level in case of nested command groups type two dots and press ENTER Speedtouch 7 Chapter 2 SpeedTouch Command Line Interface Help Command completion Going to the beginning or end of a line Breaking off commands You can use help or from any level to list all available commands and command g
57. 0 Chapter 4 SpeedTouch Configuration Management 4 9 Speedlouch System Languages Management Introduction The following three actions are possible regarding the system languages gt Upload a new system language file which can be found on the SpeedTouch Setup CD to the SpeedTouch gt Switch between system languages via the system language bar gt Delete a system language via the SpeedTouch Web Interface Uploading anew To upload a new system language proceed as follows system language step Action Open a web browser and go to the SpeedTouch Web Interface Go to Expert Mode Open the Upload File page via Home gt SpeedTouch gt System Update Administrator Save All CLI Help Hame gt SpeedTouch gt System lipdate yi p L u ht ist Pa Specily a file lo upload Liploae Click Browse and select the desired system language from the SpeedTouch Setup CD Click Upload to start uploading the system language on to the Speed Touch aono Speedtouch Chapter 4 SpeedTouch Configuration Management Switch between system To switch between system languages select the desired system language in the languages system language bar The system language bar can be found on the top right side of the SpeedTouch Web Interface Speedtouch de en s Help L By default the SpeedTouch is shipped with only one language The 7 system language bar
58. 1000000 The interval in milliseconds between packets listen lt disabledlenabled gt Don t send just listen for incoming ICMP packets dffield lt disabledlenabled gt Enables setting of the don t fragment flag in the IP headers of the ping srad srcadr lt ip address gt _ lt ip address gt Example The IP source address to use IP The IP source address to use address to use Below is an example of a ping command and its reply Administrator gt ping addr 40 bytes from 192 168 1 60 40 bytes from 192 168 1 60 60 1 40 bytes from 192 168 1 40 bytes from 192 168 1 60 1 40 bytes from 192 168 1 60 192 168 1 60 speedtouch Chapter 11 SpeedTouch Advanced Diagnostics The Traceroute Command 188 The traceroute command has the following syntax traceroute addr lt ip address gt count lt number 1 10 gt size lt number 1 20000 gt interval lt number 1000 60000 gt maxhops lt number 1 255 gt dstport lt number 1 65535 gt maxfail lt number 0 255 gt type lt icmp udp gt utime lt disabled enabled gt It uses the following parameters Parameter Value The destination IP address The number of times to reissue a traceroute request with the same time count lt number 1 10 gt to live lt number 1 20000 The size of the packet payload lt number 1000 60000 gt The size of the packet payload ma
59. 126 lt 143 gt May 20 17 52 50 GRP Default destination is routed via gateway 101 101 101 16 lt 37 gt May 20 18 07 53 LOGIN User Administrator logged in on CONSOLE gt For more information on the syntax and use of the CLI syslog command group commands see SpeedTouch CLI Reference Guide S D e d tO U C n E DOC CTC 20051017 0155 v1 0 10 3 4 Introduction Preconditions syslog host on the local network E DOC CTC 20051017 0155 v1 0 Remote Syslog Notification The SpeedTouch can be configured to send all or a selection of generated syslog messages to a host on the local or a remote network IP address This section describes how to configure the SpeedTouch syslog daemon to send messages to a particular host The host to send the syslog messages to should have syslog daemon software installed for capturing the messages and a known fixed IP address By default no traffic restrictions apply for the local network Simply add a syslog rule via the SpeedTouch syslog configuration web page or the CLI Specify the IP address of the host and optionally refine the set of syslog messages to send 4 You can specify one or a selection of comma separated or all facilities 7 Specifying a severity actually means to send syslog messages with a severity as specified and all messages with a higher severity For a priority listing see Syslog priority severities The following example shows the
60. 6 0 Attenuation dB 1 0 020 OutputPower dBm TQ 8 5 Available Bandwidth Downstream Upstream Cells s Kbit s 18867 8000 1886 800 Transfer statistics Errors Received FEC Received CRC Received HEC Transmitted FEC Transmitted CRC Transmitted HEC E DOC CTC 20051017 0155 v1 0 Near end Loss of Loss of Loss of Errored Near end Loss of Loss of Loss of Errored Near end Errored Near end Errored failures frame signal power seconds failures frame signal power seconds failures seconds failures seconds since reset 0 0 0 0 failures failures failures seconds last 15 minutes 0 0 0 0 seconds seconds seconds seconds current day 0 seconds previous day 0 seconds Speedtouch Chapter 11 SpeedTouch Advanced Diagnostics AIM Several commands are available to display specific Asynchronous Transfer Mode ATM statistics gt atm debug aal5stats Displays AAL5 port specific Asynchronous Transfer Mode ATM statistics gt atm debug gstats Displays global ATM statistics gt atm debug portstats Displays port specific ATM statistics Below some examples are provided gt atm debug aal5stats port dsl0 vpi vci clear atm debug aal5stats port dsl0 vpi 8 vci 36 of CRC 32 errors 0 of SAR timeouts 0 of too long SDU errors QO of invalid CPI field 0 of invalid length errors 0 of aborted CPCS PDUs 0 of ou
61. 65535 before repeating a traceroute test maxrow The max number of entries in number 0 100 the history table storagetype The storage type of this entry volatile or nonVolatile trap The value determines when flag and if to generate a flag pathChange notification testFailure testCompletion type The implementation methodto IcmpEcho ro be used for the traceroute test UdpEcho descr The descriptive name of the quoted string traceroute test intf Interface name none loop ipsecO Internet lan wan1 dmz1 guest1 S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Chapter 12 SLA Monitoring maxfail dffield dsfield The max number of number 0 255 consecutive timeouts allowed before terminating a traceroute request Enables bypassing of the disabled or enabled normal routing tables Enables setting of the don t disabled or enabled fragment flag in the IP headers of the traceroute requests The value to store in the number 0 255 Differentiated Service Field in the IP packet Use the following command to modify the SLA traceroute parameters gt sla traceroute modify test route addr 11 0 0 138 size 0 timeout 3 probePerHop 3 port 33434 fmaxTtl 30 initTtl 1 createHopEntries disabled frequency 0 maxrow 50 storagetype nonVolatile trap type UdpEcho descr srcaddr 0 0 0 0 intf none maxfai
62. Administrator gt menu intf addr netmask pointopoint addroute enabled fdd typical net subnet routes automatically lt Cancel gt Saving the configuration after configuring the SpeedTouch via the CLI it is advised to save your configuration Save the complete SpeedTouch configuration to persistent memory by executing saveall after exiting the menu driven CLI via lt Cancel gt from root menu Speedtouch Chapter 2 SpeedlTouch Command Line Interface Chapter 2 SpeedTouch Command Line Interface D ce d to UC he E DOC CTC 20051017 0155 v1 0 3 1 Upgrade system software system software packages and security E DOC CTC 20051017 0155 v1 0 Chapter 3 SpeedTouch System Software opeedTouch System Software About the System Software For new system software packages you can visit the SoeedlTouch support pages at http Wwww speedtouch com All SpeedTouch system software packages are gt Digitally signed and encrypted Packages that may have become corrupted or have been altered in any way will not be accepted by the SpeedTouch gt Specific per product This way the SpeedTouch or its service can never be corrupted or lost Speedtouch 15 Chapter 3 SpeedTouch System Software 3 2 FTP access speedTouch system software locations Overview System Software Management via FTP For more information on
63. E DOC CTC 20051017 0155 v1 0 Chapter 8 SpeedTouch Remote Access The SpeedTouch features a powerful Hyper NAT engine allowing the local hosts to share a single remotely negotiated public IP address In case Hyper NAT is enabled on the WAN interface that will be used for remote management and a static mapping has been made to allow remote hosts to address regular HIT TPs services on a host residing on your local network you must make sure that accessing the SpeedTouch Web Interface is still possible 4 For more information on Hyper NAT see the SpeedTouch Hyper NAT Configuration Guide The default port for the HTTPs server is set to 443 This can be changed by executing the following command gt service system modify name HTTPs state enabled port 448 gt The command above will change the HTTPs server port of the SoeedTouch from port 443 default to port 448 gt service system list name HTTPs expand enabled Idx Name Protocol SrcPort DstPort Group 1 HTTPs tep 448 DESCPLOL ION 64545446668 8454 HTTP web server over ssl PrOPErLiGs lt 202shs40e2 00 00 server ACCT ISULES i 4s sree eee ee eS state port aclip aclif aclifgroup map log User Managed Attributes state port aclip aclif aclifgroup map log Attribute Values DUALS AR EEE REE AED EREE EG EEE enabled POR ER N aan dceoatan eee eee ea anes 448 Ip Access Dist ec cad cee eee any Interface Access List any Interface Group Access List
64. For each software module following information is provided Name The name of the software module The name also serves as an Internet link to the SpeedTouch software module server from which you can acquire a software activation key for the particular software module Describes the software module File In case the software module is enabled the software key s file name is displayed Status Indicates the status of the module gt No key Meaning that the software module is not enabled Key enabled Meaning that the software module is enabled In expert mode go to SpeedTouch gt Addon S D e d tO U C n E DOC CTC 20051017 0155 v1 0 software activation key management via the CLI Applying for a software key E DOC CTC 20051017 0155 v1 0 You can overview the software modules and their status and link information via the SpeedTouch Command Line Interface CLI See 2 SpeedTouch Command Line Interface on page 5 for more information on how to access the Command Line Interface The software addon list CLI command group allows you to overview the current software modules their status and some additional information gt software addon list VPN256 32 module info VPN16 4 VPN16 1 Software key status No Key Filename Link http www speedtouch Teaser IPSec based VPN module info Software key status No Key Filename Link Teaser IPSec based VPN 16 module info Software key s
65. If you used the Web interface to configure the Dial In connection you do not need any additional configuration Use the following command sequence to configure the PPP connection via CLI ppp gt ifconfig intr bu_isdn dest buisdn user cpesit rednet password pcomp disabled accomp enabled trace disabled auth auto restart enabled retryinterval 10 passive disabled silent disabled echo enabled mru 1500 laddr raddr netmask format format none pool savepwd enabled demanddial enabled doddelay 30 primdns secdns dnsmetric idletime 45 idletrigger Tx unnumbered disabled ppp ifconfig intf bu_isdn format none ppp gt S D e d tO U C n E DOC CTC 20051017 0155 v1 0 CLI Parameters E DOC CTC 20051017 0155 v1 0 Chapter 9 The Integrated SoeedTouch ISDN Modem The table below provides a description of the relevant parameters Do not alter the default value of the parameters not shown in this table dest text string name of the ISDN interface on which the PPP connection is built user text string Username needed for the PPP connection password text string Password needed for the PPP connection pap chap or auto Sets the authentication protocol restart enabled or disabled Enable or disable the retry function This means that the system will try again if establishing the link fai
66. OC CTC 20051017 0155 v1 0 The SpeedTouch features a powerful Hyper NAT engine allowing the local hosts to share a single remotely negotiated public IP address In case Hyper NAT is enabled on the WAN interface that will be used for remote management and a static mapping has been made to allow remote hosts to address regular SSH services on a host residing on your local network you must make sure that accessing the SpeedTouch Web Interface is still possible 4 For more information on Hyper NAT see the SoeedTouch Hyper NAT Configuration Guide The default port for the SSH server is set to 22 This can be changed by executing the following command The command above will change the SSH server port of the SpoeedTouch from port 22 default to port 35 gt service system list name SSH expand enabled Idx Name Protocol SrcPort DstPort Group Description SSH server Properties server Attributes state port aclip aclif aclifgroup map log User Managed Attributes state aclip aclif aclifgroup map log Attribute Values enabled Ip Access List Interface Access List Interface Group Access List lan disabled speedtouch Chapter 8 SpeedTouch Remote Access Chapter 8 SpeedTouch Remote Access G LAN Based Auto Configuration LAC Support TR 064 About TR O64 The SpeedTouch supports the DSL Forum s TR 064 Technical Report on LAN Based Auto Configuration This provides the possibility
67. OC CTC 20051017 0155 v1 0 Menu driven CLI Navigation To improve the user friendliness of the SpeedTouch CLI the CLI features a menu driven interface To enter the menu driven interface simply enter the command menu from the CLI prompt ec Telnet 197 168 1 254 Administrator menu Firewall service Lautopuc connection cump C dhep dns ded Cdyndns eth Lexpr grp Lids Lip Lisdn adsl atm config debug Lenu Chostmgr Linterface Lipqos label language lpd nat ppp J Lpptp script snmp Lentp software ssh syslog system tunnel Lupnp Luzer lt Ok gt lt Cancel gt The semi graphical CLI offers you an attractive and easy to use configuration environment for the CLI You can browse through the CLI command groups via the arrow keys Pressing ENTER executes your selection i e for entering a CLI command group From each level you can select and press ENTER to go up one level Use TAB to change from the command menu to the control menu the lower bar of the menu and vice versa To setup a CLI command simply press ENTER on its name You can configure and overview its various parameters at once In case the parameter provides preset values scroll through the available values via the UP and DOWN arrow keys If you are satisfied with all parameter values use TAB to select lt OK gt and press ENTER to execute the command ec Telnet 197 168 1 254
68. OC CTC 20051017 0155 v1 0 S D e d tO U C n 73 Chapter 6 SpeedTouch System Services S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Introduction Opening an FIP session to the SpeedTouch File system structure E DOC CTC 20051017 0155 v1 0 The SpeedTouch File System The SpeedTouch file system exists of nonvolatile memory responsible for storing retrieving and maintaining the system software files configuration profile files language pack files software activation keys secure storage files etc The file system of the SpeedTouch is accessible via the well known File Transfer Protocol FTP This allows to backup and restore files present on the Speed Touch file system Moreover via FIP s quote site command you are able to use a limited set of CLI commands from the FIP prompt Proceed as follows to open an FIP session to the SpeedTouch file system the example shows an ftp session opened from an MS Windows Command Prompt ce C AWINDOWS ystem3 cmd exe f C Documents and Settings JacobsGoftp 192 168 1 254 Connected to 192 168 1 254 z260 Inactivity timer 126 seconds Use site idle lt secs gt to change User 192 168 1 254 none gt gt Administrator 31 SpeedTouch 8H HE 5S6 HF FE 2A gt Password required Password In the example above the default SoeedTouch IP address 192 168 1 254 is assumed however another IP address may be assigned to your Spee
69. SNMP NOTIFICATION MIB RFC3414 SNMP USER BASED SM MIB RFC3415 SNMP VIEW BASED ACM MIB RFC3417 Transport Mappings for SNMP MIB RFC3418 SNMPv2 MIB Speedtouch 137 Chapter 10 SpeedTouch Monitoring ADSL and SHDSL MIBs Following two MIBs are specific per SpeedTouch s DSL variant ADSL or SHDSL variants You should only load the appropriate MIB although loading both will not harm functionality To retrieve maximum SNMP information it is imperative to use the MIB provided on the SpeedTouch Setup CD and not the one supported if so by the SNMP manager gt RFC2662 ADSL MIB containing ADSL LINE MIB and ADSL TC MIB The ADSL MIB is in fact a bundle of three MIBs the ADSL LINE MIB the ADSL TC MIB and additionally the PerfHist TC MIB It contains management information about the ADSL line such as Signal to Noise Ratio SNR output power and attainable bit rate For using the RFC2662 ADSL MIB the PerfHist TC MIB is required available on the SpeedTouch Setup CD gt RFC3276 SHDSL MIB The SHDSL MIB contains management information about the SHDSL line such as Signal to Noise Ratio SNR Loop attenuation PSD regional setting line rate and line status ILMI MIBS The SpeedTouch supports the following ILMI MIBs gt af ilmi 065 000 gt fb nm 0122 gt fb nm 0165 ATM MIBs Following MIBs are specific for the SoeedTouch ATM interfaces gt RFC2515 ATM MIB This is the MIB Module for ATM and AAL5 related o
70. TP server is readily installed on the computer from which you intend to perform the system software upgrade Configure the BOOTP TFTP server to use the SpeedTouch system software image file in its reply to BOOTP requests from the SpeedTouch you want to upgrade To identify the BOOTP requests from the SpeedTouch you will need to specify its MAC address and define an IP range for basic communication between the BOOTP TFIP server and the SpeedTouch Set the Speed Touch in BOOTP by executing the software upgrade CLI command gt software upgrade The SpeedTouch is in BOOTP mode when the power LED is solid orange The BOOTP TFITP server will reply to the BOOTP requests and will perform the required operations to allow the system software to be fetched by the SpeedTouch via TFTP After checking whether the received system software is valid for the device the SpeedTouch will start in normal operational mode to complete the upgrade This step can take some time to complete The upgrade process can be followed via a serial console S D e d tO U C n E DOC CTC 20051017 0155 v1 0 saving the configuration Backing up configurations storing and restoring multiple configurations E DOC CTC 20051017 0155 v1 0 Chapter 4 SpeedlTouch Configuration Management Speed Touch Configuration Management Whenever the configuration of the SpeedTouch has been altered in any way with the i
71. a colon and the full command path e g firewall gt ip rtlist Instead of typing a complete command with all of its required and optional parameters and pressing ENTER you can also enter the command itself without specifying any parameter If all parameters are optional the command is executed immediately assuming default values for all parameters In case the CLI command features required parameters you are prompted to complete the command with the required and the optional if present parameters For optional parameters you can simply press ENTER without giving a value to assume default value In case the parameter provides preset values you can scroll through these via the UP and DOWN arrow keys For example the addroute parameter below has two preset values enabled and disabled gt ip ipadd intf lanl addr 10 1 5 31 netmask 8 pointopoint addroute enabled ip ipadd intf lanl addr 10 1 5 31 8 addroute enabled Speedtouch Chapter 2 SpeedTouch Command Line Interface saving the configuration After configuring the SpeedTouch via the CLI it is advised to save your configuration You can save the complete SpeedTouch configuration to persistent memory by executing the saveall command The saveall command can be entered from any CLI prompt S D e d tO U C n E DOC CTC 20051017 0155 v1 0 2 o Introduction Entering the CLI menu Executing commands E D
72. a file tu upluad Upload Region Provider Service Description Config Versiun Compatible Factory template OS 7m Cancel Click Backup Select a location on your local disk to store the user ini file and click OK Click the Configuration Files tab and select the file you want to back up Administrator Save All CLI Help Home gt Speedtouch gt System Update Svstem Contiquration feyeemuparad Active Configuration Service user ini Routed PPPoE on 0 35 and 8 35 Wizard Template Servic OO OOOO gt ppp tpl Router gt ipoa tpl Routed IPoA gt hridge tpl Bridge C Configuration Template properties z o Don t click Delete or the SpeedTouch will reset to defaults and your configuration will be gone ES S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Chapter 4 SpeedTouch Configuration Management Restoring a Proceed as follows configuration via the sie a Open a web browser and go to the SpeedTouch Web Interface 2 ewen Open the Upgrade page via Home gt SpeedTouch gt System Update Administrator Gave All CLI Help Home gt SpeedTouch gt System Update Click Upload to transfer the configuration file to the SoeedTouch 4 Be aware that by uploading a new configuration also the IP configuration of J the SpeedTouch may have been changed In that case the information logging as described above procedure will not be shown To sav
73. a new group with the name friends gt isdn group addgroup name friends Use the character to add wildcards to the phone numbers in the allowed list gt isdn group addrule group friends number 0154548 Add the phonenumber 036467348 to the allowed list gt isdn group addrule group friends number 036467348 D ce d to UC he E DOC CTC 20051017 0155 v1 0 Chapter 9 The Integrated SoeedTouch ISDN Modem 9 3 ISDN Backup ISDN Backup The SpeedTouch has an ISDN interface that can be used to create an ISDN backup for the ADSL line The process is shown in the diagram below When the ADSL line fails the SoeedTouch establishes a dial in connection towards the ISDN network A PPP connection is then established over this ISDN connection which takes over the traffic from the failed ADSL line ISDN Callback If the SoeedTouch establishes the ISDN connection from the user end the user will be charged with the connection cost To avoid this it is possible to use the callback option if the other end supports it The SpeedTouch establishes a dial in connection and provides all necessary information and disconnects The system then waits for a callback to establish the ISDN connection over which the PPP connection is established Dial ln Modes The dial in connection line can operate in one of two modes gt Always on the backup connection is always on gt Dial on demand the backup connection is establish
74. ace following data are shown gt The interface s mode forwarding or disabled gt The operation mode of the interface gt 10BaseTHD 10MB s Base T Half Duplex gt 10BaseTFD 10MB s Base T Full Duplex gt 100BaseTHD 100MB s Base T Half Duplex gt 100BaseTFD 100MB s Base T Full Duplex gt Whether the operation mode is selected via negotiation Yes or manually set No gt The number of Kilo Bytes and Ethernet frames that are sent and received gt The number of discarded Ethernet frames speedtouch 177 Chapter 11 SpeedTouch Advanced Diagnostics WAN Diagnostics Use the expand button or Expand all to open the WAN Diagnostics l Tg Connections FA The WAN diagnostics consists basically of two expandable parts gt v v v wv The physical layer DSL diagnostics a DSL Flavour ADSL over ISDN Reserved Bandwidth kbit s updown 600 8000 Cl Properties Output Power dBm updown 6 5 7 0 Attenuation dB up down 0 0 0 0 Noise Margin dB up down 6 0 79 5 Statistics Loss of signal cloca remote 0 0 Loss of power local remote 0 0 Loss of framing localfremote 0 0 Errored Seconds local remote 0 0 Loss of link remote 0 Next to some general information on the DSL line flavour status bandwidth characteristic and throughput counters some line properties and statistics are shown The WAN connections diagnostics Connections C Internet Fd Co
75. and corresponding bytes that passed the firewall rule gt firewall rule debug stats forward source forward_level sink_system_service on aA OP WNRRR WnN eE YN EF PPP PPB OB WN Oo No oO m OY ws Oo wooo cdc cCc COO WOOD CO COCO O00 OO O JO J 0 2 0 0 0 0 0 0 0 0 0 0 0 0 9 0 0 0 0 0 0 0 4 0 9 m ee Hi NO oO ra WO NO To reset the firewall statistics use firewall rule debug clear D ce d to UC he E DOC CTC 20051017 0155 v1 0 IP Diagnostics The Ping Command E DOC CTC 20051017 0155 v1 0 Chapter 11 SpeedTouch Advanced Diagnostics There are two useful commands ping Send IGMP ECHO_REQUEST packets to a given destination traceroute Send ICMP UDP packets to trace the ip path gt gt Each of these can be given from the root of the CLI as well as from any other place in any command group The Ping command has the following syntax ping addr lt ip address gt count lt number 1 1000000 gt size lt number 0 20000 gt interval lt number 100 1000000 gt listen lt disabled enabled gt dffield lt disabled enabled gt srcaddr lt ip address gt It uses the following parameters lt number 1 1000000 gt The number of pings to send addr size size lt number 0 20000 gt 20000 gt The size The size of the ping payloadis the ping The size of the ping payloadis interval a
76. and is provided gt help config load Load saved or default configuration load load_ip lt disabled enabled gt defaults lt disabled enabled gt syntax flush lt enabled disabl ed gt echo lt disabled enabled gt filename lt string gt Parameters load_ip lt disabled enabled gt Load IP settings or not defaults lt disabled enabled gt Load default instead of saved configuration flush lt enabled disabled gt Flush current configuration before loading new one echo lt disabled enabled gt Echo each command string when loaded filename lt string gt Configuration filename Proceeding from the same FIP session you opened in the previous procedure enter the quote site config load command to load the configuration you previously put on the SpeedTouch file system ftp gt quote site config load 200 200 CLI command config load executed For more information on the config load options see Applying a configuration stored on the SpeedTouch on page 32 E DOC CTC 20051017 0155 v1 0 speedtouch E DOC CTC 20051017 0155 v1 0 Chapter 4 SpeedTouch Configuration Management In case the file name of the configuration file is different from user ini you should specify the file name This allows you to store multiple configuration files on the SpeedTouch file system and load them when needed ftp gt dir 200 Connected to
77. and set the polling interval speedtouch 59 Chapter 6 SpeedTouch System Services 6 3 About Website Filtering Address Based Filtering Website Filtering The website filtering feature offers you the possibility to control Internet Access by filtering blocking access to certain websites The Speed Touch has two methods of controlling access to the Internet Address Based Filtering Allow or block access to specific sites based on their address Content Based Filtering Allow or block access to websites based on their content With address based filtering you can allow or block access to specific web sites based on their address You can also block access to a specific site and redirect the browser to another site You can do this by configuring an address filter similar to this example Web Site Action Redirect WAAL ULL corn Block WAAL URL carm Allow WwW UPS Cor Redirect wana safeurl com If you create a rule for a specific URL that rule also applies to child URLs q unless otherwise specified in the filter Example Any rule created for www Speedtouch com also applies to lt anything gt speedtouch com S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Content Based Filtering With content based filtering you can block or allow access to web sites based on their content To do this you can apply a content level as filter You can use an if necessary customize one of the predef
78. ase wait Ut If you wish to activate a Standard license enter a valid activation key and apply your settings License Information License Key Fill in a valid license key and click Apply 4 Once you have activated the license the Create New Content Level task becomes available in the Pick a Task section of the filtering configuration pages E DOC CTC 20051017 0155 v1 0 S D e d tO U C n 65 Chapter 6 SpeedTouch System Services 6 3 4 Filter Priority Actions for Uncategorised Sites Procedure Configuring the Actions for Uncategorised Sites The address based filter if activated has the highest priority For web sites that are not specified in the address based filter the system uses the Content based filter if activated If neither filter is activated no filtering is applied Uncategorised sites are sites that are not targeted by any of the active filters For these sites you can gt allow access gt block access Proceed as follows to set the actions for uncategorised sites In the drop down list next to the option Action for uncategorised sites select the desired action Block or Allow Click Apply a Go to the second bullet in the list Content Based Filtering S D e d tO U C n E DOC CTC 20051017 0155 v1 0 6 3 9 How to Create a New Entry How to Modify an Entry How to Delete an Entry E DOC CTC 20051017 0155 v1 0 How to Create an Address Based Fi
79. ates and or other countries gt Apple and Mac OS are registered trademarks of Apple Computer Incorporated registered in the United States and other countries gt UNIX is a registered trademark of UNIX System Laboratories Incorporated gt Adobe the Adobe logo Acrobat and Acrobat Reader are trademarks or registered trademarks of Adobe Systems Incor porated registered in the United States and or other countries gt Netscape and Netscape Navigator are registered trademarks of Netscape Communications Corporation Other brands and product names may be trademarks or registered trademarks of their respective holders Document Information Status v1 0 January 2006 Reference E DOC CTC 20051017 0155 Short Title Operator s Guide ST620 R5 4 speedtouch Contents Contents 1 introduction 1 20 0 cc ccc ccccccccnccncencenecncceccsecsnceceneeseeecesnneeens 3 2 SpeedTouch Command Line Interface 5 2 1 About the CLI Interface 0 cece cess ence eee eee eee eee eee eee eens 5 2 2 CLI Access via Telnet or Serial Console 2 2 cccseeseeeeneeeeeeeeeees 6 2 3 Basic Navigation 0ccccceeeeneeeeneeeeeenneeeeeeeeeeeneeeeseeeneeneeenenneeeeeees 7 2 4 Command Line Interface Commands 0 ceseeeeeeeeeeeeeeeeeeenees 10 2 5 Menu driven CLI Navigation 0ccc cccsseeeeseneeeseneesseeeenenneeeees 13 3 SpeedTouch System Software c
80. ation v v v yv vy wT WF WW How to manage the SpeedTouch system configuration The SpeedTouch Command Line Interface How to manage the SpeedTouch system software How to activate software modules with activation keys How to configure the SpeedTouch system services The SpeedTouch file system How to access the SpeedTouch remotely How to use the integrated ISDN Modem of SpeedTouch gt Monitoring and debugging gt v v v wv E DOC CTC 20051017 0155 v1 0 How to monitor the SpeedTouch How to identify the SpeedTouch with AWS The SpeedTouch Advanced Diagnostics SLA Monitoring How to reset the SpeedTouch to defaults speedtouch a Chapter 1 Introduction 4 S D e d tO U C n E DOC CTC 20051017 0155 v1 0 2 1 CLI access CLI web page access requirements CLI Telnet access requirements CLI serial access requirements E DOC CTC 20051017 0155 v1 0 Speed l ouch Command Line Interface About the CLI Interface You can access the Command Line Interface via gt The SpeedTouch CLI Web Interface gt A Telnet session gt The serial Console interface To access the CLI via the SpeedTouch Web Interface you need gt A TCP IP connection between the computer and the SpeedTouch gt A web browser on your computer The web browser should be at least Microsoft s Internet Explorer 4 0 Netscape s Communicator 4 06 or equivalent The web
81. ation via CLI or the Web Interface Delivered template files Three template files are by default delivered within the SpeedTouch System software for use by means of the embedded Easy Setup wizard Bridge A template to configure the SpoeedTouch for Bridged Ethernet WAN access actually as an IEEE802 1D Transparent Bridge In this template the DHCP Server has been disabled Router A template to configure the SoeedTouch for Routed PPPoE or PPPoA For the local network the SpeedTouch acts as DHCP server Routed IPoA A template to configure the SpeedTouch for Routed IP over ATM For the local network the SpeedTouch acts as DHCP server Template files on the As the default templates are embedded in the system software these template files SpeedTouch file will not be present in the dl or active subdirectories by default system However via FTP access you are able to upload additional template files from the SpeedTlouch Setup CD or custom template files to the SoeedTouch dl subdirectory to extend the diversity of embedded configuration possibilities and or to avoid the need of using the SpeedTouch Home Install Wizard from the CD Each time the Speed Touch Home Install Wizard is used to configure the device a backup user tpl file is created overwritten in the dl subdirectory for future use by the embedded Easy Setup wizard D ce d to UC he E DOC CTC 20051017 0155 v1
82. bjects for managing ATM interfaces ATM virtual links ATM cross connects AAL5 entities and AAL5 connections gt RFC2514 ATM TC MIB This MIB Module provides Textual Conventions and OBJECT IDENTITY Objects to be used by ATM systems D ce d to UC he E DOC CTC 20051017 0155 v1 0 072 About SNMP configuration Enabling SNMP Command Line Interface CLI Overview E DOC CTC 20051017 0155 v1 0 SNMP configuration Chapter 10 SpeedTouch Monitoring There are a few configurable options covering the SNMP functionality If you require no traps are the default options suffice to access information in the SpeedTouch from the LAN must enable it By default the SNMP agent is disabled Before using or configuring SNMP you All the SNMP settings can be changed or viewed using CLI commands To enter a CLI command from the root precede it with and provide the full command path For more information on these commands refer to the CLI Command Guide This section covers the following configuration tasks Task How to Allow Access to the SNMP Agent How to View the System Contact Name and Location How to Configure the System contact Name and Location How to Configure SNMPv1 How to Force the Source IP Address How to Configure the SNMP Target How to Read SNMP Parameters via the CLI How to View the SNMP Configuration How to Allow Remote SNMP How to Add an SNMP User How to Restrict SNMP Acces
83. bled callback disabled group empty isdn ifconfig intf buisdn mlppp disabled callback disabled isdn gt isdn ifconfig intf buisdn mlppp disabled callback enabled isdn gt saveall isdn gt ppp ppp gt ifattach intf bu_isdn ppp gt ppp gt E DOC CTC 20051017 0155 v1 0 S D e 2 d tO U C n Chapter 9 The Integrated SpoeedTouch ISDN Modem CLI Parameters The table below provides a description of the relevant parameters mlppp enabled or disabled Enable or disable multilink ppp This means that the ppp can be established over 1 or 2 ISDN B links 64 kbps thus creating a bandwidth of either 64 or 128 kbps BODStart Numerical in kbps If multilink ppp is enabled and the Default 40 required bandwidth exceeds this value a second ISDN B link is used for the ppp connection BODEnd Numerical in kbps If multilink ppp is enabled and the Default 38 required for it drops below this value the second ISDN B link in the ppp connection is dropped mode dialout SpeedTouch is set for dialout This value is mandatory callback enabled or disabled Enable or disable callback Note that the dial in end must also be set for callback if you enable it D ce d to UC he E DOC CTC 20051017 0155 v1 0 Sone How to Configure the PPP Connection Via the Web Interface How to Configure the PPP Connection Via CLI E DOC CTC 20051017 0155 v1 0 Chapter 9 The Integrated SoeedTou
84. but always in System Services S D e d tO U C n E DOC CTC 20051017 0155 v1 0 3 4 SSH service Introduction SSH authentication Enabling the Secure Shell E DOC CTC 20051017 0155 v1 0 Remote SSH Access SSH Secure Shell is to be used to establish privacy between 2 network devices It provides a secured layer on top of TCP IP The implementation of SSH in the SpeedTouch is mainly targeted to allow privacy for CLI sessions when remotely managing the SpeedTouch from a WAN interface The SpeedTouch supports the following authentication methods gt password Password Authentication gt publickey Public Key Based Authentication The user can configure the authentication to be used during SSH session setup this can be done by executing the following CLI command gt ssh config auth password By choosing password authentication is based on username password By choosing public_key authentication is based on public key searching in the database of installed public keys on the SpeedTouch The Secure Shell service can be enabled by executing the following CLI command gt ssh config shell enabled Speedtouch Chapter 8 SpeedTouch Remote Access Chapter 8 SpeedTouch Remote Access Public Keys The SpeedTouch supports management of SSH public keys To each public key installed on the SpeedTouch a role is assigned This role defines the privileges a user accessing th
85. ccceeeeee 15 3 1 About the System Software 0cccceeeeeee eee eeeeeeeeeeeneneeeeenenees 15 3 2 System Software Management via FTP 0c seeeeeneeesnneenees 16 3 2 1 Backup System Software via FIP ccccccseccsssscecssceesesceceeeeeeseeeeeseuceeseeseeeseeeeseaeeessaaes 17 3 2 2 Upgrade or Restore System Software Via FIP cscccssecseeecsseeceeeeceeeeeaeeeseeeasessaes 19 3 2 3 Manual System Software Management via BOOTP TFITP Servet cscccccsseeeeeeees 23 4 SpeedTouch Configuration Management 25 4 1 Configuration Management via the SpeedTouch Web Interface26 4 2 Configuration Management via Telet 0ceesseeessneeeseneeees 30 4 3 The Config CLI Command Group 20 00eeeeeeessneeesnneeeeeneenees 31 4 3 1 Back Up Configurations via FIP cccccsccccsssceceeeeecseeeeceeseecesaeeeeeaseeeeaeeeseeaeeessaeeessaeeess 33 43 2 Store Configurations via FIP sisegecceueteiescnsstencssccnseninnccseidooeacencsducteuatensesdintaeacecsounouesoteae 35 E DOC CTC 20051017 0155 v1 0 S D e e d tO U C h i Contents 4 4 4 5 5 1 6 1 6 2 6 3 6 3 1 6 3 2 6 3 3 6 3 4 6 3 5 6 3 6 6 3 7 6 4 6 5 SpeedTouch Service Templates 222000ceeeeeeesenneeeeseneeeeneees 40 SpeedTouch System Languages Management 000 0 41 SpeedTouch Software Modules ccccccsee 45 Software Activation Key Management
86. ce it is advised always to use the extension ini for configuration files Each file present in the dl subdirectory of the SoeedTouch file system must have a unique file name 4 You can use a similar procedure as the one described here to upload and execute script files sts The procedure to restore or load a new SpeedTouch configuration consists of two main steps a Transfer the configuration file to the SpeedTouch 20 Applying a configuration stored on the SpeedTouch Speedtouch 35 Chapter 4 SpeedTouch Configuration Management Chapter 4 SpeedTouch Configuration Management Transfer the To transfer a SpeedTouch configuration file stored on your local disk to the configuration file to the SpeedTouch proceed as follows speedlouch step Action Open an FIP session to the SpeedTouch At the user name prompt enter a user name and at the password prompt the password refer to The SpeedTouch Multi Level Access Policy Configuration Guide for more information If required save the current SpeedTouch configuration via the quote site saveall command ftp gt quote site saveall 200 200 CLI command saveall executed Enter binary file transfer mode Optionally you can enable hashing ftp gt bin 200 TYPE is now 8 bit binary ftp gt hash Hash mark printing On ftp 2048 bytes hash mark Go to the SpeedTouch dl subdirectory ftp gt cd dl
87. ch ISDN Modem How to Configure the PPP Connection If you used the Web interface to configure the Dial In connection you do not need any additional configuration Use the following command sequence to configure the PPP connection via CLI ppp gt ifconfig intr bu_isdn dest buisdn user cpesit rednet password pcomp disabled accomp enabled trace disabled auth auto restart enabled retryinterval 10 passive disabled silent disabled echo enabled mru 1500 laddr raddr netmask format format none pool savepwd enabled demanddial enabled doddelay 30 primdns secdns dnsmetric idletime 45 idletrigger Tx unnumbered disabled ppp ifconfig intf bu_isdn format none ppp gt Speedtouch 121 Chapter 9 The Integrated SoeedTouch ISDN Modem CLI Parameters The table below provides a description of the relevant parameters Do not alter the default value of the parameters not shown in this table dest text string name of the ISDN interface on which the PPP connection is built user text string Username needed for the PPP connection password text string Password needed for the PPP connection pap chap or auto Sets the authentication protocol enabled or disabled retryinterval numeric Enable or disable the retry function This means that the system will try again if establi
88. cs system Diagnostics Use the expand button or Expand all to open the System Diagnostics O BS Product Name SpeedTouch 620 Vendor Name THOMSON Software version 5 5 0 18 Serial Number TMMISCOBSGREGORY CLI Version 2 0 0 Bootloader Version 1 0 20 ASIC Version 7b Board Name BANT G The information shown is mainly meant for uniquely identifying your device for example as reference for helpdesking Among others following information is provided gt Device identifiers gt Serial number gt Bootloader version gt ASIC version gt Board mnemonic gt System software identifiers gt System software version gt CLI and TAG Parser version 176 S D ee d tO U C n E DOC CTC 20051017 0155 v1 0 LAN Diagnostics E DOC CTC 20051017 0155 v1 0 Chapter 11 SpeedTouch Advanced Diagnostics Use the expand button or Expand all to open the LAN Diagnostics O By O Matteo Physical address 00 0E 50 0F FE 24 Physical Interface 1 Fd Mode forwarding Auto Negotiation Yes Type 100BaseTFD kBytes Tx Rx 1298 127 Frames Tx Rx 2233 71315 Discarded frames 0 Physical Interface 2 kal Physical Interface 3 Fd Physical Interface 4 x The LAN Diagnostics provide information on the SpeedTouch s local network Ethernet interface s Per Ethernet interface a visual indicator shows whether The interface is connected The interface is disconnected Per interf
89. d Trace route MIB The SpeedTouch contains a powerful embedded Service Level Agreement SLA monitoring engine which enables Carriers ISPs ASPs Integrators and Managed Service Providers to monitor and deliver reports to their customers and to be pro actively aware of network problems that impact application performance and to solve the problems even before the customer complains The SpeedTouch can be configured to automatically generate active measurement traffic PING Trace route to another IP device for example another CPE a web server and collect and aggregate measurement statistics availability delay jitter that shows compliancy to agreed SLAs The PING and Trace route SNMP MIB allows to fully manage this embedded SLA monitoring engine and achieve easy integration with SLA monitoring network management systems RMON MIB RFC2819 The SpeedTouch defines a portion of the MIB for use with network management protocols in TCP IP based internets In particular it defines objects for managing remote network monitoring devices This MIB allows custom traps custom historic tables and extensive Ethernet statistics RFC 3635 Ethernet like MIB RFC 3636 MAU MIB IP Tunnel MIB RFC2667 MIBs About SNMP The SpeedTouch supports the following MIBs about SNMP E DOC CTC 20051017 0155 v1 0 v v yv yv yY Yy vY ww 4 RFC3411 SNMP FRAMEWORK MIB SNMP COMMUNITY MIB RFC3412 SNMP MPD MIB RFC3413 SNMP TARGET MIB RFC3413
90. d cannectinn After 20 minutes of inactivity ar on rehont remote assistance will he automatically disabled Provide the following parameters to your ISP URL https 217 136 53 115 51003 Username TechSupport Password x9pk926 Enable Remote Assistance The system selects the user with the defremadmin property set to enabled The SpeedTouch has a pre configured user called TechSupport already configured for this purpose Normally the page should show this user see example above The system also generates a random password which you can alter manually Click Enable Remote Assistance Note that the system generates a new password every time you click the enable button How to Log On To The Proceed as follows to log on to the SpeedTouch remotely speedlTouch Remotely Action Open a browser window Enter the URL of the SpeedTouch public IP address of the SpeedTouch with port number 51003 as shown on the Remote Assistance page Log on using the user and the password on the Remote Assistance page You are now remotely connected to the SpeedTouch and have access to all of its functions as if the connection were a local connection S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Chapter 6 SpeedlTouch System Services Connection Type On most variants the connection will be HTTPS secure HTTP However some variants do not support SSH and will therefore use an HTTP connection E D
91. d to restrict the allowed traffic to a subnet gt service system ipadd name HTTP ip 192 6 11 0 24 gt Use the following CLI command to restrict the allowed traffic to a range of IP addresses gt service system ipadd name HTTP ip 192 6 2 55 2 55 gt D ce d to UC he E DOC CTC 20051017 0155 v1 0 Hyper NAT Refinements E DOC CTC 20051017 0155 v1 0 Chapter 8 SpeedTouch Remote Access The SpeedTouch features a powerful Hyper NAT engine allowing the local hosts to share a single remotely negotiated public IP address In case Hyper NAT is enabled on the WAN interface that will be used for remote management and a static mapping has been made to allow remote hosts to address regular HTTP services on a host residing on your local network you must make sure that accessing the SpeedTouch Web Interface is still possible 4 For more information on Hyper NAT see the SpoeedTouch Hyper NAT Configuration Guide The default port for the HTTP server is set to 80 This can be changed by executing the following command The command above will change the HTTP server port of the SoeedTouch from port 80 default to port 82 gt service system list name HTTP expand enabled Idx Name Protocol SrcPort DstPort Group 1 HTTP tep 82 Description s s sssscs eseo HTTP web server Propertie Sessa sd dad ie ea Sor server ACEriDUTeS e paca e e ee ee a a state port aclip aclif aclifgroup map
92. ded a new public key for the user Super who has role of a SuperUser assigned use the following CLI command to verify that the new publickey has been added gt ssh publickey list Name Tony b8 6d 15 Role Size Fingerprint Administrator 432 db 82 3f 69 b b7 9b qd0 3 f 75 84 a2 13 59 Test User 435 Oa ba d8 ef bb b4 41 d0 dd 42 Super SuperUser 432 1c 68 dc 1e 37 3d ab dc 60 7f Total keys present 3 ssh dss 1024 b0 6f 6b 50 97 31 ssh dss 1023 97 62 03 22 87 83 speedtouch Chapter 8 SpeedTouch Remote Access Default SSH Use the following CLI command to see the default SSH service configuration service configuration gt service system list name SSH expand enabled Idx Name Protocol SrcPort DstPort Group Description SSH server Properties server Attributes state port aclip aclif aclifgroup map log User Managed Attributes state aclip aclif aclifgroup map log Attribute Values enabled 22 Ip Access List any Interface Access List Interface Group Access List lan disabled S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Configuration via CLI commands E DOC CTC 20051017 0155 v1 0 Chapter 8 SpeedTouch Remote Access To have SSH access via WAN additional configuration of the SSH service is needed Use the following CLI command to allow SSH access from the WAN to the SpeedTouch gt service system ifadd name SSH group wan If you take a look at
93. default the FTP service is configured to let the SpoeedTouch FTP server accept FIP requests from LAN side only In addition the SpeedTouch provides FTP over SSH FTP over SSH provides a more secure way of accessing the SpeedTouch FTP service and should therefore be used Use the following CLI command to see the default FTP service configuration gt service system list name FTP expand enabled Idx Name Protocol SrcPort DstPort Group File Transfer Description Properties server Managed parameters state port acl map log Interface Access List Ip Access List NAT Port List To have FTP access via WAN additional configuration of the SpeedTouch FTP service is needed Use the following CLI command to allow WAN FTP access to the SpeedTouch via CLI commands Use the following CLI command to look at the FTP service configuration we notice that the wan group is added to the Interface Access List gt service system list name FTP expand enabled Idx Name Protocol SrcPort DstPort Group State 1 FTP tcp 21 enabled Description ssss seses File Transfer Properti CSee esceas ssd eee ees server Managed parameters state port acl map log Interface Access List lan wan Tp Acc ss DIS ceca aaas ceas any NAT Port LiSt sesesss ea 21 The added rules will allow any user on the WAN to open an FTP session to the SpeedTouch and access the file system after authentication speedtouch 97
94. dlouch device In its default firewall configuration FTP access to the SpeedTouch file system is restricted to access from the local network only The file system features a tiny multilevel directory structure with two nodes active and dl The root directory is secured and contains two subdirectories active and dl The active subdirectory contains the system software in execution Other files may be present to ensure the good operation of the device or due to previous system software upgrades The dl subdirectory is the directory where you can find a user ini file holding the most recently saved SpeedTouch configuration The dl subdirectory also contains the passive dormant system software in most cases the passive system software will be the same as the active system software present the active subdirectory Optionally the dl subdirectory may contain software activation keys for enabling SpeedTouch software modules language pack files and template files Other files may be present as well to ensure the good operation of the device There may be a user ini file present in the active subdirectory However this user ini only contains the saved configuration since the last software switchover and hence may be not up to date Speedtouch Chapter 7 The SpeedTouch File System Chapter 7 The SpeedTouch File System Access rights to the file
95. e SpeedTouch can have To view the public keys installed on the SpeedTouch use the following CLI command gt ssh publickey list Name JohnD b8 6d 15 AnnC Role Size Fingerprint Administrator 432 db 82 3 69 b7 9b qd0 3f 75 84 a2 User 435 ssh dss 0a ba qd8 ef bb b4 41 qd0 dd 42 b0 6f 6b 50 Total keys present 2 To install a new public key on the SpeedTouch use the following command gt ssh publickey add name Super role SuperUser Paste your public key here End with ctril d AAAAB3NzaC1lkc3MAAACAeF oV14XEhVWB64 jJVt YRHCOoGYuPWSkV7 9Xv4GkBxGIKpr MUPO4DrkCPJrUb130Z2ssBb4KB1KTCregdveu jREB1O6e0qOMONsVRUm1380b kx d8STt 2Bp2a41W D jw8 zUMb1xA6DWDYvm BLi3EyCxKNOJkQ8QUO1HLDMvvDW8A AAAVAJM1IB8 K Lkmd2T8C4Kg cK GGxAAAAgCNZ5eKMTZR qiwo68UgSNsxyEyV WdC3B2byNImMp8V9X06CHWqswSry0Av70OwalIMO2sSYfoAixTYZZKxszqxx787Gt kVFYRxTJp7t3axlhovniPLRYFmyqOpxEQzGyEhpf1jHvOfUZW8130t5BAObIyJtu GUakj99kg7kqKtx7AAAAgCiVThLbqlgq8ZCT8u2Q0laegrVE0ip4GaMK0aLRSk3cEM MkPVw7 C AMJyVXUMShdK3TXkppO alcauCSK42JzPbpfPLHpKHZBMHdAJIT yUJI 3NVixT 6ZCk5e YiFDcdXml1 jMoy1mjkB KjRR5Wafd1VzKol1lP1 t24Wf9Bst YMgo Read 576 bytes from stdin This command has added a new public key for the user Super who has role of a SuperUser assigned Use the following CLI command to verify that the new publickey has been added gt ssh publickey list Name Tony Role Size Fingerprint Administrator 432 b8 6d 15 db 82 3f 69 b7 9b
96. e SpeedTouch or alternative dormant configuration files manually stored on the SpeedTouch At start up the SpeedTouch will load the user ini configuration file residing in the dl directory Default configuration files e g isp def Depending on your ISP s or network administrator s preferences your Speedlouch may have a deviant default configuration after a reset The isp def file if present reflects this deviant default configuration Template files e g custom tpl Service template file used by the embedded Easy Setup wizard Language pack files e g German I Ing Files allowing to view the SpeedTouch Web Interface in a local language Per selectable language a language pack file should be available Secure storage files e g ss_p12 dat Secure storage data files containing certificate information for the SpeedTouch IP Security VPN module if enabled Flag and system files e g build flg config inf start cmd Protected files created by the SpeedTouch for file system and startup management For proper operation do not change or delete these files in any way Script files sts S D e d tO U C n E DOC CTC 20051017 0155 v1 0 The SpeedTouch access methods Restrictions Access methods vs system services Configuration via CLI Remote Assistance E DOC CTC 20051017 0155 v1 0 Chapter 8 SpeedTouch Remote Access opeedTouch Remote Access The SpeedTouch
97. e allowed select White List Start from a black list everything allowed leaving you to determine which categories are to be blocked select Black List Click Next Select or de select the content classes and subclasses you want to include or exclude Note that if you select a class all subclasses in that class are automatically included unless you select at least one subclass In that case only the selected subclasses are included Example Pornography Nudity Step Pornography Erotic Sex Swimwear Lingerie Ordering Online Shopping Auctions s Classified Ads Society Education Religian Governmental Organizations Non Governmental Organizations Cities Regions Countries Education Political Parties Religion CE ee eee es a L Sects If the filter is set to allow the sites targeted by the filter the above example will allow the following sites gt Sites related to swimwear or lingerie but no other nudity related sites No sites in the Ordering class In the Society Education Religion class only sites related to Non governmental organizations Cities Regions and Countries and political parties 8 Click Apply E DOC CTC 20051017 0155 v1 0 speedtouch 6 4 About Intrusion Detection How to View the Intrusion Detection statistics Possible Tasks E DOC CTC 20051017 0155 v1 0 Chapter 6 SpeedlTouch System Services Intrusion Detection and Protection The SpeedTouc
98. e the new configuration you must browse to the SpeedTouch Web Interface using its new IP address and click Save All aono Speedtouch Chapter 4 SpeedTouch Configuration Management 4 2 FIP access speedTouch configuration files Configuration Management via Telnet For more information on the file system of the SpeedTouch and how to access it via FTP see 7 The SpeedTouch File System on page 75 The SpeedTouch s last saved configuration is stored in the SpeedTouch dl subdirectory of the SpeedTouch file system 4 There may be a user ini file present in the system s active subdirectory 7 However this user ini only contains the saved configuration created before your latest software switch over and hence may be not up to date Therefore never use this user ini file for backup reasons Full read write access is only granted tn the dl subdirectory S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Chapter 4 SpeedTouch Configuration Management 4 3 The Contig CLI Command Group Introduction The config CLI command group allows the management of SpeedTouch configurations Following CLI commands are available in the config CLI command group gt help config Following commands are available save Store current configuration to backup file load Load saved or default configuration delete Delete a user configuration file flush Flu
99. e user ini file if the previous configuration was saved and reboots the SpeedTouch If there is an isp def file present in the dl directory it will load this file The isp def contains an Internet Service Provider specific configuration If no ips def file is present on the device the SpeedTouch will reboot with the hardware defaults Speedtouch Chapter 13 Resetting the SoeedTouch The Reset button On the back side of the SpeedTouch there is a resetbutton By pressing this button for three to six seconds the device will reboot and startup with the settings defined in the isp def if present The reset button can be disabled by executing the following command gt system config resetbutton disabled This command will disable the reset button on the back of the SpeedTouch In case of problems proceed as follows to enable the reset button again a Switch off the SpeedTouch 2o Press and hold the reset button Switch on the SpeedTouch Keep the reset button pushed in for ca 30 seconds Release the reset button S D e d tO U C n E DOC CTC 20051017 0155 v1 0 A 93 THOMSON BRAND O LA GGLO LLOLG00Z 9 19 90G J Pease s1YyBU y 9007 NOSWIOHL Need more help Additional help is available online at www speedtouch com A 93 THOMSON BRAND
100. ed when necessary i e when the ADSL line fails Configuring Callback In order to configure callback you need to do the following Action Configure the ISDN Dial In Connection Configure the PPP connection E DOC CTC 20051017 0155 v1 0 S D e d tO U C n 117 Chapter 9 The Integrated SoeedTouch ISDN Modem 9 3 1 How to Configure the ISDN Dial ln Connection Via the Web Interface Proceed as follows to configure the ISDN dial in connection via the Web interface to Go to Expert mode Click Connections Click Routed PPol Result on the page that appears you see a predefined connection called ISDN backup ss Interface s Destination Mode __ _ Link _____ State gt ISDN_backup ISDN On Demand not connected down lick New to create a new entry No ISDN softwarc kcy found Only limited support of the ISDN intcrfacc For full ISDN functionality you will nccd to acquire the ISDN software key Ask your Service Provider for more information Click the arrow to open the configuration pages for this connection Result the Parameters page appears Link parameters Interface ISP profile ISDN User parameters Usemame tastuser Password one ISDH parameters Dial number 00329528995 Link type Dialup 4 64 Kbps prp Oo Geca Connect Delete Cancel al Fill in the user name and password for the connection as well as the dial in
101. edtouch Chapter 10 SpeedTouch Monitoring 10 2 3 How to View the System Contact Name and Location Command Use the following CLI command to view the default configuration Administrator snmp gt config Default Configuration The default configuration is as follows SNMP System Contact Service Provider SNMP System Name SpeedTouch 620 SNMP System Location Customer Premises All SNMP traps DISABLED D ce d to UC he E DOC CTC 20051017 0155 v1 0 10 2 4 Configuring SNMPv1 on the SpeedTouch How to Configure the SNMPv1 Client E DOC CTC 20051017 0155 v1 0 How to Configure SNMPv1 The SpeedTouch supports SNMPv3 but is also backwards compatible with SNMPv1 However you need specific configuration procedures for this Basically you need to do the following in order to configure SNMPv1 gt Configure the SNMPv1 Client gt If applicable enable SNMPv1 traps Proceed as follows Create a new community snmp community add index RWCommunity securityname RWCommunity communityname private Create a new view snmp view add viewname all viewtree 1so type include securitymodel snmpvl securitylevel noAuthNoPriv readview all writeview all notifyview all Configure the community to have these group rights snmp securitytogroup modify securitymodel snmpvl securityname RWCommunity groupname test_groupname_write Configure a group with the required access rights to access that
102. eeeeeeeneeees 175 S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Contents 11 3 Command Line Interface Diagnostics 00cseeeeseneeseneeeeees 179 11 3 1 Abou t CLI DIAGNOSTICS i ciipeicccectesectessstnecasenesdenresadncteeinendendesmusedeotestenedextestansduennetoredectesss 180 11 3 2 Lower Layer Diagnostics sisscssccasic cesccsesetetsanecsanesctedascnesedndennneseostabnssesnebabiediendexadenededead 181 11 3 3 Router Services DIAGNOSTICS Sissi ccssccctseneddesanccotscestwanncsies sloxneucvarsiwoaueeocceaticenimiennaeend dace 184 11 3 4 Routing DIAQMOSTICS cccccceccececeeeeseneeeenneceneeeonececnececnneecnnsecnesecnesecensecnasecnaseoeassseneess 186 11 3 5 Ethernet DIAQMOSUCS siccnccecccecacczscxcccnmesedecetuncs descecaiedesueniuncs devercaucseinccemeacedescaeeaesincceecSess 189 1153 6 Mana ement DIAGMOSUCS sessed aaee eun aia 191 12 SLA Monitoring c cccccceeeeeeseeeeeseeeeeeseeseeeeesanees 193 13 Resetting the SpeedTouch aasassssessnnnnnnnnnnnnnnnnnnnnn 203 E DOC CTC 20051017 0155 v1 0 S D e e d tO U C h v Contents E wi S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Used Symbols Terminology Typographical Conventions Documentation and software updates E DOC CTC 20051017 0155 v1 0 About this Operator s Guide A note provides additional information about a topic A caution warns you about potential problems or specific precautions that need to be taken A t
103. emote management and a static mapping has been made to allow remote hosts to address regular SSH services on a host residing on your local network you must make sure that accessing the SpeedTouch Web Interface is still possible For more information on Hyper NAT see the SoeedTouch Hyper NAT Configuration Guide The default port for the SSH server is set to 22 This can be changed by executing the following command The command above will change the SSH server port of the SoeedTouch from port 22 default to port 35 gt service system list name SSH expand enabled Idx Name Protocol SrcPort DstPort Group Description SSH server Properties server Attributes state port aclip aclif aclifgroup map log User Managed Attributes state aclip aclif aclifgroup map log Attribute Values enabled Ip Access List Interface Access List Interface Group Access List lan disabled o NAT refinements for SpeedTouch services should never be made in the NAT configuration menu but always in System Services S D e d tO U C n E DOC CTC 20051017 0155 v1 0 0 9 Introduction Default HTTP service configuration Configuration via CLI commands E DOC CTC 20051017 0155 v1 0 Chapter 8 SpeedTouch Remote Access Remote FIP Access The SpeedTouch FTP interface is provided by the SpeedTouch FTP server Access to this server and hence the FIP interface is controlled by the SpeedTouch FTP service By
104. emote CAP20 Client application to your system You can access it via the Control Panel Proceed as follows to configure this client Use the Control Panel to start the Remote CAP20 Client application IF 192 1668 1 The IP address of the server you The UDP port on the server to The TCP P a Heed to will be connecting to connect to default 6789 connect to default 6789 Remote GAPI70 client capi forwording over TCF IF network Prerequisite You need to have RVS Communication Center or any other software that uses the Rcapi driver Procedure Proceed as follows to enable Remote CAPI via the Web Interface Ontonebinees home noraen 2 rine nevaren pore oe Swe 8 eese Savin a Terane O Use the following command sequence to enable RCAPI gt rcapi rcapi gt rcapi gt config RCAPID state disabled rcapi gt config state enabled S D e d tO U C n E DOC CTC 20051017 0155 v1 0 10 Speedlouch Monitoring Overview This chapter covers the following topics E DOC CTC 20051017 0155 v1 0 Topic 10 1 An Introduction to SNMP 10 2 SNMP configuration 10 3 The SpeedTouch Syslog 10 4 SpeedTouch Identification on AWS Speedtouch Chapter 10 SpeedTouch Monitoring See Page 134 139 Chapter 10 SpeedTouch Monitoring 10 1 Introduction SNMP in the speedTouch Overview An Introduction to SNMP The Simple Network Management Protocol SNMP is
105. er and send IP address updates to a dynamic DNS service server whenever the dynamically assigned public IP address has been changed The SpeedTouch offers you an embedded dynamic DNS client making the use of third party host applications running on a local computer superfluous Before you are able to use the SpeedTouch dynamic DNS client functionality you must first apply for a dynamic DNS account and DNS host name at one of the available dynamic DNS service providers available on the Internet The SpeedTouch supports by default the following dynamic DNS service providers DynDNS www dyndns org services dyndns StatDNS www dyndns org services statdns No IP Wwww no ip com DtDNS www dtdns com GnuDIP v v v v wv The SpeedTouch dynamic DNS client service can be configured via the CLI or the SpeedTouch Web Interface Below a short description on how to prepare your SpeedTouch for dynamic DNS using an imaginary account at the DynDNS dynamic DNS service provider using the CLI interface For more in depth information on the CLI see 2 SpeedTouch Command Line Interface on page 5 and the SpeedTouch CLI Reference Guide The procedure for enabling a dynamic DNS client consists of five steps 1 Adding a dynamic DNS host name 2 Adding a dynamic DNS client 3 Modifying the dynamic DNS client 4 Refining the dynamic DNS service settings optional 5 Enabling the Dynamic DNS Service
106. ervice settings list List all DynDNS services This allows you to view configure the pre configured dynamic DNS service providers or to create custom dynamic DNS service providers For a full description of the syntax of these commands see the Speedlouch CLI Reference Guide Speedtouch 51 Chapter 6 SpeedTouch System Services Example dynamic DNS subscription Adding a dynamic DNS host name Adding a dynamic DNS client For this example following dynamic DNS subscription is assumed at DynDNS www dyndns org ee Dynamic DNS host johndoe dyndns org 4 Depending on your dynamic DNS subscription some other more advanced options may be required or available e g multiple host names the Mail Exchanger MX host name update interval etc In a first step you must specify for which hostname s you want to enable the dynamic DNS service for According to the Example dynamic DNS subscription information following configuration must be done gt dyndns host add group MyDynDNSHost name johndoe dyndns org To allow multiple host names to be assigned to the same dynamic DNS service host names always reside in a group You are free to choose a group name it is only used for referring to the group during CLI configuration Add a dynamic DNS client entry gt dyndns add name MyDynDNS S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Modifying the dynamic DNS client E DOC
107. etepassive executed Change to the SpeedTouch dl subdirectory ftp gt ed dl 250 Changed to dl a S D e d tO U C n E DOC CTC 20051017 0155 v1 0 E DOC CTC 20051017 0155 v1 0 Chapter 3 SpeedTouch System Software Put the upgrade system software to the SpeedTouch dl subdirectory ftp gt put ZZUIAAS 411 200 Connected to 192 168 1 254 port 3638 150 Opening data connection for ZZUIAA5 411 226 Filesystem data garbage collection in progress This may take a while 226 File written successfully ftp 2314257 bytes sent in 5 05Seconds 464 90Kbytes sec As a result the system software file is stored on the dl subdirectory of the SpeedTouch In addition the SpeedTouch will automatically clean its file system Speedtouch Chapter 3 SpeedTouch System Software Mark system software file as Passive Software Version Activate the upgrade restored system software You must identify the system software you transferred to the SpeedTouch dl subdirectory as passive software version to allow the SpeedTouch to mark the file as system software Proceeding from the same FIP session you opened to transfer the file use the quote site software setpassive file lt file name gt command where lt file name gt represents the name of the system software file you transferred via the previous procedure ftp gt quote site software setpassive file ZZUIAA5 411 200 F
108. g again by clicking Deactivate For example in the figure shown above forwarding of Syslog messages Is enabled as the Deactivate button is shown Speedtouch Chapter 10 SpeedTouch Monitoring 10 3 3 Syslog via the CLI The Syslog CLI command group The SpeedTouch CLI syslog command group basically provides the same possi bilities as provided on the SpeedTouch syslog web page gt syslog help Following commands are available config Set Display configuration ruleadd Add a new rule to the syslog configuration ruledelete Delete a rule in the syslog configuration flush Flushes syslog rules list List the current syslog configuration Following command groups are available msgbuf gt syslog msgbuf help Following commands are available show Show messages in the syslog message buffer send Send messages to remote syslog server flush Flush all messages in syslog message buffer To display a listing of all generated syslog messages use following CLI command gt syslog msgbuf show lt 173 gt May 20 17 52 47 xDSL linestate up downstream 8000 kbit s upstream 800 kbit s output Power Down 7 0 dBm Up 8 5 dBm line Attenuation Down 0 0 dB Up 0 0 dB snr Margin Down 9 0 dB Up 6 0 dB lt 38 gt May 20 17 52 50 PPP PAP Authenticate Request sent lt 38 gt May 20 17 52 50 PPP PAP Authenticate Ack received lt 132 gt May 20 17 52 50 PPP Link up Internet 101 101 101
109. guration Management Put the configuration file to the SoeedTouch dl subdirectory ftp gt put config ini 200 Connected to 192 168 1 254 port 1657 150 Opening data connection for config ini t 226 File written successfully ftp 4472 bytes sent in 0 02Seconds 223 60Kbytes sec ftp gt You can check whether the configuration file was stored successfully by making a listing of the subdirectory s contents ftp gt dir 200 Connected to 192 168 1 254 150 Opening data connection for bin 1s rwxrwxrwx 1 0 0 20 Jun 29 1971 start cmd r rWXrWXrwX 2952448 Jun 29 1971 ZZUIAA5 314 9 Jun 29 1971 seed dat 729 Jun 29 1971 sslcert pem 908 Jun 29 1971 sslkey pem 0 Sapir 0 0 0 0 692 Jun 29 1971 sshdsa pem 0 0 0 se ee are Gre f 16 r r r 66920 Jun 29 1971 user ini 4056 Jun 29 1971 user tpl 34633 Jun 29 1971 security cfg rw rw r 0 447121 Jun 29 1971 config ini 226 Options l1 9 matches total ftp 600 bytes received in 0 00Seconds 600000 00Kbytes sec ftp 400 bytes received in 0 01Seconds 40 00Kbytes sec EFwxrwxrwx rw Lrw rw r rw rw r gt gt PRPrP RP PP RP PE ooo Cc Oo Oo oO Oo Speedtouch 37 Chapter 4 Applying a configuration stored on the speedTouch SpeedTouch Configuration Management To activate a configuration file stored on the SpeedTouch dl subdirectory the CLI command config load is used Below the syntax of the config load CLI comm
110. h actively protects your system against malicious intrusion You can view statistics on the intrusion attempts the SpeedTouch has detected Proceed as follows to see the intrusion statistics Go to the Basic configuration home page of the web interface the number of times each intrusion actually occurred In the Toolbox section click Intrusion Detection Result the Web Interface shows you a list of all possible intrusions and The Intrusion Detection page also shows a Pick Task section which has two possible tasks View the security logs View the security logs for more information about the intrusion Clear intrusion detection statistics Clears the intrusion detection statistics and resets all counters to zero To execute a task simply click it in the Pick a Task section Speedtouch 71 Chapter 6 SpeedTouch System Services 6 5 Remote Assistance About Remote Remote Assistance allows you to log on to the SpeedTouch from a remote Assistance location and perform tasks How to Set Up Remote Proceed as follows to set up Remote Assistance Assistance Step Action Go to the Basic configuration home page of the web interface In the Toolbox section click Remote Assistance Result the Web Interface shows the following page Remote Assistance Remote assistance is currently disabled By clicking on the Enable Remote Assistance button your SpeedTouch will be accessible from your hroadhan
111. have been standardized other parts may be specific to a device For the SpeedTouch a set of MIBs is provided on the Setup CD some being identical to the standard MIBs others specifically made for the SpeedTouch The available data covers statistics of the traffic through an interface errors and setup information For details of what information is available consult the MIB definitions at 10 1 2 MIBs Explained on page 136 SNMP has two basic commands gt Get gets the value of a specific parameter in a specific MIB gt Set sets the value of a specific parameter in a specific MIB Traps are SNMP notification messages sent from the SpeedTouch to a manager It is possible to configure where the traps are sent and which traps are sent Reading MIBs is harmless However some MIBs also contain sensitive security parameters Reading these parameters get may provide the user with information he should not have access to Writing to a MIB set can have severe consequences Therefore as a security measure it is not possible to set any behavior changing objects using SNMP Furthermore SNMP offers a possibility to restrict access to the SNMP MIBs by means of SNMP Community Names To have specific kinds of access to the SNMP MIBs the SNMP manager has to know the correct Community Name A Community Name serves as password and authentication On agent side a community name is associated with a specific MIB view w
112. hich MIB objects can be seen by a manager using that community name and an access policy read only or read write By default the SpeedTouch uses the default SNMP Community name for read only public For read write no community name is assigned It is recommended however that the user should change the default community names in a way to improve security In a saved configuration file user ini etc the Community names are encrypted to ensure confidentiality The SpeedTouch simultaneously supports SNMP V1 V2 and V3 This means that it can handle messages from all three versions The system forwards the message to the appropriate subsystem based on the version indicator in the SNMP message Speedtouch 135 Chapter 10 SpeedTouch Monitoring Chapter 10 SpeedTouch Monitoring 10 1 2 MIBs Explained Introduction As mentioned in Management Information Base on page 135 both the SpeedTouch SNMP agent and the SNMP manager rely on Management Information Base MIB files containing all relevant SNMP objects In the following all MIBs important for the SoeedTouch are described Additionally some of the most important and or interesting SNMP counters are shortly highlighted Standard MIBs Following MIBs are common standard MIBs that are relevant to monitoring the SpeedTouch All MIB manager implementations should provide these MIBs by default Updated copies of the MIBs have been provided on the Speed
113. ient Because the RTC does not have an automatic daylight saving switch you should update it manually at the correct moments twice a year The SpeedTouch contains a battery to allow the RTC to maintain the time even when the device is powered off and restarts This helps security because even when the NTP servers are temporarily inaccessible because of a power outage or network traffic overflow the SpoeedTouch has the correct time allowing to correctly correlate syslog events from various devices and perform correct diagnosis You can access the SpeedTouch SNTP page via Home gt SpeedTouch gt SNTP Administrator Save All CLI Help Home gt SpeedTouch gt SNTP ISNTP Manual Name IP Address Wersion Status e 10 50 2 20 ai synchronized Click New to create a new entry By default SNTP is disabled internal clocking refers to the SpeedTouch up time i e the time passed since last reboot S D e d tO U C n E DOC CTC 20051017 0155 v1 0 The Manual tab E DOC CTC 20051017 0155 v1 0 Select Manual to Administrator Home gt SpeedTouch gt SNTP Date and time settings Date dd rmm yyyy Time hhimmissi Timezone properties Timezone Daylight saving v v v wv Chapter 6 SpeedTouch System Services Save All CLI Help 2 Ai z eos 13 E M UTC 01 00 Amsterdam Bern Rome stockhalm w O Set a date manually
114. ineID localSnmpID authprot usmNoAuthProtocol privprot usmNoPrivProtocol targettag storage nonVolatile speedtouch Chapter 10 SpeedTouch Monitoring How to View the Communities Use the following command to view the communities snmp securiytogroup list This results in the following output securitymodel snmpvl securityname ROCommunity groupname V1ROGroup storage nonVolatile securitymodel snmpvl securityname RWCommunity groupname V1RWGroup storage nonVolatile securitymodel usm securityname SU groupname SU_Group storage nonVolatile securitymodel usm securityname user groupname Basic_Group storage nonVolatile securitymodel usm securityname LanAdmin groupname Extended_Group storage nonVolatile securitymodel usm securityname WanAdmin groupname WanAdmin_Group storage nonVolatile securitymodel usm securityname PowerUser groupname Extended_Group storage nonVolatile securitymodel usm securityname TechAdmin groupname SU_Group storage nonVolatile securitymodel usm securityname Administrator groupname SU_Group storage nonVolatile For backwards compatibility purposes some defaults were added S D eC d tO U C n E DOC CTC 20051017 0155 v1 0 10 2 11 SNMP Access Restriction How to Add an IP Address to the Access List How to Add an Interface Group to the Access List How to View the Configuration E DOC CTC 20051017 0155 v1 0 Chapter 10 SpeedTouch Monitoring How to Restrict SNMP
115. ined content levels or create your own The following is an example of part of a content level Ww Pornography Nudity Pornography Erotic Sex Swimwear Lingerie Ordering Online Shopping Auctions Classified Ads W Society Education Religion Governmental Organizations Cities Regions Countries Education Political Parties Religion Sects Illegal Activities Computer Crime W Criminal Activities Extreme Violence Extreme xx Games Gambling Gambling Oe Or Oe Oe OS ee Computer Games W Toys Non Governmental Organizations Political Extreme Hate Discrimination Warez Hacking Illegal Software Note that x marks forbidden content while v marks allowed content Overview This section covers the following topics E DOC CTC 20051017 0155 v1 0 Section 6 3 1 The Website Filtering Configuration Pages 6 3 2 How to Verify the Filtering Configuration 6 3 4 Configuring the Actions for Uncategorised Sites 6 3 5 How to Create an Address Based Filter 6 3 6 How to Create a Content Based Filter 6 3 7 How to Create a Content Level Speedtouch 61 Chapter 6 SpeedlTouch System Services Chapter 6 SpeedTouch System Services 6 3 1 The Website Filtering Configuration Pages Page Overview The website filtering section of the SoeedTouch web interface offers three pages Overview Allows you to view the filtering configuration
116. ing idle if no traffic is received Rx sent Tx or neither sent nor received RxTx D ce d to UC he E DOC CTC 20051017 0155 v1 0 Chapter 9 The Integrated SoeedTouch ISDN Modem 9 5 ISDN Remote CAPI About Remote CAPI Using RemoteCAPI the ISDN interface of the SoeedTouch can be used by PC applications that typically need an ISDN board integrated into the PC 4 The Remote CAPI function only works with PC applications using the Rcapi dll driver e g RVS COM About RVS COM RVS COM is an application that allows you to use voice based services such as gt sending and receiving faxes gt sending and receiving sms gt PC Answering machine with auto attendant It features an address manager and Outlook integration How to Install Remote Proceed as follows CAPI Delete the following file on your pc C windows system32 capi2032 dll Rename the file Rcapi you just copied to capi2032 dll Run rcapi exe located on the installation disk in the subfolder Remote_CAPI Copy the file reapi dll gt from the subfolder Remote_CAPI on the installation disk gt to the following location on your PC C windows system32 E DOC CTC 20051017 0155 v1 0 S D e e d tO U C h 131 Chapter 9 The Integrated SoeedTouch ISDN Modem How to Configure the Remote CAPI Client How to Configure Remote CAPI via the Web interface How to Enable Remote CAPI via CLI The above installation procedure adds the R
117. interval max retry members dyndns org 80 nic update 2097120s 30s 3 members dyndns org 80 nic update Os 30s 3 members dyndns org 80 nic update Os 30s 3 dynupdate no ip com 80 ducupdate php 86400s 30s 3 dtdns com 80 api autodns cfm 86400s 30s 3 speedtouch If needed or required by the dynamic DNS service provider you can change some details of the dynamic DNS service The Example dynamic DNS subscription at DynDNS requires no changes in the service settings as the pre configured settings should be adequate Below an overview of the default service settings per pre configured dynamic DNS service provider and the custom dynamic DNS service E DOC CTC 20051017 0155 v1 0 Enabling the Dynamic DNS Service Checking dynamic DNS client Resolving The Dynamic DNS Web Page E DOC CTC 20051017 0155 v1 0 Chapter 6 SpeedlTouch System Services In a final step you must enable the dynamic DNS client gt dyndns modify name MyDynDNS status enabled You can easily check whether the dynamic DNS client is successfully updating the SpeedTouch public IP address towards the dynamic DNS service provider s hostserver gt dyndns list MyDynDNS PPPoOE_1 CONNECTED options dyndns wildcard user JohnDoe MyISP com password x x x x addr 141 11 1 1 group MyDynDNSHost The Basic Web interface has a page on Dynamic DNS
118. ip provides an alternative method or shortcut to perform an action Generally the SoeedTouch 620 will be referred to as SpeedTouch in this Operator s Guide When we display interactive input and output we ll show our typed input in a bold font and the computer output like this Comments are added in italics Example gt language list CODE LANGUAGE VERSION FILENAME en english 4 2 0 1 lt system gt Only one language is available THOMSON continuously develops new solutions but is also committed to improve its existing products For more information on THOMSON s latest technological innovations documents and software releases visit us at www speedtouch com Speedtouch 1 About this Operator s Guide About this Operator s Guide 2 S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Chapter 1 Introduction 1 Introduction Overview Being a key component of your business network a good operation of the SpeedTouch is essential to gain maximum performance of your DSL connectivity Continuous management and diagnosis of the SpeedTouch should be performed to ensure a faultless operation of the SpeedTouch 24hours a day 7 days a week As such the SpeedTouch can be perfectly embedded in high quality networks Applicability This Operator s Guide applies to the SpeedTouch 620 Wireless Business DSL Router Contents This Operator s guide consists of 2 major parts gt Configur
119. is able to be placed in BOOTP mode allowing a BOOTP TFIP server to manage the SpeedTouch file system allowing the SoeedTouch to fetch the upgrade files from the BOOTP TFIP server It is recommended only to use the procedure described below in case you are familiar with the use of a BOOTP TFTP server and the mechanisms on which BOOTP is based Upgrading the system software via the procedure described below will reset the SpeedTouch to its factory default settings Therefore prior to performing an upgrade of the system software it is recommended to back up the SpeedTouch configuration You need a third party BOOTP TFIP server installed on the computer from which you want to perform the SpeedTouch system software upgrade Make sure that your computer is connected to the SpeedTouch via Ethernet In case of a SpeedTouch with USB connectivity please disconnect the USB interface if used to avoid communication errors during the system software upgrade o It is not possible to upgrade your SpeedTouch via a wireless connection You will need the SpeedTouch Medium Access Control MAC address of your SpeedTouch device Make sure a valid SpeedTouch system software image file is available on your local disk speedtouch 23 Chapter 3 SpeedTouch System Software Procedure To upgrade restore the SpeedTouch system software Make sure that your SpeedTouch is powered off and that a BOOTP TF
120. l 5 bypassrt disabled dffield disabled dsfield 0 sla traceroute modify test route gt starting the SLA The SLA traceroute process has been configured now You now need to start the process to do so use the following command Traceroute E DOC CTC 20051017 0155 v1 0 gt sla traceroute start test route gt Speedtouch Chapter 12 SLA Monitoring SLA Traceroute result Now that the SLA traceroute process has been started you can view the SLA traceroute results Use the following command gt sla traceroute list route owner modem dest 11 0 0 138 size 0 timeout s 3 probePerHop port 33434 maxTTL 30 InitialTTL frequency s 0 maxrows 50 maxfailures 5 createHopEntries no trapflag type UdpEcho storagetype nonVolatile descr srcaddr 0 0 0 0 intf none bypassrt no dsfield dffield no result Info status stopped currHopCount 1 currProbeCount 3 testAttempts 1 testSuccesses 1 lastGoodPath 02 01 70 06 02 22 242930 Speedtouch 0 E DOC CTC 20051017 0155 v1 0 Chapter 12 SLA Monitoring Following results will be displayed currHopCount Reflects the current TTL value range from 1 to 255 for a traceroute operation currProbeCount Reflects the current probe count 1 10 for a traceroute operation testAttempts The current number of attempts to determine a path to a target testSuccesses The current number
121. lan wan Map fa ec ea a a a ee 448 TOO GA eve cee ug Steere dee ers See res disabled o NAT refinements for SpeedTouch services should never be made in the NAT configuration menu but always in System Services speedtouch Chapter 8 SpeedTouch Remote Access 3 3 About Secure Remote Telnet Access and SSH Default Telnet service configuration Configuration via CLI commands 88 Remote Telnet Access The SpeedTouch Telnet host is provided by the SpeedTouch Telnet server Access to this server and hence the Telnet interface is controlled by the Telnet service By default the Telnet service is configured to let the Telnet server accept telnet sessions from LAN side only In addition the SoeedTouch provides SSH remote access SSH provides a more secure way of accessing the SpeedTouch CLI interface and should therefore be used Use the following CLI command to see the default Telnet service configuration gt service system list name TELNET expand enabled Idx Name Protocol SrcPort DstPort Group 1 TELNET Description Virtual Terminal Properties server Managed parameters state port acl map log Interface Access List Ip Access List NAT Port List To have Telnet access via WAN additional configuration of the SpeedTouch Telnet service is needed Use the following CLI command to allow WAN Telnet access to the SpeedTouch gt service system ifadd name TELNET group wan gt
122. lash image 5 4 0 10 0 200 Active SW ZZUIAA5 40A 5 4 0 a 0 200 Passive SW ZZUIAA5 411 5 4 0 a 0 200 200 CLI command software version executed ftp gt To activate the upgrade or restored system software the same mechanism as used via the Web Interface is valid the system software files are switched Proceeding from the same FTP session you opened in the previous procedures use the quote site software switch command to restart the SpeedTouch and activate the newly uploaded upgrade system software ftp gt quote site software switch 200 Connection closed by remote host ftp gt During restart the SpeedTouch will switch the passive and active system software files and mark the newly uploaded system software as active software version Due to the restart of the SpeedTouch any open FIP or Telnet session will be closed S D e d tO U C n E DOC CTC 20051017 0155 v1 0 3 2 9 system software management Important note Before you start E DOC CTC 20051017 0155 v1 0 Chapter 3 SpeedTouch System Software Manual System Software Management via BOOTP TFIP server The SpeedTouch system software can also be updated based on BOOTP a standard mechanism used for booting diskless stations The SpeedTouch Upgrade Wizard is based on a BOOTP TFITP server For more information on how to upgrade the SpeedTouch using its Upgrade wizard please see the User s Guide The SpeedTouch
123. lete a manager destination use Destination Administrator snmp gt target delete name lt target_name gt D ce d to UC he E DOC CTC 20051017 0155 v1 0 10 2 8 About Reading SNMP Parameters SNMP get SNMP getnext E DOC CTC 20051017 0155 v1 0 Chapter 10 SpeedTouch Monitoring How to Read SNMP Parameters via the CLI The snmp get snmp getNext and snmp walk commands allow you to Get GetNext or Walk SNMP settings and or counters from a MIB object The MIB object is identified by the MIB object s ID This is only used for ebugging purposes Use the following CLI command to read a specific object ID Administrator snmp gt get objectid lt string gt With objectID the MIB ID of the object This must include the instance which is 0 for scalar objects e g 1 3 6 1 2 1 1 1 0 or sysDescription 0 Example To update the traffic load use 10 94 1 1 7 1 12 601 Administrator snmp gt 1 3 6 1 2 1 VB_counter 1 3 6 1 2 1 10 94 1 1 7 1 12 601 84275 Administrator snmp gt 1 3 6 1 2 1 10 94 1 1 7 1 12 601 VB_counter 1 3 6 1 2 1 10 94 1 1 7 1 12 601 84277 Administrator snmp gt 1 3 6 1 2 1 10 94 1 1 7 1 12 601 1 1 1 7 1 12 601 84278 1 10 94 1 1 7 1 12 601 1 84279 VB_counter 1 3 6 1 2 1 10 94 Administrator snmp gt 1 3 6 1 2 VB counter Pa ere Jaren reed rae cae eres 6 ee 4 Olea ered ras ed aera es ape 6 Use the following CLI command to get the next available object ID
124. ls retryinterval numeric If the connection fails and restart is enabled the system will retry establishing the connection after this interval C ladrress IP address Local IP address of the PPP connection This is completed automatically when establishing the connection Do not fill it in manually radress IP address Remote IP address of the PPP connection This is completed automatically when establishing the connection Do not fill it in manually netmask Format depends on Netmask for the ppp connection the format setting This is completed automatically when establishing the connection Do not fill it in manually format cidr dotted or none Set the format of the netmask to cidr or dotted or use no netmask savepwd enabled or disabled Save the pasword After establishing the ppp link for the first time you no longer need to provide it for subsequent connections speedtouch Chapter 9 The Integrated SoeedTouch ISDN Modem demanddial enabled or disabled Enable or disable dial on demand DoD This means that the system will engage the ISDN backup if the DSL line fils doddelay numeric in s Delay during which DoD is Default 120 disengaged This interval is meant to allow the DSL line time to synchronize secdns ip address IP address of the secondary dns server idletime numeric If the connection is idle for this amount of time the link is disconnected idletrigger Rx Tx or RxTx Consider the link as be
125. lter Proceed as follows In the last row of the table enter the URL of the web site for which you want to create an entry in the filter Select the action to be taken Block Allow or Redirect In case of Redirect enter the address to which you want to redirect Click Add Repeat steps 5 to 7 for each entry you want to create in the filtering table If necessary select Use Address Based Filter and click Apply Proceed as follows to modify an entry in the filter table Go to the row you wish to change and click the corresponding Edit Modify the entry and click Apply To undo the changes click Cancel Proceed as follows to delete an entry in the filter table K Go to the row you wish to delete Click the corresponding Delete speedtouch 67 Chapter 6 SpeedTouch System Services Chapter 6 SpeedTouch System Services 6 3 6 About Content Levels Procedure How to Create a Content Based Filter Content levels determine which web sites will be targeted by the filter based on their content There are 5 pre defined content levels Legal Allow all except illegal extreme spam and spyware websites Teenagers Block illegal adult extreme online ordering amp gambling and spyware websites Children Allow only children safe websites BlockAll Block all categorized web sites Proceed as follows to create a content based filter If necessary create a new content level or modif
126. mmand to add the user to the group snmp securitytogroup add securitymodel usm securityname Musclor groupname Grayskull Use the following command to enable the SNMP service if necessary service system modify name SNMPV3_AGENT state enabled For a more detailed description of these commands and their parameters refer to the CLI command guide S D e d tO U C n E DOC CTC 20051017 0155 v1 0 How to View the Users E DOC CTC 20051017 0155 v1 0 Use the following command to view the users Chapter 10 SpeedTouch Monitoring snmp user list This results in the following output securityname SU snmpenginelID localSnmpID authprot usmNoAuthProtocol privprot usmNoPrivProtocol targettag storage nonVolatile securityname user snmpenginelID localSnmpID authprot usmNoAuthProtocol privprot usmNoPrivProtocol targettag storage nonVolatile securityname LanAdmin snmpengineID localSnmpID authprot usmNoAuthProtocol privprot usmNoPrivProtocol targettag storage nonVolatile securityname WanAdmin snmpengineID localSnmpID authprot usmNoAuthProtocol privprot usmNoPrivProtocol Largettag storage nonVolatile securityname PowerUser snmpenginelID localSnmpID authprot usmNoAuthProtocol privprot usmNoPrivProtocol targettag storage nonVolatile securityname TechAdmin snmpengineID localSnmpID authprot usmNoAuthProtocol privprot usmNoPrivProtocol targettag storage nonVolatile securityname Administrator snmpeng
127. monitoring of the system s performance operation and connection status You can access the diagnostics either with the Web interface or via CLI The Web interface also provides a page showing the entire office network This chapter covers the following topics The Office Network Web Page 172 The Diagnostic Web Page 175 Command Line Interface Diagnostics 179 Speedtouch 171 Chapter 11 SpeedTouch Advanced Diagnostics 11 1 The Office Network Web Page About the Office The Office Network Web page shows all devices on the LAN and their main Network Web Page characteristics m Office Network tq Wireless wan SpeedTouch9s9CBF S4Mbps E Ethernet ethporti LO0Mbps aooods Unknown O0 0e 35 d3 62 b0 ethpoarte f100Mbps ethpoarts f100Mbps ethport4 f100Mbps How to Access the Proceed as follows Office Network Page Go to the Basic Web Interface Do one of the following gt Click the Office Network option in the navigation pane gt Click the Office Network icon on the Basic home page Additional Pages There are two additional pages available in the Office Network submenu gt Devices provides an overview of all devices gt Interfaces provides an overview of all interfaces To access these pages click on the corresponding option in the navigation pane 172 S D 2 d tO U C n E DOC CTC 20051017 0155 v1 0 The Devices Page E DOC CTC 20051017 0155 v1 0
128. more information refer to the DSL Forum s technical report TR 069 CPE WAN Management Protocol In any regular scenario the ACS sets all connection request parameters to their required values when the SpeedTouch connects to the ACS for the first time Architecture The diagram below shows the CWMP architecture for the SpeedTouch ACS Server Customer premises network SpeedTouch DSLAM Supported Features The TR 069 functionality as supported by the SpeedTouch has the following features gt Start up mechanism including Remote Inventory with support of SSL and DNS name resolution for ACS gt Transfer of files firmware configuration file script file gt Data model supporting the following use cases auto provisioning integrated service activation wireless LAN diagnostics Configuration Options Itis impossible to configure the CWMP parameters via the Web interface Only CLI commands can be used 3 D aa d to UC he E DOC CTC 20051017 0155 v1 0 How to View the Configuration How to Configure CWMP Syntax E DOC CTC 20051017 0155 v1 0 Chapter 8 SpeedTouch Remote Access From the main prompt use the following command to view the CWMP Parameters gt cwmp gt cwmp config This results in the following type of output on the screen providing an overview of all parameters and their values State disabled Mode f LlLl Max Envelopes te Session Timeo
129. ng the local hosts to share a single remotely negotiated public IP address In case Hyper NAT is enabled on the WAN interface that will be used for remote management and a static mapping has been made to allow remote hosts to open a Telnet session to a host residing on your local network you must make sure that Telnet access to the SpeedTouch CLI is still possible L For more information on Hyper NAT see the SpeedTouch Hyper NAT Configuration Guide The default port for the Telnet server is set to 23 This can be changed by executing the following command gt service system modify name TELNET state enabled port 50 gt The command above will change the Telnet server port of the SpeedTouch from port 23 default to port 50 gt service system list name TELNET expand enabled Idx Name Protocol SrcPort DstPort Group 1 TELNET tep 50 Description s ssssscs eseo Virtual Terminal Propertie Sessa sd di dd fE ea Sar server ACEriDUTeS 454s ee e e ee ee a a state port aclip aclif aclifgroup map log User Managed Attributes state port aclip aclif aclifgroup map log Attribute Values eee S aaaea caaeaae ee enabled EE N EEE at E ora E 50 Ip Access LiSt sssssseo any Interface Access List any Interface Group Access List lan wan Map GLS ee ae ee aiaei 50 TOO GAM eve cee ug Steere des ara See ares disabled o NAT refinements for SpeedTouch services should never be made in the NAT configuration menu
130. nnection Type PPPoA kBytes Tx Rx 0 0 Username cpesit rednet Password SEAR ok Last Connection Error None Uptime 00 45 32 IP Connectivity ziri IP PPP ATM This section shows per WAN connection relevant information on Connection type and basic properties IP related characteristics of the connection If applicable PPP related characteristics ATM related characteristics You can check IP connectivity per WAN connection or for all WAN connections via the check IP connectivity button 178 E DOC CTC 20051017 0155 v1 0 Speedtouch Chapter 11 SpeedTouch Advanced Diagnostics 11 3 Command Line Interface Diagnostics Overview This chapter covers the following topics E DOC CTC 20051017 0155 v1 0 Topic About CLI Diagnostics Lower Layer Diagnostics Router Services Diagnostics Routing Diagnostics Ethernet Diagnostics Management Diagnostics Speedtouch See Page 180 181 184 186 189 191 179 Chapter 11 SpeedTouch Advanced Diagnostics 11 3 1 Introduction Accessing the CLI Diagnostical CLI commands Traces About CLI Diagnostics This section describes some of the diagnostics available from the Speed Touch Command Line Interface CLI For a full description of the CLI commands see the SpeedTouch CLI Reference Guide for more information You can access the CLI through gt The SpeedTouch CLI Web Interface gt A Telnet session g
131. nnections The QOS information received via the management channel will create dynamic qosbook entries This information shall be available on the CLI This information shall not be saved The VP VC information received via the management channel will dynamically add for example an enabled LLC SNAP Bridged interface or an attached PPPoE relay interface depending on the received TR 37 information on the SpeedTouch A CLI command is available to set the Auto configuration mode between ACTIVE PASSIVE and PSEUDO gt autopve config mode active gt 4 The third option PSEUDO is used for the SpeedTouch with ATMFORUM that is using the VP 0 Use the following command to display the information retrieved via ILMI gt autopve list Address Type Class BestEff Parl Par2 Pars Parad Pars 8 36 CBR c0 UBR 1 ubr Enabled Tx 120 24 2048 12 12 CBR cO UBR 1 Rx 120 24 24 0 0 gt Speedtouch Chapter 11 SpeedTouch Advanced Diagnostics 11 3 3 Router Services Diagnostics DHCP Following DHCP statistics are available gt dhcp client debug stats Displays statistics of SoeedTouch s DHCP client gt dhcp server debug stats Displays statistics of SpeedTouch s DHCP server gt dhcp relay debug stats Displays statistics of SpeedTouch s DHCP relay Below some examples are provided gt dhcp server debug stats DHCP server state Running DHCP server statistics Corrupted packet rec
132. ntention to keep this configuration you should save it Whenever you alter the configuration of the SpeedTouch via the basic Web Interface all changes are saved automatically You can save the configuration manually in two ways gt Click Save Allin the Topics menu of the SpeedTouch Expert Mode Web Interface gt Enter saveall from the CLI prompt Result The system creates a user ini text file on the SoeedTouch dl subdirectory This file contains all CLI commands needed to reproduce the configuration present at the moment it was saved You can make backup files of the SoeedTouch configuration for later use Backing up saved SpeedTouch configurations can be done via the Speed Touch Web Interface or via FTP The SpeedTouch file system allows you to store multiple configuration files Via the CLI you are able to apply one of these whenever needed without the need of uploading a configuration file each time you want to switch to a new configuration Speedtouch 25 Chapter 4 SpeedTouch Configuration Management 4 1 Configuration Management via the Speed l ouch Web Interface Basic and expert mode The SpeedTouch features two ways of managing its configuration via the Web Interface gt Via the basic Web Interface gt Via the expert Web Interface Backing up Proceed as follows configurations via the basic Web Interface Step Action Open a web browser and go to the SpeedTouch
133. nterface for remote assistance purposes For more information refer to Chapter 6 section 6 5 Remote Assistance on page 72 Speedtouch Chapter 8 SpeedTouch Remote Access The interface access list of a service contains the interface groups from where a user is allowed access to that specific service The interface access list can contain 1 or more of the following groups Interface access list gt lan the local or corporate network gt local the serial console cable gt wan the Internet It is possible to use IPSec to protect remote management You can either use IPSec tunnel mode or IPSec transport mode For more details refer to the IPSec configuration guide IPSec Protection D ce d to UC he E DOC CTC 20051017 0155 v1 0 3 1 Introduction Default HTTP service configuration Configuration via CLI commands E DOC CTC 20051017 0155 v1 0 Chapter 8 SpeedTouch Remote Access Remote Web Interface Access The SpeedTouch web interface is provided by the SpeedTouch HTTP web server Access to this server and hence the web interface is controlled by the HTTP service By default the HTTP service is configured to let the web server accept http requests from LAN side only In addition the SoeedTouch provides HTTPs access This provides a more secure way HTTP over ssl of accessing the SpeedTouch HTTP web server Use the following CLI command to see the default HTTP se
134. odule Firewall module HTTP module IPSec VPN module Linestate module Login authentication module NAPT module PPP dial in client module Relayed PPPoA PPTP module BGP OSPF RIP module Routing module SIP multi media PBX module SNTP client module Speed Touch kernel module System software module UPnP module Depending on the triggering event fixed messages are generated For a complete listing of the possible syslog messages see SpeedTouch CLI Reference Guide E DOC CTC 20051017 0155 v1 0 Speedtouch Chapter 10 SpeedTouch Monitoring hed pt gee The Syslog web page syslog via the Web Interface The SpeedTouch Syslog web page allows users to view all or a selection of syslog messages the SpeedTouch has generated Browse to the SpeedTouch Expert pages and open the Syslog pages via Home gt SpeedTouch gt Syslog Messages Configuration Message buffer view options Facility all g Severity debug Refresh rate seconds 30 AutoRetresh Facility PE ee May 20 17 52 50 locali debug GRP Default destination is routed via gateway 101 101 101 166 May 20 17 52 50 local0 eens PPP link up Internet 101 101 101 16 May 20 17 52 50 auth info PPF PAF Authenticate Ack received auth ara May 20 17 52 50 PPP PAP Suthenticate Request sent May 20 17 52 47 eas Sere xDSL linestate up downstream 8000 kbit s upstream 800 kbit s output Power Do
135. oftware switch CLI command 4 After restart remove the software keys now residing in the dl directory via an FIP session For more information on System software upgrades and management see 3 SpeedTouch System Software on page 15 For information on SpeedTouch FTP access see 7 The SpeedTouch File System on page 75 S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Chapter 6 SpeedTouch System Services Speedtouch System Services Overview This chapter covers the following services Simple Network Time Protocol SNTP Website Filtering E DOC CTC 20051017 0155 v1 0 S D e d tO U C n 49 Chapter 6 SpeedTouch System Services 6 1 Introduction Applying for the dynamic DNS service Dynamic DNS client configuration Preparing the speedlouch dynamic DNS client speedTouch Dynamic DNS Dynamic DNS is a mechanism offered by several dynamic DNS service providers available through the Internet that allows the mapping of a worldwide resolvable static DNS host name to a dynamically and temporarily assigned public IP address used for Internet connectivity This allows you to offer basic Internet services to the world wide web through a DNS host name without the need for obtaining a static and worldwide unique public IP address In most cases dynamic DNS service providers offer various host applications which run in background on a local comput
136. ored on your local disk to the SoeedTouch software to the speedTouch proceed as follows Open an FTP session to the SpeedTouch At the user name prompt enter a user name At the password prompt if applicable enter the SpeedTouch system password see The SpeedTouch Multi Level Password Configuration Guide C gt f tp lt SpeedTouch IP address gt Connected to lt SpeedTouch IP address gt 220 Inactivity timer 120 seconds Use site idle lt secs gt to change User lt SpeedTouch IP address gt none JohnDoe 331 SpeedTouch 00 90 D0 01 02 03 User JohnDoe OK Password required Password 230 OK Enter binary file transfer mode Optionally you can enable hashing ftp gt bin 200 TYPE is now 8 bit binary ftp gt hash Hash mark printing On ftp 2048 bytes hash mark Use the quote site software version command to check whether a passive system software version is stored in the dl subdirectory ftp gt quote site software version 200 Flash image 5 4 0 10 0 200 Active SW ZZUIAA5 40A 5 200 Passive SW ZZUIAA5 40A 5 200 200 CLI command software version executed In case a passive software version is found use the quote site software deletepassive command to delete it ftp gt quote site software deletepassive 200 Flash image 5 4 0 10 0 200 Active SW ZZUIAA5 40A 5 4 0 a 0 200 Passive SW 200 200 CLI command software del
137. peedTouchd89CBF S4Mbpsi dmzi fdmz 4 3 questi quest 5 To see more details of a specific interface click on the corresponding interface name e g lan1 in the above example Interface lani Interface Information Interface Group lan TCP IP Configuration Auto IP Disabled Use DHCP Server Enabled IP Addresses IP Address Mask Type 10 0 0 138 24 Static 192 168 1 254 24 Static DHCP Pools DHCP Pool Name Address Range Gateway LON private 192 168 1 64 192 168 1 253 192 168 1 254 174 S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Tie Introduction Opening the SpeedTouch Diagnostic Web Interface Navigation and action buttons E DOC CTC 20051017 0155 v1 0 The Diagnostic Web Page In this section the Diagnostic Web Page is described Proceed as follows 1 2 3 Open a web browser an go to the SpeedTouch Web Interface Go to the Expert Mode pages Open the diagnostic pages via Home gt SpeedTouch gt Diagnostics Administrator Save All CLI He Home gt SpeedTouch gt Diagnostics t Expand All El Collapse All System AIP Connectivity Refresh Following navigation and action buttons are available a Diagnostics topics Collapse Diagnostics topics Refresh the Diagnostics readings Test IP connectivity WAN access Speedtouch 175 Chapter 11 SpeedTouch Advanced Diagnostics Chapter 11 SpeedTouch Advanced Diagnosti
138. r 10 0 0 110 taglist Trap_tag params Trap_params Use the following command sequence snmp config traps enabled service system modify name SNMPV3_TRAPS state enabled For more information about these commands refer to the CLI Command Guide Speedtouch 159 Chapter 10 SpeedTouch Monitoring 10 3 Introduction WELF Compliancy The SNMP service The SNTP client The SpeedTouch Syslog Syslog is a basic uncomplicated yet powerful method to administer a network device as the SpeedTouch By generating syslog messages the SpeedTouch is able to inform network managers about the general state of the device and to record events which can be retrieved for later analysis and diagnosis This chapter describes how to use the SpeedTouch Syslog deamon All syslog messages are compliant with Webtrend Extended Log Format WELF formatting Next to Syslog the SpeedTouch supports SNMP for extended device management For more information on SNMP see 10 1 An Introduction to SNMP on page 134 Because it is not only important to know which events occurred but also when the SpeedTouch features an integrated real time clock This clock supports SNTP Simple Network Time Protocol synchronization with one of Internet s many relating NTP servers For more information on the configuration and use of the SpeedTouch SNTP client see 6 2 The SpeedTouch SNTP Client on page 56 S D e d
139. re eee wren ove server ACCriD TCES ee ee a ee ee state port aclip aclif aclifgroup map log User Managed Attributes state aclip aclif aclifgroup map log Attribute Values DLAs 64 5 hed Bee RE E enabled POC s 6 4 9 4 e ward a eee oe eae eae 22 Ip Access Lisl ta bela tes wan any Interface Access List any Interface Group Access List lan wan Map Mime Gt yaihis ct oa ae oe ae 22 LOJI LAG ciaee iee e i eE a E E disabled S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Refinement of the Service E DOC CTC 20051017 0155 v1 0 Chapter 8 SpeedTouch Remote Access If needed the service can be fine tuned to restrict the allowed traffic to gt A single IP address gt A subnet gt A range of IP addresses Use the following CLI command to restrict the allowed traffic to 1 IP address gt service system ipadd name SSH ip 192 6 11 5 Use the following CLI command to restrict the allowed traffic to a subnet gt service system ipadd name SSH ip 192 6 11 0 24 Use the following CLI command to restrict the allowed traffic to a range of IP addresses gt service system ipadd name SSH ip 192 6 2 55 2 55 speedtouch Chapter 8 SpeedTouch Remote Access Hyper NAT Refinements The SpeedTouch features a powerful Hyper NAT engine allowing the local hosts to share a single remotely negotiated public IP address In case Hyper NAT is enabled on the WAN interface that will be used for r
140. roups for that level Below an example is provided of executing help from the firewall command group selection gt firewall help Following commands are available config Display Modify firewall configuration list Display firewall configuration flush Flush firewall configuration Following command groups are available chain debug level Executing help firewall from top level gives the same result Entering help followed by a specific command for example help firewall list starting from top level or help list entered from within the firewall command group selection results in a description of the syntax for the command gt help firewall list Display firewall configuration Syntax list format lt pretty cli gt Parameters format lt pretty cli gt The format of the firewall list Executing help all from top level will generate the complete listing of all available CLI commands including syntax description If entered from within a CLI command group the listing of all available CLI commands from that CLI command group including syntax description are shown The CLI features command completion which means that when starting to type a command it can be completed by pressing TAB For the completion to be successful the part already typed has to be unique Completion works for the command groups for the commands and the options but not for values For example typing the letter
141. rvice configuration gt service system list name HTTP expand enabled Idx Name Protocol SrcPort DstPort Group State enabled HTTP web server Description Properties server state port acl map log lan local Managed parameters Interface Access List Ip Access List NAT Port List For WAN access you should use HTTP For this additional configuration of the HTTP service is needed Use the following CLI command to allow HTTP access from the WAN to the SpeedTouch gt service system ifadd name HTTP group wan gt If you take a look at the HTTP service configuration you will see that the wan group is added to the Interface Access List gt service system list name HTTP expand enabled Idx Name Protocol SrcPort DstPort Group State 1 HTTP tcp 80 enabled Description s ssss eseese HTTP web server Properties i cese aa deee ga aaa server Managed parameters state port acl map log Interface Access List lan local wan Ip Access Lise lt 4sa4neee ee te any NAT Port LSe ass tae agus 80 Speedtouch Chapter 8 SpeedTouch Remote Access Refinement of the If needed the service can be fine tuned to restrict the allowed traffic to service gt A single IP address gt A subnet gt A range of IP addresses Use the following CLI command to restrict the allowed traffic to 1 IP address gt service system ipadd name HTTP ip 192 6 11 5 gt Use the following CLI comman
142. s How to Configure the Traps speedtouch 140 142 145 143 Chapter 10 SpeedTouch Monitoring 10 2 1 Default Setting Command How to Allow Access to the SNMP Agent By default access to the SNMP Agent is disabled Before you are able to use SNMP you must enable it Use the following command to allow access to the SNMP Agent service system modify name SNMPV3_AGENT state enabled S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Tee About the SNMP Service Command E DOC CTC 20051017 0155 v1 0 Chapter 10 SpeedTouch Monitoring How to View the SNMP Configuration The SpeedTouch SNMP service controls all SNMP traffic from and towards the SpeedTouch By default no restrictions apply regarding SNMP traffic from and towards the local network However SNMP traffic from and towards the WAN will be blocked Use the following command to view the SNMP configuration service system list name SNMPV3_AGENT expand enabled This returns the following output Description Rx snmp GET SET and GETNEXT PDUs Properties server Attributes state port aclip aclif aclifgroup map log User Managed Attributes state aclip aclif aclifgroup map log Attribute Values administratively disabled Ip Access List Interface Access List Interface Group Access List any disabled You can the same command to view the SNMPV3 Traps service system list name SNMPV3_TRAPS expand enabled Spe
143. sage to discover the hops taken along a path to the final destination Both probe types UDP and ICMP are encapsulated into an IP packet and thus have a TTL field that can be used to cause a path rejection SLA Traceroute The SLA trace route process can be configured by executing the following CLI configuration command gt sla traceroute add test route addr 11 0 0 138 gt The following parameters are mandatory test this is just a name to identify the trace route test gt addr this is the peer IP address of which we want to trace the route E DOC CTC 20051017 0155 v1 0 S D e d tO U C n 197 Chapter 12 SLA Monitoring Now that we defined an SLA ping test we need to configure the test The following parameters can be configured test The name of the traceroute string test to configure size The size of the data portion to number 0 20000 be transmitted in a traceroute request timeout The timeout value in seconds number 1 60 for a traceroute request probePerHop The number of times to number 1 10 reissue a traceroute request with the same time to live value port The UDP destination port number 1 65535 number to send to max Itl The upper limit onthe number number 1 255 of routers through which a packet can pass The initial time to live value number 0 255 createHopEntries Enables creation of traceroute disabled or enabled hop table frequency The number of seconds to wait number 0
144. sh the loaded configuration list Show the current configuration set dump Show the saved configuration file gt config CLI commands Below the CLI commands available for SpeedTouch configurations are shortly described For more information see the SpeedTouch CLI Reference Guide gt config save Allows to save the current configuration of the SpeedTouch to a user ini file in the dl subdirectory gt config backup filename lt user configuration filename gt Allows to save the current configuration of the SpeedTouch to a configuration file in the dl subdirectory You are able to choose a filename of your own choice for the backup file gt config dump Allows to view a dump of the stored user ini file E DOC CTC 20051017 0155 v1 0 S D e e d tO U C h 31 Chapter 4 SpeedTouch Configuration Management Applying a configuration To activate a configuration file stored on the SpeedTouch dl subdirectory the stored onthe CLI command config load is used Speedlouch Following CLI commands are available in the config load CLI command group gt help config load Load saved or default configuration Syntax load load_ip lt disabled enabled gt defaults lt disabled enabled gt flush lt enabled disabl ed gt echo lt disabled enabled gt filename lt string gt Parameters load_ip lt disabled enabled gt Load IP settings or no
145. shing the link fails If the connection fails and restart is enabled the system will retry establishing the connection after this interval enabled or disabled Enable or disable passive mode enabled or disabled Enable or diable silent mode enabled or disabled Enable or disable echo C ladrress IP address o netmask Format depends on the format setting Local IP address of the PPP connection This is completed automatically when establishing the connection Do not fill it in manually Remote IP address of the PPP connection This is completed automatically when establishing the connection Do not fill it in manually Netmask for the ppp connection This is completed automatically when establishing the connection Do not fill it in manually format cidr dotted or none Set the format of the netmask to cidr or dotted or use no netmask savepwd enabled or disabled speedtouch Save the pasword After establishing the ppp link for the first time you no longer need to provide it for subsequent connections E DOC CTC 20051017 0155 v1 0 E DOC CTC 20051017 0155 v1 0 Chapter 9 The Integrated SoeedTouch ISDN Modem demanddial enabled or disabled Enable or disable dial on demand DOD This means that the system will engage the ISDN backup if the DSL line fils doddelay numeric in s Delay during which DOD is Default 120 disengaged This interval is meant to allow the DSL line time to synchroni
146. ssaeeeeses 146 How to Configure the SNMP TarQet cccsssccccssseeceeseeceeeeeeeeaseeeeaeeeesanseessaeeessaeeeeses 147 How to Read SNMP Parameters via the CLI cccccceseceeeeeeeseeseeesaeeeesaaeeessaeeesees 149 How to Allow Remote SNMP ccccccccsscecceeceeseeeeeceeseecsaeeessueeessueeessaeeeesageessaeeeesaaes 151 How to Add an SNMP US6L ccccceeceecesseeceeeceesaeceesaeceesaaeeessaeeessaeeessageessaeseessageesnes 152 How to Restrict SNMP ACCESS sioctscictedoceGebescetiadache cctancenseesacstenwseticcsesinceseueajeomonseenncss 157 How to Configure the TrapS sssssssunsnsunnnsnnnnenrrnnnnrnnnnrrrnnnnnnnnnnnnnnnnnnrnnnnnnnnnnnnennnnennne 158 The SpeedTouch Syslog 2 ccceeeeneceeeneneeenseneeeneneneenenneeeees 160 The SpeedTouch Syslog Daemon s ssasssssssnsnnnnnnnrsnnrrrnnrrrnnnnnnnnrnnnnrnnrrnnnnnnnnnnnnnnennnnne 161 Syslog via the Web Interface ccccccccseseccceseeeeseeeeesaeeecceseesaaseessaseeesaeeeeseeseesageeess 164 Syslog Idle i d C Elsore iE rre eer rerer eeer 166 Remote Syslog Notification ccccccccccsssccceeeseeceeseeceeceeseseeeeaeeessaeeesanseessgeeessaeeeesas 167 SpeedTouch Identification on AWS ccceeeneeeeeeeeeeeeneeeeee 169 SpeedTouch Advanced Diagnostics 0 171 The Office Network Web Page 0c scessseeessneeeesnneesenneeeees 172 The Diagnostic Web Page 0cccssseceeesenneeeeeeneeeeeeene
147. ssword required Password 230 OK ftp gt ftp gt quote site saveall 200 200 CLI command saveall executed Enter binary file transfer mode Optionally you can enable hashing ftp gt bin 200 TYPE is now 8 bit binary ftp gt hash Hash mark printing On ftp 2048 bytes hash mark Change to the SpeedTouch dl subdirectory from which you want to get the latest configuration file from ftp gt ed dl 250 Changed to dl If required save the current SoeedTouch configuration via the quote site saveall command E DOC CTC 20051017 0155 v1 0 S D e e d tO U C h 33 Chapter 4 SpeedTouch Configuration Management Optionally you can make a listing of the subdirectory s contents ftp gt dir 200 Connected to 192 168 1 254 150 Opening data connection for bin 1s r rWXrWXrWwXx 1 0 20 Jun 29 1971 start cmd 2952448 Jun 29 1971 ZZUIAA5 314 9 Jun 29 1971 seed dat 729 Jun 29 1971 sslcert pem 908 Jun 29 1971 sslkey pem 692 Jun 29 1971 sshdsa pem 66920 Jun 29 1971 user ini 4056 Jun 29 1971 user cpl rw rw r 34633 Jun 29 1971 security cfg 226 Options l1 9 matches total ftp 600 bytes received in 0 00Seconds 600000 00Kbytes sec ftp 400 bytes received in 0 01Seconds 40 00Kbytes sec r rWXrWXrWwWX Se E ad See Ss e p a Sea r rWXrWXrWX rw rw rw PRPRPRPrPRPeR PB COS Oooo eo So The configuration you saved in step 2 is stored in the user ini file Other configuration files stored via
148. t defaults lt disabled enabled gt Load default instead of saved configuration flush lt enabled disabled gt Flush current configuration before loading new one echo lt disabled enabled gt Echo each command string when loaded filename lt string gt Configuration filename Following parameters are available gt load_ip lt no yes gt Allows you to define whether the current IP configuration should be preserved no or the IP configuration as defined in the loaded configuration file should be applied yes If not specified load_ip no gt defaults lt no yes gt Allows you to reset the SpeedTouch to its default configuration yes If not specified defaults no To restore a configuration file do not use this parameter gt flush lt yes no gt Allows you to define whether the SpeedTouch should flush its current configuration before loading the new one yes By default and if not specified flush yes the new loaded configuration is exclusively applied to the SpeedTouch If you specify flush no the new loaded configuration is appended to the existing current configuration The latter may result in an unexpected behaviour of the SpeedTouch gt echo lt no yes gt Allows you to specify whether to echo each command string loaded from the new configuration file yes or not no If not specified echo no gt filename lt string gt Allows you to specify
149. t The serial Console interface See 2 SpeedlTouch Command Line Interface on page 5 for more information Most CLI command groups feature one or more diagnostical commands this chapter provides a brief description of these commands For a full description refer to the SpeedTouch CLI Reference Guide The following CLI commands feature traces connection appconfig dhcp client debug traceconfig dhcp relay debug traceconfig dhcp server debug traceconfig firewall debug traceconfig firewall rule debug traceconfig S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Chapter 11 SpeedTouch Advanced Diagnostics 11 3 2 Lower Layer Diagnostics ADSL The adsl info displays ADSL statistics and information on current SpeedTouch DSL line status Although it is the same command for both SpeedTouch ADSL POTS and ADSL ISDN variants the command features specific output parameters and counters per variant ADSL reporting has been extended to report the unrestricted ADSL bandwidth i e the bandwidth the line would have if the DSLAM would not be configured to limit ADSL bandwidth The partial example below shows ADSL diagnostics for an ADSL ISDN variant gt adsl info Modemstate up Operation Mode G 992 1 Annex B Channel Mode fast Number of resets i Vendor Local Remote Country Of 00 Vendor TMMB VendorSpecific 0000 0000 StandardRevisionNr 00 00 Downstream Upstream Margin dB 9 0
150. t of memory errors 0 gt gt atm debug gstats of received octets 806130 of transmitted octets 806766 of received cells 15210 of transmitted cells 15222 of unknown cells of errors on the input of errors on output 0 ATM OAM The SpeedTouch supports active Operation and Maintenance F4 F5 OAM LoopBack LB and Continuity Checks CC statistics via following commands gt atm oam cc send Sends CC activate deactivate to connection gt atm oam ping Sends ATM loopback cells Below an example is provided of an ATM OAM ping gt atm oam ping dest RtPPPoA count 5 loopback successful sequence 1 time loopback successful sequence time loopback successful sequence time loopback successful sequence time loopback successful sequence time loopback statistics 5 loopbacks transmitted 5 successful 0 loss time 180 ms rtt min avg max 4702 4914 5200 gt S D e d tO U C n E DOC CTC 20051017 0155 v1 0 ATM Auto Configuration via TR 377 ILMI 4 0 E DOC CTC 20051017 0155 v1 0 Chapter 11 SpeedTouch Advanced Diagnostics The ILMI operates between the network and the ATM Network Termination at the customer premises for example the SpeedTouch ILMI 4 0 is supported on VP VC 0 16 Meaning that the VCC or VPC can be provisioned via this management channel The information received via the management channel can be used to dynamically add terminated co
151. t the ACS server text string User name for ACS Digest Authentication text string Password for ACS Digest Authentication Speedtouch m Chapter 8 SpeedTouch Remote Access 112 S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Chapter 9 The Integrated SoeedTouch ISDN Modem 9 The Integrated Speed ouch ISDN Modem Overview This chapter covers the following topics E DOC CTC 20051017 0155 v1 0 Topic About the ISDN Modem How to Configure the ISDN Modem ISDN Backup ISDN Callback ISDN Remote CAPI Speedtouch 114 116 117 124 Chapter 9 The Integrated SoeedTouch ISDN Modem 9 1 About the ISDN Modem Introduction Next tothe DSL Ethernet and Wireless interface the SoeedTouch features an ISDN modem to allow the end user Internet connectivity Scenarios The ISDN modem can be used as gt A stand alone WAN interface to connect to the Internet or corporate network gt A fall back interface for the DSL interface gt Dial in WAN interface for remote access or dial in networking For more information see Fall back Connections with the Integrated ISDN Modem Application Note ISDN software key Itis necessary to enable the ISDN module for full deployment 4 For more information see The Speed Touch 605 608 WL 620 User s i Guide The ISDN modem as The ISDN modem can be configured as follows initiator or responder 4 As Initiator Dial out The SpeedTo
152. tatus No Key Filename Link Teaser IPSec based VPN 16 ISDN module info Software key status No Key Filename Link http www speedtouch Teaser ISDN Backup SIP256 module info Contact your local product dealer for available software module activation Software key status No Key Filename Link http www speedtouch Teaser SIP PBX possibilities 256 Sessions http www speedtouch http www speedtouch com homeprod addon htm 32 Profiles com homeprod addon htm Sessions 4 Profiles com homeprod addon htm Sessions 1 Profile com homeprod addon htm com homeprod addon htm 256 User Agents To allow for a successful activation of software modules no parts of the software addon CLI command group should be changed unless specifically instructed by your Service Provider Speedtouch Chapter 5 SpeedTouch Software Modules Chapter 5 SpeedTouch Software Modules How to Install a software Key How to Back Up the software Keys Disabling software modules on the speedTouch After applying for a software key your ISP should provide you with a software key user name and password Proceed as follows to install and activate the software key via the GUI Go to the software modules page Refer to How to Access the Software Modules Page Click on the software module you want to activate You are taken to the software key request page Copy the text of the software key
153. ted by descending priority severity Code Emergency conditions system unusable Alert conditions immediate action is needed Critical conditions Error conditions err Warning conditions 4 Normal but significant conditions Informational messages Debug level messages 7 speedtouch Chapter 10 SpeedTouch Monitoring Chapter 10 SpeedTouch Monitoring syslog priority facilities Following priority facilities are possible for a syslog message generated by the SpeedTouch The facilities are listed by descending priority Priority Code Kernel messages kern User level messages user Mail system mail 16 System daemons 24 Authorization messages 32 Syslog daemon messages Line Printer subsystem 48 Network news subsystem 56 UUCP subsystem Clock daemon 72 Security messages FTP daemon 88 NTP subsystem Log audit 104 Log alert 112 Clock daemon 120 Local use messages localO local1 local2 local3 local4 local5 local6 local7 D ce d to UC he E DOC CTC 20051017 0155 v1 0 Chapter 10 SpeedTouch Monitoring syslog message bodies The SpeedTouch syslog daemon is internally responsible for collecting and administering messages generated by one or more of its subsystems Following of the SpeedTouch subsystems are able to trigger a message gt v vy yv Y Y Y Y Y Y Y Y Y Y Y Y Y vY wW p Auto PVC module Configuration module DHCP Client module DHCP Relay module DHCP server m
154. the SpeedTouch from port 21 default to port 26 gt service system list name FTP expand enabled Idx Name Protocol DECPOre DstPort Description File Transfer Properties server Attributes state port aclip aclif aclifgroup map log User Managed Attributes state port aclip aclif aclifgroup map log Attribute Values enabled Ip Access List Interface Access List Interface Group Access List lan disabled speedtouch Chapter 8 SpeedTouch Remote Access Chapter 8 SpeedTouch Remote Access 8 6 Remote SFIP Access SFTP Introduction SSH is to be used to establish privacy between 2 network devices It provides a secured layer on top of TCP IP SFTP allows privacy during file transfer sessions SSH authentication The SpeedTouch supports the following authentication methods gt password Password Authentication gt publickey Public Key Based Authentication The user can configure the authentication to be used during SSH session setup this can be done by executing the following CLI command gt ssh config auth password By choosing password authentication is based on username password By choosing public_key authentication is based on public key searching in the database of installed public keys on the SpeedTouch Enableing SFTP The Secure Shell service can be enabled by executing the following CLI command gt ssh config sftp enabled D ce d to UC he E DOC CTC 20051017 0155 v1 0
155. the SpeedTouch file system and how to access it via FTP see 7 The SpeedTouch File System on page 75 The SpeedTouch file system consists of two subdirectories active and dl In the active subdirectory the currently running system software the active software version is stored The dl subdirectory stores the dormant system software the passive software version 4 There are SpeedTouch devices where only the dl directory exist single directory file system In case no SpeedTouch system software upgrade was performed before both active and passive software will be the same Full read write access is only granted tn the dl subdirectory This section covers the following topics 3 2 1 Backup System Software via FTP 3 2 2 Upgrade or Restore System Software via FTP 3 2 3 Manual System Software Management via BOOTP 23 TFTP server S D e d tO U C n E DOC CTC 20051017 0155 v1 0 3 2 1 Introduction Backup procedure E DOC CTC 20051017 0155 v1 0 Chapter 3 SpeedTouch System Software Backup System Software via FTP For backup reasons you can transfer system software files from both Speed Touch s active and dl subdirectories to your local disk To transfer system software files from the SpeedTouch to your local disk as backup proceed as follows step Action Open an FIP session to the SpeedTo
156. ties In SNMPv1 users are represented as communities Therefore they are not visible with the snmp user list command However you can still view them using the snmp securitytogroup list command There are 7 pre defined user groups available for SNMP These levels exist in the MLP structure However since SNMP does not need this many groups some of them have the same default access rights Below is an overview C an This group has read access to the following subtrees 1 3 6 1 2 1 1 System 1 3 6 1 2 1 11 SNMP 1 3 6 1 6 3 10 2 1 SNMP Engine 1 3 6 1 6 3 11 2 1 SNMP MD Stats 1 3 6 1 6 3 15 1 1 Stats This group has no CLI access S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Chapter 10 SpeedTouch Monitoring Power User Has the same rights as User plus additional read access to the following subtrees gt 1 3 6 1 2 1 2 INTERFACES 1 3 6 1 2 1 4 IP 1 3 6 1 2 1 5 ICMP 1 3 6 1 2 1 6 TCP 1 3 6 1 2 1 7 UDP 1 3 6 1 2 1 10 ETHER like ADSL 1 10 94 HDSL 1 10 48 1 3 6 1 2 1 16 RMON 1 3 6 1 2 1 17 BRIDGE 1 3 6 1 2 1 26 MAU 1 3 6 1 2 6 3 10 2 SNMPv2 Framework 1 3 6 1 2 1 16 RMON 1 3 6 1 2 1 80 PING 1 3 6 1 2 1 81 TRACEROUTE This group can use CLI for trap configuration LAN Admin Has the same default rights as Power User WAN Admin This group has the same read rights as User plus additional read access to gt 1 3 6 1 2 1 16 RMON gt 1 3 6 1 2 1 80 PING gt
157. tion the end user is prompted whether or not to trust the server When a web user logs in or tries to log in the SpeedTouch a syslog message is generated This message indicates the user name and the underlying protocol HTTP or HTTPS After negotiating the cipher between the two peers involved in the TLS protocol data is encrypted for further communications The minimum level of security required for the connection is indicated by each peer If the minimum requirement of each peer cannot be achieved the connection is closed Use the following CLI command to see the default HT TPs service configuration gt service system list name HTTPs expand enabled Idx Name Protocol SrcPort DstPort Group 1 HTTPs tcp 443 Description terete sse HTTP web server over ssl PropertieS sess essee server AGLELDUECS 44444444445 aeina State port aclip aclif aclifgroup map log User Managed Attributes state port aclip aclif aclifgroup map log Attribute Values ON io a ar ee ee E E R enabled POR peek eee ee eee eae 443 Ip BCCess tee ieceieeseviaa any Interface Access List any Interface Group Access List lan Map LiSt ss ated Kins Kw tel Se See Row ee 443 THO Cy ATC ee dia ae ana aa aa ARAA AEA disabled S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Configuration via CLI commands E DOC CTC 20051017 0155 v1 0 Chapter 8 SpeedTouch Remote Access To have HTTPs access via WAN additional configuration of
158. to automatically configure the SpeedTouch from a management application running on a PC on the customer premises LAN For more information refer to the DSL Forum s Technical Report TR 064 Architecture The diagram below shows the architecture and protocol stack for TR 064 on the SpeedTouch SpeedTouch Service Provider XML Configuration User Input CPE Management App Configuration Options Itis impossible to configure LAC via the Web interface Only CLI commands can be used How to Configure LAC No configuration is needed for LAC It simply needs to be enabled or disabled From syntax the system prompt use the following command system gt config tr64 disabled enabled tr 6 4auth disabled enabled 5 D aa d to UC he E DOC CTC 20051017 0155 v1 0 Chapter 8 SpeedTouch Remote Access How to Configure LAC The CLI command uses the following parameters tr64 enabled or Enable or disable a 064 disabled Parameter Descripion tr64auth enabled or Enable or disable LAC TR 064 disabled Security E DOC CTC 20051017 0155 v1 0 S D e d tO U C n 107 Chapter 8 SpeedTouch Remote Access 8 8 CPE WAN Management Protocol CVVMP support TR O69 About CVVMP The SpeedTouch supports the DSL Forum s TR 069 Technical Report on CWMP This allows the SpeedTouch to be configured and monitored from a management application running on a remote Auto Configuration Server ACS For
159. uch At the user name prompt enter a user name and at the password prompt if applicable the Password see The Multi Level Access Policy Configuration Guide for more information C gt f tp lt SpeedTouch IP address gt Connected to lt SpeedTouch IP address gt 220 Inactivity timer 120 seconds Use site idle lt secs gt to change User lt SpeedTouch IP address gt none JohnDoe 331 SpeedTouch 00 90 D0 01 02 03 User JohnDoe OK Password required Password 230 OK ftp gt Enter binary file transfer mode Optionally you can enable hashing ftp gt bin 200 TYPE is now 8 bit binary ftp gt hash Hash mark printing On ftp 2048 bytes hash mark ftp gt Change to the SpeedTouch subdirectory from which you want to get the system software file from In the example below the dl subdirectory is chosen where the currently running and usually most recent system software file is stored ftp gt ed dl 250 Changed to dl ftp gt speedtouch Chapter 3 SpeedTouch System Software To identify the system software file name use the quote site software version command ftp gt quote site software version 200 Flash image 5 4 0 10 0 200 Active SW ZZUIAA5 40A 5 4 0 08 0 200 Passive SW ZZUIAA5S 40A 5 4 0 a 0 200 200 CLI command software version executed You can also check for the system software file by making a listing of the subdirectory
160. uch starts the connection gt As Responder Dial in Configure the SpeedTouch as a responder if you want to set up a connection from another device towards the SpeedTouch Security There are 3 ways of securing the ISDN modem of the SpeedTouch gt Reduce the amount of people that can dial in to the SpeedTouch by configuring a group of allowed dial in numbers gt Onahigher layer level it is possible to configure the Stateful inspection firewall to allow a range or one single IP address to dial in to SpeedTouch gt Maintain a smart user policy by configuring users using the multi level SpeedTouch access policy PPP on top of the ISDN The SpeedTouch supports PPP over ISDN PPPol which implies that all the Modem features of a PPP connection are applicable on the SpeedTouch ISDN modem such as dial on demand dod connections which are mostly used for ISDN connections If both an ADSL and ISDN interface are configured make sure to give a o proper value to the doddelay of the ISDN modem For more information see Fall back Connections with the Integrated ISDN Modem Application Note D ce d to UC he E DOC CTC 20051017 0155 v1 0 scenario examples E DOC CTC 20051017 0155 v1 0 Chapter 9 The Integrated SoeedTouch ISDN Modem The following 2 scenarios are examples of using the ISDN modem as a responder gt Dialling in to the SpeedTouch for remote management purposes
161. ut 60 No Ip Timeout 10 Connection Request Port 51005 Periodic Inform enabled Periodic Inform Interval 3600 s Connection Request disabled Connection Request UserName Connection Request PassWord Connection Request Path Connection Request Authentication Qos class Boot delay range between 0 and Similarly to view the CWMP Server configuration enter the following command sequence from the cwmp prompt gt cwmp server gt cwmp server config From the cwmp prompt use the following command to configure the CWMP parameters config state lt disabled enabled gt mode lt read only full gt periodiciInform lt disabled enabled gt periodiciInfiInt lt number gt sessionTimeout lt number gt noIpTimeout lt number gt maxEnvelopes lt number gt connectionReguest lt disabled enabled gt connectionReqPath lt string gt connectionReqUserName lt string gt connectionReqPsswd lt string gt connectionReqAuth lt none basic digest gt qos class lt number gt bootdelayrange lt number gt Speedtouch Chapter 8 SpeedTouch Remote Access How to Configure CVW MP Parameter Descripion The CLI command uses the following parameters state enabled or Enable or disable the a disabled daemon read only or full Set the operational mode of the CWMP daemon to read only or full periodiclInform enabled or Enable or disable
162. v DISCOVER REQUEST DECLINE RELEASE INFORM Pure BOOTP REQUESTS Other message types OFFERS sent ACKs sent NAKs sent Relay agent options dropped Lease table got full no Ol m GO OWN ON CO DEF EF W UO EF WO Ping table got full no Second dhcp server seen no Total size of lease table 256 in use 0 free 100 gt dhcp relay debug stats DHCP relay statistics Client packet relayed Server packet relayed Bogus relay agent Bogus giaddr recv Corrupt agent option Missing agent option Bad circuit id OONrF OF WU Missing circuit id gt S D e d tO U C n E DOC CTC 20051017 0155 v1 0 E DOC CTC 20051017 0155 v1 0 DNS gt dns server debug stats Chapter 11 SpeedTouch Advanced Diagnostics Following DNS server forwarding statistics are available Displays statistics of SpeedTouch s DNS server forwarder gt dns server debug stats Corrupted packets received Local questions resolved Local negative answers sent Total DNS packets forwarded External answers received Spoofed responses Forward table full discard Spurious answers Unknown query types gt Speedtouch 1 5 9 3 8 1 0 1 0 Chapter 11 SpeedTouch Advanced Diagnostics 11 3 4 Routing Diagnostics Firewall Rule To check the operation of the SoeedTouch packet firewall following command is available gt firewall rule debug stats Displays per firewall rule the number of packets
163. ved O 02 01 70 05 00 47 860067 2971 1134 resp received O 02 01 70 05 00 48 870117 2972 1128 resp received O 02 01 70 05 00 49 880114 2973 1108 resp received O 02 01 70 05 00 50 890088 2974 1129 resp received O 02 01 70 05 00 51 900146 2975 1128 resp received O 02 01 70 05 00 52 910103 2976 1123 resp received O 02 01 70 05 00 53 920114 2977 1129 resp received O 02 01 70 05 00 54 929483 2978 1131 resp received O 02 01 70 05 00 55 939495 2979 1153 resp received O 02 01 70 05 00 58 960329 2980 1125 resp received O 02 01 70 05 00 59 969473 2981 1087 resp received O 02 01 70 05 01 00 979445 2982 1073 resp received O 02 01 70 05 01 01 989426 2983 1124 resp received O 02 01 70 05201702 999517 gt S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Chapter 12 SLA Monitoring Traceroute Process Traceroute is usually implemented by transmitting a series of probe packets with increasing time to live values A probe packet is a UDP datagram encapsulated into an IP packet Each hop tn a path to the target destination host rejects the probe packet probe s TTL too small until its time to live value becomes large enough for the probe to be forwarded Each hop in a traceroute path returns an ICMP message that is used to discover the hop and to calculate a round trip time Some systems use ICMP probes ICMP Echo request packets instead of UDP ones to implement traceroute In both cases traceroute relies on the probes being rejected via an ICMP mes
164. w to Configure the PPP Connection ccccccesceeceeseeceeeeeeeaseeeeaeessaseessaeeeesaeeeenes 128 ISDN Remote CAPI 0 ccceeneeeeeee ee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeneeeeneenees 131 Speedtouch Contents Contents 10 10 1 10 1 1 10 1 2 10 2 10 2 1 10 2 2 10 2 3 10 2 4 10 2 5 10 2 6 10 2 7 10 2 8 10 2 9 10 2 10 10 2 11 10 2 12 10 3 10 3 1 10 3 2 10 3 3 10 3 4 10 4 11 11 1 11 2 SpeedTouch Monitoring c ccccsscsessseesseeseeees 133 An Introduction to SNMP 00000000000000020020222 134 BASIC SOC CIS curna n ec wteceearte x teens concert deme det seen eeeeaeene ere a sete eeemeee 135 MIES EDan ase ets es usec O E E ant ueturnecneneate ces 136 SNMP cConfiguration 00cccseceesneeeseneeeeeneeeeeneenseeeeseneenseeeeneenes 139 How to Allow Access to the SNMP Agent ccccccssecceeeseeceseeeseeeesaeeesaaeeessaeeeenes 140 How to View the SNMP Configuration cccccccssscccesseeceeeseceeeeeeeseeeeseeessaeeessaneeeses 141 How to View the System Contact Name and Location scccsseeesseessseeseseeeeaees 142 How to Configure SNMPVv 1 sssise sense aceersiseetoeaarncsendpeavecosadieneessandesumatesionceuecuenteusackuseretes 143 How to Configure the System contact Name and Location cccsssecsseeeseeeesees 145 How to Force the Source IP ACCIreSs ccccsccccssseeceeseeeeeeeeeeaeecesaeeesanseetaeee
165. w to allow a remote SNMP manager to monitor the SpeedTouch To do this add the WAN interface to the service access list Use the following command gt service system ifadd name SNMPV3_AGENT group wan To allow the remote SNMP manager to receive SNMP traps generated by the SpeedTouch no extra configuration is necessary It is however possible to configure which traps are sent to a manager For more information refer to 10 2 12 How to Configure the Traps on page 158 You can also configure authentication for remote access to SNMP For more information refer to 10 2 11 How to Restrict SNMP Access on page 157 Speedtouch 151 Chapter 10 SpeedTouch Monitoring 10 2 10 About SNMP Users Limiting MIB Access Users and Communities SNMP User Groups How to Add an SNMP User SNMP Users allow you to determine which MIBs a specific user is allowed to view or change This is done by adding a user to a user group This user group determines the user s access to the MIBs You can limit the MIBs visible within a defined Read Only RO or Read Write RW Community To do so you need to do the following gt Define the view with the MIBs you want visible gt Define a group to determine the read write notify access gt Define a user and add the user to the group giving that user access to that view The use of Users Views and Groups is defined in SNMPv3 SNMP v1 and SNMPv2 however use communi
166. we Hels ee a disabled Speedtouch 157 Chapter 10 SpeedTouch Monitoring 10 2 12 Procedure How to Set the Message Handling Parameters How to Create a Notify Filter How to Create a Notify Profile Using that Filter How to Create NotifyTags How to Configure the Traps In order to configure which traps are sent where you need to Set the message handling parameters Create a notify filter Create a notify profile using that filter Create notify tags Create a destination for the traps Enable traps If you simply want all tags to be sent steps 2 3 and 4 are not necessary Use the snmp targetparams add command Example snmp targetparams add paramname Trap_params mpmodel v1 securitymodel snmpv1 securityname RWCommunity securitylevel noAuthNoPriv Use the snmp notifyfilter add command Example snmp notifyfilter add profilename Trap_profile subtree iso Use the snmp notifyprofile add command Example snmp notifyprofile add paramname Trap_params profilename Trap_profile Use the snmp notify add command Example snmp notify add name trap_notify_test tag Trap_tag S D eC d tO U C n E DOC CTC 20051017 0155 v1 0 How to Create a Destination for thelTraps How to Enable Traps More Information E DOC CTC 20051017 0155 v1 0 Chapter 10 SpeedTouch Monitoring Use the snmp target add command Example snmp target add name Test_trap_pce add
167. which port has been set as capture port use the following command gt eth switch mirror capture Mirror capture port 4 gt You can now set a port that you want to monitor to on the mirror capture port This can be done for egress traffic packets leaving the modem and ingress traffic packets towards the modem In the example below we will monitor ingress traffic on ethernet port one and egress traffic on ethernet port two Use the following commands gt eth switch mirror ingress port 1 state enabled gt eth switch mirror egress port 2 state enabled All traffic comming in to the modem on ethernet port one will now be mirrored on ethernet port four All traffic leaving the modem on port two will also be mirrored on ethernet port four During port mirroring the capture port can still be used as a normal ethernet port Speedtouch Chapter 11 SpeedTouch Advanced Diagnostics To verify which port is being mirrored ingress or egress use the following commands gt eth switch mirror ingress Ingress mirror port 1 gt eth switch mirror egress Egress mirror port gt When there is no need to mirror traffic to ethernet port four any more you can disable the mirroring by executing the following command gt eth switch mirror ingress port 1 state disabled gt eth switch mirror egress port 2 state disabled S D eC d tO U C n E DOC CTC 20051017 0155 v1 0 11 3 6 SNMP and S
168. will only be shown in case more than one valid system language is stored on the SpeedTouch The system language packs are related to the system software versions D ce d to UC he E DOC CTC 20051017 0155 v1 0 Delete a system language E DOC CTC 20051017 0155 v1 0 Proceed as follows 1 Opens web ronerand goto te Spada Web ans 2 ewmm 3 Open te ngs page vio Home gt SpeedTouch gt Systm Update Click on the Language Packs tab Administrator Save All CLI Help Home gt SpeedTouch gt System Update E r Upload File Configuration Files Lanquage Packs Filename a Language a SI Code Yersion e bg530Csp lng Saschiaans sp 5 3 0 C hosan ww dng wa Pinar g U 5 3 00 lect a language pack to remove it 5 elect the entry at the desired system language and click Delete e Select Saveall to save your changes speedtouch Chapter 4 SpeedTouch Configuration Management Chapter 4 SpeedTouch Configuration Management D ce d to UC he E DOC CTC 20051017 0155 v1 0 speedlouch software module functionality Overview Software modules E DOC CTC 20051017 0155 v1 0 Chapter 5 SpeedTouch Software Modules Speed l ouch Software Modules The SpeedTouch comes by default with an extended set of features to provide end to end connectivity over the DSL line IP Routing RIP Hyper NAT SNMP Syslog DHCP DNS Remote Assistance Game amp Application Sharing UPnP Web
169. wn 7 0 dBm Up 8 5 dBm line Attenuation Down 0 0 dB Up 0 0 dB sor Margin Down 9 0 dB Up 6 0 dB The advantage of offering the syslog Web Interface is that any authenticated user is able to browse the SpeedTouch Web Interface The Syslog page can be used to view the latest event loggings without the need for additional syslog software S D e d tO U C n E DOC CTC 20051017 0155 v1 0 syslog configuration E DOC CTC 20051017 0155 v1 0 Chapter 10 SpeedTouch Monitoring Via the SpeedTouch Syslog page you can also configure the SpeedTouch syslog daemon to send syslog messages to one or more particular host IP addresses This allows dedicated syslog software on the host to collect SoeedTouch syslog messages for immediate notification future reference and event archiving On the SpeedTouch Syslog page select the Configuration tab Facility Severity Destination e all debug 192 165 1 10 e security debug 192 168 1 3 Details Facility The table allows you to overview the hosts configured to receive syslog messages generated by the SpeedTouch To add a host you must type one or more comma separated priority facility type all to send all facilities select a priority severity specify the host s IP address and click Add To enable forwarding of syslog messages to external hosts select Activate In case syslog forwarding is enabled you can disable all syslog forwardin
170. xhops lt number 1 255 gt The upper limit on the number of routers through which a packet can pass dstport lt number 1 65535 gt The UDP destination port number to send to lt number 0 255 gt The max number of consecutive timeouts allowed before terminating a traceroute request lt icmpludp gt The type of traceroute packet s lt disabledlenabled gt Display time in microseconds Example Below is an example of a traceroute command and its reply Administrator gt traceroute addr 25 0 0 1 count 4 101 101 101 1 5731 us 5446 us 5466 us 5789 us 25 0 0 1 6089 us 5779 us 5699 us 6023 us ttl 1 ttl 2 E DOC CTC 20051017 0155 v1 0 Speedtouch 11 3 5 Non intrusive Sniffing E DOC CTC 20051017 0155 v1 0 Chapter 11 SpeedTouch Advanced Diagnostics Ethernet Diagnostics For debugging purposes the SpeedTouch offers a port mirroring feature This means that three out of the four physical ethernet ports can be used for network connections while the remaining ethernet port can be used to connect a sniffing device In this way when there is a network problem a sniffer can be connected without causing any intrusion in the network The first thing to do is to determine which ethernet port will be used for sniffing purposes In the example below ethernet port four will be used Use the following command to set port four as capturing port gt eth switch mirror capture port 4 gt To verify
171. y an existing one Select the content level of your choice Repeat steps 5 to 7 for each entry you want to create in the filtering table Click Apply 5 If not already set select the desired action for uncategorised sites S D e d tO U C n E DOC CTC 20051017 0155 v1 0 Chapter 6 SpeedTouch System Services 6 3 7 How to Create a Content Level How to get a Detailed Proceeds as follows to get a detailed view of an content level View Go to the Web site filtering Overview page Result The Web interface shows a description of the content level as well as full details on which type of content is allowed and which is not a Click on Details How to Edit a Content Proceed as follows to edit an existing Content Level Level Go to the Web site filtering Overview page Select the content level you wish to edit and click the corresponding Edit targeted by the filter To select or de select a content class or subclass click its checkbox Click Apply m Modify the name description and or the content classes or subclasses E DOC CTC 20051017 0155 v1 0 S D e d tO U C n 69 Chapter 6 SpeedTouch System Services How to Create a New Content Level Proceed as follows to create a new content level If you want to Start from a copy of an existing level select Clone an Existing Level Start from a white list everything blocked leaving you to determine which categories are to b
172. your local disk you want to restore on your SpeedTouch To restore the selected SpeedTouch configuration click Restore Configuration Now Click Save or Restore Configuration Backup amp Restore This page enables you to save and restore the configuration of your SpeedTouch Follow instructions below Backup current configuration In order tu store the current configuration of your SpeedTouch click on the Backup Configuration Now button You will be prompted by your web browser to store the configuration file locally on your hard disk Choose a location and store the file on your computer Backup Configuration Now Restore saved configuration You can restore 4 configuration file you have previously stored on your computer Click on Browse choose the configuration file you want to restore on your SpeedTouch and click on Restore Configuration Now to restore the configuration Configuration File Browse Restore Contiguration Now Speedtouch 27 Chapter 4 SpeedTouch Configuration Management Backing up saved Proceed as follows configurations via the Open we bronse ond go te SpeniToxeh Web merae 2 cowemenmed 2 oise aro senecon Open the Update page via Home gt SpeedTouch gt System Update Administrator Save All CLI Help Home gt SpeedTouch gt System Iindate System Configuration faystemupgrade upload rile Configuration tiles fi anquage Packs Specify
173. yslog system E DOC CTC 20051017 0155 v1 0 Chapter 11 SpeedTouch Advanced Diagnostics Management Diagnostics The SpeedTouch Simple Network Management Protocol SNMP and Syslog modules are industry standard management utilities to diagnose the device s status connections etc For a full description of the SpeedTouch SNMP module and Syslog see 10 1 An Introduction to SNMP on page 134 and 10 3 The SpeedTouch Syslog on page 160 To monitor the SpeedTouch physical status following command is available gt system debug stats Displays SpeedTouch cpu and memory statistics gt system debug stats Cpu statistics Maximum Minimum cpu Average cpu Current cpu Memory statistics CHIP memory total used free min in KB 2815 1815 1000 1000 Application memory total used free min in KB 17804 3200 14603 14555 gt speedtouch Chapter 11 SpeedTouch Advanced Diagnostics D ce d to UC he E DOC CTC 20051017 0155 v1 0 12 Introduction Ping Process SLA Ping Configuration E DOC CTC 20051017 0155 v1 0 Chapter 12 SLA Monitoring SOLA Monitoring The SpeedTouch supports Service Level Agreement OQoS monitoring ona continuous basis An extended ping or trace route process can be started from the SpeedTouch to another node in the worldwide IP network to measure the QoS round trip delay packet loss jitter availability routing stability
174. ystem Services The system rtc settime CLI command allows you to overview the current real time clock settings and to configure them gt system rtc settime date 04 07 2003 time 10 34 55 timezone 01 00 daylightsaving off gt You can also use this CLI command to manually set the SpeedTouch internal real time clock gt help system rtc settime Set Get date time timezone daylight savings time Syntax settime date lt dd mm yyyy gt time lt hh mm ss gt timezone lt or hh mm gt daylightsaving lt disabled enabled gt Parameters date lt dd mm yyyy gt Set the system date time lt hh mm ss gt Set the system time timezone lt or hh mm gt Set the system timezone 12 00 14 00 15 minute resolution daylightsaving lt disabled enabled gt Enable Disable daylight saving SNTP via the CLI The SpeedTouch SNTP client is configured via the sntp CLI command group E DOC CTC 20051017 0155 v1 0 gt sntp help Following commands are available add Add NTP server list List the NTP servers delete Delete NTP server from list flush Flush NTP server list and SNTP client configuration config Modify Display configuration You can use the following commands gt sntp list List the configured NTP servers gt sntp add and sntp delete Add or delete NTP servers gt sntp config Enable disable the SpeedTouch SNTP client
175. ze secdns ip address IP address of the secondary dns server idletime numeric If the connection is idle for this amount of time the link is disconnected idletrigger Tx or Rx Idle time is trigered on either transmission side Tx or receive side Rx Speedtouch 123 Chapter 9 The Integrated SoeedTouch ISDN Modem 9 4 ISDN Backup ISDN Callback More Information Dial In Modes Configuring Callback ISDN Callback The SpeedTouch has an ISDN interface that can be used to create an ISDN backup for the ADSL line The process is shown in the diagram below When the ADSL line fails the SoeedTouch establishes a dial in connection towards the ISDN network A PPP connection is then established over this ISDN connection which takes over the traffic from the failed ADSL line If the SpeedTouch establishes the ISDN connection from the user end the user will be charged with the connection cost To avoid this it is possible to use the callback option if the other end supports it The SpeedTouch establishes a dial in connection and provides all necessary information and disconnects The system then waits for a callback to establish the ISDN connection over which the PPP connection is established This is typical for connections which are governed by an Service Level Agreement SLA For more information refer to the WAN Fallback Application Note The dial in connection line can operate in one of
Download Pdf Manuals
Related Search